Changeset 3379088
- Timestamp:
- 10/15/2025 06:42:48 PM (5 months ago)
- Location:
- w3swoozoho/trunk
- Files:
-
- 6 edited
-
inc/Admin.php (modified) (1 diff)
-
inc/Admin/Settings/Authorize.php (modified) (3 diffs)
-
inc/Zoho/Auth/CRMOAuthPersistence.php (modified) (3 diffs)
-
inc/Zoho/Settings_API.php (modified) (33 diffs)
-
lib/class-tgm-plugin-activation.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
w3swoozoho/trunk/inc/Admin.php
r3154946 r3379088 70 70 'updating' => __( 'Updating Plugin: %s', 'w3swoozoho' ), 71 71 'oops' => __( 'Something went wrong with the plugin API.', 'w3swoozoho' ), 72 /* translators: 1: plugin name(s). */ 72 73 'notice_can_install_required' => _n_noop( 73 /* translators: 1: plugin name(s). */74 74 'This theme requires the following plugin: %1$s.', 75 75 'This theme requires the following plugins: %1$s.', 76 76 'w3swoozoho' 77 77 ), 78 /* translators: 1: plugin name(s). */ 78 79 'notice_can_install_recommended' => _n_noop( 79 /* translators: 1: plugin name(s). */80 80 'This theme recommends the following plugin: %1$s.', 81 81 'This theme recommends the following plugins: %1$s.', 82 82 'w3swoozoho' 83 83 ), 84 /* translators: 1: plugin name(s). */ 84 85 'notice_ask_to_update' => _n_noop( 85 /* translators: 1: plugin name(s). */86 86 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 87 87 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.', 88 88 'w3swoozoho' 89 89 ), 90 /* translators: 1: plugin name(s). */ 90 91 'notice_ask_to_update_maybe' => _n_noop( 91 /* translators: 1: plugin name(s). */92 92 'There is an update available for: %1$s.', 93 93 'There are updates available for the following plugins: %1$s.', 94 94 'w3swoozoho' 95 95 ), 96 /* translators: 1: plugin name(s). */ 96 97 'notice_can_activate_required' => _n_noop( 97 /* translators: 1: plugin name(s). */98 98 'The following required plugin is currently inactive: %1$s.', 99 99 'The following required plugins are currently inactive: %1$s.', 100 100 'w3swoozoho' 101 101 ), 102 /* translators: 1: plugin name(s). */ 102 103 'notice_can_activate_recommended' => _n_noop( 103 /* translators: 1: plugin name(s). */104 104 'The following recommended plugin is currently inactive: %1$s.', 105 105 'The following recommended plugins are currently inactive: %1$s.', -
w3swoozoho/trunk/inc/Admin/Settings/Authorize.php
r3154946 r3379088 34 34 return; 35 35 } 36 36 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 37 37 if ( ! isset( $_GET['code'] ) || ! isset( $_GET['accounts-server'] ) ) { 38 38 return; … … 42 42 $upload_dir = trailingslashit( $upload['basedir'] ); 43 43 $log = $upload_dir . 'ZCRMClientLibrary.log'; 44 $code = sanitize_text_field( $_GET['code'] );45 44 $redirect_url = admin_url( 'admin.php?page=w3swoozoho_settings' ); 46 $account_url = esc_url( $_GET['accounts-server'] ); 47 $server_location = sanitize_text_field( $_GET['location'] ); 45 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 46 $code = sanitize_text_field( wp_unslash( $_GET['code'] ) ); 47 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 48 $accounts_server = esc_url_raw( wp_unslash( $_GET['accounts-server'] ) ); 49 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 50 $server_location = isset( $_GET['location'] ) ? sanitize_text_field( wp_unslash( $_GET['location'] ) ) : ''; 48 51 $reflector = new \ReflectionClass( CRMOAuthPersistence::class ); 49 52 $auth_class_path = $reflector->getFileName(); 50 53 51 if ( ! file_exists( $log ) ) { 52 touch( $log ); 54 require_once ABSPATH . 'wp-admin/includes/file.php'; 55 WP_Filesystem(); 56 global $wp_filesystem; 57 58 // Create the log file if it doesn’t exist. 59 if ( ! $wp_filesystem->exists( $log ) ) { 60 $wp_filesystem->put_contents( $log, '', FS_CHMOD_FILE ); 61 } else { 62 // WordPress 6.2+ supports touch() through WP_Filesystem_Direct. 