Changeset 2558566
- Timestamp:
- 07/05/2021 07:21:23 AM (5 years ago)
- Location:
- ticketrilla-server/trunk/includes
- Files:
-
- 9 edited
-
admin/assets/js/ticketrilla.js (modified) (1 diff)
-
admin/core/class-page.php (modified) (5 diffs)
-
admin/templates/page/ticketrilla-server-tickets-single.php (modified) (4 diffs)
-
core/class-licenses.php (modified) (7 diffs)
-
core/class-link.php (modified) (1 diff)
-
core/class-users.php (modified) (15 diffs)
-
core/class-widget.php (modified) (1 diff)
-
core/services/class-ticket-service.php (modified) (1 diff)
-
short-functions.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
ticketrilla-server/trunk/includes/admin/assets/js/ticketrilla.js
r2556849 r2558566 686 686 var $form = $(this).parents("form"); 687 687 $all.each(function(){ 688 if ( $(this).data(' target') ) {688 if ( $(this).data('bs-target') ) { 689 689 if ( $(this).is(":selected") ) { 690 690 $form.find( $(this).data('bs-target') ).collapse('show'); -
ticketrilla-server/trunk/includes/admin/core/class-page.php
r2556849 r2558566 94 94 switch ( $fields_key ) { 95 95 case 'first_name': 96 if ( get_user_meta( $user_id, 'first_name', true) != $fields['first_name'] ) { 97 if ( !update_user_meta( $user_id, 'first_name', $fields['first_name'] ) ) { 96 $first_name = sanitize_text_field( $fields['first_name'] ); 97 if ( get_user_meta( $user_id, 'first_name', true) != $first_name ) { 98 if ( !update_user_meta( $user_id, 'first_name', $first_name ) ) { 98 99 $errors['first_name'] = esc_html__('Errors with updating', 'ttls_translate'); 99 100 } … … 101 102 break; 102 103 case 'nickname': 103 if ( get_user_meta( $user_id, 'nickname', true) != $fields['nickname'] ) { 104 105 if ( !update_user_meta( $user_id, 'nickname', $fields['nickname'] ) ) { 104 $nickname = sanitize_text_field( $fields['nickname'] ); 105 if ( get_user_meta( $user_id, 'nickname', true) != $nickname ) { 106 107 if ( !update_user_meta( $user_id, 'nickname', $nickname ) ) { 106 108 $errors['nickname'] = esc_html__('Errors with updating', 'ttls_translate'); 107 109 } … … 109 111 break; 110 112 case 'email': 111 if ( !is_email( $fields['email'] ) ) { 113 $email = sanitize_email( $fields['email'] ); 114 if ( !is_email( $email ) ) { 112 115 $errors['email'] = esc_html__('It is not e-mail', 'ttls_translate'); 113 116 } 114 117 $userdata = array( 115 118 'ID' => $user_id, 116 'user_email' => $ fields['email'],119 'user_email' => $email, 117 120 ); 118 121 $user_update = wp_update_user( $userdata ); … … 122 125 break; 123 126 case 'ttls_user_password': 127 $ttls_user_password = sanitize_text_field( $fields['ttls_user_password'] ); 124 128 $userdata = array( 125 129 'ID' => $user_id 126 130 ); 127 if ( empty( $ fields['ttls_user_password']) ) {131 if ( empty( $ttls_user_password ) ) { 128 132 $errors['password'] = esc_html__('New password is empty', 'ttls_translate'); 129 133 break; 130 134 } else { 131 $userdata['user_pass'] = $ fields['ttls_user_password'];135 $userdata['user_pass'] = $ttls_user_password; 132 136 } 133 137 $user_update = wp_update_user( $userdata ); … … 181 185 182 186 foreach ( $fields as $key => $value) { 183 $sanitize = a rray(187 $sanitize = apply_filters( 'ttls_check_option-'.$key, array( 184 188 'value' => $value, 185 189 'old' => get_option( $key ) 186 ); 187 $sanitize = apply_filters( 'ttls_check_option-'.$key, $sanitize); 190 )); 188 191 if ( !empty( $sanitize['error'] ) ) { 189 192 $errors[$key] = $sanitize['error']; -
ticketrilla-server/trunk/includes/admin/templates/page/ticketrilla-server-tickets-single.php
