WordPress.org
Get WordPress

Plugin Directory

Changeset 3405282


Ignore:
Timestamp:
11/28/2025 02:29:04 PM (2 weeks ago)
Author:
flippercode
Message:

security issues resolved

Location:
wp-google-map-plugin
Files:
943 added
61 edited

Legend:

Unmodified
Added
Removed

  • wp-google-map-plugin/trunk/assets/js/wpgmp_backend.js

    r3326196 r3405282  
    3004930049        }
    3005030050
     30051        const fileInput = document.querySelector('input[name="import_file"]');
     30052        fileInput?.addEventListener('change', function() {
     30053            alert(settings_obj.pro_version_feature);
     30054        });
     30055
    3005130056    });
    3005230057

  • wp-google-map-plugin/trunk/classes/wpgmp-check-cookies.php

    r3320406 r3405282  
    22add_filter('wpgmp_accept_cookies','wpgmp_accept_cookies_consent');
    33
    4 function check_cookieyes_consent() {
     4function wpgmp_check_cookieyes_consent() {
    55    if (isset($_COOKIE['cookieyes-consent'])) {
    66        $cookie_value = $_COOKIE['cookieyes-consent'];
     
    2626    } elseif (function_exists('gdpr_cookie_is_accepted') && gdpr_cookie_is_accepted('thirdparty')) {
    2727        $is_allowed = true;
    28     } elseif (function_exists('cky_get_consent_db_version') && check_cookieyes_consent()) {
     28    } elseif (function_exists('cky_get_consent_db_version') && wpgmp_check_cookieyes_consent()) {
    2929        $is_allowed = true;
    3030    } elseif (class_exists('iubendaParser') && iubendaParser::consent_given()) {
     
    4747    } elseif (function_exists('gdpr_cookie_is_accepted') && !gdpr_cookie_is_accepted('thirdparty')) {
    4848        $accepted = false;
    49     } elseif (function_exists('cky_get_consent_db_version') && !check_cookieyes_consent()) {
     49    } elseif (function_exists('cky_get_consent_db_version') && !wpgmp_check_cookieyes_consent()) {
    5050        $accepted = false;
    5151    } elseif (class_exists('iubendaParser') && !iubendaParser::consent_given()) {

  • wp-google-map-plugin/trunk/classes/wpgmp-feedback-form.php

    r3320406 r3405282  
    55 */
    66
    7 function wpgmp_add_feedback_form()
    8 {
    9     $contact_support_template = __('Need help? We are ready to answer your questions. <a href="https://weplugins.com/support/" target="_blank">Contact Support</a>');
     7function wpgmp_add_feedback_form(){
     8   
     9    $link_text = __( 'Contact Support', 'wp-google-map-plugin' );
     10
     11   
     12    $contact_support_template = sprintf(
     13        /* translators: %s: The "Contact Support" link HTML. */
     14        __( 'Need help? We are ready to answer your questions. %s', 'wp-google-map-plugin' ),
     15        sprintf(
     16            '<a href="https://weplugins.com/support/" target="_blank">%s</a>',
     17            $link_text
     18        )
     19    );
    1020
    1121    $reasons = array(
    1222        array(
    1323            'id'                => 'NOT_WORKING',
    14             'text'              => __('The plugin is not working'),
     24            'text'              => __('The plugin is not working','wp-google-map-plugin'),
    1525            'input_type'        => 'textarea',
    16             'input_placeholder' => esc_attr__("Kindly share what didn't work so we can fix it in future updates."),
     26            'input_placeholder' => esc_attr__("Kindly share what didn't work so we can fix it in future updates.",'wp-google-map-plugin'),
    1727        ),
    1828        array(
    1929            'id'                => 'SUDDENLY_STOPPED_WORKING',
    20             'text'              => __('The plugin suddenly stopped working'),
     30            'text'              => __('The plugin suddenly stopped working','wp-google-map-plugin'),
    2131            'input_type'        => '',
    2232            'input_placeholder' => '',
     
    2535        array(
    2636            'id'                => 'BROKE_MY_SITE',
    27             'text'              => __('The plugin broke my site'),
     37            'text'              => __('The plugin broke my site','wp-google-map-plugin'),
    2838            'input_type'        => '',
    2939            'input_placeholder' => '',
     
    3343        array(
    3444            'id'                => 'COULDNT_MAKE_IT_WORK',
    35             'text'              => __("I couldn't understand how to get it work"),
     45            'text'              => __("I couldn't understand how to get it work",'wp-google-map-plugin'),
    3646            'input_type'        => '',
    3747            'input_placeholder' => '',
     
    4050        array(
    4151            'id'                => 'FOUND_A_BETTER_PLUGIN',
    42             'text'              => __('I found a better plugin'),
     52            'text'              => __('I found a better plugin','wp-google-map-plugin'),
    4353            'input_type'        => 'textarea',
    44             'input_placeholder' => esc_attr__('Can you please name the plugin and why you liked that it more?'),
     54            'input_placeholder' => esc_attr__('Can you please name the plugin and why you liked that it more?','wp-google-map-plugin'),
    4555        ),
    4656        array(
    4757            'id'                => 'GREAT_BUT_NEED_SPECIFIC_FEATURE',
    48             'text'              => __('The plugin is great, but I need a specific feature'),
     58            'text'              => __('The plugin is great, but I need a specific feature','wp-google-map-plugin'),
    4959            'input_type'        => 'textarea',
    50             'input_placeholder' =>  esc_attr__('Can you share more details on the missing feature?'),
     60            'input_placeholder' =>  esc_attr__('Can you share more details on the missing feature?','wp-google-map-plugin'),
    5161        ),
    5262        array(
    5363            'id'                => 'TEMPORARY_DEACTIVATION',
    54             'text'              => __("It's a temporary deactivation, I'm just debugging an issue"),
     64            'text'              => __("It's a temporary deactivation, I'm just debugging an issue",'wp-google-map-plugin'),
    5565            'input_type'        => '',
    5666            'input_placeholder' => '',
     
    5868        array(
    5969            'id'                => 'OTHER',
    60             'text'              => __('Other'),
     70            'text'              => __('Other','wp-google-map-plugin'),
    6171            'input_type'        => 'textarea',
    6272            'input_placeholder' => '',
     
    111121    $plugin_name = 'wp-google-map-plugin';
    112122    $basename = 'wp-google-map-plugin';
     123    $processing = esc_html__('Processing...','wp-google-map-plugin');
     124    $submit_deactivate = esc_html__('Submit and Deactivate','wp-google-map-plugin');
     125    $skip_deactivate = esc_html__('Skip and Deactivate','wp-google-map-plugin');
     126    $improve_it = esc_html__('Please tell us the reason so we can improve it.','wp-google-map-plugin');
    113127
    114128    $script .= '(function($) {
     
    201215                                $('.fc-backend-loader').show(); // Show the loader
    202216                                _parent.find( '.wpgmp-modal-footer .button' ).addClass( 'disabled' );
    203                                 _parent.find( '.wpgmp-modal-footer .button-secondary' ).text( '" . __('Processing') . "' + '...' );
     217                                _parent.find( '.wpgmp-modal-footer .button-secondary' ).text( '" . $processing . "' + '...' );
    204218                            },
    205219                            complete  : function( message ) {
     
    230244                    \$modal.find( '.wpgmp-modal-reason-input' ).remove();
    231245                    \$modal.find( '.wpgmp-modal-internal-message' ).hide();
    232                     \$modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . __('Submit and Deactivate') . "' );
     246                    \$modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . $submit_deactivate . "' );
    233247
    234248                    wpgmpModalEnableDeactivateButton();
     
    245259
    246260                        if ( wpgmpModalIsReasonSelected( 'OTHER' ) ) {
    247                             \$modal.find( '.message' ).text( '" . __('Please tell us the reason so we can improve it.') . "' ).show();
     261                            \$modal.find( '.message' ).text( '" . $improve_it . "' ).show();
    248262                        }
    249263                    }
     
    310324                \$modal.find( '.wpgmp-modal-panel' ).addClass( 'active' );
    311325                /* Update the deactivate button's text */
    312                 \$modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . __('Skip and Deactivate') . "' );
     326                \$modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . $skip_deactivate . "' );
    313327            }
    314328        })(jQuery);";

  • wp-google-map-plugin/trunk/classes/wpgmp-helper.php

    r3385760 r3405282  
    183183   
    184184        $localized = [
     185            'pro_version_feature'       =>  __( 'This feature requires the Pro version of the plugin.', 'wp-google-map-plugin' ),
    185186            'ajax_url'                  => admin_url( 'admin-ajax.php' ),
    186187            'nonce'                     => wp_create_nonce( 'fc-call-nonce' ),
     
    485486    public static function wpgmp_features_limits_msg() {
    486487
    487         return esc_html__('You\'re using Leaflet. Google Maps–only features have been greyed out.','wp-google-maps');
     488        return esc_html__('You\'re using Leaflet. Google Maps–only features have been greyed out.','wp-google-map-plugin');
    488489
    489490    }

  • wp-google-map-plugin/trunk/classes/wpgmp-integration-form.php

    r3320406 r3405282  
    11<?php
     2/**
     3 * File: WPGMP_Integration_Form.php
     4 * Security: All FlipperCode_HTML_Markup methods return pre-escaped HTML
     5 */
     6// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
    27
    38if ( ! class_exists( 'WPGMP_Integration_Form' ) ) {
    49
    510class WPGMP_Integration_Form {
     11   
    612    private $fields = [];
    713    private $extension_key = '';
    814
    915    public function __construct($extension_key, $fields = []) {
     16
    1017        $this->extension_key = sanitize_key($extension_key);
    1118        $this->fields = $fields;
     
    3138
    3239    private function render_field($field) {
     40
    3341        $name  = esc_attr($field['name']);
    3442        $label = esc_html($field['label'] ?? '');
     
    112120
    113121}
     122
     123// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped

  • wp-google-map-plugin/trunk/classes/wpgmp-map-widget.php

    r3320406 r3405282  
    3636        function widget( $args, $instance ) {
    3737
    38             global $wpdb,$map;
    39             extract( $args );
    40 
     38            global $wpdb, $map;
     39           
     40            // Don't use extract() - access array elements directly
     41            $before_widget = $args['before_widget'] ?? '';
     42            $after_widget = $args['after_widget'] ?? '';
     43            $before_title = $args['before_title'] ?? '';
     44            $after_title = $args['after_title'] ?? '';
     45           
     46            // phpcs:disable WordPress.NamingConventions.PrefixAllGlobals
    4147            $map_id    = apply_filters( 'widget_title', empty( $instance['map_id'] ) ? '' : $instance['map_id'], $instance, $this->id_base );
    4248            $map_title = apply_filters( 'widget_text', empty( $instance['map_title'] ) ? '' : $instance['map_title'], $instance );
     49            // phpcs:enable WordPress.NamingConventions.PrefixAllGlobals
    4350
    44             echo $before_widget;
     51            // Escape all widget output
     52            echo wp_kses_post( $before_widget );
     53           
    4554            if ( ! empty( $map_title ) ) {
    46                 echo $before_title . esc_html( $map_title ) . $after_title; }
     55                echo wp_kses_post( $before_title ) . esc_html( $map_title ) . wp_kses_post( $after_title );
     56            }
    4757
    4858            if ( ! empty( $map_id ) ) {
    49                 echo do_shortcode( '[put_wpgm id=' . $map_id . ']' ); }
    50             echo $after_widget;
     59                // do_shortcode is safe, but ensure map_id is numeric
     60                $safe_map_id = absint( $map_id );
     61                echo do_shortcode( '[put_wpgm id=' . $safe_map_id . ']' );
     62            }
     63           
     64            echo wp_kses_post( $after_widget );
    5165        }
    5266        /**
     
