Changeset 2831421

Timestamp:

12/10/2022 03:05:58 AM (3 years ago)

Author:

falcon13

Message:

Ver 2.1.2 Helper updates

Location:

business-listing/trunk

Files:

• admin.php (modified) (1 diff)
• business-listing.php (modified) (1 diff)
• helpers/validation_helper.php (modified) (6 diffs)
• helpers/view_helper.php (modified) (4 diffs)
• readme.txt (modified) (3 diffs)

business-listing/trunk/admin.php

@@ -115 +115 @@
 
         if (!empty($listing['name'])) {
-            // *** Add http:// to link if missing ***
-            if (!empty($listing['link']) && (0 != strncasecmp($listing['link'], 'http://', 7) &&  0 != strncasecmp($listing['link'], "https://", 8))) {
-                $listing['link'] = 'http://' . $listing['link'];
-            }
             if (empty($listing['listing_id'])) {
                 $listing['listing_id'] = $otgblist_Listings_Model->create_listing($listing['name'], $listing['city'], $listing['state'], $listing['region_id'],

business-listing/trunk/business-listing.php

@@ -5 +5 @@
   Description: List businesses in tiles with a photo and link in a random order
   Author: Chris Hood, On The Grid Web Design LLC
-  Version: 2.1.1
+  Version: 2.1.2
   Author URI: https://chrishood.me
-  Updated: 12/6/2022; Created: 4/23/2015
+  Updated: 12/9/2022; Created: 4/23/2015
  */
 

business-listing/trunk/helpers/validation_helper.php

@@ -12 +12 @@
  * @param string $field
  * @param string $default
- * @param string $key
+ * @param boolean $allow_html
  * @return string|null
  */
-function otgblist_get_request_string ($field, $default=null) {
+function otgblist_get_request_string ($field, $default=null, $allow_html=false) {
     if (empty($_REQUEST[$field])) {
         return $default;
     } else {
-        return sanitize_text_field(wp_unslash(trim($_REQUEST[$field])));
+        if ($allow_html)
+            return trim(filter_var(stripslashes_deep($_REQUEST[$field]), FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_LOW));
+        else
+            return trim(filter_var(stripslashes_deep($_REQUEST[$field]), FILTER_SANITIZE_SPECIAL_CHARS));
     }
 }
@@ -62 +65 @@
         return $default;
     } else {
-        $link = trim($_REQUEST[$field]);
-        if (0 != strncasecmp($link, "http://", 7) && 0 != strncasecmp($link, "https://", 8))
+        $link = trim(stripslashes_deep($_REQUEST[$field]));
+        if (0 != strncasecmp($link, 'http://', 7) && 0 != strncasecmp($link, 'https://', 8))
             $link = 'http://' . $link;
         return filter_var($link, FILTER_SANITIZE_URL);
@@ -78 +81 @@
         return $default;
     } else {
-        return trim(filter_var(wp_unslash($_REQUEST[$field]), FILTER_SANITIZE_STRING));
+        return trim(filter_var(stripslashes_deep($_REQUEST[$field]), FILTER_SANITIZE_SPECIAL_CHARS));
     }
 }
@@ -87 +90 @@
 function otgblist_get_bulk_action_list () {
     $bulk_action_list = array();
-    if (!empty($_POST['bulk_action_list'])) foreach ($_POST['bulk_action_list'] as $record_id) {
-        if (is_int($record_id) || ctype_digit($record_id)) {
-            $bulk_action_list[] = (int)$record_id;
+    if (!empty($_POST['bulk_action_list'])) foreach ($_POST['bulk_action_list'] as $id) {
+        if (is_int($id) || ctype_digit($id)) {
+            $bulk_action_list[] = (int)$id;
         }
     }
@@ -109 +112 @@
 
 /** Get the Bulk Action List and Only Allows Integers in the List
- * @param string $name
+ * @param string $field
  * @return array
  */
@@ -115 +118 @@
     $field_array = array();
     if (!empty($_POST[$field])) foreach ($_POST[$field] as $key => $value) {
-        $field_array[sanitize_text_field(wp_unslash(trim($key)))] = sanitize_text_field(wp_unslash(trim($value)));
+        $field_array[trim(filter_var(stripslashes_deep($key), FILTER_SANITIZE_SPECIAL_CHARS))] = trim(filter_var(stripslashes_deep($value), FILTER_SANITIZE_SPECIAL_CHARS));
     }
     return $field_array;
 }
+
+/** Replace Quotes with HTML Entity Names
+ * @param string $in
+ * @return string
+ */
+function otgblist_filter_quotes ($in) {
+    return trim(str_replace(['"', "'"], ['"', '''], $in));
+}

business-listing/trunk/helpers/view_helper.php

@@ -19 +19 @@
     $selected_text = ' selected="selected"';
     echo "<select name='$name'>";
-    echo "<option value='1'";
+    echo '<option value="1"';
     if (1 == $default) echo $selected_text;
-    echo ">On</option>\n";
-    echo "<option value='0'";
+    echo ">On</option>";
+    echo '<option value="0"';
     if (0 == $default) echo $selected_text;
-    echo ">Off</option>\n";
+    echo ">Off</option>";
     echo "</select>";
 }
@@ -35 +35 @@
     $selected_text = ' selected="selected"';
     echo "<select name='$name'>";
-    echo "<option value='1'";
+    echo '<option value="1"';
     if (1 == $default) echo $selected_text;
-    echo ">Yes</option>\n";
-    echo "<option value='0'";
+    echo ">Yes</option>";
+    echo '<option value="0"';
     if (0 == $default) echo $selected_text;
-    echo ">No</option>\n";
-    echo "</select>";
+    echo '>No</option>';
+    echo '</select>';
 }
 
@@ -90 +90 @@
     // ***** End if Empty *****
     if (empty($message_list)) return false;
-    
+
     // ***** Order by Third Field *****
     usort($message_list, function($a, $b) {
          return $a[2] - $b[2];
-    }); 
+    });
     foreach ($message_list as $message) {
         // ***** Set Class Second Field *****
@@ -111 +111 @@
         }
         // ***** Print It *****
-        echo "<p class='$class'>" . htmlentities($message[0]) . '</p>';
+        echo "<p class='$class'>" . $message[0] . '</p>';
     }
 }

business-listing/trunk/readme.txt

@@ -6 +6 @@
 Tested up to: 6.1
 Requires PHP: 5.6
-Stable tag: 2.1.0
+Stable tag: 2.1.2
 License: GPLv3
 
@@ -46 +46 @@
 
 == Changelog ==
+2.1.2 (12/69/2022)
+- Validation, Filter and View helpers improvements and updates for PHP 8.2.
+
 2.1.1 (12/6/2022)
 - Updated Datatables Javascript library
 - Tweaks and code improvements.
-2.1
+
+2.1 (2/7/2022)
 - Switched lists to use Datatables Javascript library
 - Added ability to rename categories and region from list
 
-2.0
+2.0 (5/11/2021)
 - First openly released version
 - Brought the plugin up to current standards
@@ -64 +68 @@
 - Improved responsiveness
 
-1.0
+1.0 (5/5/2015)
 - Plugin created in April 2015 as custom plugin for specific site.
 - Originally called Store Listings