WordPress.org
Get WordPress

Plugin Directory

Changeset 3252296


Ignore:
Timestamp:
03/07/2025 06:07:07 PM (13 months ago)
Author:
wpdever
Message:

validating inputs

Location:
cart-tracking-for-woocommerce/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • cart-tracking-for-woocommerce/trunk/admin/admin.php

    r3229904 r3252296  
    155155        // $req_order_by = sanitize_text_field($_REQUEST['orderby']);
    156156        // $req_order = sanitize_text_field($_REQUEST['order']);
     157        // Define allowed column names and order directions
     158        $allowed_columns = ['title', 'update_time', 'cart_total'];
     159        // Add valid column names
     160        $allowed_order = ['ASC', 'DESC'];
    157161        $req_order_by = ( isset( $_REQUEST['orderby'] ) ? sanitize_text_field( $_REQUEST['orderby'] ) : '' );
    158162        $req_order = ( isset( $_REQUEST['order'] ) ? sanitize_text_field( $_REQUEST['order'] ) : '' );
    159         $orderby = ( !empty( $req_order_by ) ? $req_order_by : 'carts.id' );
     163        $orderby = ( in_array( $req_order_by, $allowed_columns ) ? $req_order_by : 'carts.id' );
    160164        //If no sort, default to title
    161165        if ( $orderby === 'title' ) {
    162166            $orderby = 'carts.id';
    163167        }
    164         $order = ( !empty( $req_order ) ? $req_order : 'DESC' );
     168        $order = ( in_array( $req_order, $allowed_order ) ? $req_order : 'DESC' );
    165169        // $sql = $wpdb->prepare("SELECT carts.id AS id, update_time, cart_total, GROUP_CONCAT(posts.post_title SEPARATOR ' ') AS products
    166170        // FROM {$wpdb->prefix}cart_tracking_wc_cart AS carts JOIN {$wpdb->prefix}cart_tracking_wc AS products ON carts.id = products.cart_number

  • cart-tracking-for-woocommerce/trunk/cart-tracking.php

    r3229904 r3252296  
    55 * Plugin URI: https://wpsimpleplugins.wordpress.com/
    66 * Description: Keep track of what people are adding or removing from their cart. See top added/removed products.
    7  * Version: 1.0.16
     7 * Version: 1.0.17
    88 * Author: Simple Plugins
    99 * Author URI: https://wpsimpleplugins.wordpress.com/

  • cart-tracking-for-woocommerce/trunk/readme.txt

    r3229904 r3252296  
    44Requires at least: 4.0
    55Tested up to: 6.7
    6 Stable tag: 1.0.16
     6Stable tag: 1.0.17
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
Note: See TracChangeset for help on using the changeset viewer.