Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3265698

Timestamp:

04/02/2025 02:06:11 PM (12 months ago)

Author:

rohitashv

Message:

xss vurnablilty Resolved Thanks to wordpress team

Location:

emarksheet

Files:

: 51 added
: 1 deleted
: 12 edited

tags/5.4.4 (added)
tags/5.4.4/bootstrap (added)
tags/5.4.4/bootstrap/css (added)
tags/5.4.4/bootstrap/css/bootstrap.css (added)
tags/5.4.4/bootstrap/css/print.css (added)
tags/5.4.4/bootstrap/img (added)
tags/5.4.4/bootstrap/img/glyphicons-halflings-white.png (added)
tags/5.4.4/bootstrap/img/glyphicons-halflings.png (added)
tags/5.4.4/bootstrap/js (added)
tags/5.4.4/bootstrap/js/bootstrap.js (added)
tags/5.4.4/bootstrap/js/bootstrap.min.js (added)
tags/5.4.4/emarksheet.php (added)
tags/5.4.4/install-script.php (added)
tags/5.4.4/menu-pages (added)
tags/5.4.4/menu-pages/emark_add_class.php (added)
tags/5.4.4/menu-pages/emark_add_marks.php (added)
tags/5.4.4/menu-pages/emark_add_student.php (added)
tags/5.4.4/menu-pages/emark_add_student_list.php (added)
tags/5.4.4/menu-pages/emark_add_sub.php (added)
tags/5.4.4/menu-pages/help.php (added)
tags/5.4.4/menu-pages/print.php (added)
tags/5.4.4/menu-pages/settings.php (added)
tags/5.4.4/menu-pages/uninstall.php (added)
tags/5.4.4/readme.txt (added)
tags/5.4.4/screenshot-1.jpg (added)
tags/5.4.4/screenshot-1.png (added)
tags/5.4.4/screenshot-2.jpg (added)
tags/5.4.4/screenshot-2.png (added)
tags/5.4.4/screenshot-3.jpg (added)
tags/5.4.4/screenshot-3.png (added)
tags/5.4.4/screenshot-4.jpg (added)
tags/5.4.4/screenshot-4.png (added)
tags/5.4.4/screenshot-5.jpg (added)
tags/5.4.4/screenshot-5.png (added)
tags/5.4.4/screenshot-6.jpg (added)
tags/5.4.4/screenshot-6.png (added)
tags/5.4.4/screenshot-7.jpg (added)
tags/5.4.4/screenshot-7.png (added)
tags/5.4.4/screenshot-8.jpg (added)
tags/5.4.4/screenshot-8.png (added)
tags/5.4.4/screenshot-9.png (added)
trunk/bootstrap (added)
trunk/bootstrap/css (added)
trunk/bootstrap/css/bootstrap.css (added)
trunk/bootstrap/css/print.css (added)
trunk/bootstrap/img (added)
trunk/bootstrap/img/glyphicons-halflings-white.png (added)
trunk/bootstrap/img/glyphicons-halflings.png (added)
trunk/bootstrap/js (added)
trunk/bootstrap/js/bootstrap.js (added)
trunk/bootstrap/js/bootstrap.min.js (added)
trunk/emarksheet.php (modified) (10 diffs)
trunk/install-script.php (modified) (5 diffs)
trunk/menu-pages/bootstrap (deleted)
trunk/menu-pages/emark_add_class.php (modified) (6 diffs)
trunk/menu-pages/emark_add_marks.php (modified) (6 diffs)
trunk/menu-pages/emark_add_student.php (modified) (2 diffs)
trunk/menu-pages/emark_add_student_list.php (modified) (11 diffs)
trunk/menu-pages/emark_add_sub.php (modified) (7 diffs)
trunk/menu-pages/help.php (modified) (1 diff)
trunk/menu-pages/print.php (modified) (7 diffs)
trunk/menu-pages/settings.php (modified) (2 diffs)
trunk/menu-pages/uninstall.php (modified) (1 diff)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

