Changeset 2601509

Timestamp:

09/20/2021 04:58:12 AM (4 years ago)

Author:

mndpsingh287

Message:

fixed security issues

Location:

advance-search/trunk

Files:

• advance-search.php (modified) (1 diff)
• inc/admin/class-admin.php (modified) (22 diffs)
• inc/admin/css/advance-search-admin.css (modified) (1 diff)
• inc/admin/js/advance-search-admin.js (modified) (7 diffs)
• inc/admin/views/help-update.php (modified) (3 diffs)
• inc/admin/views/html-advance-search-admin-options.php (modified) (31 diffs)
• inc/admin/views/import-export.php (modified) (2 diffs)
• inc/admin/views/search-statistics.php (modified) (2 diffs)
• inc/admin/views/wpas-search.php (modified) (12 diffs)
• inc/admin/views/wpas_popup.php (modified) (7 diffs)
• inc/common/class-common.php (modified) (35 diffs)
• inc/common/js/advance-search.js (modified) (1 diff)
• inc/core/class-activator.php (modified) (2 diffs)

advance-search/trunk/advance-search.php

@@ -122 +122 @@
  */
 function upgrade_php_version() {
-    echo '<div class="error">';
-    echo '<p>' . __('Advanced Search plugin requires a minmum PHP Version of '.$min_php.'. You have to upgrade your php version to enjoy Advanced Search.', PLUGIN_TEXT_DOMAIN) . '</p>';
-    echo '</div>';
+    $html = '<div class="error">';
+    $html .= '<p>' . __('Advanced Search plugin requires a minmum PHP Version of '.$min_php.'. You have to upgrade your php version to enjoy Advanced Search.', PLUGIN_TEXT_DOMAIN) . '</p>';
+    $html .= '</div>';
+    echo apply_filters('the_content',$html);    
 }
 

advance-search/trunk/inc/admin/class-admin.php

@@ -76 +76 @@
             {
                 wp_enqueue_style( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'css/advance-search-admin.css', array(), $this->version, 'all' );
+                wp_enqueue_style( $this->plugin_name.'_popup-css', plugin_dir_url( __FILE__ ) . 'css/popup.css', array(), $this->version, 'all' );
             }
-        wp_enqueue_style( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'css/common.css', array(), $this->version, 'all' );
-
-        // include fontawesome
-
-        wp_enqueue_style( 'wpas-font-awesome',  plugin_dir_url( dirname( __DIR__ ) ) . 'assets/css/font-awesome.min.css', array(), '', 'all' );
+            wp_enqueue_style( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'css/common.css', array(), $this->version, 'all' );
+            
+            // include fontawesome
+            
+            wp_enqueue_style( 'wpas-font-awesome',  plugin_dir_url( dirname( __DIR__ ) ) . 'assets/css/font-awesome.min.css', array(), '', 'all' );
 
     }
@@ -99 +100 @@
 
             wp_localize_script( $this->plugin_name, 'js_params', array(
-                'has_msg' => isset($_GET["msg"]) && isset($_GET['wpas_id']) ? 'admin.php?page=advance-search&wpas_id='.intval($_GET['wpas_id']) : ''
+                'has_msg' => (isset($_GET["msg"]) && isset($_GET['wpas_id'])) ? esc_url_raw('admin.php?page=advance-search&wpas_id='.intval($_GET['wpas_id'])) : '',
+                'delete_record_text' => __('Are you sure you want to delete this record?'),
+                'confirmation_text' => __('A confirmation link has been sent to your email address. Please click on the link to verify your email address.'),
+                'something_wrong_text' => __('Something went wrong. Please try again.'),
+                
             ));
             wp_enqueue_script( $this->plugin_name );
@@ -266 +271 @@
         if( isset( $_POST['wpas-search'] ) && wp_verify_nonce( sanitize_text_field($_POST['wpas-search']), $this->plugin_name) ) {
             $search_form_name=trim(sanitize_text_field(htmlentities( $_POST['wpas']['search_form_name'] )));
-        
+            if(strlen($search_form_name) > 20){
+                wp_redirect(esc_url_raw(admin_url('admin.php?page='. $this->plugin_name.'&name-maxlength')));
+                exit;
+            }
             $data = $this->search_default_settings();
-
             global $wpdb;
             $search_form_table = $wpdb->prefix."wpas_index";
@@ -276 +283 @@
                 $checkName = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) from $search_form_table where name=%s",$search_form_name));
                 if ($checkName == 0) {
-                    $sql = "INSERT ignore INTO $search_form_table (name, data) VALUES ('$search_form_name', '$data')";
-                    
+                    $sql =  $wpdb->prepare( " INSERT INTO $search_form_table ( name, data ) VALUES ( %s, %s ) ", array( $search_form_name, $data ) ) ;
                     if($wpdb->query($sql)) {
                         $form_id = $wpdb->insert_id;
-                            wp_redirect(admin_url('admin.php?page='. $this->plugin_name.'&wpas_id='.$form_id));
+                            wp_redirect(esc_url_raw(admin_url('admin.php?page='. $this->plugin_name.'&wpas_id='.$form_id)));
                             exit;
                     }
                 }
                 else{   
-                    wp_redirect(admin_url('admin.php?page='. $this->plugin_name.'&name-already-exists'));
+                    wp_redirect(esc_url_raw(admin_url('admin.php?page='. $this->plugin_name.'&name-already-exists')));
                     exit;
                 }   
             }
             else {
-                wp_redirect(admin_url('admin.php?page='. $this->plugin_name));
+                wp_redirect(esc_url_raw(admin_url('admin.php?page='. $this->plugin_name)));
                 exit;
             }
@@ -310 +316 @@
 
         if ( ! wp_verify_nonce( $nonce, 'extra_ajax_nonce' ) && !current_user_can( 'manage_options' ) ) {
-            echo "false";
+        
+            echo wp_json_encode(array('error' => "false"));
             die();
         }
@@ -322 +329 @@
 
             if(isset($ajax_type) && !empty($ajax_type) ) {
-
                 // check if ajax for clone
 
@@ -328 +334 @@
 
                     $search_form_name=trim(sanitize_text_field( htmlentities($_POST['search_form_name'] )));
+
+                    // length check for form name
+                    if(strlen($search_form_name) > 20){
+                        $responsearray = array('astext' => 'name-length');
+                        echo wp_json_encode($responsearray);
+                        exit;
+                    }
                     
                     global $wpdb;
@@ -338 +351 @@
                         $checkName = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) from $search_form_table where name=%s", $search_form_name));
 
-                        $search_form_setting = $wpdb->get_results($wpdb->prepare("SELECT * FROM $search_form_table where id=%d", $form_id));
+                        $search_form_setting = $wpdb->get_row($wpdb->prepare("SELECT * FROM $search_form_table where id=%d", $form_id));
                         if ($checkName == 0) {
                         if(!empty($search_form_setting)) {
-                            $data = $search_form_setting[0];
-                            $form_setting = $data->data;
+                            $form_setting = $search_form_setting->data;
                             
                             $search_form_table = $wpdb->prefix."wpas_index";
-                            
-                            $sql = "INSERT INTO $search_form_table (name, data) VALUES ('$search_form_name', '$form_setting')";
-                            
+                            $sql =  $wpdb->prepare( "INSERT INTO $search_form_table ( name, data ) VALUES ( %s, %s ) ", array( $search_form_name, $form_setting ) ) ;
                             if($wpdb->query($sql)) {
                                 $lastid = $wpdb->insert_id;
                                 $responsearray = array('astext' => 'true' );
-                                echo json_encode($responsearray);
+                                echo wp_json_encode($responsearray);
                                 exit;
                             }
@@ -357 +367 @@
                         else {
                             $responsearray = array('astext' => 'false' );
-                            echo json_encode($responsearray);
+                            echo wp_json_encode($responsearray);
                             exit;
                         }
                       }
                       else{
-                        $responsearray = array('astext' => 'already exists');
-                        echo json_encode($responsearray);
+                        $responsearray = array('astext' => 'already-exists');
+                        echo wp_json_encode($responsearray);
                         exit;
                     }
@@ -369 +379 @@
                     else{
                         $responsearray = array('astext' => 'empty');
-                        echo json_encode($responsearray);
+                        echo wp_json_encode($responsearray);
                         exit;
                     }
                 }
                     else {
-                        echo "limit";
+                        echo wp_json_encode(array('error' => "limit"));
                         exit;
                     }
@@ -387 +397 @@
                     $search_form_table = $wpdb->prefix."wpas_index";
                     
-                    $sql = "DELETE FROM $search_form_table WHERE id='$form_id'";
+                    $sql = $wpdb->prepare("DELETE FROM $search_form_table WHERE id=%d", $form_id);
 
                     if($wpdb->query($sql)) {
                         $responsearray = array('astext' => 'true');
-                        echo json_encode($responsearray);
+                        echo wp_json_encode($responsearray);
                         exit;
                     }
                     else {
                         $responsearray = array('astext' => 'false');
-                        echo json_encode($responsearray);
+                        echo wp_json_encode($responsearray);
                         exit;
                     }
@@ -425 +435 @@
 
                     if(isset($update_option)) {
-                        wp_redirect(admin_url('admin.php?page='. $this->plugin_name.'&theme-search-replaced' ));
+                        wp_redirect(esc_url_raw(admin_url('admin.php?page='. $this->plugin_name.'&theme-search-replaced' )));
                         exit;
                     }
@@ -438 +448 @@
 
                     if(isset($update_option)) {
-                        wp_redirect(admin_url('admin.php?page='. $this->plugin_name ));
+                        wp_redirect(esc_url_raw(admin_url('admin.php?page='. $this->plugin_name )));
                         exit;
                     }
 
-                } // end default woo search             
-
+                } // end default woo search 
 
             }
-
-
-
-        }
-
+        }
     }
 
@@ -470 +475 @@
             $data = $this->search_default_settings();
             
-            $sql = "Update $search_form_table SET data='$data' where id='$form_id'";
+            $sql = $wpdb->prepare("Update $search_form_table SET data='$data' where id=%d", $form_id);
             
             if($wpdb->query($sql)) {
-                $redirect_url = admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=2";
+                $redirect_url = esc_url_raw(admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=2");
                 wp_redirect($redirect_url);
                 exit;
             }
             else{
-                $redirect_url = admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=2";
+                $redirect_url = esc_url_raw(admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=2");
                 wp_redirect($redirect_url);
                 exit;
@@ -486 +491 @@
 
         // update form settings
-
         if( isset( $_POST['wpas-search_setting'] ) && wp_verify_nonce( sanitize_text_field($_POST['wpas-search_setting']), 'search_form_settings') && current_user_can( 'manage_options' )) {
             
             $post_type_array = array(
-                'post_types' => isset($_POST['search_form_setting']['post_types']['post_types']) ? filter_var_array($_POST['search_form_setting']['post_types']['post_types']) : [],
-                'search_areas' => isset($_POST['search_form_setting']['post_types']['search_areas']) ? filter_var_array($_POST['search_form_setting']['post_types']['search_areas']) : [],
+                'post_types' => isset($_POST['search_form_setting']['post_types']['post_types']) ? array_map('sanitize_text_field',$_POST['search_form_setting']['post_types']['post_types']) : [],
+                'search_areas' => isset($_POST['search_form_setting']['post_types']['search_areas']) ? array_map('sanitize_text_field',$_POST['search_form_setting']['post_types']['search_areas']) : [],
                 'meta_keys' => array(
                     isset($_POST['search_form_setting']['post_types']['meta_keys']) ? sanitize_text_field(htmlentities(stripslashes($_POST['search_form_setting']['post_types']['meta_keys'][0]))) : '',
@@ -497 +501 @@
             );
 
+        
             $option =  array (
                     'post_types' => $post_type_array,
                     'taxonomies' =>array(
-                        'taxonomies' => isset($_POST['search_form_setting']['taxonomies'],$_POST['search_form_setting']['taxonomies']['taxonomies']) ? filter_var_array($_POST['search_form_setting']['taxonomies']['taxonomies']) : [],
-                        'search_areas' =>  isset($_POST['search_form_setting']['taxonomies'], $_POST['search_form_setting']['taxonomies']['search_areas']) ? filter_var_array($_POST['search_form_setting']['taxonomies']['search_areas']): [],
+                        'taxonomies' => isset($_POST['search_form_setting']['taxonomies'],$_POST['search_form_setting']['taxonomies']['taxonomies']) ? array_map('sanitize_text_field',$_POST['search_form_setting']['taxonomies']['taxonomies']) : [],
+                        'search_areas' =>  isset($_POST['search_form_setting']['taxonomies'], $_POST['search_form_setting']['taxonomies']['search_areas']) ? array_map('sanitize_text_field',$_POST['search_form_setting']['taxonomies']['search_areas']): [],
                     ),
-                    'attachments' => isset($_POST['search_form_setting']['attachments']) ? filter_var_array($_POST['search_form_setting']['attachments']) : [],
+                    'attachments' => isset($_POST['search_form_setting']['attachments']) ? array_map('sanitize_text_field',$_POST['search_form_setting']['attachments']) : [],
                     'styling' =>
                         array (
@@ -572 +577 @@
             
