Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2743703

Timestamp:

06/16/2022 04:57:15 PM (4 years ago)

Author:

navigationnorth

Message:

Update to version 0.9.1 from GitHub

Location:

Files:

: 6 edited
: 1 copied

tags/0.9.1 (copied) (copied from wp-oer/trunk)
tags/0.9.1/includes/oer-functions.php (modified) (14 diffs)
tags/0.9.1/open-educational-resources.php (modified) (5 diffs)
tags/0.9.1/readme.txt (modified) (2 diffs)
trunk/includes/oer-functions.php (modified) (14 diffs)
trunk/open-educational-resources.php (modified) (5 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-oer/tags/0.9.1/includes/oer-functions.php

-                      r2742932
+                      r2743703
     $cnt = 0;
         try{
+            // Register our path override.
+            add_filter( 'upload_dir', 'oer_override_upload_dir' );
+            $upload_overrides = array(
+                'test_form' => false,
+                'unique_filename_callback' => 'oer_override_filename');
             if ($default==true) {
                 //default resource filename
 …
                             mkdir(OER_PATH."upload",0777);
+                        }
+                        $_file = wp_handle_upload($_FILES["resource_import"], $upload_overrides);
                         "Upload: " . sanitize_file_name($_FILES["resource_import"]["name"]) . "<br>";
                         "Type: " . sanitize_text_field($_FILES["resource_import"]["type"]) . "<br>";
                         "Size: " . sanitize_text_field(($_FILES["resource_import"]["size"] / 1024)) . " kB<br>";
+                        "stored in:" .move_uploaded_file($_FILES["resource_import"]["tmp_name"],OER_PATH."upload/".$filename) ;
+                    }
+                    $excl_obj->read(OER_PATH."upload/".$filename);
+                        "stored in:" . $_file['file'];
+                    }
+                    $excl_obj->read($_file['file']);
+                }
+            }
+            // Set upload dir to normal
+            remove_filter( 'upload_dir', 'oer_override_upload_dir' );
             $fnldata = $excl_obj->sheets[0];
 …
+}
+// Temporarily override upload dir of wp_handle_upload
+function oer_override_upload_dir( $dir ){
+     return array(
+        'path'   => OER_PATH."upload",
+        'url'    => OER_PATH."upload",
+        'subdir' => '/upload',
+    ) + $dir;
+}
+// Override filename for wp_handle_upload
+function oer_override_filename($dir, $name, $ext){
+    $time = time();
+    $date = date($time);
+    $file = pathinfo($name);
+    $new_filename = $file['filename'] . "-" . $date . $ext;
+    return $new_filename;
+}
 //Import Subject Areas
 function oer_importSubjectAreas($default=false) {
 …
     global $wpdb;
+    // Register our path override.
+    add_filter( 'upload_dir', 'oer_override_upload_dir' );
+    $upload_overrides = array(
+        'test_form' => false,
+        'unique_filename_callback' => 'oer_override_filename');
     try {
 …
+                {
                     //Upload File
+                    "Upload: " . sanitize_file_name($_FILES["bulk_import"]["name"]) . "<br>";
+                    $_file = wp_handle_upload($_FILES["bulk_import"], $upload_overrides);
+                    "Upload: " . sanitize_file_name($_FILES["bulk_import"]["name"]) . "<br>";
                     "Type: " . sanitize_text_field($_FILES["bulk_import"]["type"]) . "<br>";
                     "Size: " . sanitize_text_field(($_FILES["bulk_import"]["size"] / 1024)) . " kB<br>";
                     "stored in:" .move_uploaded_file($_FILES["bulk_import"]["tmp_name"],OER_PATH."upload/".$filename) ;
+                    "stored in:" . esc_url_raw($_file['file']) ;
+                }
                 //Read Excel Data
+                $excl_obj->read(OER_PATH."upload/".$filename);
+                //$excl_obj->read(OER_PATH."upload/".$filename);
+                $excl_obj->read($_file['file']);
+            }
+        }
+        // Set upload dir to normal
+        remove_filter( 'upload_dir', 'oer_override_upload_dir' );
             $fnldata = $excl_obj->sheets;
 …
     return $response;
+}
 //Import Default Grade Levels
 …
     $substandards = array();
     $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards where parent_id='%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards where parent_id = %s";
     $substandards = $wpdb->get_results($wpdb->prepare($query, $std_id));
 …
     $notations = array();
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation where parent_id='%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation where parent_id = %s";
     $result = $wpdb->get_results($wpdb->prepare($query, $std_id));
 …
     $std = null;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = %s";
     $substandards = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $std = null;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = %s";
     $standard_notation = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $std = null;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = %s";
     $standard_notation = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $notation = "standard_notation-".$notation_id;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE parent_id = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE parent_id = %s";
     $standard_notations = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $parent = explode("-",$parent_id);
     if ($parent[0]=="sub_standards") {
         $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards WHERE id = '%s'";
+        $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards WHERE id = %s";
         $substandards = $wpdb->get_results($wpdb->prepare($query, $parent[1]));
 …
+        }
     } else {
         $query = "SELECT * FROM {$wpdb->prefix}oer_core_standards WHERE id = '%s'";
+        $query = "SELECT * FROM {$wpdb->prefix}oer_core_standards WHERE id = %s";
         $standards = $wpdb->get_results($wpdb->prepare($query, $parent[1]));
         foreach($standards as $std){

