Changeset 3386662
- Timestamp:
- 10/29/2025 08:23:35 PM (5 months ago)
- Location:
- joan/trunk
- Files:
-
- 4 edited
-
includes/admin-menu.php (modified) (4 diffs)
-
includes/elementor-widget.php (modified) (1 diff)
-
joan.php (modified) (2 diffs)
-
readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
joan/trunk/includes/admin-menu.php
r3374022 r3386662 916 916 ARRAY_A 917 917 ); 918 919 /* 920 * WordPress automatically adds slashes to values in $_POST via wp_magic_quotes(). 921 * If the data is inserted into the database without first removing those slashes, 922 * show titles and jock names containing apostrophes will accumulate backslashes 923 * every time they are edited. To ensure we display the correct values in the 924 * schedule manager, unslash database values before sending them back via AJAX. 925 */ 926 foreach ($results as &$row) { 927 if (isset($row['show_name'])) { 928 $row['show_name'] = stripslashes($row['show_name']); 929 } 930 if (isset($row['dj_name'])) { 931 $row['dj_name'] = stripslashes($row['dj_name']); 932 } 933 } 918 934 wp_send_json($results); 919 935 }); … … 930 946 } 931 947 $table = $wpdb->prefix . 'joan_schedule'; 948 /* 949 * Unslash incoming values before sanitizing. WordPress magic quotes adds 950 * backslashes to quotes and other characters in $_POST. If we do not remove 951 * those slashes here, they will be stored in the database and accumulate 952 * each time the record is updated. Use wp_unslash() to reverse this 953 * behaviour before calling the appropriate sanitize/escape functions. 954 */ 932 955 $data = [ 933 'show_name' => sanitize_text_field( $_POST['show_name']),934 'start_day' => sanitize_text_field( $_POST['start_day']),935 'start_time' => sanitize_text_field( $_POST['start_time']),936 'end_time' => sanitize_text_field( $_POST['end_time']),937 'dj_name' => sanitize_text_field( $_POST['dj_name']),938 'image_url' => esc_url_raw( $_POST['image_url']),939 'link_url' => esc_url_raw( $_POST['link_url'])956 'show_name' => sanitize_text_field( wp_unslash( $_POST['show_name'] ) ), 957 'start_day' => sanitize_text_field( wp_unslash( $_POST['start_day'] ) ), 958 'start_time' => sanitize_text_field( wp_unslash( $_POST['start_time'] ) ), 959 'end_time' => sanitize_text_field( wp_unslash( $_POST['end_time'] ) ), 960 'dj_name' => sanitize_text_field( wp_unslash( $_POST['dj_name'] ) ), 961 'image_url' => esc_url_raw( wp_unslash( $_POST['image_url'] ) ), 962 'link_url' => esc_url_raw( wp_unslash( $_POST['link_url'] ) ) 940 963 ]; 941 964 $result = $wpdb->insert($table, $data); … … 959 982 $table = $wpdb->prefix . 'joan_schedule'; 960 983 $id = intval($_POST['id']); 984 /* 985 * As with creation, ensure we unslash all incoming values before 986 * sanitization to avoid persistent backslashes in stored data. Without 987 * unslashing here, editing a show with an apostrophe in its title would 988 * double the backslashes each time it is saved. 989 */ 961 990 $data = [ 962 'show_name' => sanitize_text_field( $_POST['show_name']),963 'start_day' => sanitize_text_field( $_POST['start_day']),964 'start_time' => sanitize_text_field( $_POST['start_time']),965 'end_time' => sanitize_text_field( $_POST['end_time']),966 'dj_name' => sanitize_text_field( $_POST['dj_name']),967 'image_url' => esc_url_raw( $_POST['image_url']),968 'link_url' => esc_url_raw( $_POST['link_url'])991 'show_name' => sanitize_text_field( wp_unslash( $_POST['show_name'] ) ), 992 'start_day' => sanitize_text_field( wp_unslash( $_POST['start_day'] ) ), 993 'start_time' => sanitize_text_field( wp_unslash( $_POST['start_time'] ) ), 994 'end_time' => sanitize_text_field( wp_unslash( $_POST['end_time'] ) ), 995 'dj_name' => sanitize_text_field( wp_unslash( $_POST['dj_name'] ) ), 996 'image_url' => esc_url_raw( wp_unslash( $_POST['image_url'] ) ), 997 'link_url' => esc_url_raw( wp_unslash( $_POST['link_url'] ) ) 969 998 ]; 970 999 $result = $wpdb->update($table, $data, ['id' => $id]); … … 1016 1045 foreach ($changes as $change) { 1017 1046 $id = intval($change['id']); 1047 /* 1048 * When performing bulk updates, each change may contain slashed 1049 * values coming directly from JavaScript. Apply wp_unslash() before 1050 * sanitizing to prevent runaway backslashes in the database. This 1051 * mirrors the logic used in single create/update handlers. 1052 */ 1018 1053 $data = [ 1019 'show_name' => sanitize_text_field( $change['show_name']),1020 'start_day' => sanitize_text_field( $change['start_day']),1021 'start_time' => sanitize_text_field( $change['start_time']),1022 'end_time' => sanitize_text_field( $change['end_time']),1023 'dj_name' => sanitize_text_field( $change['dj_name']),1024 'image_url' => esc_url_raw( $change['image_url']),1025 'link_url' => esc_url_raw( $change['link_url'])1054 'show_name' => sanitize_text_field( wp_unslash( $change['show_name'] ) ), 1055 'start_day' => sanitize_text_field( wp_unslash( $change['start_day'] ) ), 1056 'start_time' => sanitize_text_field( wp_unslash( $change['start_time'] ) ), 1057 'end_time' => sanitize_text_field( wp_unslash( $change['end_time'] ) ), 1058 'dj_name' => sanitize_text_field( wp_unslash( $change['dj_name'] ) ), 1059 'image_url' => esc_url_raw( wp_unslash( $change['image_url'] ) ), 1060 'link_url' => esc_url_raw( wp_unslash( $change['link_url'] ) ) 1026 1061 ]; 1027 1062 $result = $wpdb->update($table, $data, ['id' => $id]); -
joan/trunk/includes/elementor-widget.php
r3344195 r3386662 7 7 defined('ABSPATH') || exit; 8 8 9 // Only proceed if Elementor is active and loaded 10 if (!did_action('elementor/loaded') || !class_exists('\Elementor\Widget_Base')) { 9 /* 10 * Only proceed if the base Elementor widget class is available. Avoid checking 11 * for `elementor/loaded` here because this file is included on the 12 * `elementor/init` hook by our compatibility layer. During that hook the 13 * `elementor/loaded` action may not have fired yet, which caused the 14 * original code to bail out early and prevented the widget from being 15 * registered. Checking only for the existence of the base class ensures 16 * our widget is registered whenever Elementor is active. 17 */ 18 if (!class_exists('\Elementor\Widget_Base')) { 11 19 return; 12 20 } -
joan/trunk/joan.php
r3375309 r3386662 4 4 * Plugin URI: https://gandenterprisesinc.com/plugins/joan 5 5 * Description: Display your station's current and upcoming on-air schedule in real-time with timezone awareness, Elementor & Visual Composer support, and modern code practices. 6 * Version: 6.1. 06 * Version: 6.1.1 7 7 * Author: G & D Enterprises, Inc. 8 8 * Author URI: https://gandenterprisesinc.com … … 17 17 defined('ABSPATH') || exit; 18 18 19 define('JOAN_VERSION', '6.0.9'); 19 // Update plugin version constant to reflect the latest release. 20 define('JOAN_VERSION', '6.1.1'); 20 21 define('JOAN_PLUGIN_DIR', plugin_dir_path(__FILE__)); 21 22 define('JOAN_PLUGIN_URL', plugin_dir_url(__FILE__)); -
joan/trunk/readme.txt
r3375309 r3386662 6 6 Tested up to: 6.8 7 7 Requires PHP: 7.2 8 Stable tag: 6.1. 08 Stable tag: 6.1.1 9 9 License: GPLv2 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 141 141 == Changelog == 142 142 143 = 6.1.1 - 2025-10-29 = 144 145 * **FIXED**: Elementor "JOAN - On Air Now" widget now registers properly. The earlier JOAN checked for `elementor/loaded` too soon, causing the widget to never appear. We removed the premature check and now register the widget whenever Elementor is active. 146 * **FIXED**: Resolved an issue where show titles containing apostrophes accumulated backslashes each time they were edited. Inputs are now unslashed before saving, and existing values are unslashed for the admin interface. 147 143 148 = 6.1.0 - 2025-10-08 = 144 149 … … 156 161 = 6.0.8 - 2025-09-30 = 157 162 158 * **Fixed issue with WPBakery. In some case sthe switch timezone dropdown wouldn't load.163 * **Fixed issue with WPBakery. In some case the switch timezone dropdown wouldn't load. 159 164 160 165 = 6.0.7 - 2025-09-04 =
Note: See TracChangeset
for help on using the changeset viewer.