             );
-        
-        
+
             $form_id = intval($_POST['search_form_setting']['form_id']);
-            $data = json_encode($option);
-            
-        
+            $data = wp_json_encode($option);
             // update index table settings
-            $sql = "Update $search_form_table SET data='$data' where id='$form_id'";
+            $sql = $wpdb->prepare("Update $search_form_table SET data='$data' where id=%d", $form_id);
             if($wpdb->query($sql)) {
-                $redirect_url = admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=1";
+                $redirect_url = esc_url_raw(admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=1");
                 wp_redirect($redirect_url);
                 exit;
             } else {
-                $redirect_url = admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=0";
+                $redirect_url = esc_url_raw(admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$form_id."&msg=0");
                 wp_redirect($redirect_url);
                 exit;
@@ -595 +597 @@
 
     // default data for new search added
-
     public function search_default_settings() {
-
         $option = array (
           'post_types' =>
@@ -676 +676 @@
         );
 
-    $default_options = json_encode($option);
+    $default_options = wp_json_encode($option);
     return $default_options;
 
@@ -738 +738 @@
         ?>
         
-        <?php if (count($menu_items)>0): ?>
-        <?php $menu_items = implode(", ", $menu_items); ?>
-        <script type="text/javascript">
-            wpas_mce_button_menu = "<?php echo $menu_items; ?>";
-        </script>
-    <?php endif;
+            <?php if (count($menu_items)>0): ?>
+                <?php $menu_items = implode(", ", $menu_items); 
+                wp_register_script( 'advance-search-inlineebtn-js', '',);
+                wp_enqueue_script( 'advance-search-inlineebtn-js' );
+                wp_add_inline_script(
+                'advance-search-inlineebtn-js',
+                    'wpas_mce_button_menu = "'.esc_js($menu_items).'"'
+                );
+            
+            endif;
         return $settings;
     }
@@ -790 +794 @@
                 $headers .= 'Content-type:text/html;charset=UTF-8'."\r\n";
                 $headers .= 'From: [email protected]'."\r\n";
-                $mail = mail($lokhal_email, $subject, $message, $headers);
+                $mail = wp_mail($lokhal_email, $subject, $message, $headers);
                 $data = $this->verify_on_server($lokhal_email, $lokhal_fname, $lokhal_lname, $engagement, 'verify', '0');
                 if ($mail) {
@@ -814 +818 @@
             $this->verify_on_server(get_option('wpas_email_address_'.$current_user->ID), get_option('verify_wpas_fname_'.$current_user->ID), get_option('verify_wpas_lname_'.$current_user->ID), '100', 'verified', '1');
             update_option('wpas_email_verified_'.$current_user->ID, 'yes');
-            echo '<p>Email Verified Successfully. Redirecting please wait.</p>';
-            echo '<script>';
-            echo 'setTimeout(function(){window.location.href="https://searchpro.ai/?utm_redirect=wp" }, 2000);';
-            echo '</script>';
+            $html =  '<p>Email Verified Successfully. Redirecting please wait.</p>';
+            $html .= '<script>';
+            $html .= 'setTimeout(function(){window.location.href="https://searchpro.ai/?utm_redirect=wp" }, 2000);';
+            $html .= '</script>';
+
+            echo apply_filters('the_content',$html);
         }
         die;

advance-search/trunk/inc/admin/css/advance-search-admin.css

@@ -1988 +1988 @@
   padding-right: 35px;
 }
+.pro_feature .buy_pro a {
+  position: absolute;
+  top: 50%;
+  text-align: center;
+  left: 50%;
+  background-color: #ff3547 !important;
+  color: #fff;
+  text-decoration: none;
+  padding: 6px 14px !important;
+  transform: translate(-50%, -50%);
+}
+.pro_feature .buy_pro {
+  height: 100%;
+  top: 0;
+  z-index: 99;
+}
 /* Responsive Media Querys Here */
 @media (max-width:1280px){

advance-search/trunk/inc/admin/js/advance-search-admin.js

@@ -136 +136 @@
 
     // clone / delete setting 
+    
 
     jQuery('.search_imp_ajax').click(function() {
@@ -147 +148 @@
         var dataAjax = jQuery(this).attr('data-ajax');
         if (jQuery(this).hasClass('delete_search')){
-          var del=confirm("Are you sure you want to delete this record?");
+          var del=confirm(js_params.delete_record_text);
           if(del==true){
             jQuery(".delete_search").attr("data-ajax", "Yes");
@@ -176 +177 @@
                   if(data.astext == 'true' ){
                     jQuery('.as-alreadyexists').hide();
+                    jQuery('.as-namelength').hide();
                     jQuery('.as-validname').hide();
                      jQuery('.as-success').show();                     
@@ -184 +186 @@
                     
                   }
-                  else if(data.astext == 'already exists' ){
+                  else if(data.astext == 'already-exists' ){
                     jQuery('.as-alreadyexists').show();
                     jQuery('.as-validname').hide(); 
+                    jQuery('.as-namelength').hide(); 
                     return false;
                    }else if(data.astext == 'empty'){
                     jQuery('.as-validname').show();
                       jQuery('.as-alreadyexists').hide();
+                      jQuery('.as-namelength').hide();
+                      jQuery('.as-success').hide();
+                   }else if(data.astext == 'name-length'){
+                    jQuery('.as-validname').hide();
+                      jQuery('.as-alreadyexists').hide();
+                      jQuery('.as-namelength').show();
                       jQuery('.as-success').hide();
                    }
+
+                  
                    else{
                     setTimeout(function(){
-                    alert('Something went wrong. Please try again.');
+                    alert(js_params.something_wrong_text);
                         location.reload();
                       }, 300);
@@ -220 +231 @@
     });
     
-    // export / import ajax
-
-    jQuery('#export_search').click(function() {
-        var export_list = document.getElementsByName('wpas_export_form_list')[0];
-        var export_forms_id = [];
-        for(i=0; i < export_list.length; i++){
-            if(export_list.options[i].selected){
-                export_forms_id.push(export_list.options[i].value);
-            }
-        }
-
-        if(export_forms_id.length > 0) {
-          var nonce = jQuery("#export_form_hidden").val();
-          jQuery(".export_loader").css({'display':'inline-block'});
-            jQuery.ajax({
-                url: ajaxurl, // domain/wp-admin/admin-ajax.php
-                type: "POST",
-                dataType: "json",
-                data: {
-                    action: "WPAS_Advanced_Search_export",
-                    security : nonce,
-                    form_ids : export_forms_id
-                },
-                success: function(data) {
-                    if(data.result == true) {
-                        jQuery(".export_loader").css({'display':'none'});
-                        jQuery("#export_data").html('').html(data.string);
-                    }
-                    if(data.result == false) {
-                        jQuery(".export_loader").css({'display':'none'});
-                        setTimeout(function(){
-                            alert('Something went wrong. Please try again.');
-                        location.reload();
-                      }, 300);
-                        
-                    }
-                }
-            });
-
-        }
-        else {
-            alert('Please select form from export List !');
-        }
-
-    });
-
-    // import form
-
-    jQuery('#import_search').click(function() {
-
-        var import_data = jQuery("#import_data").val();
-
-        if(import_data == '') {
-          alert('Please enter import data !');
-          jQuery("#import_data").focus();
-        }
-        else {
-        var nonce = jQuery("#import_form_hidden").val();
-        jQuery(".import_loader").css({'display':'inline-block'});
-        jQuery.ajax({
-            url: ajaxurl, // domain/wp-admin/admin-ajax.php
-            type: "POST",
-            dataType: "json",
-            data: {
-                action: "WPAS_Advanced_Search_import",
-                security : nonce,
-                import_data : import_data
-            },
-            success: function(data) {
-                if(data.result == 'true') {
-                    jQuery(".import_loader").css({'display':'none'});
-                    alert('Data Import successfully.');
-                    location.reload(true);
-                }
-                if(data.result == 'false') {
-                    setTimeout(function(){
-                    alert('Something went wrong. Please try again.');
-                    jQuery(".import_loader").css({'display':'none'});
-                        location.reload();
-                      }, 300);
-                }
-            }
-        });
-      }
-
-    });
+  
     
     jQuery("input.restricted").keyup(function (e) {
@@ -315 +241 @@
 });
 
-    // chart
-
-(function ($) {
-  "use strict"; //You will be happier
-
-  $.fn.horizBarChart = function( options ) {
-
-    var settings = $.extend({
-      // default settings
-      selector: '.bar',
-      speed: 3000
-    }, options);
-
-    // Cycle through all charts on page
-      return this.each(function(){
-        // Start highest number variable as 0
-        // Nowhere to go but up!
-      var highestNumber = 0;
-
-      // Set highest number and use that as 100%
-      // This will always make sure the graph is a decent size and all numbers are relative to each other
-        $(this).find($(settings.selector)).each(function() {
-          var num = $(this).data('number');
-        if (num > highestNumber) {
-          highestNumber = num;
-        }
-        });
-
-      // Time to set the widths
-        $(this).find($(settings.selector)).each(function() {
-            var bar = $(this),
-                // get all the numbers
-                num = bar.data('number'),
-                // math to convert numbers to percentage and round to closest number (no decimal)
-                percentage = Math.round((num / highestNumber) * 100) + '%';
-            // Time to assign and animate the bar widths
-            $(this).animate({ 'width' : percentage }, settings.speed);
-        });
-      });
-
-  }; // horizChart
-
-}(jQuery));
-
-  // chart js
-
-jQuery(document).ready(function(){
-  jQuery('.chart').horizBarChart({
-    selector: '.bar',
-    speed: 1000
-  });
-});
-
-// loader and magifire icons active
-
-jQuery(document).ready(function() {
-
-  // loader icon
-
-  jQuery('.loader_lists li').click(function() {
-    jQuery('.loader_lists li').removeClass('active');
-    jQuery(this).addClass('active');
-    var icon = jQuery(this).attr('data-icon');
-    jQuery("#loader_icon").val(icon);
-  });
-
-  // maginfire icon
-
-  jQuery('.magnifier_icon_design li').click(function() {
-    jQuery('.magnifier_icon_design li').removeClass('active');
-    jQuery(this).addClass('active');
-    var icon = jQuery(this).attr('data-icon');
-    jQuery("#magnifire_icon").val(icon);
-  });
-});
 
 /*********** verify email popup *************/
@@ -469 +320 @@
     success: function (response) {
       if (response == '1') {
-        alert('A confirmation link has been sent to your email address. Please click on the link to verify your email address.');
+        alert(js_params.confirmation_text);
       } else if (response == '2') {
       }

advance-search/trunk/inc/admin/views/help-update.php

@@ -14 +14 @@
   exit; // Exit if accessed directly
 }
-?>
-
-<?php
     include_once('wpas_popup.php');
 ?>
@@ -24 +21 @@
     <br/>
     <div class="imp_link">
-      <a class="back" href="<?php echo admin_url().'admin.php?page='.$this->plugin_name; ?>"><?php echo esc_attr__('Search list', $this->plugin_text_domain); ?></a>
-      <a class="statistics" href="<?php echo admin_url().'admin.php?page=wpas-statistics' ?>"><?php echo esc_attr__('Search Statistics', $this->plugin_text_domain); ?></a>
+      <a class="back" href="<?php echo esc_url( admin_url().'admin.php?page='.$this->plugin_name) ; ?>"><?php echo esc_attr__('Search list', $this->plugin_text_domain); ?></a>
+      <a class="statistics" href="<?php echo esc_url(admin_url().'admin.php?page=wpas-statistics'); ?>"><?php echo esc_attr__('Search Statistics', $this->plugin_text_domain); ?></a>
       <a class="go_pro_button" href="https://searchpro.ai/" target="_blank"><?php echo esc_attr__('Go Pro', $this->plugin_text_domain);?> <i class="fa fa-diamond" aria-hidden="true"></i></a>
     </div>
@@ -36 +33 @@
         <div class="column">
     <h4><?php echo esc_attr__('Support', $this->plugin_text_domain);?></h4>
-    <p><?php echo esc_attr__('If you didn\'t find the answer from the FAQ, or if you are having other issues, feel free to ', $this->plugin_text_domain); ?><a href="https://wordpress.org/support/plugin/advance-search/">open a support ticket.</a></p>
+    <p><?php echo esc_attr__('If you didn\'t find the answer from the FAQ, or if you are having other issues, feel free to ', $this->plugin_text_domain); ?><a href="https://wordpress.org/support/plugin/advance-search/"><?php echo esc_attr__('open a support ticket.', $this->plugin_text_domain); ?></a></p>
     </div>
-    <!-- <div class="column">
-    <h4><?php echo esc_attr__('Documentation', $this->plugin_text_domain);?></h4>
-    <p><?php echo esc_attr__('Please check online ', $this->plugin_text_domain);?><a href="#"><?php echo esc_attr__('documentation', $this->plugin_text_domain);?></a>.</p>
-   </div> -->
+   
     <div class="column">
     <h4><?php echo esc_attr__('FAQ', $this->plugin_text_domain); ?></h4>

advance-search/trunk/inc/admin/views/html-advance-search-admin-options.php

@@ -22 +22 @@
 global $wpdb;
 $search_form_table = $wpdb->prefix."wpas_index";
-$search_form_setting = $wpdb->get_results($wpdb->prepare("SELECT * FROM $search_form_table where id=%d", $search_form_id));
+$search_form_setting = $wpdb->get_row($wpdb->prepare("SELECT * FROM $search_form_table where id=%d", $search_form_id));
 
 if($search_form_id == 0 || $wpdb->num_rows == 0) {
@@ -29 +29 @@
 }
 
-$form_name = $search_form_setting[0]->name;
+$form_name = $search_form_setting->name;
 
 if($wpdb->num_rows > 0) {
 
-$settings = json_decode($search_form_setting[0]->data, true);
+$settings = json_decode($search_form_setting->data, true);
 
