Changeset 3436471

Timestamp:

01/10/2026 08:54:57 AM (3 months ago)

Author:

pickplugins

Message:

version update

Location:

question-answer/trunk

Files:

• includes/classes/class-admin-notices.php (modified) (1 diff)
• includes/classes/class-widget-categories.php (modified) (2 diffs)
• includes/functions-ajax.php (modified) (1 diff)
• includes/functions-counter.php (modified) (1 diff)
• includes/functions-notification.php (modified) (1 diff)
• includes/functions-user-profile.php (modified) (1 diff)
• includes/functions.php (modified) (28 diffs)
• includes/menus/settings-new.php (modified) (1 diff)
• includes/menus/welcome.php (modified) (1 diff)
• includes/shortcodes/class-shortcode-qa-edit-account.php (modified) (3 diffs)
• question-answer.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• templates/add-question/add-question-hook.php (modified) (4 diffs)
• templates/add-question/add-question-new.php (modified) (2 diffs)
• templates/dashboard/dashboard-hook.php (modified) (1 diff)
• templates/my-account/my-account.php (modified) (1 diff)
• templates/my-account/profile.php (modified) (2 diffs)
• templates/single-question/answer-section.php (modified) (1 diff)
• templates/single-question/single-question-hook.php (modified) (1 diff)
• templates/template-registration-form.php (modified) (1 diff)

question-answer/trunk/includes/classes/class-admin-notices.php

@@ -39 +39 @@
                     <?php
 /* translators: URL */
-                    echo sprintf(esc_html__('Data migration required for <b>Question Answer</b> plugin, please <a class="button button-primary" href="%s">click to start</a> migration.', 'question-answer'), esc_url_raw($actionurl));
+                    echo sprintf(esc_html__('Data migration required for <b>Question Answer</b> plugin, please <a class="button button-primary" href="%s">click to start</a> migration.', 'question-answer'), esc_url($actionurl));
                     ?>
                 </p>

question-answer/trunk/includes/classes/class-widget-categories.php

@@ -1 +1 @@
 <?php
 
-/*
-* @Author       pickplugins
-* Copyright:    2015 pickplugins
-*/
-
-if ( ! defined('ABSPATH')) exit;  // if direct access 
+if (!defined('ABSPATH')) exit;  // if direct access
 
 
@@ -30 +25 @@
         echo '<div class="qa_widget_categories">';
         
-        $question_cat = get_terms('question_cat', array('hide_empty' => false,) );
+        $question_cat = get_terms(array(    'taxonomy'   => 'question_cat',
+'hide_empty' => false,) );
         
         //echo '<pre>'.var_export($question_cat, true).'</pre>';

question-answer/trunk/includes/functions-ajax.php

@@ -184 +184 @@
     //echo 'gggggggggggggg';
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }

question-answer/trunk/includes/functions-counter.php

@@ -1 +1 @@
 <?php
-/*
-* @Author       pickplugins
-* Copyright:    pickplugins.com
-*/
+if (!defined('ABSPATH')) exit;  // if direct access
 
 

question-answer/trunk/includes/functions-notification.php

@@ -1 +1 @@
 <?php
-/*
-* @Author       pickplugins
-* Copyright:    pickplugins.com
-*/
-
+
+if (!defined('ABSPATH')) exit;  // if direct access
 
 /*

question-answer/trunk/includes/functions-user-profile.php

@@ -1 +1 @@
 <?php
-/*
-* @Author       pickplugins
-* Copyright:    pickplugins.com
-*/
+if (!defined('ABSPATH')) exit;  // if direct access
 
 class class_qa_user_profile{

question-answer/trunk/includes/functions.php

@@ -1 +1 @@
 <?php
-/*
-* @Author       pickplugins
-* Copyright:    pickplugins.com
-*/
-
 if (!defined('ABSPATH')) exit;  // if direct access
 