emarksheet/trunk/emarksheet.php

r3265424	r3265698
5	5	Description: This is a simple and unique wordpress plugin to create a simple marksheet using wordpress. You can also give a link to your users to see the result and print it.
6	6	Author: rohitashv
7		Version: 5.4.3
	7	Version: 5.4.4
8	8	License: GPL v2 or later
9	9	License URI: https://www.gnu.org/licenses/gpl-2.0.html
…	…
32	32	{
33	33	wp_enqueue_script( 'jquery' );
	34	$plugin_url = plugin_dir_url( __FILE__ );
	35
	36	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
34	37	include('menu-pages/emark_add_class.php');
35	38	}
…	…
37	40	{
38	41	wp_enqueue_script( 'jquery' );
	42	$plugin_url = plugin_dir_url( __FILE__ );
	43
	44	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
39	45	include('menu-pages/emark_add_sub.php');
40	46	}
…	…
42	48	{
43	49	wp_enqueue_script( 'jquery' );
	50	$plugin_url = plugin_dir_url( __FILE__ );
	51
	52	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
44	53	include('menu-pages/emark_add_student.php');
45	54	}
…	…
47	56	{
48	57	wp_enqueue_script( 'jquery' );
	58	$plugin_url = plugin_dir_url( __FILE__ );
	59
	60	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
49	61	include('menu-pages/emark_add_student_list.php');
50	62	}
…	…
52	64	{
53	65	wp_enqueue_script( 'jquery' );
	66	$plugin_url = plugin_dir_url( __FILE__ );
	67
	68	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
54	69	include('menu-pages/emark_add_marks.php');
55	70	}
…	…
57	72	{
58	73	wp_enqueue_script( 'jquery' );
	74	$plugin_url = plugin_dir_url( __FILE__ );
	75
	76	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
59	77	include('menu-pages/settings.php');
60	78	}
…	…
62	80	{
63	81	wp_enqueue_script( 'jquery' );
	82	$plugin_url = plugin_dir_url( __FILE__ );
	83
	84	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
64	85	include('menu-pages/print.php');
65	86	}
…	…
67	88	{
68	89	wp_enqueue_script( 'jquery' );
	90	$plugin_url = plugin_dir_url( __FILE__ );
	91
	92	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
69	93	include('menu-pages/help.php');
70	94	}
…	…
72	96	{
73	97	wp_enqueue_script( 'jquery' );
	98	$plugin_url = plugin_dir_url( __FILE__ );
	99
	100	wp_enqueue_style( 'style', $plugin_url . "/bootstrap/css/bootstrap.css");
74	101	include('menu-pages/uninstall.php');
75	102	}

emarksheet/trunk/install-script.php

-                      r2006371
+                      r3265698
 <?php
 global $wpdb;
 $add_subject = "CREATE TABLE IF NOT EXISTS `emarksheet_class` (
+$wpdb->query("CREATE TABLE IF NOT EXISTS `emarksheet_class` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `class_name` varchar(255) NOT NULL,
   PRIMARY KEY (`id`)
+) ENGINE=InnoDB  DEFAULT  CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=7 ;";
+$wpdb->query($add_subject);
+) ENGINE=InnoDB  DEFAULT  CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=7 ;");
 $add_quiz = "CREATE TABLE IF NOT EXISTS `emarksheet_marks` (
+$wpdb->query("CREATE TABLE IF NOT EXISTS `emarksheet_marks` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `student_id` int(11) NOT NULL,
 …
   `marks` TEXT NOT NULL,
   PRIMARY KEY (`id`)
+) AUTO_INCREMENT=4 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;";
+$wpdb->query($add_quiz);
+) AUTO_INCREMENT=4 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;");
 $add_question = "CREATE TABLE IF NOT EXISTS `emarksheet_setting` (
+$wpdb->query("CREATE TABLE IF NOT EXISTS `emarksheet_setting` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `school_name` varchar(255) NOT NULL,
 …
   `name_of_principal` varchar(255) NOT NULL,
   PRIMARY KEY (`id`)
+) AUTO_INCREMENT=5 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;";
+$wpdb->query($add_question);
+) AUTO_INCREMENT=5 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;");
 $result = "CREATE TABLE IF NOT EXISTS `emarksheet_student` (
+$wpdb->query("CREATE TABLE IF NOT EXISTS `emarksheet_student` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `class_id` int(11) NOT NULL,
 …
   `mother_n` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
   PRIMARY KEY (`id`)
+) AUTO_INCREMENT=6 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;";
+$wpdb->query($result);
+) AUTO_INCREMENT=6 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;");
 $result1 = "CREATE TABLE IF NOT EXISTS `emarksheet_subject` (
+$wpdb->query("CREATE TABLE IF NOT EXISTS `emarksheet_subject` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `class` int(11) NOT NULL,
 …
   `min_pass` int(11) DEFAULT 33,
   PRIMARY KEY (`id`)
+)AUTO_INCREMENT=6 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;";
+$wpdb->query($result1);
+)AUTO_INCREMENT=6 ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;");
 ?>