 $args = array(
     'public' => true,
-    //'_builtin' => false, //exclude attachment, revision etc.
+    
 );
 $advance_search_excludeTaxonomy = array('product_shipping_class');
@@ -43 +43 @@
 $taxonomies_args = array(
   'public'   => true,
-  //'_builtin' => false
+  
 ); 
 
@@ -69 +69 @@
         <input type="hidden" name="action" value="wpas_search_form_settings">
         <input type="hidden" name="wpas-search_setting" value="<?php echo wp_create_nonce('search_form_settings'); ?>" />
-        <input type="hidden" name="search_form_setting[form_id]" value="<?php echo $search_form_id; ?>">
+        <input type="hidden" name="search_form_setting[form_id]" value="<?php echo intval($search_form_id); ?>">
 
     <div class="heading">
         <h3><?php echo esc_html( get_admin_page_title() ); ?></h3>
         <div class="imp_link">
-            <a class="back" href="<?php echo admin_url().'admin.php?page='.$this->plugin_name; ?>"><?php echo esc_attr__('Back to the search list', $this->plugin_text_domain); ?></a>
-            <a class="statistics" href="<?php echo admin_url().'admin.php?page=wpas-statistics' ?>"><?php echo esc_attr__('Search Statistics', $this->plugin_text_domain); ?></a>
+            <a class="back" href="<?php echo esc_url(admin_url().'admin.php?page='.$this->plugin_name); ?>"><?php echo esc_attr__('Back to the search list', $this->plugin_text_domain); ?></a>
+            <a class="statistics" href="<?php echo esc_url(admin_url().'admin.php?page=wpas-statistics'); ?>"><?php echo esc_attr__('Search Statistics', $this->plugin_text_domain); ?></a>
             <a class="go_pro_button" href="https://searchpro.ai/" target="_blank"><?php echo esc_attr__('Go Pro ', $this->plugin_text_domain); ?> <i class="fa fa-diamond" aria-hidden="true"></i></a>
         </div>
@@ -90 +90 @@
                 ?>
                 <div class="error notice is-dismissible">
-                    <p><?php echo esc_attr__( 'You haven\'t made any changes in settings to be saved.', $this->plugin_text_domain ); ?><button type="button" id="ad_dismiss" class="notice-dismiss" data_url="<?php echo admin_url('admin.php?page=advance-search')."&wpas_id=".$wpas_id;?>"><span class="screen-reader-text"><?php echo esc_attr__( 'Dismiss this notice.', $this->plugin_text_domain ); ?></span></button></p>
+                    <p><?php echo esc_attr__( 'You haven\'t made any changes in settings to be saved.', $this->plugin_text_domain ); ?><button type="button" id="ad_dismiss" class="notice-dismiss" data_url="<?php echo esc_url(admin_url('admin.php?page=advance-search')."&wpas_id=".$wpas_id);?>"><span class="screen-reader-text"><?php echo esc_attr__( 'Dismiss this notice.', $this->plugin_text_domain ); ?></span></button></p>
                 </div>
                 <?php
@@ -97 +97 @@
                 ?>
                 <div class="updated notice is-dismissible">
-                    <p><?php echo esc_attr__( 'Settings updated successfully.', $this->plugin_text_domain ); ?><button type="button" id="ad_dismiss" class="notice-dismiss" data_url="<?php echo admin_url('admin.php?page=advance-search')."&wpas_id=".$wpas_id;?>"><span class="screen-reader-text"><?php echo esc_attr__( 'Dismiss this notice.', $this->plugin_text_domain ); ?></span></button></p>
+                    <p><?php echo esc_attr__( 'Settings updated successfully.', $this->plugin_text_domain ); ?><button type="button" id="ad_dismiss" class="notice-dismiss" data_url="<?php echo esc_url(admin_url('admin.php?page=advance-search')."&wpas_id=".$wpas_id);?>"><span class="screen-reader-text"><?php echo esc_attr__( 'Dismiss this notice.', $this->plugin_text_domain ); ?></span></button></p>
                 </div>
                 <?php
@@ -104 +104 @@
                 ?>
                 <div class="updated notice is-dismissible">
-                    <p><?php echo esc_attr__( 'Settings has been restored successfully.', $this->plugin_text_domain ); ?><button type="button" id="ad_dismiss" class="notice-dismiss" data_url="<?php echo admin_url('admin.php?page=advance-search')."&wpas_id=".$wpas_id;?>"><span class="screen-reader-text"><?php echo esc_attr__( 'Dismiss this notice.', $this->plugin_text_domain ); ?></span></button></p>
+                    <p><?php echo esc_attr__( 'Settings has been restored successfully.', $this->plugin_text_domain ); ?><button type="button" id="ad_dismiss" class="notice-dismiss" data_url="<?php echo esc_url(admin_url('admin.php?page=advance-search')."&wpas_id=".$wpas_id);?>"><span class="screen-reader-text"><?php echo esc_attr__( 'Dismiss this notice.', $this->plugin_text_domain ); ?></span></button></p>
                 </div>
                 <?php
@@ -113 +113 @@
         <ul class="accordion">
           <li>
-            <a class="toggle" href="#"><i class="fa fa-cogs" aria-hidden="true"></i> <?php echo esc_attr__('Shortcode for ', $this->plugin_text_domain); ?><b><?php echo $form_name; ?></b></a>
+            <a class="toggle" href="#"><i class="fa fa-cogs" aria-hidden="true"></i> <?php echo esc_attr__('Shortcode for ', $this->plugin_text_domain); ?><b><?php echo esc_attr($form_name); ?></b></a>
             <div class="inner shortcode_inputSec">
                 <h4 class="title_heading">
@@ -119 +119 @@
                 </h4>
                 <?php
-                    $simple_shortcode_template = '<?php echo do_shortcode("[wpas id='.$search_form_id.' title=\''.$form_name.'\']"); ?>';
+                    $simple_shortcode_template = '<?php echo do_shortcode("[wpas id='.intval($search_form_id).' title=\''.esc_attr($form_name).'\']"); ?>';
                 ?>
               <div class="shortCol">
-                <label>Search Shortcode:</label>
-                <input type="text" value="[wpas id=<?php echo $search_form_id; ?>]" readonly="readonly">
+                <label><?php echo esc_attr__( 'Search Shortcode:', $this->plugin_text_domain ); ?></label>
+                <input type="text" value="[wpas id=<?php echo intval($search_form_id); ?>]" readonly="readonly">
                 </div>
                  <div class="shortCol">
-                <label>Add title for Search:</label><br/>
-                <input type="text" value="[wpas id=<?php echo $search_form_id; ?> title='<?php echo $form_name; ?>']" readonly="readonly">
+                <label><?php echo esc_attr__( 'Add title for Search:', $this->plugin_text_domain ); ?></label><br/>
+                <input type="text" value="[wpas id=<?php echo intval($search_form_id); ?> title='<?php echo esc_attr($form_name); ?>']" readonly="readonly">
                 </div>  
-                <h4>Extra for php template use</h4>
+                <h4><?php echo esc_attr__( 'Extra for php template use', $this->plugin_text_domain ); ?></h4>
                 <?php highlight_string($simple_shortcode_template); ?>
             </div>
@@ -245 +245 @@
             <?php
 
-            if($taxonomies != '') {
+            if( !empty($taxonomies) ) {
 
                 foreach ($taxonomies as $taxonomy) {
@@ -602 +602 @@
                     <li>
                     <div class="col_liStle"><span class="tooltip" title="Desktop"><i class="fa fa-desktop" aria-hidden="true"></i></span>
-                    <input type="text" name="search_form_setting[styling][search_box_outer][width][desktop]" value="<?php echo $settings['styling']['search_box_outer']['width']['desktop']; ?>" class="restricted"/></div>
+                    <input type="text" name="search_form_setting[styling][search_box_outer][width][desktop]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['width']['desktop']); ?>" class="restricted"/></div>
                     </li>
                     
-                    <li><div class="col_liStle"><span class="tooltip" title="Tablet"><i class="fa fa-tablet" aria-hidden="true"></i></span><input type="text" name="search_form_setting[styling][search_box_outer][width][tablet]" value="<?php echo $settings['styling']['search_box_outer']['width']['tablet']; ?>" class="restricted"/></div></li>
+                    <li><div class="col_liStle"><span class="tooltip" title="Tablet"><i class="fa fa-tablet" aria-hidden="true"></i></span><input type="text" name="search_form_setting[styling][search_box_outer][width][tablet]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['width']['tablet']); ?>" class="restricted"/></div></li>
                     
-                    <li><div class="col_liStle"><span class="tooltip" title="Mobile"><i class="fa fa-mobile" aria-hidden="true"></i></span><input type="text" name="search_form_setting[styling][search_box_outer][width][mobile]" value="<?php echo $settings['styling']['search_box_outer']['width']['mobile']; ?>" class="restricted"/></div></li>
+                    <li><div class="col_liStle"><span class="tooltip" title="Mobile"><i class="fa fa-mobile" aria-hidden="true"></i></span><input type="text" name="search_form_setting[styling][search_box_outer][width][mobile]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['width']['mobile']); ?>" class="restricted"/></div></li>
                     
                     </ul>
@@ -617 +617 @@
                         <li>  
                             <div class="col_liStle">
-                            <input type="text" minlength="2" name="search_form_setting[styling][search_box_outer][height]" value="<?php echo $settings['styling']['search_box_outer']['height']; ?>" class="restricted"/><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
+                            <input type="text" minlength="2" name="search_form_setting[styling][search_box_outer][height]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['height']); ?>" class="restricted"/><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
                             </div>
                         </li>   
@@ -628 +628 @@
                     <li>
                         <div class="col_liStle"><i class="fa fa-arrow-up" aria-hidden="true" title="Top"></i>
-                            <input type="number" name="search_form_setting[styling][search_box_outer][margin][top]" value="<?php echo $settings['styling']['search_box_outer']['margin']['top']; ?>" /><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
+                            <input type="number" name="search_form_setting[styling][search_box_outer][margin][top]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['margin']['top']); ?>" /><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
                     </li>
                     
