Changeset 2946175
- Timestamp:
- 08/01/2023 05:46:26 PM (3 years ago)
- Location:
- educare
- Files:
-
- 50 added
- 7 edited
-
tags/1.4.5 (added)
-
tags/1.4.5/Educare.php (added)
-
tags/1.4.5/LICENSE (added)
-
tags/1.4.5/assets (added)
-
tags/1.4.5/assets/css (added)
-
tags/1.4.5/assets/css/clone-field.css (added)
-
tags/1.4.5/assets/css/educare.css (added)
-
tags/1.4.5/assets/css/results.css (added)
-
tags/1.4.5/assets/files (added)
-
tags/1.4.5/assets/img (added)
-
tags/1.4.5/assets/img/achivement.svg (added)
-
tags/1.4.5/assets/img/cardbox.svg (added)
-
tags/1.4.5/assets/img/cover.svg (added)
-
tags/1.4.5/assets/img/default.jpg (added)
-
tags/1.4.5/assets/img/educare.svg (added)
-
tags/1.4.5/assets/img/fixbd.svg (added)
-
tags/1.4.5/assets/img/icon.svg (added)
-
tags/1.4.5/assets/img/loader.svg (added)
-
tags/1.4.5/assets/img/marks.svg (added)
-
tags/1.4.5/assets/js (added)
-
tags/1.4.5/assets/js/clone-field-1.0.js (added)
-
tags/1.4.5/assets/js/educare-wp.js (added)
-
tags/1.4.5/assets/js/educare.js (added)
-
tags/1.4.5/assets/js/paginate.js (added)
-
tags/1.4.5/changelog.md (added)
-
tags/1.4.5/includes (added)
-
tags/1.4.5/includes/admin (added)
-
tags/1.4.5/includes/admin/menu (added)
-
tags/1.4.5/includes/admin/menu.php (added)
-
tags/1.4.5/includes/admin/menu/about-us.php (added)
-
tags/1.4.5/includes/admin/menu/all-results.php (added)
-
tags/1.4.5/includes/admin/menu/all-students.php (added)
-
tags/1.4.5/includes/admin/menu/management.php (added)
-
tags/1.4.5/includes/admin/menu/mark-sheed.php (added)
-
tags/1.4.5/includes/admin/menu/performance.php (added)
-
tags/1.4.5/includes/admin/menu/settings.php (added)
-
tags/1.4.5/includes/database (added)
-
tags/1.4.5/includes/database/default-settings.php (added)
-
tags/1.4.5/includes/database/educare-database.php (added)
-
tags/1.4.5/includes/functions.php (added)
-
tags/1.4.5/includes/support (added)
-
tags/1.4.5/includes/support/educare-custom-results-card.php (added)
-
tags/1.4.5/includes/support/educare-custom-results-form.php (added)
-
tags/1.4.5/includes/support/educare-default-results-card.php (added)
-
tags/1.4.5/includes/support/educare-themes.php (added)
-
tags/1.4.5/includes/support/grading-systems.php (added)
-
tags/1.4.5/readme.txt (added)
-
tags/1.4.5/templates (added)
-
tags/1.4.5/templates/users (added)
-
tags/1.4.5/templates/users/results_systems.php (added)
-
trunk/Educare.php (modified) (3 diffs)
-
trunk/assets/js/educare.js (modified) (15 diffs)
-
trunk/changelog.md (modified) (1 diff)
-
trunk/includes/admin/menu.php (modified) (1 diff)
-
trunk/includes/functions.php (modified) (42 diffs)
-
trunk/includes/support/grading-systems.php (modified) (3 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
educare/trunk/Educare.php
r2944930 r2946175 2 2 /** 3 3 * @package Educare 4 * @version 1.4. 44 * @version 1.4.5 5 5 * @author FixBD <fixbd.org@gmail.com> 6 6 * @copyright GPL-2.0+ … … 11 11 * Plugin URI: http://github.com/fixbd/educare 12 12 * Description: Educare is a powerful online School/College students & results management system dev by FixBD. This plugin allows you to manage and publish students results. You can easily Add/Edit/Delete Students, Results, Class, Exam, Year Custom field and much more... Also you can import & export unlimited students and results just a click! 13 * Version: 1.4. 413 * Version: 1.4.5 14 14 * Author: FixBD 15 15 * Author URI: http://github.com/fixbd … … 45 45 // Make it simple! (Define Educare Name-Space) 46 46 // Plugin Version 47 define('EDUCARE_VERSION', '1.4. 4');47 define('EDUCARE_VERSION', '1.4.5'); 48 48 // Settings Version 49 49 define('EDUCARE_SETTINGS_VERSION', '1.0'); -
