WordPress.org
Get WordPress

Plugin Directory

Changeset 3417226


Ignore:
Timestamp:
12/11/2025 10:19:41 AM (4 months ago)
Author:
refatbd
Message:

Update

Location:
refatbd-notifications-with-telegram-for-woocommerce/trunk
Files:
12 edited

Legend:

Unmodified
Added
Removed

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/api-connection-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: API Connection Page (Free Version)

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/faq-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: FAQ Page (Free Version)

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/history-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: History Page (Free Version)

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/how-to-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: How To Use Page / Available Chat Commands (Free Version)

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/logs-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: Logs Page (Free Version)

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/notification-rules-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: Notification Rules Page

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/partials/conditions-template.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: Partial for Notification Conditions Template

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/schedule-sms-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34 * Admin View: Schedule SMS Page (Free Version)

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/admin/views/settings-page.php

    r3390586 r3417226  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
    23/**
    34* Admin View: Settings page

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/includes/class-rntfw-db.php

    r3390586 r3417226  
    139139    public static function clear_history() {
    140140        global $wpdb;
    141         $table_name = self::get_history_table_name();
    142         // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     141        $table_name = esc_sql( self::get_history_table_name() );
     142        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    143143        $wpdb->query( "TRUNCATE TABLE `{$table_name}`" );
    144144    }
     
    146146    public static function get_history( $per_page, $offset, $search_term = '' ) {
    147147        global $wpdb;
    148         $table_name = self::get_history_table_name();
     148        $table_name = esc_sql( self::get_history_table_name() );
    149149        $params     = [];
    150150        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     
    166166        // Prepare if placeholders exist
    167167        if ( ! empty( $params ) ) {
    168             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     168            // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    169169            return $wpdb->get_results( $wpdb->prepare( $sql, ...$params ) );
    170170        } else {
    171              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     171             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    172172            return $wpdb->get_results( $sql );
    173173        }
     
    176176    public static function get_history_count( $search_term = '' ) {
    177177        global $wpdb;
    178         $table_name = self::get_history_table_name();
     178        $table_name = esc_sql( self::get_history_table_name() );
    179179        $params     = [];
    180180        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     
    192192        // Prepare if placeholders exist
    193193        if ( ! empty( $params ) ) {
    194              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     194             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    195195            return (int) $wpdb->get_var( $wpdb->prepare( $sql, ...$params ) );
    196196        } else {
    197              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     197             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    198198            return (int) $wpdb->get_var( $sql );
    199199        }
     
    231231    public static function clear_logs() {
    232232        global $wpdb;
    233         $table_name = self::get_logs_table_name();
    234         // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     233        $table_name = esc_sql( self::get_logs_table_name() );
     234        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    235235        $wpdb->query( "TRUNCATE TABLE `{$table_name}`" );
    236236    }
     
    238238    public static function get_logs( $per_page, $offset, $search_term = '' ) {
    239239        global $wpdb;
    240         $table_name = self::get_logs_table_name();
     240        $table_name = esc_sql( self::get_logs_table_name() );
    241241        $params     = [];
    242242        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     
    256256        // Prepare if placeholders exist
    257257        if ( ! empty( $params ) ) {
    258              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     258             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    259259            return $wpdb->get_results( $wpdb->prepare( $sql, ...$params ) );
    260260        } else {
    261              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     261             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    262262            return $wpdb->get_results( $sql );
    263263        }
     
    266266    public static function get_log_count( $search_term = '' ) {
    267267        global $wpdb;
    268         $table_name = self::get_logs_table_name();
     268        $table_name = esc_sql( self::get_logs_table_name() );
    269269        $params     = [];
    270270        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     
    280280        // Prepare if placeholders exist
    281281        if ( ! empty( $params ) ) {
    282              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     282             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    283283            return (int) $wpdb->get_var( $wpdb->prepare( $sql, ...$params ) );
    284284        } else {
    285              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     285             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    286286            return (int) $wpdb->get_var( $sql );
    287287        }
     
    323323         }
    324324
     325         $table_name_safe = esc_sql( $table_name );
     326         $date_column_safe = esc_sql( $date_column );
     327
    325328         // Use backticks for table and column names
    326329         $sql = $wpdb->prepare(
    327330             // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Table and column names are checked against allowlist above.
    328              "DELETE FROM `{$table_name}` WHERE `{$date_column}` < %s",
     331             "DELETE FROM `{$table_name_safe}` WHERE `{$date_column_safe}` < %s",
    329332             $cutoff_date
    330333         );
    331          // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $sql is prepared above.
     334         // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter -- $sql is prepared above.
    332335         $wpdb->query( $sql ); // Line 317 in original code, now moved execution here.
    333336    }
     
    352355    public static function get_license_data() {
    353356        global $wpdb;
    354         $table_name = self::get_licenses_table_name();
     357        $table_name = esc_sql( self::get_licenses_table_name() );
    355358        // Check if table exists before querying
    356         // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching
     359        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching, PluginCheck.Security.DirectDB.UnescapedDBParameter
    357360        $table_exists = $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table_name ) );
    358361        if ( $table_exists !== $table_name ) {
     
    360363            return null; // Table doesn't exist
    361364        }
    362         // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     365        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    363366        $row = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM `{$table_name}` WHERE 1=%d LIMIT 1", 1 ) );
    364367         // If no row exists, return a default object structure expected by Pro
     