    6074
    6175            $instance              = $old_instance;
    62             $instance['map_title'] = strip_tags( $new_instance['map_title'] );
    63             $instance['map_id']    = strip_tags( $new_instance['map_id'] );
     76            $instance['map_title'] = wp_strip_all_tags( $new_instance['map_title'] );
     77            $instance['map_id']    = wp_strip_all_tags( $new_instance['map_id'] );
    6478            return $instance;
    6579        }
     
    7286
    7387            global $wpdb,$map;
    74             $map_records = $wpdb->get_results( 'SELECT map_id,map_title FROM ' . TBL_MAP . '' );
     88            $map_records = $wpdb->get_results( 'SELECT map_id,map_title FROM ' . TBL_MAP . '' );// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
    7589
    7690            if ( ! isset( $instance['map_title'] ) ) {
     
    86100                    <?php esc_html_e( 'Title:', 'wp-google-map-plugin' ); ?>
    87101                </label>
    88                 <input type="text" value="<?php echo $instance['map_title']; ?>" name="<?php echo esc_html( $this->get_field_name( 'map_title' ) ); ?>" class="widefat" style="margin-top:6px;">
     102                <input type="text" value="<?php echo esc_html($instance['map_title']); ?>" name="<?php echo esc_html( $this->get_field_name( 'map_title' ) ); ?>" class="widefat" style="margin-top:6px;">
    89103            </p>
    90104            <p>
    91                 <label for="<?php echo $this->get_field_id( 'map_id' ); ?>">
     105                <label for="<?php echo esc_html($this->get_field_id( 'map_id' )); ?>">
    92106                    <?php esc_html_e( 'Select Your Map:', 'wp-google-map-plugin' ); ?>
    93107                </label>
    94                 <select id="<?php echo $this->get_field_id( 'map_id' ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'map_id' ) ); ?>" class="widefat" style="margin-top:6px;">
     108                <select id="<?php echo esc_html($this->get_field_id( 'map_id' )); ?>" name="<?php echo esc_attr( $this->get_field_name( 'map_id' ) ); ?>" class="widefat" style="margin-top:6px;">
    95109                <option value=""><?php esc_html_e( 'Select map', 'wp-google-map-plugin' ); ?></option>
    96110                <?php
     
    98112                    foreach ( $map_records as $key => $map_record ) {
    99113                        ?>
    100                         <option value="<?php echo $map_record->map_id; ?>"<?php selected( $map_record->map_id, $instance['map_id'] ); ?>><?php echo esc_html( $map_record->map_title ); ?></option>
     114                        <option value="<?php echo esc_html($map_record->map_id); ?>"<?php selected( $map_record->map_id, $instance['map_id'] ); ?>><?php echo esc_html( $map_record->map_title ); ?></option>
    101115                        <?php
    102116                    }

  • wp-google-map-plugin/trunk/classes/wpgmp-model.php

    r3320406 r3405282  
    2525            $page = isset($_GET['page']) && !empty($_GET['page']) ? $_GET['page'] : '';
    2626            $module_path = WPGMP_MODEL;
    27             $module_path = apply_filters('fc_modal_load_module', $module_path, $page);
     27            $module_path = apply_filters('fc_modal_load_module', $module_path, $page); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     28
    2829            parent::__construct( $module_path, 'WPGMP_Model_' );
    2930

  • wp-google-map-plugin/trunk/core/class.controller.php

    r3320406 r3405282  
    9090        public function display( $view, $options = array() ) {
    9191
    92             $this->entity = apply_filters( 'fc_plugin_module_to_load', $this->entity );
     92            $this->entity = apply_filters( 'fc_plugin_module_to_load', $this->entity ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     93
    9394            if ( isset( $this->pluginInstance ) && $this->pluginInstance->needs_license_verification() ) {
    9495                if ( $this->entity == 'debug' ) {
     
    104105            }
    105106
    106             $this->modulePath = apply_filters('fc_backend_module_path', $this->modulePath,$this->entity, $view );
     107            $this->modulePath = apply_filters('fc_backend_module_path', $this->modulePath,$this->entity, $view ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     108
    107109           
    108110            if ( ! empty( $view ) ) {

  • wp-google-map-plugin/trunk/core/class.importer.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.WP.AlternativeFunctions */
    23/**
    34 *  Export-Import Records in csv,xml,json and excel
     
    5152        function export( $action, $asFilename ) {
    5253
     54            /* phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped -- Plain-text download; fputcsv() handles quoting. */
     55            /* phpcs:disable WordPress.WP.AlternativeFunctions.file_system_read_fopen -- Direct output to browser is intended. */
     56            /* phpcs:disable WordPress.WP.AlternativeFunctions.file_system_read_fwrite -- Direct output to browser is intended. */
     57           
    5358            if ( 'csv' == $action ) {
    5459
     
    6570                    }
    6671                }
    67 
    68                 fclose( $fp );
     72               
     73                fclose( $fp );/* phpcs:disable WordPress.WP.AlternativeFunctions.file_system_read_fclose -- Direct output to browser is intended. */
    6974
    7075            } elseif ( 'excel' == $action ) {
     
    7378                if ( ! empty( $this->data ) ) {
    7479                    $separator = "\t";
     80                   
    7581                    echo implode( $separator, $this->columns ) . "\n";
    7682                    foreach ( $this->data as $key => $result ) {
    7783                        echo implode( $separator, $result ) . "\n";
    7884                    }
     85                   
    7986                }
    8087            } elseif ( 'json' == $action ) {
     
    94101                fclose( $fp );
    95102            }
     103            /* phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped */
    96104        }
    97105        /**
     
    179187    }
    180188}
     189// phpcs:enable WordPress.WP.AlternativeFunctions.file_system_read_fopen
     190// phpcs:enable WordPress.WP.AlternativeFunctions.file_system_read_fwrite 
     191// phpcs:enable WordPress.WP.AlternativeFunctions.file_system_read_fclose

  • wp-google-map-plugin/trunk/core/class.initiate-core.php

    r3320406 r3405282  
    3737           
    3838
    39             $core_dir_path = apply_filters( 'fc_template_plugin_core_dir_path', $core_dir_path, $data );
    40             $core_dir_url = apply_filters( 'fc_template_plugin_core_dir_url', $core_dir_url, $data );
    41             $data = apply_filters( 'fc_template_plugin_ajax_post_data', $data, $core_dir_path );
    42 
    43             $template      = $data['template_name'];
    44             $template_type = $data['template_type'];
     39            $core_dir_path = apply_filters( 'fc_template_plugin_core_dir_path', $core_dir_path, $data ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     40
     41            $core_dir_url = apply_filters( 'fc_template_plugin_core_dir_url', $core_dir_url, $data ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     42
     43            $data = apply_filters( 'fc_template_plugin_ajax_post_data', $data, $core_dir_path ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     44
     45
     46            $template      = sanitize_file_name($data['template_name']);
     47            $template_type = sanitize_text_field($data['template_type']);
    4548
    4649            if ( isset( $data['template_name'] ) ) {
     
    6164            } else {
    6265                $temp_content = $content;
    63                 $content      = "<div class='fc-infobox-". $template . " fc-" . $template_type . '-' . $template . "'>" . apply_filters( 'fc-dummy-placeholders', $content ) . '</div>';
     66                $content      = "<div class='fc-infobox-". $template . " fc-" . $template_type . '-' . $template . "'>" . apply_filters( 'fc-dummy-placeholders', $content ) . '</div>'; // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     67
    6468                $columns      = isset($data['columns']) ? $data['columns'] : '';
    6569                if ( $columns == '' ) {
     
    189193                'class.tabular.php',
    190194                'class.template.php',
    191                 'abstract.factory.php',
    192195                'class.controller-factory.php',
    193196                'class.model-factory.php',
     
    196199                'class.validation.php',
    197200                'class.database.php',
    198                 'class.importer.php',
    199                 'class.plugin-overview.php',
     201                'class.importer.php'
    200202            );
    201203

  • wp-google-map-plugin/trunk/core/class.model-factory.php

    r3320406 r3405282  
    3636
    3737            $file = $this->modulePath . $objectType . '/model.' . $objectType . '.php';
    38             $file = apply_filters('fc_backend_factory_object_path', $file, $this->modulePath, $objectType);
     38            $file = apply_filters('fc_backend_factory_object_path', $file, $this->modulePath, $objectType); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     39
    3940           
    4041            if ( file_exists( $file ) ) {

  • wp-google-map-plugin/trunk/core/class.model.php

    r3320406 r3405282  
    301301
    302302            if ( isset( $this->errors ) and is_array( $this->errors ) ) {
    303 
     303   
     304                // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Internal error messages for display
    304305                throw new Exception( implode( '<br>', $this->errors ) );
    305306

  • wp-google-map-plugin/trunk/core/class.notifications.php

    r3320406 r3405282  
    4646                    </div>
    4747                    <div>' . sprintf(
     48                          /* translators: %s: Plugin Name. */
    4849                        esc_html__(
    4950                            'This plugin now supports OpenStreetMap. Visit the %s to try it out!',

  • wp-google-map-plugin/trunk/core/class.tabular.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.WP.AlternativeFunctions */
    23/**
    34 * FlipperCode_List_Table_Helper Class File.
     
    226227
    227228            if( (is_admin())  &&  !empty($current_screen->id)){
    228                 $this->columns =  apply_filters('fc_tabular_'.$current_screen->id.'_columns',$this->columns);
     229                $this->columns =  apply_filters('fc_tabular_'.$current_screen->id.'_columns',$this->columns); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     230
    229231            }
    230232
    231233            if( (is_admin())  &&  !empty($current_screen->id)){
    232                 $this->searchExclude =  apply_filters('fc_tabular_searchExclude',$this->searchExclude);
     234                $this->searchExclude =  apply_filters('fc_tabular_searchExclude',$this->searchExclude); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     235
    233236            }
    234237
     
    311314            if( strpos( $capability_to_check, 'overview' ) !== false )
    312315            $capability_to_check = str_replace('view', 'admin', $capability_to_check);
    313             $capability_to_check = apply_filters('fc_tabular_action_cap',$capability_to_check);
     316            $capability_to_check = apply_filters('fc_tabular_action_cap',$capability_to_check); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     317
    314318
    315319            return $capability_to_check;
     
    359363                                <?php $this->show_notification( $this->response ); ?>
    360364                                <fieldset>
    361 
    362                             <?php
    363                            
    364                                 $form_attr = '';
    365                                 if(!empty($this->form_id)){
    366                                     $form_attr .= "id = {$this->form_id}";
    367                                 }
    368                                 if(!empty($this->form_class)){
    369                                     $form_attr .= " class  = 'wpgmp_manage_form {$this->form_class}'";
    370                                 }
    371                                
    372                             ?>
    373                                
    374                             <form method="post" action="<?php echo esc_url( admin_url( 'admin.php?page=' . $this->admin_listing_page_name ) ); ?>" <?php echo $form_attr; ?>>
     365   
     366                            <form method="post" action="<?php echo esc_url( admin_url( 'admin.php?page=' . $this->admin_listing_page_name ) ); ?>"
     367                                <?php if ( ! empty( $this->form_id ) ) : ?>
     368                                    id="<?php echo esc_attr( $this->form_id ); ?>"
     369                                <?php endif; ?>
     370                                <?php if ( ! empty( $this->form_class ) ) : ?>
     371                                    class="<?php echo esc_attr( 'wpgmp_manage_form ' . $this->form_class ); ?>"
     372                                <?php endif; ?>
     373                            >
    375374                            <?php
    376375                            $search_text = isset($this->translation['search_text']) ? $this->translation['search_text'] : 'Search';
     
    427426
    428427            if ( ! empty( $this->sql ) ) {
     428                 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $this->sql is internally generated and safe
    429429                $results = $wpdb->get_results( $this->sql );
    430430                if ( is_array( $results ) && ! empty( $results ) ) {
     