r2556849 r2558566 89 89 <option value="pending"><?php echo esc_html__('Waiting for agent\'s response', 'ttls_translate'); ?></option> 90 90 <option value="replied"><?php echo esc_html__('Agent replied', 'ttls_translate'); ?></option> 91 <option value="closed" data- target=".ttls__ticketClose"><?php echo esc_html__('Close ticket', 'ttls_translate'); ?></option>91 <option value="closed" data-bs-target=".ttls__ticketClose"><?php echo esc_html__('Close ticket', 'ttls_translate'); ?></option> 92 92 </select> 93 93 <!-- span.help-block state--> … … 116 116 <option value="client_cancel"><?php echo esc_html__('Client closed ticket', 'ttls_translate'); ?></option> 117 117 <option value="client_refund"><?php echo esc_html__('Client was refunded', 'ttls_translate'); ?></option> 118 <option value="" data- target=".ttls__reason"><?php echo esc_html__('Other', 'ttls_translate'); ?></option>118 <option value="" data-bs-target=".ttls__reason"><?php echo esc_html__('Other', 'ttls_translate'); ?></option> 119 119 </select> 120 120 <!-- span.help-block state--> … … 201 201 <option value="pending"><?php echo esc_html__('Waiting for agent\'s response', 'ttls_translate'); ?></option> 202 202 <option value="replied"><?php echo esc_html__('Agent replied', 'ttls_translate'); ?></option> 203 <option value="closed" data- target=".ttls__ticketClose"><?php echo esc_html__('Close ticket', 'ttls_translate'); ?></option>203 <option value="closed" data-bs-target=".ttls__ticketClose"><?php echo esc_html__('Close ticket', 'ttls_translate'); ?></option> 204 204 </select> 205 205 <!-- span.help-block state--> … … 229 229 <option value="client_cancel"><?php echo esc_html__('Client closed ticket', 'ttls_translate'); ?></option> 230 230 <option value="client_refund"><?php echo esc_html__('Client was refunded', 'ttls_translate'); ?></option> 231 <option value="" data- target=".ttls__reason"><?php echo esc_html__('Other', 'ttls_translate'); ?></option>231 <option value="" data-bs-target=".ttls__reason"><?php echo esc_html__('Other', 'ttls_translate'); ?></option> 232 232 </select> 233 233 <!-- span.help-block state--> -
ticketrilla-server/trunk/includes/core/class-licenses.php
r2556849 r2558566 167 167 static function add_license( $fields ){ 168 168 parse_str( $_POST['fields'], $fields ); 169 $new_license = array(); 169 170 170 171 if ( empty( $fields['license_type'] ) ) { 171 172 wp_send_json_error( array( 'message' => esc_html__('Select license type', 'ttls_translate') ) ); 172 173 } 174 $new_license['license_type'] = sanitize_text_field( $fields['license_type'] ); 173 175 if ( empty( $fields['product_id'] ) ) { 174 176 wp_send_json_error( array( 'message' => esc_html__('Select product', 'ttls_translate') ) ); 175 177 } 176 if ( empty( $fields['license_verified'] ) ) { 177 $fields['license_verified'] = false; 178 } 179 if ( empty( $fields['license_have_support'] ) ) { 180 $fields['license_have_support'] = false; 181 } 182 $license_adder = (new TTLS_License)->add( $fields ); 178 $new_license['product_id'] = sanitize_key( $fields['product_id'] ); 179 $new_license['license_verified'] = empty( $fields['license_verified'] ) ? false : sanitize_text_field( $fields['license_verified'] ); 180 $new_license['license_have_support'] = empty( $fields['license_have_support'] ) ? false : sanitize_text_field( $fields['license_have_support'] ); 181 $new_license['user'] = sanitize_key( $fields['user'] ); 182 if( ! empty( $fields['license_token'] ) ) { 183 $new_license['license_token'] = sanitize_text_field( $fields['license_token'] ); 184 } 185 186 $license_adder = (new TTLS_License)->add( $new_license ); 183 187 if ( is_wp_error( $license_adder ) ) { 184 188 wp_send_json_error( array( 'message' => esc_html__( $license_adder->get_error_message(), 'ttls_translate') ) ); 185 189 } else { 186 $this_user = (new TTLS_Users)->get_user( $fields['user'] ); 