Changeset 2512006
- Timestamp:
- 04/09/2021 08:46:53 AM (5 years ago)
- Location:
- wp-hr-manager/trunk
- Files:
-
- 20 edited
-
includes/admin/class-ajax.php (modified) (5 diffs)
-
includes/admin/class-setup-wizard.php (modified) (1 diff)
-
includes/functions.php (modified) (2 diffs)
-
modules/hrm/includes/admin/class-menu.php (modified) (3 diffs)
-
modules/hrm/includes/class-ajax.php (modified) (50 diffs)
-
modules/hrm/includes/class-employee.php (modified) (1 diff)
-
modules/hrm/includes/class-form-handler.php (modified) (1 diff)
-
modules/hrm/includes/functions-employee.php (modified) (2 diffs)
-
modules/hrm/includes/functions-leave.php (modified) (9 diffs)
-
modules/hrm/views/employee/tab-general.php (modified) (1 diff)
-
modules/hrm/views/employee/tab-job.php (modified) (2 diffs)
-
modules/hrm/views/employee/tab-performance.php (modified) (1 diff)
-
modules/hrm/views/js-templates/compensation.php (modified) (1 diff)
-
modules/hrm/views/js-templates/employee-terminate.php (modified) (1 diff)
-
modules/hrm/views/js-templates/job-info.php (modified) (1 diff)
-
modules/hrm/views/js-templates/performance-comments.php (modified) (1 diff)
-
modules/hrm/views/js-templates/performance-reviews.php (modified) (1 diff)
-
modules/wp-hr-frontend/templates/employee-profile/employee-profile.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
wp-hr-manager.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wp-hr-manager/trunk/includes/admin/class-ajax.php
r2485387 r2512006 143 143 $this->verify_nonce( 'wp-wphr-hr-nonce' ); 144 144 145 $log_id = sanitize_text_field( intval( $_POST['id'] ) );145 $log_id = intval( sanitize_text_field( $_POST['id'] ) ); 146 146 147 147 if ( ! $log_id ) { … … 491 491 $this->verify_nonce( 'wphr-api-key' ); 492 492 493 $id = isset( $_POST['id'] ) ? sanitize_text_field( intval( $_POST['id'] ) ) : 0;493 $id = isset( $_POST['id'] ) ? intval( sanitize_text_field( $_POST['id'] ) ) : 0; 494 494 495 495 if ( $id ) { … … 498 498 $api_key->update( [ 499 499 'name' => sanitize_text_field( $_POST['name'] ), 500 'user_id' => sanitize_text_field( intval( $_POST['user_id'] ) ),500 'user_id' => intval( sanitize_text_field( $_POST['user_id'] ) ), 501 501 ] ); 502 502 … … 508 508 'api_key' => 'ck_' . wphr_generate_key(), 509 509 'api_secret' => 'cs_' . wphr_generate_key(), 510 'user_id' => sanitize_text_field( intval( $_POST['user_id'] ) ),510 'user_id' => intval( sanitize_text_field( $_POST['user_id'] ) ), 511 511 'created_at' => current_time( 'mysql' ), 512 512 ]; … … 525 525 $this->verify_nonce( 'wphr-nonce' ); 526 526 527 $id = isset( $_POST['id'] ) ? sanitize_text_field( intval( $_POST['id'] ) ) : 0;527 $id = isset( $_POST['id'] ) ? intval( sanitize_text_field( $_POST['id'] ) ) : 0; 528 528 529 529 if ( $id ) { -
wp-hr-manager/trunk/includes/admin/class-setup-wizard.php
r2485387 r2512006 347 347 check_admin_referer( 'wphr-setup' ); 348 348 349 $departments = array_map( 'sanitize_text_field',$_POST['departments'] );349 $departments = custom_sanitize_array( $_POST['departments'] ); 350 350 351 351 if ( $departments ) { -
wp-hr-manager/trunk/includes/functions.php
r2485387 r2512006 683 683 $format = wphr_get_option( 'date_format', 'wphr_settings_general', 'd-m-Y' ); 684 684 } 685 685 686 686 $time = strtotime( $date ); 687 687 if( $time < 0 ){ … … 1968 1968 1969 1969 if ( isset( $_REQUEST['imported'] ) ) { 1970 if ( sanitize_text_field( intval($_REQUEST['imported'] ) ) == 0 ) {1970 if ( intval( sanitize_text_field ($_REQUEST['imported'] ) ) == 0 ) { 1971 1971 $message = __( 'Nothing to import or items are already exists.', 'wphr' ); 1972 1972 echo "<div class='notice error'><p>{$message}</p></div>"; -
wp-hr-manager/trunk/modules/hrm/includes/admin/class-menu.php
r2485387 r2512006 210 210 { 211 211 $action = ( isset( $_GET['action'] ) ? sanitize_text_field($_GET['action']) : 'list' ); 212 $id = ( isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : 0 ); 212 $id = ( isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : 0 ); 213 switch ( $action ) { 214 case 'view': 215 $employee = new Employee( intval( $id ) ); 216 if ( !$employee->id ) { 217 wp_die( __( 'Employee not found!', 'wphr' ) ); 218 } 219 $template = WPHR_HRM_VIEWS . '/employee/single.php'; 220 break; 221 default: 222 $template = WPHR_HRM_VIEWS . '/employee.php'; 223 break; 224 } 225 $template = apply_filters( 226 'wphr_hr_employee_templates', 227 $template, 228 $action, 229 $id 230 ); 231 if ( file_exists( $template ) ) { 232 include $template; 233 } 234 } 235 236 /** 237 * Employee my profile page template 238 * 239 * @since 0.1 240 * 241 * @return void 242 */ 243 public function employee_my_profile_page() 244 { 245 $action = ( isset( $_GET['action'] ) ? sanitize_text_field($_GET['action']) : 'view' ); 246 $id = ( isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : intval( get_current_user_id() ) ); 213 247 switch ( $action ) { 214 248 case 'view': … … 220 254 break; 221 255 default: 222 $template = WPHR_HRM_VIEWS . '/employee.php';223 break;224 }225 $template = apply_filters(226 'wphr_hr_employee_templates',227 $template,228 $action,229 $id230 );231 if ( file_exists( $template ) ) {232 include $template;233 }234 }235 236 /**237 * Employee my profile page template238 *239 * @since 0.1240 *241 * @return void242 */243 public function employee_my_profile_page()244 {245 $action = ( isset( $_GET['action'] ) ? sanitize_text_field($_GET['action']) : 'view' );246 $id = ( isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : intval( get_current_user_id() ) );247 switch ( $action ) {248 case 'view':249 $employee = new Employee( $id );250 if ( !$employee->id ) {251 wp_die( __( 'Employee not found!', 'wphr' ) );252 }253 $template = WPHR_HRM_VIEWS . '/employee/single.php';254 break;255 default:256 256 $template = WPHR_HRM_VIEWS . '/employee/single.php'; 257 257 break; … … 281 281 { 282 282 $action = ( isset( $_GET['action'] ) ? sanitize_text_field($_GET['action']) : 'list' ); 283 $id = ( isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : 0 );283 $id = ( isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : 0 ); 284 284 switch ( $action ) { 285 285 case 'view': -