@@ -166 +161 @@
         if ($qa_account_required_post_answer == 'yes') {
             $response['html'] .= sprintf("<p class='qa_notice qa_notice_error'>%s</p>", __('Please login to post answer.', 'question-answer'));
-            echo json_encode($response);
+            echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
             die();
         }
@@ -174 +169 @@
 
         $response['html'] .= sprintf("<p class='qa_notice qa_notice_error'>%s</p>", __('Empty content can"t be a valid answer!', 'question-answer'));
-        echo json_encode($response);
+        echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
         die();
     }
@@ -209 +204 @@
 
         $response['html'] .= sprintf("<p class='qa_notice qa_notice_error'>%s</p>", __('Something went wrong!', 'question-answer'));
-        echo json_encode($response);
+        echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
         die();
     }
@@ -262 +257 @@
     do_action('qa_answer_submitted', $answer_id, $form_data_arr);
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -337 +332 @@
 
         $response['html'] .= sprintf("<p class='qa_notice qa_notice_error'>%s</p>", __('Empty content can"t be a valid answer!', 'question-answer'));
-        echo json_encode($response);
+        echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
         die();
     }
@@ -364 +359 @@
 
         $response['html'] .= sprintf("<p class='qa_notice qa_notice_error'>%s</p>", __('Something went wrong! 2', 'question-answer'));
-        echo json_encode($response);
+        echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
         die();
     }
@@ -399 +394 @@
     //do_action( 'qa_email_action_question_submit', $answer_id );
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -615 +610 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -645 +640 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -754 +749 @@
     endif;
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -1211 +1206 @@
     ob_end_clean();
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -1258 +1253 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -1672 +1667 @@
     //echo 'gggggggggggggg';
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -1708 +1703 @@
 
         $response['toast'] .= '<i class="fas fa-check"></i> ' . __('Please login first.', 'question-answer');
-        echo json_encode($response);
+        echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
         die();
     }
@@ -1715 +1710 @@
 
         $response['toast'] .= '<i class="fas fa-check"></i> ' . __('Sorry you can\'t choose best answer.', 'question-answer');
-        echo json_encode($response);
+        echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
         die();
     }
@@ -1761 +1756 @@
     }
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -1814 +1809 @@
     }
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -1859 +1854 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -2045 +2040 @@
     endif;
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     //echo $qa_flag_value;
     die();
@@ -2198 +2193 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     //echo $qa_flag_value;
     die();
@@ -2312 +2307 @@
     endif;
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     //echo $qa_flag_value;
     die();
@@ -2475 +2470 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -2539 +2534 @@
     $response['status'] = $status;
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -2594 +2589 @@
     $response['status'] = $status;
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -2648 +2643 @@
     }
 
-    echo json_encode($html);
+    echo json_encode($html, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -2725 +2720 @@
     }
 
-    echo json_encode($html);
+    echo json_encode($html, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
     die();
 }
@@ -2814 +2809 @@
 
 
-    echo json_encode($response);
+    echo wp_json_encode($response, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
 
     die();

question-answer/trunk/includes/menus/settings-new.php

@@ -100 +100 @@
     <div id="icon-tools" class="icon32"><br></div>
     <h2><?php echo esc_html(__('Question Answer Settings', 'question-answer')) ?></h2>
-    <form method="post" action="<?php echo esc_url(str_replace('%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>">
+    <form method="post" action="<?php echo esc_url(str_replace('%7E', '~', sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])))); ?>">
         <input type="hidden" name="qa_settings_hidden" value="Y">
         <?php

question-answer/trunk/includes/menus/welcome.php

@@ -68 +68 @@
     <div id="icon-tools" class="icon32"><br></div>
     <h2></h2>
-        <form  method="post" action="<?php echo esc_url(str_replace( '%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>">
+        <form  method="post" action="<?php echo esc_url(str_replace( '%7E', '~', sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])))); ?>">
             <input type="hidden" name="qa_hidden" value="Y">
             <?php
             if(!empty($_POST['qa_hidden'])){
 