emarksheet/trunk/menu-pages/emark_add_class.php

-                      r3265638
+                      r3265698
-<!---load bootstrap css----->
-<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <div class='span12' style='margin-top:20px;'>
 <?php
 global $wpdb;
+$nonce = wp_create_nonce( 'my-nonce' );
+if(isset($_POST['addsubject'])){
+$nonce1 = $_REQUEST['_wpnonce'];
+if ( ! wp_verify_nonce( $nonce1, 'my-nonce' ) ) {
+     die( 'Security check' );
+} else {
 if(isset($_POST['addsubject']))
+{
+    $subname = strip_tags($_POST['name']);
+    $insert_query=$wpdb->prepare("insert into `emarksheet_class`(`id`,`class_name`) values('','$subname')");
+    $wpdb->query($insert_query);
+    $subname = wp_strip_all_tags($_POST['name']);
+    $wpdb->query($wpdb->prepare("insert into `emarksheet_class`(`id`,`class_name`) values('','$subname')"));
     echo "<div class='alert alert-success'>Class Name Added Successfully</div>";
+}
 if(isset($_POST['update_name']))
+{
+    $up_su_n = strip_tags($_POST['up_su_n']);
+    $up_su_id = strip_tags($_POST['up_id']);
+    $update_query = $wpdb->prepare("update `emarksheet_class` set `class_name`='$up_su_n' where `id`='$up_su_id'");
+    $wpdb->query($update_query);
+    $up_su_n = wp_strip_all_tags($_POST['up_su_n']);
+    $up_su_id = wp_strip_all_tags($_POST['up_id']);
+    $wpdb->query($wpdb->prepare("update `emarksheet_class` set `class_name`='$up_su_n' where `id`='$up_su_id'"));
     echo "<div class='alert alert-success'>Class Name Updated Successfully</div>";
+}
 …
+    {
         $iddelt = esc_html($_GET['id']);
+        $delete_query = $wpdb->prepare("delete from `emarksheet_class` where `id`='$iddelt'");
+        $wpdb->query($delete_query);
+        $wpdb->query($wpdb->prepare("delete from `emarksheet_class` where `id`='$iddelt'"));
         echo "<div class='alert alert-success'>Class Name Deleted Successfully</div>";
         echo "<script>setTimeout(location.href='".esc_url(admin_url("admin.php?page=eMarksheet-main"))."',6000)</script>";
 …
+{
     $idd = esc_html($_GET['id']);
+    $selectd_query = $wpdb->prepare("select * from `emarksheet_class` where `id`='$idd'");
+    $selectd_row =  $wpdb->get_results($selectd_query);
+    $selectd_row =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class` where `id`='$idd'"));
     $su_n = $selectd_row[0]->class_name;
     ?>
 …
     </div>
     <?php
+}}
+}
+}
 ?>
 <script type="text/javascript">
 …
 </script>
 <?php
+    $select_query = $wpdb->prepare("select * from `emarksheet_class`");
+    $select_row =  $wpdb->get_results($select_query);
+    $select_row =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class`"));
 ?>
 <span style="float:right;">
 …
         </div>
         <div class="modal-body">
             <form action="" method="post">
+            <form action="?page=eMarksheet-main&_wpnonce=<?php echo esc_html($nonce); ?>" method="post">
             Enter the Name of the Class You want to add<br/>
             <input type="text" autocomplete="off" class="span4 text" name="name" style="margin-top:12px;height:25px;" id="subname"><br/>

emarksheet/trunk/menu-pages/emark_add_marks.php

-                      r3265606
+                      r3265698
-<!---load bootstrap css----->
-<link rel='stylesheet' type='text/css' href='<?php echo esc_html(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <br/><br/>
 <?php
 …
+{
     $id = esc_html($_GET['id']);
+    $selectd_query = $wpdb->prepare("select * from `emarksheet_student` where `id`='$id'");
+    $selectd_row =  $wpdb->get_results($selectd_query);
+    $selectd_row =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_student` where `id`='$id'"));
     $su_n = $selectd_row[0]->class_id;
+    $selectd_query1 = $wpdb->prepare("select * from `emarksheet_subject` where `class`='$su_n'");
+    $selectd_row1 =  $wpdb->get_results($selectd_query1);