wp-hr-manager/trunk/modules/hrm/includes/class-ajax.php
r2485387 r2512006 120 120 } 121 121 122 $request_id = isset($_POST['leave_request_id']) ? sanitize_text_field( intval($_POST['leave_request_id']) ) : 0;122 $request_id = isset($_POST['leave_request_id']) ? intval(sanitize_text_field( $_POST['leave_request_id']) ) : 0; 123 123 $comments = isset($_POST['reason']) ? sanitize_text_field($_POST['reason']) : ''; 124 124 … … 148 148 } 149 149 150 $holiday = wphr_hr_delete_holidays(array('id' => sanitize_text_field( intval($_POST['id']))));150 $holiday = wphr_hr_delete_holidays(array('id' => intval( sanitize_text_field($_POST['id'])))); 151 151 $this->send_success(); 152 152 } … … 290 290 } 291 291 292 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;293 $user_id = isset($_POST['user_id']) ? sanitize_text_field( intval($_POST['user_id'] ) ) : 0;294 $policy_id = isset($_POST['policy_id']) ? sanitize_text_field( intval($_POST['policy_id']) ) : 0;292 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 293 $user_id = isset($_POST['user_id']) ? intval(sanitize_text_field($_POST['user_id'] ) ) : 0; 294 $policy_id = isset($_POST['policy_id']) ? intval(sanitize_text_field($_POST['policy_id']) ) : 0; 295 295 296 296 if ($id && $user_id && $policy_id) { … … 338 338 $this->verify_nonce('wp-wphr-hr-nonce'); 339 339 340 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;340 $id = isset($_POST['id']) ? intval( sanitize_text_field( $_POST['id'] ) ) : 0; 341 341 342 342 if ($id) { … … 366 366 $emp_profile_label = isset($_POST['emp_profile_label']) ? sanitize_text_field( $_POST['emp_profile_label'] ) : ''; 367 367 $desc = isset($_POST['dept-desc']) ? sanitize_text_field( $_POST['dept-desc'] ) : ''; 368 $dept_id = isset($_POST['dept_id']) ? sanitize_text_field( intval($_POST['dept_id']) ) : 0;369 $lead = isset($_POST['lead']) ? sanitize_text_field( intval($_POST['lead']) ) : 0;370 $parent = isset($_POST['parent']) ? sanitize_text_field( intval($_POST['parent']) ): 0;368 $dept_id = isset($_POST['dept_id']) ? intval( sanitize_text_field( $_POST['dept_id']) ) : 0; 369 $lead = isset($_POST['lead']) ? intval( sanitize_text_field($_POST['lead']) ) : 0; 370 $parent = isset($_POST['parent']) ? intval( sanitize_text_field ($_POST['parent']) ): 0; 371 371 372 372 // on update, ensure $parent != $dept_id … … 410 410 } 411 411 412 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;412 $id = isset($_POST['id']) ? intval( sanitize_text_field( $_POST['id']) ) : 0; 413 413 if ($id) { 414 414 $deleted = wphr_hr_delete_department($id); … … 439 439 $title = isset($_POST['title']) ? sanitize_text_field( $_POST['title'] ) : ''; 440 440 $desc = isset($_POST['desig-desc']) ? sanitize_text_field( $_POST['desig-desc'] ) : ''; 441 $desig_id = isset($_POST['desig_id']) ? sanitize_text_field( intval($_POST['desig_id']) ) : 0;441 $desig_id = isset($_POST['desig_id']) ? intval(sanitize_text_field($_POST['desig_id']) ) : 0; 442 442 443 443 $desig_id = wphr_hr_create_designation(array( … … 466 466 $this->verify_nonce('wp-wphr-hr-nonce'); 467 467 468 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;468 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 469 469 470 470 if ($id) { … … 489 489 } 490 490 491 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;491 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 492 492 if ($id) { 493 493 // @TODO: check permission … … 517 517 unset($_POST['action']); 518 518 519 $posted = array_map('sanitize_text_field', $_POST); 519 //$posted = array_map('sanitize_text_field', $_POST); 520 $posted = custom_sanitize_array($_POST); 520 521 521 522 $posted['type'] = 'customer'; … … 533 534 534 535 $employee_id = wphr_hr_employee_create($posted); 535 // print_r($employee_id); 536 // die(); 536 537 537 if (is_wp_error($employee_id)) { 538 538 $this->send_error($employee_id->get_error_message()); … … 544 544 $employee = new Employee($employee_id); 545 545 $data = $employee->to_array(); 546 // print_r($employee); 547 // die(); 546 548 547 $data['work']['joined'] = $employee->get_joined_date(); 549 548 $data['work']['type'] = $employee->get_type(); … … 571 570 $this->verify_nonce('wp-wphr-hr-nonce'); 572 571 573 $employee_id = isset($_REQUEST['id']) ? sanitize_text_field( intval($_REQUEST['id']) ) : 0;572 $employee_id = isset($_REQUEST['id']) ? intval(sanitize_text_field($_REQUEST['id']) ) : 0; 574 573 $user = get_user_by('id', $employee_id); 575 574 … … 597 596 } 598 597 599 $employee_id = isset($_REQUEST['id']) ? sanitize_text_field( intval($_REQUEST['id']) ) : 0;600 $hard = isset($_REQUEST['hard']) ? sanitize_text_field( intval($_REQUEST['hard']) ) : 0;598 $employee_id = isset($_REQUEST['id']) ? intval(sanitize_text_field($_REQUEST['id']) ) : 