educare/trunk/assets/js/educare.js
r2944930 r2946175 23 23 data: { 24 24 action: 'educare_process_content', 25 nonce: educareAjax.nonce,26 25 form_data: form_data, 27 26 active_menu: active_menu, … … 66 65 data: { 67 66 action: 'educare_proccess_grade_system', 68 nonce: educare Ajax.nonce,67 nonce: educareNonce.edit_grade_system, 69 68 class: class_name 70 69 }, … … 97 96 data: { 98 97 action: 'educare_save_grade_system', 99 nonce: educareAjax.nonce,100 98 form_data: form_data, 101 99 update_grade_rules: true … … 166 164 data: { 167 165 action: 'educare_proccess_promote_students', 168 nonce: educareAjax.nonce,169 166 form_data: form_data 170 167 }, … … 303 300 data: { 304 301 action: 'educare_process_marks', 305 nonce: educareAjax.nonce,306 302 form_data: form_data, 307 303 action_for: action_for … … 339 335 data: { 340 336 action: 'educare_process_marks', 341 nonce: educareAjax.nonce,342 337 form_data: form_data, 343 338 action_for … … 467 462 data: { 468 463 action: 'educare_class', 469 nonce: educareAjax.nonce,470 464 class: class_name, 471 465 id: id_no, … … 610 604 data: { 611 605 action: 'educare_class', 612 nonce: educareAjax.nonce,613 606 class: class_name, 614 607 id: id_no, … … 663 656 data: { 664 657 action: 'educare_get_data_from_students', 665 nonce: educareAjax.nonce,666 658 form_data: form_data 667 659 }, … … 768 760 data: { 769 761 action: 'educare_process_content', 770 nonce: educareAjax.nonce,771 762 form_data: form_data, 772 763 action_for … … 853 844 data: { 854 845 action: 'educare_process_content', 855 nonce: educareAjax.nonce,856 846 form_data: form_data, 857 847 action_for … … 889 879 data: { 890 880 action: 'educare_process_content', 891 nonce: educareAjax.nonce,892 881 form_data: form_data, 893 882 action_for … … 918 907 data: { 919 908 action: 'educare_process_content', 920 nonce: educareAjax.nonce,921 909 form_data: form_data, 922 910 action_for … … 950 938 data: { 951 939 action: 'educare_process_content', 952 nonce: educareAjax.nonce,953 940 form_data: form_data, 954 941 action_for … … 994 981 data: { 995 982 action: 'educare_demo', 996 nonce: educare Ajax.nonce,983 nonce: educareNonce.demo_nonce, 997 984 Class: class_name, 998 985 total_demo: total_demo, -
educare/trunk/changelog.md
r2944930 r2946175 1 ## [1.4.5] 2 3 ### Stable - Security Release 4 - Enhanced security measures. 5 - It is crucial to update Educare to version 1.4.5 immediately. 6 - Please see the changelog v1.4.4 for list of previous updates. 7 8 **Note:** Sometimes users may need to clear browsing data to load the updated script (After update). 9 1 10 ## [1.4.4] 2 11 -
educare/trunk/includes/admin/menu.php
r2944930 r2946175 147 147 'group_subject' => educare_check_status('group_subject'), 148 148 ) ); 149 150 wp_localize_script( 'educare-admin', 'educareNonce', array( 151 'demo_nonce' => wp_create_nonce( 'educare_demo_nonce' ), 152 'edit_grade_system' => wp_create_nonce( 'edit_grade_system' ), 153 ) ); 149 154 150 155 } -
educare/trunk/includes/functions.php
r2944930 r2946175 1357 1357 // Security nonce for form requests. 1358 1358 $nonce = wp_create_nonce( 'educare_form_nonce' ); 1359 $crud_nonce = wp_create_nonce( 'educare_crud_data' ); 1359 1360 1360 1361 $forms = "<form method='post' action='' class='text_button'> 1361 1362 <input type='hidden' name='nonce' value='".esc_attr($nonce)."'> 1363 <input type='hidden' name='delete_nonce' value='".esc_attr($crud_nonce)."'