Changeset 3467225
- Timestamp:
- 02/23/2026 03:42:36 AM (6 weeks ago)
- Location:
- an-gradebook
- Files:
-
- 12 edited
- 1 copied
-
tags/6.4.1 (copied) (copied from an-gradebook/trunk)
-
tags/6.4.1/GradeBook.php (modified) (2 diffs)
-
tags/6.4.1/readme.txt (modified) (2 diffs)
-
tags/6.4.1/rest-api/class-rest-courses.php (modified) (1 diff)
-
tags/6.4.1/rest-api/class-rest-stats.php (modified) (1 diff)
-
tags/6.4.1/rest-api/class-rest-student-view.php (modified) (2 diffs)
-
tags/6.4.1/rest-api/class-rest-students.php (modified) (3 diffs)
-
trunk/GradeBook.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/rest-api/class-rest-courses.php (modified) (1 diff)
-
trunk/rest-api/class-rest-stats.php (modified) (1 diff)
-
trunk/rest-api/class-rest-student-view.php (modified) (2 diffs)
-
trunk/rest-api/class-rest-students.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
an-gradebook/tags/6.4.1/GradeBook.php
r3467181 r3467225 4 4 Plugin URI: https://wordpress.org/plugins/an-gradebook/ 5 5 Description: A gradebook plugin for educators to create, maintain, and share grades. 6 Version: 6.4. 06 Version: 6.4.1 7 7 Author: Aori Nevo 8 8 Author URI: http://www.aorinevo.com … … 20 20 } 21 21 22 define( 'AN_GRADEBOOK_VERSION', '6.4. 0' );22 define( 'AN_GRADEBOOK_VERSION', '6.4.1' ); 23 23 24 24 require_once plugin_dir_path( __FILE__ ) . 'functions.php'; -
an-gradebook/tags/6.4.1/readme.txt
r3467181 r3467225 4 4 Requires at least: 6.0 5 5 Tested up to: 6.9 6 Stable tag: 6.4. 06 Stable tag: 6.4.1 7 7 Requires PHP: 7.4 8 8 License: GPL-2.0-or-later … … 63 63 64 64 == Changelog == 65 66 = 6.4.1 = 67 * address security vuls 65 68 66 69 = 6.4.0 = -
an-gradebook/tags/6.4.1/rest-api/class-rest-courses.php
r3467181 r3467225 191 191 } 192 192 193 $filename = s tr_replace( ' ', '_',$gradebook['name'] . '_' . $gbid );193 $filename = sanitize_file_name( $gradebook['name'] . '_' . $gbid ); 194 194 195 195 header( 'Content-Type: text/csv; charset=utf-8' ); 196 header( 'Content-Disposition: attachment; filename= ' . $filename . '.csv' );196 header( 'Content-Disposition: attachment; filename="' . $filename . '.csv"' ); 197 197 198 198 $output = fopen( 'php://output', 'w' ); 199 fputcsv( $output, $column_headers);199 fputcsv( $output, array_map( array( $this, 'sanitize_csv_value' ), $column_headers ) ); 200 200 foreach ( $student_records as $row ) { 201 fputcsv( $output, $row);201 fputcsv( $output, array_map( array( $this, 'sanitize_csv_value' ), $row ) ); 202 202 } 203 203 fclose( $output ); 204 204 exit; 205 205 } 206 207 private function sanitize_csv_value( $value ) { 208 if ( is_string( $value ) && isset( $value[0] ) && in_array( $value[0], array( '=', '+', '-', '@', "\t", "\r" ), true ) ) { 209 return "'" . $value; 210 } 211 return $value; 212 } 206 213 } -
an-gradebook/tags/6.4.1/rest-api/class-rest-stats.php