0; 599 $hard = isset($_REQUEST['hard']) ? intval(sanitize_text_field($_REQUEST['hard']) ) : 0; 601 600 $user = get_user_by('id', $employee_id); 602 601 … … 625 624 global $wpdb; 626 625 627 $employee_id = isset($_REQUEST['id']) ? sanitize_text_field( intval($_REQUEST['id']) ) : 0;626 $employee_id = isset($_REQUEST['id']) ? intval(sanitize_text_field($_REQUEST['id']) ) : 0; 628 627 $user = get_user_by('id', $employee_id); 629 628 … … 647 646 $this->verify_nonce('employee_update_employment'); 648 647 649 $employee_id = isset($_REQUEST['employee_id']) ? sanitize_text_field( intval($_REQUEST['employee_id']) ) : 0;648 $employee_id = isset($_REQUEST['employee_id']) ? intval(sanitize_text_field( $_REQUEST['employee_id']) ) : 0; 650 649 651 650 // Check permission … … 681 680 $this->verify_nonce('employee_update_compensation'); 682 681 683 $employee_id = isset($_REQUEST['employee_id']) ? sanitize_text_field( intval($_REQUEST['employee_id']) ) : 0;682 $employee_id = isset($_REQUEST['employee_id']) ? intval(sanitize_text_field( $_REQUEST['employee_id']) ) : 0; 684 683 685 684 // Check permission … … 730 729 $this->verify_nonce('wp-wphr-hr-nonce'); 731 730 732 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;731 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 733 732 $query = $wpdb->prepare( "SELECT module, user_id FROM {$wpdb->prefix}wphr_hr_employee_history WHERE id = %d", $id); 734 733 $get_module = $wpdb->get_row($query); … … 760 759 $this->verify_nonce('employee_update_jobinfo'); 761 760 762 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;763 764 $location = isset($_POST['location']) ? sanitize_text_field( intval($_POST['location']) ) : 0;765 $department = isset($_POST['department']) ? sanitize_text_field( intval($_POST['department']) ) : 0;766 $designation = isset($_POST['designation']) ? sanitize_text_field( intval($_POST['designation']) ) : 0;767 $reporting_to = isset($_POST['reporting_to']) ? sanitize_text_field(intval($_POST['reporting_to']) ) : 0;761 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field( $_POST['employee_id']) ) : 0; 762 763 $location = isset($_POST['location']) ? intval(sanitize_text_field($_POST['location']) ) : 0; 764 $department = isset($_POST['department']) ? intval(sanitize_text_field($_POST['department']) ) : 0; 765 $designation = isset($_POST['designation']) ? intval(sanitize_text_field($_POST['designation']) ) : 0; 766 $reporting_to = isset($_POST['reporting_to']) ? intval(sanitize_text_field($_POST['reporting_to']) ) : 0; 768 767 $date = ( empty($_POST['date']) ) ? current_time('mysql') : sanitize_text_field( $_POST['date'] ); 769 768 $additional=serialize($_POST['additional']); … … 791 790 public function employee_update_notes() { 792 791 $this->verify_nonce('wp-wphr-hr-employee-nonce'); 793 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;792 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 794 793 // $note = isset($_POST['note']) ? sanitize_text_field( $_POST['note'] ) : 0; 795 794 // $note_by = get_current_user_id(); … … 826 825 $this->verify_nonce('wp-wphr-hr-employee-nonce'); 827 826 828 $employee_id = isset($_POST['user_id']) ? sanitize_text_field( intval($_POST['user_id']) ) : 0;827 $employee_id = isset($_POST['user_id']) ? intval(sanitize_text_field($_POST['user_id']) ) : 0; 829 828 830 829 $note = isset($_POST['note']) ? sanitize_text_field($_POST['note']) : 0; … … 848 847 */ 849 848 public function employee_load_note() { 850 $employee_id = isset($_POST['user_id']) ? sanitize_text_field( intval($_POST['user_id']) ) : 0;851 $total_no = isset($_POST['total_no']) ? sanitize_text_field( intval($_POST['total_no']) ) : 0;852 $offset_no = isset($_POST['offset_no']) ? sanitize_text_field( intval($_POST['offset_no']) ) : 0;849 $employee_id = isset($_POST['user_id']) ? intval(sanitize_text_field($_POST['user_id']) ) : 0; 850 $total_no = isset($_POST['total_no']) ? intval(sanitize_text_field($_POST['total_no']) ) : 0; 851 $offset_no = isset($_POST['offset_no']) ? intval(sanitize_text_field($_POST['offset_no']) ) : 0; 853 852 854 853 $employee = new Employee($employee_id); … … 871 870 check_admin_referer('wp-wphr-hr-nonce'); 872 871 873 $note_id = isset($_POST['note_id']) ? sanitize_text_field( intval($_POST['note_id']) ) : 0;872 $note_id = isset($_POST['note_id']) ? intval(sanitize_text_field($_POST['note_id']) ) : 0; 874 873 $employee = new Employee(); 875 874 … … 896 895 $this->verify_nonce('employee_update_terminate'); 897 896 898 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;897 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 899 898 $terminate_date = ( empty($_POST['terminate_date']) ) ? current_time('mysql') : sanitize_text_field($_POST['terminate_date']); 900 899 $termination_type = isset($_POST['termination_type']) ? sanitize_text_field($_POST['termination_type']) : ''; … … 934 933 $this->verify_nonce('wp-wphr-hr-nonce'); 935 934 936 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;935 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 937 936 938 937 if (!$id) { … … 1028 1027 public function mark_read_announcement() { 1029 1028 $this->verify_nonce('wp-wphr-hr-nonce'); 1030 $row_id = sanitize_text_field( intval($_POST['id']) );1029 $row_id = intval(sanitize_text_field($_POST['id']) ); 1031 1030 1032 1031 \WPHR\HR_MANAGER\HRM\Models\Announcement::find($row_id)->update(['status' => 'read']); … … 1046 1045 1047 1046 $this->verify_nonce('wp-wphr-hr-nonce'); 1048 $post_id = sanitize_text_field( intval($_POST['id']) );1047 $post_id = intval(sanitize_text_field($_POST['id']) ); 1049 1048 if (!