    440440                if ( empty( $this->columns ) ) {
    441441                    global $wpdb;
     442                    // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $this->table is internally generated and safe
    442443                    foreach ( $wpdb->get_col( 'DESC ' . $this->table, 0 ) as $column_name ) {  // Query all column name usind DESC (Preparing Columns Array).
    443444                        $this->columns[ $column_name ] = $column_name;
     
    492493
    493494
    494             return  apply_filters('fc_tabular_column_value',$return,$column_name,$item);
     495            return  apply_filters('fc_tabular_column_value',$return,$column_name,$item); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     496
    495497        }
    496498
     
    550552           
    551553            if(!empty($this->translation['no_records_found']))
    552             echo $this->translation['no_records_found'];
     554            echo esc_html($this->translation['no_records_found']);
    553555            else
    554             _e( 'No items found.' );
     556            echo 'No items found.';
    555557           
    556558        }
    557 
    558559
    559560        /**
     
    565566            $this->now_action = $this->current_action();
    566567            $ids              = $this->get_user_selected_records();
    567              
     568           
    568569            if ( '' == $this->current_action() && !empty($_POST['action']) &&  ($_POST['action'] == '-1' ||  $_POST['action2'] == '-1' ) && empty($ids) && $_POST['operation'] != '' ) {
    569570                $this->response['error'] = $this->translation['no_records_selected_for_bulk'];
     
    576577                $placeholdersForRecords = implode( ',', $recordsPlaceholders );
    577578
    578                 $query = "DELETE FROM {$this->table} WHERE {$this->primary_col} IN ( $placeholdersForRecords )";
    579                 //Prepared Query
    580                 $del = $wpdb->query( $wpdb->prepare( $query, $ids ) );
     579                // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $this->table and $this->primary_col are internal class properties
     580                $del = $wpdb->query( $wpdb->prepare(
     581                    "DELETE FROM {$this->table} WHERE {$this->primary_col} IN ( $placeholdersForRecords )",
     582                    $ids
     583                ) );
    581584
    582585                if( method_exists( $this, 'post_bulk_delete') ){
     
    587590                    $this->response['success'] = $this->translation['bulk_delete_msg'];
    588591                }else{
    589                    $this->response['success'] = $this->translation['delete_msg'];   
     592                $this->response['success'] = $this->translation['delete_msg'];   
    590593                }
    591594
     
    601604                $ids = explode(',',$ids);
    602605                $exportCount = count($ids);
    603                 $stringPlaceholders = array_fill(0, $exportCount, '%s');
    604                 $placeholdersForIds = implode(', ', $stringPlaceholders);
    605                 $prepared_query = ( ! empty( $ids )) ? " WHERE {$this->primary_col} IN ($placeholdersForIds) " : '';
    606                 $columns      = array_keys( $this->columns );
    607                 $columns      = ( count( $columns ) == 0 ) ? $columns[0] : implode( ',', $columns );
     606               
     607                $columns = array_keys( $this->columns );
     608                $columns = ( count( $columns ) == 0 ) ? $columns[0] : implode( ',', $columns );
     609               
    608610                if(empty( $this->sql )){
    609                     //Prepared Query
    610                     $query = "SELECT $columns FROM ".$this->table.$prepared_query." order by {$this->primary_col} desc";
    611                     $data = $wpdb->get_results( $wpdb->prepare($query, $ids), ARRAY_A );
     611                    if ( ! empty( $ids ) ) {
     612                        $stringPlaceholders = array_fill(0, $exportCount, '%s');
     613                        $placeholdersForIds = implode(', ', $stringPlaceholders);
     614                       
     615                       
     616                        $query = $wpdb->prepare(
     617                            // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $this->table and $this->primary_col are internal class properties
     618                            "SELECT $columns FROM " . $this->table . " WHERE " . $this->primary_col . " IN ($placeholdersForIds) ORDER BY " . $this->primary_col . " DESC",
     619                            $ids
     620                        );
     621                    } else {
     622                        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $this->table and $this->primary_col are internal class properties
     623                        $query = "SELECT $columns FROM " . $this->table . " ORDER BY " . $this->primary_col . " DESC";
     624                    }
     625                    // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is safely prepared
     626                    $data = $wpdb->get_results( $query, ARRAY_A );
    612627               
    613                 }else{
    614                     //Prepared query $this->sql
    615                     $query =  $this->sql;
    616                     $data = $wpdb->get_results( $query,ARRAY_A );
     628                } else {
     629                    // CORRECTED: If $this->sql is safe and internally generated, add comment to suppress warning
     630                    // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- SQL is internally generated and safe
     631                    $data = $wpdb->get_results( $this->sql, ARRAY_A );
    617632                }
    618633               
     
    640655                    fputcsv( $fp, $record );
    641656                }
    642                 fclose( $fp );
     657                fclose( $fp ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_fclose
    643658                exit;
    644659
    645660            }
    646661        }
     662
    647663        /**
    648664         * Show notification message based on response.
     
    695711            $query = ( empty( $this->sql ) ) ? 'SELECT * FROM ' . $this->table : $this->sql;
    696712            if( isset( $_GET['page'] ) && !empty( $_GET['page'] ) ){
    697                 $query = apply_filters('fc_manage_page_basic_query', $query , sanitize_text_field( wp_unslash( $_GET['page'] ) ) );
     713                $query = apply_filters('fc_manage_page_basic_query', $query , sanitize_text_field( wp_unslash( $_GET['page'] ) ) ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     714
    698715            }
    699716           
     
    746763                    }
    747764
    748                     //Prepared Query Because It Has User Inputs
     765                    // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $this->table and $this->primary_col are internal class properties
    749766                    $this->data = $wpdb->get_results(  $wpdb->prepare( 'SELECT * FROM '.$this->table. $prepare_query_with_placeholders. ' order by '.$this->primary_col.' desc', $prepare_args_values )  );
    750767                   
     
    759776                        $query_to_run  = $query;
    760777                        $query_to_run .= " order by {$orderby} {$order}";
    761                         //Basic static query with no user inputs
     778                        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query_to_run is safe
    762779                        $this->data = $wpdb->get_results( $query_to_run );
    763780                       
     
    767784                        $query_to_run = $query;
    768785                        $query_to_run .= " order by {$this->primary_col} desc";
    769                         $query_to_run = apply_filters('fc_manage_page_default_query', $query_to_run , sanitize_text_field( wp_unslash( $_GET['page'] ) ) );
    770                         //Basic static query with no user inputs
     786                        $query_to_run = apply_filters('fc_manage_page_default_query', $query_to_run , sanitize_text_field( wp_unslash( $_GET['page'] ) ) ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     787
     788                        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query_to_run is safe
    771789                        $this->data = $wpdb->get_results( $query_to_run );
    772790                       
     
    781799            }
    782800
    783             $current_page = apply_filters('fc_tabular_set_pagination_page',$this->get_pagenum()) ;
     801            $current_page = apply_filters('fc_tabular_set_pagination_page',$this->get_pagenum()) ; // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     802
    784803            $total_items  = count( $this->data );
    785804            if ( is_array( $this->data ) && ! empty( $this->data ) ) {
     
    797816    }
    798817}
     818/* phpcs:enable WordPress.WP.AlternativeFunctions */

  • wp-google-map-plugin/trunk/core/class.template.php

    r3326196 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
     3/* phpcs:disable WordPress.WP.AlternativeFunctions */
     4
    25/**
    36 * Generate Bootstrap Form and it's Elements.
     
    309312        public static function output( $safe_output ) {
    310313
    311             echo $safe_output;
     314            echo $safe_output; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
    312315
    313316        }
     
    375378        public function get_navigation() {
    376379
    377             $output = apply_filters('fc_plugin_nav_menu','');                 
     380            $output = apply_filters('fc_plugin_nav_menu',''); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     381                 
    378382
    379383            return $output;
     
    480484        public static function apply_extensions( $filter, $value ) {
    481485            $element_html  = '';
    482             $element_html .= apply_filters( $filter, '', $value );
     486            $element_html .= apply_filters( $filter, '', $value ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     487
    483488            $element_html .= FlipperCode_HTML_Markup::field_hidden( 'fc_entity_type', array( 'value' => strtolower( trim( $filter ) ) ) );
    484489            return $element_html;
     
    812817
    813818            if ( $echo ) {
    814                 $do_balanceTags = apply_filters('fc_form_balance_tags',true,$this);
     819                $do_balanceTags = apply_filters('fc_form_balance_tags',true,$this); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
     820
    815821                if($do_balanceTags){
    816                     echo balanceTags( $form_output );
     822                    echo balanceTags( $form_output ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
    817823                }else{
    818                     echo $form_output;
     824                    echo $form_output; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
    819825                }
    820826            } else {
     
    13951401                $googleApi   = 'https://www.googleapis.com/webfonts/v1/webfonts?sort=alpha&key=AIzaSyA_3pC94bBI_G_35mmBPzCU0VayhGrTZxI';
    13961402                $fontContent = wp_remote_get( $googleApi, array( 'sslverify' => false ) );
    1397                 $fp          = fopen( $fontFile, 'w' );
    1398                 fwrite( $fp, $fontContent['body'] );
    1399                 fclose( $fp );
     1403                $fp          = fopen( $fontFile, 'w' ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_fopen
     1404                fwrite( $fp, $fontContent['body'] ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_fwrite
     1405                fclose( $fp );  // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_fclose
    14001406                $content = json_decode( $fontContent['body'] );
    14011407            }
     
    23082314    }
    23092315}
     2316/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */
     2317/* phpcs:enable WordPress.WP.AlternativeFunctions */
     2318
     2319

  • wp-google-map-plugin/trunk/modules/debug/views/form.php

    r3320406 r3405282  
    11<?php
    2 
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    33if ( isset( $_REQUEST['_wpnonce'] ) ) {
    44    $nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
     
    3333);
    3434
    35 $purchase_key_tutorial_link = '<a href="https://help.market.envato.com/hc/en-us/articles/202822600-Where-Is-My-Purchase-Code-" target="_blank">'.esc_html__( 'here', 'wp-google-map-plugin' ).'</a>';
     35$url = 'https://help.market.envato.com/hc/en-us/articles/202822600-Where-Is-My-Purchase-Code-';
     36
     37$link_text = __( 'here', 'wp-google-map-plugin' );
     38
     39$link_html = sprintf(
     40    '<a href="%s" target="_blank">%s</a>',
     41    esc_url( $url ),
     42    $link_text
     43);
     44
     45$instruction = sprintf(
     46    /* translators: %s: The "here" link to the Envato purchase code tutorial. */
     47    __( 'Click %s to know your purchase code.', 'wp-google-map-plugin' ),
     48    $link_html
     49);
     50
     51$intro = __( 'In order to verify your purchase and provide you with access to the plugin, we kindly request that you provide us with your purchase key.', 'wp-google-map-plugin' );
     52
     53$value = $intro . $instruction;
     54
     55$safe_value = wp_kses_post( $value );
    3656
    3757$form->add_element(
    38     'message',
    39     'subscription_verification_notice',
    40     array(
    41         'value'  => esc_html__( 'In order to verify your purchase and provide you with access to the plugin, we kindly request that you provide us with your purchase key.', 'wp-google-map-plugin' ).sprintf( esc_html__( ' Click %1$s to know your purchase code.', 'wp-google-map-plugin' ), $purchase_key_tutorial_link),
    42         'class'  => 'fc-alert fc-alert-warning subscription_verification_notice',
    43         'show'   => 'true',
    44         'before' => '<div class="fc-12">',
    45         'after'  => '</div>',
    46     )
     58    'message',
     59    'subscription_verification_notice',
     60    array(
     61        'value'  => $safe_value,
     62        'class'  => 'fc-alert fc-alert-warning subscription_verification_notice',
     63        'show'   => 'true',
     64        'before' => '<div class="fc-12">',
     65        'after'  => '</div>',
     66    )
    4767);
    4868
     69$intro_desc = __( 'Please enter the purchase code that you\'ve got from codecanyon.net.', 'wp-google-map-plugin' );
     70
     71$desc = $intro_desc . ' ' . $instruction;
     72
     73$safe_desc = wp_kses_post( $desc );
     74
    4975$form->add_element(
    50     'text',
    51     'customer_purchase_key',
    52     array(
    53         'required' => 'true',
    54         'label'       => esc_html__( 'Codecanyon Purchase Code', 'wp-google-map-plugin' ),
    55         'id'          => 'customer_purchase_key',
    56         'value'       => '',
    57         'placeholder' => esc_html__( 'Please enter the plugin purchase code', 'wp-google-map-plugin' ),
    58         'class'       => 'form-control',
    59         'desc'        => esc_html__( 'Please enter the purchase code that you\'ve got from codecanyon.net.', 'wp-google-map-plugin' ).sprintf( esc_html__( ' Click %1$s to get know your purchase code.', 'wp-google-map-plugin' ), $purchase_key_tutorial_link),
    60     )
     76    'text',
     77    'customer_purchase_key',
     78    array(
     79        'required' => 'true',
     80        'label'    => esc_html__( 'Codecanyon Purchase Code', 'wp-google-map-plugin' ),
     81        'id'       => 'customer_purchase_key',
     82        'value'    => '',
     83        'placeholder' => esc_html__( 'Please enter the plugin purchase code', 'wp-google-map-plugin' ),
     84        'class'    => 'form-control',
     85        'desc'     => $safe_desc,
     86    )
    6187);
    6288
     
