Changeset 3346110
- Timestamp:
- 08/18/2025 04:59:44 AM (7 months ago)
- Location:
- social-post-flow
- Files:
-
- 8 edited
- 1 copied
-
tags/1.0.3 (copied) (copied from social-post-flow/trunk)
-
tags/1.0.3/includes/class-social-post-flow-log-table.php (modified) (4 diffs)
-
tags/1.0.3/includes/class-social-post-flow-log.php (modified) (4 diffs)
-
tags/1.0.3/readme.txt (modified) (3 diffs)
-
tags/1.0.3/social-post-flow.php (modified) (2 diffs)
-
trunk/includes/class-social-post-flow-log-table.php (modified) (4 diffs)
-
trunk/includes/class-social-post-flow-log.php (modified) (4 diffs)
-
trunk/readme.txt (modified) (3 diffs)
-
trunk/social-post-flow.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
social-post-flow/tags/1.0.3/includes/class-social-post-flow-log-table.php
r3344663 r3346110 148 148 public function search_box( $text, $input_id ) { 149 149 150 // Build default values for filters. 151 $filters_values = array(); 152 foreach ( social_post_flow()->get_class( 'common' )->get_log_filters() as $filter ) { 153 $filters_values[ $filter ] = false; 154 } 155 156 // If a nonce is present, read the request. 157 if ( isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) { 158 foreach ( social_post_flow()->get_class( 'common' )->get_log_filters() as $filter ) { 159 if ( ! array_key_exists( $filter, $_REQUEST ) ) { 160 continue; 161 } 162 $filters_values[ $filter ] = sanitize_text_field( wp_unslash( $_REQUEST[ $filter ] ) ); 163 } 164 } 165 150 166 $input_id = $input_id . '-search-input'; 151 167 152 168 // Preserve Filters by storing any defined as hidden form values. 153 169 foreach ( social_post_flow()->get_class( 'common' )->get_log_filters() as $filter ) { 154 $filter_value = filter_input( INPUT_GET, $filter, FILTER_SANITIZE_FULL_SPECIAL_CHARS ); 155 if ( $filter_value !== false ) { 170 if ( $filters_values[ $filter ] !== false ) { 156 171 ?> 157 <input type="hidden" name="<?php echo esc_attr( $filter ); ?>" value="<?php echo esc_attr( $filter _value); ?>" />172 <input type="hidden" name="<?php echo esc_attr( $filter ); ?>" value="<?php echo esc_attr( $filters_values[ $filter ] ); ?>" /> 158 173 <?php 159 174 } … … 527 542 private function get_order_by() { 528 543 529 // Bail if nonce is not valid.530 if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) {544 // Don't nonce check because order by may not include a nonce if no search performed. 545 if ( ! filter_has_var( INPUT_GET, 'orderby' ) ) { 531 546 return 'request_sent'; 532 547 } 533 548 534 if ( ! array_key_exists( 'order_by', $_REQUEST ) ) { 535 return 'request_sent'; 536 } 537 538 return sanitize_text_field( wp_unslash( $_REQUEST['order_by'] ) ); 549 return filter_input( INPUT_GET, 'orderby', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); 539 550 540 551 } … … 549 560 private function get_order() { 550 561 551 // Bail if nonce is not valid.552 if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) {562 // Don't nonce check because order may not include a nonce if no search performed. 563 if ( ! filter_has_var( INPUT_GET, 'order' ) ) { 553 564 return 'DESC'; 554 565 } 555 566 556 if ( ! array_key_exists( 'order', $_REQUEST ) ) { 557 return 'DESC'; 558 } 559 560 return sanitize_text_field( wp_unslash( $_REQUEST['order'] ) ); 567 return filter_input( INPUT_GET, 'order', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); 561 568 562 569 } … … 571 578 private function get_page() { 572 579 573 // Bail if nonce is not valid.574 if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) {580 // Don't nonce check because pagination may not include a nonce if no search performed. 581 if ( ! filter_has_var( INPUT_GET, 'paged' ) ) { 575 582 return 1; 576 583 } 577 584 578 if ( ! array_key_exists( 'paged', $_REQUEST ) ) { 579 return 1; 580 } 581 582 return absint( wp_unslash( $_REQUEST['paged'] ) ); 585 return absint( filter_input( INPUT_GET, 'paged', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ); 583 586 584 587 } -