$post_id) { 1050 1049 $this->send_error(); … … 1083 1082 1084 1083 if ($type && $type == 'reviews') { 1085 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1086 $review_id = isset($_POST['review_id']) ? sanitize_text_field( intval($_POST['review_id']) ) : 0;1087 $reporting_to = isset($_POST['reporting_to']) ? sanitize_text_field( intval($_POST['reporting_to']) ) : 0;1088 $job_knowledge = isset($_POST['job_knowledge']) ? sanitize_text_field( intval($_POST['job_knowledge']) ) : 0;1089 $work_quality = isset($_POST['work_quality']) ? sanitize_text_field( intval($_POST['work_quality']) ) : 0;1090 $attendance = isset($_POST['attendance']) ? sanitize_text_field( intval($_POST['attendance']) ) : 0;1091 $communication = isset($_POST['communication']) ? sanitize_text_field( intval($_POST['communication']) ) : 0;1092 $dependablity = isset($_POST['dependablity']) ? sanitize_text_field( intval($_POST['dependablity']) ) : 0;1084 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1085 $review_id = isset($_POST['review_id']) ? intval(sanitize_text_field($_POST['review_id']) ) : 0; 1086 $reporting_to = isset($_POST['reporting_to']) ? intval(sanitize_text_field($_POST['reporting_to']) ) : 0; 1087 $job_knowledge = isset($_POST['job_knowledge']) ? intval(sanitize_text_field($_POST['job_knowledge']) ) : 0; 1088 $work_quality = isset($_POST['work_quality']) ? intval(sanitize_text_field($_POST['work_quality']) ) : 0; 1089 $attendance = isset($_POST['attendance']) ? intval(sanitize_text_field($_POST['attendance']) ) : 0; 1090 $communication = isset($_POST['communication']) ? intval(sanitize_text_field($_POST['communication']) ) : 0; 1091 $dependablity = isset($_POST['dependablity']) ? intval(sanitize_text_field($_POST['dependablity']) ) : 0; 1093 1092 $performance_date = ( empty($_POST['performance_date']) ) ? current_time('mysql') : sanitize_text_field( $_POST['performance_date'] ); 1094 1093 $additional=serialize($_POST['additional']); … … 1119 1118 if ($type && $type == 'comments') { 1120 1119 1121 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1122 $review_id = isset($_POST['review_id']) ? sanitize_text_field( intval($_POST['review_id']) ) : 0;1123 $reviewer = isset($_POST['reviewer']) ? sanitize_text_field( intval($_POST['reviewer']) ) : 0;1120 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1121 $review_id = isset($_POST['review_id']) ? intval(sanitize_text_field($_POST['review_id']) ) : 0; 1122 $reviewer = isset($_POST['reviewer']) ? intval(sanitize_text_field($_POST['reviewer']) ) : 0; 1124 1123 $comments = isset($_POST['comments']) ? esc_textarea($_POST['comments']) : ''; 1125 1124 $performance_date = ( empty($_POST['performance_date']) ) ? current_time('mysql') : sanitize_text_field( $_POST['performance_date'] ); … … 1144 1143 if ($type && $type == 'goals') { 1145 1144 1146 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1147 $review_id = isset($_POST['review_id']) ? sanitize_text_field( intval($_POST['review_id']) ) : 0;1145 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1146 $review_id = isset($_POST['review_id']) ? intval(sanitize_text_field($_POST['review_id']) ) : 0; 1148 1147 $completion_date = ( empty($_POST['completion_date']) ) ? current_time('mysql') : sanitize_text_field( $_POST['completion_date'] ); 1149 1148 $goal_description = isset($_POST['goal_description']) ? esc_textarea($_POST['goal_description']) : ''; 1150 1149 $employee_assessment = isset($_POST['employee_assessment']) ? esc_textarea($_POST['employee_assessment']) : ''; 1151 $supervisor = isset($_POST['supervisor']) ? sanitize_text_field( intval($_POST['supervisor']) ) : 0;1150 $supervisor = isset($_POST['supervisor']) ? intval(sanitize_text_field($_POST['supervisor']) ) : 0; 1152 1151 $supervisor_assessment = isset($_POST['supervisor_assessment']) ? esc_textarea($_POST['supervisor_assessment']) : ''; 1153 1152 $performance_date = ( empty($_POST['performance_date']) ) ? current_time('mysql') : sanitize_text_field($_POST['performance_date']); … … 1198 1197 $this->verify_nonce('wp-wphr-hr-nonce'); 1199 1198 1200 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;1199 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 1201 1200 1202 1201 if (!current_user_can('wphr_delete_review')) { … … 1217 1216 $this->verify_nonce('wphr-work-exp-form'); 1218 1217 1219 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1218 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1220 1219 1221 1220 // Check permission … … 1224 1223 } 1225 1224 1226 $exp_id = isset($_POST['exp_id']) ? sanitize_text_field( intval($_POST['exp_id']) ): 0;1225 $exp_id = isset($_POST['exp_id']) ? intval(sanitize_text_field($_POST['exp_id']) ): 0; 1227 1226 $company_name = isset($_POST['company_name']) ? sanitize_text_field($_POST['company_name']) : ''; 1228 1227 $job_title = isset($_POST['job_title']) ? sanitize_text_field($_POST['job_title']) : ''; … … 1272 1271 $this->verify_nonce('wp-wphr-hr-nonce'); 1273 1272 1274 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;1275 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1273 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 1274 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1276 1275 1277 1276 if (!