190 191 $this_user = (new TTLS_Users)->get_user( $new_license['user'] ); 187 192 $row_user_data = array( 188 193 'rowspan' => 1, 189 'id' => $ fields['user'],194 'id' => $new_license['user'], 190 195 'name' => $this_user['name'], 191 196 'login' => $this_user['login'], … … 197 202 'rowspan' => 1, 198 203 'name' => $license_adder['type'], 199 'user' => $ fields['user']204 'user' => $new_license['user'] 200 205 ); 201 206 if ( !empty( $fields['form_type'] ) AND $fields['form_type'] == 'license' ) { … … 319 324 if ( current_user_can( 'ttls_plugin_admin' ) ) { 320 325 parse_str( $_POST['fields'], $fields ); 321 $license = get_post( $fields['license_id'] ); 326 $license_fields = array(); 327 $license_fields['license_id'] = sanitize_key( $fields['license_id'] ); 328 $license_fields['ttls_license_verified'] = empty( $fields['ttls_license_verified'] ) ? false : sanitize_text_field( $fields['ttls_license_verified'] ); 329 $license_fields['ttls_license_have_support'] = empty( $fields['ttls_license_have_support'] ) ? false : sanitize_text_field( $fields['ttls_license_have_support'] ); 330 $license_fields['ttls_license_have_support_until'] = sanitize_text_field( $fields['ttls_license_have_support_until'] ); 331 332 $license = get_post( $license_fields['license_id'] ); 322 333 if ( is_wp_error( $license ) ) { 323 334 wp_send_json_error( array( 'message' => esc_html__( $license->get_error_message(), 'ttls_translate') ) ); … … 325 336 if ( $license->ttls_license_type == 'standard') { 326 337 $errors = array(); 327 if ( empty( $ fields['ttls_license_verified'] ) ) {338 if ( empty( $license_fields['ttls_license_verified'] ) ) { 328 339 if ( get_post_meta( $license->ID, 'ttls_license_verified', true ) ) { 329 340 if ( !delete_post_meta( $license->ID, 'ttls_license_verified' ) ) { … … 339 350 } 340 351 341 if ( empty( $ fields['ttls_license_have_support'] ) ) {352 if ( empty( $license_fields['ttls_license_have_support'] ) ) { 342 353 if ( get_post_meta( $license->ID, 'ttls_license_have_support', true ) ) { 343 354 if ( !delete_post_meta( $license->ID, 'ttls_license_have_support' ) ) { … … 353 364 } 354 365 355 if ( get_post_meta( $license->ID, 'ttls_license_have_support_until', true ) != $fields['ttls_license_have_support_until'] ) { 356 if ( !update_post_meta( $license->ID, 'ttls_license_have_support_until', $fields['ttls_license_have_support_until'] ) ) { 366 367 if ( get_post_meta( $license->ID, 'ttls_license_have_support_until', true ) != $license_fields['ttls_license_have_support_until'] ) { 368 if ( !update_post_meta( $license->ID, 'ttls_license_have_support_until', $license_fields['ttls_license_have_support_until'] ) ) { 357 369 $errors['ttls_license_have_support_until'] = esc_html__('Error', 'ttls_translate'); 358 370 } … … 367 379 'status' => false, 368 380 'message' => esc_html__( 'No update function for this license type' ), 369 'fields' => $ fields381 'fields' => $license_fields 370 382 ); 371 383 $response = apply_filters( 'ttls_ajax_update_license_'.$license->ttls_license_type, $response ); -
ticketrilla-server/trunk/includes/core/class-link.php
r2556849 r2558566 517 517 return new WP_Error( 'ttls_no_data_for_reset_pass', 'No username or email for reset', array( 'status' => 400 ) ); 518 518 } elseif ( strpos( $_POST['login'], '@' ) ) { // if the @ symbol is present then it is an email 519 $user_data = get_user_by( 'email', trim( wp_unslash( sanitize_text_field( $_POST['login'] ) ) ) ); // receive user's data via email519 $user_data = get_user_by( 'email', sanitize_email( wp_unslash( trim( $_POST['login'] ) ) ) ); // receive user's data via email 520 520 if ( empty( $user_data ) ){ // when this user is not found in the email 521 521 return new WP_Error( 'ttls_invalid_username', 'This user is not found', array( 'status' => 404 ) ); -