social-post-flow/tags/1.0.3/includes/class-social-post-flow-log.php
r3344663 r3346110 627 627 $order_by 628 628 ); 629 $query .= ' ' . $order;629 $query .= ' ' . ( strtolower( $order ) === 'asc' ? 'ASC' : 'DESC' ); 630 630 631 631 // Limit. … … 686 686 private function build_where_clause( $params ) { 687 687 688 global $wpdb; 689 688 690 // Bail if no params. 689 691 if ( ! $params ) { … … 703 705 switch ( $key ) { 704 706 case 'post_title': 705 $where[] = '(' . $key . " LIKE '%" . $value . "%' OR status_text LIKE '%" . $value . "%' OR result_message LIKE '%" . $value . "%')"; 707 $where[] = $wpdb->prepare( 708 '(%i LIKE %s OR status_text LIKE %s OR result_message LIKE %s)', 709 $key, 710 '%' . $wpdb->esc_like( $value ) . '%', 711 '%' . $wpdb->esc_like( $value ) . '%', 712 '%' . $wpdb->esc_like( $value ) . '%' 713 ); 706 714 break; 707 715 708 716 case 'request_sent_start_date': 709 717 if ( ! empty( $params['request_sent_end_date'] ) && $params['request_sent_start_date'] > $params['request_sent_end_date'] ) { 710 $where[] = "request_sent <= '" . $value . " 23:59:59'"; 718 $where[] = $wpdb->prepare( 719 'request_sent <= %s', 720 $value . ' 23:59:59' 721 ); 711 722 } else { 712 $where[] = "request_sent >= '" . $value . " 00:00:00'"; 723 $where[] = $wpdb->prepare( 724 'request_sent >= %s', 725 $value . ' 00:00:00' 726 ); 713 727 } 714 728 break; … … 716 730 case 'request_sent_end_date': 717 731 if ( ! empty( $params['request_sent_start_date'] ) && $params['request_sent_start_date'] > $params['request_sent_end_date'] ) { 718 $where[] = "request_sent >= '" . $value . " 00:00:00'"; 732 $where[] = $wpdb->prepare( 733 'request_sent >= %s', 734 $value . ' 00:00:00' 735 ); 719 736 } else { 720 $where[] = "request_sent <= '" . $value . " 23:59:59'"; 737 $where[] = $wpdb->prepare( 738 'request_sent <= %s', 739 $value . ' 23:59:59' 740 ); 721 741 } 722 742 break; 723 743 724 /**725 * Post Title726 */727 case 'post_title':728 $where[] = $key . " LIKE '%" . $value . "%'";729 break;730 731 744 default: 732 $where[] = $key . " = '" . $value . "'"; 745 $where[] = $wpdb->prepare( 746 '%i = %s', 747 $key, 748 $value 749 ); 733 750 break; 734 751 } -
social-post-flow/tags/1.0.3/readme.txt
r3345152 r3346110 1 1 === Auto Post, Auto Publish and Schedule to Social Media - Social Post Flow === 2 Contributors: socialpostflow 2 Contributors: socialpostflow,wpzinc 3 3 Donate link: https://www.socialpostflow.com/integrations/wordpress 4 4 Tags: auto post, auto publish, social media scheduling, social media automation … … 6 6 Tested up to: 6.8 7 7 Requires PHP: 7.4 8 Stable tag: 1.0. 28 Stable tag: 1.0.3 9 9 License: GPLv3 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-3.0.html … … 154 154 == Changelog == 155 155 156 = 1.0.3 (2025-08-18) = 157 * Fix: Logs: Use nonce for <select> filter dropdowns 158 * Fix: Logs: Honor order by column 159 * Fix: Logs: Honor ordering results when no search performed 160 * Fix: Logs: Escape where clause when filtering and searching logs 161 156 162 = 1.0.2 (2025-08-15) = 157 163 * Fix: Status: Link: Honor value in Link field, instead of always using the Post's URL -
social-post-flow/tags/1.0.3/social-post-flow.php