$employee_id) { … … 1300 1299 $this->verify_nonce('wphr-hr-education-form'); 1301 1300 1302 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1301 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1303 1302 1304 1303 // Check permission … … 1307 1306 } 1308 1307 1309 $edu_id = isset($_POST['edu_id']) ? sanitize_text_field( intval($_POST['edu_id']) ) : 0;1308 $edu_id = isset($_POST['edu_id']) ? intval(sanitize_text_field($_POST['edu_id']) ) : 0; 1310 1309 $school = isset($_POST['school']) ? sanitize_text_field($_POST['school']) : ''; 1311 1310 $degree = isset($_POST['degree']) ? sanitize_text_field($_POST['degree']) : ''; 1312 1311 $field = isset($_POST['field']) ? sanitize_text_field($_POST['field']) : ''; 1313 $finished = isset($_POST['finished']) ? sanitize_text_field( intval($_POST['finished']) ) : '';1312 $finished = isset($_POST['finished']) ? intval(sanitize_text_field($_POST['finished']) ) : ''; 1314 1313 $notes = isset($_POST['notes']) ? sanitize_text_field($_POST['notes']) : ''; 1315 1314 $interest = isset($_POST['interest']) ? sanitize_text_field($_POST['interest']) : ''; … … 1357 1356 $this->verify_nonce('wp-wphr-hr-nonce'); 1358 1357 1359 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;1360 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1358 $id = isset($_POST['id']) ? intval(sanitize_text_field( $_POST['id']) ) : 0; 1359 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1361 1360 1362 1361 if (!$employee_id) { … … 1384 1383 public function employee_dependent_create() { 1385 1384 $this->verify_nonce('wphr-hr-dependent-form'); 1386 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1385 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1387 1386 1388 1387 // Check permission … … 1391 1390 } 1392 1391 1393 $dep_id = isset($_POST['dep_id']) ? sanitize_text_field( intval($_POST['dep_id']) ): 0;1392 $dep_id = isset($_POST['dep_id']) ? intval(sanitize_text_field($_POST['dep_id']) ): 0; 1394 1393 $name = isset($_POST['name']) ? sanitize_text_field($_POST['name']) : ''; 1395 1394 $relation = isset($_POST['relation']) ? sanitize_text_field($_POST['relation']) : ''; … … 1433 1432 $this->verify_nonce('wp-wphr-hr-nonce'); 1434 1433 1435 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;1436 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1434 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 1435 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1437 1436 1438 1437 if (!$employee_id) { … … 1467 1466 } 1468 1467 1469 $policy_id = isset($_POST['policy-id']) ? sanitize_text_field( intval($_POST['policy-id']) ) : 0;1468 $policy_id = isset($_POST['policy-id']) ? intval(sanitize_text_field($_POST['policy-id']) ) : 0; 1470 1469 $name = isset($_POST['name']) ? sanitize_text_field($_POST['name']) : ''; 1471 $days = isset($_POST['days']) ? sanitize_text_field( intval($_POST['days']) ) : '';1470 $days = isset($_POST['days']) ? intval(sanitize_text_field($_POST['days']) ) : ''; 1472 1471 $color = isset($_POST['color']) ? sanitize_text_field($_POST['color']) : ''; 1473 $department = isset($_POST['department']) ? sanitize_text_field( intval($_POST['department']) ) : 0;1474 $designation = isset($_POST['designation']) ? sanitize_text_field( intval($_POST['designation']) ) : 0;1472 $department = isset($_POST['department']) ? intval(sanitize_text_field($_POST['department']) ) : 0; 1473 $designation = isset($_POST['designation']) ? intval(sanitize_text_field($_POST['designation']) ) : 0; 1475 1474 $gender = isset($_POST['gender']) ? sanitize_text_field($_POST['gender']) : 0; 1476 1475 $marital_status = isset($_POST['maritial']) ? sanitize_text_field($_POST['maritial']) : 0; 1477 $activate = isset($_POST['rateTransitions']) ? sanitize_text_field( intval($_POST['rateTransitions']) ) : 1;1476 $activate = isset($_POST['rateTransitions']) ? intval(sanitize_text_field($_POST['rateTransitions']) ) : 1; 1478 1477 $description = isset($_POST['description']) ? sanitize_text_field($_POST['description']) : ''; 1479 $after_x_day = isset($_POST['no_of_days']) ? sanitize_text_field( intval($_POST['no_of_days']) ) : '';1478 $after_x_day = isset($_POST['no_of_days']) ? intval(sanitize_text_field($_POST['no_of_days']) ) : ''; 1480 1479 $effective_date = isset($_POST['effective_date']) ? convert_to_data_format( sanitize_text_field($_POST['effective_date']) ) : ''; 1481 1480 $location = isset($_POST['location']) ? sanitize_text_field($_POST['location']) : ''; … … 1522 1521 } 1523 1522 1524 $holiday_id = isset($_POST['holiday_id']) ? sanitize_text_field( intval($_POST['holiday_id']) ) : 0;1523 $holiday_id = isset($_POST['holiday_id']) ? intval(sanitize_text_field( $_POST['holiday_id']) ) : 0; 1525 1524 $title = isset($_POST['title']) ? sanitize_text_field($_POST['title']) : ''; 1526 1525 $start_date = isset($_POST['start_date']) ? convert_to_data_format( sanitize_text_field($_POST['start_date']) ): ''; … … 1573 1572 } 1574 1573 1575 $id = isset($_POST['id']) ? sanitize_text_field( intval($_POST['id']) ) : 0;1574 $id = isset($_POST['id']) ? intval(sanitize_text_field($_POST['id']) ) : 0; 1576 1575 if ($id) { 1577 1576 wphr_hr_leave_policy_delete($id); … … 1597 1596 $this->verify_nonce('wp-wphr-hr-nonce'); 1598 1597 1599 $id = isset($_POST['employee_id']) && $_POST['employee_id'] ? sanitize_text_field( intval($_POST['employee_id']) ) : false;1598 $id = isset($_POST['employee_id']) && $_POST['employee_id'] ? intval(sanitize_text_field( $_POST['employee_id']) ) : false; 1600 1599 1601 1600 if (!