+    $selectd_row1 =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_subject` where `class`='$su_n'"));
     ?>
     <form action='<?php echo esc_url(admin_url("admin.php?page=eMarksheet-add-marks&action_new=add_marks_final&class_id=$su_n")); ?>' method='post'>
 …
         $student_id = esc_html($_POST['st_id']);
         $data = serialize($_POST);
+        $gt_old = $wpdb->prepare("select * from `emarksheet_marks` where `student_id`='$student_id' AND `class_id`='$class_n'");
+        $gt_old = $wpdb->get_results($gt_old);
+        $gt_old = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_marks` where `student_id`='$student_id' AND `class_id`='$class_n'"));
         if($gt_old)
+        {
             $mk_id = $gt_old[0]->id;
+            $upds = $wpdb->prepare("update `emarksheet_marks` set `marks`='$data' where `id`='$mk_id'");
+            $wpdb->query($upds);
+            //echo $wpdb->last_error;
+            $wpdb->query($wpdb->prepare("update `emarksheet_marks` set `marks`='$data' where `id`='$mk_id'"));
             echo "<div class='alert alert-success'> Marks Updated Successfully !!! </div>";
+        }
         else
+        {
+            $insert_st = $wpdb->prepare("insert into `emarksheet_marks`(`id`,`student_id`,`class_id`,`marks`) values('','$student_id','$class_n','$data')");
+            $wpdb->query($insert_st);
+            $wpdb->query($wpdb->prepare("insert into `emarksheet_marks`(`id`,`student_id`,`class_id`,`marks`) values('','$student_id','$class_n','$data')"));
             echo "<div class='alert alert-success'> Marks Added Successfully !!! </div>";
+        }
+    }
+    $select_qury1 = "select * from `emarksheet_class` where `id`='$class_n'";
+    $select_data1 = $wpdb->get_results($select_qury1);
+    $select_data1 = $wpdb->get_results("select * from `emarksheet_class` where `id`='$class_n'");
     $class_name = $select_data1[0]->class_name;
 ?>
 …
 <tr><th>Sr No</th><th>Roll No</th><th>Student Name</th><th>Father's Name</th><th>Mother's Name</th><th>Date Of Birth</th><th>Action</th></tr>
 <?php
+$select_qury2 = $wpdb->prepare("select * from `emarksheet_student` where `class_id`='$class_n'");
+$select_data2 = $wpdb->get_results($select_qury2);
+$select_data2 = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_student` where `class_id`='$class_n'"));
 $i = 1;
 if($select_data2)
 …
         echo esc_html($i);
         ?>
         </td><td>.<?php echo esc_html($select_data2->roll_no)."</td><td>".esc_html($select_data2->first_n)." ".esc_html($select_data2->last_n)."</td><td>".esc_html($select_data2->father_n)."</td><td>".esc_html($select_data2->mother_n)."</td><td>".esc_html($select_data2->dob_date)."-".esc_html($select_data2->dob_month)."-".esc_html($select_data2->dob_year)."</td><td><a href='".esc_url(admin_url("admin.php?page=eMarksheet-add-marks&action=add_marks&id=$select_data2->id"))."' class='btn btn-danger'><i class='icon-white icon-plus'></i> &nbsp;&nbsp; Add Marks</a></td></tr>";
+        </td><td><?php echo esc_html($select_data2->roll_no)."</td><td>".esc_html($select_data2->first_n)." ".esc_html($select_data2->last_n)."</td><td>".esc_html($select_data2->father_n)."</td><td>".esc_html($select_data2->mother_n)."</td><td>".esc_html($select_data2->dob_date)."-".esc_html($select_data2->dob_month)."-".esc_html($select_data2->dob_year)."</td><td><a href='".esc_url(admin_url("admin.php?page=eMarksheet-add-marks&action=add_marks&id=$select_data2->id"))."' class='btn btn-danger'><i class='icon-white icon-plus'></i> &nbsp;&nbsp; Add Marks</a></td></tr>";
     $i++;
+    }
 …
 See the list of Enrolled Students for each Class. First Select the class :
 <?php
+$select_qury = $wpdb->prepare("select * from `emarksheet_class`");
+$select_data = $wpdb->get_results($select_qury);
+$select_data = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class`"));
 ?>
 <form method="post" action="#">

