WordPress.org
Get WordPress

Plugin Directory

Changeset 3226545


Ignore:
Timestamp:
01/21/2025 11:57:06 PM (13 months ago)
Author:
ShopSite
Message:

Fix Security Bug

Location:
shopsite-plugin
Files:
4 edited
1 moved

Legend:

Unmodified
Added
Removed

  • shopsite-plugin/tags/1.5.11/readme.txt

    r3139879 r3226545  
    44Tags: e-commerce, shopping, shopsite
    55Requires at least: 3.2.0
    6 Tested up to: 6.6
    7 Stable tag: 1.5.10
     6Tested up to: 6.7
     7Stable tag: 1.5.11
    88
    99Add a free ShopSite shopping cart to your WordPress site and start taking orders today!
     
    2929
    3030== Changelog ==
     31= 1.5.11 =
     32* Security bug fix
     33
    3134= 1.5.10 =
    3235* Bug Fixes for WordPress 6.4.3 (Classic Editor Plugin required).

  • shopsite-plugin/tags/1.5.11/shopsite.php

    r3055583 r3226545  
    22/**
    33 * @package ShopSite
    4  * @version 1.5.10
     4 * @version 1.5.11
    55 */
    66/*
     
    99 * Description: ShopSite plugin to put products into your WordPress blog
    1010 * Author: ShopSite
    11  * Version: 1.5.10
     11 * Version: 1.5.11
    1212 * Author URI: http://shopsite.com/
    1313 */
    1414
    15 /*function debug_print($text){file_put_contents("log.txt", $text."\n", FILE_APPEND);}*/
     15if(dirname(__FILE__) != ''){define('DEBUG_FILENAME', dirname(__FILE__) . '/log.txt');}else{define('DEBUG_FILENAME', 'log.txt');}function debug_init(){file_put_contents(DEBUG_FILENAME, "\n-------------------\n" . "Debugging " . __FILE__ . "\n", FILE_APPEND);}function debug_print($text){file_put_contents(DEBUG_FILENAME, $text."\n", FILE_APPEND);}debug_init();
    1616
    1717$product_list = array();
     
    4040
    4141register_uninstall_hook(__FILE__, 'on_uninstall');
    42 
    4342register_activation_hook( __FILE__, 'on_activate' );
     43
    4444function on_activate() {
    4545    add_option('ss_just_activated','yes');
     
    5454
    5555function load_plugin() {
    56     $version = "1.5.10";
    57     if ( is_admin() ) { 
     56    $version = "1.5.11";
     57    if ( is_admin() ) {
    5858        $running_version = get_option('ss_version');
    59         if (!$running_version) 
     59        if (!$running_version)
    6060            $running_version = "1";
    6161
     
    8585
    8686function start_tutorial() {
    87     echo "<script>start_tutorial();</script>"; 
     87    echo "<script>start_tutorial();</script>";
    8888}
    8989
    9090function request_output_url() {
    91     echo "<script>request_output_url();</script>"; 
     91    echo "<script>request_output_url();</script>";
    9292}
    9393
     
    127127}
    128128
     129function admin_notice__success() {
     130?>
     131<div class="notice notice-success is-dismissible">
     132<p><?php _e( 'Settings Saved!', 'sample-text-domain' ); ?></p>
     133</div>
     134<?php
     135}
     136
     137function admin_notice__failure() {
     138?>
     139<div class="notice notice-error is-dismissible">
     140<p><?php _e( 'Invalid configuration!', 'sample-text-domain' ); ?></p>
     141</div>
     142<?php
     143}
     144
     145function sanitize_ss_ident($identifier) {
     146  if($identifier == 'SKU'){
     147    return 'SKU';
     148  }else{
     149    return 'GUID';
     150  }
     151}
     152
     153function ss_check_id($field){
     154  if(preg_match('/^[0-9A-Za-z]+$/', $field)){
     155    return $field;
     156  }else{return '';}
     157}
     158
     159function ss_check_secret_key($field){
     160  if(preg_match('/^[0-9A-Z]{4}-[0-9A-Z]{4}-[0-9A-Z]{4}-[0-9A-Z]{4}$/', $field)){
     161    return $field;
     162  }else{return '';}
     163}
     164
    129165function show_shopsite_menu() {
    130166    global $wpdb;
     
