WordPress.org
Get WordPress

Plugin Directory

Changeset 3262503


Ignore:
Timestamp:
03/27/2025 04:15:54 AM (12 months ago)
Author:
codemenschen
Message:

Version 4.5.2

Location:
gift-voucher
Files:
971 added
11 edited

Legend:

Unmodified
Added
Removed

  • gift-voucher/trunk/admin/wpgv-gift-voucher-admin.php

    r3258145 r3262503  
    2323            global $wpgv_gift_voucher;
    2424
    25             if (!isset($_POST['_wpgv_nonce']) || !wp_verify_nonce($_POST['_wpgv_nonce'], 'wpgv_save_product_meta')) {
     25            if (!isset($_POST['_wpgv_nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpgv_nonce'])), 'wpgv_save_product_meta')) {
    2626                wp_die(esc_html__('Invalid request.', 'gift-voucher'));
    2727            }
     28
    2829            if (!current_user_can('edit_post', $post_id)) {
    2930                wp_die(esc_html__('You do not have permission to edit this product.', 'gift-voucher'));
     
    3132
    3233            $product = new wpgv_wc_product_gift_voucher($post_id);
    33             $new_amount = isset($_POST['wpgv_price']) ? wc_clean(wp_unslash($_POST['wpgv_price'])) : '';
     34            $new_amount = isset($_POST['wpgv_price']) ? sanitize_text_field(wp_unslash($_POST['wpgv_price'])) : '';
    3435
    3536            if (!empty($new_amount)) {
     
    5455            //global $product_object;
    5556
     57            $nonce = isset($_POST['nonce']) ? sanitize_text_field(wp_unslash($_POST['nonce'])) : '';
     58
     59            if (!wp_verify_nonce($nonce, 'wpgv_nonce_action')) {
     60                wp_send_json_error(array('success' => 0, 'message' => __('Nonce verification failed', 'gift-voucher')));
     61                wp_die();
     62            }
     63
     64
    5665            $wpgv_gift_voucher->set_current_currency_to_default();
    5766
     
    6069            }
    6170
    62             $product_id = absint($_POST['product_id']);
    63             $new_amount = wc_clean(wp_unslash($_POST['wpgv_price']));
     71            $product_id = isset($_POST['product_id']) ? absint($_POST['product_id']) : 0;
     72            $new_amount = isset($_POST['wpgv_price']) ? sanitize_text_field(wp_unslash($_POST['wpgv_price'])) : '';
    6473            $new_amount = $wpgv_gift_voucher->sanitize_amount($new_amount);
    6574
     
    92101        function ajax_remove_wpgv_voucher_amount()
    93102        {
     103            $nonce = isset($_POST['nonce']) ? sanitize_text_field(wp_unslash($_POST['nonce'])) : '';
     104
     105            if (!wp_verify_nonce($nonce, 'wpgv_nonce_action')) {
     106                wp_send_json_error(array('success' => 0, 'message' => __('Nonce verification failed', 'gift-voucher')));
     107                wp_die();
     108            }
    94109
    95110            if (! current_user_can('edit_products')) {
     
    97112            }
    98113
    99             $product_id = absint($_POST['product_id']);
    100             $variation_id = absint($_POST['variation_id']);
     114            $product_id   = isset($_POST['product_id']) ? absint($_POST['product_id']) : 0;
     115            $variation_id = isset($_POST['variation_id']) ? absint($_POST['variation_id']) : 0;;
    101116
    102117            if ($product = new wpgv_wc_product_gift_voucher($product_id)) {

  • gift-voucher/trunk/assets/js/voucher-template-script.js

    r3258145 r3262503  
    7373                },
    7474                success: function (results) {
     75                    console.log(results);
    7576                    if (results) {
    7677                        voucherTemplate.find('#slider-giftvoucher-template').html(results);

  • gift-voucher/trunk/classes/voucher.php

    r3258145 r3262503  
    638638            if (in_array($action, ['used', 'paid', 'mail', 'delete'], true)) {
    639639
    640                 if (!isset($_REQUEST['_wpdelete']) || !wp_verify_nonce($_REQUEST['_wpdelete'], "{$action}_voucher")) {
     640                if (!isset($_REQUEST['_wpdelete']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_REQUEST['_wpdelete'])), "{$action}_voucher")) {
    641641                    wp_die(esc_html__('Invalid request.', 'gift-voucher'));
    642642                }