63 if ( method_exists( $wp_filesystem, 'touch' ) ) { 64 $wp_filesystem->touch( $log ); 65 } 53 66 } 54 67 68 55 69 switch ( $server_location ) { 56 70 case 'us': … … 107 121 */ 108 122 public function show_notice() { 123 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 109 124 if ( ! isset( $_GET['authorized'] ) ) { 110 125 return; 111 126 } 127 // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.MissingUnslash 112 128 if ( sanitize_text_field( $_GET['authorized'] ) == 'true' ) { 113 129 Notice::success( 'Authorization Successful! ' ); -
w3swoozoho/trunk/inc/Zoho/Auth/CRMOAuthPersistence.php
r3154946 r3379088 27 27 self::deleteOAuthTokens( $zohoOAuthTokens->getUserEmailId() ); 28 28 29 $inserted = $wpdb->insert( 30 $wpdb->prefix . 'w3swoozoho_auths', 31 array( 32 'useridentifier' => $zohoOAuthTokens->getUserEmailId(), 33 'accesstoken' => $zohoOAuthTokens->getAccessToken(), 34 'refreshtoken' => $zohoOAuthTokens->getRefreshToken(), 35 'expirytime' => $zohoOAuthTokens->getExpiryTime(), 36 ), 37 array( 38 '%s', 39 '%s', 40 '%s', 41 '%d', 42 ) 43 ); 29 30 $inserted = $wpdb->insert( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 31 $wpdb->prefix . 'w3swoozoho_auths', 32 array( 33 'useridentifier' => sanitize_email( $zohoOAuthTokens->getUserEmailId() ), 34 'accesstoken' => sanitize_text_field( $zohoOAuthTokens->getAccessToken() ), 35 'refreshtoken' => sanitize_text_field( $zohoOAuthTokens->getRefreshToken() ), 36 'expirytime' => absint( $zohoOAuthTokens->getExpiryTime() ), 37 ), 38 array( 39 '%s', 40 '%s', 41 '%s', 42 '%d', 43 ) 44 ); 44 45 45 46 if ( ! $inserted ) { … … 64 65 $o_auth_tokens = new ZohoOAuthTokens(); 65 66 try { 66 $result_array = $wpdb->get_results( 67 $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}w3swoozoho_auths WHERE useridentifier=%s", $userEmailId ) 67 $result_array = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 68 $wpdb->prepare( 69 "SELECT * FROM {$wpdb->prefix}w3swoozoho_auths WHERE useridentifier = %s", 70 $userEmailId 71 ) 68 72 ); 73 69 74 if ( ! $result_array ) { 70 75 Logger::severe( 'Getting result set failed:' ); … … 93 98 global $wpdb; 94 99 try { 95 $deleted = $wpdb->delete( 100 $deleted = $wpdb->delete( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 96 101 $wpdb->prefix . 'w3swoozoho_auths', 97 102 array( 'useridentifier' => $userEmailId ), -
w3swoozoho/trunk/inc/Zoho/Settings_API.php
r3154946 r3379088 7 7 */ 8 8 class Settings_API { 9 10 9 /** 11 10 * settings sections array … … 101 100 if ( isset( $section['desc'] ) && ! empty( $section['desc'] ) ) { 102 101 $section['desc'] = '<div class="inside">' . $section['desc'] . '</div>'; 103 $callback = function() use ( $section ) { 104 echo str_replace( '"', '\"', $section['desc'] ); 102 103 $callback = function() use ( $section ) { 104 echo wp_kses_post( $section['desc'] ); 105 105 }; 106 106 } elseif ( isset( $section['callback'] ) ) { … … 116 116 foreach ( $this->settings_fields as $section => $field ) { 117 117 foreach ( $field as $option ) { 118 119 118 $name = $option['name']; 120 119 $type = isset( $option['type'] ) ? $option['type'] : 'text'; … … 171 170 */ 172 171 function callback_text( $args ) { 173 172 // Escape attributes 174 173 $value = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 175 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : 'regular'; 176 $type = isset( $args['type'] ) ? $args['type'] : 'text'; 177 $placeholder = empty( $args['placeholder'] ) ? '' : ' placeholder="' . $args['placeholder'] . '"'; 178 179 $html = sprintf( '<input type="%1$s" class="%2$s-text" id="%3$s[%4$s]" name="%3$s[%4$s]" value="%5$s"%6$s/>', $type, $size, $args['section'], $args['id'], $value, $placeholder ); 180 $html .