    133169    $state = 'new_config';
    134170
    135     /*$option_list = array('shopsite_url', 'config_dump', 'config_type', 'clientid', 'secretkey', 'code', 'authorizationurl', 'identifier', 'remember_search', 'remembered_search_string', 'media_url');
    136     foreach ($option_list as $option) {
    137         echo "<br>$option  |".get_option($option)."| |".get_option('ss_'.$option)."|";
    138     }*/
    139 
    140 
    141     if (isset($_REQUEST['config_type'])) {
    142 
    143         $config_type = trim($_REQUEST['config_type']);
    144         //echo "<script>alert('$config_type');</script>";
    145 
    146         update_option('ss_config_type', $config_type);
    147         $state = 'settings_saved';
    148 
    149         delete_option('ss_media_url');
    150 
    151         if ($config_type == 'ss_12') {
    152             update_option('ss_config_dump', trim($_REQUEST['config_dump']));
    153 
    154 
    155             $decoded = base64_decode(trim($_REQUEST['config_dump']));
    156             $decoded = explode('^',$decoded);
    157 
    158             update_option('ss_clientid', trim($decoded[0]));
    159             update_option('ss_secretkey', trim($decoded[1]));
    160             update_option('ss_code', trim($decoded[2]));
    161             update_option('ss_authorizationurl', trim($decoded[3]));
    162             update_option('ss_shopsite_url', trim($decoded[4]));
    163         } else {
    164 
    165             $clientid = trim($_REQUEST['clientid']); update_option('ss_clientid', $clientid);
    166             $secretkey = trim($_REQUEST['secretkey']); update_option('ss_secretkey', $secretkey);
    167             $code = trim($_REQUEST['code']); update_option('ss_code', $code);
    168             $authorizationurl = trim($_REQUEST['authorizationurl']); update_option('ss_authorizationurl', $authorizationurl);
    169             $shopsite_url = trim($_REQUEST['shopsite_url']); update_option('ss_shopsite_url', $shopsite_url);
    170             $config_dump = base64_encode("$clientid^$secretkey^$code^$authorizationurl^$shopsite_url");
    171             update_option('ss_config_dump', $config_dump);
    172         }
    173     }
    174 
    175     if (isset($_REQUEST['identifier'])) update_option('ss_identifier', trim($_REQUEST['identifier']));
    176     if (isset($_REQUEST['test'])) {
    177         $testing = true;
    178         $test_result = test_connection();
    179         $state = 'testing_completed';
    180     }
    181 
    182     $config_type = get_option('ss_config_type');
    183     if (strlen($config_type) == 0)
    184         $config_type = 'ss_12';
    185     $config_dump = get_option('ss_config_dump');
    186     $shopsite_url = get_option('ss_shopsite_url');
    187     $clientid = get_option('ss_clientid');
    188     $secretkey = get_option('ss_secretkey');
    189     $code = get_option('ss_code');
    190     $authorizationurl = get_option('ss_authorizationurl');
    191 
    192 
    193     $identifier = get_option('ss_identifier');
    194 
    195     $SKU_selected = $GUID_selected = "";
    196     if ($identifier == 'SKU')
    197         $SKU_selected = " checked";
    198     else
    199         $GUID_selected = " checked";
    200 
    201     $ss_12_extra = "";
    202     $ss_11_extra = "";
    203     if ($config_type == 'ss_11') {
    204         $ss_12_extra = " style=\"display:none;\"";
    205         $ss_11_extra = " style=\"display:table-row-group;\"";
    206     }
    207 
    208     //ss_action=plugins.php?page=shopsite_menu
     171  if (isset($_REQUEST['config_type'])) {
     172    if (!isset($_POST['ss_n_settings']) || !check_admin_referer('ShopSiteSettings', 'ss_n_settings')) {
     173      wp_die(__('Invalid request. Please try again.', 'default'));
     174    } else {
     175      $config_type = sanitize_text_field($_REQUEST['config_type']);
     176
     177      update_option('ss_config_type', $config_type);
     178      $state = 'settings_saved';
     179
     180      delete_option('ss_media_url');
     181
     182      if ($config_type == 'ss_12') {
     183        $clientid = '';
     184        $secret_key = '';
     185        $code = '';
     186        $auth_url = '';
     187        $shopsite_url = '';
     188        $count = 0;
     189
     190        $config_dump = sanitize_text_field($_REQUEST['config_dump']);
     191
     192        $decoded = base64_decode($config_dump);
     193        $decoded = explode('^',$decoded);
     194        if(count($decoded) == 5) {
     195          $clientid = ss_check_id(trim($decoded[0]));
     196          $secret_key = ss_check_secret_key(trim($decoded[1]));
     197          $code = ss_check_id(trim($decoded[2]));
     198          $auth_url = esc_url_raw(trim($decoded[3]));
     199          $shopsite_url = esc_url_raw(trim($decoded[4]));
     200        }
