WordPress.org
Get WordPress

Plugin Directory

Changeset 3185293


Ignore:
Timestamp:
11/11/2024 12:23:35 AM (16 months ago)
Author:
mtomic
Message:

Rectify xss vulnerabilities. v6.1.0

Location:
smsify/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • smsify/trunk/includes/functions.php

    r3185158 r3185293  
    3535                        $smsify_params->appVersion,
    3636                        'all');
    37     wp_register_script('smsify-momentjs',
    38                         $smsify_params->jsurl . '/moment.min.js',
    39                         array(),
    40                         $smsify_params->appVersion);
    4137    wp_register_script('smsify-sms-controller',
    4238                        $smsify_params->jsurl . '/sendsmscontroller.min.js',
    43                         array('jquery', 'jquery-ui-core', 'jquery-ui-datepicker', 'smsify-momentjs'),
     39                        array('jquery', 'jquery-ui-core', 'jquery-ui-datepicker'),
    4440                        $smsify_params->appVersion);
    4541

  • smsify/trunk/js/sendsmscontroller.js

    r1444901 r3185293  
    5757            var d = new Date(schedule_date);
    5858            var schedule_date_time = addMinutes(d, schedule_time);
    59             schedule_date_time = moment(schedule_date_time).unix();
     59            schedule_date_time = Math.floor(new Date(schedule_date_time).getTime() / 1000);
    6060        }
    6161       
     
    114114            var d = new Date(schedule_date);
    115115            var schedule_date_time = addMinutes(d, schedule_time);
    116             schedule_date_time = moment(schedule_date_time).unix();
     116            schedule_date_time = Math.floor(new Date(schedule_date_time).getTime() / 1000);
    117117        }
    118118       
     
    243243
    244244function smsify_setDateTime(id, thedate) {
    245     if(moment(thedate).isValid() ) {
    246         var thisdate = moment.utc(thedate).toDate();
    247         $("#"+id).html(moment(thisdate).format('dddd, DD/MMMM h:mm A'));
    248     } else {
    249         $("#"+id).html("N/A");
    250     }
     245    const date = new Date(thedate);
     246    if (!isNaN(date.getTime())) {
     247        const formattedDate = new Date(date.toUTCString()).toLocaleString('en-US', {
     248            weekday: 'long',
     249            day: '2-digit',
     250            month: 'long',
     251            hour: 'numeric',
     252            minute: '2-digit',
     253            hour12: true
     254        });
     255        $("#"+id).html(formattedDate);
     256    } else {
     257        $("#"+id).html("N/A");
     258    }
    251259}
    252260
    253261function smsify_setDateTimeYear(id, thedate) {
    254     if(moment(thedate).isValid() ) {
    255         var thisdate = moment.utc(thedate).toDate();
    256         $("#"+id).html(moment(thisdate).format('ddd, DD/MMM/YYYY h:mm A'));
    257     } else {
    258         $("#"+id).html("N/A");
    259     }
     262    const date = new Date(thedate);
     263    if (!isNaN(date.getTime())) {
     264        const formattedDate = new Date(date.toUTCString()).toLocaleString('en-US', {
     265            weekday: 'short',
     266            day: '2-digit',
     267            month: 'short',
     268            year: 'numeric',
     269            hour: 'numeric',
     270            minute: '2-digit',
     271            hour12: true
     272        });
     273        $("#"+id).html(formattedDate);
     274    } else {
     275        $("#"+id).html("N/A");
     276    }
    260277}