@@ -638 +638 @@
                     <ul class="searchMBox">
                         <li>  
-                            <input type="text" class="wpas_color_field" name="search_form_setting[styling][search_box_outer][bg_color]" value="<?php echo $settings['styling']['search_box_outer']['bg_color']; ?>" />
+                            <input type="text" class="wpas_color_field" name="search_form_setting[styling][search_box_outer][bg_color]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['bg_color']); ?>" />
                         </li>
                     </ul>
@@ -654 +654 @@
                                 if($value == $settings['styling']['search_box_outer']['border_type']) {
                             ?>
-                                <option value="<?php echo $value; ?>" selected="selected"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option>
+                                <option value="<?php echo esc_attr($value); ?>" selected="selected"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option>
                             <?php
                                 }
                                 else {
                                     ?>
-                                <option value="<?php echo $value; ?>"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option> 
+                                <option value="<?php echo esc_attr($value); ?>"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option>   
                                     <?php
                                 }
@@ -671 +671 @@
                     <div class="col_liStle hideBorder">
                     <label><?php echo esc_attr__( 'Width:', $this->plugin_text_domain ); ?></label>
-                     <input class="input_style" type="number" name="search_form_setting[styling][search_box_outer][border_px]" value="<?php echo $settings['styling']['search_box_outer']['border_px']; ?>"><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
+                     <input class="input_style" type="number" name="search_form_setting[styling][search_box_outer][border_px]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['border_px']); ?>"><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
                 </div>
                 </li>
@@ -678 +678 @@
                     <div class="col_liStle hideBorder">
                     <label><?php echo esc_attr__( 'Border Color:', $this->plugin_text_domain ); ?></label>
-                        <input type="text" name="search_form_setting[styling][search_box_outer][border_color]" class="wpas_color_field" value="<?php echo $settings['styling']['search_box_outer']['border_color']; ?>">
+                        <input type="text" name="search_form_setting[styling][search_box_outer][border_color]" class="wpas_color_field" value="<?php echo esc_attr($settings['styling']['search_box_outer']['border_color']); ?>">
                     </div>
                       </li>
@@ -685 +685 @@
                      <ul class="searchMBox newBoxSearch">
                         <li>
-                        <div class="col_liStle"><i class="fa fa-arrow-up" title="Top" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][top]" value="<?php echo $settings['styling']['search_box_outer']['border_radius']['top']; ?>" class="restricted"><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
+                        <div class="col_liStle"><i class="fa fa-arrow-up" title="Top" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][top]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['border_radius']['top']); ?>" class="restricted"><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
                     </li>
                     <li>
-                        <div  class="col_liStle"><i class="fa fa-arrow-right" title="Right" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][right]" value="<?php echo $settings['styling']['search_box_outer']['border_radius']['right']; ?>" class="restricted"><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
+                        <div  class="col_liStle"><i class="fa fa-arrow-right" title="Right" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][right]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['border_radius']['right']); ?>" class="restricted"><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
                     </li>
                     <li>
-                        <div  class="col_liStle"><i class="fa fa-arrow-down" title="Bottom" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][bottom]" value="<?php echo $settings['styling']['search_box_outer']['border_radius']['bottom']; ?>" class="restricted"><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
+                        <div  class="col_liStle"><i class="fa fa-arrow-down" title="Bottom" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][bottom]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['border_radius']['bottom']); ?>" class="restricted"><span class="pxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
                     </li>
                     <li>
-                    <div class="col_liStle"><i class="fa fa-arrow-left" title="Left" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][left]" value="<?php echo $settings['styling']['search_box_outer']['border_radius']['left']; ?>" class="restricted"><span class="pxValue">px</span></div>
+                    <div class="col_liStle"><i class="fa fa-arrow-left" title="Left" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_box_outer][border_radius][left]" value="<?php echo esc_attr($settings['styling']['search_box_outer']['border_radius']['left']); ?>" class="restricted"><span class="pxValue">px</span></div>
                     </li>
                     </ul>
@@ -712 +712 @@
               <div class="col_liStle">
                 <label><?php echo esc_attr__( 'Search Input Background Color:', $this->plugin_text_domain ); ?></label>
-                <input type="text" name="search_form_setting[styling][search_input][bg_color]" class="wpas_color_field" value="<?php echo $settings['styling']['search_input']['bg_color']; ?>">
+                <input type="text" name="search_form_setting[styling][search_input][bg_color]" class="wpas_color_field" value="<?php echo esc_attr($settings['styling']['search_input']['bg_color']); ?>">
               </div>
             </li>
@@ -723 +723 @@
               <li>
               <div  class="col_liStle"><label><?php echo esc_attr__( 'Search Input Font Color :', $this->plugin_text_domain ); ?></label> 
-                <input type="text" name="search_form_setting[styling][search_input][font_color]" class="wpas_color_field" value="<?php echo $settings['styling']['search_input']['font_color']; ?>"></div>
+                <input type="text" name="search_form_setting[styling][search_input][font_color]" class="wpas_color_field" value="<?php echo esc_attr($settings['styling']['search_input']['font_color']); ?>"></div>
               </li>
               <li>
-              <div  class="col_liStle"><label><?php echo esc_attr__( 'Font size:', $this->plugin_text_domain ); ?></label> <input class="restricted input_style" type="text" name="search_form_setting[styling][search_input][font_size]" value="<?php echo $settings['styling']['search_input']['font_size']; ?>" min="0"><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
+              <div  class="col_liStle"><label><?php echo esc_attr__( 'Font size:', $this->plugin_text_domain ); ?></label> <input class="restricted input_style" type="text" name="search_form_setting[styling][search_input][font_size]" value="<?php echo esc_attr($settings['styling']['search_input']['font_size']); ?>" min="0"><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
              </li>
              <li>
-              <div class="col_liStle"><label><?php echo esc_attr__( 'Line Height:', $this->plugin_text_domain ); ?></label> <input class="restricted input_style" type="text" name="search_form_setting[styling][search_input][line_height]" value="<?php echo $settings['styling']['search_input']['line_height']; ?>" min="0" ><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
+              <div class="col_liStle"><label><?php echo esc_attr__( 'Line Height:', $this->plugin_text_domain ); ?></label> <input class="restricted input_style" type="text" name="search_form_setting[styling][search_input][line_height]" value="<?php echo esc_attr($settings['styling']['search_input']['line_height']); ?>" min="0" ><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span></div>
             </li>
              </ul>
@@ -747 +747 @@
                                 if($value == $settings['styling']['search_input']['border_type']) {
                             ?>
-                                <option value="<?php echo $value; ?>" selected="selected"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option>
+                                <option value="<?php echo esc_attr($value); ?>" selected="selected"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option>
                             <?php
                                 }
                                 else {
                                     ?>
-                                <option value="<?php echo $value; ?>"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option> 
+                                <option value="<?php echo esc_attr($value); ?>"><?php echo esc_attr__($value, $this->plugin_text_domain); ?></option>   
                                     <?php
                                 }
@@ -765 +765 @@
                     <div class="col_liStle hideBorder">
                     <label><?php echo esc_attr__( 'Width: ', $this->plugin_text_domain ); ?></label>
-                        <input type="number" class="input_style" name="search_form_setting[styling][search_input][border_px]" value="<?php echo $settings['styling']['search_input']['border_px']; ?>"><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
+                        <input type="number" class="input_style" name="search_form_setting[styling][search_input][border_px]" value="<?php echo esc_attr($settings['styling']['search_input']['border_px']); ?>"><span class="pxValue nwPxValue"><?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
                     </div>
                     </li>
@@ -771 +771 @@
                     <li>
                     <div class="col_liStle hideBorder">
-                    <label><?php echo esc_attr__( 'Border Color:', $this->plugin_text_domain ); ?></label><input type="text" name="search_form_setting[styling][search_input][border_color]" class="wpas_color_field" value="<?php echo $settings['styling']['search_input']['border_color']; ?>">
+                    <label><?php echo esc_attr__( 'Border Color:', $this->plugin_text_domain ); ?></label><input type="text" name="search_form_setting[styling][search_input][border_color]" class="wpas_color_field" value="<?php echo esc_attr($settings['styling']['search_input']['border_color']); ?>">
                      </div>
                     </li>
@@ -780 +780 @@
                     <div class="col_liStle">
                     <label><?php echo esc_attr__( 'Border Radius:', $this->plugin_text_domain ); ?></label>
-                    <i class="fa fa-arrow-up" title="Top" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][top]" value="<?php echo $settings['styling']['search_input']['border_radius']['top']; ?>" class="restricted"><span class="pxValue">px</span>
+                    <i class="fa fa-arrow-up" title="Top" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][top]" value="<?php echo esc_attr($settings['styling']['search_input']['border_radius']['top']); ?>" class="restricted"><span class="pxValue">px</span>
                     </div>
                     </li>
                     <li>
-                    <div class="col_liStle"><i class="fa fa-arrow-right" title="Right" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][right]" value="<?php echo $settings['styling']['search_input']['border_radius']['right']; ?>" class="restricted"><span class="pxValue">px</span>
+                    <div class="col_liStle"><i class="fa fa-arrow-right" title="Right" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][right]" value="<?php echo esc_attr($settings['styling']['search_input']['border_radius']['right']); ?>" class="restricted"><span class="pxValue">px</span>
                     </div>
                     </li>
                     <li>
                     <div class="col_liStle">
-                        <i class="fa fa-arrow-down" title="Bottom" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][bottom]" value="<?php echo $settings['styling']['search_input']['border_radius']['bottom']; ?>" class="restricted"><span class="pxValue">px</span>
+                        <i class="fa fa-arrow-down" title="Bottom" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][bottom]" value="<?php echo esc_attr($settings['styling']['search_input']['border_radius']['bottom']); ?>" class="restricted"><span class="pxValue">px</span>
                     </div>
                     </li>
                     <li>
                     <div class="col_liStle">
-                    <i class="fa fa-arrow-left" title="Left" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][left]" value="<?php echo $settings['styling']['search_input']['border_radius']['left']; ?>" class="restricted"><span class="pxValue">px</span>
+                    <i class="fa fa-arrow-left" title="Left" aria-hidden="true"></i><input type="text" name="search_form_setting[styling][search_input][border_radius][left]" value="<?php echo esc_attr($settings['styling']['search_input']['border_radius']['left']); ?>" class="restricted"><span class="pxValue">px</span>
                     </div>
                     </li>
@@ -820 +820 @@
               <div class="col_liStle">
                 <label><?php echo esc_attr__( 'Magnifier Icon Color:', $this->plugin_text_domain ); ?></label>
-                <input type="text" name="search_form_setting[styling][magnifire][color]" value="<?php echo ($settings['styling']['magnifire']['color']) ? $settings['styling']['magnifire']['color'] : '#ffffff'; ?>" class="wpas_color_field">
+                <input type="text" name="search_form_setting[styling][magnifire][color]" value="<?php echo ($settings['styling']['magnifire']['color']) ? esc_attr($settings['styling']['magnifire']['color']) : '#ffffff'; ?>" class="wpas_color_field">
                
                </div>
@@ -827 +827 @@
                 <div class="col_liStle">
                     <label><?php echo esc_attr__( 'Magnifier Background Color:', $this->plugin_text_domain ); ?></label>
-                    <input type="text" name="search_form_setting[styling][magnifire][bg_color]" value="<?php echo ($settings['styling']['magnifire']['bg_color']) ? $settings['styling']['magnifire']['bg_color'] : '#cccccc'; ?>" class="wpas_color_field">
+                    <input type="text" name="search_form_setting[styling][magnifire][bg_color]" value="<?php echo ($settings['styling']['magnifire']['bg_color']) ? esc_attr($settings['styling']['magnifire']['bg_color'] ): '#cccccc'; ?>" class="wpas_color_field">
                </div>
              </li>
@@ -857 +857 @@
 </ul>
 </div>
-<label><?php echo esc_attr__( 'Loading Icon Color:', $this->plugin_text_domain ); ?></label> <input type="text" name="search_form_setting[styling][loader][color]" value="<?php echo ($settings['styling']['loader']['color']) ? $settings['styling']['loader']['color'] : '#ffffff'; ?>" class="wpas_color_field">
+<label><?php echo esc_attr__( 'Loading Icon Color:', $this->plugin_text_domain ); ?></label> <input type="text" name="search_form_setting[styling][loader][color]" value="<?php echo ($settings['styling']['loader']['color']) ? esc_attr($settings['styling']['loader']['color']) : '#ffffff'; ?>" class="wpas_color_field">
 </div>
 
@@ -873 +873 @@
                 <fieldset>
                 <label><?php echo esc_attr__( 'Search Button Text:', $this->plugin_text_domain ); ?></label>
-                 <input class="serach_input_style" type="text" name="search_form_setting[styling][search_button][text]" value="<?php echo ($settings['styling']['search_button']['text']) ? $settings['styling']['search_button']['text'] : 'Search'; ?>" />
+                 <input class="serach_input_style" type="text" name="search_form_setting[styling][search_button][text]" value="<?php echo ($settings['styling']['search_button']['text']) ? esc_attr($settings['styling']['search_button']['text']) : 'Search'; ?>" />
                 </fieldset>
                 </li>
                 <li>
                 <label><?php echo esc_attr__( 'Search Text Color:', $this->plugin_text_domain ); ?></label> 
-                <input type="text" name="search_form_setting[styling][search_button][font_color]" class="wpas_color_field" value="<?php echo ($settings['styling']['search_button']['font_color']) ? $settings['styling']['search_button']['font_color'] : '#000000'; ?>">
+                <input type="text" name="search_form_setting[styling][search_button][font_color]" class="wpas_color_field" value="<?php echo ($settings['styling']['search_button']['font_color']) ? esc_attr($settings['styling']['search_button']['font_color']) : '#000000'; ?>">
                  </li>
                  </ul>
@@ -908 +908 @@
                 <fieldset>
                 <label><?php echo esc_attr__( 'Search Text Font Size:', $this->plugin_text_domain ); ?></label>
-                <input class="restricted input_style" type="text" name="search_form_setting[styling][search_button][font_size]" value="<?php echo $settings['styling']['search_button']['font_size']?>" />
+                <input class="restricted input_style" type="text" name="search_form_setting[styling][search_button][font_size]" value="<?php echo esc_attr( $settings['styling']['search_button']['font_size']); ?>" />
                 <span class="pxValue nwPxValue"> <?php echo esc_attr__('px', $this->plugin_text_domain); ?></span>
                 </fieldset>
@@ -956 +956 @@
     <div class="wpas_search_right">
         <button class="button button-primary" type="submit"><?php echo esc_attr__('Save all changes', $this->plugin_text_domain); ?></button>
-        <?php //submit_button( 'Save all changes', 'primary','submit', true ); ?>
+        
         </form> 
 