ticketrilla-server/trunk/includes/core/class-users.php
r2556849 r2558566 43 43 } else { 44 44 if ( is_email( $fields['email'] ) ) { 45 $userdata['user_email'] = $fields['email'];45 $userdata['user_email'] = sanitize_email( $fields['email'] ); 46 46 } else { 47 47 $errors['email'] = esc_html__('Email is wrong', 'ttls_translate'); … … 52 52 $errors['login'] = esc_html__('Username is required', 'ttls_translate'); 53 53 } else { 54 $userdata['user_login'] = $fields['login'];54 $userdata['user_login'] = sanitize_text_field( $fields['login'] ); 55 55 } 56 56 57 57 if ( !empty( $fields['name'] ) ) { 58 $userdata['first_name'] = $fields['name'];58 $userdata['first_name'] = sanitize_text_field( $fields['name'] ); 59 59 } 60 60 … … 106 106 } else { 107 107 if ( is_email( $fields['email'] ) ) { 108 $userdata['user_email'] = $fields['email'];108 $userdata['user_email'] = sanitize_email( $fields['email'] ); 109 109 } else { 110 110 $errors['email'] = esc_html__('Email is wrong', 'ttls_translate'); … … 115 115 $errors['login'] = esc_html__('Username is required', 'ttls_translate'); 116 116 } else { 117 $userdata['user_login'] = $fields['login'];117 $userdata['user_login'] = sanitize_text_field( $fields['login'] ); 118 118 } 119 119 … … 121 121 $errors['name'] = esc_html__('Name is required', 'ttls_translate'); 122 122 } else { 123 $userdata['first_name'] = $fields['name'];123 $userdata['first_name'] = sanitize_text_field( $fields['name'] ); 124 124 } 125 125 … … 131 131 $userdata['user_pass'] = wp_generate_password(); 132 132 } else { 133 $userdata['user_pass'] = $fields['ttls_user_password'];133 $userdata['user_pass'] = sanitize_text_field( $fields['ttls_user_password'] ); 134 134 } 135 135 … … 143 143 if( ! is_wp_error( $user_id ) ) { 144 144 if ( !empty( $fields['position'] ) ) { 145 update_user_meta( $user_id, 'nickname', $fields['position']);145 update_user_meta( $user_id, 'nickname', sanitize_text_field( $fields['position'] ) ); 146 146 } 147 147 if ( !empty( $fields['caps'] ) ) { … … 149 149 foreach ( $fields['caps'] as $c_k => $c_v ) { 150 150 if ( $c_v ) { 151 $caps_editor->add_cap( $c_k);151 $caps_editor->add_cap( sanitize_text_field( $c_k ) ); 152 152 } else { 153 $caps_editor->remove_cap( $c_k);153 $caps_editor->remove_cap( sanitize_text_field( $c_k ) ); 154 154 } 155 155 } … … 184 184 $message = ''; 185 185 $errors = array(); 186 $user_id = (int) sanitize_key( $fields['user_id'] ); 186 187 foreach ( $fields as $fields_key => $value) { 187 188 switch ( $fields_key ) { 188 189 case 'first_name': 189 if ( get_user_meta( (int) $fields['user_id'], 'first_name', true) != $fields['first_name'] ) { 190 if ( !update_user_meta( (int) $fields['user_id'], 'first_name', $fields['first_name'] ) ) { 190 $first_name = sanitize_text_field( $fields['first_name'] ); 191 if ( get_user_meta( $user_id, 'first_name', true) != $first_name ) { 192 if ( !update_user_meta( $user_id, 'first_name', $first_name ) ) { 191 193 $errors['first_name'] = esc_html__('Encountered an error while updating', 'ttls_translate'); 192 194 } … … 194 196 break; 195 197 case 'nickname': 196 if ( get_user_meta( (int) $fields['user_id'], 'nickname', true) != $fields['nickname'] ) { 197 198 if ( !update_user_meta( (int) $fields['user_id'], 'nickname', $fields['nickname'] ) ) { 198 $nickname = sanitize_text_field( $fields['nickname'] ); 199 if ( get_user_meta( $user_id, 'nickname', true) != $nickname ) { 200 201 if ( !update_user_meta( $user_id, 'nickname', $nickname ) ) { 199 202 $errors['nickname'] = esc_html__('Encountered an error while updating', 'ttls_translate'); 200 203 } … … 204 207 if ( is_email( $fields['email'] ) ) { 205 208 $userdata = array( 206 'ID' => (int) $fields['user_id'],207 'user_email' => $fields['email'],209 'ID' => $user_id, 210 'user_email' => sanitize_email( $fields['email'] ), 208 211 ); 209 212 $user_update = wp_update_user( $userdata ); … … 217 220 case 'ttls_user_password': 218 221 $userdata = array( 219 'ID' => (int) $fields['user_id']222 'ID' => $user_id 220 223 ); 221 224 if ( empty( $fields['ttls_user_password'] ) ) { … … 223 226 break; 224 227 } else { 225 $userdata['user_pass'] = $fields['ttls_user_password'];228 $userdata['user_pass'] = sanitize_text_field( $fields['ttls_user_password'] ); 226 229 } 227 230 $user_update = wp_update_user( $userdata ); … … 234 237 235 238 case 'caps': 236 $caps_editor = new WP_User( (int) $fields['user_id']);239 $caps_editor = new WP_User( $user_id ); 237 240 foreach ( $value as $c_k => $c_v ) { 238 241 if ( $c_v ) { 239 $caps_editor->add_cap( $c_k);242 $caps_editor->add_cap( sanitize_text_field( $c_k ) ); 240 243 } else { 241 $caps_editor->remove_cap( $c_k);244 $caps_editor->remove_cap( sanitize_text_field( $c_k ) ); 242 245 } 243 246 } … … 383 386 wp_send_json_error( array( 'message' => esc_html__('Error', 'ttls_translate'), 'errors' => array( 'recepient' => esc_html__('Chose the user for replacing', 'ttls_translate') ) ) ); 384 387 } else { 385 if ( $fields['user'] == $fields['recepient'] ) { 388 $user = sanitize_key( $fields['user'] ); 389 $recepient = sanitize_key( $fields['recepient'] ); 390 if ( $user == $recepient ) { 386 391 wp_send_json_error( array( 'message' => esc_html__('Error'), 'errors' => array( 'recepient' => esc_html__('The users deleted and replaced - are the same user', 'ttls_translate') ) ) ); 387 392 } else { 388 if ( wp_delete_user( $ fields['user'], $fields['recepient']) ) {393 if ( wp_delete_user( $user, $recepient ) ) { 389 394 wp_send_json_success( array( 'message' => esc_html__('Deleted', 'ttls_translate') ) ); 390 395 } else { -
ticketrilla-server/trunk/includes/core/class-widget.php
r2556849 r2558566 75 75 parse_str( $_POST['fields'], $fields ); 76 76 $user_id = get_current_user_id(); 77 delete_user_meta( $user_id, $fields['area'] ); 77 $area = sanitize_text_field( $fields['area'] ); 78 delete_user_meta( $user_id, $area ); 78 79 if ( !empty( $fields['widget'] ) ) { 79 80 foreach ( $fields['widget'] as $wgt ) { 80 add_user_meta( $user_id, $ fields['area'], $wgt);81 add_user_meta( $user_id, $area, sanitize_text_field( $wgt ) ); 81 82 } 82 83 } -
ticketrilla-server/trunk/includes/core/services/class-ticket-service.php
r2556849 r2558566 671 671 $content = sanitize_text_field( $fields['ttls_close_reason_text'] ); 672 672 } else { 673 $close_reason = Response::get_close_reason( $fields['ttls_close_reason']);673 $close_reason = Response::get_close_reason( sanitize_text_field( $fields['ttls_close_reason'] ) ); 674 674 $content = empty( $close_reason ) ? '' : $close_reason; 675 675 } -
ticketrilla-server/trunk/includes/short-functions.php
r2556849 r2558566 151 151 parse_str( $_POST['fields'], $fields ); 152 152 if ( !empty( $fields['server'] ) ) { 153 $code = 'TTL Server: '. esc_url( $fields['server'] );154 } else { 155 $code = 'TTL Server: '. esc_url( get_site_url() );156 } 157 158 159 if ( ! empty( $fields['description'] ) ) {153 $code = 'TTL Server: '. esc_url( $fields['server'] ); 154 } else { 155 $code = 'TTL Server: '. esc_url( get_site_url() ); 156 } 157 158 159 if ( ! empty( $fields['description'] ) ) { 160 160 // we do not translate this as it is used in style.css of theme or main file in plugin 161 161 $code .= "<br>" . 'TTL Description: '. esc_html( $fields['description'] );
Note: See TracChangeset
for help on using the changeset viewer.