Changeset 2624218
- Timestamp:
- 11/03/2021 08:34:33 PM (4 years ago)
- Location:
- visual-form-builder/trunk
- Files:
-
- 5 edited
-
admin/class-ajax.php (modified) (2 diffs)
-
admin/class-entries-detail.php (modified) (5 diffs)
-
admin/class-entries-list.php (modified) (2 diffs)
-
admin/class-export.php (modified) (1 diff)
-
public/class-security.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
visual-form-builder/trunk/admin/class-ajax.php
r2617885 r2624218 150 150 151 151 if ( isset( $_POST['action'] ) && $_POST['action'] == 'visual_form_builder_delete_field' ) { 152 $form_id = absint( $_POST['form'] );152 $form_id = absint( $_POST['form'] ); 153 153 $field_id = absint( $_POST['field'] ); 154 154 … … 179 179 180 180 if ( isset( $_POST['action'] ) && $_POST['action'] == 'visual_form_builder_form_settings' ) { 181 $form_id = absint( $_POST['form'] );182 $status = isset( $_POST['status'] ) ? $_POST['status']: 'opened';183 $accordion = isset( $_POST['accordion'] ) ? $_POST['accordion']: 'general-settings';184 $user_id 181 $form_id = absint( $_POST['form'] ); 182 $status = isset( $_POST['status'] ) ? sanitize_text_field( $_POST['status'] ) : 'opened'; 183 $accordion = isset( $_POST['accordion'] ) ? sanitize_text_field( $_POST['accordion'] ) : 'general-settings'; 184 $user_id = $current_user instanceof WP_User ? $current_user->ID : 1; 185 185 186 186 $form_settings = get_user_meta( $user_id, 'vfb-form-settings', true ); -
visual-form-builder/trunk/admin/class-entries-detail.php
r2617885 r2624218 92 92 } 93 93 94 echo '<h4>' . ucwords( $k ) . '</h4>';95 echo $v;94 printf( '<h4>%s</h4>', esc_html( ucwords( $k ) ) ); 95 echo esc_html( $v ); 96 96 $count++; 97 97 else : … … 104 104 echo '</table>'; 105 105 106 echo '<h3>' . stripslashes( $obj->name ) . '</h3><table class="form-table">';106 printf( '<h3>%s</h3><table class="form-table">', esc_html( $obj->name ) ); 107 107 108 108 $open_fieldset = true; … … 122 122 ?> 123 123 <tr valign="top"> 124 <th scope="row"><label for="field[<?php echo $obj->id; ?>]"><?php echo stripslashes( $obj->name ); ?></label></th>124 <th scope="row"><label for="field[<?php echo $obj->id; ?>]"><?php echo esc_html( $obj->name ); ?></label></th> 125 125 <td style="background:#eee;border:1px solid #ddd"><a href="<?php esc_attr_e( $obj->value ); ?>" target="_blank"><?php echo esc_html( $obj->value ); ?></a></td> 126 126 </tr> … … 132 132 ?> 133 133 <tr valign="top"> 134 <th scope="row"><label for="field[<?php echo $obj->id; ?>]"><?php echo stripslashes( $obj->name ); ?></label></th>134 <th scope="row"><label for="field[<?php echo $obj->id; ?>]"><?php echo esc_html( $obj->name ); ?></label></th> 135 135 <td style="background:#eee;border:1px solid #ddd"><?php echo wpautop( esc_html( $obj->value ) ); ?></td> 136 136 </tr> … … 141 141 ?> 142 142 <tr valign="top"> 143 <th scope="row"><label for="field[<?php echo $obj->id; ?>]"><?php echo stripslashes( $obj->name ); ?></label></th>143 <th scope="row"><label for="field[<?php echo $obj->id; ?>]"><?php echo esc_html( $obj->name ); ?></label></th> 144 144 <td style="background:#eee;border:1px solid #ddd"><?php echo esc_html( $obj->value ); ?></td> 145 145 </tr> -
visual-form-builder/trunk/admin/class-entries-list.php
r2617877 r2624218 481 481 482 482 // Get entries search terms 483 $search_terms = ( !empty( $_POST['s'] ) ) ? explode( ' ', $_POST['s']) : array();483 $search_terms = ( !empty( $_POST['s'] ) ) ? explode( ' ', sanitize_text_field( $_POST['s'] ) ) : array(); 484 484 485 485 $searchand = $search = ''; … … 495 495 496 496 // Set our ORDER BY and ASC/DESC to sort the entries 497 $orderby = ( !empty( $_GET['orderby'] ) ) ? $_GET['orderby']: 'date';498 $order = ( !empty( $_GET['order'] ) ) ? $_GET['order']: 'desc';497 $orderby = ( !empty( $_GET['orderby'] ) ) ? sanitize_text_field( $_GET['orderby'] ) : 'date'; 498 $order = ( !empty( $_GET['order'] ) ) ? sanitize_text_field( $_GET['order'] ) : 'desc'; 499 499 500 500 // Get the sorted entries -
visual-form-builder/trunk/admin/class-export.php
r2624111 r2624218 179 179 $data = stripslashes_deep( $data ); 180 180 $content = isset( $data['content'] ) ? $data['content'] : 'forms'; 181 $form_id = isset( $data['form-id'] ) ? $data['form-id']: 0;182 $format = isset( $data['format'] ) ? $data['format']: 'csv';183 $start_date = isset( $data['start-date'] ) ? $data['start-date']: '';184 $end_date = isset( $data['end-date'] ) ? $data['end-date']: '';181 $form_id = isset( $data['form-id'] ) ? absint( $data['form-id'] ) : 0; 182 $format = isset( $data['format'] ) ? sanitize_text_field( $data['format'] ) : 'csv'; 183 $start_date = isset( $data['start-date'] ) ? sanitize_text_field( $data['start-date'] ) : ''; 184 $end_date = isset( $data['end-date'] ) ? sanitize_text_field( $data['end-date'] ) : ''; 185 185 $fields = isset( $data['fields'] ) ? $data['fields'] : ''; 186 186 -
visual-form-builder/trunk/public/class-security.php
r1812215 r2624218 38 38 public function secret_check() { 39 39 $required = ( isset( $_POST['_vfb-required-secret'] ) && $_POST['_vfb-required-secret'] == '0' ) ? false : true; 40 $secret_field = ( isset( $_POST['_vfb-secret'] ) ) ? esc_html( $_POST['_vfb-secret'] ) : '';40 $secret_field = ( isset( $_POST['_vfb-secret'] ) ) ? sanitize_text_field( $_POST['_vfb-secret'] ) : ''; 41 41 42 42 // If the verification is set to required, run validation check … … 55 55 */ 56 56 public function referer_check() { 57 $referrer = ( isset( $_POST['_wp_http_referer'] ) ) ? esc_html( $_POST['_wp_http_referer'] ) : false;57 $referrer = ( isset( $_POST['_wp_http_referer'] ) ) ? sanitize_text_field( $_POST['_wp_http_referer'] ) : false; 58 58 $wp_get_referer = wp_get_referer(); 59 59 $form_id = absint( $_POST['form_id'] );
Note: See TracChangeset
for help on using the changeset viewer.