WordPress.org
Get WordPress

Plugin Directory

Changeset 2646656


Ignore:
Timestamp:
12/20/2021 10:02:10 AM (4 years ago)
Author:
IT-RAYS
Message:

Fixed security issues

Location:
rays-grid/tags/1.3.0/includes
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • rays-grid/tags/1.3.0/includes/admin/views/header.php

    r2643762 r2646656  
    22// if called directly, abort.
    33if (!defined('WPINC')) { die; }
    4 $id          = isset( $_GET['id'] ) ? $_GET['id'] : '';
    5 $do          = isset($_GET['do']) ? $_GET['do'] : '';
     4$id          = isset( $_GET['id'] ) ? sanitize_text_field( $_GET['id'] ) : '';
     5$do          = isset($_GET['do']) ? sanitize_text_field( $_GET['do'] ) : '';
    66$rsgd_tbls   = new raysgrid_Tables();
    77$allTables   = $rsgd_tbls->rsgd_selectWithId($id);
    8 $impexp      = ( isset($_GET["page"]) && trim($_GET["page"]) == 'raysgrid-exp' ) ? trim ($_GET["page"]) : '';
     8$impexp      = ( isset($_GET["page"]) && trim($_GET["page"]) == 'raysgrid-exp' ) ? trim ( sanitize_text_field( $_GET["page"] ) ) : '';
    99$strs = $cl = $sync = '';
    1010$post_type_name = ( get_option( 'rsgd_type_name' ) ) ? get_option( 'rsgd_type_name' ) : 'raysgridpost';
     
    2525echo '<div class="'.esc_attr(RSGD_SLUG).'-form">';
    2626       
    27     echo '<form action="'.esc_url(admin_url()).'admin.php?page='.esc_attr(RSGD_PFX).$strs.'"'.$sync.' method="post" class="'.esc_attr($cl).'" novalidate>';
     27    echo '<form action="'.esc_url(admin_url().'admin.php?page='.esc_attr(RSGD_PFX).$strs).'"'.$sync.' method="post" class="'.esc_attr($cl).'" novalidate>';
    2828
    2929        echo '<div class="rsgd_logo">';

  • rays-grid/tags/1.3.0/includes/admin/views/main-form.php

    r2642780 r2646656  
    33if (!defined('WPINC')) { die; }
    44
    5 $id         = isset( $_GET['id'] ) ? $_GET['id'] : '';
     5$id         = isset( $_GET['id'] ) ? sanitize_text_field($_GET['id']) : '';
    66$rsgd_base  = new raysgrid_Base();
    77$rsgd_tbls  = new raysgrid_Tables();

  • rays-grid/tags/1.3.0/includes/class-base.php

    r2643762 r2646656  
    123123        if( $type != 'hidden' ){
    124124            echo '<div class="item form-group"'.$dep_element.$dep_value.'>';
    125                 echo '<div class="lbl"><label class="opt-lbl">' . $config_data['title'] . '</label><small class="description">' . $config_data['description'] . '</small></div>';
     125                echo '<div class="lbl"><label class="opt-lbl">' . esc_html($config_data['title']) . '</label><small class="description">' . esc_html($config_data['description']) . '</small></div>';
    126126                echo '<div class="control-input">';
    127127        }

  • rays-grid/tags/1.3.0/includes/form.php

    r2642780 r2646656  
    77    public function rsgd_display_form() {
    88       
    9         $do         = $_GET['do'] ?? '';
    10         $action     = $_GET['action'] ?? '';
    11         $id         = $_GET['id'] ?? '';
    12         $val        = $_POST['rsgd_type_name'] ?? 'raysgridpost';
     9        $do         = sanitize_text_field($_GET['do']) ?? '';
     10        $action     = sanitize_text_field($_GET['action']) ?? '';
     11        $id         = sanitize_text_field($_GET['id']) ?? '';
     12        $val        = sanitize_text_field($_POST['rsgd_type_name']) ?? 'raysgridpost';
    1313        $rsgd_tbls  = new raysgrid_Tables();
    1414               
Note: See TracChangeset for help on using the changeset viewer.