    101127
    102128$form->render();
     129/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/drawing/views/manage.php

    r3320406 r3405282  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals
    23/**
    34 * Template for Drawing Operation
     
    2324    }
    2425}
    25 if ( ! empty( $_POST['save_shapes'] ) && $_POST['save_shapes'] == 'save_shapes' ) {
    26     $map_id                                       = intval( wp_unslash( $_POST['map_id'] ) );
    27     $data['polylines']                            = $_POST['shapes_values'];
    28     $infowindow['map_polyline_setting']['shapes'] = serialize( $data );
    29     $in_loc_data                                  = array(
    30         'map_polyline_setting' => $infowindow['map_polyline_setting']['shapes'],
    31     );
    32     $where['map_id']                              = $map_id;
    33     $insertId                                     = FlipperCode_Database::insert_or_update( TBL_MAP, $in_loc_data, $where );
    34 }
     26// Drawing related code for database entry removed as it was meant for pro only
    3527
    3628if ( ! empty( $_GET['map_id'] ) ) {
     
    10181010        $map_data['shapes']['shape'] = $map_shapes; }
    10191011
    1020     echo '<div class="wpgmp_map_container" rel="map' . $map->map_id . '">';
     1012    echo '<div class="wpgmp_map_container" rel="map' . esc_attr($map->map_id) . '">';
    10211013
    10221014    echo '<div class="fc-form-group"><input class="wpgmp_auto_suggest fc-form-control" placeholder="' . esc_html__( 'Search location...', 'wp-google-map-plugin' ) . '" type="text"></div>';
    10231015
    1024     echo '<div class="wpgmp_map" style="width:' . $width . '; height:' . $height . ';" id="map' . $map->map_id . '" ></div>';
     1016    echo '<div class="wpgmp_map" style="width:100%; height:500px;" id="map' . esc_attr($map->map_id) . '" ></div>';
    10251017
    10261018    echo '</div>';
     
    10301022    echo 'document.addEventListener("wpgmpReady", function () {';
    10311023    echo '  jQuery(function($) {';
    1032     echo '    var map = $("#map' . esc_js($map_id) . '").maps("' . base64_encode($map_data_obj) . '").data("wpgmp_maps");';
     1024    echo '    var map = $("#map' . esc_js($map_id) . '").maps("' . esc_js ( base64_encode($map_data_obj) ) . '").data("wpgmp_maps");';
    10331025    echo '  });';
    10341026    echo '});';
     
    10361028
    10371029}
     1030// phpcs:enable WordPress.NamingConventions.PrefixAllGlobals

  • wp-google-map-plugin/trunk/modules/extentions/views/manage.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 *
     
    223224
    224225    $form->render();
     226    /* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/group_map/views/form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Template for Add & Edit Category
     
    135136
    136137$form->render();
     138/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/group_map/views/manage.php

    r3320406 r3405282  
    66 */
    77
    8   $form = new WPGMP_Template();
    9   echo $form->start_page_layout();
     8  $form = new WPGMP_Template();// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
     9  echo wp_kses_post( $form->start_page_layout() );
    1010
    1111if ( class_exists( 'FlipperCode_List_Table_Helper' ) and ! class_exists( 'WPGMP_Manage_Group_Table' ) ) {
     
    5858
    5959             global $wpdb;
    60              $parent = $wpdb->get_col( $wpdb->prepare( 'SELECT group_map_title FROM ' . $this->table . ' where group_map_id = %d', $item->group_parent ) );
     60             $parent = $wpdb->get_col( $wpdb->prepare( 'SELECT group_map_title FROM ' . $this->table . ' where group_map_id = %d', $item->group_parent ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
    6161             $parent = ( ! empty( $parent ) ) ? ucwords( $parent[0] ) : '---';
    6262             return $parent;
     
    7676   
    7777    global $wpdb;
     78    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    7879    $columns   = array(
    7980        'group_map_title'   => esc_html__( 'Marker Category Title', 'wp-google-map-plugin' ),
     
    8384        'group_added'       => esc_html__( 'Updated On', 'wp-google-map-plugin' ),
    8485    );
     86    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    8587    $sortable  = array( 'group_map_title', 'extensions_fields' );
     88    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    8689    $tableinfo = array(
    8790        'table'                   => $wpdb->prefix . 'group_map',
     
    113116        ),
    114117    );
    115     $obj = new WPGMP_Manage_Group_Table( $tableinfo );
     118    $obj = new WPGMP_Manage_Group_Table( $tableinfo );// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    116119
    117120}
    118121
    119 echo $form->end_page_layout();
     122echo $form->end_page_layout();// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
    120123

  • wp-google-map-plugin/trunk/modules/integration/views/form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * This class used to manage settings page in backend.
     
    113114$form->add_element( 'hidden', 'wpgmp_version', array( 'value' => WPGMP_VERSION )    );
    114115$form->render();
     116/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/location/model.location.php

    r3320406 r3405282  
    364364            $rest_errors = apply_filters('wpgmp_location_rest_validation',$rest_errors,$_POST);
    365365            if ( is_array( $rest_errors ) && ! empty( $rest_errors ) ){
    366                 return new WP_Error( 'wpgmp_rest_validation_failed', esc_html__( 'Please checkout the errors and fix those to proceed with this request.', 'rest-api-for-google-maps' ), array( 'status' => 422, 'errors' => $rest_errors ) );
     366                return new WP_Error( 'wpgmp_rest_validation_failed', esc_html__( 'Please checkout the errors and fix those to proceed with this request.', 'wp-google-map-plugin' ), array( 'status' => 422, 'errors' => $rest_errors ) );
    367367            }
    368368
     
    581581
    582582                if ( count( $csv_columns ) == 0 ) {
    583                     $response['error'] = _( 'Please map locations fields to csv columns.', 'wp-google-map-plugin' );
     583                    $response['error'] = __( 'Please map locations fields to csv columns.', 'wp-google-map-plugin' );
    584584
    585585                    return $response;

  • wp-google-map-plugin/trunk/modules/location/views/form.php

    r3353905 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Template for Add & Edit Location
     
    6061    $form->add_element(
    6162        'message', 'wpgmp_key_required', array(
    62             'value'  => sprintf( esc_html__( 'Google Maps API Key is missing. Follow instructions to %1$s and then insert your key %2$s.', 'wp-google-map-plugin' ), $link, $setting_link ),
     63            'value'  => sprintf(
     64            /* translators: %s: Api key creation tutorial link. */             
     65            esc_html__( 'Google Maps API Key is missing. Follow instructions to %1$s and then insert your key %2$s.', 'wp-google-map-plugin' ), $link, $setting_link ),
    6366            'class'  => 'fc-alert fc-alert-danger',
    6467            'before' => '<div class="fc-12 wpgmp_key_required">',
     
    368371    $form->add_element(
    369372        'message', 'no_marker_category_message', array(
    370             'value'  => sprintf( esc_html__( 'You don\'t have marker categories right now. You can create marker categories from %1$s', 'wp-google-map-plugin' ), $add_marker_category ),
     373            'value'  => sprintf(
     374                /* translators: %s: Add marker category link. */       
     375                esc_html__( 'You don\'t have marker categories right now. You can create marker categories from %1$s', 'wp-google-map-plugin' ), $add_marker_category ),
    371376            'class'  => 'fc-alert fc-alert-danger',
    372377            'before' => '<div class="fc-12">',
     
    464469document.addEventListener("wpgmpReady", function () {
    465470  jQuery(document).ready(function($) {
    466     var map = $("#wpgmp_map").maps("<?php echo base64_encode(wp_json_encode( $map_data )); ?>").data('wpgmp_maps');
     471    var map = $("#wpgmp_map").maps("<?php echo esc_js ( base64_encode(wp_json_encode( $map_data ) ) ); ?>").data('wpgmp_maps');
    467472    });
    468473
    469474});
    470475</script>
     476<?php
     477/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/location/views/import.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Import Location(s) Tool.
     
    7980
    8081}
     82/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */
    8183

  • wp-google-map-plugin/trunk/modules/location/views/manage.php

    r3320406 r3405282  
    11<?php
     2// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
     3// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals
     4
    25  global $wpdb;
    3   $objects       = $wpdb->get_results( 'select location_id, location_address,location_country,location_postal_code,location_state from ' . TBL_LOCATION . " where location_latitude IS NULL OR location_latitude = '' or location_longitude IS NULL OR location_longitude = '' " );
     6  $objects       = $wpdb->get_results( 'select location_id, location_address,location_country,location_postal_code,location_state from ' . TBL_LOCATION . " where location_latitude IS NULL OR location_latitude = '' or location_longitude IS NULL OR location_longitude = '' " ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
    47  $geo_locations = array();
    58
     
    2023
    2124  $json = json_encode( $geo_locations );
    22   $form = new WPGMP_Template();
    23   echo $form->start_page_layout();
     25  $form = new WPGMP_Template();// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
     26  echo wp_kses_post( $form->start_page_layout() );
    2427
    2528if ( class_exists( 'FlipperCode_List_Table_Helper' ) && ! class_exists( 'WPGMP_Location_Table' ) ) {
     
    3134    // Minimal Configuration :)
    3235    global $wpdb;
     36    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    3337    $columns   = array(
    3438        'location_title'     => esc_html__( 'Location Title', 'wp-google-map-plugin' ),
     
    3842        'location_longitude' => esc_html__( 'Longitude', 'wp-google-map-plugin' ),
    3943    );
     44    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    4045    $sortable  = array( 'location_title', 'location_address', 'location_city', 'location_latitude', 'location_longitude' );
     46    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    4147    $tableinfo = array(
    4248        'table'                   => $wpdb->prefix . 'map_locations',
     
    7278        ),
    7379    );
    74     $obj=new WPGMP_Location_Table( $tableinfo );
     80    $obj=new WPGMP_Location_Table( $tableinfo );// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    7581
    7682}
    7783
    78 echo $form->end_page_layout();
     84echo $form->end_page_layout();// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
     85// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
     86// phpcs:enabled WordPress.NamingConventions.PrefixAllGlobals