= $this->get_field_description( $args ); 181 182 echo $html; 174 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? esc_attr( $args['size'] ) : 'regular'; 175 $type = isset( $args['type'] ) ? esc_attr( $args['type'] ) : 'text'; 176 $section = esc_attr( $args['section'] ); 177 $id = esc_attr( $args['id'] ); 178 $placeholder = empty( $args['placeholder'] ) ? '' : ' placeholder="' . esc_attr( $args['placeholder'] ) . '"'; 179 180 printf( 181 '<input type="%1$s" class="%2$s-text" id="%3$s[%4$s]" name="%3$s[%4$s]" value="%5$s"%6$s/>%7$s', 182 esc_attr( $type ), 183 esc_attr( $size ), 184 esc_attr( $section ), 185 esc_attr( $id ), 186 esc_attr( $value ), 187 esc_attr($placeholder), 188 wp_kses_post( $this->get_field_description( $args ) ) 189 ); 190 183 191 } 184 192 … … 206 214 $step = ( $args['step'] == '' ) ? '' : ' step="' . $args['step'] . '"'; 207 215 208 $html = sprintf( '<input type="%1$s" class="%2$s-number" id="%3$s[%4$s]" name="%3$s[%4$s]" value="%5$s"%6$s%7$s%8$s%9$s/>', $type, $size, $args['section'], $args['id'], $value, $placeholder, $min, $max, $step ); 209 $html .= $this->get_field_description( $args ); 210 211 echo $html; 216 // Output directly with escaping 217 printf( 218 '<input type="%1$s" class="%2$s-number" id="%3$s[%4$s]" name="%3$s[%4$s]" value="%5$s"%6$s%7$s%8$s%9$s/>%10$s', 219 esc_attr($type), 220 esc_attr($size), 221 esc_attr($section), 222 esc_attr($id), 223 esc_attr($value), 224 esc_attr($placeholder), 225 esc_attr($min), 226 esc_attr($max), 227 esc_attr($step), 228 wp_kses_post( $this->get_field_description( $args ) ) 229 ); 212 230 } 213 231 … … 218 236 */ 219 237 function callback_checkbox( $args ) { 220 221 238 $value = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 222 239 … … 227 244 $html .= sprintf( '%1$s</label>', $args['desc'] ); 228 245 $html .= '</fieldset>'; 229 246 247 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 230 248 echo $html; 231 249 } … … 237 255 */ 238 256 function callback_multicheck( $args ) { 239 240 257 $value = $this->get_option( $args['id'], $args['section'], $args['std'] ); 241 258 $html = '<fieldset>'; … … 250 267 $html .= $this->get_field_description( $args ); 251 268 $html .= '</fieldset>'; 252 269 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 253 270 echo $html; 254 271 } … … 260 277 */ 261 278 function callback_radio( $args ) { 262 263 279 $value = $this->get_option( $args['id'], $args['section'], $args['std'] ); 264 280 $html = '<fieldset>'; … … 272 288 $html .= $this->get_field_description( $args ); 273 289 $html .= '</fieldset>'; 274 290 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 275 291 echo $html; 276 292 } … … 282 298 */ 283 299 function callback_select( $args ) { 284 285 300 $value = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 286 301 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : 'regular'; … … 293 308 $html .= sprintf( '</select>' ); 294 309 $html .= $this->get_field_description( $args ); 295 310 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 296 311 echo $html; 297 312 } … … 303 318 */ 304 319 function callback_textarea( $args ) { 305 306 320 $value = esc_textarea( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 307 321 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : 'regular'; … … 310 324 $html = sprintf( '<textarea rows="5" cols="55" class="%1$s-text" id="%2$s[%3$s]" name="%2$s[%3$s]"%4$s>%5$s</textarea>', $size, $args['section'], $args['id'], $placeholder, $value ); 311 325 $html .