Changeset 2226072
- Timestamp:
- 01/12/2020 01:14:11 PM (6 years ago)
- Location:
- user-meta/trunk
- Files:
-
- 14 edited
-
controllers/AdminAjaxController.php (modified) (6 diffs)
-
controllers/PreloadsController.php (modified) (3 diffs)
-
helpers/functions.php (modified) (1 diff)
-
lib/models/LibWPSupportsModel.php (modified) (3 diffs)
-
models/AjaxModel.php (modified) (1 diff)
-
models/classes/File.php (modified) (2 diffs)
-
models/classes/Login.php (modified) (4 diffs)
-
models/classes/RouteResponse.php (modified) (1 diff)
-
models/classes/builder/FieldBuilder.php (modified) (3 diffs)
-
models/classes/generate/FormGenerate.php (modified) (1 diff)
-
user-meta.php (modified) (1 diff)
-
vendor/autoload.php (modified) (1 diff)
-
vendor/composer/autoload_real.php (modified) (5 diffs)
-
vendor/composer/autoload_static.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
user-meta/trunk/controllers/AdminAjaxController.php
r2221892 r2226072 50 50 51 51 if (! empty($_POST['field_type'])) { 52 $arg = $ _POST;52 $arg = $this->sanitizeInputs($_POST); 53 53 $arg['is_new'] = true; 54 54 $fieldBuilder = new FieldBuilder($arg); … … 86 86 } 87 87 } elseif (! empty($_POST['field_type'])) { 88 $arg = $ _POST;88 $arg = $this->sanitizeInputs($_POST); 89 89 $arg['is_new'] = true; 90 90 $fieldBuilder = new FieldBuilder($arg); … … 102 102 103 103 if (isset($_POST['field_type']) && isset($_POST['id']) && $_POST['editor']) { 104 $field = $ _POST;104 $field = $this->sanitizeInputs($_POST); 105 105 $fieldBuilder = new FieldBuilder($field); 106 106 $fieldBuilder->setEditor(sanitize_key($_POST['editor'])); … … 117 117 118 118 $fields = array(); 119 if (isset($_POST['fields'])) 119 if (isset($_POST['fields'])) { 120 120 $fields = $userMeta->arrayRemoveEmptyValue($_POST['fields']); 121 } 121 122 122 123 $formBuilder = new FormBuilder(); … … 223 224 224 225 $fields = $formBuilder->getSharedFields(); 225 226 $form = $_POST;227 226 228 227 $form = stripslashes_deep($_POST); … … 288 287 die(); 289 288 } 289 290 /** 291 * Sanitize Inputs 292 * 293 * @todo Refactor and move to utils 294 * @param array $inputs 295 * @return array 296 */ 297 private function sanitizeInputs($inputs = []) 298 { 299 $sanitizeCallbacks = [ 300 'id' => 'sanitize_key', 301 'field_type' => 'sanitize_key' 302 ]; 303 $data = []; 304 foreach ($inputs as $key => $value) { 305 if (is_array($value)) { 306 $sanitizedValue = $this->sanitizeInputs($value); 307 } else { 308 if (! empty($sanitizeCallbacks[$key])) { 309 $sanitizedValue = call_user_func($sanitizeCallbacks[$key], $value); 310 } 311 $sanitizedValue = sanitize_text_field($value); 312 } 313 $data[sanitize_key($key)] = $sanitizedValue; 314 } 315 316 return $data; 317 } 290 318 } -
user-meta/trunk/controllers/PreloadsController.php
r2218746 r2226072 94 94 'checkForUpdate' 95 95 )); 96 } else {97 add_action('user_meta_schedule_event', [98 $this,99 'retrievePromotionalMessages'100 ]);101 add_action('user_meta_admin_notices', [102 $this,103 'showPromotionalMessage'104 ]);105 96 } 106 97 } … … 177 168 178 169 /** 179 * Showing offer for lite version as admin_notice180 */181 public function showPromotionalMessage()182 {183 $messages = getRemoteMessages();184 if (! empty($messages['promotional_message_lite'])) {185 echo adminNotice($messages['promotional_message_lite'], 'info');186 }187 }188 189 /**190 * Retrieve promotional messages by user_meta_schedule_event191 */192 public function retrievePromotionalMessages()193 {194 retrieveRemoteMessages();195 }196 197 /**198 170 * Run on the plugin activation 199 171 */ … … 240 212 241 213 // Call method when need to trigger. Store process status to $userMeta->process_status for further showing message. 242 $methodName = $_POST['method_name'];214 $methodName = sanitize_key($_POST['method_name']); 243 215 $postMethodName = 'post' . ucwords($methodName); 244 216 // $userMeta->um_post_method_status->$methodName = $userMeta->$postMethodName(); -
