WordPress.org
Get WordPress

Plugin Directory

Changeset 2790365


Ignore:
Timestamp:
09/26/2022 03:13:41 PM (4 years ago)
Author:
Poniard
Message:

Security Patch

Location:
activedemand/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • activedemand/trunk/ActiveDEMAND.php

    r2786184 r2790365  
    55 * Plugin URI: https://www2.activedemand.com/s/Gnf5n
    66 * Description: Adds the <a href="https://www2.activedemand.com/s/SW5nU">ActiveDEMAND</a> tracking script to your website. Add custom popups, use shortcodes to embed webforms and dynamic website content.
    7  * Version: 0.2.30
     7 * Version: 0.2.31
    88 * Author: JumpDEMAND Inc.
    99 * Author URI: https://www2.activedemand.com/s/SW5nU
     
    1515
    1616
    17 define(__NAMESPACE__ . '\ACTIVEDEMAND_VER', '0.2.30');
     17define(__NAMESPACE__ . '\ACTIVEDEMAND_VER', '0.2.31');
    1818define(__NAMESPACE__ . "\PLUGIN_VENDOR", "ActiveDEMAND");
    1919define(__NAMESPACE__ . "\PLUGIN_VENDOR_LINK", "https://1jp.cc/s/SW5nU");
     
    996996    }
    997997
    998         $user_id = get_current_user_id();
    999         $lang = get_bloginfo("language");
    1000         $currency = get_option('woocommerce_currency');
    1001     $id_cart = $wpdb->get_var($wpdb->prepare('SELECT id_cart FROM ' . $wpdb->prefix . 'cart WHERE id_customer = ' . (int)$user_id . ' AND cookie_cart_id = "' . $active_demand_cookie_cart . '"'));
    1002 
    1003             if (!$id_cart) {
     998    $user_id = get_current_user_id();
     999    $lang = get_bloginfo("language");
     1000    $currency = get_option('woocommerce_currency');
     1001    $id_cart = $wpdb->get_var(
     1002        $wpdb->prepare(
     1003            "SELECT id_cart FROM {$wpdb->prefix}cart WHERE id_customer = %d AND cookie_cart_id = %s ",
     1004            array($user_id, $active_demand_cookie_cart)
     1005        )
     1006    );
     1007
     1008    if (!$id_cart) {
    10041009        $wpdb->insert(
    10051010            $wpdb->prefix . "cart",
     
    10111016                        'date_add' => current_time('mysql'),
    10121017            )
    1013                 );
     1018        );
    10141019
    10151020        $id_cart = $wpdb->insert_id;
    1016             }
     1021    }
    10171022
    10181023    foreach (WC()->cart->get_cart() as $cart_item_key => $cart_item) {
     
    10211026        $variation_id = $cart_item['variation_id'];
    10221027
    1023         $cart_product_id = $wpdb->get_var($wpdb->prepare('SELECT cp.id_cart FROM ' . $wpdb->prefix . 'cart_product cp LEFT JOIN ' . $wpdb->prefix . 'cart c ON cp.id_cart = c.id_cart WHERE cp.id_product = ' . (int)$id_product . ' AND cp.id_product_variation = ' . (int)$variation_id . ' AND c.cookie_cart_id = "' . $active_demand_cookie_cart . '"'));
     1028        $cart_product_id = $wpdb->get_var(
     1029            $wpdb->prepare(
     1030                "SELECT cp.id_cart FROM {$wpdb->prefix}cart_product cp LEFT JOIN {$wpdb->prefix}cart c ON cp.id_cart = c.id_cart WHERE cp.id_product = %d AND cp.id_product_variation = %d AND c.cookie_cart_id = %s ",
     1031                array($id_product, $variation_id, $active_demand_cookie_cart)
     1032            )
     1033        );
    10241034
    10251035        $current_url = home_url(sanitize_url($_SERVER['REQUEST_URI']));
     
    10791089                if ($custom_url_content['custom_url'] != '') {
    10801090
    1081                     $existing_id_access = $wpdb->get_row($wpdb->prepare("SELECT id_access FROM " . $table_access . " where object_key='" . sanitize_text_field($_POST['access_object_key']) . "'"));
    1082 
     1091                    $existing_id_access = $wpdb->get_row(
     1092                        $wpdb->prepare("SELECT id_access FROM $table_access WHERE object_key = %s ", array(sanitize_text_field($_POST['access_object_key'])))
     1093                    );
    10831094
    10841095                    if ($existing_id_access) {
     
    10921103
    10931104
    1094                         $existing_rules = $wpdb->get_row($wpdb->prepare("SELECT * FROM " . $table_access_rule . " where id_rule='" . $custom_url_content['id_rule'] . "'"));
     1105                        $existing_rules = $wpdb->get_row(
     1106                            $wpdb->prepare("SELECT * FROM $table_access_rule WHERE id_rule = %d ", array(sanitize_text_field($custom_url_content['id_rule'])))
     1107                        );
    10951108
    10961109
     
    11311144        if ($_POST['method'] == "get_url_object_key") {
    11321145
    1133             $resp = $wpdb->get_results($wpdb->prepare("SELECT ar.url, a.match , ar.id_rule FROM " . $table_access_rule . " ar
    1134                 LEFT JOIN " . $table_access . " a ON ar.id_access = a.id_access where object_key='" . sanitize_text_field($_POST['valid_content']) . "'"));
     1146            $resp = $wpdb->get_results(
     1147                $wpdb->prepare(
     1148                    "SELECT ar.url, a.match , ar.id_rule FROM $table_access_rule ar
     1149                    LEFT JOIN $table_access a ON ar.id_access = a.id_access where object_key = %s ",
     1150                    array(sanitize_text_field($_POST['valid_content']))
     1151                )
     1152            );
     1153
    11351154            echo json_encode($resp);
    1136 
    1137 
    11381155        }
    11391156    }
     
    11511168    if (!empty($_POST)) {
    11521169        global $wpdb;
    1153         $id_rule = $_POST['id_rule'];
     1170        $id_rule = sanitize_text_field($_POST['id_rule']);
    11541171        $table = '' . $wpdb->prefix . 'activedemand_access_rule';
    11551172        $wpdb->delete($table, array('id_rule' => $id_rule));
     
    12151232
    12161233            if (!$match_found) {
    1217                 $get_does_not_match = $wpdb->get_results($wpdb->prepare("SELECT ar.url, a.match , a.object_key, ar.id_rule FROM " . $table_access_rule . " ar
    1218                 LEFT JOIN " . $table_access . " a ON ar.id_access = a.id_access where a.match = '0'"));
     1234                $get_does_not_match = $wpdb->get_results(
     1235                    $wpdb->prepare(
     1236                        "SELECT ar.url, a.match , a.object_key, ar.id_rule FROM $table_access_rule ar
     1237                        LEFT JOIN $table_access a ON ar.id_access = a.id_access where a.match = %d",
     1238                        array(0)
     1239                    )
     1240                );
    12191241
    12201242                foreach ($get_does_not_match as $key => $result) {

  • activedemand/trunk/readme.txt

    r2786184 r2790365  
    44Requires at least: 2.8
    55Tested up to: 6.0.2
    6 Stable tag: 0.2.30
     6Stable tag: 0.2.31
    77
    88
     
    4545
    4646== Changelog ==
     47= 0.2.31 =
     48Security Update
     49
    4750= 0.2.30 =
    4851Security Update
Note: See TracChangeset for help on using the changeset viewer.