-                $nonce = sanitize_text_field(wp_unslash($_POST['_wpnonce']));
+                $nonce = isset($_POST['_wpnonce']) ? sanitize_text_field(wp_unslash($_POST['_wpnonce'])) : '';
 
 

question-answer/trunk/includes/shortcodes/class-shortcode-qa-edit-account.php

@@ -28 +28 @@
         }
 
-        if(isset($_POST['_wpnonce']) && wp_verify_nonce( $_POST['_wpnonce'], 'qa_edit_account_nonce' ) && $_POST['qa_edit_account_hidden'] == 'Y') {
+        if(isset($_POST['_wpnonce']) && wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'qa_edit_account_nonce' ) && wp_unslash($_POST['qa_edit_account_hidden']) == 'Y') {
 
 
-            $display_name = sanitize_text_field(wp_unslash($_POST['display_name']));
-            $user_url = esc_url_raw(wp_unslash($_POST['user_url']));
-            $user_description = sanitize_text_field(wp_unslash($_POST['description']));
+            $display_name = isset($_POST['display_name']) ? sanitize_text_field(wp_unslash($_POST['display_name'])) : '';
+            $user_url = isset($_POST['user_url']) ? esc_url_raw(wp_unslash($_POST['user_url'])) : '';
+            $user_description = isset($_POST['description']) ? sanitize_text_field(wp_unslash($_POST['description'])) : '';
 
-            $profile_photo = esc_url(wp_unslash($_POST['profile_photo']));
-            $cover_photo = esc_url(wp_unslash($_POST['cover_photo']));
+            $profile_photo = isset($_POST['profile_photo']) ? esc_url_raw(wp_unslash($_POST['profile_photo'])) : '';
+            $cover_photo = isset($_POST['cover_photo']) ? esc_url_raw(wp_unslash($_POST['cover_photo'])) : '';
 
             wp_update_user( array( 'ID' => $current_user_id, 'display_name' => $display_name ) );
@@ -54 +54 @@
         else{
 
-            $display_name = $current_user->display_name;
-            $user_url = $current_user->user_url;
-            $user_description = $current_user->description;
+            $display_name =  isset($current_user->display_name ) ? $current_user->display_name : '';
+            $user_url = isset($current_user->user_url ) ? $current_user->user_url : '';
+            $user_description = isset($current_user->description ) ? $current_user->description : '';
 
 
@@ -82 +82 @@
             ?>
 
-            <form action="<?php echo esc_url(str_replace( '%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>" method="post">
+            <form action="<?php echo esc_url(str_replace( '%7E', '~', sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI']))) ); ?>" method="post">
                 <input type="hidden" name="qa_edit_account_hidden" value="Y">
 

question-answer/trunk/question-answer.php

@@ -1 +1 @@
 <?php
 /*
-Plugin Name: Question Answer
+Plugin Name: PickPlugins Question Answer
 Plugin URI: https://www.pickplugins.com/item/question-answer/?ref=dashboard
 Description: Create Awesome Question and Answer Website in a Minute
-Version: 1.2.71
+Version: 1.2.73
 Text Domain: question-answer
 Domain Path: /languages

question-answer/trunk/readme.txt

@@ -1 @@
-=== Question Answer ===
+=== PickPlugins Question Answer ===
     Contributors: PickPlugins
     Donate link: https://www.pickplugins.com/item/question-answer/?ref=wordpress.org
     Tags:  Question Answer, Question, Answer
     Requires at least: 4.1
-    Tested up to: 6.6
-    Stable tag: 1.2.71
+    Tested up to: 6.9
+    Stable tag: 1.2.73
     License: GPLv2 or later
     License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -110 +110 @@
 Plugin is translation ready , please find the 'en.po' for default translation file under 'languages' folder and add your own translation. you can also contribute in translation, please contact us https://pickplugins.com/forum/
 