> 1362 1364 <input name='id' value='".esc_attr($id)."' hidden> 1363 1365 <input type='submit' name='educare_results_by_id' formaction='".esc_url($profiles)."' class='educare_button' value='' formtarget='_blank'> … … 1390 1392 1391 1393 // Verify the nonce to ensure the request originated from the expected source 1392 educare_verify_nonce( );1394 educare_verify_nonce('educare_crud_data'); 1393 1395 1394 1396 global $wpdb, $table_name, $requred_fields; … … 1511 1513 1512 1514 // Verify the nonce to ensure the request originated from the expected source 1513 educare_verify_nonce(); 1515 if (isset($_POST['delete_nonce'])) { 1516 educare_verify_nonce('educare_crud_data', 'delete_nonce'); 1517 } else { 1518 educare_verify_nonce('educare_crud_data'); 1519 } 1520 1514 1521 1515 1522 $query = $wpdb->prepare("DELETE FROM $table_name WHERE id = %d", $id); … … 1618 1625 <?php 1619 1626 // Security nonce for form requests. 1620 $nonce = wp_create_nonce( 'educare_ form_nonce' );1627 $nonce = wp_create_nonce( 'educare_crud_data' ); 1621 1628 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 1622 1629 … … 2250 2257 </div> 2251 2258 2259 <?php 2260 $students_list_nonce = wp_create_nonce( 'students_list' ); 2261 $get_Group_nonce = wp_create_nonce( 'get_Group' ); 2262 $get_Class_nonce = wp_create_nonce( 'get_Class' ); 2263 2264 echo '<input type="hidden" name="students_list_nonce" value="'.esc_attr($students_list_nonce).'">'; 2265 echo '<input type="hidden" name="get_Group_nonce" value="'.esc_attr($get_Group_nonce).'">'; 2266 echo '<input type="hidden" name="get_Class_nonce" value="'.esc_attr($get_Class_nonce).'">'; 2267 ?> 2268 2252 2269 <input type="submit" name="students_list" id="process_marks" class="educare_button" value="Students List"> 2253 2270 </div> … … 2288 2305 2289 2306 // Verify the nonce to ensure the request originated from the expected source 2290 educare_verify_nonce( );2307 educare_verify_nonce('educare_default_photos'); 2291 2308 2292 2309 $attachment_id = sanitize_text_field($_POST['educare_attachment_id']); … … 2298 2315 <?php 2299 2316 // Security nonce for form requests. 2300 $nonce = wp_create_nonce( 'educare_ form_nonce' );2317 $nonce = wp_create_nonce( 'educare_default_photos' ); 2301 2318 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 2302 2319 … … 2498 2515 <?php 2499 2516 // Security nonce for form requests. 2500 $nonce = wp_create_nonce( 'educare_ form_nonce' );2517 $nonce = wp_create_nonce( 'educare_view_results' ); 2501 2518 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 2502 2519 ?> … … 2614 2631 if (!isset($_POST['on_load'])) { 2615 2632 // Verify the nonce to ensure the request originated from the expected source 2616 educare_verify_nonce( );2633 educare_verify_nonce('educare_view_results'); 2617 2634 } 2618 2635 … … 2812 2829 <input type="submit" class="button action_button" value=""> 2813 2830 <menu class="action_link"> 2814 <?php 2815 // Security nonce for form requests. 2816 $nonce = wp_create_nonce( 'educare_form_nonce' ); 2817 ?> 2831 <?php 2832 // Security nonce for form requests. 2833 $nonce = wp_create_nonce( 'educare_form_nonce' ); 2834 $remove_nonce = wp_create_nonce( 'educare_view_results' ); 2835 ?> 2836 2818 2837 <form class="educare-modify" method="post" id="educare_results" target="_blank"> 2819 2838 <?php … … 2830 2849 <form class="educare-modify" action="<?php echo esc_url($link); ?>" method="post"> 2831 2850 <?php 2832 echo '<input type="hidden" name="nonce" value="'.esc_attr($ nonce).'">';2851 echo '<input type="hidden" name="nonce" value="'.esc_attr($remove_nonce).'">'; 2833 2852 ?> 2834 2853 <input type='hidden' name='educare_view_results'> … … 2882 2901 <?php 2883 2902 // Security nonce for form request. 2884 $nonce = wp_create_nonce( 'educare_ form_nonce' );2903 $nonce = wp_create_nonce( 'educare_view_results' ); 2885 2904 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 2886 2905 ?