$id) { … … 1654 1653 $financial_end_date = date('Y-m-d', strtotime(wphr_financial_end_date())); 1655 1654 1656 $employee_id = isset($_POST['employee_id']) && sanitize_text_field( $_POST['employee_id'] ) > 0 ? sanitize_text_field( intval($_POST['employee_id']) ) : false;1655 $employee_id = isset($_POST['employee_id']) && sanitize_text_field( $_POST['employee_id'] ) > 0 ? intval(sanitize_text_field($_POST['employee_id']) ) : false; 1657 1656 1658 1657 if ($start_date > $end_date) { … … 1754 1753 1755 1754 $flag = true; 1756 $id = isset($_POST['employee_id']) && sanitize_text_field( $_POST['employee_id'] ) ? sanitize_text_field( intval($_POST['employee_id']) ) : false;1755 $id = isset($_POST['employee_id']) && sanitize_text_field( $_POST['employee_id'] ) ? intval(sanitize_text_field($_POST['employee_id']) ) : false; 1757 1756 1758 1757 if (!$id) { … … 1815 1814 public function leave_assign_employee_policy() { 1816 1815 $this->verify_nonce('wp-wphr-hr-nonce'); 1817 $employee_id = isset($_POST['employee_id']) && sanitize_text_field($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : false;1816 $employee_id = isset($_POST['employee_id']) && sanitize_text_field($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : false; 1818 1817 1819 1818 if (!$employee_id) { … … 1891 1890 $this->verify_nonce('wp-wphr-hr-nonce'); 1892 1891 1893 $employee_id = isset($_POST['employee_id']) && sanitize_text_field($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : false;1894 $policy_id = isset($_POST['policy_id']) && sanitize_text_field($_POST['policy_id']) ? sanitize_text_field( intval($_POST['policy_id']) ) : false;1892 $employee_id = isset($_POST['employee_id']) && sanitize_text_field($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : false; 1893 $policy_id = isset($_POST['policy_id']) && sanitize_text_field($_POST['policy_id']) ? intval(sanitize_text_field($_POST['policy_id']) ) : false; 1895 1894 $available = 0; 1896 1895 … … 1961 1960 $to_time = !empty($_POST['to_time']) ? strtotime( sanitize_text_field( $_POST['to_time']) ) : 0; 1962 1961 1963 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;1964 $leave_policy = isset($_POST['leave_policy']) ? sanitize_text_field( intval($_POST['leave_policy']) ) : 0;1962 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 1963 $leave_policy = isset($_POST['leave_policy']) ? intval(sanitize_text_field($_POST['leave_policy']) ) : 0; 1965 1964 // @todo: date format may need to be changed when partial leave introduced 1966 1965 $start_date = isset($_POST['leave_from']) ? sanitize_text_field( convert_to_data_format( $_POST['leave_from'] ) . ' 00:00:00') : date_i18n('Y-m-d 00:00:00'); … … 2198 2197 $this->verify_nonce('wphr-hr-empl-leave-history'); 2199 2198 2200 $year = isset($_POST['year']) ? sanitize_text_field( intval($_POST['year']) ) : date('Y');2201 $employee_id = isset($_POST['employee_id']) ? sanitize_text_field( intval($_POST['employee_id']) ) : 0;2202 $policy = isset($_POST['leave_policy']) ? sanitize_text_field( intval($_POST['leave_policy']) ) : 'all';2199 $year = isset($_POST['year']) ? intval(sanitize_text_field($_POST['year']) ) : date('Y'); 2200 $employee_id = isset($_POST['employee_id']) ? intval(sanitize_text_field($_POST['employee_id']) ) : 0; 2201 $policy = isset($_POST['leave_policy']) ? intval(sanitize_text_field($_POST['leave_policy']) ) : 'all'; 2203 2202 2204 2203 $args = array( -
wp-hr-manager/trunk/modules/hrm/includes/class-employee.php
r2500839 r2512006 53 53 54 54 if ( is_int( $employee ) ) { 55 55 56 56 $user = get_user_by( 'id', $employee ); 57 57 -
wp-hr-manager/trunk/modules/hrm/includes/class-form-handler.php
r2485387 r2512006 518 518 519 519 $is_single = !isset($_POST['assignment_to']); 520 $leave_policy = isset($_POST['leave_policy']) ? sanitize_text_field( intval($_POST['leave_policy']) ) : '-1';520 $leave_policy = isset($_POST['leave_policy']) ? intval(sanitize_text_field($_POST['leave_policy']) ) : '-1'; 521 521 $leave_period = isset($_POST['leave_period']) ? sanitize_text_field($_POST['leave_period']) : '-1'; 522 $single_employee = isset($_POST['single_employee']) ? sanitize_text_field( intval($_POST['single_employee']) ) : '-1';523 $location = isset($_POST['location']) ? sanitize_text_field( intval($_POST['location']) ) : '-1';524 $department = isset($_POST['department']) ? sanitize_text_field( intval($_POST['department']) ) : '-1';522 $single_employee = isset($_POST['single_employee']) ? intval(sanitize_text_field($_POST['single_employee']) ) : '-1'; 523 $location = isset($_POST['location']) ? intval(sanitize_text_field($_POST['location']) ) : '-1'; 524 $department = isset($_POST['department']) ? intval(sanitize_text_field($_POST['department']) ) : '-1'; 525 525 $comment = isset($_POST['comment']) ? wp_kses_post($_POST['comment']) : '-1'; 526 526 -
wp-hr-manager/trunk/modules/hrm/includes/functions-employee.php
r2485387 r2512006 208 208 209 209 $employee_row_id1 = $wpdb->get_var( $wpdb->prepare('SELECT id FROM '.$wpdb->prefix .'wphr_hr_leave_requests WHERE user_id = %d', $user_id )); 210 if( $employee_row_id1){210 /*if( $employee_row_id1){ 211 211 $wpdb->update( $wpdb->prefix . 'wphr_hr_leave_requests', $employee_table_data, array( 'user_id' => $user_id ) ); 212 212 } … … 215 215 $employee_table_data['user_id'] = $user_id; 216 216 $wpdb->insert( $wpdb->prefix . 'wphr_hr_leave_requests', $employee_table_data ); 217 } 217 }*/ 218 218 foreach ( $data['personal'] as $key => $value ) { 219 219 -
