Changeset 3402164
- Timestamp:
- 11/25/2025 02:53:23 AM (4 months ago)
- Location:
- stafflist/trunk
- Files:
-
- 2 edited
-
readme.txt (modified) (1 diff)
-
stafflist.php (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
stafflist/trunk/readme.txt
r3245912 r3402164 103 103 104 104 == Changelog == 105 = 3.2.7 = 106 * Added more sanitization, as recommended by Wordfence (thank you); 107 105 108 = 3.2.6 = 106 109 * Fixed deprecation warnings that appeared in PHP8+, found by @thomasprice61 (thank you); -
stafflist/trunk/stafflist.php
r3245912 r3402164 4 4 Plugin URI: http://wordpress.org/plugins/stafflist/ 5 5 Description: A super simplified staff directory tool 6 Version: 3.2. 66 Version: 3.2.7 7 7 Author: era404 8 8 Author URI: http://www.era404.com … … 292 292 293 293 global $stafflisturl; 294 $stafflisturl = STAFFLIST_URL . ($w ? "&search=".esc_attr($w) : "") . ($s ? "&s=".esc_attr($s) : "");294 $stafflisturl = wp_nonce_url(STAFFLIST_URL . ($w ? "&search=".esc_attr($w) : "") . ($s ? "&s=".esc_attr($s) : "")); 295 295 echo renderAdminPager($pg); 296 296 … … 438 438 if($col['active']== 1) { 439 439 $cname = ($col['id']>5 ? $col['name'] : $std[ $col['name'] ]); 440 echo "<li class='ui-state-default' id='col{$col['id']}'> {$cname}</li>";440 echo "<li class='ui-state-default' id='col{$col['id']}'>".esc_html($cname)."</li>"; 441 441 } 442 442 } … … 448 448 if($col['active']== -1) { 449 449 $cname = ($col['id']>5 ? $col['name'] : $std[ $col['name'] ]); 450 echo "<li class='ui-state-highlight' id='col{$col['id']}'> {$cname}</li>";450 echo "<li class='ui-state-highlight' id='col{$col['id']}'>".esc_html($cname)."</li>"; 451 451 } 452 452 } … … 458 458 if($col['active'] == 0) { 459 459 $cname = ($col['id']>5 ? $col['name'] : $std[ $col['name'] ]); 460 echo "<li class='ui-state-highlight' id='col{$col['id']}'> {$cname}</li>";460 echo "<li class='ui-state-highlight' id='col{$col['id']}'>".esc_html($cname)."</li>"; 461 461 } 462 462 } … … 535 535 if($pg[0]<1 || $last<2) return(""); 536 536 //previous 537 $html = ($cur > 1 ? "<p class='pager'><a href=' {$stafflisturl}&p=".($cur-1)."'>Previous </a></p>" : "");537 $html = ($cur > 1 ? "<p class='pager'><a href='".wp_nonce_url("{$stafflisturl}&p=".($cur-1))."'>Previous </a></p>" : ""); 538 538 //pages 539 539 if($cur<=3){ … … 554 554 } 555 555 //next 556 $html .= (($cur < $pg[2] && $pg[2] > 1) ? "<p class='pager'><a href=' {$stafflisturl}&p=".($cur+1)."'> Next</a></p>" : ""); //>556 $html .= (($cur < $pg[2] && $pg[2] > 1) ? "<p class='pager'><a href='".wp_nonce_url("{$stafflisturl}&p=".($cur+1))."'> Next</a></p>" : ""); //> 557 557 //page numbering 558 558 $html .= "<div class='pageNum'>Page: ".($pg[3])." ( ".($pg[4]+1)."-".($pg[5]+1)." of ".($pg[0])." )</div>"; … … 561 561 function renderAdminPage($style, $page){ 562 562 global $stafflisturl; //includes search 563 return("<p class='pager{$style}'>".(is_numeric($page)?"<a href=' {$stafflisturl}&p={$page}'>{$page}</a>":$page)."</p>");563 return("<p class='pager{$style}'>".(is_numeric($page)?"<a href='".wp_nonce_url("{$stafflisturl}&p={$page}")."'>{$page}</a>":$page)."</p>"); 564 564 } 565 565 /*********************************************************************************** … … 872 872 873 873 //build query from passed vars 874 $fval = (string) s tripslashes($_POST['fval']);874 $fval = (string) sanitize_text_field(stripslashes($_POST['fval'])); 875 875 $fname = (string) stripslashes($_POST['fname'][0]); 876 876 $id = (int) stripslashes($_POST['fname'][1]);
Note: See TracChangeset
for help on using the changeset viewer.