Changeset 2608162
- Timestamp:
- 10/02/2021 05:44:12 AM (5 years ago)
- Location:
- udssl-time-tracker/trunk
- Files:
-
- 1 deleted
- 5 edited
-
admin/class-udssl-tt-admin.php (modified) (3 diffs)
-
inc/class-udssl-tt-db-interface.php (modified) (8 diffs)
-
inc/class-udssl-tt-enqueues.php (modified) (4 diffs)
-
index.php (modified) (1 diff)
-
lib/moment (deleted)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
udssl-time-tracker/trunk/admin/class-udssl-tt-admin.php
r2607725 r2608162 109 109 function udssl_settings_tabs(){ 110 110 if ( isset ( $_GET['tab'] ) ) : 111 $current = esc_attr( $_GET['tab'] );111 $current = sanitize_text_field( $_GET['tab'] ); 112 112 else: 113 113 $current = 'presets'; … … 135 135 echo '<h2 class="nav-tab-wrapper">'; 136 136 foreach ( $links as $link ): 137 echo $link; // All links are escaped above. 137 echo wp_kses($link, array('a' => 138 array( 139 'href' => array(), 140 'class' => array() 141 ) 142 )); 138 143 endforeach; 139 144 echo '</h2>'; … … 174 179 echo '<form action="options.php" method="post">'; 175 180 if ( isset ( $_GET['tab'] ) ) : 176 $tab = esc_html( $_GET['tab'] );181 $tab = sanitize_text_field( $_GET['tab'] ); 177 182 else: 178 183 $tab = 'presets'; -
udssl-time-tracker/trunk/inc/class-udssl-tt-db-interface.php
r2607725 r2608162 93 93 't_end' => strtotime($data->t_end), 94 94 't_duration' => strtotime($data->t_end) - strtotime($data->t_start), 95 't_category' => esc_sql( $data->t_category ),96 't_project' => esc_sql( $data->t_project ),97 't_task' => esc_sql( $data->t_task ),98 't_description' => esc_sql( $data->t_description )95 't_category' => sanitize_text_field( $data->t_category ), 96 't_project' => sanitize_text_field( $data->t_project ), 97 't_task' => sanitize_text_field( $data->t_task ), 98 't_description' => sanitize_text_field( $data->t_description ) 99 99 ); 100 100 … … 131 131 $data = array( 132 132 'c_id' => null, 133 'c_name' => esc_sql( $data->c_name ),134 'c_description' => esc_sql( $data->c_description )133 'c_name' => sanitize_text_field( $data->c_name ), 134 'c_description' => sanitize_text_field( $data->c_description ) 135 135 ); 136 136 … … 143 143 */ 144 144 function get_project_list(){ 145 global $wpdb; 146 $project_table = $wpdb->prefix . $this->project_table; 147 $project_table = sanitize_text_field($project_table); 148 $projects = $wpdb->get_results( 149 " 150 SELECT * 151 FROM $project_table 152 LIMIT 100 153 ", ARRAY_A 154 ); 155 156 return $projects; 157 } 158 159 /** 160 * Add Project 161 */ 162 function add_project($data){ 145 163 global $wpdb; 146 164 $project_table = $wpdb->prefix . $this->project_table; 147 165 $project_table = esc_sql($project_table); 148 $projects = $wpdb->get_results(149 "150 SELECT *151 FROM $project_table152 LIMIT 100153 ", ARRAY_A154 );155 156 return $projects;157 }158 159 /**160 * Add Project161 */162 function add_project($data){163 global $wpdb;164 $project_table = $wpdb->prefix . $this->project_table;165 $project_table = esc_sql($project_table);166 166 167 167 $data = array( 168 168 'p_id' => null, 169 'p_category' => esc_sql( $data->p_category ),170 'p_name' => esc_sql( $data->p_name ),171 'p_description' => esc_sql( $data->p_description )169 