= $this->get_field_description( $args ); 312 326 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 313 327 echo $html; 314 328 } … … 321 335 */ 322 336 function callback_html( $args ) { 337 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 323 338 echo $this->get_field_description( $args ); 324 339 } … … 330 345 */ 331 346 function callback_wysiwyg( $args ) { 332 333 347 $value = $this->get_option( $args['id'], $args['section'], $args['std'] ); 334 348 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : '500px'; 335 349 336 echo '<div style="max-width: ' . $size. ';">';350 echo '<div style="max-width: ' . esc_attr($size) . ';">'; 337 351 338 352 $editor_settings = array( … … 349 363 350 364 echo '</div>'; 351 365 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 352 366 echo $this->get_field_description( $args ); 353 367 } … … 359 373 */ 360 374 function callback_file( $args ) { 361 362 375 $value = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 363 376 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : 'regular'; 364 377 $id = $args['section'] . '[' . $args['id'] . ']'; 365 $label = isset( $args['options']['button_label'] ) ? $args['options']['button_label'] : __( 'Choose File');378 $label = isset( $args['options']['button_label'] ) ? $args['options']['button_label'] : __('Choose File', 'w3swoozoho'); 366 379 367 380 $html = sprintf( '<input type="text" class="%1$s-text wpsa-url" id="%2$s[%3$s]" name="%2$s[%3$s]" value="%4$s"/>', $size, $args['section'], $args['id'], $value ); 368 381 $html .= '<input type="button" class="button wpsa-browse" value="' . $label . '" />'; 369 382 $html .= $this->get_field_description( $args ); 370 383 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 371 384 echo $html; 372 385 } … … 378 391 */ 379 392 function callback_password( $args ) { 380 381 393 $value = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 382 394 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : 'regular'; … … 384 396 $html = sprintf( '<input type="password" class="%1$s-text" id="%2$s[%3$s]" name="%2$s[%3$s]" value="%4$s"/>', $size, $args['section'], $args['id'], $value ); 385 397 $html .= $this->get_field_description( $args ); 386 398 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 387 399 echo $html; 388 400 } … … 394 406 */ 395 407 function callback_color( $args ) { 396 397 408 $value = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ); 398 409 $size = isset( $args['size'] ) && ! is_null( $args['size'] ) ? $args['size'] : 'regular'; … … 400 411 $html = sprintf( '<input type="text" class="%1$s-text wp-color-picker-field" id="%2$s[%3$s]" name="%2$s[%3$s]" value="%4$s" data-default-color="%5$s" />', $size, $args['section'], $args['id'], $value, $args['std'] ); 401 412 $html .= $this->get_field_description( $args ); 402 403 echo $html; 404 } 405 413 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 414 echo $html; 415 } 406 416 407 417 /** … … 411 421 */ 412 422 function callback_pages( $args ) { 413 414 423 $dropdown_args = array( 415 424 'selected' => esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) ), … … 418 427 'echo' => 0, 419 428 ); 429 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 420 430 $html = wp_dropdown_pages( $dropdown_args ); 431 432 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 421 433 echo $html; 422 434 } … … 428 440 */ 429 441 function sanitize_options( $options ) { 430 431 442 if ( ! $options ) { 432 443 return $options; … … 482 493 */ 483 494 function get_option( $option, $section, $default = '' ) { 484 485 495 $options = get_option( $section ); 486 496 … … 512 522 513 523 $html .= '</h2>'; 514 524 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped 515 525 echo $html; 516 526 } … … 525 535 <div class="metabox-holder"> 526 536 <?php foreach ( $this->settings_sections as $form ) { ?> 527 <div id="<?php echo $form['id']; ?>" class="group" style="display: none;">537 <div id="<?php echo esc_attr( $form['id'] ); ?