Changeset 3469278
- Timestamp:
- 02/25/2026 09:54:25 AM (5 weeks ago)
- Location:
- pageapp
- Files:
-
- 18 added
- 10 edited
-
tags/1.4.8 (added)
-
tags/1.4.8/css (added)
-
tags/1.4.8/css/admin.css (added)
-
tags/1.4.8/images (added)
-
tags/1.4.8/images/pageapp20.png (added)
-
tags/1.4.8/inc (added)
-
tags/1.4.8/inc/cachelib.php (added)
-
tags/1.4.8/inc/httplib.php (added)
-
tags/1.4.8/inc/jsonlib.php (added)
-
tags/1.4.8/inc/pluginlib.php (added)
-
tags/1.4.8/inc/restlib.php (added)
-
tags/1.4.8/inc/settingslib.php (added)
-
tags/1.4.8/inc/utilslib.php (added)
-
tags/1.4.8/js (added)
-
tags/1.4.8/js/admin.js (added)
-
tags/1.4.8/pageapp-json.php (added)
-
tags/1.4.8/pageapp.php (added)
-
tags/1.4.8/readme.txt (added)
-
trunk/inc/cachelib.php (modified) (3 diffs)
-
trunk/inc/httplib.php (modified) (1 diff)
-
trunk/inc/jsonlib.php (modified) (3 diffs)
-
trunk/inc/pluginlib.php (modified) (1 diff)
-
trunk/inc/restlib.php (modified) (1 diff)
-
trunk/inc/settingslib.php (modified) (6 diffs)
-
trunk/inc/utilslib.php (modified) (1 diff)
-
trunk/pageapp-json.php (modified) (6 diffs)
-
trunk/pageapp.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
pageapp/trunk/inc/cachelib.php
r2480307 r3469278 1 1 <?php 2 /* 3 * File: cachelib.php 4 * Date: 20250225 5 * Author: James D. Low 6 * URL: http://jameslow.com 7 * About: Helper class for caching data in MySQL databases 8 */ 2 9 if (!class_exists('ValueCache')) { 3 10 class ValueCache { … … 15 22 private function table() { 16 23 global $wpdb; 17 return $wpdb->prefix . $this->prefix . 'cache';24 return esc_sql($wpdb->prefix . $this->prefix . 'cache'); 18 25 } 19 26 private function create_table() { … … 78 85 global $wpdb; 79 86 $table = $this->table(); 80 $expiry = $expiry ? $expiry : $this->expiry;87 $expiry = esc_sql($expiry ? $expiry : $this->expiry); 81 88 $name = esc_sql($name); 82 89 $value = esc_sql($value); -
pageapp/trunk/inc/httplib.php
r2914535 r3469278 2 2 /* 3 3 * File: httplib.php 4 * Date: 202 303074 * Date: 20250225 5 5 * Author: James D. Low 6 6 * URL: http://jameslow.com -
pageapp/trunk/inc/jsonlib.php
r3168966 r3469278 1 1 <?php 2 /* 3 * File: jsonlib.php 4 * Date: 20250225 5 * Author: James D. Low 6 * URL: http://jameslow.com 7 * About: Helper class for creating Wordpress REST end points, superseeded by restlib.php 8 */ 2 9 if (!class_exists('JsonLib')) { 3 10 class JsonLib { … … 56 63 } 57 64 } catch (Exception $e) { 58 return new WP_Error('error', __($e->getMessage(), 'pageapp'));65 return new WP_Error('error', $e->getMessage()); 59 66 } 60 67 } … … 128 135 } 129 136 public static function error($message) { 130 return new WP_Error('error', __($message, 'premiere'));137 return new WP_Error('error', $message); 131 138 } 132 139 public static function output($json) { -
pageapp/trunk/inc/pluginlib.php
r3088045 r3469278 1 1 <?php 2 /* 3 * File: pageapp.php 4 * Date: 20250225 5 * Author: James D. Low 6 * URL: http://jameslow.com 7 * About: Helper class for creating Wordpress plugins 8 */ 2 9 if (!class_exists('PageAppPlugin')) { 3 10 class PageAppPlugin { -
pageapp/trunk/inc/restlib.php
r3464734 r3469278 1 1 <?php 2 2 /* 3 * File: restlib.php 4 * Date: 20250225 5 * Author: James D. Low 6 * URL: http://jameslow.com 7 * About: Helper class for creating Wordpress REST end points 8 */ 3 9 class RestLib { 4 10 public $apikeys; -
pageapp/trunk/inc/settingslib.php
r3129768 r3469278 1 1 <?php 2 /* 3 * File: settingslib.php 4 * Date: 20250225 5 * Author: James D. Low 6 * URL: http://jameslow.com 7 * About: Helper class for easily creating a Wordpress settings UI 8 */ 2 9 if (!class_exists('SettingsLib')) { 3 10 class SettingsLib { … … 37 44 'type' => $type, 38 45 'description' => $setting->title, 39 'default' => property_exists($setting, 'default') ? $setting->default : null 46 'default' => property_exists($setting, 'default') ? $setting->default : null, 47 'sanitize_callback' => array($this , 'sanitize_callback') 40 48 ) 41 49 ); 42 50 } 51 } 52 public function sanitize_callback($input) { 53 return sanitize_textarea_field($input); 43 54 } 44 55 public function admin_menu() { … … 68 79 } 69 80 public static function notice($message, $type = 'success') { 70 echo '<div class="notice notice-'. $type.' is-dismissible">71 <p><strong>'. $message.'</strong></p>81 echo '<div class="notice notice-'.esc_attr($type).' is-dismissible"> 82 <p><strong>'.esc_html($message).'</strong></p> 72 83 </div>'; 73 84 } … … 89 100 $setting = (object) $setting; 90 101 if ($setting->type == 'boolean') { 91 echo self::settings_checkbox($setting);102 echo wp_kses(self::settings_checkbox($setting), array('tr', 'td', 'th', 'input', 'label')); 92 103 } elseif ($setting->type == 'select') { 93 echo self::settings_select($setting);104 echo wp_kses(self::settings_select($setting), array('tr', 'td', 'th', 'select', 'option')); 94 105 } elseif ($setting->type == 'text') { 95 echo self::settings_text($setting);106 echo wp_kses(self::settings_text($setting), array('tr', 'td', 'th', 'textarea')); 96 107 } elseif ($setting->type == 'title') { 97 echo self::settings_row($setting);108 echo wp_kses(self::settings_row($setting), array('tr', 'td', 'th')); 98 109 } else { 99 echo self::settings_input($setting);110 echo wp_kses(self::settings_input($setting), array('tr', 'td', 'th', 'input')); 100 111 } 101 112 } 102 113 public static function settings_row($setting, $html = '') { 103 114 return ' 104 <tr valign="top" class="'. $setting->id.'">115 <tr valign="top" class="'.esc_attr($setting->id).'"> 105 116 <th scope="row">'.esc_html($setting->title).($setting->type=='text'&&$setting->description?'<div style="font-weight:normal;">'.esc_html($setting->description).'</div>':'').'</th> 106 117 <td>'.$html.'</td> … … 129 140 public static function settings_input($setting) { 130 141 $html = '<input style="width:520px;" placeholder="'.esc_attr($setting->description).'" type="'.($setting->type=='password'?'password':'text').'" name="'.esc_attr($setting->id).'" value="'.esc_attr(get_option($setting->id)).'" />'; 131 //$html .= '<div>'.$setting->description.'</div>';132 142 return self::settings_row($setting, $html); 133 143 } … … 139 149 } 140 150 public function menu_page() { 141 echo '<h1>'. $this->name.'</h1>';151 echo '<h1>'.esc_html($this->name).'</h1>'; 142 152 echo $this->html; 143 153 $nounce = $this->group; -
pageapp/trunk/inc/utilslib.php
r2914535 r3469278 1 1 <?php 2 /* 3 * File: utilslib.php 4 * Date: 20250225 5 * Author: James D. Low 6 * URL: http://jameslow.com 7 * About: Generic PHP utility functions 8 */ 2 9 if (!class_exists('UtilsLib')) { 3 10 class UtilsLib { -
pageapp/trunk/pageapp-json.php
r3168966 r3469278 1 1 <?php 2 if (!defined( 'ABSPATH')) exit; 2 3 require_once 'inc/jsonlib.php'; 3 4 class PageAppJson extends JsonLib { … … 163 164 } 164 165 foreach ($list as $url) { 166 //This is echoing a list of raw URLs over an API endpoint, it does not need to be escaped 165 167 echo $url."\n"; 166 168 } … … 170 172 protected function roku_cache() { 171 173 $url = self::assert_param('url'); 172 echo json_encode(PageApp::cache_json($url));174 echo wp_json_encode(PageApp::cache_json($url)); 173 175 exit; 174 176 } … … 176 178 protected function fire_links() { 177 179 $list = preg_split("/[\s,]+/", get_option('pageapp_firetv_feeds')); 180 //This is echoing a list of raw URLs over an API endpoint, it does not need to be escaped 178 181 foreach ($list as $url) { 179 182 echo $url."\n"; … … 184 187 protected function fire_cache() { 185 188 $url = self::assert_param('url'); 189 //This is echoing raw xml directly over an API endpoint, it does not need to be escaped 186 190 echo PageApp::cache_xml($url)->asXML(); 187 191 exit; … … 247 251 if ($result) { 248 252 //TODO: content header 253 //This is echoing raw xml directly over an API endpoint, it does not need to be escaped 249 254 echo $result; 250 255 exit; -
pageapp/trunk/pageapp.php
r3464734 r3469278 4 4 Plugin URI: https://wordpress.org/plugins/pageapp/ 5 5 Description: Extensions to Wordpress wp-json for the PageApp API and mobile framework 6 Version: 1.4. 76 Version: 1.4.8 7 7 Author: PageApp 8 Author URI: https://www. pageapp.com9 License: © 2023 Thirteen32 Pty Ltd8 Author URI: https://www.thirteen.com/ 9 License: MIT License 10 10 */ 11 if (!defined( 'ABSPATH')) exit; 11 12 class PageApp { 12 13 public static $name = self::class; … … 215 216 ?> 216 217 <p> 217 <label for="password"> <?php _e('Password'); ?><br />218 <label for="password">Password<br /> 218 219 <input type="password" name="password" id="password" class="input" value="<?php echo esc_attr(wp_unslash($_POST['password'])); ?>" size="25" /> 219 220 </label> -
pageapp/trunk/readme.txt
r3464734 r3469278 1 1 === PageApp === 2 2 Contributors: jamesdlow 3 Tags: pageapp, wp-json, relevanssi, search, api, rest api, post, meta, post meta3 Tags: pageapp, wp-json, relevanssi, search, rest, post meta 4 4 Requires at least: 4.0 5 Tested up to: 6.9. 06 Stable tag: trunk7 License: © 2024 Thireen32 Pty Ltd5 Tested up to: 6.9.1 6 Stable tag: 1.4.8 7 License: MIT License 8 8 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=K6VKWB3HZB2T2&item_name=Donation%20to%20jameslow%2ecom¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8 9 9 … … 28 28 29 29 == Changelog == 30 31 = 1.4.8 = 32 * Update/fixes for Wordpress best practices: 33 * No GPL-compatible license declared 34 * Sanitization for register_setting() 35 * Internationalization: Don't use variables or defines as text, context or text domain parameters. 36 * Variables and options must be escaped when echo'd 37 * Allowing direct file access to plugin files 38 * TODO: Unsafe SQL calls 39 * Plugin Check Report fixes: 40 * ERROR: trunk_stable_tag 41 * ERROR: readme_parser_warnings_too_many_tags 42 * ERROR: WordPress.WP.I18n.NonSingularStringLiteralText 43 * ERROR: WordPress.WP.I18n.TextDomainMismatch 30 44 31 45 = 1.4.7 =
Note: See TracChangeset
for help on using the changeset viewer.