    556559    public static function delete_license_data() {
    557560        global $wpdb;
    558         $table_name = self::get_licenses_table_name();
     561        $table_name = esc_sql( self::get_licenses_table_name() );
    559562        // Check if table exists before trying to delete
    560         // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching
     563        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching, PluginCheck.Security.DirectDB.UnescapedDBParameter
    561564        $table_exists = $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table_name ) );
    562565        if ( $table_exists !== $table_name ) {
    563566            return true; // Table doesn't exist, consider it deleted
    564567        }
    565         // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     568        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    566569        return $wpdb->query( "DELETE FROM `{$table_name}`" );
    567570    }
     
    584587    public static function get_scheduled_sms( $per_page, $offset, $search_term = '' ) {
    585588        global $wpdb;
    586         $table_name = self::get_scheduled_sms_table_name();
     589        $table_name = esc_sql( self::get_scheduled_sms_table_name() );
    587590        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
    588591        $sql        = "SELECT * FROM `{$table_name}`";
     
    602605        // Prepare if placeholders exist
    603606        if ( ! empty( $params ) ) {
    604              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     607             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    605608            return $wpdb->get_results( $wpdb->prepare( $sql, ...$params ) );
    606609        } else {
    607              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     610             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    608611            return $wpdb->get_results( $sql );
    609612        }
     
    612615    public static function get_scheduled_sms_by_id( $id ) {
    613616        global $wpdb;
    614         $table_name = self::get_scheduled_sms_table_name();
    615         // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     617        $table_name = esc_sql( self::get_scheduled_sms_table_name() );
     618        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    616619        return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM `{$table_name}` WHERE id = %d", $id ) );
    617620    }
     
    619622    public static function get_scheduled_sms_count( $search_term = '' ) {
    620623        global $wpdb;
    621         $table_name = self::get_scheduled_sms_table_name();
     624        $table_name = esc_sql( self::get_scheduled_sms_table_name() );
    622625        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
    623626        $sql        = "SELECT COUNT(id) FROM `{$table_name}`";
     
    633636        // Prepare if placeholders exist
    634637        if ( ! empty( $params ) ) {
    635              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     638             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    636639            return (int) $wpdb->get_var( $wpdb->prepare( $sql, ...$params ) );
    637640        } else {
    638              // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
     641             // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    639642            return (int) $wpdb->get_var( $sql );
    640643        }
     
    666669    public static function get_due_scheduled_sms() {
    667670        global $wpdb;
    668         $table_name = self::get_scheduled_sms_table_name();
    669         // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     671        $table_name = esc_sql( self::get_scheduled_sms_table_name() );
     672        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, PluginCheck.Security.DirectDB.UnescapedDBParameter
    670673        return $wpdb->get_results( $wpdb->prepare( "SELECT * FROM `{$table_name}` WHERE status = 'scheduled' AND send_at <= %s ORDER BY send_at ASC", current_time( 'mysql' ) ) ); // Order by send_at
    671674    }

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/readme.txt

    r3415156 r3417226  
    55Requires at least: 5.0
    66Tested up to: 6.9
    7 Stable tag: 2.0.1
     7Stable tag: 2.0.2
    88Requires PHP: 7.4
    99License: GPL v2 or later
     
    5353    This securely connects your site to the backend and saves your API key automatically.
    5454    * Verify that the API Status and Site Connection show as "Connected". Click "Refresh" if needed.
    55 
    56552.  **Configure Chat ID:**
    5756    * Go to **Telegram Sync -> Settings -> Chat Management**.
     
    6160    * Click "Save Changes".
    6261    * You can use the "Test" button to verify the Chat ID is correct.
    63 
    64623.  **Configure Notifications:**
    6563    * Go through the tabs under **Telegram Sync -> Settings** (General, Order Status, User & Stock, etc.).
    6664    * Use the toggle switches to enable the notifications you want to receive.
    6765    * Customize the message templates using the available placeholders listed below each template field.
    68 
    69664.  **Set Up Notification Rules (Optional):**
    7067    * Navigate to the **Notification Rules** tab to create advanced conditions for any enabled notification event, giving you precise control over when alerts are sent.
    71 
    72685.  **Enable the Plugin:**
    7369    * Ensure the "Enable Plugin" toggle is switched on in the **General** tab.
     
    141137== Changelog ==
    142138
     139= 2.0.2 =
     140* SECURITY: Hardened database queries in `RNTFW_DB` class by escaping table names and suppressing false positives in static analysis.
     141* FIX: Resolved multiple "Unescaped parameter" warnings from Plugin Check.
    143142
    144143= 2.0.1 =

  • refatbd-notifications-with-telegram-for-woocommerce/trunk/refatbd-notifications-with-telegram-for-woocommerce.php

    r3415156 r3417226  
    44 * Plugin URI:    https://refat.ovh/refatbd-notifications-with-telegram-for-woocommerce
    55 * Description:   Sends instant, secure, and custom-templated notifications to Telegram for WooCommerce events with advanced conditional logic to a single chat ID.
    6  * Version:       2.0.1
     6 * Version:       2.0.2
    77 * Author:        Refat
    88 * Author URI:    https://refat.ovh
     
    2929
    3030// --- Constants ---
    31 define( 'RNTFW_VERSION', '2.0.1' ); // Updated version
     31define( 'RNTFW_VERSION', '2.0.2' ); // Updated version
    3232define( 'RNTFW_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
    3333define( 'RNTFW_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
Note: See TracChangeset for help on using the changeset viewer.