     201
     202        if(
     203          $clientid != '' &&
     204          $secret_key != '' &&
     205          $code != '' &&
     206          $auth_url != '' &&
     207          $shopsite_url != ''
     208        ){
     209          update_option('ss_config_dump', $config_dump);
     210          update_option('ss_clientid', $clientid);
     211          update_option('ss_secretkey', $secret_key);
     212          update_option('ss_code', $code);
     213          update_option('ss_authorizationurl', $auth_url);
     214          update_option('ss_shopsite_url', $shopsite_url);
     215          admin_notice__success();
     216        }else{
     217          admin_notice__failure();
     218        }
     219
     220      } else {
     221
     222        $clientid = ss_check_id($_REQUEST['clientid']);
     223        update_option('ss_clientid', $clientid);
     224        $secretkey = sanitize_text_field($_REQUEST['secretkey']);
     225        update_option('ss_secretkey', $secretkey);
     226        $code = sanitize_text_field($_REQUEST['code']);
     227        update_option('ss_code', $code);
     228        $authorizationurl = esc_url_raw($_REQUEST['authorizationurl']);
     229        update_option('ss_authorizationurl', $authorizationurl);
     230        $shopsite_url = esc_url_raw($_REQUEST['shopsite_url']);
     231        update_option('ss_shopsite_url', $shopsite_url);
     232        $config_dump = base64_encode("$clientid^$secretkey^$code^$authorizationurl^$shopsite_url");
     233        update_option('ss_config_dump', $config_dump);
     234        admin_notice__success();
     235      }
     236    }
     237  }
     238
     239  if (isset($_REQUEST['identifier'])){
     240    update_option('ss_identifier', sanitize_ss_ident($_REQUEST['identifier']));
     241  }
     242  if (isset($_REQUEST['test'])) {
     243    $testing = true;
     244    $test_result = test_connection();
     245    $state = 'testing_completed';
     246    if ($test_result['success'] == true)
     247    {
     248      $message = __('Connection test successful', 'default');
     249      $success = 'success';
     250    }
     251    else if ($test_result['success'] == false) {
     252      $message = __('Connection test failed, check your settings.', 'default') . '<br' . __('Error:') . ' ' . $test_result["error"];
     253      $success = 'error';
     254    }
     255    ?><div class="notice notice-<?= $success ?> is-dismissible"><p><?= $message ?></p></div><?php
     256  }
     257
     258  /*
     259  $option_list = array('shopsite_url', 'config_dump', 'config_type', 'clientid', 'secretkey', 'code', 'authorizationurl', 'identifier', 'remember_search', 'remembered_search_string', 'media_url');
     260  foreach ($option_list as $option) {
     261    debug_print("$option |" . get_option($option) . "| ss_$option |" . get_option('ss_'.$option) . "|");
     262  }
     263   */
     264
     265  $config_type = get_option('ss_config_type');
     266  if (strlen($config_type) == 0)
     267    $config_type = 'ss_12';
     268  if($config_type != 'ss_12'){
     269    $config_type = 'ss_11';
     270  }
     271  $config_dump = esc_attr(get_option('ss_config_dump'));
     272  $shopsite_url = esc_attr(get_option('ss_shopsite_url'));
     273  $clientid = get_option('ss_clientid');
     274  $secretkey = get_option('ss_secretkey');
     275  $code = get_option('ss_code');
     276  $authorizationurl = get_option('ss_authorizationurl');
     277
     278
     279  $identifier = get_option('ss_identifier');
     280
     281  $SKU_selected = $GUID_selected = "";
     282  if ($identifier == 'SKU')
     283    $SKU_selected = " checked";
     284  else
     285    $GUID_selected = " checked";
     286
     287  $ss_12_extra = "";
     288  $ss_11_extra = "";
     289  if ($config_type == 'ss_11') {
     290    $ss_12_extra = ' style="display:none;"';
     291    $ss_11_extra = ' style="display:table-row-group;"';
     292  }
     293
     294  //ss_action=plugins.php?page=shopsite_menu
    209295?>
    210     <script>$('#ss_11').live('click', function() {$('#config_type').val('ss_11'); $('#ss_12_settings').css({'display':'none'}); $('#ss_11_settings').css({'display':'table-row-group'}); });$('#ss_12').live('click', function() {$('#config_type').val('ss_12'); $('#ss_11_settings').css({'display':'none'}); $('#ss_12_settings').css({'display':'table-row-group'});});</script>
    211296
    212297    <h1>ShopSite configuration</h1>
    213298        Don't have a ShopSite store? <a id="get_shopsite" target="_blank" href="https://saas.shopsite.com/express/">Get a free 10-product Express store</a>.
    214299        <form method="post" action="">
     300<?php wp_nonce_field('ShopSiteSettings', 'ss_n_settings'); ?>
    215301    <input type="hidden" id="config_type" name="config_type" value="<?=$config_type?>">
    216302        <table>
     