emarksheet/trunk/menu-pages/emark_add_student.php

-                      r3265646
+                      r3265698
-<!---load bootstrap css----->
-<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <br/><br/><div class='alert alert-info'>Enroll the students in the class</div>
 <?php
 global $wpdb;
 $select_qury = $wpdb->prepare("select * from `emarksheet_class`");
 $select_data = $wpdb->get_results($select_qury);
+$nonce = wp_create_nonce( 'my-nonce' );
+$select_data = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class`"));
 if(isset($_POST['enroll']))
+{
+    $class = strip_tags($_POST['class_n']);
+    $roll_n = strip_tags($_POST['roll_number']);
+    $first_n = strip_tags($_POST['first_n']);
+    $last_n = strip_tags($_POST['last_n']);
+    $father_n = strip_tags($_POST['f_name']);
+    $mother_n = strip_tags($_POST['m_name']);
+    $dob_date = strip_tags($_POST['dob_date']);
+    $dob_m= strip_tags($_POST['dob_month']);
+    $dob_y = strip_tags($_POST['dob_year']);
+    $insert_query= $wpdb->prepare("insert into `emarksheet_student`(`id`,`class_id`,`roll_no`,`first_n`,`last_n`,`father_n`,`mother_n`,`dob_date` ,`dob_month`,`dob_year`) values('','$class','$roll_n','$first_n','$last_n','$father_n','$mother_n','$dob_date','$dob_m','$dob_y')");
+    $wpdb->query($insert_query);
+    $nonce1 = $_REQUEST['_wpnonce'];
+if ( ! wp_verify_nonce( $nonce1, 'my-nonce' ) ) {
+     die( 'Security check' );
+} else {
+    $class = wp_strip_all_tags($_POST['class_n']);
+    $roll_n = wp_strip_all_tags($_POST['roll_number']);
+    $first_n = wp_strip_all_tags($_POST['first_n']);
+    $last_n = wp_strip_all_tags($_POST['last_n']);
+    $father_n = wp_strip_all_tags($_POST['f_name']);
+    $mother_n = wp_strip_all_tags($_POST['m_name']);
+    $dob_date = wp_strip_all_tags($_POST['dob_date']);
+    $dob_m= wp_strip_all_tags($_POST['dob_month']);
+    $dob_y = wp_strip_all_tags($_POST['dob_year']);
+    $wpdb->query($wpdb->prepare("insert into `emarksheet_student`(`id`,`class_id`,`roll_no`,`first_n`,`last_n`,`father_n`,`mother_n`,`dob_date` ,`dob_month`,`dob_year`) values('','$class','$roll_n','$first_n','$last_n','$father_n','$mother_n','$dob_date','$dob_m','$dob_y')"));
     echo "<div class='alert alert-success'>New Student Enrolled Successfully !!!</div>";
+}
+}
 ?>
 <form method="post" action="#">
+<form method="post" action="?page=eMarksheet-student&_wpnonce=<?php echo esc_html($nonce); ?>">
 <table class="responsive display table table-bordered">
 <tr><td> Select Class : </td><td>
 …
 </select>
 &nbsp;&nbsp;
 <input type="text" style="width:100px;" name="dob_year" placeholder="YEAR" />
+<input type="text" style="width:100px;" required name="dob_year" minlength="4"  maxlength="4" placeholder="YEAR" />
 </td>
 </tr>

