Changeset 3468165
- Timestamp:
- 02/24/2026 02:24:01 AM (2 weeks ago)
- Location:
- awcode-toolkit/trunk
- Files:
-
- 5 edited
-
aw-toolkit.php (modified) (4 diffs)
-
includes/class.awtoolkit-general.php (modified) (1 diff)
-
includes/class.awtoolkit-setting.php (modified) (2 diffs)
-
includes/settings-template.php (modified) (2 diffs)
-
readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
awcode-toolkit/trunk/aw-toolkit.php
r3403732 r3468165 2 2 /* 3 3 * Plugin Name: AWcode Toolkit 4 * Version: 1.0.2 04 * Version: 1.0.21 5 5 * Description: A collection of useful tools and functions for Wordpress site owners 6 6 * Author: AWcode 7 7 * Author URI: https://awcode.com/ 8 8 * Requires at least: 5.0 9 * Tested up to: 6. 8.39 * Tested up to: 6.9 10 10 * License: GPLv2 11 11 * … … 42 42 } 43 43 44 if (get_option('aw_remote_management')) { 45 require_once plugin_dir_path( __FILE__ ) . 'includes/class.awtoolkit-remote.php'; 46 } 44 47 45 48 add_filter( 'init', 'aw_checkmaintenance' ); … … 49 52 $exceptions = get_option('aw_maint_exceptions'); 50 53 if($exceptions){ 51 $url = strtolower(strtok($_SERVER['REQUEST_URI'], '?'));54 $url = isset( $_SERVER['REQUEST_URI'] ) ? strtolower( strtok( sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ), '?' ) ) : ''; 52 55 foreach(explode('\n', $exceptions) as $ex){ 53 56 $ex = trim(strtolower($ex)); … … 69 72 function is_wplogin(){ 70 73 $ABSPATH_MY = str_replace(array('\\','/'), DIRECTORY_SEPARATOR, ABSPATH); 71 return ((in_array($ABSPATH_MY.'wp-login.php', get_included_files()) || in_array($ABSPATH_MY.'wp-register.php', get_included_files()) ) || (isset($_GLOBALS['pagenow']) && $GLOBALS['pagenow'] === 'wp-login.php') || $_SERVER['PHP_SELF']== '/wp-login.php'|| strpos($_SERVER['REQUEST_URI'], 'wp-admin') ); 74 $php_self = isset( $_SERVER['PHP_SELF'] ) ? sanitize_text_field( wp_unslash( $_SERVER['PHP_SELF'] ) ) : ''; 75 $request_uri = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : ''; 76 return ((in_array($ABSPATH_MY.'wp-login.php', get_included_files()) || in_array($ABSPATH_MY.'wp-register.php', get_included_files()) ) || (isset($_GLOBALS['pagenow']) && $GLOBALS['pagenow'] === 'wp-login.php') || $php_self === '/wp-login.php'|| strpos($request_uri, 'wp-admin') !== false ); 72 77 } 73 78 -
awcode-toolkit/trunk/includes/class.awtoolkit-general.php
r2239423 r3468165 12 12 foreach ( $headers as $key ) { 13 13 //check if CF origin is SSL, if so need to tell WP we are on SSL 14 if ( isset( $_SERVER[ $key ] ) && ( strpos( $_SERVER[ $key ], 'https' ) !== false ) ) {14 if ( isset( $_SERVER[ $key ] ) && ( strpos( sanitize_text_field( wp_unslash( $_SERVER[ $key ] ) ), 'https' ) !== false ) ) { 15 15 $_SERVER[ 'HTTPS' ] = 'on'; 16 16 add_action( 'shutdown', array( $this, 'forceLoadFirst' ) ); -
awcode-toolkit/trunk/includes/class.awtoolkit-setting.php
r3291514 r3468165 9 9 10 10 function awtoolbox_dashboard(){ 11 if(isset($_POST['action']) && $_POST['action'] == 'updating-awtoolkit'){ 12 if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'updating-awtoolkit' ) ) { 13 die( __( 'Security check') ); 11 if(isset($_POST['action']) && sanitize_text_field(wp_unslash($_POST['action'])) == 'updating-awtoolkit'){ 12 $nonce = isset($_REQUEST['_wpnonce']) ? sanitize_text_field(wp_unslash($_REQUEST['_wpnonce'])) : ''; 13 if ( ! wp_verify_nonce( $nonce, 'updating-awtoolkit' ) ) { 14 die( esc_html__( 'Security check', 'awcode-toolkit' ) ); 14 15 } 15 update_option('aw_woo_prod_sales_count', isset($_POST['aw_woo_prod_sales_count']) ? $_POST['aw_woo_prod_sales_count'] : '', 