  • wp-google-map-plugin/trunk/modules/map/model.map.php

    r3320406 r3405282  
    151151        function save() {
    152152
    153             global $_POST;
    154153            $data     = array();
    155154            $entityID = '';
    156 
    157155
    158156            //Nonce Verification
     
    162160            die( 'You are not allowed to save changes!' );
    163161       
    164 
    165162            if ( ! isset( $_POST['wpgmp_import_code'] ) or $_POST['wpgmp_import_code'] == '' ) {
    166163                $this->verify( $_POST );
     
    382379
    383380                if ( $extension_name != '' ) {
    384                     $data = apply_filters( $extension_name . '_save', $data, $this->table, $where );
     381                    $data = apply_filters( $extension_name . '_save', $data, $this->table, $where ); // phpcs:ignore WordPress.Hooks.UnprefixedActionHookName -- Inline suppression for dynamic hook name; prefixing would break compatibility. Use a consistent plugin prefix in future updates.
    385382                }
    386383            }

  • wp-google-map-plugin/trunk/modules/map/views/form.php

    r3353905 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Template for Add & Edit Map
     
    9394    $form->add_element(
    9495        'message', 'wpgmp_key_required', array(
    95             'value'  => sprintf( esc_html__( 'Google Maps API Key is missing. Follow instructions to %1$s and then insert your key %2$s.', 'wp-google-map-plugin' ), $link, $setting_link ),
     96            'value'  => sprintf(
     97            /* translators: %s: Api key creation docs link. */ 
     98            esc_html__( 'Google Maps API Key is missing. Follow instructions to %1$s and then insert your key %2$s.', 'wp-google-map-plugin' ), $link, $setting_link ),
    9699            'class'  => 'fc-alert fc-alert-danger',
    97100            'before' => '<div class="fc-12 wpgmp_key_required">',
     
    166169}
    167170$form->render();
     171/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/manage.php

    r3320406 r3405282  
    55 * @package Maps
    66 */
    7   $form = new WPGMP_Template();
    8   echo $form->start_page_layout();
     7  $form = new WPGMP_Template();  // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
     8  echo wp_kses_post( $form->start_page_layout() );
    99if ( class_exists( 'FlipperCode_List_Table_Helper' ) && ! class_exists( 'WPGMP_Maps_Table' ) ) {
    1010
     
    3131                </div>";
    3232
    33             echo '<b>[put_wpgm id=' . $item->map_id . ']</b>&nbsp;&nbsp;'. $tooltip;
     33            echo '<b>[put_wpgm id=' . $item->map_id . ']</b>&nbsp;&nbsp;'. $tooltip; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
    3434
    3535        }
     
    5151
    5252    global $wpdb;
     53    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    5354    $columns   = array(
    5455        'map_title'      => esc_html__( 'Map Title', 'wp-google-map-plugin' ),
     
    5859        'map_type'       => esc_html__( 'Map Type', 'wp-google-map-plugin' ),
    5960        'shortcodes'     => esc_html__( 'Map Shortcode', 'wp-google-map-plugin' )
    60     );
     61    );
     62    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    6163    $sortable  = array( 'map_title', 'map_width', 'map_height', 'map_zoom_level', 'map_type' );
     64    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    6265    $tableinfo = array(
    6366        'table'                   => $wpdb->prefix . 'create_map',
     
    9093        ),
    9194    );
    92     $obj       = new WPGMP_Maps_Table( $tableinfo );
     95    $obj       = new WPGMP_Maps_Table( $tableinfo );  // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    9396}
    9497
    95 echo $form->end_page_layout();
     98echo $form->end_page_layout(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/control-position-style-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    123124    )
    124125);
     126/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/control-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Control Setting(s).
     
    112113    )
    113114);
     115/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/custom-control-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Custom Control Setting(s).
     
    2728    )
    2829);
     30/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/extensible-settings.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23$extensibleSettings = '';
    34$markup             = apply_filters( 'wpgmp_add_more_settings', $extensibleSettings );
    45$allowed_tags = wp_kses_allowed_html( 'post' );
    56echo wp_kses( $markup, $allowed_tags );
     7/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */
    68

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/extra-settings.php

    r3320406 r3405282  
    11<?php
    2 
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    33$form->add_element(
    44    'group', 'map_control_layers', array(
     
    8787    )
    8888);
     89/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/general-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Map's general setting(s).
     
    150151    )
    151152);
     153/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/geotag-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    7576    )
    7677);
     78/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/google-maps-amenities.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Display Tabs over google maps.
     
    3132    )
    3233);
     34/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/import-maps.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    4445
    4546}
     47/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/infowindow-settings.php

    r3344611 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    1415    )
    1516);
    16 $url  = admin_url( 'admin.php?page=wpgmp_how_overview' );
    17 $link = sprintf(
    18     wp_kses(
    19         esc_html__( 'Enter placeholders {marker_title},{marker_address},{marker_message},{marker_image},{marker_latitude},{marker_longitude}, {extra_field_slug_here}. View complete list <a target="_blank" href="%s">here</a>.', 'wp-google-map-plugin' ), array(
    20             'a' => array(
    21                 'href'   => array(),
    22                 'target' => '_blank',
    23             ),
    24         )
    25     ), esc_url( $url )
     17
     18$url = admin_url( 'admin.php?page=wpgmp_how_overview' );
     19$link_text = __( 'here', 'wp-google-map-plugin' );
     20$link_html = sprintf(
     21    '<a href="%s" target="_blank">%s</a>',
     22    esc_url( $url ),
     23    $link_text
     24);
     25
     26$link = wp_kses(
     27    sprintf(
     28        /* translators: %1$s: List of example placeholders. %2$s: The "here" link to the full placeholders list. */
     29        __( 'Enter placeholders %1$s. View complete list %2$s.', 'wp-google-map-plugin' ),
     30        '{marker_title},{marker_address},{marker_message},{marker_image},{marker_latitude},{marker_longitude}, {extra_field_slug_here}',
     31        $link_html
     32    ),
     33    array(
     34        'a' => array(
     35            'href'   => array(),
     36            'target' => array(),
     37        ),
     38    )
    2639);
    2740
     
    257270        )
    258271    );
     272/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/limit-panning-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    9293    )
    9394);
     95/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/listing-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    6869);
    6970
    70 $form->add_element(
    71     'message',
    72     'wpgmp_search_placeholders_list',
    73     array(
    74         'label' => esc_html__( 'Fine Tune Search Process', 'wp-google-map-plugin' ),
    75         'value' => esc_html__('You can fine tune the default search process by speicifying certain listing fields to be included / excluded while searching. Although using this feature is completely optional and you can keep both Include / Exclude search field ( below textareas ) empty , but if you want search process to be more controlled & specific, you can use this feature.','wp-google-map-plugin').'<br><br>'.esc_html__('If you have created locations using our plugin and dislaying those locations on map, you can use the following placeholders in below Include / Exclude search field controls :  ', 'wp-google-map-plugin').'<br><br>'.esc_html__('{marker_title},{marker_message},{marker_address},{marker_city},{marker_state},{marker_country},{marker_postal_code},{marker_latitude},{marker_longitude},{extra_field_slug}.', 'wp-google-map-plugin').'<br><br><br>'.esc_html__('If you are displaying blogs post / some custom post type on map , you can use the following placeholders in below Include / Exclude search field controls :  ', 'wp-google-map-plugin').'<br><br>'.esc_html__('{post_title},{post_content},{post_excerpt},{post_categories},{post_tags},{post_link},{post_featured_image},{marker_address},{marker_city},{marker_state},{marker_country},{marker_latitude},{marker_longitude},{%custom_field_slug_here%},{taxonomy=taxonomy_slug}.', 'wp-google-map-plugin'),
    76         'class' => 'fc-alert fc-alert-info form-control  wpgmp_search_display',
    77         'show'  => 'false',
    78         'desc'    => esc_html__( 'You can perform more strict search using the below include and exclude search fields control. Using both include and exclude search fields are completly optional.', 'wp-google-map-plugin' ),
    79        
    80     )
     71$fine_tune_desc = __(
     72    'You can fine tune the default search process by specifying certain listing fields to be included / excluded while searching. Although using this feature is completely optional and you can keep both Include / Exclude search field ( below textareas ) empty , but if you want search process to be more controlled & specific, you can use this feature.',
     73    'wp-google-map-plugin'
     74);
     75
     76$locations_intro = __(
     77    'If you have created locations using our plugin and displaying those locations on map, you can use the following placeholders in below Include / Exclude search field controls :  ',
     78    'wp-google-map-plugin'
     79);
     80
     81$locations_placeholders = __(
     82    '{marker_title},{marker_message},{marker_address},{marker_city},{marker_state},{marker_country},{marker_postal_code},{marker_latitude},{marker_longitude},{extra_field_slug}.',
     83    'wp-google-map-plugin'
     84);
     85
     86$posts_intro = __(
     87    'If you are displaying blogs post / some custom post type on map , you can use the following placeholders in below Include / Exclude search field controls :  ',
     88    'wp-google-map-plugin'
     89);
     90/* translators: %s: List of supported placeholders. */
     91$posts_placeholders = __(
     92    '{post_title},{post_content},{post_excerpt},{post_categories},{post_tags},{post_link},{post_featured_image},{marker_address},{marker_city},{marker_state},{marker_country},{marker_latitude},{marker_longitude},{%custom_field_slug_here%},{taxonomy=taxonomy_slug}.',
     93    'wp-google-map-plugin'
     94);
     95
     96$desc = __(
     97    'You can perform more strict search using the below include and exclude search fields control. Using both include and exclude search fields are completely optional.',
     98    'wp-google-map-plugin'
     99);
     100
     101$value = $fine_tune_desc . '<br><br>' . $locations_intro . '<br><br>' . $locations_placeholders . '<br><br><br>' . $posts_intro . '<br><br>' . $posts_placeholders;
     102
     103$safe_value = wp_kses_post( $value );
     104
     105$form->add_element(
     106    'message',
     107    'wpgmp_search_placeholders_list',
     108    array(
     109        'label' => esc_html__( 'Fine Tune Search Process', 'wp-google-map-plugin' ),
     110        'value' => $safe_value,
     111        'class' => 'fc-alert fc-alert-info form-control  wpgmp_search_display',
     112        'show'  => 'false',
     113        'desc'  => esc_html( $desc ),
     114    )
    81115);
    82116
     
    473507    )
    474508);
     509/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/locations-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Location listings for maps.
     
    9091    )
    9192);
     93/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/map-center-settings.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Map's Center Location setting(s).
     
    199200    )
    200201);
     202/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/map-style-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    110111);
    111112
    112 $form->add_element(
    113     'message', 'styles_message', array(
    114         'value'  => esc_html__( 'You can apply above settings manually or you can apply free and readymade maps style by clicking ', 'wp-google-map-plugin' ).'<a href="http://snazzymaps.com/" target="_blank">HERE</a><br>'.esc_html__('Select your favourite snazzy map style & then just copy paste its javascript code snippet in the below textarea control :'),
    115         'class'  => 'fc-alert fc-alert-info',
    116         'id'     => 'styles_message',
    117         'before' => '<div class="fc-12">',
    118         'after'  => '</div>',
    119     )
     113$link_text = __( 'HERE', 'wp-google-map-plugin' );
     114
     115$link_html = sprintf(
     116    '<a href="https://snazzymaps.com/" target="_blank">%s</a>',
     117    $link_text
    120118);
    121119
     120
     121$first_part = sprintf(
     122    /* translators: %s: The "HERE" link to Snazzy Maps. */
     123    __( 'You can apply above settings manually or you can apply free and readymade maps style by clicking %s.', 'wp-google-map-plugin' ),
     124    $link_html
     125);
     126
     127$second_part = __( 'Select your favourite snazzy map style & then just copy paste its javascript code snippet in the below textarea control :', 'wp-google-map-plugin' );
     128
     129$value = $first_part . '<br>' . $second_part;
     130
     131$form->add_element(
     132    'message', 'styles_message', array(
     133        'value'  => $value,
     134        'class'  => 'fc-alert fc-alert-info',
     135        'id'     => 'styles_message',
     136        'before' => '<div class="fc-12">',
     137        'after'  => '</div>',
     138    )
     139);
    122140
    123141$form->add_element(
     
    134152    )
    135153);
     154/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/map-ui.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    114115    )
    115116);
     117/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */
    116118
    117119

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/marker-cluster-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    136137    )
    137138);
     139/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/mobile-specific-settings.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Map's mobile specific setting(s).
     