@@ -962 +962 @@
             <input type="hidden" name="action" value="wpas_search_form_settings">
             <input type="hidden" name="search_setting_reset" value="<?php echo wp_create_nonce('reset_form_settings'); ?>" />
-            <input type="hidden" name="search_form_id" value="<?php echo $search_form_id; ?>">
+            <input type="hidden" name="search_form_id" value="<?php echo intval($search_form_id); ?>">
             <button class="button button-secondary" type="submit"><?php echo esc_attr__('Restore defaults', $this->plugin_text_domain); ?></button>
         </form>

advance-search/trunk/inc/admin/views/import-export.php

@@ -29 +29 @@
     <br/>
     <div class="imp_link">
-      <a class="back" href="<?php echo admin_url().'admin.php?page='.$this->plugin_name; ?>"><?php echo esc_attr__('Search list', $this->plugin_text_domain); ?></a>
-      <a class="statistics" href="<?php echo admin_url().'admin.php?page=wpas-statistics' ?>"><?php echo esc_attr__('Search Statistics', $this->plugin_text_domain); ?></a>
+      <a class="back" href="<?php echo esc_url(admin_url().'admin.php?page='.$this->plugin_name); ?>"><?php echo esc_attr__('Search list', $this->plugin_text_domain); ?></a>
+      <a class="statistics" href="<?php echo esc_url(admin_url().'admin.php?page=wpas-statistics');?>"><?php echo esc_attr__('Search Statistics', $this->plugin_text_domain); ?></a>
       <a class="go_pro_button" href="https://searchpro.ai/" target="_blank"><?php echo esc_attr__('Go Pro', $this->plugin_text_domain); ?> <i class="fa fa-diamond" aria-hidden="true"></i></a>
     </div>
@@ -42 +42 @@
             </h4>
         </div>
-            <img class="import_export_demo" src="<?php echo plugins_url().'/'.$this->plugin_name; ?>/inc/admin/images/import-export.png">
+            <img class="import_export_demo" src="<?php echo esc_url(plugins_url().'/'.$this->plugin_name); ?>/inc/admin/images/import-export.png">
          </div>
       </div>

advance-search/trunk/inc/admin/views/search-statistics.php

@@ -25 +25 @@
     <h3><?php echo esc_html( get_admin_page_title() ); ?></h3>
     <div class="imp_link">
-      <a class="back" href="<?php echo admin_url().'admin.php?page='.$this->plugin_name; ?>"><?php echo esc_attr__('Search list', $this->plugin_text_domain); ?></a>
+      <a class="back" href="<?php echo esc_url(admin_url().'admin.php?page='.$this->plugin_name); ?>"><?php echo esc_attr__('Search list', $this->plugin_text_domain); ?></a>
       <a class="go_pro_button" href="https://searchpro.ai/" target="_blank"><?php echo esc_attr__('Go Pro', $this->plugin_text_domain); ?> <i class="fa fa-diamond" aria-hidden="true"></i></a>
     </div>
@@ -37 +37 @@
   <div class="buy_pro_wrapper">
       <h4 class="title_heading">
-        <?php echo esc_attr__('* This feature only for pro version', $this->plugin_text_domain ); ?><a href="https://searchpro.ai/" target="_blank">Buy Now</a>
+        <?php echo esc_attr__('* This feature only for pro version', $this->plugin_text_domain ); ?><a href="https://searchpro.ai/" target="_blank"><?php echo esc_attr__('Buy Now', $this->plugin_text_domain ); ?></a>
       </h4>
   </div>
-
-  <img class="statistics_demo" src="<?php echo plugins_url().'/'.$this->plugin_name; ?>/inc/admin/images/statistics.png">
-
+  <img class="statistics_demo" src="<?php echo esc_url(plugins_url().'/'.$this->plugin_name); ?>/inc/admin/images/statistics.png">
 </div>
-
 </div>
 

advance-search/trunk/inc/admin/views/wpas-search.php

@@ -19 +19 @@
 $opt = get_option('wp_advance_search_settings');
 
-
+wp_register_script( 'advance-search-wpas-js', '',);
+wp_enqueue_script( 'advance-search-wpas-js' );
+wp_add_inline_script(
+    'advance-search-wpas-js', " var vle_nonce = '". wp_create_nonce('verify-wpas-email')."'"
+);
 ?>
-<script>
-var vle_nonce = "<?php echo wp_create_nonce('verify-wpas-email');?>";
-</script>
-<link rel='stylesheet' href="<?php echo plugins_url().'/'.$this->plugin_name; ?>/inc/admin/css/popup.css" type='text/css' media='all' />
+
 
 <?php
@@ -43 +44 @@
         
         <div>
-            <label for="<?php echo $this->plugin_text_domain; ?>-search_form"> <?php _e('Shortcode Name:', $this->plugin_text_domain); ?> </label>
-            <input required maxlength="20" id="<?php echo $this->plugin_text_domain; ?>-search_form" type="text" name="<?php echo "wpas"; ?>[search_form_name]" value="" placeholder="<?php _e('Enter Shortcode Name', $this->plugin_text_domain);?>"<?php echo (count($search_forms) < 3) ? '' : ' readonly="readonly"' ;?>/>
+            <label for="<?php echo esc_attr($this->plugin_text_domain); ?>-search_form"> <?php _e('Shortcode Name:', $this->plugin_text_domain); ?> </label>
+            <input required maxlength="20" id="<?php echo  esc_attr($this->plugin_text_domain); ?>-search_form" type="text" name="<?php echo "wpas"; ?>[search_form_name]" value="" placeholder="<?php _e('Enter Shortcode Name', $this->plugin_text_domain);?>"<?php echo (count($search_forms) < 3) ? '' : ' readonly="readonly"' ;?>/>
             <div class="submit"><input type="submit" name="submit" id="submit" class="<?php echo (count($search_forms) == 3) ? 'pointer-event-none' : '';?> btn-submit button button-primary" value="<?php _e('Create', $this->plugin_text_domain); ?>" <?php echo (count($search_forms) < 3) ? '' : ' ';?>/></div>
             <?php if(count($search_forms) >= 3){ ?>
@@ -51 +52 @@
             <?php if(isset($_GET['name-already-exists']) ){ ?>
             <p class="pro-info">* <?php _e('This name is already exists.', $this->plugin_text_domain); ?></p>
+            <?php }?>
+
+            <?php if(isset($_GET['name-maxlength']) ){ ?>
+            <p class="pro-info">* <?php _e('Shortcode name length must not exceed 20 character.', $this->plugin_text_domain); ?></p>
             <?php }?>
         </div>
@@ -70 +75 @@
                 foreach ($search_forms as $search_form_name) {
                     ?>
-                    <option value="<?php echo $search_form_name->id; ?>" <?php if($default_search_form_id == $search_form_name->id) {echo 'selected="selected"'; } ?>><?php echo $search_form_name->name; ?></option>
+                    <option value="<?php echo $search_form_name->id; ?>" <?php if($default_search_form_id == $search_form_name->id) {echo 'selected="selected"'; } ?>><?php echo esc_attr($search_form_name->name); ?></option>
                     <?php
                 }
@@ -83 +88 @@
             <?php }?>
     </div>
-        <p class="submit"><input type="submit" name="submit" id="replacesubmit" class="button button-primary" value="Save"></p>
+        <p class="submit"><input type="submit" name="submit" id="replacesubmit" class="button button-primary" value="<?php _e('Save', $this->plugin_text_domain); ?>"></p>
         
     </form>
@@ -108 +113 @@
                 foreach ($search_forms as $search_form_name) {
                     ?>
-                    <option value="<?php echo $search_form_name->id; ?>" <?php if($default_woo_search_form_id == $search_form_name->id) {echo 'selected="selected"'; } ?>><?php echo $search_form_name->name; ?></option>
+                    <option value="<?php echo intval($search_form_name->id); ?>" <?php if($default_woo_search_form_id == $search_form_name->id) {echo 'selected="selected"'; } ?>><?php echo esc_attr($search_form_name->name); ?></option>
                     <?php
                 }
@@ -115 +120 @@
         </select>
     </div>
-        <p class="submit"><input type="submit" name="submit" id="prosubmit" class="btn-submit button button-primary" value="Save"></p>
+        <p class="submit"><input type="submit" name="submit" id="prosubmit" class="btn-submit button button-primary" value="<?php _e('Save', $this->plugin_text_domain); ?>"></p>
     </form>
 </div>
@@ -138 +143 @@
             <li>
                 <span class="num_style"><?php echo $i;?>.</span> <span class="content_style">
-                <?php echo $search_form_name->name;?></span><input type="text" class="quick_shortcode" value="[wpas id=<?php echo $search_form_name->id; ?>]" readonly="readonly"> 
+                <?php echo esc_attr($search_form_name->name);?></span><input type="text" class="quick_shortcode" value="[wpas id=<?php echo intval($search_form_name->id); ?>]" readonly="readonly"> 
                 <span class="icons_sec">
-                   <a href="<?php echo admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$search_form_name->id; ?>" title="Edit Settings"><i class="fa fa-pencil-square-o" aria-hidden="true"></i></a> | <a href="javascript:void(0)" data-targent="ClonePopup" data-id="<?php echo $search_form_name->id; ?>" data-scname="<?php echo $search_form_name->name; ?>" data-type="clone_search" class="asearch_imp_ajax aclone_search" id="aclonesearch" data-ajax='Yes' title="Clone Settings" data_url="<?php echo admin_url('admin.php?page=advance-search')?>"><i class="fa fa-clone" aria-hidden="true"></i></a>| <a href="javascript:void(0)" data-id="<?php echo $search_form_name->id; ?>" data-type="delete_search" data-ajax='No' class="search_imp_ajax delete_search" title="Delete Search"><i class="fa fa-trash" aria-hidden="true"></i></a>
+                   <a href="<?php echo esc_url(admin_url().'admin.php?page='.$this->plugin_name.'&wpas_id='.$search_form_name->id); ?>" title="Edit Settings"><i class="fa fa-pencil-square-o" aria-hidden="true"></i></a> | <a href="javascript:void(0)" data-targent="ClonePopup" data-id="<?php echo intval($search_form_name->id); ?>" data-scname="<?php echo esc_attr($search_form_name->name); ?>" data-type="clone_search" class="asearch_imp_ajax aclone_search" id="aclonesearch" data-ajax='Yes' title="Clone Settings" data_url="<?php echo esc_url(admin_url('admin.php?page=advance-search'))?>"><i class="fa fa-clone" aria-hidden="true"></i></a>| <a href="javascript:void(0)" data-id="<?php echo intval($search_form_name->id); ?>" data-type="delete_search" data-ajax='No' class="search_imp_ajax delete_search" title="Delete Search"><i class="fa fa-trash" aria-hidden="true"></i></a>
                </span> 
            </li>
@@ -148 +153 @@
         }
         else {
-            echo "<p class='pl-10'>Oops! Shortcode(s) not found.<p>";
+            $html = "<p class='pl-10'>";
+            $html .= esc_attr__('Oops! Shortcode(s) not found.', $this->plugin_text_domain);
+            $html .= "</p>";
+            echo apply_filters('the_content',$html);
         }
     ?>
@@ -176 +184 @@
 