wp-hr-manager/trunk/modules/hrm/includes/functions-leave.php
r2500839 r2512006 146 146 } ); 147 147 $results = $leave_requests->get()->toArray(); 148 $query = $wpdb->prepare("select * from `{$wpdb->prefix}wphr_hr_leave_requests` where `status` in (1, 2) and `user_id` = % 1$d and ( `start_date` BETWEEN %2$s AND %3$s OR `end_date` BETWEEN %4$s AND %5$s )", $user_id, $start_dateTime, $end_dateTime, $start_dateTime, $end_dateTime );148 $query = $wpdb->prepare("select * from `{$wpdb->prefix}wphr_hr_leave_requests` where `status` in (1, 2) and `user_id` = %d and ( `start_date` BETWEEN %s AND %s OR `end_date` BETWEEN %s AND %s )", $user_id, $start_dateTime, $end_dateTime, $start_dateTime, $end_dateTime ); 149 149 $results2 = $wpdb->get_results( $query ); 150 150 $exist = array(); … … 1231 1231 1232 1232 if ( is_array( $args['status'] ) ) { 1233 $where .= " `status`IN(" . implode( ",", array_map( 'intval', $args['status'] ) ) . ") ";1233 $where .= " req.status IN(" . implode( ",", array_map( 'intval', $args['status'] ) ) . ") "; 1234 1234 } else { 1235 $where .= " `status`= " . intval( $args['status'] ) . " ";1235 $where .= " req.status = " . intval( $args['status'] ) . " "; 1236 1236 } 1237 1237 … … 1301 1301 $limit = ( $args['number'] == '-1' ? '' : 'LIMIT %d, %d' ); 1302 1302 $table_name = $wpdb->prefix.'wphr_hr_leave_requests'; 1303 $sql = "SELECT req.id, req.user_id, u.display_name, req.policy_id, pol.name as policy_name, req.status, req.reason, req.comments, req.created_on, req.days, req.start_date, req.end_date FROM %1$s LEFT JOIN {$wpdb->prefix}wphr_hr_leave_policies AS pol ON pol.id = req.policy_id LEFT JOIN {$wpdb->users} AS u ON req.user_id = u.ID %2$s ORDER BY %3$s %4$s{$limit}";1303 $sql = "SELECT req.id, req.user_id, u.display_name, req.policy_id, pol.name as policy_name, req.status, req.reason, req.comments, req.created_on, req.days, req.start_date, req.end_date FROM {$table_name} as req LEFT JOIN {$wpdb->prefix}wphr_hr_leave_policies AS pol ON pol.id = req.policy_id LEFT JOIN {$wpdb->users} AS u ON req.user_id = u.ID {$where} ORDER BY {$args['orderby']} {$args['order']} {$limit}"; 1304 1304 1305 1305 if ( $requests === false ) { 1306 1306 1307 1307 if ( $args['number'] == '-1' ) { 1308 $requests = $wpdb->get_results( $ wpdb->prepare( $sql, $table_name, $where, $args['orderby'], $args['order'] ));1308 $requests = $wpdb->get_results( $sql ); 1309 1309 } else { 1310 $requests = $wpdb->get_results( $wpdb->prepare( $sql, $table_name, $where, $args['orderby'], $args['order'],absint( $args['offset'] ), absint( $args['number'] ) ) );1310 $requests = $wpdb->get_results( $wpdb->prepare( $sql, absint( $args['offset'] ), absint( $args['number'] ) ) ); 1311 1311 } 1312 1312 … … 1337 1337 $results = wp_cache_get( $cache_key, 'wphr' ); 1338 1338 $user_id_in = ''; 1339 if ( isset( $args['user_id_in'] ) ) { 1340 $user_id_in = 'AND user_id IN (' . implode( ',', $args['user_id_in'] ) . ') '; 1339 $user_id_list = (isset($args['user_id_in']) && is_array( $args['user_id_in'] ) ) ? $args['user_id_in'] : []; 1340 if ( isset( $args['user_id_in'] ) && is_array( $args['user_id_in'] ) ) { 1341 $user_id_in = 'AND user_id IN (' . implode( ',', array_fill(0, count($args['user_id_in']), '%d') ) . ') '; 1341 1342 } 1342 1343 foreach ( $statuses as $status => $label ) { … … 1347 1348 1348 1349 if ( $status == 4 ) { 1349 $sql2 = "SELECT COUNT(id) as num FROM {$wpdb->prefix}wphr_hr_leave_requests WHERE status = 1 AND is_archived = 1 %s GROUP BY status;"; 1350 $archived_cnt = $wpdb->get_row( $wpdb->prepare( $sql2, $user_id_in ) ); 1350 $sql2 = "SELECT COUNT(id) as num FROM {$wpdb->prefix}wphr_hr_leave_requests WHERE status = %d AND is_archived = %d {$user_id_in} GROUP BY status;"; 1351 $data = array( 1, 1 ) + $user_id_list; 1352 $archived_cnt = $wpdb->get_row( $wpdb->prepare( $sql2, $data) ); 1351 1353 if ( $archived_cnt ) { 1352 1354 $counts[$status] = array( … … 1356 1358 } 1357 1359 } elseif ( $status == 1 ) { 1358 $sql3 = "SELECT COUNT(id) as num FROM {$wpdb->prefix}wphr_hr_leave_requests WHERE status = 1 AND is_archived = 0 %s GROUP BY status;"; 1359 $approved_cnt = $wpdb->get_row( $wpdb->prepare( $sql3, $user_id_in ) ); 1360 $sql3 = "SELECT COUNT(id) as num FROM {$wpdb->prefix}wphr_hr_leave_requests WHERE status = %d AND is_archived = %d {$user_id_in} GROUP BY status;"; 1361 $data = array( 1, 0 ) + $user_id_list; 1362 $approved_cnt = $wpdb->get_row( $wpdb->prepare( $sql3, $data ) ); 1360 1363 if ( $approved_cnt ) { 1361 1364 $counts[$status] = array( … … 1369 1372 1370 1373 if ( false === $results ) { 1371 $sql = "SELECT status, COUNT(id) as num FROM {$wpdb->prefix}wphr_hr_leave_requests WHERE status != 0 %s GROUP BY status;"; 1372 $results = $wpdb->get_results( $wpdb->prepare( $sql, $user_id_in ) ); 1374 $sql = "SELECT status, COUNT(id) as num FROM {$wpdb->prefix}wphr_hr_leave_requests WHERE status != %d {$user_id_in} GROUP BY status;"; 1375 $data = array( 0 ) + $user_id_list; 1376 $results = $wpdb->get_results( $wpdb->prepare( $sql, $data ) ); 1373 1377 wp_cache_set( $cache_key, $results, 'wphr' ); 1374 1378 } … … 1573 1577 $where .= " AND en.policy_id = " . intval( $args['policy_id'] ); 1574 1578 } 1575 $query = "SELECT en.*, u.display_name as employee_name, pol.name as policy_name FROM {$wpdb->prefix}wphr_hr_leave_entitlements AS en LEFT JOIN {$wpdb->prefix}wphr_hr_leave_policies AS pol ON pol.id = en.policy_id LEFT JOIN {$wpdb->users} AS u ON en.user_id = u.ID %1$s ORDER BY %2$s %3$s LIMIT %4$d,%5$d";1576 $sql = $wpdb->prepare( $query, $where, $args['orderby'], $args['order'],absint( $args['offset'] ), absint( $args['number'] ) );1579 $query = "SELECT en.