  • gift-voucher/trunk/gift-voucher.php

    r3258145 r3262503  
    77 * Author: Codemenschen GmbH
    88 * Author URI: https://www.codemenschen.at/
    9  * Version: 4.5.1
     9 * Version: 4.5.2
    1010 * Text Domain: gift-voucher
    1111 * Domain Path: /languages
     
    2323if (!defined('ABSPATH')) exit;  // Exit if accessed directly
    2424
    25 define('WPGIFT_VERSION', '4.5.1');
     25define('WPGIFT_VERSION', '4.5.2');
    2626define('WPGIFT__MINIMUM_WP_VERSION', '4.0');
    2727define('WPGIFT__PLUGIN_DIR', untrailingslashit(plugin_dir_path(__FILE__)));
     
    132132    $wpdb->query("ALTER TABLE `{$wpdb->prefix}giftvouchers_setting` ADD is_order_form_enable TINYINT(1) DEFAULT 1");
    133133  }
     134
     135  $column_exists_portrait = $wpdb->get_results("SHOW COLUMNS FROM `{$wpdb->prefix}giftvouchers_setting` LIKE 'portrait_mode_templates'");
     136
     137  if (!empty($column_exists_portrait)) {
     138    $portrait_mode_templates = $wpdb->get_var("SELECT portrait_mode_templates FROM `{$wpdb->prefix}giftvouchers_setting` LIMIT 1");
     139
     140    if (empty($portrait_mode_templates) || $portrait_mode_templates === '0') {
     141      $template_portail = 'template-voucher-portail-1.png, template-voucher-portail-2.png, template-voucher-portail-6.png';
     142
     143      $wpdb->query($wpdb->prepare("
     144            UPDATE `{$wpdb->prefix}giftvouchers_setting`
     145            SET portrait_mode_templates = %s
     146            WHERE portrait_mode_templates = '' OR portrait_mode_templates IS NULL OR portrait_mode_templates = '0'
     147        ", $template_portail));
     148    }
     149  }
     150
    134151
    135152  if (!current_user_can('manage_options')) {
     
    212229    'preview' => __('This is Preview!', 'gift-voucher'),
    213230    'text_value' => __('Value', 'gift-voucher'),
     231    'nonce'   => wp_create_nonce('wpgv_nonce_action'),
    214232  );
    215233  wp_register_style('wpgv-voucher-style',  WPGIFT__PLUGIN_URL . '/assets/css/voucher-style.css');
     
    441459  }
    442460  $data_setting = $wpdb->get_row("SELECT * FROM $giftvouchers_setting WHERE id = 1");
    443   if (empty($data_setting->landscape_mode_templates)) {
     461  if (empty($data_setting->landscape_mode_templates) || empty($data_setting->portrait_mode_templates)) {
    444462    // Use update() function from $wpdb
    445463    $wpdb->update(

  • gift-voucher/trunk/include/edit-order-voucher.php

    r3248177 r3262503  
    2222    if (isset($_POST['voucher_id']) && isset($_POST['new_date'])) {
    2323        $voucher_id = sanitize_text_field(wp_unslash($_POST['voucher_id']));
    24         $new_date = sanitize_text_field($_POST['new_date']);
     24        $new_date = sanitize_text_field(wp_unslash($_POST['new_date']));
    2525
    2626        global $wpdb;
     
    6464    if (isset($_POST['voucher_id']) && isset($_POST['data_note'])) {
    6565        $voucher_id = sanitize_text_field(wp_unslash($_POST['voucher_id']));
    66         $data_note = sanitize_textarea_field($_POST['data_note']);
     66        $data_note = sanitize_textarea_field(wp_unslash($_POST['data_note']));
    6767
    6868        global $wpdb;