  • smsify/trunk/js/sendsmscontroller.min.js

    r1444901 r3185293  
    1 $=jQuery;$(document).ready(function(){jQuery("#smsify-schedule-date").datepicker({dateFormat:"dd-M-yy",minDate:0,maxDate:365});$("#smsify-scheduler").click(function(e){if(e.target.checked){$(".smsify-scheduleblock").show();$(".smsify-scheduleblock").show()}else{$(".smsify-scheduleblock").hide();$(".smsify-scheduleblock").hide()}});$(".smsify-deleteschedule").click(function(e){var task_id=e.currentTarget.id;if(confirm("Are you sure you want to delete this scheduled SMS?")){var smsifyData={action:"smsify_sms_remove_schedule_handler",method:"destroySchedule",task_id:task_id};hideElement(task_id);showSpinner("spinner_"+task_id);$.ajax({url:ajaxurl,type:"POST",data:smsifyData,success:onScheduleSuccess,error:onScheduleError})}});$(".smsify-send-group-sms").click(function(e){e.preventDefault();var tag_id=$("#edittag").find('input[name="tag_ID"]').val();var taxonomy=$("#edittag").find('input[name="taxonomy"]').val();var message=$("#smsify_message").val();var sender_id=$("#smsify_sender_id").val();var scheduler=$("#smsify-scheduler").prop("checked");var schedule_date=$("#smsify-schedule-date").val();var schedule_time=$("#smsify-schedule-time").val();var run_every=$("#run_every").val()*3600*24;var run_times=$("#run_times").val();var schedule_date_time="";var confirmationMessage=$("#smsify_confirmation").val();if(scheduler&&schedule_date!=""&&schedule_time!=""){var d=new Date(schedule_date);var schedule_date_time=addMinutes(d,schedule_time);schedule_date_time=moment(schedule_date_time).unix()}if(scheduler){scheduler=1}else{scheduler=0}var smsifyData={action:"smsify_sms_group_handler",method:"sendBulkSMS",message:message,taxonomy:taxonomy,tag_id:tag_id,scheduler:scheduler,run_every:run_every,run_times:run_times,schedule_date_time:schedule_date_time};if(sender_id){smsifyData["sender_id"]=sender_id}if(confirm(confirmationMessage)){showSending();$.ajax({url:ajaxurl,type:"POST",data:smsifyData,success:onSuccess,error:smsError})}});$(".smsify-sendsms").click(function(e){e.preventDefault();showSending();var user_id=$("#user_id").val();var first_name=$("#first_name").val();var last_name=$("#last_name").val();var mobile=$("#smsify_mobile").val();var message=$("#smsify_message").val();var sender_id=$("#smsify_sender_id").val();var scheduler=$("#smsify-scheduler").prop("checked");var schedule_date=$("#smsify-schedule-date").val();var schedule_time=$("#smsify-schedule-time").val();var run_every=$("#run_every").val()*3600*24;var run_times=$("#run_times").val();var schedule_date_time="";if(scheduler&&schedule_date!=""&&schedule_time!