'p_category' => sanitize_text_field( $data->p_category ), 170 'p_name' => sanitize_text_field( $data->p_name ), 171 'p_description' => sanitize_text_field( $data->p_description ) 172 172 ); 173 173 … … 180 180 */ 181 181 function get_task_list(){ 182 global $wpdb; 183 $task_table = $wpdb->prefix . $this->task_table; 184 $task_table = sanitize_text_field($task_table); 185 $tasks = $wpdb->get_results( 186 " 187 SELECT * 188 FROM $task_table 189 WHERE ta_state != 2 or ta_state is null 190 LIMIT 100 191 ", ARRAY_A 192 ); 193 194 return $tasks; 195 } 196 197 /** 198 * Add Task 199 */ 200 function add_task($data){ 201 global $wpdb; 202 $task_table = $wpdb->prefix . $this->task_table; 203 $task_table = sanitize_text_field($task_table); 204 205 $data = array( 206 'ta_id' => null, 207 'ta_project' => sanitize_text_field( $data->ta_project ), 208 'ta_name' => sanitize_text_field( $data->ta_name ), 209 'ta_description' => sanitize_text_field( $data->ta_description ), 210 'ta_state' => 0, 211 'ta_price' => 0 212 ); 213 214 $r = $wpdb->insert( $task_table, $data ); 215 return $r; 216 } 217 218 /** 219 * Update Task 220 */ 221 function update_task($data){ 182 222 global $wpdb; 183 223 $task_table = $wpdb->prefix . $this->task_table; 184 224 $task_table = esc_sql($task_table); 185 $tasks = $wpdb->get_results(186 "187 SELECT *188 FROM $task_table189 WHERE ta_state != 2 or ta_state is null190 LIMIT 100191 ", ARRAY_A192 );193 194 return $tasks;195 }196 197 /**198 * Add Task199 */200 function add_task($data){201 global $wpdb;202 $task_table = $wpdb->prefix . $this->task_table;203 $task_table = esc_sql($task_table);204 225 205 226 $data = array( 206 227 'ta_id' => null, 207 'ta_project' => esc_sql( $data->ta_project ), 208 'ta_name' => esc_sql( $data->ta_name ), 209 'ta_description' => esc_sql( $data->ta_description ), 210 'ta_state' => 0, 228 'ta_project' => sanitize_text_field( $data->ta_project ), 229 'ta_name' => sanitize_text_field( $data->ta_name ), 230 'ta_description' => sanitize_text_field( $data->ta_description ), 211 231 'ta_price' => 0 212 232 ); 213 233 214 $r = $wpdb->insert( $task_table, $data );215 return $r;216 }217 218 /**219 * Update Task220 */221 function update_task($data){222 global $wpdb;223 $task_table = $wpdb->prefix . $this->task_table;224 $task_table = esc_sql($task_table);225 226 $data = array(227 'ta_id' => null,228 'ta_project' => esc_sql( $data->ta_project ),229 'ta_name' => esc_sql( $data->ta_name ),230 'ta_description' => esc_sql( $data->ta_description ),231 'ta_price' => 0232 );233 234 234 $r = $wpdb->update( $task_table, $data ); 235 235 return $r; … … 242 242 global $wpdb; 243 243 $payment_table = $wpdb->prefix . $this->payment_table; 244 $payment_table = esc_sql($payment_table);244 $payment_table = sanitize_text_field($payment_table); 245 245 $payments = $wpdb->get_results( 246 246 " … … 260 260 global $wpdb; 261 261 $payment_table = $wpdb->prefix . $this->payment_table; 262 $payment_table = esc_sql($payment_table);262 $payment_table = sanitize_text_field($payment_table); 263 263 264 264 $data = array( 265 265 'id' => null, 266 266 'time' => strtotime($data->time), 267 'category' => esc_sql( $data->category ),268 'project' => esc_sql( $data->project ),269 'task' => esc_sql( $data->task ),270 'paid' => esc_sql( $data->paid * 100 ),271 'charges' => esc_sql( $data->charges * 100 ),272 'effective' => esc_sql( $data->effective * 100 )267 'category' => sanitize_text_field( $data->category ), 268 'project' => sanitize_text_field( $data->project ), 269 'task' => sanitize_text_field( $data->task ), 270 'paid' => sanitize_text_field( $data->paid * 100 ), 271 'charges' => sanitize_text_field( $data->charges * 100 ), 272 'effective' => sanitize_text_field( $data->effective * 100 ) 273 273 ); 274 274 … … 283 283 global $wpdb; 284 284 $task_table = $wpdb->prefix . $this->task_table; 285 $task_table = esc_sql($task_table);285 $task_table = sanitize_text_field($task_table); 286 286 $where = array( 'ta_project' => $data->project, 287 'ta_name' => esc_sql( $data->task ));288 289 $data = array( 290 'ta_price' => esc_sql( $data->paid * 100),287 'ta_name' => sanitize_text_field( $data->task )); 288 289 $data = array( 290 'ta_price' => sanitize_text_field( $data->paid * 100), 291 291 'ta_state' => 2 292 292 ); … … 304 304 */ 305 305 $table_name = $wpdb->prefix . $this->time_table; 306 $table_name = esc_sql($table_name);306 $table_name = sanitize_text_field($table_name); 307 307 $sql = "DROP TABLE IF EXISTS $table_name"; 308 308 $e = $wpdb->query( $wpdb->prepare($sql)); -
udssl-time-tracker/trunk/inc/class-udssl-tt-enqueues.php
r2606695 r2608162 14 14 15 15 /** 16 * Backbone and Underscore16 * Moment, Backbone and Underscore 17 17 */ 18 add_action('wp_enqueue_scripts', array($this, 'moment')); 18 19 add_action('wp_enqueue_scripts', array($this, 'underscore')); 19 20 add_action('wp_enqueue_scripts', array($this, 'backbone')); … … 23 24 */ 24 25 add_action('wp_enqueue_scripts', array($this, 'charts_js')); 25 add_action('wp_enqueue_scripts', array($this, 'moment'));26 26 add_action('wp_enqueue_scripts', array($this, 'app')); 27 27 } … … 54 54 */ 55 55 function charts_js(){ 56 wp_enqueue_script('charts-js', 'https://cdnjs.cloudflare.com/ajax/libs/Chart.js/3.5.1/chart.min.js', array(), null, true);56 wp_enqueue_script('charts-js', UDSSL_TT_URL . 'lib/chartjs/chart.min.js', array(), null, true); 57 57 } 58 58 … … 61 61 */ 62 62 function moment(){ 63 wp_enqueue_script('moment -js', UDSSL_TT_URL . 'lib/moment/moment.min.js', array('jquery'), null, true);63 wp_enqueue_script('moment'); 64 64 } 65 65 -
udssl-time-tracker/trunk/index.php
r2607725 r2608162 4 4 * Plugin URI: http://udssl.com/udssl-time-tracker/ 5 5 * Description: UDSSL Time Tracker. Track your time easily. View graphs of time data. 6 * Version: 1.0. 16 * Version: 1.0.2 7 7 * Author: UDSSL 8 8 * Author URI: http://udssl.com/udssl-time-tracker/ -
udssl-time-tracker/trunk/readme.txt
r2607725 r2608162 6 6 Requires PHP: 5.6 7 7 Tested up to: 5.8.1 8 Stable tag: 1.0. 18 Stable tag: 1.0.2 9 9 Text Domain: udssl 10 10 Domain Path: /languages … … 77 77 == Changelog == 78 78 79 = 1.0.2 = 80 81 * Using sanitization functions in db class and other inputs. 82 83 * Removed calling chartjs remotely. 84 * Using chartjs in SVN. 85 86 * Moment js files deleted from SVN. 87 * Using WordPress packaged 'moment'. 88 89 * Using wp_kses() to echo html. 90 79 91 = 1.0.1 = 80 92
Note: See TracChangeset
for help on using the changeset viewer.