  • gift-voucher/trunk/include/new_voucher_template.php

    r3258149 r3262503  
    140140                            <img class="image_src<?php echo esc_html($i); ?>" src="" width="100" style="display: none;" /><br>
    141141                            <input class="image_url<?php echo esc_html($i); ?>" type="hidden" name="image<?php echo esc_html($i); ?>" size="60" value="<?php echo esc_attr($value); ?>">
    142                             <button type="button" class="upload_image<?php echo esc_html($i); ?> button"><?php echo esc_html_('Upload Image', 'gift-voucher') ?></button>
    143                             <button type="button" class="button button-primary remove_image<?php echo esc_attr($i); ?>" style="display: none;"><?php echo esc_html_('Remove Image', 'gift-voucher') ?></button>
     142                            <button type="button" class="upload_image<?php echo esc_attr($i); ?> button">
     143                                <?php esc_html_e('Upload Image', 'gift-voucher'); ?>
     144                            </button>
     145                            <button type="button" class="button button-primary remove_image<?php echo esc_attr($i); ?>" style="display: none;">
     146                                <?php esc_html_e('Remove Image', 'gift-voucher'); ?>
     147                            </button>
    144148                        </td>
    145149                    </tr>
     
    151155                    <td>
    152156                        <select name="active" id="active">
    153                             <option value="<?php echo esc_html("1"); ?>" <?php echo ($options->active == 1) ? esc_html('selected') : ''; ?>><?php echo esc_html_('Active', 'gift-voucher') ?></option>
    154                             <option class="0" <?php echo ($options->active == 0) ? esc_html('selected') : ''; ?>><?php echo esc_html_('Inactive', 'gift-voucher') ?></option>
     157                            <option value="<?php echo esc_attr("1"); ?>" <?php selected($options->active, 1); ?>>
     158                                <?php esc_html_e('Active', 'gift-voucher'); ?>
     159                            </option>
     160                            <option value="<?php echo esc_attr("0"); ?>" <?php selected($options->active, 0); ?>>
     161                                <?php esc_html_e('Inactive', 'gift-voucher'); ?>
     162                            </option>
    155163                        </select>
     164
    156165                    </td>
    157166                </tr>

  • gift-voucher/trunk/include/voucher-shortcodes.php

    r3258149 r3262503  
    396396            <table class="wpgv-balance-activity-table">
    397397                <tr>
    398                     <th><?php echo esc_html_('Date', 'gift-voucher'); ?></th>
    399                     <th><?php echo esc_html_('Action', 'gift-voucher'); ?></th>
    400                     <th><?php echo esc_html_('Note', 'gift-voucher'); ?></th>
    401                     <th><?php echo esc_html_('Amount', 'gift-voucher'); ?></th>
    402                     <th><?php echo esc_html_('Balance', 'gift-voucher'); ?></th>
     398                    <th><?php esc_html_e('Date', 'gift-voucher'); ?></th>
     399                    <th><?php esc_html_e('Action', 'gift-voucher'); ?></th>
     400                    <th><?php esc_html_e('Note', 'gift-voucher'); ?></th>
     401                    <th><?php esc_html_e('Amount', 'gift-voucher'); ?></th>
     402                    <th><?php esc_html_e('Balance', 'gift-voucher'); ?></th>
    403403                </tr>
    404404                <?php

  • gift-voucher/trunk/include/voucher_settings.php

    r3258145 r3262503  
    3333    $stripe_webhook_key = isset($_POST['stripe_webhook_key']) ? sanitize_text_field(wp_unslash($_POST['stripe_webhook_key'])) : '';
    3434    $stripe_secret_key = isset($_POST['stripe_secret_key']) ? sanitize_text_field(wp_unslash($_POST['stripe_secret_key'])) : '';
    35     $voucher_bgcolor = isset($_POST['voucher_bgcolor']) ? sanitize_text_field(substr($_POST['voucher_bgcolor'], 1)) : '';
    36     $voucher_brcolor = isset($_POST['voucher_brcolor']) ? sanitize_text_field(substr($_POST['voucher_brcolor'], 1)) : '';
    37     $voucher_color = isset($_POST['voucher_color']) ? sanitize_text_field(substr($_POST['voucher_color'], 1)) : '';
     35    $voucher_bgcolor = isset($_POST['voucher_bgcolor']) ? sanitize_text_field(wp_unslash($_POST['voucher_bgcolor'])) : '';
     36    $voucher_brcolor = isset($_POST['voucher_brcolor']) ? sanitize_text_field(wp_unslash($_POST['voucher_brcolor'])) : '';
     37    $voucher_color  = isset($_POST['voucher_color']) ? sanitize_text_field(wp_unslash($_POST['voucher_color'])) : '';
     38
     39    $voucher_bgcolor = ltrim($voucher_bgcolor, '#');
     40    $voucher_brcolor = ltrim($voucher_brcolor, '#');
     41    $voucher_color   = ltrim($voucher_color, '#');
     42
    3843    $template_col = isset($_POST['template_col']) ? sanitize_text_field(wp_unslash($_POST['template_col'])) : '';
    3944    $voucher_min_value = isset($_POST['voucher_min_value']) ? sanitize_text_field(wp_unslash($_POST['voucher_min_value'])) : '';
     