> … … 3098 3117 } 3099 3118 3100 // Verify nonce to ensure the request is secure3101 educare_verify_nonce();3102 3103 3119 // Get data from the AJAX request 3104 3120 $class = sanitize_text_field($_POST['class']); … … 3106 3122 $id = sanitize_text_field($_POST['id']); 3107 3123 wp_parse_str($_POST['form_data'], $_POST); 3124 3125 // Verify nonce to ensure the request is secure 3126 educare_verify_nonce('educare_crud_data'); 3108 3127 3109 3128 // Check if the 'Group' field exists in the POST data … … 3165 3184 if (!$demo_key) { 3166 3185 // because, this is for import proccess, we have allready define nonce there 3167 educare_verify_nonce( );3186 educare_verify_nonce('educare_demo_nonce'); 3168 3187 } 3169 3188 … … 3392 3411 3393 3412 // Verify the nonce to ensure the request originated from the expected source 3394 educare_verify_nonce( );3413 educare_verify_nonce('educare_import_data'); 3395 3414 3396 3415 // Begin import results function … … 3545 3564 <?php 3546 3565 // Define educare nonce for secure request 3547 $nonce = wp_create_nonce( 'educare_ form_nonce' );3566 $nonce = wp_create_nonce( 'educare_import_data' ); 3548 3567 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 3549 3568 ?> … … 3827 3846 $check = strtolower(substr(strstr($check, ' '), 1)); 3828 3847 } 3829 3848 3849 // Create nonce for update or remove forms 3850 $update_nonce = wp_create_nonce( 'educare_update_'.esc_attr($in_list) ); 3851 $remove_nonce = wp_create_nonce( 'remove_'.esc_attr($in_list) ); 3852 3830 3853 if ($in_list == 'Extra_field') { 3831 3854 $data_type = strtok($target, ' '); … … 3861 3884 </div> 3862 3885 3863 <input type=" text" name="<?php echo esc_attr($in_list);?>" hidden>3886 <input type="hidden" name="<?php echo esc_attr($in_list);?>"> 3864 3887 3865 3888 <input type="submit" name="educare_update_<?php echo esc_attr($list);?>" class="educare_button update<?php echo esc_attr(str_replace(' ', '', $list));?>" onClick="<?php echo esc_js('add(this.form)');?>" value=" Edit"> 3866 3889 3867 3890 <input type="submit" name="<?php echo esc_attr("remove_$list");?>" class="educare_button remove<?php echo esc_attr(str_replace(' ', '', $list));?>" value=""> 3891 3892 <?php 3893 echo '<input type="hidden" name="educare_update_'.esc_attr($in_list).'_nonce" value="'.esc_attr($update_nonce).'">'; 3894 echo '<input type="hidden" name="remove_'.esc_attr($in_list).'_nonce" value="'.esc_attr($remove_nonce).'">'; 3895 ?> 3868 3896 3869 3897 </form> … … 3888 3916 Edit - <b><?php echo esc_html($target);?></b>:<br> 3889 3917 <label for="Name" class="labels" id="name"></label> 3890 3918 <input type="text" name="<?php echo esc_attr($list);?>" value="<?php echo esc_attr($target);?>" placeholder="<?php echo esc_attr($list);?> Name"> 3891 3919 3892 3920 <input type="submit" name="educare_update_<?php echo esc_attr($list);?>" class="educare_button update<?php echo esc_attr(str_replace(' ', '', $list));?>" value=" Edit"> 3893 3921 3894 3922 <input type="submit" name="<?php echo esc_attr("remove_$list");?>" class="educare_button remove<?php echo esc_attr(str_replace(' ', '', $list));?>" value=""> 3923 3924 <?php 3925 echo '<input type="hidden" name="educare_update_'.esc_attr($in_list).'_nonce" value="'.esc_attr($update_nonce).'">'; 3926 echo '<input type="hidden" name="remove_'.esc_attr($in_list).'_nonce" value="'.esc_attr($remove_nonce).'">'; 3927 ?