wp-oer/tags/0.9.1/open-educational-resources.php

-                      r2742932
+                      r2743703
  Plugin URI:         https://www.wp-oer.com
  Description:        Open Educational Resource management and curation, metadata publishing, and alignment to Common Core State Standards.
  Version:            0.9.0
+ Version:            0.9.1
  Requires at least:  4.4
  Requires PHP:       7.0
 …
 define( 'OER_PLUGIN_NAME', 'WP OER Plugin' );
 define( 'OER_ADMIN_PLUGIN_NAME', 'WP OER Plugin');
 define( 'OER_VERSION', '0.9.0' );
+define( 'OER_VERSION', '0.9.1' );
 define( 'OER_SITE_PATH', ABSPATH );
 …
         //Search in title
         $search .= $wpdb->prepare("($wpdb->posts.post_title LIKE '%s')", $term);
+        $search .= $wpdb->prepare("($wpdb->posts.post_title LIKE %s)", $term);
                 $OR = ' OR ';
         //Search in content
         $search .= $OR;
                 $search .= $wpdb->prepare("($wpdb->posts.post_content LIKE '%s')", $term);
+                $search .= $wpdb->prepare("($wpdb->posts.post_content LIKE %s)", $term);
                 $OR = ' OR ';
 …
         foreach ($meta_keys as $key_slug) {
                         $search .= $OR;
                         $search .= $wpdb->prepare("$meta_key_OR (pm.meta_key = '%s' AND pm.meta_value LIKE '%s')", $key_slug, $term);
+                        $search .= $wpdb->prepare("$meta_key_OR (pm.meta_key = %s AND pm.meta_value LIKE %s)", $key_slug, $term);
                         $OR = '';
                         $meta_key_OR = ' OR ';
 …
         foreach($taxonomies as $tax) {
             $search .= $OR;
                         $search .= $wpdb->prepare("$tax_OR (tt.taxonomy = '%s' AND t.name LIKE '%s')", $tax, $term);
+                        $search .= $wpdb->prepare("$tax_OR (tt.taxonomy = %s AND t.name LIKE %s)", $tax, $term);
                         $OR = '';
                         $tax_OR = ' OR ';

wp-oer/tags/0.9.1/readme.txt

-                      r2742932
+                      r2743703
 Tested up to: 6.0
 Requires PHP: 7.0
 Stable tag: 0.9.0
+Stable tag: 0.9.1
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 0.9.1 =
+* Replaced move_uploaded_file with wp_handle_upload function when importing subject areas and resources
+* Removed quote around string placeholders used in $wpdb->prepare statements
 = 0.9.0 =
 * Implement further sanitizing of input and escaping of displayed data
+* Implemented further sanitizing of input and escaping of displayed data
 = 0.8.9 =

wp-oer/trunk/includes/oer-functions.php

-                      r2742932
+                      r2743703
     $cnt = 0;
         try{
+            // Register our path override.
+            add_filter( 'upload_dir', 'oer_override_upload_dir' );
+            $upload_overrides = array(
+                'test_form' => false,
+                'unique_filename_callback' => 'oer_override_filename');
             if ($default==true) {
                 //default resource filename
 …
                             mkdir(OER_PATH."upload",0777);
+                        }
+                        $_file = wp_handle_upload($_FILES["resource_import"], $upload_overrides);
                         "Upload: " . sanitize_file_name($_FILES["resource_import"]["name"]) . "<br>";
                         "Type: " . sanitize_text_field($_FILES["resource_import"]["type"]) . "<br>";
                         "Size: " . sanitize_text_field(($_FILES["resource_import"]["size"] / 1024)) . " kB<br>";
+                        "stored in:" .move_uploaded_file($_FILES["resource_import"]["tmp_name"],OER_PATH."upload/".$filename) ;
+                    }
+                    $excl_obj->read(OER_PATH."upload/".$filename);
+                        "stored in:" . $_file['file'];
+                    }
+                    $excl_obj->read($_file['file']);
+                }
+            }
+            // Set upload dir to normal
+            remove_filter( 'upload_dir', 'oer_override_upload_dir' );
             $fnldata = $excl_obj->sheets[0];
 …
+}
+// Temporarily override upload dir of wp_handle_upload
+function oer_override_upload_dir( $dir ){
+     return array(
+        'path'   => OER_PATH."upload",
+        'url'    => OER_PATH."upload",
+        'subdir' => '/upload',
+    ) + $dir;
+}
+// Override filename for wp_handle_upload
+function oer_override_filename($dir, $name, $ext){
+    $time = time();
+    $date = date($time);
+    $file = pathinfo($name);
+    $new_filename = $file['filename'] . "-" . $date . $ext;
+    return $new_filename;
+}
 //Import Subject Areas
 function oer_importSubjectAreas($default=false) {
 …
     global $wpdb;
+    // Register our path override.
+    add_filter( 'upload_dir', 'oer_override_upload_dir' );
+    $upload_overrides = array(
+        'test_form' => false,
+        'unique_filename_callback' => 'oer_override_filename');
     try {
 …
+                {
                     //Upload File
+                    "Upload: " . sanitize_file_name($_FILES["bulk_import"]["name"]) . "<br>";
+                    $_file = wp_handle_upload($_FILES["bulk_import"], $upload_overrides);
+                    "Upload: " . sanitize_file_name($_FILES["bulk_import"]["name"]) . "<br>";
                     "Type: " . sanitize_text_field($_FILES["bulk_import"]["type"]) . "<br>";
                     "Size: " . sanitize_text_field(($_FILES["bulk_import"]["size"] / 1024)) . " kB<br>";
                     "stored in:" .move_uploaded_file($_FILES["bulk_import"]["tmp_name"],OER_PATH."upload/".$filename) ;
+                    "stored in:" . esc_url_raw($_file['file']) ;
+                }
                 //Read Excel Data
+                $excl_obj->read(OER_PATH."upload/".$filename);
+                //$excl_obj->read(OER_PATH."upload/".$filename);
+                $excl_obj->read($_file['file']);
+            }
+        }
+        // Set upload dir to normal
+        remove_filter( 'upload_dir', 'oer_override_upload_dir' );
             $fnldata = $excl_obj->sheets;
 …
     return $response;
+}
 //Import Default Grade Levels
 …
     $substandards = array();
     $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards where parent_id='%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards where parent_id = %s";
     $substandards = $wpdb->get_results($wpdb->prepare($query, $std_id));
 …
     $notations = array();
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation where parent_id='%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation where parent_id = %s";
     $result = $wpdb->get_results($wpdb->prepare($query, $std_id));
 …
     $std = null;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = %s";
     $substandards = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $std = null;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = %s";
     $standard_notation = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $std = null;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE standard_notation = %s";
     $standard_notation = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $notation = "standard_notation-".$notation_id;
     $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE parent_id = '%s'";
+    $query = "SELECT * FROM {$wpdb->prefix}oer_standard_notation WHERE parent_id = %s";
     $standard_notations = $wpdb->get_results($wpdb->prepare($query, $notation));
 …
     $parent = explode("-",$parent_id);
     if ($parent[0]=="sub_standards") {
         $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards WHERE id = '%s'";
+        $query = "SELECT * FROM {$wpdb->prefix}oer_sub_standards WHERE id = %s";
         $substandards = $wpdb->get_results($wpdb->prepare($query, $parent[1]));
 …
+        }
     } else {
         $query = "SELECT * FROM {$wpdb->prefix}oer_core_standards WHERE id = '%s'";
+        $query = "SELECT * FROM {$wpdb->prefix}oer_core_standards WHERE id = %s";
         $standards = $wpdb->get_results($wpdb->prepare($query, $parent[1]));
         foreach($standards as $std){