 </div>
-<div class="wpas_loader"><img src="<?php echo plugins_url().'/'.$this->plugin_name; ?>/inc/admin/images/loader3.gif" /></div>
-
-<style type="text/css">
-.pro_feature .buy_pro a {
-    position: absolute;
-    top: 50%;
-    text-align: center;
-    left: 50%;
-    background-color: #ff3547 !important;
-    color: #fff;
-    text-decoration: none;
-    padding: 6px 14px !important;
-    transform: translate(-50%, -50%);
-}
-.pro_feature .buy_pro {
-    height: 100%;
-    top: 0;
-    z-index: 99;
-}
-</style>
-
-<div class="popup_wrapper">
-
+<div class="wpas_loader"><img src="<?php echo esc_url(plugins_url().'/'.$this->plugin_name); ?>/inc/admin/images/loader3.gif" /></div>
 <?php
-        if (false === get_option('wpas_email_verified_'.$current_user->ID) && (false === (get_transient('wpas_cancel_lk_popup_'.$current_user->ID)))) {
-        ?>
-        <div id="lokhal_verify_email_popup" class="lokhal_verify_email_popup">
-            <div class="lokhal_verify_email_popup_overlay"></div>
-            <div class="lokhal_verify_email_popup_tbl">
-                <div class="lokhal_verify_email_popup_cel">
-                    <div class="lokhal_verify_email_popup_content">
-                        <a href="javascript:void(0)" class="lokhal_cancel"> <img src="<?php echo plugins_url('images/fm_close_icon.png', dirname(__FILE__)); ?>"
-                                class="wp_fm_loader" /></a>
-                        <div class="popup_inner_lokhal">
-                            <h3>
-                                <?php _e('Welcome to Advanced Search', 'advance-search'); ?>
-                            </h3>
-                            <p class="lokhal_desc">
-                                <?php _e('We love making new friends! Subscribe below and we promise to
-    keep you up-to-date with our latest new plugins, updates,
-    awesome deals and a few special offers.', 'advance-search'); ?>
-                            </p>
-                            <form>
-                                <div class="form_grp">
-                                    <div class="form_twocol">
-                                        <input name="verify_lokhal_fname" id="verify_lokhal_fname" class="regular-text"
-                                            type="text" value="<?php echo (null == get_option('verify_wpas_fname_'.$current_user->ID)) ? $current_user->user_firstname : get_option('verify_wpas_fname_'.$current_user->ID); ?>"
-                                            placeholder="First Name" maxlength="20"/>
-                                        <span id="fname_error" class="error_msg">
-                                            <?php _e('Please Enter First Name.', 'advance-search'); ?></span>
-                                    </div>
-                                    <div class="form_twocol">
-                                        <input name="verify_lokhal_lname" id="verify_lokhal_lname" maxlength="20" class="regular-text"
-                                            type="text" value="<?php echo (null ==
-            get_option('verify_wpas_lname_'.$current_user->ID)) ? $current_user->user_lastname : get_option('verify_wpas_lname_'.$current_user->ID); ?>"
-                                            placeholder="Last Name" />
-                                        <span id="lname_error" class="error_msg">
-                                            <?php _e('Please Enter Last Name.', 'advance-search'); ?></span>
-                                    </div>
-                                </div>
-                                <div class="form_grp">
-                                    <div class="form_onecol">
-                                        <input name="verify_lokhal_email" id="verify_lokhal_email" class="regular-text"
-                                            type="email" value="<?php echo (null == get_option('wpas_email_address_'.$current_user->ID)) ? $current_user->user_email : get_option('wpas_email_address_'.$current_user->ID); ?>"
-                                            placeholder="Email Address" />
-                                        <span id="email_error" class="error_msg">
-                                            <?php _e('Please Enter Email Address.', 'advance-search'); ?></span>
-                                            <span id="email_error_valid" class="error_msg"><?php _e('Please Enter Valid Email Address.', 'advance-search'); ?></span>
-                                    </div>
-                                </div>
-                                <div class="btn_dv">
-                                    <button class="verify verify_local_email button button-primary "><span class="btn-text"><?php _e('Verify', 'advance-search'); ?>
-                                        </span>
-                                        <span class="btn-text-icon">
-                                            <img src="<?php echo plugins_url('images/btn-arrow-icon.png', dirname(__FILE__)); ?>" />
-                                        </span></button>
-                                    <button class="lokhal_cancel button">
-                                        <?php _e('No Thanks', 'advance-search'); ?></button>
-                                </div>
-                            </form>
-                        </div>
-                        <div class="fm_bot_links">
-                            <a href="https://searchpro.ai/terms-condition/" target="_blank">
-                                <?php _e('Terms of Service', 'advance-search'); ?></a> <a href="https://searchpro.ai/privacy-policy/"
-                                target="_blank">
-                                <?php _e('Privacy Policy', 'advance-search'); ?></a>
-                        </div>
-
-                    </div>
-                </div>
-            </div>
-        </div>
-
-        <?php
-   } ///***** Verify Lokhal Popup End *****///?>
-
-</div>
-
+    include_once('wpas_popup.php');
+?>
 <div class="fm_msg_popup">
     <div class="fm_msg_popup_tbl">
@@ -290 +204 @@
     <div class="aspopup">
         <div class="aspopup-header">
-            <h2>Clone Shortcode: <span class="csname-heading"></span></h2>
+            <h2><?php _e( 'Clone Shortcode:', $this->plugin_text_domain); ?> <span class="csname-heading"></span></h2>
             <a class="close" href="javascript:void(0)">&times;</a>
         </div>
@@ -307 +221 @@
                  <div class="aspopup-form-area">
                 
-                <input required maxlength="20" id="<?php echo $this->plugin_text_domain; ?>-ajaxsearch_form" type="text" name="<?php echo "wpas"; ?>[search_form_name]" value="" placeholder="<?php _e('Enter Shortcode Name', $this->plugin_text_domain);?>"<?php echo (count($search_forms) < 3) ? '' : ' readonly="readonly"' ;?>/>
+                <input required maxlength="20" id="<?php echo esc_attr($this->plugin_text_domain); ?>-ajaxsearch_form" type="text" name="<?php echo "wpas"; ?>[search_form_name]" value="" placeholder="<?php _e('Enter Shortcode Name', $this->plugin_text_domain);?>"<?php echo (count($search_forms) < 3) ? '' : ' readonly="readonly"' ;?>/>
                 
-                <input type="button" name="submit" id="clone_search" data-ajax='Yes' title="Clone Settings" data_url="<?php echo admin_url('admin.php?page=advance-search')?>" data-id="" data-type="clone_search" class="search_imp_ajax clone_search" value="<?php _e('Clone', $this->plugin_text_domain); ?>" <?php echo (count($search_forms) < 3) ? '' : ' ';?>/>
+                <input type="button" name="submit" id="clone_search" data-ajax='Yes' title="<?php _e('Clone Settings', $this->plugin_text_domain); ?>" data_url="<?php echo esc_url(admin_url('admin.php?page=advance-search'))?>" data-id="" data-type="clone_search" class="search_imp_ajax clone_search" value="<?php _e('Clone', $this->plugin_text_domain); ?>" <?php echo (count($search_forms) < 3) ? '' : ' ';?>/>
                 </div>
 
                <?php }?>
                 <p class="pro-info as-alreadyexists" style="display:none">* <?php _e('This name is already exists.', $this->plugin_text_domain); ?></p>
+                <p class="pro-info as-namelength" style="display:none">* <?php _e('Name must not exceed 20 character..', $this->plugin_text_domain); ?></p>
                 <p class="pro-info as-validname" style="display:none">* <?php _e('Please enter Shortcode Name.', $this->plugin_text_domain); ?></p>
                 <p class="pro-infoq as-success" style="display:none"><?php _e('Shortcode Successfully created.', $this->plugin_text_domain); ?></p>

advance-search/trunk/inc/admin/views/wpas_popup.php

@@ -6 +6 @@
 
 $current_user = wp_get_current_user();
-
-?>
-
-<script>
-var vle_nonce = "<?php echo wp_create_nonce('verify-wpas-email');?>";
-</script>
-<link rel='stylesheet' href="<?php echo plugins_url().'/'.$this->plugin_name; ?>/inc/admin/css/popup.css" type='text/css' media='all' />
-
-
+wp_register_script( 'advance-search-inlinepopup-js', '',);
+wp_enqueue_script( 'advance-search-inlinepopup-js' );
+wp_add_inline_script(
+    'advance-search-inlinepopup-js', 'var vle_nonce = "'. wp_create_nonce("verify-wpas-email").'"'
+); ?>
 <div class="popup_wrapper">
-
 <?php 
     if (false === get_option('wpas_email_verified_'.$current_user->ID) && (false === (get_transient('wpas_cancel_lk_popup_'.$current_user->ID)))) {
@@ -25 +20 @@
                 <div class="lokhal_verify_email_popup_cel">
                     <div class="lokhal_verify_email_popup_content">
-                        <a href="javascript:void(0)" class="lokhal_cancel"> <img src="<?php echo plugins_url('images/fm_close_icon.png', dirname(__FILE__)); ?>"
+                        <a href="javascript:void(0)" class="lokhal_cancel"> <img src="<?php echo esc_url(plugins_url('images/fm_close_icon.png', dirname(__FILE__))); ?>"
                                 class="wp_fm_loader" /></a>
                         <div class="popup_inner_lokhal">
@@ -32 +27 @@
                             </h3>
                             <p class="lokhal_desc">
-                                <?php _e('We love making new friends! Subscribe below and we promise to
-    keep you up-to-date with our latest new plugins, updates,
-    awesome deals and a few special offers.', 'advance-search'); ?>
+                                <?php _e('We love making new friends! Subscribe below and we promise to keep you up-to-date with our latest new plugins, updates, awesome deals and a few special offers.', 'advance-search'); ?>
                             </p>
                             <form>
@@ -40 +33 @@
                                     <div class="form_twocol">
                                         <input name="verify_lokhal_fname" id="verify_lokhal_fname" class="regular-text"
-                                            type="text" value="<?php echo (null == get_option('verify_wpas_fname_'.$current_user->ID)) ? $current_user->user_firstname : get_option('verify_wpas_fname_'.$current_user->ID); ?>"
-                                            placeholder="First Name" maxlength="20"/>
+                                            type="text" value="<?php echo (null == get_option('verify_wpas_fname_'.$current_user->ID)) ? esc_attr($current_user->user_firstname) : get_option('verify_wpas_fname_'.$current_user->ID); ?>"
+                                            placeholder="<?php _e('First Name', 'advance-search'); ?> " maxlength="20"/>
                                         <span id="fname_error" class="error_msg">
                                             <?php _e('Please Enter First Name.', 'advance-search'); ?></span>
@@ -48 +41 @@
                                         <input name="verify_lokhal_lname" id="verify_lokhal_lname" maxlength="20" class="regular-text"
                                             type="text" value="<?php echo (null ==
-            get_option('verify_wpas_lname_'.$current_user->ID)) ? $current_user->user_lastname : get_option('verify_wpas_lname_'.$current_user->ID); ?>"
-                                            placeholder="Last Name" />
+            get_option('verify_wpas_lname_'.$current_user->ID)) ? esc_attr($current_user->user_lastname) : get_option('verify_wpas_lname_'.$current_user->ID); ?>"
+                                            placeholder="<?php _e('Last Name', 'advance-search'); ?>" />
                                         <span id="lname_error" class="error_msg">
                                             <?php _e('Please Enter Last Name.', 'advance-search'); ?></span>
@@ -57 +50 @@
                                     <div class="form_onecol">
                                         <input name="verify_lokhal_email" id="verify_lokhal_email" class="regular-text"
-                                            type="email" value="<?php echo (null == get_option('wpas_email_address_'.$current_user->ID)) ? $current_user->user_email : get_option('wpas_email_address_'.$current_user->ID); ?>"
-                                            placeholder="Email Address" />
+                                            type="email" value="<?php echo (null == get_option('wpas_email_address_'.$current_user->ID)) ? esc_attr($current_user->user_email) : get_option('wpas_email_address_'.$current_user->ID); ?>"
+                                            placeholder="<?php _e('Email Address', 'advance-search'); ?>" />
                                         <span id="email_error" class="error_msg">
                                             <?php _e('Please Enter Email Address.', 'advance-search'); ?></span>
@@ -68 +61 @@
                                         </span>
                                         <span class="btn-text-icon">
-                                            <img src="<?php echo plugins_url('images/btn-arrow-icon.png', dirname(__FILE__)); ?>" />
+                                            <img src="<?php echo esc_attr(plugins_url('images/btn-arrow-icon.png', dirname(__FILE__))); ?>" />
                                         </span></button>
                                     <button class="lokhal_cancel button">

advance-search/trunk/inc/common/class-common.php

@@ -124 +124 @@
             $search_form_table = $wpdb->prefix."wpas_index";
 
-            $search_form_settings = $wpdb->get_results($wpdb->prepare("SELECT data FROM $search_form_table where id=%d", $form_id));
+            $search_form_settings = $wpdb->get_row($wpdb->prepare("SELECT data FROM $search_form_table where id=%d", $form_id));
             
             if($wpdb->num_rows > 0) {
 
-                $search_form_settings = json_decode($search_form_settings[0]->data, true);
+                $search_form_settings = json_decode($search_form_settings->data, true);
                 $t_data = array();
 
@@ -140 +140 @@
                     // check if enable any specific title or content in search areas
 
-                    if(array_key_exists('search_areas', $search_form_settings['post_types'])) {
+                    if(array_key_exists('search_areas', $search_form_settings['post_types']) && !empty($search_form_settings['post_types']['search_areas'])) {
                         $search_columns = implode(',', $search_form_settings['post_types']['search_areas']);
 
@@ -159 +159 @@
                     // check if meta keys added
                     $join = '';
-                    $where = '';
-                    $post_meta_keys = $search_form_settings['post_types']['meta_keys']['0'];
-                    if($post_meta_keys != '') {
+                    $where = "AND post_status='publish'";
+                    $post_meta_keys = isset($search_form_settings['post_types']['meta_keys']['0']) ? $search_form_settings['post_types']['meta_keys']['0'] : '';
+                    if(!empty($post_meta_keys)) {
                         
                         $post_meta_keys_array = explode(',',$post_meta_keys);
@@ -169 +169 @@
                             foreach($post_meta_keys_array as $meta_key) {
 
-                                $join .= 'INNER JOIN '.$postmeta_table.' m'.$m.' ON ('.$wp_posts_table.'.ID = m'.$m.'.post_id) ';
+                                $join .= 'INNER JOIN '.$postmeta_table.' m'.$m.' ON ('.$wp_posts_table.'.ID = m'.$m.'.post_id AND '.$wp_posts_table.'.post_status="publish") ';
                                 $where .= " OR ( m".$m.".meta_key = '$meta_key' AND m".$m.".meta_value like '%$s%') ";
 
@@ -180 +180 @@
                     // check search type
                     
-                    if($search_type == 'full_word' || $search_type == '') {
-                        $post_page_query = "SELECT ID, post_title, post_type, post_content, post_status FROM $wp_posts_table $join WHERE post_type IN($post_types) AND MATCH ($search_columns) AGAINST ('$s' IN BOOLEAN MODE) $where AND post_status='publish' GROUP BY ID";
+                    if($search_type == 'full_word' || empty($search_type) ) {
+                        $post_page_query = "SELECT ID, post_title, post_type, post_content, post_status FROM $wp_posts_table $join WHERE post_type IN($post_types) AND MATCH ($search_columns) AGAINST ('$s' IN BOOLEAN MODE) $where  GROUP BY ID";
                     
                     }
                     else {
-                        $post_page_query = "SELECT ID, post_title, post_type, post_content, post_status FROM $wp_posts_table $join WHERE post_type IN($post_types) AND ($like) $where AND post_status = 'publish' GROUP By ID"; 
+                        $post_page_query = "SELECT ID, post_title, post_type, post_content, post_status FROM $wp_posts_table $join WHERE post_type IN($post_types) AND ($like) $where  GROUP By ID";    
                     }
 
@@ -205 +205 @@
                 // custom taxonomies search
 
-                if(isset($search_form_settings['taxonomies']) && array_key_exists('taxonomies', $search_form_settings['taxonomies'])) {
-
+                if(isset($search_form_settings['taxonomies']) && array_key_exists('taxonomies', $search_form_settings['taxonomies']) && !empty($search_form_settings['taxonomies']['taxonomies']  )) {
                 
-                $args = array(
-                    'taxonomy'      => $search_form_settings['taxonomies']['taxonomies'], // taxonomy name
-                    'orderby'       => 'id', 
-                    'order'         => 'ASC',
-                    'fields'        => 'all',
-                    'name__like'    => $s
-                );
-
-                // description search
-
-                $args_description = array(
-                    'taxonomy'      => $search_form_settings['taxonomies']['taxonomies'], // taxonomy name
-                    'orderby'       => 'id', 
-                    'order'         => 'ASC',
-                    'fields'        => 'all',
-                    'description__like' => $s
-                );
-
-                $terms_result = array();
-
-                // check if enable any specific title or content in search areas
-
-                if(array_key_exists('search_areas', $search_form_settings['taxonomies'])) {
+                    $args = array(
+                        'taxonomy'      => $search_form_settings['taxonomies']['taxonomies'], // taxonomy name
+                        'orderby'       => 'id', 
+                        'order'         => 'ASC',
+                        'fields'        => 'all',
+                        'name__like'    => $s
+                    );
+
+                    // description search
+                    $args_description = array(
+                        'taxonomy'      => $search_form_settings['taxonomies']['taxonomies'], // taxonomy name
+                        'orderby'       => 'id', 
+                        'order'         => 'ASC',
+                        'fields'        => 'all',
+                        'description__like' => $s
+                    );
+
+                    $terms_result = array();
+
+                    // check if enable any specific title or content in search areas
+
+                    if(array_key_exists('search_areas', $search_form_settings['taxonomies']) && (isset($search_form_settings['taxonomies']['search_areas']['content']) || isset($search_form_settings['taxonomies']['search_areas']['title']) )) {
                     
-                    if(array_key_exists('title', $search_form_settings['taxonomies']['search_areas']) && !isset($search_form_settings['taxonomies']['search_areas']['content'])) {
-
-                        $terms_result = get_terms( $args );
-
-                    } if(array_key_exists('content', $search_form_settings['taxonomies']['search_areas']) && !isset($search_form_settings['taxonomies']['search_areas']['title'])) {
-
-                        $terms_result = get_terms( $args_description );
-
-                    } if(isset($search_form_settings['taxonomies']['search_areas']['title']) && isset($search_form_settings['taxonomies']['search_areas']['content'])) {
-
+                        if(array_key_exists('title', $search_form_settings['taxonomies']['search_areas']) && !isset($search_form_settings['taxonomies']['search_areas']['content'])) {
+                            $terms_result = get_terms( $args );
+
+                        } if(array_key_exists('content', $search_form_settings['taxonomies']['search_areas']) && !isset($search_form_settings['taxonomies']['search_areas']['title'])) {
+                            $terms_result = get_terms( $args_description );
+
+                        } if(isset($search_form_settings['taxonomies']['search_areas']['title']) && isset($search_form_settings['taxonomies']['search_areas']['content'])) {
+                            $terms = get_terms( $args );
+                            $terms1 = get_terms( $args_description );
+                            $terms_m = array_merge($terms, $terms1);
+                            $terms_result = array_unique($terms_m, SORT_REGULAR);
+                        }
+
+                    } else {
+                    
                         $terms = get_terms( $args );
-                        $terms1 = get_terms( $args_description );
-                        $terms_m = array_merge($terms, $terms1);
-                        $terms_result = array_unique($terms_m, SORT_REGULAR);
-                    }
-
-                } else {
-
-                    $terms = get_terms( $args );
-                    $terms1 = get_terms( $args_description);
-                    $terms_merge = array_merge($terms, $terms1);
-                    $terms_result = array_unique($terms_merge, SORT_REGULAR);
-
-                }
+                        $terms1 = get_terms( $args_description);
+                        $terms_merge = array_merge($terms, $terms1);
+                        $terms_result = array_unique($terms_merge, SORT_REGULAR);
+
+                    }
+                
                     $count = count($terms_result);
             
@@ -268 +264 @@
                 // attachments search
 
-                if(array_key_exists('attachments', $search_form_settings)) {
+                if(array_key_exists('attachments', $search_form_settings) && !empty($search_form_settings['attachments'])) {
                     $attachments_mime_type = '"'.implode('","', $search_form_settings['attachments']).'"';
-
-                    $wp_post_attachments_data = array('');
-
+                    $wp_post_attachments_data = array();
                     if(in_array('image/jpeg', $search_form_settings['attachments']) || in_array('image/gif', $search_form_settings['attachments']) || in_array('image/png', $search_form_settings['attachments'])) {
 
                     // check search type
-
-                    if($search_type == '' || $search_type == 'full_word') {
+                    
+                    if( empty($search_type) || $search_type == 'full_word') {
                         $wp_post_attachment_query = "SELECT ID, post_title, post_content, post_type, guid, post_mime_type FROM $wp_posts_table WHERE post_mime_type IN ($attachments_mime_type) AND MATCH (post_title, post_content) AGAINST ('$s' IN NATURAL LANGUAGE MODE) GROUP BY ID";
                     }
@@ -284 +278 @@
                     }
 
-                
                     $wp_post_attachments_data = $wpdb->get_results($wp_post_attachment_query);
 
@@ -290 +283 @@
 
                     $attachments_data = $wp_post_attachments_data;
-
                     if(!empty($attachments_data)) {
                         foreach ($attachments_data as $attach_final) {
@@ -316 +308 @@
                 $final_data['form_id'] = $form_id;
                 $final_data['html'] = $html;
-
                 // Echo the response to the AJAX request.
                 wp_send_json($final_data);
-                // wp_send_json will also die().
-
+                
             }
         }
@@ -383 +373 @@
         $custom_title = sanitize_text_field(htmlentities($setting['title']));
         
-        $search_forms = $wpdb->get_results($wpdb->prepare("SELECT id, name, data FROM $search_form_table where id=%d",$form_id));
+        $search_forms = $wpdb->get_row($wpdb->prepare("SELECT id, name, data FROM $search_form_table where id=%d",$form_id));
 
         if($wpdb->num_rows > 0) {
-            $form_title = $search_forms[0]->name;
-            $form_setting = json_decode($search_forms[0]->data, true);
-
-            if(array_key_exists('voice_search', $form_setting) && strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== false) {
-                $in_name = esc_attr( $this->plugin_name ).'_voice';
-            }
-            else {
-                $in_name = esc_attr( $this->plugin_name ).'_'.$form_id;
-            }
-
+            $form_title = $search_forms->name;
+            $form_setting = json_decode($search_forms->data, true);
+            $in_name = esc_attr( $this->plugin_name ).'_'.$form_id;
             $loader_icon = 'sbl-circ';
             $magnifire_icon = 'search';
-            $button_icon_position = $form_setting['styling']['magnifire']['position'];
-            $button_text = $form_setting['styling']['search_button']['text'];
-
-            $show_submit_button_text = $form_setting['styling']['search_button']['show_search_text'];
-            $show_magnifire_icon = $form_setting['styling']['search_button']['show_maginfier_icon'];
+            $button_icon_position = sanitize_text_field($form_setting['styling']['magnifire']['position']);
+            $button_text = sanitize_text_field($form_setting['styling']['search_button']['text']);
+
+            $show_submit_button_text = sanitize_text_field($form_setting['styling']['search_button']['show_search_text']);
+            $show_magnifire_icon = sanitize_text_field($form_setting['styling']['search_button']['show_maginfier_icon']);
             $submit_button_text = '';
-            if(isset($show_submit_button_text) && $show_submit_button_text != '') {
-                $submit_button_text = '<div class="button_text_holder">'.esc_attr__($button_text, $this->plugin_text_domain).'</div>';
-            }
-            else {
-                $submit_button_text = '';
+            if(isset($show_submit_button_text) && !empty($show_submit_button_text) ) {
+                $submit_button_text = '<div class="button_text_holder">'.esc_attr($button_text).'</div>';
             }
 
             $magnifire_icon_show = '';
-            if(isset($show_magnifire_icon) && $show_magnifire_icon != '') {
+            if(isset($show_magnifire_icon) && !empty($show_magnifire_icon )) {
                 $magnifire_icon_show = '<i class="fa fa-'.$magnifire_icon.'"></i>';
-            }
-            else {
-                $magnifire_icon_show = '';
             }
             
             $title = '';
 
-            if($custom_title != '') {
-                $title = '<h3>'.esc_attr__($custom_title, $this->plugin_text_domain).'</h3>';
+            if( !empty($custom_title )) {
+                $title = '<h3>'.esc_attr($custom_title).'</h3>';
             }
 
@@ -432 +409 @@
         <div class="input_cont '.$button_icon_position.'">
             <div class="wpas_input_container" id="wpas_input_container_'.$form_id.'">
-                <div class="input_box"><input required class="wpas_search_input" id="wpas_search_input_'.$form_id.'" type="search" placeholder="Search here..." name="'.$in_name.'" data-formid="'.$form_id.'" />
+                <div class="input_box"><input required class="wpas_search_input" id="wpas_search_input_'.$form_id.'" type="search" placeholder="'. __("Search here...", $this->plugin_text_domain ).'" name="'.$in_name.'" data-formid="'.$form_id.'" />
                 </label>
                 <div class="wpas_search_loader_icon" style="display:none;"><div class="'.$loader_icon.'"></div></div>
@@ -451 +428 @@
 
         }else {
-            $form .= "<p class='alert alert-danger'>Search form not found !</p>";
+            $form .= "<p class='alert alert-danger'>". esc_attr__('Search form not found !', $this->plugin_text_domain)."</p>";
         }
 
@@ -544 +521 @@
                 $search_button_font_color = $search_button_settings['font_color'];
                 
-    ?> 
-        <style>
-       
-           .wpas_form_container_<?php echo $search_form->id; ?> {
-                width: <?php echo $desktop_box_width; ?>;
-                max-width: <?php echo $desktop_box_width; ?>;
-                background-color: <?php echo $search_box_bg_color; ?>;
-                padding: <?php echo $search_box_padding; ?>;
-                border: <?php echo $search_box_border; ?>;
-                border-radius: <?php echo $search_box_border_radius; ?>;
+            wp_register_style( 'advance-search-commonform-css', false );
+            wp_enqueue_style( 'advance-search-commonform-css' );
+            wp_add_inline_style(
+                'advance-search-commonform-css',
+           '.wpas_form_container_'.esc_attr($search_form->id).' {
+                width: '.esc_attr($desktop_box_width).';
+                max-width: '.esc_attr($desktop_box_width).';
+                background-color: '.esc_attr($search_box_bg_color).';
+                padding: '.esc_attr($search_box_padding).';
+                border: '. esc_attr($search_box_border).';
+                border-radius: '.esc_attr($search_box_border_radius).';
                 
            }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_input_container{
-                width: <?php echo $desktop_box_width; ?>;
-                max-width: <?php echo $desktop_box_width; ?>;
-                height: <?php echo $search_box_height; ?>px;
+           .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_input_container{
+                width: '.esc_attr($desktop_box_width).';
+                max-width: '. esc_attr($desktop_box_width).';
+                height: '.esc_attr( $search_box_height).'px;
                 overflow:hidden;
                 position: relative;
            }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper form {
+           .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper form {
             margin: 0px;
             height:100%;
@@ -569 +547 @@
             display: block;
            }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper form .input_cont {
+           .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper form .input_cont {
               width: 100%;
               display: flex;
            }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper form .input_cont.left{
+           .wpas_form_container_'. esc_attr($search_form->id).' .wpas_wrapper form .input_cont.left{
             flex-direction: row-reverse;
            }
@@ -597 +575 @@
                 text-decoration: none;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .input_box{
+            .wpas_form_container_'.esc_attr( $search_form->id).' .wpas_wrapper .input_box{
                 width:100%;
                 float: left;
                 position: relative;
             }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper input[type=search] {
-            font-size:<?php echo $search_input_font_size; ?>;
+           .wpas_form_container_'.esc_attr( $search_form->id).' .wpas_wrapper input[type=search] {
+            font-size:'.esc_attr($search_input_font_size).';
             padding: 5px;
-            height: <?php echo $search_box_height; ?>px;
-            border: <?php echo $search_input_border; ?>;
-            border-radius: <?php echo $search_input_border_radius; ?>;
-            line-height: <?php echo $search_input_line_height; ?>;
-            background-color: <?php echo $search_input_bg_color; ?>;
-            color: <?php echo $search_input_font_color; ?> !important;
+            height: '.esc_attr($search_box_height).'px;
+            border: '.esc_attr($search_input_border).';
+            border-radius: '.esc_attr($search_input_border_radius).';
+            line-height: '.esc_attr($search_input_line_height).';
+            background-color: '.esc_attr($search_input_bg_color).';
+            color: '.esc_attr($search_input_font_color).' !important;
             float: left;
             width:100%;
@@ -617 +595 @@
             