> 3895 3928 3896 3929 </form> … … 4435 4468 echo '<input type="hidden" name="clear_data" value="'.esc_attr(educare_check_status('clear_data')).'">'; 4436 4469 } 4470 4471 $update_settings = wp_create_nonce( 'educare_update_settings_status' ); 4472 $reset_settings = wp_create_nonce( 'educare_reset_default_settings' ); 4473 4474 echo '<input type="hidden" name="educare_update_settings_status_nonce" value="'.esc_attr($update_settings).'">'; 4475 echo '<input type="hidden" name="educare_reset_default_settings_nonce" value="'.esc_attr($reset_settings).'">'; 4437 4476 ?> 4438 4477 … … 4601 4640 4602 4641 <input type="submit" name="remove_subject" class="educare_button proccess_<?php echo esc_attr($list);?>" value=""> 4642 4643 <?php 4644 $update_subject_nonce = wp_create_nonce( 'update_subject' ); 4645 $remove_subject_nonce = wp_create_nonce( 'remove_subject' ); 4646 4647 echo '<input type="hidden" name="update_subject_nonce" value="'.esc_attr($update_subject_nonce).'">'; 4648 echo '<input type="hidden" name="remove_subject_nonce" value="'.esc_attr($remove_subject_nonce).'">'; 4649 ?> 4603 4650 4604 4651 </form> … … 4622 4669 4623 4670 <button id="educare_results_btn" class="educare_button proccess_<?php echo esc_attr($list);?>" name="update_class" type="submit"><i class="dashicons dashicons-edit"></i> Edit</button> 4671 4672 <?php 4673 $update_class_nonce = wp_create_nonce( 'update_class' ); 4674 4675 echo '<input type="hidden" name="update_class_nonce" value="'.esc_attr($update_class_nonce).'">'; 4676 ?> 4624 4677 4625 4678 </form> … … 4885 4938 <span> 4886 4939 <form action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>" method="post"> 4887 <input type="hidden" name="educare_process_<?php echo esc_attr($list);?>"><input type="hidden" name="class" value="<?php echo esc_attr( $class );?>"> 4888 <input type="submit" class="proccess_<?php echo esc_attr($list);?>" name="edit_class" value=""><input type="submit" class="proccess_<?php echo esc_attr($list);?>" name="remove_class" value=""></form> 4940 4941 <input type="hidden" name="educare_process_<?php echo esc_attr($list);?>"><input type="hidden" name="class" value="<?php echo esc_attr( $class );?>"> 4942 4943 <input type="submit" class="proccess_<?php echo esc_attr($list);?>" name="edit_class" value=""> 4944 4945 <input type="submit" class="proccess_<?php echo esc_attr($list);?>" name="remove_class" value=""> 4946 4947 <?php 4948 $edit_class_nonce = wp_create_nonce( 'edit_class' ); 4949 $remove_class_nonce = wp_create_nonce( 'remove_class' ); 4950 4951 echo '<input type="hidden" name="edit_class_nonce" value="'.esc_attr($edit_class_nonce).'">'; 4952 echo '<input type="hidden" name="remove_class_nonce" value="'.esc_attr($remove_class_nonce).'">'; 4953 ?> 4954 4955 </form> 4889 4956 </span> 4890 4957 </label> … … 4915 4982 <td colspan='2'> 4916 4983 <form class="educare-modify" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>" method="post"> 4984 4917 4985 <input type="hidden" name="educare_process_<?php echo esc_attr($list);?>"> 4918 4986 … … 4924 4992 4925 4993 <input type="submit" name="<?php echo esc_attr("remove_subject");?>" class="button error proccess_<?php echo esc_attr($list);?>" value=""> 4994 4995 <?php 4996 $edit_subject_nonce = wp_create_nonce( 'edit_subject' ); 4997 $remove_subject_nonce = wp_create_nonce( 'remove_subject' ); 4998 4999 echo '<input type="hidden" name="edit_subject_nonce" value="'.esc_attr($edit_subject_nonce).'">'; 5000 echo '<input type="hidden" name="remove_subject_nonce" value="'.esc_attr($remove_subject_nonce).'">'; 5001 ?> 4926 5002 4927 5003 </form> … … 4980 5056 </div> 4981 5057 5058 <?php 5059 $nonce = wp_create_nonce( 'add_subject' ); 5060 echo '<input type="hidden" name="add_subject_nonce" value="'.esc_attr($nonce).'">'; 5061 ?> 5062 4982 5063 <button id="educare_results_btn" class="educare_button proccess_<?php echo esc_attr($list);?