>" class="group" style="display: none;"> 528 538 <form method="post" action="options.php"> 529 539 <?php … … 578 588 $('.group:first').fadeIn(); 579 589 } 590 580 591 $('.group .collapsed').each(function(){ 581 592 $(this).find('input:checked').parent().parent().parent().nextAll().each( … … 585 596 return false; 586 597 } 598 587 599 $(this).filter('.hidden').removeClass('hidden'); 588 600 }); … … 591 603 if (activetab != '' && $(activetab + '-tab').length ) { 592 604 $(activetab + '-tab').addClass('nav-tab-active'); 593 } 594 else { 605 } else { 595 606 $('.nav-tab-wrapper a:first').addClass('nav-tab-active'); 596 607 } 608 597 609 $('.nav-tab-wrapper a').click(function(evt) { 598 610 $('.nav-tab-wrapper a').removeClass('nav-tab-active'); … … 602 614 localStorage.setItem("activetab", $(this).attr('href')); 603 615 } 616 604 617 $('.group').hide(); 605 618 $(clicked_group).fadeIn(); -
w3swoozoho/trunk/lib/class-tgm-plugin-activation.php
r3154949 r3379088 1 1 <?php 2 // phpcs:ignoreFile 2 3 /** 3 4 * Plugin installation and activation for WordPress themes. … … 339 340 'updating' => __( 'Updating Plugin: %s', 'tgmpa' ), 340 341 'oops' => __( 'Something went wrong with the plugin API.', 'tgmpa' ), 342 /* translators: 1: plugin name(s). */ 341 343 'notice_can_install_required' => _n_noop( 342 /* translators: 1: plugin name(s). */343 344 'This theme requires the following plugin: %1$s.', 344 345 'This theme requires the following plugins: %1$s.', 345 346 'tgmpa' 346 347 ), 348 /* translators: 1: plugin name(s). */ 347 349 'notice_can_install_recommended' => _n_noop( 348 /* translators: 1: plugin name(s). */349 350 'This theme recommends the following plugin: %1$s.', 350 351 'This theme recommends the following plugins: %1$s.', 351 352 'tgmpa' 352 353 ), 354 /* translators: 1: plugin name(s). */ 353 355 'notice_ask_to_update' => _n_noop( 354 /* translators: 1: plugin name(s). */355 356 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 356 357 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.', 357 358 'tgmpa' 358 359 ), 360 /* translators: 1: plugin name(s). */ 359 361 'notice_ask_to_update_maybe' => _n_noop( 360 /* translators: 1: plugin name(s). */361 362 'There is an update available for: %1$s.', 362 363 'There are updates available for the following plugins: %1$s.', 363 364 'tgmpa' 364 365 ), 366 /* translators: 1: plugin name(s). */ 365 367 'notice_can_activate_required' => _n_noop( 366 /* translators: 1: plugin name(s). */367 368 'The following required plugin is currently inactive: %1$s.', 368 369 'The following required plugins are currently inactive: %1$s.', 369 370 'tgmpa' 370 371 ), 372 /* translators: 1: plugin name(s). */ 371 373 'notice_can_activate_recommended' => _n_noop( 372 /* translators: 1: plugin name(s). */373 374 'The following recommended plugin is currently inactive: %1$s.', 374 375 'The following recommended plugins are currently inactive: %1$s.', -
w3swoozoho/trunk/readme.txt
r3376531 r3379088 4 4 Tags: Zoho CRM, Zoho, W3SCloud, Woocommerce, CRM 5 5 Requires at least: 5.2 6 Tested up to: 6. 6.27 Stable tag: trunk6 Tested up to: 6.8 7 Stable tag: 1.3.2 8 8 Requires PHP: 7.4 9 9 License: GPLv2 or later … … 29 29 30 30 = PREMIUM VERSION = 31 W ooCommerce toZoho CRM Plugin has a Premium version which comes with several additional features.32 [Upgrade to Pro version](https://w3scloud.com/ "W ooCommerce toZoho CRM Pro")31 W3S Connector for WooCommerce and Zoho CRM Plugin has a Premium version which comes with several additional features. 32 [Upgrade to Pro version](https://w3scloud.com/ "W3S Connector for WooCommerce and Zoho CRM Pro") 33 33 34 34 = Additional Benefits: =
Note: See TracChangeset
for help on using the changeset viewer.