    228314        <tr><td>Authorization Code:</td><td><input type="text" name="code" id="code" value="<?= $code ?>" size="100"></td></tr>
    229315        <tr><td>Authorization URL:</td><td><input type="text" name="authorizationurl" id="authorizationurl" value="<?= $authorizationurl ?>" size="100"></td></tr>
    230         <tr><td>ShopSite callback URL:</td><td><input type="text" name="shopsite_url" value="<?php esc_attr($shopsite_url); ?>" size="100"></td></tr>
     316        <tr><td>ShopSite callback URL:</td><td><input type="text" name="shopsite_url" value="<?= $shopsite_url ?>" size="100"></td></tr>
    231317
    232318    </tbody>
     
    238324        <input type="radio" name="identifier" value="SKU"<?= $SKU_selected ?>>SKU</td></tr>
    239325        </tbody></table>
    240     <br/><input type="submit" class="button" name="test" id="test_connection" value="<?php esc_attr_e('Test connection'); ?>">
    241 <?php
    242     if ($testing) {
    243         echo "<div id=\"test_result\">";
    244         if ($test_result['success'] == true)
    245             echo "<p id=\"test_good\">Connection test successful</p>";
    246         if ($test_result['success'] == false) {
    247             echo "<p id=\"test_bad\">Connection test failed, check your settings.<br>Error: ".$test_result["error"]."</p>";
    248         }
    249         echo "</div>";
    250     }
    251   else
    252   {
    253     echo "<div></div>";
    254   }
    255 ?>
     326    <script>$('#ss_11').on('click', function() {$('#config_type').val('ss_11'); $('#ss_12_settings').css({'display':'none'}); $('#ss_11_settings').css({'display':'table-row-group'}); });$('#ss_12').on('click', function() {$('#config_type').val('ss_12'); $('#ss_11_settings').css({'display':'none'}); $('#ss_12_settings').css({'display':'table-row-group'});});</script>
    256327    <input type="hidden" name="state" id="state" value="<?= $state ?>">
    257     <br/><input type="submit" class="button button-primary" id="save_settings" value="<?php esc_attr_e('Save settings' ); ?>"></form>
     328  <br/>
     329<input type="submit" class="button button-primary" id="save_settings" value="<?php esc_attr_e('Save settings' ); ?>">
     330&nbsp;
     331<input type="submit" class="button" name="test" id="test_connection" value="<?php esc_attr_e('Test connection'); ?>">
     332</form>
    258333<?php
    259334}
     
    277352
    278353// Load the TinyMCE plugin : editor_plugin.js (wp2.5)
    279 function add_shopsite_tinymce_plugin($plugin_array) { 
     354function add_shopsite_tinymce_plugin($plugin_array) {
    280355    $path = plugin_dir_url(__FILE__).'editor_plugin.js';
    281356    $plugin_array['shopsite'] = $path;
     
    321396    <body>
    322397    <div id="top_bar">
    323   <div id="message">Use <?= $ctrl ?> and SHIFT keys to select multiple products.</div> 
     398  <div id="message">Use <?= $ctrl ?> and SHIFT keys to select multiple products.</div>
    324399    <div id="tabs">
    325400    <div class="tab selected_tab" id="list_all">List all products</div><div class="tab" id="search">Search</div>
     
    332407    $message = "";
    333408    $media_url = get_media_url();
    334     if (!$media_url) 
     409    if (!$media_url)
    335410    {
    336411        $extra_space = " style=\"height:80px;\"";
     
    349424    if (!$media_url) {
    350425        $shopsite_url = get_option('ss_shopsite_url');
    351         $url = $shopsite_url."&operation=get_setting&setting=output_url"; 
     426        $url = $shopsite_url."&operation=get_setting&setting=output_url";
    352427        $resp = get_url($url);
    353428        $outputurl = $resp[0];
     
    396471
    397472    $products_xml = oauth(
    398         get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'), 
    399         DOWNLOAD, 
     473        get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'),
     474        DOWNLOAD,
    400475        array_merge(array('clientApp'=>'1', 'dbname'=>'products', 'version'=>'11.2', 'fields'=>'|Product GUID|Name|SKU|Graphic|', 'limit'=>$limit), $search_array)
    401476    );
     
    425500        $search_array = array('search_on'=>"sku", 'search_term'=>$search_string, 'search_filter'=>'contains');
    426501        $products_xml = oauth(
    427             get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'), 
    428             DOWNLOAD, 
     502            get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'),
     503            DOWNLOAD,
    429504            array_merge(array('clientApp'=>'1', 'dbname'=>'products', 'version'=>'11.2', 'fields'=>'|Product GUID|Name|SKU|Graphic|', 'limit'=>$limit), $search_array)
    430505        );
    431506        $products = /*new SimpleXMLElement*/simplexml_load_string ($products_xml['data'], 'SimpleXMLElement');
    432         if (count($products->Products->Product) > 0) { 
     507        if (count($products->Products->Product) > 0) {
    433508            foreach ($products->Products->Product as $product) {
    434509                if (!array_key_exists(addslashes($product->Name), $products_ar))
     
    518593        return "";
    519594
    520     /*$shopsite_url = get_option('shopsite_url');   
     595    /*$shopsite_url = get_option('shopsite_url');
    521596    $handle = fopen($shopsite_url."&operation=get_product&id=$id",'r');
    522597    $contents = stream_get_contents($handle);*/
     
    553628    //debug_print("product_map:".print_r($product_map, true));
    554629    $identifier = get_option('ss_identifier');
    555     $id_list = implode(",",array_unique(array_keys($product_list))); 
     630    $id_list = implode(",",array_unique(array_keys($product_list)));
    556631
    557632    //debug_print("dispatched:|$id_list|");
     
    590665function test_connection() {
    591666    $test_download_xml = oauth(
    592         get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'), 
    593         DOWNLOAD, 
     667        get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'),
     668        DOWNLOAD,
    594669        array('clientApp'=>'1', 'dbname'=>'products', 'version'=>'11.2', 'fields'=>'|Product GUID|Name|SKU|', 'search_term'=>"B0gu5", 'search_on'=>'name', 'search_filter'=>'contains', 'limit'=>1)
    595670    );
     
    601676        return array("success"=>false, "error"=>$res[1]);
    602677
    603     return array("success"=>true); 
     678    return array("success"=>true);
    604679}
    605680

  • shopsite-plugin/trunk/readme.txt

    r3139879 r3226545  
    44Tags: e-commerce, shopping, shopsite
    55Requires at least: 3.2.0
    6 Tested up to: 6.6
    7 Stable tag: 1.5.10
     6Tested up to: 6.7
     7Stable tag: 1.5.11
    88
    99Add a free ShopSite shopping cart to your WordPress site and start taking orders today!
     
