Changeset 2904770

Timestamp:

04/26/2023 10:32:54 PM (3 years ago)

Author:

gcorewpress

Message:

Change current wordpress version and change mistakes

Location:

g-core-labs-cdn/trunk

Files:

• ajax/save.php (modified) (2 diffs)
• includes/admin.php (modified) (2 diffs)
• includes/front_cdn.php (modified) (1 diff)
• includes/function.php (modified) (8 diffs)
• includes/help.php (modified) (1 diff)
• includes/stream.php (modified) (1 diff)
• js/scripts.js (modified) (1 diff)
• readme.txt (modified) (1 diff)

g-core-labs-cdn/trunk/ajax/save.php

@@ -16 +16 @@
 if (isset($_POST['save'])) {
     if ($get_tab == "main") {
-        $gcore_cdn_url = sanitize_text_field(esc_url(trim($_POST['gcore_cdn_url'])));
+        $gcore_cdn_url = sanitize_url(esc_url(trim($_POST['gcore_cdn_url'])));
         if ($gcore_cdn_url != '') {
             $gcore_cdn_url = trailingslashit(untrailingslashit($gcore_cdn_url));
@@ -345 +345 @@
 }
 $data .= '</form>';
-echo $data;
+echo esc_html($data);

g-core-labs-cdn/trunk/includes/admin.php

@@ -8 +8 @@
 ];
 if (isset($_GET['tab']) and in_array($_GET['tab'], ['types', 'folders', 'exceptions'])) {
-    $get_tab = $_GET['tab'];
+    $get_tab = sanitize_text_field($_GET['tab']);
 } else {
     $get_tab = 'main';
@@ -333 +333 @@
 }
 
-$data .= '
-    <script>
-        function msg(t) {
-            if(t == "save") {
-                jQuery.amaran({"message":"' . __("Saved", "gcore_translate") . '"});
-            }
-            if(t == "del") {
-                jQuery.amaran({"message":"' . __("Deleted", "gcore_translate") . '"});
-            }
-            if(t == "add") {
-                jQuery.amaran({"message":"' . __("Added", "gcore_translate") . '"});
-            }
-        }
-    </script>
-';
-
-echo $data;
+$allowed_tags = wp_kses_allowed_html( 'post' );
+$allowed_tags['input'] = array(
+    'type' => true,
+    'name' => true,
+    'value' => true,
+    'disabled' => true,
+    'checked' => true,
+    'readonly' => true,
+    'data-e' => true,
+    'data-t' => true,
+    'data-o' => true,
+    'data-type' => true,
+    'placeholder' => true,
+    'id' => true,
+    'class' => true,
+    'required' => true,
+);
+$allowed_tags['select'] = array(
+    'name' => true,
+    'value' => true,
+    'id' => true,
+    'class' => true,
+    'required' => true,
+);
+$allowed_tags['button'] = array(
+    'value' => true,
+    'disabled' => true,
+    'type' => true,
+    'name' => true,
+    'data-e' => true,
+    'data-t' => true,
+    'data-o' => true,
+    'id' => true,
+    'class' => true,
+    'data-type' => true,
+);
+$allowed_tags['option'] = array(
+    'value' => true,
+);
+add_filter( 'safe_style_css', function( $styles ) {
+    $styles[] = 'display';
+    return $styles;
+} );
+echo wp_kses($data, $allowed_tags)
+.'<script>const gcoreAmaranMsgSaved = "'.esc_html(__("Saved", "gcore_translate")).'";const gcoreAmaranMsgDeleted = "'.esc_html(__("Deleted", "gcore_translate")).'";const gcoreAmaranMsgAdded = "'.esc_html(__("Added", "gcore_translate")).'";</script>';

g-core-labs-cdn/trunk/includes/front_cdn.php

@@ -159 +159 @@
     }
 
-    echo $string;
+    echo esc_html($string);
 } else
     include($template);