=""){var d=new Date(schedule_date);var schedule_date_time=addMinutes(d,schedule_time);schedule_date_time=moment(schedule_date_time).unix()}if(scheduler){scheduler=1}else{scheduler=0}var smsifyData={action:"smsify_sms_handler",method:"sendBulkSMS",user_id:user_id,first_name:first_name,last_name:last_name,send_to:mobile,scheduler:scheduler,run_every:run_every,run_times:run_times,schedule_date_time:schedule_date_time,message:message};if(sender_id){smsifyData["sender_id"]=sender_id}$.ajax({url:ajaxurl,type:"POST",data:smsifyData,success:onSuccess,error:smsError})});function onSuccess(e){var response=$.parseJSON(e);var type="";if(response.status==true){type="updated"}else{type="error"}showMessage(response.message,type)}function smsError(e){var response=$.parseJSON(e);var type="error";showMessage(response.message,type);console.log(e)}function onScheduleSuccess(e){var response=$.parseJSON(e);var type="";if(response.status==true){type="updated"}else{type="error"}hideSpinners();showGenericMessage(response.message,type,true)}function onScheduleError(e){var response=$.parseJSON(e);var type="error";showGenericMessage(response.message,type,true)}function showSending(){$(".smsify-send .form-table").hide();$(".smsify-confirmation").hide();$(".smsify-sending").show()}function showSpinner(id){$("."+id).show()}function hideSpinners(){$(".smsify-spinner").hide()}function hideElement(id){$("#"+id).hide()}function resetForm(){$(".smsify-send .form-table").show();$(".smsify-confirmation").show();$(".smsify-sending").hide()}function showMessage(message,type){$(".smsify-sending").hide();$(".smsify-send .form-table").show();$(".smsify-confirmation").addClass(type);$(".smsify-confirmation").html("<p>"+message+"</p>");$(".smsify-confirmation").show()}function showGenericMessage(message,type,showalert){if(showalert){alert(message)}$(".smsify-message").show();$(".smsify-message").addClass(type);$(".smsify-message").html("<p>"+message+"</p>")}function addMinutes(date,minutes){return new Date(date.getTime()+minutes*6e4)}});function toggleAPIKey(e,val1,val2,val3,val4){e.preventDefault();if($("#apiKey").val()==val1){$("#apiKey").attr("value",val2);$("#smsify_toggle_key").html(val4)}else{$("#apiKey").attr("value",val1);$("#smsify_toggle_key").html(val3)}}function smsify_setDateTime(id,thedate){if(moment(thedate).isValid()){var thisdate=moment.utc(thedate).toDate();$("#"+id).html(moment(thisdate).format("dddd, DD/MMMM h:mm A"))}else{$("#"+id).html("N/A")}}function smsify_setDateTimeYear(id,thedate){if(moment(thedate).isValid()){var thisdate=moment.utc(thedate).toDate();$("#"+id).html(moment(thisdate).format("ddd, DD/MMM/YYYY h:mm A"))}else{$("#"+id).html("N/A")}}
     1function toggleAPIKey(e,s,i,t,a){e.preventDefault(),$("#apiKey").val()==s?($("#apiKey").attr("value",i),$("#smsify_toggle_key").html(a)):($("#apiKey").attr("value",s),$("#smsify_toggle_key").html(t))}function smsify_setDateTime(e,s){let i=new Date(s);if(isNaN(i.getTime()))$("#"+e).html("N/A");else{let t=new Date(i.toUTCString()).toLocaleString("en-US",{weekday:"long",day:"2-digit",month:"long",hour:"numeric",minute:"2-digit",hour12:!0});$("#"+e).html(t)}}function smsify_setDateTimeYear(e,s){let i=new Date(s);if(isNaN(i.getTime()))$("#"+e).html("N/A");else{let t=new Date(i.toUTCString()).toLocaleString("en-US",{weekday:"short",day:"2-digit",month:"short",year:"numeric",hour:"numeric",minute:"2-digit",hour12:!0});$("#"+e).html(t)}}($=jQuery)(document).ready(function(){function e(e){var