            }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper input[type=search]:focus {
+           .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper input[type=search]:focus {
                 outline: none !important;
             }
-           .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper input[type=search]::-webkit-input-placeholder {
-            color: <?php echo $search_input_font_color; ?> !important;
+           .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper input[type=search]::-webkit-input-placeholder {
+            color: '.esc_attr($search_input_font_color).' !important;
            }
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .voice-search-wrapper.wpas_voice_search .wpas_search_loader_icon, .wpas_form_container_<?php echo $search_form->id; ?> .voice-search-wrapper.wpas_voice_search .wpas_search_close {
+            .wpas_form_container_'.esc_attr($search_form->id).' .voice-search-wrapper.wpas_voice_search .wpas_search_loader_icon, .wpas_form_container_'. esc_attr($search_form->id).' .voice-search-wrapper.wpas_voice_search .wpas_search_close {
                 right: 35px;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_input_container .input_box .voice-search-button {
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_input_container .input_box .voice-search-button {
                 right: 0px !important;
             }
 
           
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_submit_wrapper {
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_submit_wrapper {
                 width:auto;
                 height:100%;
                 float: right;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon{
-                background:<?php echo $magnifire_icon_bg_color; ?>;
-                height: <?php echo $search_box_height; ?>px;
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon{
+                background:'.esc_attr($magnifire_icon_bg_color).';
+                height: '.esc_attr($search_box_height).'px;
                 transform: translate(0px, 0px);
-                line-height: <?php echo $search_box_height; ?>px;
+                line-height: '.esc_attr($search_box_height).'px;
                 text-align: center;
                 padding: 0 12px;
@@ -650 +628 @@
                 white-space: nowrap;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon span.text_search{
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon span.text_search{
                 padding-right: 5px;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon .new_icon_div{
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon .new_icon_div{
                  position: absolute;
                  top:50%;
@@ -663 +641 @@
                   padding:0px 10px;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon i.fa {
-                color: <?php echo $magnifire_icon_color; ?>;
-                font-size:<?php echo $search_button_font_size; ?>;
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_submit_wrapper .wpas_margnifire_icon i.fa {
+                color: '.esc_attr($magnifire_icon_color).';
+                font-size:'.esc_attr($search_button_font_size).';
                 display: inline-block;
             }
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_submit_wrapper .button_text_holder {
-                color:<?php echo $search_button_font_color; ?>;
-                font-size:<?php echo $search_button_font_size; ?>;
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_submit_wrapper .button_text_holder {
+                color:'.esc_attr($search_button_font_color).';
+                font-size:'.esc_attr($search_button_font_size).';
                 margin-left: 5px;
                 display: inline-block;
                 line-height: normal;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper 
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper 
             .wpas_search_loader_icon {
                 float: left;
@@ -689 +667 @@
             /*********** loader color and size ***********/
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper 
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper 
             .wpas_search_loader_icon .lds-hourglass {
               display: inline-block;
@@ -697 +675 @@
               margin-right: 10px;
             }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper 
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper 
             .wpas_search_loader_icon .lds-hourglass:after {
               content: " ";
@@ -705 +683 @@
               height: 0;
               box-sizing: border-box;
-              border: 18px solid <?php echo $loader_icon_color; ?>;
-              border-color: <?php echo $loader_icon_color; ?> transparent <?php echo $loader_icon_color; ?> transparent;
+              border: 18px solid '.esc_attr($loader_icon_color).';
+              border-color: '.esc_attr($loader_icon_color).' transparent '.esc_attr($loader_icon_color).' transparent;
               animation: lds-hourglass 1.2s infinite;
             }
@@ -723 +701 @@
             }
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper 
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper 
             .wpas_search_loader_icon .sbl-circ {
               height: 25px;
               width: 25px;
-              color: <?php echo $loader_icon_color; ?>;
+              color: '.esc_attr($loader_icon_color).';
               position: relative;
               display: inline-block;
@@ -744 +722 @@
             /**********************/
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper 
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper 
             .wpas_search_loader_icon .sbl-circ-path {
               height: 30px;
@@ -753 +731 @@
               border: 4px solid;
               border-radius: 50%;
-              border-right-color: <?php echo $loader_icon_color; ?>;
+              border-right-color: '.esc_attr($loader_icon_color).';
               animation: rotate 1s linear infinite; }
 
@@ -765 +743 @@
             /**************/
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper 
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper 
             .wpas_search_loader_icon .sbl-sticks-spin {
               height: 30px;
               width: 3px;
-              background: <?php echo $loader_icon_color; ?>;
+              background: '.esc_attr($loader_icon_color).';
               position: relative;
               display: inline-block;
               border-radius: 5px;
               animation: animateSticks1 3s ease infinite; }
-              .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::before, .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::after {
+              .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::before, .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::after {
                 height: inherit;
                 width: inherit;
-                content: '';
+                content: "";
                 display: block;
                 background: inherit;
                 position: absolute;
                 border-radius: 4px; }
-              .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::before {
+              .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::before {
                 left: 0;
-                animation: animateSticks2 1s .5s ease infinite; }
-              .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::after {
+                animation: animateSticks2 1s .5s ease infinite;
+             }
+              .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .sbl-sticks-spin::after {
                 right: 0;
                 animation: animateSticks3 1s 1s ease infinite; }
@@ -821 +800 @@
             /**********************/
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .loader04 {
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .loader04 {
               width: 30px;
               height: 30px;
-              border: 2px solid <?php echo $loader_icon_color; ?>;
+              border: 2px solid '.esc_attr($loader_icon_color).';
               border-radius: 50%;
               position: relative;
               animation: loader-rotate 1s ease-in-out infinite;
              }
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .loader04::after {
-                content: '';
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .loader04::after {
+                content: " ";
                 width: 10px;
                 height: 10px;
                 border-radius: 50%;
-                background: <?php echo $loader_icon_color; ?>;
+                background: '.esc_attr($loader_icon_color).';
                 position: absolute;
                 top: -6px;
@@ -846 +825 @@
                 transform: rotate(360deg); } }
 
-            .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_search_loader_icon .loader05 {
+            .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_search_loader_icon .loader05 {
               width: 35px;
               height: 35px;
-              border: 4px solid <?php echo $loader_icon_color; ?>;
+              border: 4px solid '.esc_attr($loader_icon_color).';
               border-radius: 50%;
               position: relative;
@@ -876 +855 @@
             /* Ipad view  */
             @media(min-width:768px) and (max-width:1024px){
-                .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_input_container{
-                    width: <?php echo $tablet_box_width; ?>;
-                    max-width: <?php echo $tablet_box_width; ?>;
+                .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_input_container{
+                    width: '.esc_attr($tablet_box_width).';
+                    max-width: '.esc_attr($tablet_box_width).';
                 }
             }
             /* Mobile view  */
             @media(max-width:767px){
-                .wpas_form_container_<?php echo $search_form->id; ?> .wpas_wrapper .wpas_input_container{
-                    width: <?php echo $mobile_box_width; ?>;
-                    max-width: <?php echo $mobile_box_width; ?>;
+                .wpas_form_container_'.esc_attr($search_form->id).' .wpas_wrapper .wpas_input_container{
+                    width: '.esc_attr($mobile_box_width).';
+                    max-width: '.esc_attr($mobile_box_width).';
                 }
-            }
-
-        </style>
-        <?php
+            }'
+
+        );
         $i++;
         } // end foreach
@@ -903 +881 @@
         $woo_form_key = $this->plugin_name.'_default_woo_search';
         $default_search_form_id = get_option($theme_search_form_key);
-        $default_woo_search_form_id = get_option($woo_form_key);
-
         // if default form selected
 
@@ -921 +897 @@
         global $wpdb;
         $search_form_table = $wpdb->prefix."wpas_index";
-        $search_form_setting = $wpdb->get_results($wpdb->prepare("SELECT * FROM $search_form_table where id=%d",$default_search_form_id));
-        $settings = json_decode($search_form_setting[0]->data, true);
-
-        ?>
-        <script type="text/javascript">
-            jQuery(document).ready(function() {
+        $search_form_setting = $wpdb->get_row($wpdb->prepare("SELECT * FROM $search_form_table where id=%d",$default_search_form_id));
+        $settings = json_decode($search_form_setting->data, true);
+
+        wp_register_script( 'advance-search-formcommon-js', '',);
+        wp_enqueue_script( 'advance-search-formcommon-js' );
+        wp_add_inline_script(
+            'advance-search-formcommon-js',
+    
+            "jQuery(document).ready(function() {
                 var speechInputWrappers = document.querySelectorAll('form.search-form:not(.wpas_search_form)');
                 
@@ -956 +935 @@
                     inputEl.classList.add('wpas_search_input');
                     inputEl.classList.add('search_form_added');
-                    inputEl.setAttribute('data-formid', '<?php echo $default_search_form_id; ?>');
+                    inputEl.setAttribute('data-formid', ". intval($default_search_form_id). ");
                     inputEl.setAttribute('style', 'margin-bottom: 0;');
                     inputSubmit.classList.add('wpas_search_submit');
                     inputSubmit.setAttribute('style', 'margin-bottom: 0;pointer-events: none;');
                     var classes = speechInputWrapper.getAttribute('class');                 
-                    speechInputWrapper.classList.add('search_form_<?php echo $default_search_form_id; ?>');
+                    speechInputWrapper.classList.add('search_form_". intval($default_search_form_id)."');
                     var innerDiv = document.createElement('div');
                     innerDiv.className = 'wpas_search_result';
@@ -968 +947 @@
             });
             jQuery(window).ready(function() { 
-              jQuery(".search_form_added").on("keypress", function (event) { 
+              jQuery('.search_form_added').on('keypress', function (event) { 
                   var keyPressed = event.keyCode || event.which; 
                   if (keyPressed === 13) { 
@@ -975 +954 @@
                   } 
                 }); 
-              });
-        </script>
-
-        <?php
+              })"
+            );
         }
     }
@@ -988 +965 @@
         $s_form_key = $this->plugin_name.'_default_search';
         $default_search_form_id = get_option($s_form_key);
-
+        $default_search_form_id = intval($default_search_form_id);
         if($default_search_form_id > 0 ) {
             $search_form = do_shortcode("[wpas id=".$default_search_form_id."]");

advance-search/trunk/inc/common/js/advance-search.js

@@ -47 +47 @@
                         $(searchbox).closest('form').find('.wpas_search_result').html(json['html']);
                         $(searchbox).closest('form').find('.wpas_search_close').show().css({'display':'block'});
-                        //console.log(json);
+                       
                     },
                     error: function(xhr, ajaxOptions, thrownError) {

advance-search/trunk/inc/core/class-activator.php

@@ -27 +27 @@
 
         // Check PHP Version and deactivate & die if it doesn't meet minimum requirements.
-        if ( version_compare( PHP_VERSION, $min_php, '<' ) ) {
+        if ( version_compare(PHP_VERSION, $min_php, '<' ) ) {
             deactivate_plugins( plugin_basename( __FILE__ ) );
-            wp_die( 'This plugin requires a minmum PHP Version of ' . $min_php );
+            
+            wp_die('<p><strong>' . __('Advanced Search', $plugin_name).'</strong> '.  __('plugin requires a minmum PHP Version of ', $plugin_name).$min_php.'. '.__('You have to upgrade your php version to enjoy Advanced Search.', $plugin_name) . '</p>','Plugin Activation Error',  array( 'response'=>200, 'back_link'=>TRUE ) );
+        
         }
 
@@ -40 +42 @@
         $wpas_post_table = $wpdb->prefix . 'posts';
 
-        // change post table
-        
-        $wpdb->query("ALTER TABLE ".$wpas_post_table." ADD FULLTEXT wpas_index_post_table (post_title, post_content)");
-        $wpdb->query("ALTER TABLE ".$wpas_post_table." ADD FULLTEXT wpas_index_post_table_title (post_title)");
-        $wpdb->query("ALTER TABLE ".$wpas_post_table." ADD FULLTEXT wpas_index_post_table_content (post_content)");
+        $count_indexes  = $wpdb->query("SHOW KEYS FROM $wpas_post_table WHERE Key_name = 'wpas_index_post_table' OR Key_name = 'wpas_index_post_table_title' OR Key_name = 'wpas_index_post_table_content' ");
+        if($count_indexes == 0){
+            // change post table
+            $wpdb->query("ALTER TABLE ".$wpas_post_table." ADD FULLTEXT wpas_index_post_table (post_title, post_content)");
+            $wpdb->query("ALTER TABLE ".$wpas_post_table." ADD FULLTEXT wpas_index_post_table_title (post_title)");
+            $wpdb->query("ALTER TABLE ".$wpas_post_table." ADD FULLTEXT wpas_index_post_table_content (post_content)");
+        }
+    
 
         if($wpdb->get_var("SHOW TABLES LIKE '$wpas_index_table'") != $wpas_index_table) {