g-core-labs-cdn/trunk/includes/function.php

@@ -4 +4 @@
 function gcore_ajax_save()
 {
-    $type = $_POST['t'];
+    $type = sanitize_text_field($_POST['t']);
     if (in_array($_POST['t'], ['url', 'int', 'checkbox'])) {
         $value = '';
-        $option = $_POST['o'];
+        $option = sanitize_text_field($_POST['o']);
         if ($type == 'url') {
             $value = sanitize_text_field(esc_url(trim($_POST['v'])));
@@ -14 +14 @@
             }
         } elseif ($type == 'int') {
-            $value = intval($_POST['v']);
+            $value = intval(sanitize_text_field($_POST['v']));
         } elseif ($type == 'checkbox') {
-            $value = intval($_POST['v']);
+            $value = intval(sanitize_text_field($_POST['v']));
             if ($option == 'gcore_type_advanced') {
                 update_option('gcore_type_image', 0);
@@ -32 +32 @@
         }
         update_option($option, $value);
-        echo $value;
+        echo esc_html($value);
     } else {
         echo 0;
@@ -42 +42 @@
 function gcore_ajax_advance_param_add()
 {
-    $type = $_POST['t'];
+    $type = sanitize_text_field($_POST['t']);
     if (in_array($type, ['types', 'folders', 'exceptions'])) {
         $gcore_array = get_option('gcore_cdn_' . $type);
@@ -86 +86 @@
 function gcore_ajax_advance_param_del()
 {
-    $type = $_POST['t'];
+    $type = sanitize_text_field($_POST['t']);
     if (in_array($type, ['types', 'folders', 'exceptions'])) {
         $gcore_array = get_option('gcore_cdn_' . $type);
@@ -134 +134 @@
 {
 
-    $type = $_POST['t'];
+    $type = sanitize_text_field($_POST['t']);
     $data = "";
     if (in_array($type, ['types', 'folders', 'exceptions'])) {
@@ -155 +155 @@
             $data .= '<tr class="form-field form-required">
                 <td scope="row">' . $element . '</td>
-                <td><button type="buttn" class="button-gcore g-delete" data-e="' . $element . '" data-type="' . $type . '">' . __("Delete", "gcore_translate") . '</button></td>
+                <td><button type="button" class="button-gcore g-delete" data-e="' . $element . '" data-type="' . $type . '">' . __("Delete", "gcore_translate") . '</button></td>
             </tr>';
         }
@@ -164 +164 @@
         ';
     }
-    echo $data;
-    wp_die();
-}
+    $allowed_tags = wp_kses_allowed_html( 'post' );
+    $allowed_tags['input'] = array(
+        'type' => true,
+        'name' => true,
+        'value' => true,
+        'disabled' => true,
+        'checked' => true,
+        'readonly' => true,
+        'data-e' => true,
+        'data-t' => true,
+        'data-o' => true,
+        'data-type' => true,
+        'placeholder' => true,
+        'id' => true,
+        'class' => true,
+        'required' => true,
+    );
+    $allowed_tags['select'] = array(
+        'name' => true,
+        'value' => true,
+        'id' => true,
+        'class' => true,
+        'required' => true,
+    );
+    $allowed_tags['button'] = array(
+        'value' => true,
+        'disabled' => true,
+        'type' => true,
+        'name' => true,
+        'data-e' => true,
+        'data-t' => true,
+        'data-o' => true,
+        'id' => true,
+        'class' => true,
+        'data-type' => true,
+    );
+    $allowed_tags['option'] = array(
+        'value' => true,
+    );
+    add_filter( 'safe_style_css', function( $styles ) {
+        $styles[] = 'display';
+        return $styles;
+    } );
+    echo wp_kses($data, $allowed_tags);
+    wp_die();
+}

g-core-labs-cdn/trunk/includes/help.php

@@ -3 +3 @@
 $title = __('Help', 'gcore_translate');
 
-echo '<h1>' . $title . '</h1>
-<p>' . __('If you have questions regarding CDN integration, please email us at', 'gcore_translate') . ' <a href="mailto:[email protected]">[email protected]</a></p>';
+echo '<h1>' . esc_html($title) . '</h1>
+<p>' . __('If you have questions regarding CDN integration, please email us at', 'gcore_translate') . ' ' . '<a href="mailto:"'. sanitize_email('[email protected]') . '">'. sanitize_email('[email protected]') . '</a></p>';

g-core-labs-cdn/trunk/includes/stream.php

@@ -1 @@
-<h1><?php echo _e("Streaming", "gcore_translate"); ?></h1>
+<h1><?php echo esc_html(_e("Streaming", "gcore_translate")); ?></h1>
 <p>Soon</p>

g-core-labs-cdn/trunk/js/scripts.js

@@ -78 +78 @@
 });
 
+function msg(t) {
+    if(t == "save") {
+        jQuery.amaran({"message":gcoreAmaranMsgSaved});
+    }
+    if(t == "del") {
+        jQuery.amaran({"message":gcoreAmaranMsgDeleted});
+    }
+    if(t == "add") {
+        jQuery.amaran({"message":gcoreAmaranMsgAdded});
+    }
+}
+
 jQuery('.advanced-show').on('click', 'button.g-delete', function () {
     t = jQuery(this).data('type');

g-core-labs-cdn/trunk/readme.txt

@@ -41 +41 @@
 
 = 1.1.10 =
-* Change current wordpress version
+* Change current wordpress version and change mistakes
 
 = 1.1.9 =