    5863    $bank_info = isset($_POST['bank_info']) ? sanitize_text_field(wp_unslash($_POST['bank_info'])) : '';
    5964    $email_subject = isset($_POST['email_subject']) ? sanitize_text_field(wp_unslash($_POST['email_subject'])) : '';
    60     $email_body = isset($_POST['email_body']) ? wp_filter_post_kses(wp_unslash($_POST['email_body'])) : '';
    61     $email_body_per_invoice = isset($_POST['email_body_per_invoice']) ? wp_filter_post_kses(wp_unslash($_POST['email_body_per_invoice'])) : '';
    62     $recipient_email_subject = isset($_POST['recipient_email_subject']) ? wp_filter_post_kses(wp_unslash($_POST['recipient_email_subject'])) : '';
    63     $recipient_email_body = isset($_POST['recipient_email_body']) ? wp_filter_post_kses(wp_unslash($_POST['recipient_email_body'])) : '';
    64     $admin_email_subject = isset($_POST['admin_email_subject']) ? wp_filter_post_kses(wp_unslash($_POST['admin_email_subject'])) : '';
    65     $admin_email_body = isset($_POST['admin_email_body']) ? wp_filter_post_kses(wp_unslash($_POST['admin_email_body'])) : '';
     65
     66    $email_body = isset($_POST['email_body']) ? wp_kses_post(wp_unslash($_POST['email_body'])) : '';
     67
     68    $email_body_per_invoice = isset($_POST['email_body_per_invoice']) ? wp_kses_post(wp_unslash($_POST['email_body_per_invoice'])) : '';
     69    $recipient_email_body   = isset($_POST['recipient_email_body']) ? wp_kses_post(wp_unslash($_POST['recipient_email_body'])) : '';
     70    $admin_email_body       = isset($_POST['admin_email_body']) ? wp_kses_post(wp_unslash($_POST['admin_email_body'])) : '';
     71
     72    $recipient_email_subject = isset($_POST['recipient_email_subject']) ? sanitize_text_field(wp_unslash($_POST['recipient_email_subject'])) : '';
     73    $admin_email_subject     = isset($_POST['admin_email_subject']) ? sanitize_text_field(wp_unslash($_POST['admin_email_subject'])) : '';
     74
    6675    $demo_image_voucher = isset($_POST['demo_image_voucher']) ? sanitize_text_field(wp_unslash($_POST['demo_image_voucher'])) : '';
    6776    $demo_image_item = isset($_POST['demo_image_item']) ? sanitize_text_field(wp_unslash($_POST['demo_image_item'])) : '';
     
    7786
    7887    $voucher_styles = array();
    79     if (isset($_POST['voucher_style'])) {
    80         foreach ($_POST['voucher_style'] as $value) {
    81             $voucher_styles[] = sanitize_text_field(wp_unslash($value));
    82         }
     88    if (isset($_POST['voucher_style']) && is_array($_POST['voucher_style'])) {
     89        $voucher_styles = array_map('sanitize_text_field', wp_unslash($_POST['voucher_style']));
    8390    }
    8491
     
    206213$wpgv_paypal_secret_key = get_option('wpgv_paypal_secret_key') ? get_option('wpgv_paypal_secret_key') : '';
    207214$wpgv_stripe_webhook_key = get_option('wpgv_stripe_webhook_key') ? get_option('wpgv_stripe_webhook_key') : '';
    208 $options = $wpdb->get_row("SELECT * FROM $setting_table_name WHERE id = 1");
     215$options = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$setting_table_name} WHERE id = %d", 1));
    209216$voucher_styles = $options->voucher_style ? json_decode($options->voucher_style) : [''];
    210217
     