emarksheet/trunk/menu-pages/emark_add_student_list.php

-                      r3265638
+                      r3265698
+<!---load bootstrap css----->
+<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <script type="text/javascript">
 function show_confirm() {
 …
 if(isset($_POST['update_name']))
+{
     $up_id = esc_html($_POST['up_id']);
     $class = esc_html($_POST['class_nm']);
     $roll_n = esc_html($_POST['roll_number']);
     $first_n = esc_html($_POST['first_n']);
     $last_n = esc_html($_POST['last_n']);
     $father_n = esc_html($_POST['f_name']);
     $mother_n = esc_html($_POST['m_name']);
     $dob_date = esc_html($_POST['dob_date']);
     $dob_m= esc_html($_POST['dob_month']);
     $dob_y = esc_html($_POST['dob_year']);
     $update_query = $wpdb->prepare("update `emarksheet_student` set `class_id`='$class',
+    $up_id = wp_unslash($_POST['up_id']);
+    $class = wp_unslash($_POST['class_nm']);
+    $roll_n = wp_unslash($_POST['roll_number']);
+    $first_n = wp_unslash($_POST['first_n']);
+    $last_n = wp_unslash($_POST['last_n']);
+    $father_n = wp_unslash($_POST['f_name']);
+    $mother_n = wp_unslash($_POST['m_name']);
+    $dob_date = wp_unslash($_POST['dob_date']);
+    $dob_m= wp_unslash($_POST['dob_month']);
+    $dob_y = wp_unslash($_POST['dob_year']);
+    $wpdb->query($wpdb->prepare("update `emarksheet_student` set `class_id`='$class',
     `roll_no`='$roll_n',`first_n`='$first_n',`last_n`='$last_n',`father_n`='$father_n',`mother_n`='$mother_n',
+    `dob_date`='$dob_date',`dob_month`='$dob_m',`dob_year`='$dob_y' where `id`='$up_id'");
+    $wpdb->query($update_query);
+    `dob_date`='$dob_date',`dob_month`='$dob_m',`dob_year`='$dob_y' where `id`='$up_id'"));
     echo "<div class='alert alert-success'>Student Name Updated Successfully</div>";
     echo "<script>setTimeout(location.href='".esc_url(admin_url("admin.php?page=eMarksheet-student-list"))."',6000)</script>";
 …
+{
     $iddelt = $_GET['id'];
+    $delete_query = $wpdb->prepare("delete from `emarksheet_student` where `id`='$iddelt'");
+    $wpdb->query($delete_query);
+    $wpdb->query($wpdb->prepare("delete from `emarksheet_student` where `id`='$iddelt'"));
     echo "<div class='alert alert-success'>Student Name Deleted Successfully</div>";
     echo "<script>setTimeout(location.href='".esc_url(admin_url("admin.php?page=eMarksheet-student-list"))."',6000)</script>";
 …
+{
     $idd = $_GET['id'];
+    $selectd_query = $wpdb->prepare("select * from `emarksheet_student` where `id`='$idd'");
+    $selectd_row =  $wpdb->get_results($selectd_query);
+    $selectd_row =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_student` where `id`='$idd'"));
     $class_ida = $selectd_row[0]->class_id;
     $rollno = $selectd_row[0]->roll_no;
 …
     $dob_m = $selectd_row[0]->dob_month;
     $dob_y = $selectd_row[0]->dob_year;
+    $select_dd = $wpdb->prepare("select * from `emarksheet_class`");
+    $select_data =  $wpdb->get_results($select_dd);
+    $select_data =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class`"));
     ?>
     <form method="post" action="#">
 …
     foreach($select_data as $select_data)
+    {
+        if($select_data->id == $class_ida)
+            echo "<option value='$select_data->id' selected='selected'>$select_data->class_name </option>";
+        else
+            echo "<option value='$select_data->id'>$select_data->sem </option>";
+        if($select_data->id == $class_ida){
+            ?>
+        <option value='<?php echo esc_html($select_data->id); ?>' selected='selected'><?php echo esc_html($select_data->class_name);?> </option>
+        <?php
+        }else
+        ?><option value='<?php echo esc_html($select_data->id);?>'><?php echo esc_html($select_data->sem); ?> </option>
+    <?php
+    }
     ?>
 …
+{
     $class_n = $_POST['class_n'];
+    $select_qury1 = $wpdb->prepare("select * from `emarksheet_class` where `id`='$class_n'");
+    $select_data1 = $wpdb->get_results($select_qury1);
+    $select_data1 = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class` where `id`='$class_n'"));
     $class_name = $select_data1[0]->class_name;
 ?>
 …
 <tr><th>Sr No</th><th>Roll No</th><th>Student Name</th><th>Father's Name</th><th>Mother's Name</th><th>Date Of Birth</th><th>Action</th></tr>
 <?php
+$select_qury2 = $wpdb->prepare("select * from `emarksheet_student` where `class_id`='$class_n'");
+$select_data2 = $wpdb->get_results($select_qury2);
+$select_data2 = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_student` where `class_id`='$class_n'"));
 $i = 1;
 if($select_data2)
 …
         </td><td><?php echo esc_html($select_data2->mother_n); ?></td><td><?php echo esc_html($select_data2->dob_date)."-".esc_html($select_data2->dob_month)."-".esc_html($select_data2->dob_year); ?>
         </td><td> &nbsp;&nbsp;&nbsp;&nbsp;<a href='<?php echo esc_url(admin_url("admin.php?page=eMarksheet-student-list&action=update&id=$select_data2->id"));?>' rel='tooltip' title='update' class='update'>
         <i class='icon-pencil'></i></a> &nbsp;&nbsp; <a href='<?php echo esc_url(admin_url("admin.php?page=eMarksheet-student-list&action=delete&id=$select_data2->id"));?>' onclick='return show_confirm();' rel='tooltip' title='Delete' class='delete'><i class='icon-trash'></i></a></td></tr>";
+        <i class='icon-pencil'></i></a> &nbsp;&nbsp; <a href='<?php echo esc_url(admin_url("admin.php?page=eMarksheet-student-list&action=delete&id=$select_data2->id"));?>' onclick='return show_confirm();' rel='tooltip' title='Delete' class='delete'><i class='icon-trash'></i></a></td></tr>
     <?php
     $i++;
 …
 See the list of Enrolled Students for each Class. First Select the class :
 <?php
+$select_qury = $wpdb->prepare("select * from `emarksheet_class`");
+$select_data = $wpdb->get_results($select_qury);
+$select_data = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class`"));
 ?>
 <form method="post" action="#">
 …
     foreach($select_data as $select_data)
+    {
+        echo "<option value='$select_data->id'>$select_data->class_name </option>";
+        ?>
+        <option value='<?php echo esc_html($select_data->id); ?>'><?php echo esc_html($select_data->class_name);?> </option>
+        <?php
+    }
 ?>