r3467181 r3467225 30 30 public function get_pie_chart( $request ) { 31 31 global $wpdb; 32 $table_assignment = an_gradebook_table( 'an_assignment' ); 32 $table_assignment = an_gradebook_table( 'an_assignment' ); 33 $table_assignments = an_gradebook_table( 'an_assignments' ); 34 $table_gradebook = an_gradebook_table( 'an_gradebook' ); 33 35 34 $amid = absint( $request['amid'] ); 36 $amid = absint( $request['amid'] ); 37 38 // Look up which course this assignment belongs to. 39 $gbid = $wpdb->get_var( $wpdb->prepare( 40 "SELECT gbid FROM {$table_assignments} WHERE id = %d", 41 $amid 42 ) ); 43 44 if ( ! $gbid ) { 45 return new WP_Error( 'not_found', 'Assignment not found.', array( 'status' => 404 ) ); 46 } 47 48 // Non-admin users must be enrolled in the course. 49 if ( ! current_user_can( 'manage_options' ) ) { 50 $current_user = wp_get_current_user(); 51 $enrolled = $wpdb->get_var( $wpdb->prepare( 52 "SELECT COUNT(*) FROM {$table_gradebook} WHERE uid = %d AND gbid = %d", 53 $current_user->ID, 54 $gbid 55 ) ); 56 57 if ( ! $enrolled ) { 58 return new WP_Error( 'forbidden', 'You are not enrolled in this course.', array( 'status' => 403 ) ); 59 } 60 } 61 35 62 $pie_chart_data = $wpdb->get_col( $wpdb->prepare( 36 63 "SELECT assign_points_earned FROM {$table_assignment} WHERE amid = %d", -
an-gradebook/tags/6.4.1/rest-api/class-rest-student-view.php
r3467181 r3467225 59 59 $table_assignments = an_gradebook_table( 'an_assignments' ); 60 60 $table_assignment = an_gradebook_table( 'an_assignment' ); 61 $table_gradebook = an_gradebook_table( 'an_gradebook' ); 61 62 62 63 $gbid = absint( $request['id'] ); 63 64 $current_user = wp_get_current_user(); 65 66 // Verify student is enrolled in this course. 67 $enrolled = $wpdb->get_var( $wpdb->prepare( 68 "SELECT COUNT(*) FROM {$table_gradebook} WHERE uid = %d AND gbid = %d", 69 $current_user->ID, 70 $gbid 71 ) ); 72 73 if ( ! $enrolled ) { 74 return new WP_Error( 'forbidden', 'You are not enrolled in this course.', array( 'status' => 403 ) ); 75 } 64 76 65 77 // Only visible assignments … … 134 146 $table_assignment = an_gradebook_table( 'an_assignment' ); 135 147 $table_assignments = an_gradebook_table( 'an_assignments' ); 148 $table_gradebook = an_gradebook_table( 'an_gradebook' ); 136 149 137 150 $uid = get_current_user_id(); 138 151 $gbid = absint( $request['gbid'] ); 152 153 // Verify student is enrolled in this course. 154 $enrolled = $wpdb->get_var( $wpdb->prepare( 155 "SELECT COUNT(*) FROM {$table_gradebook} WHERE uid = %d AND gbid = %d", 156 $uid, 157 $gbid 158 ) ); 159 160 if ( ! $enrolled ) { 161 return new WP_Error( 'forbidden', 'You are not enrolled in this course.', array( 'status' => 403 ) ); 162 } 139 163 140 164 // Only visible assignments -
an-gradebook/tags/6.4.1/rest-api/class-rest-students.php
r3467181 r3467225 57 57 'uid' => $studentDetails->ID, 58 58 'assign_order' => $assignment['assign_order'], 59 ) );59 ), array( '%d', '%d', '%d', '%d' ) ); 60 60 } 61 61 … … 109 109 $wpdb->users, 110 110 array( 'user_login' => $user_login . $result ), 111 array( 'ID' => $result ) 111 array( 'ID' => $result ), 112 array( '%s' ), 113 array( '%d' ) 112 114 ); 113 115 … … 119 121 'uid' => $result, 120 122 'assign_order' => $assignment['assign_order'], 121 ) );123 ), array( '%d', '%d', '%d', '%d' ) ); 122 124 } 123 125 124 126 $studentDetails = get_user_by( 'id', $result ); 125 $wpdb->insert( $table_gradebook, array( 'uid' => $studentDetails->ID, 'gbid' => $gbid ) );127 $wpdb->insert( $table_gradebook, array( 'uid' => $studentDetails->ID, 'gbid' => $gbid ), array( '%d', '%d' ) ); 126 128 127 129 $assignments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_assignment} WHERE uid = %d", $result ), ARRAY_A ); -
an-gradebook/trunk/GradeBook.php
r3467181 r3467225 4 4 Plugin URI: https://wordpress.org/plugins/an-gradebook/ 5 5 Description: A gradebook plugin for educators to create, maintain, and share grades. 6 Version: 6.4. 06 Version: 6.4.1 7 7 Author: Aori Nevo 8 8 Author URI: http://www.aorinevo.com … … 20 20 } 21 21 22 define( 'AN_GRADEBOOK_VERSION', '6.4. 0' );22 define( 'AN_GRADEBOOK_VERSION', '6.4.1' ); 23 23 24 24 require_once plugin_dir_path( __FILE__ ) . 'functions.php'; -
an-gradebook/trunk/readme.txt
r3467181 r3467225 4 4 Requires at least: 6.0 5 5 Tested up to: 6.9 6 Stable tag: 6.4. 06 Stable tag: 6.4.1 7 7 Requires PHP: 7.4 8 8 License: GPL-2.0-or-later … … 63 63 64 64 == Changelog == 65 66 = 6.4.1 = 67 * address security vuls 65 68 66 69 = 6.4.0 = -
an-gradebook/trunk/rest-api/class-rest-courses.php
r3467181 r3467225 191 191 } 192 192 193 $filename = s tr_replace( ' ', '_',$gradebook['name'] . '_' . $gbid );193 $filename = sanitize_file_name( $gradebook['name'] . '_' . $gbid ); 194 194 195 195 header( 'Content-Type: text/csv; charset=utf-8' ); 196 header( 'Content-Disposition: attachment; filename= ' . $filename . '.csv' );196 header( 'Content-Disposition: attachment; filename="' . $filename . '.csv"' ); 197 197 198 198 $output = fopen( 'php://output', 'w' ); 199 fputcsv( $output, $column_headers);199 fputcsv( $output, array_map( array( $this, 'sanitize_csv_value' ), $column_headers ) ); 200 200 foreach ( $student_records as $row ) { 201 fputcsv( $output, $row);201 fputcsv( $output, array_map( array( $this, 'sanitize_csv_value' ), $row ) ); 202 202 } 203 203 fclose( $output ); 204 204 exit; 205 205 } 206 207 private function sanitize_csv_value( $value ) { 208 if ( is_string( $value ) && isset( $value[0] ) && in_array( $value[0], array( '=', '+', '-', '@', "\t", "\r" ), true ) ) { 209 return "'" . $value; 210 } 211 return $value; 212 } 206 213 } -
an-gradebook/trunk/rest-api/class-rest-stats.php
r3467181 r3467225 30 30 public function get_pie_chart( $request ) { 31 31 global $wpdb; 32 $table_assignment = an_gradebook_table( 'an_assignment' ); 32 $table_assignment = an_gradebook_table( 'an_assignment' ); 33 $table_assignments = an_gradebook_table( 'an_assignments' ); 34 $table_gradebook = an_gradebook_table( 'an_gradebook' ); 33 35 34 $amid = absint( $request['amid'] ); 36 $amid = absint( $request['amid'] ); 37 38 // Look up which course this assignment belongs to. 39 $gbid = $wpdb->get_var( $wpdb->prepare( 40 "SELECT gbid FROM {$table_assignments} WHERE id = %d", 41 $amid 42 ) ); 43 44 if ( ! $gbid ) { 45 return new WP_Error( 'not_found', 'Assignment not found.', array( 'status' => 404 ) ); 46 } 47 48 // Non-admin users must be enrolled in the course. 49 if ( ! current_user_can( 'manage_options' ) ) { 50 $current_user = wp_get_current_user(); 51 $enrolled = $wpdb->get_var( $wpdb->prepare( 52 "SELECT COUNT(*) FROM {$table_gradebook} WHERE uid = %d AND gbid = %d", 53 $current_user->ID, 54 $gbid 55 ) ); 56 57 if ( ! $enrolled ) { 58 return new WP_Error( 'forbidden', 'You are not enrolled in this course.', array( 'status' => 403 ) ); 59 } 60 } 61 35 62 $pie_chart_data = $wpdb->get_col( $wpdb->prepare( 36 63 "SELECT assign_points_earned FROM {$table_assignment} WHERE amid = %d", -
an-gradebook/trunk/rest-api/class-rest-student-view.php
r3467181 r3467225 59 59 $table_assignments = an_gradebook_table( 'an_assignments' ); 60 60 $table_assignment = an_gradebook_table( 'an_assignment' ); 61 $table_gradebook = an_gradebook_table( 'an_gradebook' ); 61 62 62 63 $gbid = absint( $request['id'] ); 63 64 $current_user = wp_get_current_user(); 65 66 // Verify student is enrolled in this course. 67 $enrolled = $wpdb->get_var( $wpdb->prepare( 68 "SELECT COUNT(*) FROM {$table_gradebook} WHERE uid = %d AND gbid = %d", 69 $current_user->ID, 70 $gbid 71 ) ); 72 73 if ( ! $enrolled ) { 74 return new WP_Error( 'forbidden', 'You are not enrolled in this course.', array( 'status' => 403 ) ); 75 } 64 76 65 77 // Only visible assignments … … 134 146 $table_assignment = an_gradebook_table( 'an_assignment' ); 135 147 $table_assignments = an_gradebook_table( 'an_assignments' ); 148 $table_gradebook = an_gradebook_table( 'an_gradebook' ); 136 149 137 150 $uid = get_current_user_id(); 138 151 $gbid = absint( $request['gbid'] ); 152 153 // Verify student is enrolled in this course. 154 $enrolled = $wpdb->get_var( $wpdb->prepare( 155 "SELECT COUNT(*) FROM {$table_gradebook} WHERE uid = %d AND gbid = %d", 156 $uid, 157 $gbid 158 ) ); 159 160 if ( ! $enrolled ) { 161 return new WP_Error( 'forbidden', 'You are not enrolled in this course.', array( 'status' => 403 ) ); 162 } 139 163 140 164 // Only visible assignments -
an-gradebook/trunk/rest-api/class-rest-students.php
r3467181 r3467225 57 57 'uid' => $studentDetails->ID, 58 58 'assign_order' => $assignment['assign_order'], 59 ) );59 ), array( '%d', '%d', '%d', '%d' ) ); 60 60 } 61 61 … … 109 109 $wpdb->users, 110 110 array( 'user_login' => $user_login . $result ), 111 array( 'ID' => $result ) 111 array( 'ID' => $result ), 112 array( '%s' ), 113 array( '%d' ) 112 114 ); 113 115 … … 119 121 'uid' => $result, 120 122 'assign_order' => $assignment['assign_order'], 121 ) );123 ), array( '%d', '%d', '%d', '%d' ) ); 122 124 } 123 125 124 126 $studentDetails = get_user_by( 'id', $result ); 125 $wpdb->insert( $table_gradebook, array( 'uid' => $studentDetails->ID, 'gbid' => $gbid ) );127 $wpdb->insert( $table_gradebook, array( 'uid' => $studentDetails->ID, 'gbid' => $gbid ), array( '%d', '%d' ) ); 126 128 127 129 $assignments = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_assignment} WHERE uid = %d", $result ), ARRAY_A );
Note: See TracChangeset
for help on using the changeset viewer.