    106107    )
    107108);
     109/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/overlapping-marker-spider-effect.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 *Marker Spiderfier Effect for overlapping markers in google maps.
     
    3031    )
    3132);
     33/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/overlay-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Overlay Settings.
     
    103104    )
    104105);
     106/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/route-direction-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Route Direction setting for google maps.
     
    2728    )
    2829);
     30/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/street-view-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Contro Positioning over google maps.
     
    9192    )
    9293);
     94/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/tab-setting-form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Display Tabs over google maps.
     
    2728    )
    2829);
     30/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/map/views/map-forms/url-filter.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Map's Advanced setting(s).
     
    4748    )
    4849);
     50/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/overview/views/view.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * This class used to manage settings page in backend.
     
    118119                                    <div class="fc-mb-15">
    119120                                        <h5 class="fc-card-title"><?php esc_html_e( 'WP MAPS', 'wp-google-map-plugin' ); ?></h5>
    120                                         <div class="fc-font-14"><?php esc_html_e( 'Installed Version:', 'wp-google-map-plugin' ); ?> <?php echo WPGMP_VERSION; ?></div>
     121                                        <div class="fc-font-14"><?php esc_html_e( 'Installed Version:', 'wp-google-map-plugin' ); ?> <?php echo esc_html(WPGMP_VERSION); ?></div>
    121122                                    </div>
    122123                                    <div class="fc-card-text">
     
    272273                'title' => __( 'Hooks Documentation Published', 'wp-google-map-plugin' ),
    273274                'desc'  => sprintf(
     275                    /* translators: %s: Docs link. */
    274276                    esc_html__( 'Explore our new developer docs covering filters and actions: %s', 'wp-google-map-plugin' ),
    275277                    '<a href="https://www.wpmapspro.com/map-hooks/" target="_blank">' . esc_html__( 'View Docs', 'wp-google-map-plugin' ) . '</a>'
     
    294296            $date = isset($item['date']) ? strtotime($item['date']) : time();
    295297            $day_key = 'Earlier';
    296             if (date('Y-m-d', $date) === date('Y-m-d')) {
     298            if (gmdate('Y-m-d', $date) === gmdate('Y-m-d')) {
    297299                $day_key = 'Today';
    298             } elseif (date('Y-m-d', $date) === date('Y-m-d', strtotime('-1 day'))) {
     300            } elseif (gmdate('Y-m-d', $date) === gmdate('Y-m-d', strtotime('-1 day'))) {
    299301                $day_key = 'Yesterday';
    300302            }
     
    323325            echo '<div class="fc-notification-content">';
    324326            echo '<h6 class="fc-notification-title">' . esc_html($note['title']) . '</h6>';
    325             echo '<div class="fc-notification-description">' . $note['desc'] . '</div>';
     327            echo '<div class="fc-notification-description">' . esc_html($note['desc']) . '</div>';
    326328            echo '</div>';
    327329            echo '</div>';
     
    352354
    353355$form->render();
     356/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/permissions/views/manage.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * This class used to manage permissions in backend.
     
    8182
    8283$form->render();
     84/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */
    8385

  • wp-google-map-plugin/trunk/modules/route/views/form.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * Template for Add & Edit Route
     
    308309
    309310$form->render();
     311/* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */

  • wp-google-map-plugin/trunk/modules/route/views/manage.php

    r3320406 r3405282  
    55 * @package Maps
    66 */
    7   $form = new WPGMP_Template();
    8   echo $form->start_page_layout();
     7  $form = new WPGMP_Template();// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
     8  echo wp_kses_post( $form->start_page_layout() );
    99if ( class_exists( 'FlipperCode_List_Table_Helper' ) and ! class_exists( 'WPGMP_Route_Table' ) ) {
    1010
     
    5151    }
    5252    global $wpdb;
     53    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    5354    $columns = array(
    5455        'route_title'          => esc_html__( 'Route Title', 'wp-google-map-plugin' ),
     
    5758
    5859    );
     60    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    5961    $sortable  = array( 'route_title', 'route_start_location', 'route_end_location' );
     62    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    6063    $tableinfo = array(
    6164        'table'                   => $wpdb->prefix . 'map_routes',
     
    8790        ),
    8891    );
    89     $obj       = new WPGMP_Route_Table( $tableinfo );
     92    $obj       = new WPGMP_Route_Table( $tableinfo ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    9093
    9194}
    9295
    93 echo $form->end_page_layout();
     96echo $form->end_page_layout();// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped

  • wp-google-map-plugin/trunk/modules/settings/views/manage.php

    r3320406 r3405282  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals
     3
    24/**
    35 * This class used to manage settings page in backend.
     
    1012$wpgmp_settings = get_option( 'wpgmp_settings', true );
    1113
    12 $form = new WPGMP_Template();
    13 $form->set_header( esc_html__( 'General Setting(s)', 'wp-google-map-plugin' ), $response, $enable = true );
    14 
    15 $form->add_element(
     14$wpgmp_form = new WPGMP_Template();
     15$wpgmp_form->set_header( esc_html__( 'General Setting(s)', 'wp-google-map-plugin' ), $response, $enable = true );
     16
     17$wpgmp_form->add_element(
    1618    'group', 'gerenal_settings', array(
    1719        'value'  => esc_html__( 'General Setting(s)', 'wp-google-map-plugin' ),
     
    2123    )
    2224);
    23 $form->add_element(
     25$wpgmp_form->add_element(
    2426    'radio', 'wpgmp_map_source', array(
    2527        'label'           => esc_html__( 'Map Provider', 'wp-google-map-plugin' ),
     
    4648);
    4749
    48 $form->add_element(
     50$wpgmp_form->add_element(
    4951    'select', 'wpgmp_tiles_source', array(
    5052        'label'   => esc_html__( 'Tiles Provider', 'wp-google-map-plugin' ),
     
    5961);
    6062
    61 $form->add_element(
     63$wpgmp_form->add_element(
    6264    'radio',
    6365    'wpgmp_router_source',
     
    7981$referrer_two = '*'.$_SERVER['HTTP_HOST'].'/*';
    8082
    81 $form->add_element(
     83$wpgmp_form->add_element(
    8284    'message',
    8385    'wpgmp_api_key_instructions',
     
    9193);
    9294
    93 $form->set_col( 2 );
     95$wpgmp_form->set_col( 2 );
    9496
    9597$key_url = 'https://www.wpmapspro.com/docs/get-a-google-maps-api-key/';
    9698
    97 $link = '<a href="https://www.wpmapspro.com/docs/get-a-google-maps-api-key/" target="_blank">'.esc_html__("View Instructions","wp-google-map").'</a>';
    98 
    99 $form->add_element(
     99$link = '<a href="https://www.wpmapspro.com/docs/get-a-google-maps-api-key/" target="_blank">'.esc_html__("View Instructions","wp-google-map-plugin").'</a>';
     100
     101$wpgmp_form->add_element(
    100102    'text', 'wpgmp_api_key', array(
    101103        'label'  => esc_html__( 'Google Maps API Key', 'wp-google-map-plugin' ),
     
    104106        'after'  => '</div>',
    105107        'class' => 'fc-form-control wpgmp_map_type wpgmp_map_type_google',
    106         'desc'   => sprintf(esc_html__( '%1$s for your website.', 'wp-google-map-plugin' ), $link)
     108        'desc'   => sprintf(
     109              /* translators: %s: Plugin link. */
     110            esc_html__( '%1$s for your website.', 'wp-google-map-plugin' ), $link)
    107111    )
    108112);
     
    113117    $generate_link = '<a href="https://www.wpmapspro.com/docs/get-a-google-maps-api-key/" class="wpgmp_map_key_missing wpgmp_key_btn fc-btn fc-btn-default btn-lg" target="_blank" >' . esc_html__( 'Generate API Key', 'wp-google-map-plugin' ) . '</a>';
    114118
    115     $form->add_element(
     119    $wpgmp_form->add_element(
    116120        'html', 'wpgmp_key_btn', array(
    117121            'html'   => $generate_link,
     
    128132    $generate_link = '<a href="javascript:void(0);" class="wpgmp_check_key fc-btn fc-btn-default btn-lg" >' . esc_html__( 'Test API Key', 'wp-google-map-plugin' ) . '</a>';
    129133
    130     $form->add_element(
     134    $wpgmp_form->add_element(
    131135        'html', 'wpgmp_key_btn', array(
    132136            'html'   => $generate_link,
     
    140144
    141145
    142 $form->set_col( 1 );
     146$wpgmp_form->set_col( 1 );
    143147
    144148
     
    201205);
    202206
    203 $form->add_element(
     207$wpgmp_form->add_element(
    204208    'select', 'wpgmp_language', array(
    205209        'label'   => esc_html__( 'Map Language', 'wp-google-map-plugin' ),
     
    213217);
    214218
    215     $form->add_element(
     219    $wpgmp_form->add_element(
    216220        'text', 'wpgmp_mapbox_key', array(
    217             'label'  => esc_html__( 'MapBox API Key', 'wp-leaflet-maps-pro' ),
     221            'label'  => esc_html__( 'MapBox API Key', 'wp-google-map-plugin' ),
    218222            'value'  => isset($wpgmp_settings['wpgmp_mapbox_key']) ? $wpgmp_settings['wpgmp_mapbox_key'] : "",
    219223            'before' => '<div class="fc-4">',
    220224            'after'  => '</div>',
    221225            'class'   => 'form-control wpgmp_map_type wpgmp_map_type_openstreet',
    222             'desc' => sprintf( esc_html__( 'Create a %s API key and paste in above textbox.', 'wp-leaflet-maps-pro' ), '<a target="_blank" href="https://www.mapbox.com/account/access-tokens">'.esc_html__(' MapBox ','wp-leaflet-maps-pro').' </a>' ),
     226            'desc' => sprintf(
     227                /* translators: %s: Access token link. */
     228                esc_html__( 'Create a %s API key and paste in above textbox.', 'wp-google-map-plugin' ), '<a target="_blank" href="https://www.mapbox.com/account/access-tokens">'.esc_html__(' MapBox ','wp-google-map-plugin').' </a>' ),
    223229            'show' => 'false',
    224230        )
     
    227233$guide_link = '<a href="https://www.wpmapspro.com/category/maps-error-codes/" target="_blank">'.esc_html__("guides.",'wp-google-map-plugin').'</a>';
    228234
    229 $form->add_element(
     235$wpgmp_form->add_element(
    230236    'html', 'wpgmp_map_preview', array(
    231237        'label' => 'Map Preview',
    232238        'class' => 'form-control',
    233239        'html'   => "<div id='wpgmp_map_preview' style='width:100%;height:300px'></div>",
    234         'desc'   => sprintf(esc_html__( 'If Google Maps is not visible then please check the error by clicking Test API Key button above and fix using our %1$s', 'wp-google-map-plugin' ), $guide_link)
    235     )
    236 );
    237 
    238 
    239 $form->add_element(
     240        'desc'   => sprintf(
     241            /* translators: %s: Plugin guide link. */
     242            esc_html__( 'If Google Maps is not visible then please check the error by clicking Test API Key button above and fix using our %1$s', 'wp-google-map-plugin' ), $guide_link)
     243    )
     244);
     245
     246
     247$wpgmp_form->add_element(
    240248    'radio', 'wpgmp_scripts_place', array(
    241249        'label'           => esc_html__( 'Include Scripts in ', 'wp-google-map-plugin' ),
     