r3345152 r3346110 9 9 * Plugin Name: Social Post Flow 10 10 * Plugin URI: http://www.socialpostflow.com/integrations/wordpress 11 * Version: 1.0. 211 * Version: 1.0.3 12 12 * Author: Social Post Flow 13 13 * Author URI: http://www.socialpostflow.com … … 28 28 29 29 // Define Plugin version and build date. 30 define( 'SOCIAL_POST_FLOW_PLUGIN_VERSION', '1.0. 2' );31 define( 'SOCIAL_POST_FLOW_PLUGIN_BUILD_DATE', '2025-08-1 518:00:00' );30 define( 'SOCIAL_POST_FLOW_PLUGIN_VERSION', '1.0.3' ); 31 define( 'SOCIAL_POST_FLOW_PLUGIN_BUILD_DATE', '2025-08-18 18:00:00' ); 32 32 33 33 // Define Plugin paths. -
social-post-flow/trunk/includes/class-social-post-flow-log-table.php
r3344663 r3346110 148 148 public function search_box( $text, $input_id ) { 149 149 150 // Build default values for filters. 151 $filters_values = array(); 152 foreach ( social_post_flow()->get_class( 'common' )->get_log_filters() as $filter ) { 153 $filters_values[ $filter ] = false; 154 } 155 156 // If a nonce is present, read the request. 157 if ( isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) { 158 foreach ( social_post_flow()->get_class( 'common' )->get_log_filters() as $filter ) { 159 if ( ! array_key_exists( $filter, $_REQUEST ) ) { 160 continue; 161 } 162 $filters_values[ $filter ] = sanitize_text_field( wp_unslash( $_REQUEST[ $filter ] ) ); 163 } 164 } 165 150 166 $input_id = $input_id . '-search-input'; 151 167 152 168 // Preserve Filters by storing any defined as hidden form values. 153 169 foreach ( social_post_flow()->get_class( 'common' )->get_log_filters() as $filter ) { 154 $filter_value = filter_input( INPUT_GET, $filter, FILTER_SANITIZE_FULL_SPECIAL_CHARS ); 155 if ( $filter_value !== false ) { 170 if ( $filters_values[ $filter ] !== false ) { 156 171 ?> 157 <input type="hidden" name="<?php echo esc_attr( $filter ); ?>" value="<?php echo esc_attr( $filter _value); ?>" />172 <input type="hidden" name="<?php echo esc_attr( $filter ); ?>" value="<?php echo esc_attr( $filters_values[ $filter ] ); ?>" /> 158 173 <?php 159 174 } … … 527 542 private function get_order_by() { 528 543 529 // Bail if nonce is not valid.530 if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) {544 // Don't nonce check because order by may not include a nonce if no search performed. 545 if ( ! filter_has_var( INPUT_GET, 'orderby' ) ) { 531 546 return 'request_sent'; 532 547 } 533 548 534 if ( ! array_key_exists( 'order_by', $_REQUEST ) ) { 535 return 'request_sent'; 536 } 537 538 return sanitize_text_field( wp_unslash( $_REQUEST['order_by'] ) ); 549 return filter_input( INPUT_GET, 'orderby', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); 539 550 540 551 } … … 549 560 private function get_order() { 550 561 551 // Bail if nonce is not valid.552 if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) {562 // Don't nonce check because order may not include a nonce if no search performed. 563 if ( ! filter_has_var( INPUT_GET, 'order' ) ) { 553 564 return 'DESC'; 554 565 } 555 566 556 if ( ! array_key_exists( 'order', $_REQUEST ) ) { 557 return 'DESC'; 558 } 559 560 return sanitize_text_field( wp_unslash( $_REQUEST['order'] ) ); 567 return filter_input( INPUT_GET, 'order', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); 561 568 562 569 } … … 571 578 private function get_page() { 572 579 573 // Bail if nonce is not valid.574 if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bulk-social-post-flow-log' ) ) {580 // Don't nonce check because pagination may not include a nonce if no search performed. 581 if ( ! filter_has_var( INPUT_GET, 'paged' ) ) { 575 582 return 1; 576 583 } 577 584 578 if ( ! array_key_exists( 'paged', $_REQUEST ) ) { 579 return 1; 580 } 581 582 return absint( wp_unslash( $_REQUEST['paged'] ) ); 585 return absint( filter_input( INPUT_GET, 'paged', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ); 583 586 584 587 } -
social-post-flow/trunk/includes/class-social-post-flow-log.php