s=$.parseJSON(e),i="";i=!0==s.status?"updated":"error",r(s.message,i)}function s(e){var s;r($.parseJSON(e).message,"error"),console.log(e)}function i(e){var s=$.parseJSON(e),i="";i=!0==s.status?"updated":"error",$(".smsify-spinner").hide(),m(s.message,i,!0)}function t(e){var s;m($.parseJSON(e).message,"error",!0)}function a(){$(".smsify-send .form-table").hide(),$(".smsify-confirmation").hide(),$(".smsify-sending").show()}function n(){$(".smsify-send .form-table").show(),$(".smsify-confirmation").show(),$(".smsify-sending").hide()}function r(e,s){$(".smsify-sending").hide(),$(".smsify-send .form-table").show(),$(".smsify-confirmation").addClass(s),$(".smsify-confirmation").html("<p>"+e+"</p>"),$(".smsify-confirmation").show()}function m(e,s,i){i&&alert(e),$(".smsify-message").show(),$(".smsify-message").addClass(s),$(".smsify-message").html("<p>"+e+"</p>")}function o(e,s){return new Date(e.getTime()+6e4*s)}jQuery("#smsify-schedule-date").datepicker({dateFormat:"dd-M-yy",minDate:0,maxDate:365}),$("#smsify-scheduler").click(function(e){e.target.checked?($(".smsify-scheduleblock").show(),$(".smsify-scheduleblock").show()):($(".smsify-scheduleblock").hide(),$(".smsify-scheduleblock").hide())}),$(".smsify-deleteschedule").click(function(e){var s=e.currentTarget.id;confirm("Are you sure you want to delete this scheduled SMS?")&&(function e(s){$("#"+s).hide()}(s),function e(s){$("."+s).show()}("spinner_"+s),$.ajax({url:ajaxurl,type:"POST",data:{action:"smsify_sms_remove_schedule_handler",method:"destroySchedule",task_id:s},success:i,error:t}))}),$(".smsify-send-group-sms").click(function(i){i.preventDefault();var t=$("#edittag").find('input[name="tag_ID"]').val(),n=$("#edittag").find('input[name="taxonomy"]').val(),r=$("#smsify_message").val(),m=$("#smsify_sender_id").val(),d=$("#smsify-scheduler").prop("checked"),l=$("#smsify-schedule-date").val(),f=$("#smsify-schedule-time").val(),u=86400*$("#run_every").val(),c=$("#run_times").val(),y="",h=$("#smsify_confirmation").val();if(d&&""!=l&&""!=f){var g=new Date(l),y=o(g,f);y=Math.floor(new Date(y).getTime()/1e3)}var v={action:"smsify_sms_group_handler",method:"sendBulkSMS",message:r,taxonomy:n,tag_id:t,scheduler:d=d?1:0,run_every:u,run_times:c,schedule_date_time:y};m&&(v.sender_id=m),confirm(h)&&(a(),$.ajax({url:ajaxurl,type:"POST",data:v,success:e,error:s}))}),$(".smsify-sendsms").click(function(i){i.preventDefault(),a();var t=$("#user_id").val(),n=$("#first_name").val(),r=$("#last_name").val(),m=$("#smsify_mobile").val(),d=$("#smsify_message").val(),l=$("#smsify_sender_id").val(),f=$("#smsify-scheduler").prop("checked"),u=$("#smsify-schedule-date").val(),c=$("#smsify-schedule-time").val(),y=86400*$("#run_every").val(),h=$("#run_times").val(),g="";if(f&&""!=u&&""!=c){var v=new Date(u),g=o(v,c);g=Math.floor(new Date(g).getTime()/1e3)}var p={action:"smsify_sms_handler",method:"sendBulkSMS",user_id:t,first_name:n,last_name:r,send_to:m,scheduler:f=f?1:0,run_every:y,run_times:h,schedule_date_time:g,message:d};l&&(p.sender_id=l),$.ajax({url:ajaxurl,type:"POST",data:p,success:e,error:s})})});