    250258);
    251259
    252 $form->add_element(
     260$wpgmp_form->add_element(
    253261    'radio', 'wpgmp_scripts_minify', array(
    254262        'label'           => esc_html__( 'Minify Scripts', 'wp-google-map-plugin' ),
     
    263271);
    264272
    265 $form->add_element(
     273$wpgmp_form->add_element(
    266274    'checkbox', 'wpgmp_country_specific', array(
    267275        'label'         => esc_html__( 'Enable Country Restriction', 'wp-google-map-plugin' ),
     
    538546}
    539547
    540 $form->add_element(
     548$wpgmp_form->add_element(
    541549'category_selector', 'wpgmp_countries', array(
    542550    'label'    => esc_html__( 'Choose Countries', 'wp-google-map-plugin' ),
     
    553561);
    554562
    555 $form->add_element(
     563$wpgmp_form->add_element(
    556564'group', 'location_metabox_settings', array(
    557565    'value'  => esc_html__( 'Meta Box Settings', 'wp-google-map-plugin' ),
     
    565573
    566574
    567 $form->add_element(
     575$wpgmp_form->add_element(
    568576    'html',
    569577    'wpgmp_metabox_msg',
     
    576584);
    577585
    578 $form->add_element(
     586$wpgmp_form->add_element(
    579587'group', 'location_extra_fields', array(
    580588    'value'  => esc_html__( 'Create Extra Field(s)', 'wp-google-map-plugin' ),
     
    586594);
    587595
    588 $form->add_element(
     596$wpgmp_form->add_element(
    589597    'html',
    590598    'wpgmp_extra_fields_msg',
     
    597605);
    598606
    599 $form->add_element(
     607$wpgmp_form->add_element(
    600608    'group', 'map_troubleshooting', array(
    601609        'value'  => esc_html__( 'Troubleshooting', 'wp-google-map-plugin' ),
     
    606614);
    607615
    608 $form->add_element(
     616$wpgmp_form->add_element(
    609617    'checkbox', 'wpgmp_auto_fix', array(
    610618        'label'   => esc_html__( 'Auto Fix', 'wp-google-map-plugin' ),
     
    617625
    618626
    619 $form->add_element(
     627$wpgmp_form->add_element(
    620628    'checkbox', 'wpgmp_debug_mode', array(
    621629        'label'   => esc_html__( 'Turn On Debug Mode', 'wp-google-map-plugin' ),
     
    627635);
    628636
    629 $form->add_element(
     637$wpgmp_form->add_element(
    630638    'checkbox', 'wpgmp_hide_notification', array(
    631639        'label'   => esc_html__( 'Hide Notifications', 'wp-google-map-plugin' ),
     
    637645);
    638646
    639 $form->add_element(
     647$wpgmp_form->add_element(
    640648    'checkbox', 'wpgmp_advanced_marker', array(
    641649        'label'   => esc_html__( 'Use Advanced Marker', 'wp-google-map-plugin' ),
     
    647655);
    648656
    649 $form->add_element(
     657$wpgmp_form->add_element(
    650658    'text',
    651659    'wpgmp_set_timeout',
     
    660668);
    661669
    662 $form->add_element(
     670$wpgmp_form->add_element(
    663671    'group', 'map_gdpr', array(
    664672        'value'  => esc_html__( 'Cookies Acceptance', 'wp-google-map-plugin' ),
     
    669677);
    670678
    671 $form->add_element(
     679$wpgmp_form->add_element(
    672680    'checkbox', 'wpgmp_gdpr', array(
    673681        'label'   => esc_html__( 'Enable Cookies Acceptance', 'wp-google-map-plugin' ),
     
    679687);
    680688
    681 $form->add_element(
     689$wpgmp_form->add_element(
    682690    'textarea', 'wpgmp_gdpr_msg', array(
    683691        'label'                => esc_html__( '"No Map" Notice', 'wp-google-map-plugin' ),
     
    690698);
    691699
    692 $form->add_element(
     700$wpgmp_form->add_element(
    693701    'checkbox', 'wpgmp_gdpr_show_placeholder', array(
    694702        'label'   => esc_html__( 'Show Placeholder', 'wp-google-map-plugin' ),
     
    700708);
    701709
    702 $form->add_element( 'hidden', 'wpgmp_version', array( 'value' => WPGMP_VERSION )    );
    703 
    704 $form->add_element(
     710$wpgmp_form->add_element(   'hidden', 'wpgmp_version', array( 'value' => WPGMP_VERSION )    );
     711
     712$wpgmp_form->add_element(
    705713    'submit', 'wpgmp_save_settings', array(
    706714        'value' => esc_html__( 'Save Settings', 'wp-google-map-plugin' ),
    707715    )
    708716);
    709 $form->add_element(
     717$wpgmp_form->add_element(
    710718    'hidden', 'operation', array(
    711719        'value' => 'save',
    712720    )
    713721);
    714 $form->add_element(
     722$wpgmp_form->add_element(
    715723    'hidden', 'page_options', array(
    716724        'value' => 'wpgmp_api_key,wpgmp_scripts_place',
     
    718726);
    719727
    720 $form->render();
     728$wpgmp_form->render();
    721729$map_data['map_options'] = array(
    722730    'center_lat' =>  '',
     
    728736$map_data['map_property'] = array('map_id' => 1);
    729737?>
    730 <script type="text/javascript">
    731 /**
    732  
    733 jQuery(document).ready(function($) {
    734 var map = $("#wpgmp_map_preview").maps("<?php echo base64_encode(wp_json_encode( $map_data )); ?>").data('wpgmp_maps');
    735 });
    736 
    737  */
    738 </script>
    739 
    740 <script type="text/javascript">
     738<script type="text/javascript" id="wpgmp-settings-page-map-preview">
    741739document.addEventListener("wpgmpReady", function () {
    742740
    743741  jQuery(function ($) {
    744 
    745     const map = $("#wpgmp_map_preview")
    746       .maps("<?php echo base64_encode(wp_json_encode($map_data)); ?>")
    747       .data("wpgmp_maps");
    748 
    749     console.log("✅ Map initialized", map);
     742       const map = $("#wpgmp_map_preview").maps("<?php echo esc_js( base64_encode(wp_json_encode($map_data)) ); ?>").data("wpgmp_maps");
    750743  });
    751744});
    752745</script>
     746
     747<?php
     748// phpcs:enable WordPress.NamingConventions.PrefixAllGlobals

  • wp-google-map-plugin/trunk/modules/shortcode/views/put-wpgmp.php

    r3373587 r3405282  
    11<?php
     2// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals
    23/**
    34 * Parse Shortcode and display maps.
     
    124125if ( isset( $options['limit'] ) and $options['limit'] > 0 ) {
    125126    $location_criteria['limit'] = $options['limit'];
    126 } elseif ( isset( $_GET['limit'] ) and $map->map_all_control['url_filter'] == 'true' ) {
    127     $location_criteria['limit'] = sanitize_text_field( $_GET['limit'] );
     127} elseif ( isset( $_GET['limit'] ) && $map->map_all_control['url_filter'] == 'true' ) {// phpcs:ignore WordPress.Security.NonceVerification.Recommended
     128    $location_criteria['limit'] = sanitize_text_field( $_GET['limit'] );// phpcs:ignore WordPress.Security.NonceVerification.Recommended
    128129}
    129130
     
    721722
    722723
    723         $places['id']                         = isset( $marker['id'] ) ? $marker['id'] : rand( 4000, 9999 );
     724        $places['id']                         = isset( $marker['id'] ) ? $marker['id'] : wp_rand( 4000, 9999 );
    724725        $places['title']                      = $marker['title'];
    725726        $places['source']                     = 'external';
     
    10091010    if ( isset( $options['perpage'] ) and $options['perpage'] > 0 ) {
    10101011        $map->map_all_control['wpgmp_listing_number'] = sanitize_text_field( $options['perpage'] );
    1011     } elseif ( isset( $_GET['perpage'] ) and $map->map_all_control['url_filter'] == 'true' ) {
    1012         $map->map_all_control['wpgmp_listing_number'] = sanitize_text_field( $_GET['perpage'] );
     1012    } elseif ( isset( $_GET['perpage'] ) and $map->map_all_control['url_filter'] == 'true' ) {// phpcs:ignore WordPress.Security.NonceVerification.Recommended
     1013        $map->map_all_control['wpgmp_listing_number'] = sanitize_text_field( $_GET['perpage'] );// phpcs:ignore WordPress.Security.NonceVerification.Recommended
    10131014    }
    10141015
     
    16341635
    16351636return $map_output;
     1637// phpcs:enable WordPress.NamingConventions.PrefixAllGlobals

  • wp-google-map-plugin/trunk/modules/tools/views/manage.php

    r3320406 r3405282  
    11<?php
     2/* phpcs:disable WordPress.NamingConventions.PrefixAllGlobals */
    23/**
    34 * This class used to backup all tables for this plugins.
     
    115116
    116117    $form->render();
     118   
     119    /* phpcs:enable WordPress.NamingConventions.PrefixAllGlobals */
    117120
    118121   

  • wp-google-map-plugin/trunk/readme.txt

    r3385760 r3405282  
    77Author:            flippercode
    88Requires at least: 3.4
    9 Tested up to: 6.8.3
    10 Stable tag: 4.8.6
     9Tested up to: 6.8
     10Stable tag: 4.8.7
    1111Requires PHP: 5.3
    1212License: GPLv2 or later
     
    233233== Changelog ==
    234234
     235= 4.8.7 =
     236* Fix : Reported security issue related to file control fixed.
     237* Fix : Sample csv download functionality fixed.
     238
    235239= 4.8.6 =
    236240* Add : Search and Category placeholder settings now work correctly with OpenStreetMap.
     
    309313* New : API loaded asynchronously for faster map page load.
    310314
     315
    311316== Upgrade Notice ==
    312317
    313 == Upgrade Notice ==
     318= 4.8.7 =
     319– Upgrade for more stable release.
     320
     321= 4.8.6 =
     322– Upgrade for more stable release.
     323
     324= 4.8.5 =
     325– Upgrade for more stable release.
     326
     327= 4.8.4 =
     328– Upgrade for more stable release.
     329
     330= 4.8.3 =
     331– Upgrade for more stable release.
     332
     333= 4.8.2 =
     334– Upgrade for more stable release.
     335
     336= 4.8.1 =
     337– Upgrade for more stable release.
     338
     339= 4.7.4 =
     340– Upgrade for more stable release.
     341
     342= 4.7.3 =
     343– Upgrade for more stable release.
    314344
    315345= 4.7.2 =

  • wp-google-map-plugin/trunk/wp-google-map-plugin.php

    r3385760 r3405282  
    11<?php
    22/*
    3 Plugin Name: WP Maps
    4 Plugin URI: https://weplugins.com/
    5 Description: A fully customizable WordPress Plugin for Google Maps. Create unlimited Google Maps Shortcodes, assign unlimited locations with custom infowindow messages and add to pages, posts and widgets.
    6 Author: WePlugins
    7 Author URI: https://weplugins.com/
    8 Version: 4.8.6
    9 Text Domain: wp-google-map-plugin
    10 Domain Path: /lang
     3 * Plugin Name: WP Maps
     4 * Plugin URI: https://weplugins.com/
     5 * Description: A fully customizable WordPress Plugin for Google Maps. Create unlimited Google Maps Shortcodes, assign unlimited locations with custom infowindow messages and add to pages, posts and widgets.
     6 * Author: WePlugins
     7 * Author URI: https://weplugins.com/
     8 * License:           GPL v2 or later
     9 * License URI:       https://www.gnu.org/licenses/gpl-2.0.html
     10 * Version: 4.8.7
     11 * Text Domain: wp-google-map-plugin
     12 * Domain Path: /lang
    1113*/
    1214
     
