Changeset 2830879
- Timestamp:
- 12/09/2022 02:37:10 AM (3 years ago)
- Location:
- pardakht-delkhah
- Files:
-
- 11 edited
-
tags/2.9.4/admin-export.php (modified) (1 diff)
-
tags/2.9.4/admin-settings.php (modified) (1 diff)
-
tags/2.9.4/cupri.php (modified) (3 diffs)
-
tags/2.9.4/extra.php (modified) (2 diffs)
-
tags/2.9.4/readme.txt (modified) (1 diff)
-
tags/2.9.4/shortcode.php (modified) (1 diff)
-
trunk/admin-export.php (modified) (1 diff)
-
trunk/admin-settings.php (modified) (1 diff)
-
trunk/cupri.php (modified) (3 diffs)
-
trunk/extra.php (modified) (2 diffs)
-
trunk/shortcode.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
pardakht-delkhah/tags/2.9.4/admin-export.php
r2829835 r2830879 11 11 //any message to show? 12 12 if (isset($_POST['cupri_export_msg']) && !empty($_POST['cupri_export_msg'])) { 13 $cupri_export_msg = esc_attr($_POST['cupri_export_msg']);13 $cupri_export_msg = sanitize_text_field($_POST['cupri_export_msg']); 14 14 echo '<div class="notice"><p>' . $cupri_export_msg . '</p></div>'; 15 15 -
pardakht-delkhah/tags/2.9.4/admin-settings.php
r2829835 r2830879 73 73 { 74 74 $_POST['cupri_general']['form_color'] = sanitize_text_field($_POST['cupri_general']['form_color']); 75 $_POST['cupri_general']['form_color'] = esc_sql($_POST['cupri_general']['form_color']);76 $_POST['cupri_general']['form_color'] = esc_html($_POST['cupri_general']['form_color']);77 78 75 } 79 76 break; -
pardakht-delkhah/tags/2.9.4/cupri.php
r2829835 r2830879 430 430 } else { 431 431 $min_price = $_cupri['min']['price']; 432 $entered_price = $_POST['cupri_fprice'];432 $entered_price = sanitize_text_field($_POST['cupri_fprice']); 433 433 if (!empty($min_price) && $entered_price < $min_price) { 434 434 $errors[] = __('Minimum price is : ', 'cupri') . $min_price; 435 435 } 436 //if (!is_numeric(_wpm_persian_digit_to_eng($_POST['cupri_fprice']))) {437 //$errors[] = __('Price value is not correct ', 'cupri') . $min_price;438 //}436 if (!is_numeric(_wpm_persian_digit_to_eng($_POST['cupri_fprice']))) { 437 $errors[] = __('Price value is not correct ', 'cupri') . $min_price; 438 } 439 439 } 440 440 … … 458 458 $cupri_femail = isset($_POST['cupri_femail']) ? sanitize_email($_POST['cupri_femail']) : ''; 459 459 if ($_cupri['required'][$wc_cf_key] == 1 && isset($_POST['cupri_femail']) && !empty($_POST['cupri_femail'])) { 460 $email = filter_var($_POST['cupri_femail'], FILTER_VALIDATE_EMAIL); 460 $email = sanitize_email($_POST['cupri_femail']); 461 $email = filter_var($email, FILTER_VALIDATE_EMAIL); 461 462 if (!$email) { 462 463 $errors[] = __('Entered email is not correct ', 'cupri'); … … 470 471 echo '<ul class="alert alert-warning cupri-errors">'; 471 472 foreach ($errors as $_err) { 472 echo('<li >- ' . $_err. '</li>');473 echo('<li >- ' . esc_html($_err) . '</li>'); 473 474 474 475 } -
pardakht-delkhah/tags/2.9.4/extra.php
r2829835 r2830879 82 82 if ($column == 'result_code') { 83 83 $result_code = get_post_meta($post_id, '_cupri_result_code', true); 84 echo $result_code = (empty($result_code) ? '-' : $result_code); 84 $result_code = (empty($result_code) ? '-' : $result_code); 85 echo esc_html($result_code); 85 86 86 87 … … 542 543 } 543 544 if (!isset($_POST['post_id'])) return; 544 $post_id = $_POST['post_id']; 545 if (empty($post_id)) return; 546 $post_id = (int)$post_id; 545 $post_id = (int)$_POST['post_id']; 546 if (empty($post_id) || $post_id == 0) return; 547 547 echo json_encode(array('ok' => 'ok')); 548 548 wp_delete_post($post_id, true); -
pardakht-delkhah/tags/2.9.4/readme.txt
r2829835 r2830879 59 59 == Changelog == 60 60 = 2.9.4 = 61 * some other securityfix61 * some other fix 62 62 = 2.9.3 = 63 * XSS securityfix63 * some fix 64 64 = 2.9.2 = 65 65 * بررسی وجود nusoap قبل از افزودن برای جلوگیری از تداخل با دیگر افزونه ها -