r3344663 r3346110 627 627 $order_by 628 628 ); 629 $query .= ' ' . $order;629 $query .= ' ' . ( strtolower( $order ) === 'asc' ? 'ASC' : 'DESC' ); 630 630 631 631 // Limit. … … 686 686 private function build_where_clause( $params ) { 687 687 688 global $wpdb; 689 688 690 // Bail if no params. 689 691 if ( ! $params ) { … … 703 705 switch ( $key ) { 704 706 case 'post_title': 705 $where[] = '(' . $key . " LIKE '%" . $value . "%' OR status_text LIKE '%" . $value . "%' OR result_message LIKE '%" . $value . "%')"; 707 $where[] = $wpdb->prepare( 708 '(%i LIKE %s OR status_text LIKE %s OR result_message LIKE %s)', 709 $key, 710 '%' . $wpdb->esc_like( $value ) . '%', 711 '%' . $wpdb->esc_like( $value ) . '%', 712 '%' . $wpdb->esc_like( $value ) . '%' 713 ); 706 714 break; 707 715 708 716 case 'request_sent_start_date': 709 717 if ( ! empty( $params['request_sent_end_date'] ) && $params['request_sent_start_date'] > $params['request_sent_end_date'] ) { 710 $where[] = "request_sent <= '" . $value . " 23:59:59'"; 718 $where[] = $wpdb->prepare( 719 'request_sent <= %s', 720 $value . ' 23:59:59' 721 ); 711 722 } else { 712 $where[] = "request_sent >= '" . $value . " 00:00:00'"; 723 $where[] = $wpdb->prepare( 724 'request_sent >= %s', 725 $value . ' 00:00:00' 726 ); 713 727 } 714 728 break; … … 716 730 case 'request_sent_end_date': 717 731 if ( ! empty( $params['request_sent_start_date'] ) && $params['request_sent_start_date'] > $params['request_sent_end_date'] ) { 718 $where[] = "request_sent >= '" . $value . " 00:00:00'"; 732 $where[] = $wpdb->prepare( 733 'request_sent >= %s', 734 $value . ' 00:00:00' 735 ); 719 736 } else { 720 $where[] = "request_sent <= '" . $value . " 23:59:59'"; 737 $where[] = $wpdb->prepare( 738 'request_sent <= %s', 739 $value . ' 23:59:59' 740 ); 721 741 } 722 742 break; 723 743 724 /**725 * Post Title726 */727 case 'post_title':728 $where[] = $key . " LIKE '%" . $value . "%'";729 break;730 731 744 default: 732 $where[] = $key . " = '" . $value . "'"; 745 $where[] = $wpdb->prepare( 746 '%i = %s', 747 $key, 748 $value 749 ); 733 750 break; 734 751 } -
social-post-flow/trunk/readme.txt
r3345152 r3346110 1 1 === Auto Post, Auto Publish and Schedule to Social Media - Social Post Flow === 2 Contributors: socialpostflow 2 Contributors: socialpostflow,wpzinc 3 3 Donate link: https://www.socialpostflow.com/integrations/wordpress 4 4 Tags: auto post, auto publish, social media scheduling, social media automation … … 6 6 Tested up to: 6.8 7 7 Requires PHP: 7.4 8 Stable tag: 1.0. 28 Stable tag: 1.0.3 9 9 License: GPLv3 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-3.0.html … … 154 154 == Changelog == 155 155 156 = 1.0.3 (2025-08-18) = 157 * Fix: Logs: Use nonce for <select> filter dropdowns 158 * Fix: Logs: Honor order by column 159 * Fix: Logs: Honor ordering results when no search performed 160 * Fix: Logs: Escape where clause when filtering and searching logs 161 156 162 = 1.0.2 (2025-08-15) = 157 163 * Fix: Status: Link: Honor value in Link field, instead of always using the Post's URL -
social-post-flow/trunk/social-post-flow.php
r3345152 r3346110 9 9 * Plugin Name: Social Post Flow 10 10 * Plugin URI: http://www.socialpostflow.com/integrations/wordpress 11 * Version: 1.0. 211 * Version: 1.0.3 12 12 * Author: Social Post Flow 13 13 * Author URI: http://www.socialpostflow.com … … 28 28 29 29 // Define Plugin version and build date. 30 define( 'SOCIAL_POST_FLOW_PLUGIN_VERSION', '1.0. 2' );31 define( 'SOCIAL_POST_FLOW_PLUGIN_BUILD_DATE', '2025-08-1 518:00:00' );30 define( 'SOCIAL_POST_FLOW_PLUGIN_VERSION', '1.0.3' ); 31 define( 'SOCIAL_POST_FLOW_PLUGIN_BUILD_DATE', '2025-08-18 18:00:00' ); 32 32 33 33 // Define Plugin paths.
Note: See TracChangeset
for help on using the changeset viewer.