    120122           
    121123        }
     124
    122125        function fc_render_plugin_menu() {
     126
    123127            $plugin_submenu_info = $this->get_plugin_submenu_info_by_parent('wpgmp_view_overview');
    124             $page = isset($_GET['page']) ? sanitize_text_field(wp_unslash($_GET['page'])) : '';
    125        
     128           
     129            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reading page parameter for navigation display only
     130            $page = ( isset( $_GET['page'] ) && ! empty( $_GET['page'] ) ) ? sanitize_key( $_GET['page'] ) : '';
     131           
    126132            $grouped = [];
    127        
     133           
    128134            foreach ($plugin_submenu_info as $menu) {
    129135                $parts = explode('_', $menu['slug']);
    130136                $key = $parts[2] ?? 'other';
    131        
     137
    132138                if ($key === 'group') $key = 'category';
    133139                if ($key === 'overview') $key = 'dashboard';
    134        
     140
    135141                $grouped[$key][] = $menu;
    136142            }
    137        
     143
    138144            ob_start();
    139145            ?>
     
    155161
    156162                            ?>
    157                             <div class="fc-nav-item <?= esc_attr($active) ?>">
    158                                 <a href="<?= esc_url($first['url']) ?>" class="fc-nav-link <?= esc_attr($first['slug']) ?>">
    159                                     <?= ucfirst(esc_html($group)) ?>
     163                            <div class="fc-nav-item <?php echo esc_attr( $active ); ?>">
     164                                <a href="<?php echo esc_url( $first['url'] ); ?>" class="fc-nav-link <?php echo esc_attr( $first['slug'] ); ?>">
     165                                    <?php echo esc_html( ucfirst( $group ) ); ?>
    160166                                </a>
    161        
     167
    162168                                <?php if (count($items) > 1): ?>
    163169                                    <div class="fc-sub-menu">
    164170                                        <?php foreach (array_slice($items, 0) as $item): ?>
    165171                                            <?php $sub_active = ($page === $item['slug']) ? 'active' : ''; ?>
    166                                             <div class="fc-nav-item <?= esc_attr($sub_active) ?>">
    167                                                 <a href="<?= esc_url($item['url']) ?>" class="fc-nav-link <?= esc_attr($item['slug']) ?>">
    168                                                     <?= esc_html($item['name']) ?>
     172                                            <div class="fc-nav-item <?php echo esc_attr( $sub_active ); ?>">
     173                                                <a href="<?php echo esc_url( $item['url'] ); ?>" class="fc-nav-link <?php echo esc_attr( $item['slug'] ); ?>">
     174                                                    <?php echo esc_html( $item['name'] ); ?>
    169175                                                </a>
    170176                                            </div>
     
    233239                return $cap;
    234240            }
    235 
     241            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reading page parameter for checking capability only
    236242            $frontend_page = ( !is_admin() && isset( $_GET['location_id'] ) && !empty( $_GET['location_id'] ) && isset($_GET['doaction']) && !empty($_GET['doaction']) && isset($_GET['cap']) && !empty($_GET['cap']) && $_GET['cap'] == 'wpgmp_manage_location' ) ? true : false;
    237 
     243            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reading page parameter for checking capability only
    238244            $backend_page = ( is_admin() && isset( $_GET['location_id'] ) && !empty( $_GET['location_id'] ) && isset($_GET['doaction']) && !empty($_GET['doaction']) && isset($_GET['page']) && !empty($_GET['page']) && $_GET['page'] == 'wpgmp_manage_location' ) ? true : false;
    239245
     
    433439        function wpgmp_sample_csv_download(){
    434440
    435             if(!empty($_GET['do_action']) && $_GET['do_action'] == 'sample_csv_download'){
     441            if( !empty($_GET['do_action']) && $_GET['do_action'] == 'sample_csv_download' ){
    436442
    437443                if ( isset( $_GET['sample_csv_download_nonce'] ) && wp_verify_nonce( $_GET['sample_csv_download_nonce'], 'sample_csv_download_action' ) ) {
    438                  
    439                     $sample_zip =  WPGMP_DIR.'import_sample_file.zip';
    440                     header("Content-type: application/zip",true,200);
    441                     header("Content-Disposition: attachment; filename=import_sample_file.zip");
    442                     header("Pragma: no-cache");
    443                     header("Expires: 0");
    444                     readfile($sample_zip);
    445                     exit();
    446                  
     444                   
     445                    $sample_zip = WPGMP_DIR . 'import_sample_file.zip';
     446                   
     447                    // Initialize WP_Filesystem
     448                    global $wp_filesystem;
     449                    if ( empty( $wp_filesystem ) ) {
     450                        require_once ABSPATH . 'wp-admin/includes/file.php';
     451                        WP_Filesystem();
     452                    }
     453                   
     454                    if ( $wp_filesystem->exists( $sample_zip ) ) {
     455                        header("Content-type: application/zip",true,200);
     456                        header("Content-Disposition: attachment; filename=import_sample_file.zip");
     457                        header("Pragma: no-cache");
     458                        header("Expires: 0");
     459                        header("Content-Length: " . $wp_filesystem->size( $sample_zip ));
     460                       
     461                        // Use WP_Filesystem to read and output the file
     462                        $file_content = $wp_filesystem->get_contents( $sample_zip );
     463                        if ( $file_content !== false ) {
     464                            echo $file_content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
     465                            exit();
     466                        } else {
     467                            wp_die( esc_html__( 'Unable to read sample file.', 'wp-google-map-plugin' ) );
     468                        }
     469                    } else {
     470                        wp_die( esc_html__( 'Sample file not found.', 'wp-google-map-plugin' ) );
     471                    }
    447472                } else {
    448 
    449                   die( __( 'Something went wrong with the requested action. Please refresh page and try again.', 'wp-google-map-plugin' ) );
    450 
    451                 }
    452                
    453             }
    454 
    455         }
    456        
    457 
     473                    wp_die( esc_html__( 'Something went wrong with the requested action. Please refresh page and try again.', 'wp-google-map-plugin' ) ); 
     474                }
     475            }
     476        }
     477       
    458478        /**
    459479         * Export data into csv,xml,json or excel file
     
    496516                $fc_skin_styles  = $styles_and_scripts['fc_skin_styles'];
    497517                if ( ! empty( $fc_skin_styles ) ) {
    498                     echo '<style>' . $fc_skin_styles . '</style>';
     518                    echo '<style id="wpgmp-customiser-style">' . esc_html( $fc_skin_styles ) . '</style>';
    499519                }
    500520                if ( ! empty( $font_families ) ) {
     
    535555
    536556            } catch ( Exception $e ) {
    537                 echo WPGMP_Template::show_message( array( 'error' => $e->getMessage() ) );
     557                 echo wp_kses_post( WPGMP_Template::show_message( array( 'error' => $e->getMessage() ) ) );
    538558
    539559            }
     
    578598
    579599            } catch ( Exception $e ) {
    580                 echo WPGMP_Template::show_message( array( 'error' => $e->getMessage() ) );
     600                echo wp_kses_post( WPGMP_Template::show_message( array( 'error' => $e->getMessage() ) ) );
    581601
    582602            }
     
    704724                $currentblog = $wpdb->blogid;
    705725                $activated   = array();
    706                 $sql         = "SELECT blog_id FROM {$wpdb->blogs}";
    707                 $blog_ids    = $wpdb->get_col( $wpdb->prepare( $sql, null ) );
     726                $blog_ids = $wpdb->get_col(
     727                    $wpdb->prepare( "SELECT blog_id FROM {$wpdb->blogs}" )
     728                );
    708729
    709730                foreach ( $blog_ids as $blog_id ) {
     
    733754                $currentblog = $wpdb->blogid;
    734755                $activated   = array();
    735                 $sql         = "SELECT blog_id FROM {$wpdb->blogs}";
    736                 $blog_ids    = $wpdb->get_col( $wpdb->prepare( $sql, null ) );
     756                $blog_ids = $wpdb->get_col(
     757                    $wpdb->prepare( "SELECT blog_id FROM {$wpdb->blogs}" )
     758                );
    737759
    738760                foreach ( $blog_ids as $blog_id ) {
     
    871893
    872894            if ( file_exists( $dir ) == false ) {
    873                 echo 'Directory \'', $dir, '\' not found!';
     895                echo 'Directory \'', esc_html( $dir ), '\' not found!';
    874896
    875897            } else {
     
    11021124
    11031125                <div class="fc-quick-filter">
    1104                     <label><?php _e('Quick Filter:', 'wpgmp'); ?></label>
    1105                     <span class="fc-filter-menu active"><?php _e('All', 'wp-google-map-plugin'); ?></span>
    1106                     <span class="fc-filter-menu"><?php _e('Alphabets', 'wp-google-map-plugin'); ?></span>
    1107                     <span class="fc-filter-menu"><?php _e('Digits', 'wp-google-map-plugin'); ?></span>
    1108                     <span class="fc-filter-menu"><?php _e('Shapes', 'wp-google-map-plugin'); ?></span>
     1126                    <label><?php esc_html_e('Quick Filter:', 'wp-google-map-plugin'); ?></label>
     1127                    <span class="fc-filter-menu active"><?php esc_html_e('All', 'wp-google-map-plugin'); ?></span>
     1128                    <span class="fc-filter-menu"><?php esc_html_e('Alphabets', 'wp-google-map-plugin'); ?></span>
     1129                    <span class="fc-filter-menu"><?php esc_html_e('Digits', 'wp-google-map-plugin'); ?></span>
     1130                    <span class="fc-filter-menu"><?php esc_html_e('Shapes', 'wp-google-map-plugin'); ?></span>
    11091131                </div>
    11101132
     
    11241146                            if ($file !== '.' && $file !== '..' && in_array($file_type, $file_display)) {
    11251147                                $svg_content = file_get_contents($dir . '/' . $file);
    1126                                 echo "<li class='read_icons' data-title='" . esc_attr($image_data[0]) . "'>" . $svg_content . "</li>";
     1148                                echo "<li class='read_icons' data-title='" . esc_attr($image_data[0]) . "'>" . $svg_content . "</li>";  // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
    11271149                            }
    11281150                        }
     
    13041326           
    13051327            if ( is_admin() )
    1306             $this->wpgmp_define( 'ALLOW_UNFILTERED_UPLOADS', true );
    13071328            $this->wpgmp_define( 'WPGMP_SLUG', 'wpgmp_view_overview' );
    1308             $this->wpgmp_define( 'WPGMP_VERSION', '4.8.6' );
     1329            $this->wpgmp_define( 'WPGMP_VERSION', '4.8.7' );
    13091330            $this->wpgmp_define( 'WPGMP_FOLDER', basename( dirname( __FILE__ ) ) );
    13101331            $this->wpgmp_define( 'WPGMP_DIR', plugin_dir_path( __FILE__ ) );
     
    13261347            $this->wpgmp_define( 'TBL_ROUTES', $wpdb->prefix . 'map_routes' );
    13271348
    1328 
    13291349        }
    13301350       
     
    13511371                'wpgmp-model.php',
    13521372                'wpgmp-map-widget.php',
    1353                 'wpgmp-visual-composer.php',
    1354                 'wpgmp-maps-importer.php',
    13551373                'wpgmp-check-cookies.php',
    13561374                'wpgmp-temp-access.php',
     
    13731391
    13741392                    $file = WPGMP_MODEL . $module . '/model.' . $module . '.php';
    1375 
     1393                    // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals
    13761394                    $file = apply_filters('fc_backend_module_path_load', $file ,$module );
    13771395
Note: See TracChangeset for help on using the changeset viewer.