>" name="add_subject" type="submit"><i class="dashicons dashicons-plus-alt"></i> Add Subject</button> 4983 5064 </div> … … 4997 5078 4998 5079 <br> 5080 5081 <?php 5082 $nonce = wp_create_nonce( 'add_class' ); 5083 echo '<input type="hidden" name="add_class_nonce" value="'.esc_attr($nonce).'">'; 5084 ?> 4999 5085 5000 5086 <button id="educare_results_btn" class="educare_button proccess_<?php echo esc_attr($list);?>" name="add_class" type="submit"><i class="dashicons dashicons-plus-alt"></i> Add <?php echo esc_html($list);?></button> … … 5080 5166 5081 5167 <input type="submit" name="<?php echo esc_attr("remove_$list");?>" class="button error remove<?php echo esc_attr(str_replace('_', '', $list));?>" value=""> 5168 5169 <?php 5170 $update_nonce = wp_create_nonce( 'educare_edit_'.esc_attr($list) ); 5171 $remove_nonce = wp_create_nonce( 'remove_'.esc_attr($list) ); 5172 5173 echo '<input type="hidden" name="educare_edit_'.esc_attr($list).'_nonce" value="'.esc_attr($update_nonce).'">'; 5174 echo '<input type="hidden" name="remove_'.esc_attr($list).'_nonce" value="'.esc_attr($remove_nonce).'">'; 5175 ?> 5082 5176 5083 5177 </form></td> … … 5119 5213 5120 5214 if ($form) { 5215 // Create nonce for this form 5216 $nonce = wp_create_nonce( 'educare_add_'.esc_attr($list) ); 5217 5121 5218 if ($list == 'Extra_field') { 5122 5219 ?> … … 5142 5239 <input type="text" name="<?php echo esc_attr($list);?>" hidden> 5143 5240 5241 <?php 5242 // Print nonce value 5243 echo '<input type="hidden" name="educare_add_'.esc_attr($list).'_nonce" value="'.esc_attr($nonce).'">'; 5244 ?> 5245 5144 5246 <button id="educare_add_<?php echo esc_attr($list);?>" class="educare_button" name="educare_add_<?php echo esc_attr($list);?>" type="submit" onClick="<?php echo esc_js('add(this.form)');?>"><i class="dashicons dashicons-plus-alt"></i> Add <?php echo esc_html($List);?></button> 5145 5247 </div> … … 5155 5257 <label for="<?php echo esc_attr($list);?>" class="labels" id="<?php echo esc_attr($list);?>"></label> 5156 5258 <input type="text" name="<?php echo esc_attr($list);?>" class="fields" placeholder="<?php echo esc_attr($List);?> name" pattern="[A-Za-z0-9 ]+" title="Only Caretaker, Number and Space allowed. (A-Za-z0-9)"> 5259 5260 <?php 5261 // Print nonce value 5262 echo '<input type="hidden" name="educare_add_'.esc_attr($list).'_nonce" value="'.esc_attr($nonce).'">'; 5263 ?> 5157 5264 5158 5265 <button id="educare_add_<?php echo esc_attr($list);?>" class="educare_button" name="educare_add_<?php echo esc_attr($list);?>" type="submit"><i class="dashicons dashicons-plus-alt"></i> Add <?php echo esc_html($List);?></button> … … 5211 5318 exit; 5212 5319 } 5213 5214 // verify is request comming from valid sources5215 educare_verify_nonce();5216 5320 5217 5321 $action_for = sanitize_text_field($_POST['action_for']); … … 5227 5331 $_POST[$action_for] = $action_for; 5228 5332 $_POST['active_menu'] = $active_menu; 5333 5334 // verify is request comming from valid sources 5335 educare_verify_nonce($action_for, $action_for.'_nonce'); 5229 5336 5230 5337 if (isset($_POST['educare_process_Class'])) { … … 5610 5717 5611 5718 <?php 5612 if ($sub_in) { 5719 if ($sub_in) { 5613 5720 ?> 5614 5721 <div class="button_container"> … … 5619 5726 </div> 5620 5727 <?php 5728 5729 $add_marks_nonce = wp_create_nonce( 'add_marks' ); 5730 $publish_marks_nonce = wp_create_nonce( 'publish_marks' ); 5731 5732 echo '<input type="hidden" name="add_marks_nonce" value="'.esc_attr($add_marks_nonce).'">'; 5733 echo '<input type="hidden" name="publish_marks_nonce" value="'.esc_attr($publish_marks_nonce).'">'; 5621 5734 } 5622 5735 ?