emarksheet/trunk/menu-pages/emark_add_sub.php

-                      r3265606
+                      r3265698
+<!---load bootstrap css----->
+<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <div class='span12' style='margin-top:20px;'>
 …
 if(isset($_POST['add_quiz']))
+{
+    $quiz_n = wp_strip_all_tags($_POST['qz_n']);
+    $sub_id = wp_strip_all_tags($_POST['sub_nm']);
+    $tot_m = wp_strip_all_tags($_POST['tot_m']);
+    $min_pass = wp_strip_all_tags($_POST['min_pass']);
+    $insert_queryr = $wpdb->prepare("insert into `emarksheet_subject`(`id`,`class`,`sub_name`,`min_pass`,`total_marks`) values('','$sub_id','$quiz_n','$min_pass','$tot_m')");
+    $wpdb->query($insert_queryr);
+    $quiz_n = wp_unslash($_POST['qz_n']);
+    $sub_id = wp_unslash($_POST['sub_nm']);
+    $tot_m = wp_unslash($_POST['tot_m']);
+    $min_pass = wp_unslash($_POST['min_pass']);
+    $wpdb->query($wpdb->prepare("insert into `emarksheet_subject`(`id`,`class`,`sub_name`,`min_pass`,`total_marks`) values('','$sub_id','$quiz_n','$min_pass','$tot_m')"));
     echo "<div class='alert alert-success'>Subject Name Added Successfully</div>";
+}
 …
 if(isset($_POST['update_name']))
+{
+    $up_su_n = wp_strip_all_tags($_POST['up_su_n']);
+    $up_su_id = wp_strip_all_tags($_POST['up_id']);
+    $up_su_ss = wp_strip_all_tags($_POST['sub_nm']);
+    $up_su_tm = wp_strip_all_tags($_POST['tot_m']);
+    $up_su_mp = wp_strip_all_tags($_POST['min_pass']);
+    $update_query = $wpdb->prepare("update `emarksheet_subject` set `sub_name`='$up_su_n',`class`='$up_su_ss',`total_marks`='$up_su_tm',`min_pass`='$up_su_mp' where `id`='$up_su_id'");
+    $wpdb->query($update_query);
+    $up_su_n = wp_unslash($_POST['up_su_n']);
+    $up_su_id = wp_unslash($_POST['up_id']);
+    $up_su_ss = wp_unslash($_POST['sub_nm']);
+    $up_su_tm = wp_unslash($_POST['tot_m']);
+    $up_su_mp = wp_unslash($_POST['min_pass']);
+    $wpdb->query($wpdb->prepare("update `emarksheet_subject` set `sub_name`='$up_su_n',`class`='$up_su_ss',`total_marks`='$up_su_tm',`min_pass`='$up_su_mp' where `id`='$up_su_id'"));
     echo "<div class='alert alert-success'>Subject Name Updated Successfully</div>";
     echo "<script>setTimeout(location.href='".esc_url(admin_url("admin.php?page=eMarksheet-subject"))."',6000)</script>";
+}
+$select_qury = "select * from `emarksheet_class`";
+$select_data = $wpdb->get_results($select_qury);
+$select_data = $wpdb->get_results("select * from `emarksheet_class`");
+$select_quiz = "select * from `emarksheet_subject`";
 $select_data_quiz = $wpdb->get_results($select_quiz);
+$select_data_quiz = $wpdb->get_results("select * from `emarksheet_subject`");
 if(isset($_GET['action']))
+{
 …
+    {
         $iddelt = esc_html($_GET['id']);
+        $delete_query = $wpdb->prepare("delete from `emarksheet_subject` where `id`='$iddelt'");
+        $wpdb->query($delete_query);
+        $wpdb->query($wpdb->prepare("delete from `emarksheet_subject` where `id`='$iddelt'"));
         echo "<div class='alert alert-success'>subject Name Deleted Successfully</div>";
         echo "<script>setTimeout(location.href='".esc_url(admin_url("admin.php?page=eMarksheet-subject"))."',6000)</script>";
 …
+    {
         $idd = $_GET['id'];
         $selectd_query = $wpdb->prepare("select * from `emarksheet_subject` where `id`='$idd'");
         $selectd_row =  $wpdb->get_results($selectd_query);
+        $selectd_row =  $wpdb->get_results($wpdb->prepare("select * from `emarksheet_subject` where `id`='$idd'"));
+        //$selectd_row =  $wpdb->get_results($selectd_query);
         $su_n = $selectd_row[0]->sub_name;
         $sub_id = $selectd_row[0]->class;
 …
         foreach($select_data as $select_data)
+        {
+            if($select_data->id == $sub_id)
+                echo "<option value='$select_data->id' selected='selected'>$select_data->class_name </option>";
+            else
+                echo "<option value='$select_data->id'>esc_html($select_data->class_name)</option>";
+        }
+            if($select_data->id == $sub_id){
+                ?><option value='<?php echo esc_html($select_data->id);?>' selected='selected'><?php echo esc_html($select_data->class_name); ?> </option>
+            <?php
+            }else{
+                ?><option value='<?php echo esc_html($select_data->id); ?>'><?php echo esc_html($select_data->class_name); ?></option>
+                <?php
+        }}
         ?>
         </select> &nbsp;&nbsp;&nbsp;&nbsp;
 …
     foreach($select_data_quiz as $select_data_quiz)
+    {
+        $select_sub = $wpdb->prepare("select * from `emarksheet_class` where `id`='$select_data_quiz->class'");
+        $select_sub_quiz = $wpdb->get_results($select_sub);
+            $select_sub_quiz = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class` where `id`='$select_data_quiz->class'"));
         ?>
         <tr><td><?php echo $i; ?></td><td><?php echo esc_html(ucfirst($select_sub_quiz[0]->class_name)); ?></td><td><?php echo esc_html(ucfirst($select_data_quiz->sub_name)); ?></td>
+        <tr><td><?php echo esc_html($i); ?></td><td><?php echo esc_html(ucfirst($select_sub_quiz[0]->class_name)); ?></td><td><?php echo esc_html(ucfirst($select_data_quiz->sub_name)); ?></td>
         <td><?php echo esc_html($select_data_quiz->total_marks);?></td><td><?php echo esc_html($select_data_quiz->min_pass);?></td><td> &nbsp;&nbsp;&nbsp;&nbsp;<a href='<?php echo esc_url("admin.php?page=eMarksheet-subject&action=update&id=$select_data_quiz->id");?>' rel='tooltip' title='update' class='update'><i class='icon-pencil'></i></a> &nbsp;&nbsp; <a href='<?php echo esc_url("admin.php?page=eMarksheet-subject&action=delete&id=$select_data_quiz->id");?>' onclick='return show_confirm();' rel='tooltip' title='Delete' class='delete'><i class='icon-trash'></i></a></td></tr>
         <?php

emarksheet/trunk/menu-pages/help.php

r3265541	r3265698
1		<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
2		<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap-responsive.css', __FILE__)); ?>' />
	1
3	2	<div class=" span12 alert alert-info" style="margin-top:20px;">
4	3	<h3>Help & Support</h3>