'yes'); 16 update_option('aw_woo_prod_dimensions', isset($_POST['aw_woo_prod_dimensions']) ? $_POST['aw_woo_prod_dimensions'] : '', 'yes'); 17 update_option('aw_woo_past_order_count', isset($_POST['aw_woo_past_order_count']) ? $_POST['aw_woo_past_order_count'] : '', 'yes'); 18 update_option('aw_woo_utm', isset($_POST['aw_woo_utm']) ? $_POST['aw_woo_utm'] : '', 'yes'); 19 update_option('aw_woo_msp', isset($_POST['aw_woo_msp']) ? $_POST['aw_woo_msp'] : '', 'yes'); 20 update_option('aw_maint_mode', isset($_POST['aw_maint_mode']) ? $_POST['aw_maint_mode'] : '', 'yes'); 21 update_option('aw_maint_title', isset($_POST['aw_maint_title']) ? $_POST['aw_maint_title'] : 'Website coming soon!', 'yes'); 22 update_option('aw_maint_message', isset($_POST['aw_maint_message']) ? $_POST['aw_maint_message'] : '', 'yes'); 23 update_option('aw_maint_exceptions', isset($_POST['aw_maint_exceptions']) ? $_POST['aw_maint_exceptions'] : '', 'yes'); 24 if(isset($_POST['replace_find']) && $_POST['replace_find']){ 25 if(isset($_POST['replace_accept']) && $_POST['replace_accept']){ 26 $replace_msg = awDbFindReplace($_POST['replace_table'], $_POST['replace_find'], $_POST['replace_replace']); 16 update_option('aw_woo_prod_sales_count', isset($_POST['aw_woo_prod_sales_count']) ? sanitize_text_field(wp_unslash($_POST['aw_woo_prod_sales_count'])) : '', 'yes'); 17 update_option('aw_woo_prod_dimensions', isset($_POST['aw_woo_prod_dimensions']) ? sanitize_text_field(wp_unslash($_POST['aw_woo_prod_dimensions'])) : '', 'yes'); 18 update_option('aw_woo_past_order_count', isset($_POST['aw_woo_past_order_count']) ? sanitize_text_field(wp_unslash($_POST['aw_woo_past_order_count'])) : '', 'yes'); 19 update_option('aw_woo_utm', isset($_POST['aw_woo_utm']) ? sanitize_text_field(wp_unslash($_POST['aw_woo_utm'])) : '', 'yes'); 20 update_option('aw_woo_msp', isset($_POST['aw_woo_msp']) ? sanitize_text_field(wp_unslash($_POST['aw_woo_msp'])) : '', 'yes'); 21 22 update_option('aw_remote_management', isset($_POST['aw_remote_management']) ? sanitize_text_field(wp_unslash($_POST['aw_remote_management'])) : '', 'yes'); 23 if (isset($_POST['aw_remote_management']) && sanitize_text_field(wp_unslash($_POST['aw_remote_management']))) { 24 if (!get_option('aw_remote_api_key')) { 25 update_option('aw_remote_api_key', bin2hex(random_bytes(16)), 'yes'); 26 } 27 if (!get_option('aw_remote_api_secret')) { 28 update_option('aw_remote_api_secret', bin2hex(random_bytes(32)), 'yes'); 29 } 30 } 31 if (isset($_POST['aw_remote_rotate_keys']) && sanitize_text_field(wp_unslash($_POST['aw_remote_rotate_keys']))) { 32 update_option('aw_remote_api_key', bin2hex(random_bytes(16)), 'yes'); 33 update_option('aw_remote_api_secret', bin2hex(random_bytes(32)), 'yes'); 34 } 35 36 update_option('aw_maint_mode', isset($_POST['aw_maint_mode']) ? sanitize_text_field(wp_unslash($_POST['aw_maint_mode'])) : '', 'yes'); 37 update_option('aw_maint_title', isset($_POST['aw_maint_title']) ? sanitize_text_field(wp_unslash($_POST['aw_maint_title'])) : 'Website coming soon!', 'yes'); 38 update_option('aw_maint_message', isset($_POST['aw_maint_message']) ? sanitize_textarea_field(wp_unslash($_POST['aw_maint_message'])) : '', 'yes'); 39 update_option('aw_maint_exceptions', isset($_POST['aw_maint_exceptions']) ? sanitize_textarea_field(wp_unslash($_POST['aw_maint_exceptions'])) : '', 'yes'); 40 if(isset($_POST['replace_find']) && sanitize_text_field(wp_unslash($_POST['replace_find']))){ 41 if(isset($_POST['replace_accept']) && sanitize_text_field(wp_unslash($_POST['replace_accept']))){ 42 $replace_table = isset($_POST['replace_table']) ? sanitize_text_field(wp_unslash($_POST['replace_table'])) : ''; 43 $replace_find = isset($_POST['replace_find']) ? sanitize_text_field(wp_unslash($_POST['replace_find'])) : ''; 44 $replace_replace = isset($_POST['replace_replace']) ? sanitize_text_field(wp_unslash($_POST['replace_replace'])) : ''; 45 $replace_msg = awDbFindReplace($replace_table, $replace_find, $replace_replace); 27 46 }else{ 28 47 $replace_msg = 'Acknowledge warning before running a database replace'; … … 68 87 } 69 88 89 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared 90 // $table is already escaped with esc_sql() above, and SHOW TABLES output is used for template options. 70 91 $data = $wpdb->get_results( "SELECT * FROM `$table`" , ARRAY_A ); 71 92 -
awcode-toolkit/trunk/includes/settings-template.php
r3218626 r3468165 29 29 <select name="replace_table" id="replace_table" style="width:100%;"> 30 30 <?php 31 // phpcs:ignore WordPress.Security.NonceVerification.Missing 32 $selected_table = isset($_POST['replace_table']) ? sanitize_text_field(wp_unslash($_POST['replace_table'])) : ''; 31 33 foreach($db_tables as $k=>$v){ 32 34 $table = array_values($v)[0]; 33 echo('<option name="'.esc_attr($table).'" '.( isset($_POST['replace_table']) && $_POST['replace_table']== $table ? 'selected="selected"' : '').'>'.esc_attr($table).'</option>');35 echo('<option name="'.esc_attr($table).'" '.($selected_table == $table ? 'selected="selected"' : '').'>'.esc_attr($table).'</option>'); 34 36 } 35 37 ?> … … 101 103 </div> 102 104 105 <div class="awbox"> 106 <h4>Remote Management</h4> 107 <p> 108 <input type="checkbox" name="aw_remote_management" id="aw_remote_management" <?php echo get_option('aw_remote_management') ? 'checked="checked"' : ''?>> 109 <label for="aw_remote_management">Enable Remote Management API</label> 110 </p> 111 <?php if (get_option('aw_remote_management') && get_option('aw_remote_api_key')) : ?> 112 <div style="background:#f9f9f9; padding: 10px; border: 1px solid #ddd; margin-top: 10px;"> 113 <p><strong>API Key:</strong> <br><input type="text" readonly="readonly" value="<?php echo esc_attr(get_option('aw_remote_api_key')); ?>" style="width:100%; font-family: monospace;"></p> 114 <p><strong>API Secret:</strong> <br><input type="text" readonly="readonly" value="<?php echo esc_attr(get_option('aw_remote_api_secret')); ?>" style="width:100%; font-family: monospace;"></p> 115 <p> 116 <input type="checkbox" name="aw_remote_rotate_keys" id="aw_remote_rotate_keys" value="1"> 117 <label for="aw_remote_rotate_keys">Rotate API Keys on Save (will break existing connections)</label> 118 </p> 119 </div> 120 <?php endif; ?> 121 </div> 122 103 123 <br style="clear:both;"> 104 124 <input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes"><br> -
awcode-toolkit/trunk/readme.txt
r3403732 r3468165 4 4 Tags: woocommerce, cloudflare, awcode, web developer, web design 5 5 Requires at least: 5.0 6 Tested up to: 6. 8.37 Stable tag: 1.0.2 06 Tested up to: 6.9 7 Stable tag: 1.0.21 8 8 License: GPLv2 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 24 24 25 25 * Database find and replace 26 27 * Expand Smush functions 26 28 27 29 = WooCommerce Features = … … 49 51 50 52 == Upgrade Notice == 53 54 = 1.0.21 = 55 Add management tools 51 56 52 57 = 1.0.20 =
Note: See TracChangeset
for help on using the changeset viewer.