> … … 6204 6317 exit; 6205 6318 } 6206 6207 // Verify the nonce to ensure the request originated from the expected source6208 educare_verify_nonce();6209 6319 6210 6320 // Sanitize and parse necessary data from the AJAX request … … 6214 6324 $_POST[$action_for] = $action_for; 6215 6325 $_POST['data_for'] = $data_for; 6326 6327 // Verify the nonce to ensure the request originated from the expected source 6328 educare_verify_nonce($action_for, $action_for.'_nonce'); 6216 6329 6217 6330 // Sanitize other data for marks processing … … 6629 6742 6630 6743 // Verify the nonce to ensure the request originated from the expected source 6631 educare_verify_nonce( );6744 educare_verify_nonce('educare_promote_nonce'); 6632 6745 6633 6746 $requred = array ( … … 6861 6974 <div class="content"> 6862 6975 <?php 6863 $nonce = wp_create_nonce( 'educare_ form_nonce' );6976 $nonce = wp_create_nonce( 'educare_promote_nonce' ); 6864 6977 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 6865 6978 ?> … … 6970 7083 * @param string $nonce (optional) A unique string representing the action or context for which the nonce was generated. 6971 7084 * Default is 'educare_form_nonce' if not provided. 7085 * @param string $nonce_field for specific nonce field 6972 7086 * 6973 7087 * @return void The function displays an error message if the nonce is missing or invalid. Execution terminates … … 6981 7095 * ... 6982 7096 */ 6983 function educare_verify_nonce($nonce = 'educare_form_nonce') { 7097 function educare_verify_nonce($nonce = 'educare_form_nonce', $nonce_field = 'nonce') { 7098 $nonce = sanitize_text_field( $nonce ); 7099 $nonce_field = sanitize_text_field( $nonce_field ); 7100 6984 7101 // check_ajax_referer( 'educare_form_nonce', 'nonce' ); 6985 if ( ! isset( $_POST[ 'nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], $nonce ) ) {7102 if ( ! isset( $_POST[$nonce_field] ) || ! wp_verify_nonce( $_POST[$nonce_field], $nonce ) ) { 6986 7103 // Nonce is not valid, handle error or unauthorized access 6987 7104 echo educare_show_msg('Invalid Request', false); -
educare/trunk/includes/support/grading-systems.php
r2944930 r2946175 176 176 } 177 177 178 educare_verify_nonce( );178 educare_verify_nonce('edit_grade_system'); 179 179 180 180 $rules = sanitize_text_field($_POST['class']); … … 244 244 <button id='save_addForm' class="educare_button" name="update_grade_rules"><i class='dashicons dashicons-yes'></i></button> 245 245 </div> 246 247 <?php 248 // Security nonce for AJAX requests. 249 $nonce = wp_create_nonce( 'update_grade_rules' ); 250 echo '<input type="hidden" name="nonce" value="'.esc_attr($nonce).'">'; 251 ?> 246 252 247 253 </div> … … 278 284 } 279 285 280 educare_verify_nonce();281 282 286 // Parse/get forms data 283 287 wp_parse_str($_POST['form_data'], $_POST); 288 // Verify the nonce to ensure the request originated from the expected source 289 educare_verify_nonce('update_grade_rules'); 284 290 285 291 // Save data -
educare/trunk/readme.txt
r2944930 r2946175 7 7 Tested up to: 6.2.2 8 8 Requires PHP: 5.2.4 9 Stable tag: 1.4. 49 Stable tag: 1.4.5 10 10 License: GPLv2 or later 11 11 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 398 398 == Changelog == 399 399 400 = [1.4.5] = 401 402 = Stable - Security Release = 403 * Enhanced security measures. 404 * It is crucial to update Educare to version 1.4.5 immediately. 405 * Please see the changelog v1.4.4 for list of previous updates. 406 407 **Note:** Sometimes users may need to clear browsing data to load the updated script (After update). 408 400 409 = [1.4.4] = 401 410
Note: See TracChangeset
for help on using the changeset viewer.