user-meta/trunk/helpers/functions.php
r2218746 r2226072 222 222 } 223 223 } 224 225 /**226 * Get messages from transient originated https://user-meta.com227 *228 * @return array229 */230 function getRemoteMessages()231 {232 return get_site_transient('user_meta_remote_messages');233 }234 235 /**236 * Retrieve messages from https://user-meta.com237 */238 function retrieveRemoteMessages()239 {240 global $userMeta;241 try {242 $url = $userMeta->website . '/wp-json/api/v1/promotional-message/';243 $offer = wp_remote_retrieve_body(wp_remote_get($url));244 $offer = json_decode($offer, true);245 if ($offer)246 set_site_transient('user_meta_remote_messages', $offer, 60 * 60 * 24);247 } catch (\Exception $e) {}248 } -
user-meta/trunk/lib/models/LibWPSupportsModel.php
r2218746 r2226072 21 21 die('Security check: empty nonce'); 22 22 23 $nonce = $_REQUEST['pf_nonce'];23 $nonce = sanitize_text_field($_REQUEST['pf_nonce']); 24 24 $nonceText = $pfInstance->settingsArray('nonce'); 25 25 if (! wp_verify_nonce($nonce, $nonceText)) … … 63 63 die('Security check: empty nonce'); 64 64 65 $nonce = $_REQUEST['_wpnonce'];65 $nonce = sanitize_text_field($_REQUEST['_wpnonce']); 66 66 $nonceText = 'pf' . ucwords(str_replace('ajax', '', $methodName)); 67 67 … … 226 226 return new \WP_Error('no_field', __('No file upload field found!', $pfInstance->name)); 227 227 228 $file = $_FILES[$fieldName];228 $file = sanitize_text_field($_FILES[$fieldName]); 229 229 230 230 $size = $file['size']; -
user-meta/trunk/models/AjaxModel.php
r2218746 r2226072 75 75 } 76 76 77 $response[] = $_REQUEST['fieldId'];77 $response[] = sanitize_key($_REQUEST['fieldId']); 78 78 $response[] = isset($status) ? $status : true; 79 79 $response[] = isset($msg) ? esc_html($msg) : null; -
user-meta/trunk/models/classes/File.php
r2218746 r2226072 283 283 if (file_exists(WP_CONTENT_DIR . '/uploads' . $fileSubPath)) { 284 284 $file['path'] = WP_CONTENT_DIR . '/uploads' . $fileSubPath; 285 $file['url'] = trailingslashit($siteurl) . 'wp-content/uploads' . $fileSubPath;285 $file['url'] = WP_CONTENT_URL . '/uploads' . $fileSubPath; 286 286 return $file; 287 287 } … … 291 291 if (file_exists(WP_CONTENT_DIR . "/blogs.dir/{$blogId}/files" . $fileSubPath)) { 292 292 $file['path'] = WP_CONTENT_DIR . "/blogs.dir/{$blogId}/files" . $fileSubPath; 293 $file['url'] = trailingslashit($siteurl) . "wp-content/blogs.dir/{$blogId}/files" . $fileSubPath;293 $file['url'] = WP_CONTENT_URL . "/blogs.dir/{$blogId}/files" . $fileSubPath; 294 294 return $file; 295 295 } -
user-meta/trunk/models/classes/Login.php
r2218746 r2226072 251 251 $user = apply_filters('wp_login_errors', $user, ''); // $errors = $user, $redirect_to = '' 252 252 } 253 253 254 254 $reloadCaptchaJs = ''; 255 255 if (function_exists('\UserMeta\reloadCaptcha')) { 256 256 $reloadCaptchaJs = reloadCaptcha(); 257 257 } 258 258 259 259 $output = $userMeta->showError($user->get_error_message() . $reloadCaptchaJs, false); 260 260 } … … 284 284 285 285 if (empty($creds['user_pass'])) { 286 if (isset($_ REQUEST['pwd']))287 $userPass = $_ REQUEST['pwd'];288 elseif (isset($_ REQUEST['user_pass']))289 $userPass = $_ REQUEST['user_pass'];286 if (isset($_POST['pwd'])) 287 $userPass = $_POST['pwd']; 288 elseif (isset($_POST['user_pass'])) 289 $userPass = $_POST['user_pass']; 290 290 } else 291 291 $userPass = $creds['user_pass']; 292 292 293 $remember = ! empty($creds['remember']) ? $creds['remember'] : @$_ REQUEST['rememberme'];293 $remember = ! empty($creds['remember']) ? $creds['remember'] : @$_POST['rememberme']; 294 294 295 295 $user = wp_authenticate($userName, $userPass); … … 373 373 $redirect_to = $userMeta->getRedirectionUrl($redirect_to, 'login', $role); 374 374 375 if ($userMeta->isHookEnable('login_redirect')) { 376 $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) 377 ? esc_url_raw($_REQUEST['redirect_to']) : '', $user); 378 } 379 375 if ($userMeta->isHookEnable('login_redirect')) { 376 $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? esc_url_raw($_REQUEST['redirect_to']) : '', $user); 377 } 380 378 381 379 $user->redirect_to = $redirect_to; … … 394 392 $userLogin = sanitize_user($_REQUEST['log']); 395 393 elseif (isset($_REQUEST['user_login'])) 396 $userLogin = sanitize_user($_REQUEST['user_login']);394 $userLogin = sanitize_user($_REQUEST['user_login']); 397 395 elseif (isset($_REQUEST['user_email'])) 398 $userLogin = sanitize_email($_REQUEST['user_email']);396 $userLogin = sanitize_email($_REQUEST['user_email']); 399 397 400 398 if ($loginBy == 'user_login_or_email') { -
user-meta/trunk/models/classes/RouteResponse.php
r2218746 r2226072 92 92 die(__('Security check: Empty nonce', 'user-meta')); 93 93 94 $nonce = $_REQUEST['_wpnonce'];94 $nonce = sanitize_text_field($_REQUEST['_wpnonce']); 95 95 if (! wp_verify_nonce($nonce, $this->nonceAction($nonceText))) 96 96 die(__('Security check: Nonce missmatch', 'user-meta')); -
user-meta/trunk/models/classes/builder/FieldBuilder.php
r2221892 r2226072 289 289 'v2_site_key' => [ 290 290 'label' => __('Site Key (V2)', $userMeta->name), 291 'info' => __('reCAPTCHA site key is required for using Captcha validation. Get keys for free from the Captcha Link ',291 'info' => __('reCAPTCHA site key is required for using Captcha validation. Get keys for free from the Captcha Link below', 292 292 $userMeta->name) 293 293 ], 294 294 'v2_secret_key' => [ 295 295 'label' => __('Secret Key (V2)', $userMeta->name), 296 'info' => __('reCAPTCHA secret key is required for using Captcha validation. Get keys for free from the Captcha Link ',296 'info' => __('reCAPTCHA secret key is required for using Captcha validation. Get keys for free from the Captcha Link below', 297 297 $userMeta->name) 298 298 ], 299 299 'v3_site_key' => [ 300 300 'label' => __('Site Key (V3)', $userMeta->name), 301 'info' => __('reCAPTCHA site key is required for using Captcha validation. Get keys for free from the Captcha Link ',301 'info' => __('reCAPTCHA site key is required for using Captcha validation. Get keys for free from the Captcha Link below', 302 302 $userMeta->name) 303 303 ], 304 304 'v3_secret_key' => [ 305 305 'label' => __('Secret Key (V3)', $userMeta->name), 306 'info' => __('reCAPTCHA secret key is required for using Captcha validation. Get keys for free from the Captcha Link ',306 'info' => __('reCAPTCHA secret key is required for using Captcha validation. Get keys for free from the Captcha Link below', 307 307 $userMeta->name) 308 308 ], … … 327 327 'placeholder' => __('(e.g. en) Leave blank for auto detection', $userMeta->name), 328 328 'info' => __('(e.g. en) Leave blank for auto detection', $userMeta->name) 329 ], 330 'captcha_signup' => [ 331 'type' => 'button', 332 'label' => __('Get reCaptcha Keys', $userMeta->name), 333 'value' => __('Captcha Sign Up / Dashboard', $userMeta->name), 334 'onclick' => "(function(){ window.open('https://www.google.com/recaptcha/admin', '_blank'); return false; }) (); return false;", 335 'info' => __('User Meta Pro uses reCAPTCHA as Captcha field. reCAPTCHA site key and secret key are required for using Captcha validation.Get these keys for free.', 336 $userMeta->name) 329 337 ], 330 338 'resize_image' => array( … … 1222 1230 'captcha_theme', 1223 1231 'captcha_type', 1224 'captcha_lang' 1232 'captcha_lang', 1233 'captcha_signup' 1225 1234 ), array( 1226 1235 array( -