  • smsify/trunk/readme.txt

    r3185122 r3185293  
    5757* WordPress 6.7 compatibility release.
    5858
    59 = 6.0.4 =
    60 * Performance improvements.
    61 * WordPress 6.7 compatibility release.
    62 * Bump up minimum version support
    63 
    64 = 6.0.3 =
    65 * Performance improvements.
    66 * WordPress 6.6.* compatibility release.
    67 
    6859= 6.0.2 =
    6960* New branding and logo

  • smsify/trunk/smsify.php

    r3185138 r3185293  
    2020Author: Cloud Inn
    2121Version: 6.1.0
    22 Requires at least: 5.3
     22Requires at least: 6.0
    2323Author URI: https://cloudinn.io/products/smsify
    2424License: GPLv2

  • smsify/trunk/views/smsify-schedules.php

    r3185136 r3185293  
    11<?php
    2 if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
     2if (!isset($_SERVER["SCRIPT_FILENAME"]))
     3    exit ("Unauthorised");
     4if (realpath (__FILE__) === realpath(sanitize_text_field(wp_unslash($_SERVER["SCRIPT_FILENAME"]))))
    35    exit ("Do not access this file directly.");
    46?>
    57<script>
    6     function smsify_setDateTimeDefer(id, thedate) {
    7         setTimeout(function(){
    8             smsify_setDateTime(id, thedate);
    9         }, 2000);
    10     }
     8    // Function to format MySQL datetime to local timezone
     9    function smsify_formatMySQLDatetimeCompact(elementId, mysqlDatetime) {
     10        if (!mysqlDatetime) return; // Guard against null dates
     11       
     12        // Create a Date object from the MySQL datetime string
     13        const date = new Date(mysqlDatetime + ' UTC'); // Add UTC to ensure proper timezone conversion
     14       
     15        // Get day of week
     16        const dayOfWeek = date.toLocaleString('en-US', { weekday: 'long' });
     17       
     18        // Get day of month
     19        const day = date.getDate();
     20       
     21        // Get month
     22        const month = date.toLocaleString('en-US', { month: 'long' });
     23       
     24        // Get time in 12-hour format
     25        const time = date.toLocaleString('en-US', {
     26            hour: 'numeric',
     27            minute: '2-digit',
     28            hour12: true
     29        });
     30       
     31        // Combine into final format: "Monday, 11/November 9:33 AM"
     32        const formattedDate = `${dayOfWeek}, ${day}/${month} ${time}`;
     33       
     34        // Set the element's content
     35        document.getElementById(elementId).textContent = formattedDate;
     36    }
    1137</script>
    1238<h2><?php echo esc_html("SMSify Schedules"); ?></h2>
     
    2955        <?php foreach ($response as $schedule) { ?>
    3056            <tr>
    31                 <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_created) ) ?>"><script>smsify_setDateTimeDefer('<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_created) ) ?>', '<?php echo esc_html($schedule->dt_created) ?>')</script></td>
    32                 <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->start_at) ) ?>"><script>smsify_setDateTimeDefer('<?php echo esc_html(md5($schedule->local_task_id . $schedule->start_at) ) ?>', '<?php echo esc_html($schedule->start_at) ?>')</script></td>
    33                 <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_last_run) ) ?>"><script>smsify_setDateTimeDefer('<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_last_run) ) ?>', '<?php echo esc_html($schedule->dt_last_run) ?>')</script></td>
    34                 <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_next_run) ) ?>"><script>smsify_setDateTimeDefer('<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_next_run) ) ?>', '<?php echo esc_html($schedule->dt_next_run) ?>')</script></td>
     57                <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_created)) ?>">
     58                    <script>
     59                        smsify_formatMySQLDatetimeCompact(
     60                            '<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_created)) ?>',
     61                            '<?php echo esc_html($schedule->dt_created) ?>'
     62                        );
     63                    </script>
     64                </td>
     65                <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->start_at)) ?>">
     66                    <script>
     67                        smsify_formatMySQLDatetimeCompact(
     68                            '<?php echo esc_html(md5($schedule->local_task_id . $schedule->start_at)) ?>',
     69                            '<?php echo esc_html($schedule->start_at) ?>'
     70                        );
     71                    </script>
     72                </td>
     73                <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_last_run) ) ?>"><script>smsify_formatMySQLDatetimeCompact('<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_last_run) ) ?>', '<?php echo esc_html($schedule->dt_last_run) ?>')</script></td>
     74                <td id="<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_next_run) ) ?>"><script>smsify_formatMySQLDatetimeCompact('<?php echo esc_html(md5($schedule->local_task_id . $schedule->dt_next_run) ) ?>', '<?php echo esc_html($schedule->dt_next_run) ?>')</script></td>
    3575                <td><?php echo esc_html($schedule->run_every); ?></td>
    3676                <td><?php echo esc_html($schedule->run_times); ?></td>
Note: See TracChangeset for help on using the changeset viewer.