pardakht-delkhah/tags/2.9.4/shortcode.php
r2829835 r2830879 187 187 echo '<label class="cupri_tbl cupri_f' . esc_html($wc_cf_key) . '">'; 188 188 echo '<span class="cupri_input_title">'; 189 echo '<span>' . $_cupri['name'][$wc_cf_key];189 echo '<span>' . esc_html($_cupri['name'][$wc_cf_key]); 190 190 if ($required) { 191 191 echo '<span style="color:red;font-weigth:bold;">*</span>'; -
pardakht-delkhah/trunk/admin-export.php
r2829835 r2830879 11 11 //any message to show? 12 12 if (isset($_POST['cupri_export_msg']) && !empty($_POST['cupri_export_msg'])) { 13 $cupri_export_msg = esc_attr($_POST['cupri_export_msg']);13 $cupri_export_msg = sanitize_text_field($_POST['cupri_export_msg']); 14 14 echo '<div class="notice"><p>' . $cupri_export_msg . '</p></div>'; 15 15 -
pardakht-delkhah/trunk/admin-settings.php
r2829835 r2830879 73 73 { 74 74 $_POST['cupri_general']['form_color'] = sanitize_text_field($_POST['cupri_general']['form_color']); 75 $_POST['cupri_general']['form_color'] = esc_sql($_POST['cupri_general']['form_color']);76 $_POST['cupri_general']['form_color'] = esc_html($_POST['cupri_general']['form_color']);77 78 75 } 79 76 break; -
pardakht-delkhah/trunk/cupri.php
r2829835 r2830879 430 430 } else { 431 431 $min_price = $_cupri['min']['price']; 432 $entered_price = $_POST['cupri_fprice'];432 $entered_price = sanitize_text_field($_POST['cupri_fprice']); 433 433 if (!empty($min_price) && $entered_price < $min_price) { 434 434 $errors[] = __('Minimum price is : ', 'cupri') . $min_price; 435 435 } 436 //if (!is_numeric(_wpm_persian_digit_to_eng($_POST['cupri_fprice']))) {437 //$errors[] = __('Price value is not correct ', 'cupri') . $min_price;438 //}436 if (!is_numeric(_wpm_persian_digit_to_eng($_POST['cupri_fprice']))) { 437 $errors[] = __('Price value is not correct ', 'cupri') . $min_price; 438 } 439 439 } 440 440 … … 458 458 $cupri_femail = isset($_POST['cupri_femail']) ? sanitize_email($_POST['cupri_femail']) : ''; 459 459 if ($_cupri['required'][$wc_cf_key] == 1 && isset($_POST['cupri_femail']) && !empty($_POST['cupri_femail'])) { 460 $email = filter_var($_POST['cupri_femail'], FILTER_VALIDATE_EMAIL); 460 $email = sanitize_email($_POST['cupri_femail']); 461 $email = filter_var($email, FILTER_VALIDATE_EMAIL); 461 462 if (!$email) { 462 463 $errors[] = __('Entered email is not correct ', 'cupri'); … … 470 471 echo '<ul class="alert alert-warning cupri-errors">'; 471 472 foreach ($errors as $_err) { 472 echo('<li >- ' . $_err. '</li>');473 echo('<li >- ' . esc_html($_err) . '</li>'); 473 474 474 475 } -
pardakht-delkhah/trunk/extra.php
r2829835 r2830879 82 82 if ($column == 'result_code') { 83 83 $result_code = get_post_meta($post_id, '_cupri_result_code', true); 84 echo $result_code = (empty($result_code) ? '-' : $result_code); 84 $result_code = (empty($result_code) ? '-' : $result_code); 85 echo esc_html($result_code); 85 86 86 87 … … 542 543 } 543 544 if (!isset($_POST['post_id'])) return; 544 $post_id = $_POST['post_id']; 545 if (empty($post_id)) return; 546 $post_id = (int)$post_id; 545 $post_id = (int)$_POST['post_id']; 546 if (empty($post_id) || $post_id == 0) return; 547 547 echo json_encode(array('ok' => 'ok')); 548 548 wp_delete_post($post_id, true); -
pardakht-delkhah/trunk/shortcode.php
r2829835 r2830879 187 187 echo '<label class="cupri_tbl cupri_f' . esc_html($wc_cf_key) . '">'; 188 188 echo '<span class="cupri_input_title">'; 189 echo '<span>' . $_cupri['name'][$wc_cf_key];189 echo '<span>' . esc_html($_cupri['name'][$wc_cf_key]); 190 190 if ($required) { 191 191 echo '<span style="color:red;font-weigth:bold;">*</span>';
Note: See TracChangeset
for help on using the changeset viewer.