    2929
    3030== Changelog ==
     31= 1.5.11 =
     32* Security bug fix
     33
    3134= 1.5.10 =
    3235* Bug Fixes for WordPress 6.4.3 (Classic Editor Plugin required).

  • shopsite-plugin/trunk/shopsite.php

    r3055573 r3226545  
    22/**
    33 * @package ShopSite
    4  * @version 1.5.10
     4 * @version 1.5.11
    55 */
    66/*
     
    99 * Description: ShopSite plugin to put products into your WordPress blog
    1010 * Author: ShopSite
    11  * Version: 1.5.10
     11 * Version: 1.5.11
    1212 * Author URI: http://shopsite.com/
    1313 */
    1414
    15 /*function debug_print($text){file_put_contents("log.txt", $text."\n", FILE_APPEND);}*/
     15if(dirname(__FILE__) != ''){define('DEBUG_FILENAME', dirname(__FILE__) . '/log.txt');}else{define('DEBUG_FILENAME', 'log.txt');}function debug_init(){file_put_contents(DEBUG_FILENAME, "\n-------------------\n" . "Debugging " . __FILE__ . "\n", FILE_APPEND);}function debug_print($text){file_put_contents(DEBUG_FILENAME, $text."\n", FILE_APPEND);}debug_init();
    1616
    1717$product_list = array();
     
    4040
    4141register_uninstall_hook(__FILE__, 'on_uninstall');
    42 
    4342register_activation_hook( __FILE__, 'on_activate' );
     43
    4444function on_activate() {
    4545    add_option('ss_just_activated','yes');
     
    5454
    5555function load_plugin() {
    56     $version = "1.5.10";
    57     if ( is_admin() ) { 
     56    $version = "1.5.11";
     57    if ( is_admin() ) {
    5858        $running_version = get_option('ss_version');
    59         if (!$running_version) 
     59        if (!$running_version)
    6060            $running_version = "1";
    6161
     
    8585
    8686function start_tutorial() {
    87     echo "<script>start_tutorial();</script>"; 
     87    echo "<script>start_tutorial();</script>";
    8888}
    8989
    9090function request_output_url() {
    91     echo "<script>request_output_url();</script>"; 
     91    echo "<script>request_output_url();</script>";
    9292}
    9393
     
    127127}
    128128
     129function admin_notice__success() {
     130?>
     131<div class="notice notice-success is-dismissible">
     132<p><?php _e( 'Settings Saved!', 'sample-text-domain' ); ?></p>
     133</div>
     134<?php
     135}
     136
     137function admin_notice__failure() {
     138?>
     139<div class="notice notice-error is-dismissible">
     140<p><?php _e( 'Invalid configuration!', 'sample-text-domain' ); ?></p>
     141</div>
     142<?php
     143}
     144
     145function sanitize_ss_ident($identifier) {
     146  if($identifier == 'SKU'){
     147    return 'SKU';
     148  }else{
     149    return 'GUID';
     150  }
     151}
     152
     153function ss_check_id($field){
     154  if(preg_match('/^[0-9A-Za-z]+$/', $field)){
     155    return $field;
     156  }else{return '';}
     157}
     158
     159function ss_check_secret_key($field){
     160  if(preg_match('/^[0-9A-Z]{4}-[0-9A-Z]{4}-[0-9A-Z]{4}-[0-9A-Z]{4}$/', $field)){
     161    return $field;
     162  }else{return '';}
     163}
     164
    129165function show_shopsite_menu() {
    130166    global $wpdb;
     
    133169    $state = 'new_config';
    134170
    135     /*$option_list = array('shopsite_url', 'config_dump', 'config_type', 'clientid', 'secretkey', 'code', 'authorizationurl', 'identifier', 'remember_search', 'remembered_search_string', 'media_url');
    136     foreach ($option_list as $option) {
    137         echo "<br>$option  |".get_option($option)."| |".get_option('ss_'.$option)."|";
    138     }*/
    139 
    140 
    141     if (isset($_REQUEST['config_type'])) {
    142 
    143         $config_type = trim($_REQUEST['config_type']);
    144         //echo "<script>alert('$config_type');</script>";
    145 
    146         update_option('ss_config_type', $config_type);
    147         $state = 'settings_saved';
    148 
    149         delete_option('ss_media_url');
    150 
    151         if ($config_type == 'ss_12') {
    152             update_option('ss_config_dump', trim($_REQUEST['config_dump']));
    153 
    154 
    155             $decoded = base64_decode(trim($_REQUEST['config_dump']));
    156             $decoded = explode('^',$decoded);
    157 
    158             update_option('ss_clientid', trim($decoded[0]));
    159             update_option('ss_secretkey', trim($decoded[1]));
    160             update_option('ss_code', trim($decoded[2]));
    161             update_option('ss_authorizationurl', trim($decoded[3]));
    162             update_option('ss_shopsite_url', trim($decoded[4]));
    163         } else {
    164 
    165             $clientid = trim($_REQUEST['clientid']); update_option('ss_clientid', $clientid);
    166             $secretkey = trim($_REQUEST['secretkey']); update_option('ss_secretkey', $secretkey);
    167             $code = trim($_REQUEST['code']); update_option('ss_code', $code);
    168             $authorizationurl = trim($_REQUEST['authorizationurl']); update_option('ss_authorizationurl', $authorizationurl);
    169             $shopsite_url = trim($_REQUEST['shopsite_url']); update_option('ss_shopsite_url', $shopsite_url);
    170             $config_dump = base64_encode("$clientid^$secretkey^$code^$authorizationurl^$shopsite_url");
    171             update_option('ss_config_dump', $config_dump);
    172         }
    173     }
    174 
    175     if (isset($_REQUEST['identifier'])) update_option('ss_identifier', trim($_REQUEST['identifier']));
    176     if (isset($_REQUEST['test'])) {
    177         $testing = true;
    178         $test_result = test_connection();
    179         $state = 'testing_completed';
    180     }
    181 
    182     $config_type = get_option('ss_config_type');
    183     if (strlen($config_type) == 0)
    184         $config_type = 'ss_12';
    185     $config_dump = get_option('ss_config_dump');
    186     $shopsite_url = get_option('ss_shopsite_url');
    187     $clientid = get_option('ss_clientid');
    188     $secretkey = get_option('ss_secretkey');
    189     $code = get_option('ss_code');
    190     $authorizationurl = get_option('ss_authorizationurl');
    191 
    192 
    193     $identifier = get_option('ss_identifier');
    194 
    195     $SKU_selected = $GUID_selected = "";
    196     if ($identifier == 'SKU')
    197         $SKU_selected = " checked";
    198     else
    199         $GUID_selected = " checked";
    200 
    201     $ss_12_extra = "";
    202     $ss_11_extra = "";
    203     if ($config_type == 'ss_11') {
    204         $ss_12_extra = " style=\"display:none;\"";
    205         $ss_11_extra = " style=\"display:table-row-group;\"";
    206     }
    207 
    208     //ss_action=plugins.php?page=shopsite_menu
     171  if (isset($_REQUEST['config_type'])) {
     172    if (!isset($_POST['ss_n_settings']) || !check_admin_referer('ShopSiteSettings', 'ss_n_settings')) {
     173      wp_die(__('Invalid request. Please try again.', 'default'));
     174    } else {
     175      $config_type = sanitize_text_field($_REQUEST['config_type']);
     176
     177      update_option('ss_config_type', $config_type);
     178      $state = 'settings_saved';
     179
     180      delete_option('ss_media_url');
     181
     182      if ($config_type == 'ss_12') {
     183        $clientid = '';
     184        $secret_key = '';
     185        $code = '';
     186        $auth_url = '';
     187        $shopsite_url = '';
     188        $count = 0;
     189
     190        $config_dump = sanitize_text_field($_REQUEST['config_dump']);
     191
     192        $decoded = base64_decode($config_dump);
     193        $decoded = explode('^',$decoded);
     194        if(count($decoded) == 5) {
     195          $clientid = ss_check_id(trim($decoded[0]));
     196          $secret_key = ss_check_secret_key(trim($decoded[1]));
     197          $code = ss_check_id(trim($decoded[2]));
     198          $auth_url = esc_url_raw(trim($decoded[3]));
     199          $shopsite_url = esc_url_raw(trim($decoded[4]));
     200        }
     201
     202        if(
     203          $clientid != '' &&
     204          $secret_key != '' &&
     205          $code != '' &&
     206          $auth_url != '' &&
     207          $shopsite_url != ''
     208        ){
     209          update_option('ss_config_dump', $config_dump);
     210          update_option('ss_clientid', $clientid);
     211          update_option('ss_secretkey', $secret_key);
     212          update_option('ss_code', $code);
     213          update_option('ss_authorizationurl', $auth_url);
     214          update_option('ss_shopsite_url', $shopsite_url);
     215          admin_notice__success();
     216        }else{
     217          admin_notice__failure();
     218        }
     219
     220      } else {
     221
     222        $clientid = ss_check_id($_REQUEST['clientid']);
     223        update_option('ss_clientid', $clientid);
     224        $secretkey = sanitize_text_field($_REQUEST['secretkey']);
     225        update_option('ss_secretkey', $secretkey);
     226        $code = sanitize_text_field($_REQUEST['code']);
     227        update_option('ss_code', $code);
     228        $authorizationurl = esc_url_raw($_REQUEST['authorizationurl']);
     229        update_option('ss_authorizationurl', $authorizationurl);
     230        $shopsite_url = esc_url_raw($_REQUEST['shopsite_url']);
     231        update_option('ss_shopsite_url', $shopsite_url);
     232        $config_dump = base64_encode("$clientid^$secretkey^$code^$authorizationurl^$shopsite_url");
     233        update_option('ss_config_dump', $config_dump);
     234        admin_notice__success();
     235      }
     236    }
     237  }
     238
     239  if (isset($_REQUEST['identifier'])){
     240    update_option('ss_identifier', sanitize_ss_ident($_REQUEST['identifier']));
     241  }
     242  if (isset($_REQUEST['test'])) {
     243    $testing = true;
     244    $test_result = test_connection();
     245    $state = 'testing_completed';
     246    if ($test_result['success'] == true)
     247    {
     248      $message = __('Connection test successful', 'default');
     249      $success = 'success';
     250    }
     251    else if ($test_result['success'] == false) {
     252      $message = __('Connection test failed, check your settings.', 'default') . '<br' . __('Error:') . ' ' . $test_result["error"];
     253      $success = 'error';
     254    }
     255    ?><div class="notice notice-<?= $success ?> is-dismissible"><p><?= $message ?></p></div><?php
     256  }
     257
     258  /*
     259  $option_list = array('shopsite_url', 'config_dump', 'config_type', 'clientid', 'secretkey', 'code', 'authorizationurl', 'identifier', 'remember_search', 'remembered_search_string', 'media_url');
     260  foreach ($option_list as $option) {
     261    debug_print("$option |" . get_option($option) . "| ss_$option |" . get_option('ss_'.$option) . "|");
     262  }
     263   */
     264
     265  $config_type = get_option('ss_config_type');
     266  if (strlen($config_type) == 0)
     267    $config_type = 'ss_12';
     268  if($config_type != 'ss_12'){
     269    $config_type = 'ss_11';
     270  }
     271  $config_dump = esc_attr(get_option('ss_config_dump'));
     272  $shopsite_url = esc_attr(get_option('ss_shopsite_url'));
     273  $clientid = get_option('ss_clientid');
     274  $secretkey = get_option('ss_secretkey');
     275  $code = get_option('ss_code');
     276  $authorizationurl = get_option('ss_authorizationurl');
     277
     278
     279  $identifier = get_option('ss_identifier');
     280
     281  $SKU_selected = $GUID_selected = "";
     282  if ($identifier == 'SKU')
     283    $SKU_selected = " checked";
     284  else
     285    $GUID_selected = " checked";
     286
     287  $ss_12_extra = "";
     288  $ss_11_extra = "";
     289  if ($config_type == 'ss_11') {
     290    $ss_12_extra = ' style="display:none;"';
     291    $ss_11_extra = ' style="display:table-row-group;"';
     292  }
     293
     294  //ss_action=plugins.php?page=shopsite_menu
    209295?>
    210     <script>$('#ss_11').live('click', function() {$('#config_type').val('ss_11'); $('#ss_12_settings').css({'display':'none'}); $('#ss_11_settings').css({'display':'table-row-group'}); });$('#ss_12').live('click', function() {$('#config_type').val('ss_12'); $('#ss_11_settings').css({'display':'none'}); $('#ss_12_settings').css({'display':'table-row-group'});});</script>
    211296
    212297    <h1>ShopSite configuration</h1>
    213298        Don't have a ShopSite store? <a id="get_shopsite" target="_blank" href="https://saas.shopsite.com/express/">Get a free 10-product Express store</a>.
    214299        <form method="post" action="">
     300<?php wp_nonce_field('ShopSiteSettings', 'ss_n_settings'); ?>
    215301    <input type="hidden" id="config_type" name="config_type" value="<?=$config_type?>">
    216302        <table>
     
    228314        <tr><td>Authorization Code:</td><td><input type="text" name="code" id="code" value="<?= $code ?>" size="100"></td></tr>
    229315        <tr><td>Authorization URL:</td><td><input type="text" name="authorizationurl" id="authorizationurl" value="<?= $authorizationurl ?>" size="100"></td></tr>
    230         <tr><td>ShopSite callback URL:</td><td><input type="text" name="shopsite_url" value="<?php esc_attr($shopsite_url); ?>" size="100"></td></tr>
     316        <tr><td>ShopSite callback URL:</td><td><input type="text" name="shopsite_url" value="<?= $shopsite_url ?>" size="100"></td></tr>
    231317
    232318    </tbody>
     
    238324        <input type="radio" name="identifier" value="SKU"<?= $SKU_selected ?>>SKU</td></tr>
    239325        </tbody></table>
    240     <br/><input type="submit" class="button" name="test" id="test_connection" value="<?php esc_attr_e('Test connection'); ?>">
    241 <?php
    242     if ($testing) {
    243         echo "<div id=\"test_result\">";
    244         if ($test_result['success'] == true)
    245             echo "<p id=\"test_good\">Connection test successful</p>";
    246         if ($test_result['success'] == false) {
    247             echo "<p id=\"test_bad\">Connection test failed, check your settings.<br>Error: ".$test_result["error"]."</p>";
    248         }
    249         echo "</div>";
    250     }
    251   else
    252   {
    253     echo "<div></div>";
    254   }
    255 ?>
     326    <script>$('#ss_11').on('click', function() {$('#config_type').val('ss_11'); $('#ss_12_settings').css({'display':'none'}); $('#ss_11_settings').css({'display':'table-row-group'}); });$('#ss_12').on('click', function() {$('#config_type').val('ss_12'); $('#ss_11_settings').css({'display':'none'}); $('#ss_12_settings').css({'display':'table-row-group'});});</script>
    256327    <input type="hidden" name="state" id="state" value="<?= $state ?>">
    257     <br/><input type="submit" class="button button-primary" id="save_settings" value="<?php esc_attr_e('Save settings' ); ?>"></form>
     328  <br/>
     329<input type="submit" class="button button-primary" id="save_settings" value="<?php esc_attr_e('Save settings' ); ?>">
     330&nbsp;
     331<input type="submit" class="button" name="test" id="test_connection" value="<?php esc_attr_e('Test connection'); ?>">
     332</form>
    258333<?php
    259334}
     
    277352
    278353// Load the TinyMCE plugin : editor_plugin.js (wp2.5)
    279 function add_shopsite_tinymce_plugin($plugin_array) { 
     354function add_shopsite_tinymce_plugin($plugin_array) {
    280355    $path = plugin_dir_url(__FILE__).'editor_plugin.js';
    281356    $plugin_array['shopsite'] = $path;
     
    321396    <body>
    322397    <div id="top_bar">
    323   <div id="message">Use <?= $ctrl ?> and SHIFT keys to select multiple products.</div> 
     398  <div id="message">Use <?= $ctrl ?> and SHIFT keys to select multiple products.</div>
    324399    <div id="tabs">
    325400    <div class="tab selected_tab" id="list_all">List all products</div><div class="tab" id="search">Search</div>
     
    332407    $message = "";
    333408    $media_url = get_media_url();
    334     if (!$media_url) 
     409    if (!$media_url)
    335410    {
    336411        $extra_space = " style=\"height:80px;\"";
     
    349424    if (!$media_url) {
    350425        $shopsite_url = get_option('ss_shopsite_url');
    351         $url = $shopsite_url."&operation=get_setting&setting=output_url"; 
     426        $url = $shopsite_url."&operation=get_setting&setting=output_url";
    352427        $resp = get_url($url);
    353428        $outputurl = $resp[0];
     
    396471
    397472    $products_xml = oauth(
    398         get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'), 
    399         DOWNLOAD, 
     473        get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'),
     474        DOWNLOAD,
    400475        array_merge(array('clientApp'=>'1', 'dbname'=>'products', 'version'=>'11.2', 'fields'=>'|Product GUID|Name|SKU|Graphic|', 'limit'=>$limit), $search_array)
    401476    );
     
    425500        $search_array = array('search_on'=>"sku", 'search_term'=>$search_string, 'search_filter'=>'contains');
    426501        $products_xml = oauth(
    427             get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'), 
    428             DOWNLOAD, 
     502            get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'),
     503            DOWNLOAD,
    429504            array_merge(array('clientApp'=>'1', 'dbname'=>'products', 'version'=>'11.2', 'fields'=>'|Product GUID|Name|SKU|Graphic|', 'limit'=>$limit), $search_array)
    430505        );
    431506        $products = /*new SimpleXMLElement*/simplexml_load_string ($products_xml['data'], 'SimpleXMLElement');
    432         if (count($products->Products->Product) > 0) { 
     507        if (count($products->Products->Product) > 0) {
    433508            foreach ($products->Products->Product as $product) {
    434509                if (!array_key_exists(addslashes($product->Name), $products_ar))
     
    518593        return "";
    519594
    520     /*$shopsite_url = get_option('shopsite_url');   
     595    /*$shopsite_url = get_option('shopsite_url');
    521596    $handle = fopen($shopsite_url."&operation=get_product&id=$id",'r');
    522597    $contents = stream_get_contents($handle);*/
     
    553628    //debug_print("product_map:".print_r($product_map, true));
    554629    $identifier = get_option('ss_identifier');
    555     $id_list = implode(",",array_unique(array_keys($product_list))); 
     630    $id_list = implode(",",array_unique(array_keys($product_list)));
    556631
    557632    //debug_print("dispatched:|$id_list|");
     
    590665function test_connection() {
    591666    $test_download_xml = oauth(
    592         get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'), 
    593         DOWNLOAD, 
     667        get_option('ss_clientid'), get_option('ss_secretkey'), get_option('ss_code'), get_option('ss_authorizationurl'),
     668        DOWNLOAD,
    594669        array('clientApp'=>'1', 'dbname'=>'products', 'version'=>'11.2', 'fields'=>'|Product GUID|Name|SKU|', 'search_term'=>"B0gu5", 'search_on'=>'name', 'search_filter'=>'contains', 'limit'=>1)
    595670    );
     
    601676        return array("success"=>false, "error"=>$res[1]);
    602677
    603     return array("success"=>true); 
     678    return array("success"=>true);
    604679}
    605680
Note: See TracChangeset for help on using the changeset viewer.