Changeset 3347835

Timestamp:

08/21/2025 02:57:33 AM (6 months ago)

Author:

wp.insider

Message:

Added proper output escaping to admin input fields.

Location:

recurring-donation/trunk

Files:

• donate_plugin.php (modified) (9 diffs)
• readme.txt (modified) (2 diffs)

recurring-donation/trunk/donate_plugin.php

@@ -5 +5 @@
 Description: Plugin for accepting recurring PayPal donations via a simple shortcode
 Author: wpecommerce
-Version: 1.8
+Version: 1.9
 Author URI: https://wp-ecommerce.net/
 License: GPLv2 or later
@@ -103 +103 @@
             <?php if ( $message != '' && isset( $_POST['dntplgn_submit'] ) && is_email( $_POST['dntplgn_paypal_account'] ) ) { ?>
                 <div class="updated fade">
-                    <p><strong><?php echo $message; ?></strong></p>
+                    <p><strong><?php echo esc_attr($message); ?></strong></p>
                 </div>
-            <?php } elseif ( '' != $error_message && ! is_email( $_POST['dntplgn_paypal_account'] ) ) { ?>
+            <?php } elseif ( isset($error_message) ) { ?>
                 <div class="error">
-                    <p><strong><?php echo $error_message; ?></strong></p>
+                    <p><strong><?php echo esc_attr($error_message); ?></strong></p>
                 </div>
             <?php } ?>
@@ -144 +144 @@
                         </th>
                         <td class='dnt_account_row'>
-                            <input type='text' name='dntplgn_paypal_account' size='70' id='dntplgn_paypal_account' value="<?php if ( '' != $dntplgn_options['dntplgn_paypal_email'] ) echo $dntplgn_options['dntplgn_paypal_email']; ?>" />
+                            <input type='text' name='dntplgn_paypal_account' size='70' id='dntplgn_paypal_account' value="<?php if ( '' != $dntplgn_options['dntplgn_paypal_email'] ) echo esc_attr($dntplgn_options['dntplgn_paypal_email']); ?>" />
                                                         <p class="description">The donation will go to this PayPal account.</p>
                             <input type='hidden' id='dnt_tab_paypal' name='dnt_tab_paypal' value='1' />
@@ -197 +197 @@
                         </th>
                         <td class='dnt_account_row'>
-                            <input type='text' name='dntplgn_currency_symbol' size='10' id='dntplgn_currency_symbol' value="<?php echo $dntplgn_currency_symbol; ?>" />
+                            <input type='text' name='dntplgn_currency_symbol' size='10' id='dntplgn_currency_symbol' value="<?php echo esc_attr($dntplgn_currency_symbol); ?>" />
                                                         <p class="description">This symbol is shown next to the recurring amount values. By default it will use the $ symbol if you don't specify a currency symbol.</p>
                         </td>
@@ -207 +207 @@
                         </th>
                         <td class='dnt_account_row'>
-                            <input type='text' name='dntplgn_return_url' size='70' id='dntplgn_return_url' value="<?php echo $dntplgn_return_url; ?>" />
+                            <input type='text' name='dntplgn_return_url' size='70' id='dntplgn_return_url' value="<?php echo esc_attr($dntplgn_return_url); ?>" />
                                                         <p class="description">PayPal will send the user to this page after the payment.</p>
                         </td>
@@ -217 +217 @@
                         </th>
                         <td class='dnt_account_row'>
-                            <input type='text' name='dntplgn_cancel_return' size='70' id='dntplgn_cancel_return' value="<?php echo $dntplgn_cancel_return; ?>" />
+                            <input type='text' name='dntplgn_cancel_return' size='70' id='dntplgn_cancel_return' value="<?php echo esc_attr($dntplgn_cancel_return); ?>" />
                                                         <p class="description">PayPal will send the user to this page if the user clicks on the cancel link on the PayPal checkout page.</p>
                         </td>
@@ -227 +227 @@
                         </th>
                         <td class='dnt_account_row'>
-                            <input type='text' name='dntplgn_pm_label' size='30' id='dntplgn_pm_label' value="<?php echo $dntplgn_pm_label; ?>" />
+                            <input type='text' name='dntplgn_pm_label' size='30' id='dntplgn_pm_label' value="<?php echo esc_attr($dntplgn_pm_label); ?>" />
                                                         <p class="description">This label is used next to the recurring amount select options. Example: you can use a vlaue of p/m (short for per month). Leave this field empty to hide this label.</p>
                         </td>
@@ -358 +358 @@
                     <!-- Donate Amount -->
                     <input id="first_button" type="radio" name="a3" checked="checked" value="<?php echo esc_attr($dntplgn_atts['recurring_amt1']); ?>" />
-                    <label for="first_button"> <?php echo $currency_symbol; ?><?php echo esc_attr($dntplgn_atts['recurring_amt1']); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label>
+                    <label for="first_button"> <?php echo esc_attr($currency_symbol); ?><?php echo esc_attr($dntplgn_atts['recurring_amt1']); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label>
                     <input id="second_button" type="radio" name="a3" value="<?php echo esc_attr($dntplgn_atts['recurring_amt2']); ?>" />
-                    <label for="second_button"> <?php echo $currency_symbol; ?><?php echo esc_attr($dntplgn_atts['recurring_amt2']); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label>
+                    <label for="second_button"> <?php echo esc_attr($currency_symbol); ?><?php echo esc_attr($dntplgn_atts['recurring_amt2']); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label>
                     <input id="third_button" type="radio" name="a3" value="<?php echo esc_attr($dntplgn_atts['recurring_amt3']); ?>" />
-                    <label for="third_button"> <?php echo $currency_symbol; ?><?php echo esc_attr($dntplgn_atts['recurring_amt3']); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label>
+                    <label for="third_button"> <?php echo esc_attr($currency_symbol); ?><?php echo esc_attr($dntplgn_atts['recurring_amt3']); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label>
                     <input id="fourth_button" type="radio" name="a3" value="other" />
                     <label for="fourth_button"> <?php _e( 'Other', 'donateplugin' ); ?> <span class="dntplgn_pm_label"><?php echo esc_attr($per_month_label); ?></span></label></br>
@@ -413 +413 @@
 register_activation_hook( __FILE__, 'dntplgn_register_settings' );
 
+//Add the link to settings menu in plugin's dashboard menu.
+function dntplgn_add_settings_link( $links, $file ) {
+    if ( $file == plugin_basename( __FILE__ ) ) {
+        $settings_link = '<a href="admin.php?page=dntplgn_plugin">' . (__( "Settings", "donateplugin" )) . '</a>';
+        array_unshift( $links, $settings_link );
+    }
+    return $links;
+}
+add_filter( 'plugin_action_links', 'dntplgn_add_settings_link', 10, 2 );
+
+
 add_action( 'init', 'dntplgn_plugin_init' );
 add_action( 'admin_init', 'dntplgn_plugin_init' );

recurring-donation/trunk/readme.txt

@@ -3 +3 @@
 Donate link: https://wp-ecommerce.net/
 Tags: subscription, donate, donation, paypal, recurring, payment, donations, paypal donation, button, shortcode, monthly
-Requires at least: 3.0
+Requires at least: 5.0
 Tested up to: 6.8
-Stable tag: 1.8
+Stable tag: 1.9
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -86 +86 @@
 == Changelog ==
 
+= 1.9 =
+* Added proper output escaping to admin input fields.
+
 = 1.8 =
 * Added output escaping to the shortcode parameters.