*, u.display_name as employee_name, pol.name as policy_name FROM {$wpdb->prefix}wphr_hr_leave_entitlements AS en LEFT JOIN {$wpdb->prefix}wphr_hr_leave_policies AS pol ON pol.id = en.policy_id LEFT JOIN {$wpdb->users} AS u ON en.user_id = u.ID {$where} ORDER BY {$args['orderby']} {$args['order']} LIMIT %d,%d"; 1580 $sql = $wpdb->prepare( $query, absint( $args['offset'] ), absint( $args['number'] ) ); 1577 1581 $results = $wpdb->get_results( $sql ); 1578 1582 return $results; … … 1759 1763 $query = "SELECT req.id, req.days, req.policy_id, req.start_date, req.end_date, en.days as entitlement"; 1760 1764 $query .= " FROM {$wpdb->prefix}wphr_hr_leave_requests AS req"; 1761 $query .= " LEFT JOIN {$wpdb->prefix}wphr_hr_leave_entitlements as en on (req.user_id = en.user_id and req.policy_id = en.policy_id and en.from_date >= % 1$s )";1762 $query .= " WHERE req.status = 1 and req.user_id = % 2$d AND ( req.start_date >= %3$s AND req.end_date <= %4$s )";1765 $query .= " LEFT JOIN {$wpdb->prefix}wphr_hr_leave_entitlements as en on (req.user_id = en.user_id and req.policy_id = en.policy_id and en.from_date >= %s )"; 1766 $query .= " WHERE req.status = 1 and req.user_id = %d AND ( req.start_date >= %s AND req.end_date <= %s )"; 1763 1767 $sql = $wpdb->prepare( $query, $financial_start_date, $user_id, $financial_start_date, $financial_end_date ); 1764 1768 $results = $wpdb->get_results( $sql ); -
wp-hr-manager/trunk/modules/hrm/views/employee/tab-general.php
r2127919 r2512006 204 204 <tbody> 205 205 <?php foreach ($dependents as $key => $dependent) { ?> 206 <?php $dependent->dob = wphr_format_date( $dependent->dob ); ?>206 <?php //$dependent->dob = wphr_format_date( $dependent->dob ); ?> 207 207 <tr class="<?php echo $key % 2 == 0 ? 'alternate' : 'odd'; ?>"> 208 208 <td><?php echo esc_html( $dependent->name ); ?></td> -
wp-hr-manager/trunk/modules/hrm/views/employee/tab-job.php
r2279207 r2512006 73 73 <th><?php _e( 'Comment', 'wphr' ) ?></th> 74 74 <?php 75 75 76 foreach ($jobes as $key => $value) { 76 77 # code... … … 89 90 if ( $history['employment'] ) { 90 91 $types = wphr_hr_get_employee_types() + ['terminated' => __( 'Terminated', 'wphr' ) ]; 91 92 92 93 foreach ($history['employment'] as $num => $row) { 93 94 ?> -
wp-hr-manager/trunk/modules/hrm/views/employee/tab-performance.php
r2279207 r2512006 154 154 <tbody> 155 155 <tr><td><ul> 156 <?php//do_action( 'wphr-hr-employee-single-performace-review', $employee ); ?></ul>156 <?php //do_action( 'wphr-hr-employee-single-performace-review', $employee ); ?></ul> 157 157 </td></tr> 158 158 </tbody> -
wp-hr-manager/trunk/modules/hrm/views/js-templates/compensation.php
r2279207 r2512006 50 50 </div> 51 51 <div class="row"> 52 <ul> <?php do_action( 'wphr-hr-employee-job-compensation', $employee ); ?>52 <ul> <?php //do_action( 'wphr-hr-employee-job-compensation', $employee ); ?> 53 53 </ul> 54 54 </div> -
wp-hr-manager/trunk/modules/hrm/views/js-templates/employee-terminate.php
r2485387 r2512006 1 <?php $employee_id = isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : null; ?>1 <?php $employee_id = isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : null; ?> 2 2 3 3 <div class="terminate-form-wrap"> -
wp-hr-manager/trunk/modules/hrm/views/js-templates/job-info.php
r2485387 r2512006 1 <?php $employee_id = isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : null; ?>1 <?php $employee_id = isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : null; ?> 2 2 3 3 <div class="info-form-wrap"> -
wp-hr-manager/trunk/modules/hrm/views/js-templates/performance-comments.php
r2485387 r2512006 1 <?php $employee_id = isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : null; ?>1 <?php $employee_id = isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : null; ?> 2 2 3 3 <div class="performance-form-wrap"> -
wp-hr-manager/trunk/modules/hrm/views/js-templates/performance-reviews.php
r2485387 r2512006 1 <?php $employee_id = isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : null; ?>1 <?php $employee_id = isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : null; ?> 2 2 3 3 <div class="performance-form-wrap"> -
wp-hr-manager/trunk/modules/wp-hr-frontend/templates/employee-profile/employee-profile.php
r2485387 r2512006 1 1 <?php 2 2 $action = isset( $_GET['action'] ) ? sanitize_text_field($_GET['action']) : 'list'; 3 $id = isset( $_GET['id'] ) ? sanitize_text_field( intval( $_GET['id'] ) ) : 0;3 $id = isset( $_GET['id'] ) ? intval(sanitize_text_field( $_GET['id'] ) ) : 0; 4 4 5 5 switch ($action) { -
wp-hr-manager/trunk/readme.txt
r2500839 r2512006 6 6 Requires at least: 5.0 7 7 Tested up to: 5.7 8 Stable tag: 2.9. 58 Stable tag: 2.9.6 9 9 License: GPLv2 10 10 Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=GLKGN964GRZJW … … 191 191 192 192 == Changelog == 193 194 = v2.9.6 -> 09 April 2021 195 * Fixed Leave Issue 196 * Fixed Add New Employee Issue 197 193 198 = v2.9.5 -> 22 March 2021 194 199 * Fixed All Security Issues -
wp-hr-manager/trunk/wp-hr-manager.php
r2500839 r2512006 7 7 * Author: Black and White Digital Ltd 8 8 * Author URI: http://www.wphrmanager.com 9 * Version: 2.9. 59 * Version: 2.9.6 10 10 * Requires at least: 5 11 11 * License: GPLv2
Note: See TracChangeset
for help on using the changeset viewer.