wp-oer/trunk/open-educational-resources.php

-                      r2742932
+                      r2743703
  Plugin URI:         https://www.wp-oer.com
  Description:        Open Educational Resource management and curation, metadata publishing, and alignment to Common Core State Standards.
  Version:            0.9.0
+ Version:            0.9.1
  Requires at least:  4.4
  Requires PHP:       7.0
 …
 define( 'OER_PLUGIN_NAME', 'WP OER Plugin' );
 define( 'OER_ADMIN_PLUGIN_NAME', 'WP OER Plugin');
 define( 'OER_VERSION', '0.9.0' );
+define( 'OER_VERSION', '0.9.1' );
 define( 'OER_SITE_PATH', ABSPATH );
 …
         //Search in title
         $search .= $wpdb->prepare("($wpdb->posts.post_title LIKE '%s')", $term);
+        $search .= $wpdb->prepare("($wpdb->posts.post_title LIKE %s)", $term);
                 $OR = ' OR ';
         //Search in content
         $search .= $OR;
                 $search .= $wpdb->prepare("($wpdb->posts.post_content LIKE '%s')", $term);
+                $search .= $wpdb->prepare("($wpdb->posts.post_content LIKE %s)", $term);
                 $OR = ' OR ';
 …
         foreach ($meta_keys as $key_slug) {
                         $search .= $OR;
                         $search .= $wpdb->prepare("$meta_key_OR (pm.meta_key = '%s' AND pm.meta_value LIKE '%s')", $key_slug, $term);
+                        $search .= $wpdb->prepare("$meta_key_OR (pm.meta_key = %s AND pm.meta_value LIKE %s)", $key_slug, $term);
                         $OR = '';
                         $meta_key_OR = ' OR ';
 …
         foreach($taxonomies as $tax) {
             $search .= $OR;
                         $search .= $wpdb->prepare("$tax_OR (tt.taxonomy = '%s' AND t.name LIKE '%s')", $tax, $term);
+                        $search .= $wpdb->prepare("$tax_OR (tt.taxonomy = %s AND t.name LIKE %s)", $tax, $term);
                         $OR = '';
                         $tax_OR = ' OR ';

wp-oer/trunk/readme.txt

-                      r2742932
+                      r2743703
 Tested up to: 6.0
 Requires PHP: 7.0
 Stable tag: 0.9.0
+Stable tag: 0.9.1
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 0.9.1 =
+* Replaced move_uploaded_file with wp_handle_upload function when importing subject areas and resources
+* Removed quote around string placeholders used in $wpdb->prepare statements
 = 0.9.0 =
 * Implement further sanitizing of input and escaping of displayed data
+* Implemented further sanitizing of input and escaping of displayed data
 = 0.8.9 =

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: