Changeset 3395777
- Timestamp:
- 11/14/2025 02:01:29 PM (5 months ago)
- Location:
- viaads
- Files:
-
- 14 added
- 10 edited
-
tags/2.1.3 (added)
-
tags/2.1.3/apikey.php (added)
-
tags/2.1.3/endpoints.php (added)
-
tags/2.1.3/externalJS.php (added)
-
tags/2.1.3/hooks (added)
-
tags/2.1.3/hooks/addCart.php (added)
-
tags/2.1.3/hooks/orderHooks.php (added)
-
tags/2.1.3/hooks/pageLook.php (added)
-
tags/2.1.3/hooks/productHooks.php (added)
-
tags/2.1.3/hooks/removeCart.php (added)
-
tags/2.1.3/http.php (added)
-
tags/2.1.3/readme.txt (added)
-
tags/2.1.3/userAgent.php (added)
-
tags/2.1.3/viaads.php (added)
-
trunk/apikey.php (modified) (6 diffs)
-
trunk/endpoints.php (modified) (6 diffs)
-
trunk/hooks/addCart.php (modified) (6 diffs)
-
trunk/hooks/orderHooks.php (modified) (2 diffs)
-
trunk/hooks/pageLook.php (modified) (6 diffs)
-
trunk/hooks/productHooks.php (modified) (1 diff)
-
trunk/hooks/removeCart.php (modified) (6 diffs)
-
trunk/readme.txt (modified) (1 diff)
-
trunk/userAgent.php (modified) (1 diff)
-
trunk/viaads.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
viaads/trunk/apikey.php
r2975155 r3395777 32 32 <hr class="wp-header-end"> 33 33 <form method="post"> 34 ' . wp_nonce_field('viaads_update_settings', 'viaads_settings_nonce', true, false) . ' 34 35 <table class="form-table"> 35 36 <tbody> … … 72 73 '; 73 74 75 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output contains admin form HTML with properly escaped variables 74 76 echo $html; 75 77 } … … 79 81 function ViaAds_pluginHandler() 80 82 { 83 // Security checks for settings update 81 84 if (isset($_POST['viaadsApiKeyUpdate'])) { 85 // Verify user has permission to manage options 86 if (!current_user_can('manage_options')) { 87 return; 88 } 89 90 // Verify nonce for CSRF protection 91 if (!isset($_POST['viaads_settings_nonce']) || 92 !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['viaads_settings_nonce'])), 'viaads_update_settings')) { 93 return; 94 } 95 82 96 if (isset($_POST['viaadsApiKey'])) { 83 97 $name = "viaads_api_key"; … … 108 122 } 109 123 110 if (!preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}- 4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i', $apiKey)) {124 if (!preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i', $apiKey)) { 111 125 add_action('admin_notices', 'ViaAds\\viaads_apikey_error_notice'); 112 126 return false; … … 122 136 ?> 123 137 <div class="error notice"> 124 <p><?php e cho _e('The API Key provided is not of a valid format'); ?></p>138 <p><?php esc_html_e('The API Key provided is not of a valid format', 'viaads'); ?></p> 125 139 </div> 126 140 <?php … … 131 145 ?> 132 146 <div class="updated notice"> 133 <p><?php e cho _e('The settings is updated'); ?></p>147 <p><?php esc_html_e('The settings is updated', 'viaads'); ?></p> 134 148 </div> 135 149 <?php -
viaads/trunk/endpoints.php
r2996362 r3395777 87 87 $deleteApiKey = $request->get_param('deleteApiKey'); 88 88 if (isset($deleteApiKey)){ 89 // Direct query required: WooCommerce API keys table has no WordPress wrapper function 89 90 $wpdb->delete( 90 91 "{$wpdb->prefix}woocommerce_api_keys", … … 92 93 array('%d') 93 94 ); 95 // Clear any related caches 96 wp_cache_delete('woocommerce_api_keys_' . $user_id, 'woocommerce'); 94 97 } 95 98 96 99 //Check if user already have an api key 97 $user_keys = $wpdb->get_var( 98 $wpdb->prepare( 99 "SELECT COUNT(*) FROM {$wpdb->prefix}woocommerce_api_keys WHERE user_id = %d", 100 $user_id 101 ) 102 ); 100 // Check cache first 101 $cache_key = 'woocommerce_api_keys_count_' . $user_id; 102 $user_keys = wp_cache_get($cache_key, 'woocommerce'); 103 104 if (false === $user_keys) { 105 // Direct query required: WooCommerce API keys table has no WordPress wrapper function 106 $user_keys = $wpdb->get_var( 107 $wpdb->prepare( 108 "SELECT COUNT(*) FROM {$wpdb->prefix}woocommerce_api_keys WHERE user_id = %d", 109 $user_id 110 ) 111 ); 112 // Cache the result for 1 hour 113 wp_cache_set($cache_key, $user_keys, 'woocommerce', HOUR_IN_SECONDS); 114 } 103 115 104 116 //Check if any keys exists … … 118 130 ); 119 131 132 // Direct query required: WooCommerce API keys table has no WordPress wrapper function 120 133 $wpdb->insert( 121 134 "{$wpdb->prefix}woocommerce_api_keys", … … 131 144 ) 132 145 ); 146 147 // Clear cache after insert 148 wp_cache_delete('woocommerce_api_keys_' . $user_id, 'woocommerce'); 149 wp_cache_delete('woocommerce_api_keys_count_' . $user_id, 'woocommerce'); 133 150 134 151 … … 140 157 ViaAds_PostToUrl("https://integration.viaads.dk/woocommerce/ApiKey", $api_key_object, true); 141 158 142 print_r(json_encode($api_key_object));143 echo "\r\n\r\n\r\n\r\n";144 print_r(get_userdata( $user_id ));145 echo "\r\n\r\n\r\n\r\n";146 print_r($admin_role);147 echo "\r\n\r\n\r\n\r\n";148 print_r(get_role($groupName));149 echo "\r\n\r\n\r\n\r\n";150 151 159 return new WP_REST_Response('Created user', 200); 152 160 } … … 156 164 $error_object->Error = $e->getMessage(); 157 165 158 $currentPageUrl = sanitize_url(home_url( $_SERVER['REQUEST_URI']));166 $currentPageUrl = sanitize_url(home_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'] ?? '')))); 159 167 $error_object->Url = wp_http_validate_url($currentPageUrl); 160 168 -
viaads/trunk/hooks/addCart.php
r3019790 r3395777 28 28 return; 29 29 } 30 $cookieValues = json_decode(base64_decode( $_COOKIE['via_ads']));30 $cookieValues = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads'])))); 31 31 if (!$cookieValues->Consent) { 32 32 return; … … 37 37 //ClientInfo 38 38 $clientInfo = new stdClass(); 39 $clientInfo->ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; 39 $clientInfo->ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) 40 ? sanitize_text_field(wp_unslash($_SERVER['HTTP_X_FORWARDED_FOR'])) 41 : sanitize_text_field(wp_unslash($_SERVER['REMOTE_ADDR'] ?? '')); 40 42 41 43 … … 48 50 $userAgent->device_name = $ua[ 'platform' ]; 49 51 $userAgent->name = $ua[ 'name' ]; 50 $userAgent->original = sanitize_text_field( $_SERVER[ 'HTTP_USER_AGENT' ]);52 $userAgent->original = sanitize_text_field(wp_unslash($_SERVER[ 'HTTP_USER_AGENT' ] ?? '')); 51 53 $userAgent->version = $ua[ 'version' ]; 52 54 $data->user_agent = $userAgent; … … 58 60 59 61 //Email 60 global $current_user; 61 get_currentuserinfo(); 62 $current_user = wp_get_current_user(); 62 63 $email = strtolower(( string )$current_user->user_email); 63 64 $customer = new stdClass(); … … 73 74 //Thrid party cookies 74 75 if (isset($_COOKIE['via_ads2'])) { 75 $cookieValues2 = json_decode(base64_decode( $_COOKIE['via_ads2']));76 $cookieValues2 = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads2'])))); 76 77 $customer->ViaAds2 = $cookieValues2->ViaAds ?? ""; 77 78 $customer->Email2 = $cookieValues2->Email ?? ""; … … 109 110 $error_object->Error = $e->getMessage(); 110 111 111 $currentPageUrl = sanitize_url( home_url( $_SERVER['REQUEST_URI']) );112 $currentPageUrl = sanitize_url( home_url( sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) ) ) ); 112 113 $error_object->Url = wp_http_validate_url($currentPageUrl); 113 114 -
viaads/trunk/hooks/orderHooks.php
r2919840 r3395777 23 23 } 24 24 if(isset($_COOKIE['via_ads'])) { 25 $cookieValues = json_decode(base64_decode( $_COOKIE['via_ads']));25 $cookieValues = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads'])))); 26 26 if ($cookieValues->Consent) { 27 27 $cookieValues->Email = strtolower($order->get_billing_email()); … … 167 167 $error_object->Error = $e->getMessage(); 168 168 169 $currentPageUrl = sanitize_url(home_url( $_SERVER['REQUEST_URI']));169 $currentPageUrl = sanitize_url(home_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'] ?? '')))); 170 170 $error_object->Url = wp_http_validate_url($currentPageUrl); 171 171 -
viaads/trunk/hooks/pageLook.php
r2996362 r3395777 29 29 return; 30 30 } 31 $cookieValues = json_decode(base64_decode( $_COOKIE['via_ads']));31 $cookieValues = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads'])))); 32 32 if (!$cookieValues->Consent) { 33 33 return; … … 38 38 //ClientInfo 39 39 $clientInfo = new stdClass(); 40 $ip = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']); 41 $clientInfo->ip = $ip; 40 $clientInfo->ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) 41 ? sanitize_text_field(wp_unslash($_SERVER['HTTP_X_FORWARDED_FOR'])) 42 : sanitize_text_field(wp_unslash($_SERVER['REMOTE_ADDR'] ?? '')); 42 43 43 44 //User Agent … … 49 50 $userAgent->device_name = $ua['platform']; 50 51 $userAgent->name = $ua['name']; 51 $userAgent->original = sanitize_text_field( $_SERVER['HTTP_USER_AGENT']);52 $userAgent->original = sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'] ?? '')); 52 53 $userAgent->version = $ua['version']; 53 54 $data->user_agent = $userAgent; … … 59 60 60 61 //Email 61 global $current_user; 62 get_currentuserinfo(); 62 $current_user = wp_get_current_user(); 63 63 $email = strtolower(( string )$current_user->user_email); 64 64 $customer = new stdClass(); … … 74 74 //Thrid party cookies 75 75 if (isset($_COOKIE['via_ads2'])) { 76 $cookieValues2 = json_decode(base64_decode( $_COOKIE['via_ads2']));76 $cookieValues2 = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads2'])))); 77 77 $customer->ViaAds2 = $cookieValues2->ViaAds ?? ""; 78 78 $customer->Email2 = $cookieValues2->Email ?? ""; … … 108 108 $error_object->Error = $e->getMessage(); 109 109 110 $currentPageUrl = sanitize_url(home_url( $_SERVER['REQUEST_URI']));110 $currentPageUrl = sanitize_url(home_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'] ?? '')))); 111 111 $error_object->Url = wp_http_validate_url($currentPageUrl); 112 112 -
viaads/trunk/hooks/productHooks.php
r3120016 r3395777 28 28 $error_object->Error = $e->getMessage(); 29 29 30 $currentPageUrl = sanitize_url(home_url( $_SERVER['REQUEST_URI']));30 $currentPageUrl = sanitize_url(home_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'] ?? '')))); 31 31 $error_object->Url = wp_http_validate_url($currentPageUrl); 32 32 -
viaads/trunk/hooks/removeCart.php
r2996362 r3395777 31 31 return; 32 32 } 33 $cookieValues = json_decode(base64_decode( $_COOKIE['via_ads']));33 $cookieValues = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads'])))); 34 34 if (!$cookieValues->Consent) { 35 35 return; … … 40 40 //ClientInfo 41 41 $clientInfo = new stdClass(); 42 $ip = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']); 43 $clientInfo->ip = $ip; 42 $clientInfo->ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) 43 ? sanitize_text_field(wp_unslash($_SERVER['HTTP_X_FORWARDED_FOR'])) 44 : sanitize_text_field(wp_unslash($_SERVER['REMOTE_ADDR'] ?? '')); 44 45 45 46 //User Agent … … 51 52 $userAgent->device_name = $ua['platform']; 52 53 $userAgent->name = $ua['name']; 53 $userAgent->original = $_SERVER['HTTP_USER_AGENT'];54 $userAgent->original = sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'] ?? '')); 54 55 $userAgent->version = $ua['version']; 55 56 $data->user_agent = $userAgent; … … 61 62 62 63 //Email 63 global $current_user; 64 get_currentuserinfo(); 64 $current_user = wp_get_current_user(); 65 65 $email = strtolower(( string )$current_user->user_email); 66 66 $customer = new stdClass(); … … 76 76 //Thrid party cookies 77 77 if (isset($_COOKIE['via_ads2'])) { 78 $cookieValues2 = json_decode(base64_decode( $_COOKIE['via_ads2']));78 $cookieValues2 = json_decode(base64_decode(sanitize_text_field(wp_unslash($_COOKIE['via_ads2'])))); 79 79 $customer->ViaAds2 = $cookieValues2->ViaAds ?? ""; 80 80 $customer->Email2 = $cookieValues2->Email ?? ""; … … 113 113 $error_object->Error = $e->getMessage(); 114 114 115 $currentPageUrl = sanitize_url(home_url( $_SERVER['REQUEST_URI']));115 $currentPageUrl = sanitize_url(home_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'] ?? '')))); 116 116 $error_object->Url = wp_http_validate_url($currentPageUrl); 117 117 -
viaads/trunk/readme.txt
r3236781 r3395777 1 === Plugin Name===1 === ViaAds === 2 2 Contributors: @viaads 3 3 Tags: ViaAds, ViaBill 4 4 Requires at least: 5.4 5 Tested up to: 6. 76 Stable tag: 2.1. 15 Tested up to: 6.8 6 Stable tag: 2.1.3 7 7 Requires PHP: 7.0 8 License: GPL v39 License URI: https://www.gnu.org/licenses/gpl- 3.0.html8 License: GPL v2 or later 9 License URI: https://www.gnu.org/licenses/gpl-2.0.html 10 10 11 11 ViaAds plugin enables order and behavior-based marketing solution for ViaBill merchants. -
viaads/trunk/userAgent.php
r2876443 r3395777 6 6 7 7 function ViaAds_getBrowser() { 8 $u_agent = sanitize_text_field( $_SERVER[ 'HTTP_USER_AGENT' ]);8 $u_agent = sanitize_text_field(wp_unslash($_SERVER[ 'HTTP_USER_AGENT' ] ?? '')); 9 9 $bname = 'Unknown'; 10 10 $platform = 'Unknown'; -
viaads/trunk/viaads.php
r3236781 r3395777 3 3 * Plugin Name: ViaAds 4 4 * Description: Plugin der muliggør forbindelsen til ViaAds / Plug-in enabling the connection to ViaAds. 5 * Version: 2.1. 15 * Version: 2.1.3 6 6 * Author: ViaAds 7 7 * Author URI: https://www.viaads.dk/ … … 54 54 $user_id = username_exists("ViaAds"); 55 55 global $wpdb; 56 //Delete keys 56 //Delete keys - Direct query required: WooCommerce API keys table has no WordPress wrapper function 57 57 $wpdb->delete( 58 58 "{$wpdb->prefix}woocommerce_api_keys", … … 60 60 array('%d') 61 61 ); 62 // Clear any related caches 63 wp_cache_delete('woocommerce_api_keys_' . $user_id, 'woocommerce'); 62 64 //Delete user 63 65 wp_delete_user($user_id);
Note: See TracChangeset
for help on using the changeset viewer.