    215222<?php
    216223if (isset($_GET['action']) && $_GET['action'] == 'create_default_pages') {
    217     if (isset($_GET['_wpnonce']) && wp_verify_nonce($_GET['_wpnonce'], 'create_default_pages_action')) {
     224    if (isset($_GET['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_GET['_wpnonce'])), 'create_default_pages_action')) {
    218225?>
    219226        <div class="wrap wpgiftv-settings">

  • gift-voucher/trunk/include/wpgv-product-settings.php

    r3258145 r3262503  
    172172        <script type="text/javascript">
    173173            jQuery(document).ready(function($) {
     174                var wpgv_nonce = '<?php echo esc_js(wp_create_nonce('wpgv_nonce_action')); ?>';
     175
    174176                // ajax add new price varation
    175177                $('#wpgv-add-price-button').click(function() {
     
    180182                        action: 'ajax_add_wpgv_voucher_amount',
    181183                        wpgv_price: voucherPrice,
    182                         product_id: productId
     184                        product_id: productId,
     185                        nonce: wpgv_nonce
    183186                    };
    184187
     
    201204                        action: 'ajax_remove_wpgv_voucher_amount',
    202205                        variation_id: variation_id,
    203                         product_id: productId
     206                        product_id: productId,
     207                        nonce: wpgv_nonce
    204208                    };
    205209

  • gift-voucher/trunk/readme.txt

    r3258145 r3262503  
    33Tags: gift cards, gift certificates, gift voucher, premium vouchers, generate gift cards
    44Requires at least: 4.0
    5 Tested up to: 6.7.1
    6 Stable tag: 4.5.1
     5Tested up to: 6.7.2
     6Stable tag: 4.5.2
    77Requires PHP: 5.6
    88License: GPLv2 or later
     
    219219== Changelog ==
    220220
     221= Version 4.5.2 - Released: March 27 2025
     222* Fix undefined function error for esc_html_ in new voucher template
     223* Fix issue where portrait (vertical) gift card templates were not displaying correctly
     224
    221225= Version 4.5.1 - Released: March 19 2025
    222226* Fixed "Invalid request" error when the admin clicks the "Send Mail" button in the voucher area.

  • gift-voucher/trunk/templates/wpgv_voucher_pdf.php

    r3248177 r3262503  
    1818}
    1919
    20 $template = isset($_GET['template']) ? wp_kses_post(base64_decode(wp_unslash($_GET['template']))) : '';
    21 $buyingfor = isset($_GET['buying_for']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['buying_for']))) : '';
    22 $for = isset($_GET['for']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['for']))) : '';
    23 $from = isset($_GET['from']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['from']))) : '';
    24 $value = isset($_GET['value']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['value']))) : '';
    25 $message = isset($_GET['message']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['message']))) : '';
    26 $expiry = isset($_GET['expiry']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['expiry']))) : '';
     20$template   = isset($_GET['template']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['template']))) : '';
     21$buyingfor  = isset($_GET['buying_for']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['buying_for']))) : '';
     22$for        = isset($_GET['for']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['for']))) : '';
     23$from       = isset($_GET['from']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['from']))) : '';
     24$value      = isset($_GET['value']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['value']))) : '';
     25$message    = isset($_GET['message']) ? sanitize_textarea_field(base64_decode(wp_unslash($_GET['message']))) : '';
     26$expiry     = isset($_GET['expiry']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['expiry']))) : '';
    2727$code = '################';
    2828
     
    4444
    4545if ($setting_options->is_style_choose_enable) {
    46     $voucher_style = sanitize_textarea_field(base64_decode($_GET['style']));
     46    $voucher_style = isset($_GET['style']) ? sanitize_text_field(base64_decode(wp_unslash($_GET['style']))) : '';
    4747    $image_attributes = get_attached_file($images[$voucher_style]);
    4848    $image = ($image_attributes) ? $image_attributes : get_option('wpgv_demoimageurl_voucher');
Note: See TracChangeset for help on using the changeset viewer.