emarksheet/trunk/menu-pages/print.php

-                      r3265646
+                      r3265698
+<!---load bootstrap css----->
+<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <style>
 #print {
 …
 if(isset($_GET['action']))
+{
+    $sett = $wpdb->prepare("select * from `emarksheet_setting`");
+    $get_s = $wpdb->get_results($sett);
+    $get_s = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_setting`"));
     $sid = $_GET['id'];
+    $get_m = $wpdb->prepare("select * from `emarksheet_marks` where `student_id` = '$sid'");
+    $get_st_l = $wpdb->get_results($get_m);
+    $get_st_l = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_marks` where `student_id` = '$sid'"));
     $gee_cl = $get_st_l[0]->class_id;
 …
     $count = count($marks)/2;
+    $select_qury5 = $wpdb->prepare("select * from `emarksheet_student` where `id`='$sid'");
+    $select_data5 = $wpdb->get_results($select_qury5);
+    $select_data5 = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_student` where `id`='$sid'"));
+    $get_cl_l = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_subject` where `class` = '$gee_cl'"));
+    $get_class_l = $wpdb->prepare("select * from `emarksheet_subject` where `class` = '$gee_cl'");
+    $get_cl_l = $wpdb->get_results($get_class_l);
+    $get_cl_li = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_class` where `id` = '$gee_cl'"));
-    $get_class_li = $wpdb->prepare("select * from `emarksheet_class` where `id` = '$gee_cl'");
-    $get_cl_li = $wpdb->get_results($get_class_li);
     echo "<div class='print' id='print'><center><h1>".esc_html($get_s[0]->school_name)."</h1></center><center><div style='font-size:18px;'>".esc_html($get_s[0]->address)." , ".esc_html($get_s[0]->district)." ( ". esc_html($get_s[0]->state) ." ) "."<br/><br/>PROGRESS REPORT</div></center><br/><br/>";
 …
+            {
                 $fails = '0';
+                $fail2 = '0';
+            }
             ?>
 …
+{
     $class_n = $_POST['class_n'];
+    $select_qury1 = "select * from `emarksheet_class` where `id`='$class_n'";
+    $select_data1 = $wpdb->get_results($select_qury1);
+    $select_data1 = $wpdb->get_results("select * from `emarksheet_class` where `id`='$class_n'");
     $class_name = $select_data1[0]->class_name;
 ?>
 …
 <tr><th>Sr No</th><th>Roll No</th><th>Student Name</th><th>Father's Name</th><th>Mother's Name</th><th>Date Of Birth</th><th>Action</th></tr>
 <?php
+$select_qury2 = "select * from `emarksheet_student` where `class_id`='$class_n'";
+$select_data2 = $wpdb->get_results($select_qury2);
+$select_data2 = $wpdb->get_results("select * from `emarksheet_student` where `class_id`='$class_n'");
 $i = 1;
 if($select_data2)
 …
 To Print the marksheet of the student, Please First Select the class :
 <?php
+$select_qury = "select * from `emarksheet_class`";
+$select_data = $wpdb->get_results($select_qury);
+$select_data = $wpdb->get_results("select * from `emarksheet_class`");
 ?>
 <form method="post" action="#">

emarksheet/trunk/menu-pages/settings.php

-                      r3265638
+                      r3265698
+<!---load bootstrap css----->
+<link rel='stylesheet' type='text/css' href='<?php echo esc_url(plugins_url('/bootstrap/css/bootstrap.css', __FILE__)); ?>' />
 <br/><br/>
 <?php
 …
 if(isset($_POST['save']))
+{
+    $name_sc = strip_tags($_POST['sch_name']);
+    $address = strip_tags($_POST['address']);
+    $district = strip_tags($_POST['district']);
+    $state = strip_tags($_POST['state']);
+    $phone_n  = strip_tags($_POST['phone_n']);
+    $principal = strip_tags($_POST['principle']);
+    $insert_q = $wpdb->prepare("insert into `emarksheet_setting`(`id`,`school_name`,`address`,`district`,`state`,`phone`,`name_of_principal`) values('','$name_sc','$address','$district','$state','$phone_n','$principal')");
+    $wpdb->query($insert_q);
+    $name_sc = wp_unslash($_POST['sch_name']);
+    $address = wp_unslash($_POST['address']);
+    $district = wp_unslash($_POST['district']);
+    $state = wp_unslash($_POST['state']);
+    $phone_n  = wp_unslash($_POST['phone_n']);
+    $principal = wp_unslash($_POST['principle']);
+    $wpdb->query($wpdb->prepare("insert into `emarksheet_setting`(`id`,`school_name`,`address`,`district`,`state`,`phone`,`name_of_principal`) values('','$name_sc','$address','$district','$state','$phone_n','$principal')"));
     echo "<div class='alert alert-success'>Settins Saved Successfully !!! </div>";
+}
+$select = $wpdb->prepare("select * from `emarksheet_setting` ORDER BY `id` DESC limit 1");
+$get_r = $wpdb->get_results($select);
+$get_r = $wpdb->get_results($wpdb->prepare("select * from `emarksheet_setting` ORDER BY `id` DESC limit 1"));
 ?>
 <form method="post" action="#">

emarksheet/trunk/menu-pages/uninstall.php

-                      r958028
+                      r3265698
+{
     global $wpdb;
+    $query1 = "DROP table `emarksheet_class`";
+    $wpdb->query($query1);
+    $wpdb->query("DROP table `emarksheet_class`");
+    $query = "DROP table `emarksheet_marks`";
+    $wpdb->query($query);
+    $wpdb->query("DROP table `emarksheet_marks`");
+    $query2 = "DROP table `emarksheet_setting`";
+    $wpdb->query($query2);
+    $query3 = "DROP table `emarksheet_student`";
+    $wpdb->query($query3);
+    $wpdb->query("DROP table `emarksheet_setting`");
+    $query4 = "DROP table `emarksheet_subject`";
+    $wpdb->query($query4);
+    $wpdb->query("DROP table `emarksheet_student`");
+    $wpdb->query("DROP table `emarksheet_subject`");
     $plugin = "eMarksheet/emarksheet.php";

emarksheet/trunk/readme.txt

-                      r3265541
+                      r3265698
 Requires at least: 4.1
 Tested up to: 6.7.2
 Stable tag: 5.4.3
+Stable tag: 5.4.4
 == Short Description ==
 …
 =5.4.0=
 XSS Vulnerability resolved
+=5.4.4=
+XSS Vulnerability resolved

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory