Changeset 3469357
- Timestamp:
- 02/25/2026 10:59:08 AM (5 weeks ago)
- Location:
- pageapp
- Files:
-
- 18 added
- 6 edited
-
tags/1.5.1 (added)
-
tags/1.5.1/css (added)
-
tags/1.5.1/css/admin.css (added)
-
tags/1.5.1/images (added)
-
tags/1.5.1/images/pageapp20.png (added)
-
tags/1.5.1/inc (added)
-
tags/1.5.1/inc/cachelib.php (added)
-
tags/1.5.1/inc/httplib.php (added)
-
tags/1.5.1/inc/jsonlib.php (added)
-
tags/1.5.1/inc/pluginlib.php (added)
-
tags/1.5.1/inc/restlib.php (added)
-
tags/1.5.1/inc/settingslib.php (added)
-
tags/1.5.1/inc/utilslib.php (added)
-
tags/1.5.1/js (added)
-
tags/1.5.1/js/admin.js (added)
-
tags/1.5.1/pageapp-json.php (added)
-
tags/1.5.1/pageapp.php (added)
-
tags/1.5.1/readme.txt (added)
-
trunk/inc/cachelib.php (modified) (6 diffs)
-
trunk/inc/jsonlib.php (modified) (2 diffs)
-
trunk/inc/restlib.php (modified) (1 diff)
-
trunk/pageapp-json.php (modified) (2 diffs)
-
trunk/pageapp.php (modified) (8 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
pageapp/trunk/inc/cachelib.php
r3469312 r3469357 54 54 global $wpdb; 55 55 $table = $this->table(); 56 $query = $wpdb->prepare("DELETE FROM $table WHERE %d = %d;", 1, 1); 57 $wpdb->query($query); 56 $wpdb->query($wpdb->prepare("DELETE FROM $table WHERE %d = %d;", 1, 1)); 58 57 } 59 58 } … … 63 62 global $wpdb; 64 63 $table = $this->table(); 65 $query = $wpdb->prepare("DELETE FROM $table WHERE expires < DATE_ADD(NOW(), INTERVAL %d SECOND);", 0); 66 $wpdb->query($query); 64 $wpdb->query($wpdb->prepare("DELETE FROM $table WHERE expires < DATE_ADD(NOW(), INTERVAL %d SECOND);", 0)); 67 65 } 68 66 } … … 71 69 global $wpdb; 72 70 $table = $this->table(); 73 $query = $wpdb->prepare("DELETE FROM $table WHERE name = %s;", $name); 74 $wpdb->query($query); 71 $wpdb->query($wpdb->prepare("DELETE FROM $table WHERE name = %s;", $name)); 75 72 } 76 73 } … … 79 76 global $wpdb; 80 77 $table = $this->table(); 81 $query = $wpdb->prepare("SELECT data FROM $table WHERE name = %s AND expires > NOW();", $name); 82 return $wpdb->get_var($query); 78 return $wpdb->get_var($wpdb->prepare("SELECT data FROM $table WHERE name = %s AND expires > NOW();", $name)); 83 79 } 84 80 } … … 88 84 $table = $this->table(); 89 85 $expiry = esc_sql($expiry ? $expiry : $this->expiry); 90 $ query =$wpdb->prepare(86 $wpdb->query($wpdb->prepare( 91 87 "INSERT INTO $table (name, expires, data) 92 88 VALUES (%s, DATE_ADD(NOW(), INTERVAL $expiry), %s) … … 96 92 $value, 97 93 $value 98 ); 99 $wpdb->query($query); 94 )); 100 95 } 101 96 return $value; -
pageapp/trunk/inc/jsonlib.php
r3469278 r3469357 96 96 */ 97 97 public static function strip($value) { 98 return strip_tags(str_replace('?>','',str_replace('<?php','',stripslashes($value))));98 return wp_strip_all_tags(str_replace('?>','',str_replace('<?php','',stripslashes($value)))); 99 99 } 100 100 public static function get_param($key, $default = null) { … … 107 107 return self::strip($value); 108 108 } else { 109 throw new Exception( ($description?$description:$key).' is required.');109 throw new Exception(esc_html($description?$description:$key).' is required.'); 110 110 } 111 111 } -
pageapp/trunk/inc/restlib.php
r3469278 r3469357 5 5 * Author: James D. Low 6 6 * URL: http://jameslow.com 7 * About: Helper class for creating Wordpress REST end points7 * About: Helper class for creating REST end points for use with and without Wordpress 8 8 */ 9 9 class RestLib { -
pageapp/trunk/pageapp-json.php
r3469278 r3469357 164 164 } 165 165 foreach ($list as $url) { 166 //This is echoing a list of raw URLs over an API endpoint, it does not need to be escaped 167 echo $url."\n"; 166 echo esc_url($url)."\n"; 168 167 } 169 168 exit(); … … 178 177 protected function fire_links() { 179 178 $list = preg_split("/[\s,]+/", get_option('pageapp_firetv_feeds')); 180 //This is echoing a list of raw URLs over an API endpoint, it does not need to be escaped181 179 foreach ($list as $url) { 182 echo $url."\n";180 echo esc_url($url)."\n"; 183 181 } 184 182 exit(); -
pageapp/trunk/pageapp.php
r3469312 r3469357 4 4 Plugin URI: https://wordpress.org/plugins/pageapp/ 5 5 Description: Extensions to Wordpress wp-json for the PageApp API and mobile framework 6 Version: 1.5. 06 Version: 1.5.1 7 7 Author: PageApp 8 8 Author URI: https://www.thirteen.com/ 9 License: MIT License9 License: MIT 10 10 */ 11 11 if (!defined( 'ABSPATH')) exit; … … 226 226 if (get_option('pageapp_password') == '1') { 227 227 if (empty($_POST['password'])) { 228 $errors->add('empty_password', __('Please enter a password.'));228 $errors->add('empty_password', 'Please enter a password.'); 229 229 } 230 230 } … … 362 362 'meta_value' => '', 363 363 'post_type' => $details->object_type[0], 364 'suppress_filters' => true,364 //'suppress_filters' => true, 365 365 'tax_query' => array( 366 366 array( … … 462 462 public static function register_options() { 463 463 //Whitelist Meta 464 register_setting(self::$prefix, 'pageapp_postmeta'); 464 register_setting(self::$prefix, 'pageapp_postmeta', array( 465 'sanitize_callback' => array(self::class, 'sanitize_postmeta_json') 466 )); 467 } 468 public static function sanitize_postmeta_json($value) { 469 if (is_array($value)) { 470 return wp_json_encode($value); 471 } 472 if (!is_string($value)) { 473 return '[]'; 474 } 475 $decoded = json_decode(wp_unslash($value), true); 476 if (json_last_error() === JSON_ERROR_NONE) { 477 return wp_json_encode($decoded); 478 } 479 return '[]'; 465 480 } 466 481 public static function max_results() { … … 503 518 public static function get_post_meta() { 504 519 global $wpdb; 505 $prefix = $wpdb->prefix; 506 $sql = "SELECT DISTINCT meta_key FROM {$prefix}postmeta 520 return $wpdb->get_results($wpdb->prepare("SELECT DISTINCT meta_key FROM {$wpdb->postmeta} 507 521 WHERE SUBSTRING(meta_key,1,1) != '_' AND SUBSTRING(meta_key,1,6) != 'field_' 508 ORDER BY meta_key ASC"; 509 return $wpdb->get_results($sql); 522 ORDER BY meta_key ASC")); 510 523 } 511 524 public static function meta_checkbox($key, $option, $param) { … … 574 587 } 575 588 } 576 589 $allow = array( 590 'tr' => array( 591 'valign' => array(), 592 'class' => array() 593 ), 594 'th' => array( 595 'scope' => array() 596 ), 597 'td' => array(), 598 'div' => array( 599 'style' => array() 600 ), 601 'select' => array( 602 'id' => array(), 603 'name' => array() 604 ), 605 'input' => array( 606 'id' => array(), 607 'name' => array(), 608 'type' => array(), 609 'checked' => array(), 610 'value' => array(), 611 'style' => array(), 612 'placeholder' => array() 613 ), 614 'textarea' => array( 615 'id' => array(), 616 'name' => array(), 617 'rows' => array(), 618 'cols' => array() 619 ), 620 'option' => array( 621 'value' => array(), 622 'selected' => array() 623 ), 624 'label' => array( 625 'for' => array(), 626 'name' => array() 627 ) 628 ); 577 629 foreach($allmeta as $meta) { 578 630 echo "<tr> 579 <td> $meta".self::meta_hidden($meta)."</td>580 <td>". self::meta_checkbox($meta, $option, 'restapi')."</td>581 <td>". self::meta_checkbox($meta, $option, 'single')."</td>582 <td>". self::meta_select($meta, $option, 'type')."</td>631 <td>".esc_html($meta).wp_kses(self::meta_hidden($meta), $allow)."</td> 632 <td>".wp_kses(self::meta_checkbox($meta, $option, 'restapi'), $allow)."</td> 633 <td>".wp_kses(self::meta_checkbox($meta, $option, 'single'), $allow)."</td> 634 <td>".wp_kses(self::meta_select($meta, $option, 'type'), $allow)."</td> 583 635 </tr>"; 584 636 } … … 665 717 $result = trim(get_url($url)); 666 718 if (strpos($result, '<?xml') !== false) { 667 $rand = rand(24, 48);719 $rand = wp_rand(24, 48); 668 720 self::$ValueCache->put($url, $result, $rand.' HOUR'); 669 721 return new SimpleXmlElement($result); … … 681 733 $json = json_decode($result, true);; 682 734 if ($json !== null) { 683 $rand = rand(24, 48);735 $rand = wp_rand(24, 48); 684 736 self::$ValueCache->put($url, $result, $rand.' HOUR'); 685 737 return $json; -
pageapp/trunk/readme.txt
r3469312 r3469357 3 3 Tags: pageapp, wp-json, relevanssi, search, rest, post meta 4 4 Requires at least: 4.0 5 Tested up to: 6.9 .16 Stable tag: 1.5. 07 License: MIT License5 Tested up to: 6.9 6 Stable tag: 1.5.1 7 License: MIT 8 8 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=K6VKWB3HZB2T2&item_name=Donation%20to%20jameslow%2ecom¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8 9 9 … … 28 28 29 29 == Changelog == 30 31 = 1.5.1 = 32 * Further updates/fixes for Wordpress best practices 30 33 31 34 = 1.5.0 =
Note: See TracChangeset
for help on using the changeset viewer.