user-meta/trunk/models/classes/generate/FormGenerate.php
r2218746 r2226072 135 135 if (empty($userMeta->showDataFromDB)) { 136 136 if (isset($_POST[$fieldName])) 137 $fieldValue = $_POST[$fieldName];137 $fieldValue = sanitize_text_field($_POST[$fieldName]); 138 138 } 139 139 -
user-meta/trunk/user-meta.php
r2221036 r2226072 4 4 * Plugin URI: https://user-meta.com 5 5 * Description: A well designed, features reached and easy to use user management plugin. 6 * Version: 2.0 rc16 * Version: 2.0 7 7 * Requires at least: 4.7 8 8 * Requires PHP: 5.6.0 -
user-meta/trunk/vendor/autoload.php
r2221892 r2226072 5 5 require_once __DIR__ . '/composer/autoload_real.php'; 6 6 7 return ComposerAutoloaderInit 6851ead06e36f02ee523b4b57c12c7f3::getLoader();7 return ComposerAutoloaderInita5f9f1d5b7e0671492c6ae833c41d13a::getLoader(); -
user-meta/trunk/vendor/composer/autoload_real.php
r2221892 r2226072 3 3 // autoload_real.php @generated by Composer 4 4 5 class ComposerAutoloaderInit 6851ead06e36f02ee523b4b57c12c7f35 class ComposerAutoloaderInita5f9f1d5b7e0671492c6ae833c41d13a 6 6 { 7 7 private static $loader; … … 20 20 } 21 21 22 spl_autoload_register(array('ComposerAutoloaderInit 6851ead06e36f02ee523b4b57c12c7f3', 'loadClassLoader'), true, true);22 spl_autoload_register(array('ComposerAutoloaderInita5f9f1d5b7e0671492c6ae833c41d13a', 'loadClassLoader'), true, true); 23 23 self::$loader = $loader = new \Composer\Autoload\ClassLoader(); 24 spl_autoload_unregister(array('ComposerAutoloaderInit 6851ead06e36f02ee523b4b57c12c7f3', 'loadClassLoader'));24 spl_autoload_unregister(array('ComposerAutoloaderInita5f9f1d5b7e0671492c6ae833c41d13a', 'loadClassLoader')); 25 25 26 26 $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); … … 28 28 require_once __DIR__ . '/autoload_static.php'; 29 29 30 call_user_func(\Composer\Autoload\ComposerStaticInit 6851ead06e36f02ee523b4b57c12c7f3::getInitializer($loader));30 call_user_func(\Composer\Autoload\ComposerStaticInita5f9f1d5b7e0671492c6ae833c41d13a::getInitializer($loader)); 31 31 } else { 32 32 $map = require __DIR__ . '/autoload_namespaces.php'; … … 49 49 50 50 if ($useStaticLoader) { 51 $includeFiles = Composer\Autoload\ComposerStaticInit 6851ead06e36f02ee523b4b57c12c7f3::$files;51 $includeFiles = Composer\Autoload\ComposerStaticInita5f9f1d5b7e0671492c6ae833c41d13a::$files; 52 52 } else { 53 53 $includeFiles = require __DIR__ . '/autoload_files.php'; 54 54 } 55 55 foreach ($includeFiles as $fileIdentifier => $file) { 56 composerRequire 6851ead06e36f02ee523b4b57c12c7f3($fileIdentifier, $file);56 composerRequirea5f9f1d5b7e0671492c6ae833c41d13a($fileIdentifier, $file); 57 57 } 58 58 … … 61 61 } 62 62 63 function composerRequire 6851ead06e36f02ee523b4b57c12c7f3($fileIdentifier, $file)63 function composerRequirea5f9f1d5b7e0671492c6ae833c41d13a($fileIdentifier, $file) 64 64 { 65 65 if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { -
user-meta/trunk/vendor/composer/autoload_static.php
r2221892 r2226072 5 5 namespace Composer\Autoload; 6 6 7 class ComposerStaticInit 6851ead06e36f02ee523b4b57c12c7f37 class ComposerStaticInita5f9f1d5b7e0671492c6ae833c41d13a 8 8 { 9 9 public static $files = array ( … … 43 43 { 44 44 return \Closure::bind(function () use ($loader) { 45 $loader->prefixLengthsPsr4 = ComposerStaticInit 6851ead06e36f02ee523b4b57c12c7f3::$prefixLengthsPsr4;46 $loader->prefixDirsPsr4 = ComposerStaticInit 6851ead06e36f02ee523b4b57c12c7f3::$prefixDirsPsr4;45 $loader->prefixLengthsPsr4 = ComposerStaticInita5f9f1d5b7e0671492c6ae833c41d13a::$prefixLengthsPsr4; 46 $loader->prefixDirsPsr4 = ComposerStaticInita5f9f1d5b7e0671492c6ae833c41d13a::$prefixDirsPsr4; 47 47 48 48 }, null, ClassLoader::class);
Note: See TracChangeset
for help on using the changeset viewer.