+== External services ==
+
+* [Google reCAPTCHA](https://www.google.com/recaptcha/about/)
+
 == Frequently Asked Questions ==
 

question-answer/trunk/templates/add-question/add-question-hook.php

@@ -254 +254 @@
 
     $login_page_id             = get_option('qa_question_login_page_id');
-    $login_page_url                     = !empty($login_page_id) ? get_permalink($login_page_id) : wp_login_url($_SERVER['REQUEST_URI']);
+    $login_page_url                     = !empty($login_page_id) ? get_permalink($login_page_id) : wp_login_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])));
 
 ?>
@@ -405 +405 @@
     $qa_enable_poll                     = get_option('qa_enable_poll', 'no');
 
-    $qa_page_myaccount_url = !empty($qa_page_myaccount) ? get_permalink($qa_page_myaccount) : wp_login_url($_SERVER['REQUEST_URI']);
+    $qa_page_myaccount_url = !empty($qa_page_myaccount) ? get_permalink($qa_page_myaccount) : wp_login_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])));
 
     $user_id = (is_user_logged_in()) ? get_current_user_id() : 0;
@@ -483 +483 @@
             $secretkey = get_option('qa_reCAPTCHA_secret_key');
 
-            $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=" . $secretkey . "&response=" . wp_unslash($_POST['g-recaptcha-response']));
+            $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=" . $secretkey . "&response=" . sanitize_text_field(wp_unslash($_POST['g-recaptcha-response'])));
             $response = json_decode($response["body"], true);
 
@@ -505 +505 @@
     //    }
 
-    if (!isset($_POST['qa_q_submit_nonce']) || !wp_verify_nonce(wp_unslash($_POST['qa_q_submit_nonce']), 'qa_q_submit_nonce')) {
+    if (!isset($_POST['qa_q_submit_nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['qa_q_submit_nonce'])), 'qa_q_submit_nonce')) {
 
         $qa_error->add('_wpnonce', __('<strong>ERROR</strong>: security test failed.', 'question-answer'));

question-answer/trunk/templates/add-question/add-question-new.php

@@ -19 +19 @@
     $qa_submitted_post_status           = get_option('qa_submitted_question_status', 'pending' );
     $qa_page_myaccount                  = get_option('qa_page_myaccount', '' );
-    $qa_page_myaccount_url              = !empty($qa_page_myaccount) ? get_permalink($qa_page_myaccount) : wp_login_url(wp_unslash($_SERVER['REQUEST_URI']));
+    $qa_page_myaccount_url              = !empty($qa_page_myaccount) ? get_permalink($qa_page_myaccount) : wp_login_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])));
 
 
@@ -36 +36 @@
     <?php do_action('question_answer_submit_question_before'); ?>
 
-    <form enctype="multipart/form-data" method="post" action="<?php echo esc_url(str_replace( '%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>">
+    <form enctype="multipart/form-data" method="post" action="<?php echo esc_url(str_replace( '%7E', '~', sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI']))) ); ?>">
         <?php
         do_action('question_answer_submit_question');

question-answer/trunk/templates/dashboard/dashboard-hook.php

@@ -203 +203 @@
 
         $login_redirect_page_url = !empty($login_redirect_page) ? get_permalink($login_redirect_page) : '';
-        $qa_page_myaccount_url = !empty($qa_page_myaccount) ? get_permalink($qa_page_myaccount) : wp_login_url(wp_unslash($_SERVER['REQUEST_URI']));
+        $qa_page_myaccount_url = !empty($qa_page_myaccount) ? get_permalink($qa_page_myaccount) : wp_login_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])));
 
 

question-answer/trunk/templates/my-account/my-account.php

@@ -47 +47 @@
                 }
             else{
-                $qa_page_myaccount_url = wp_login_url(wp_unslash($_SERVER['REQUEST_URI']));
+                $qa_page_myaccount_url = wp_login_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])));
                 }           
             

question-answer/trunk/templates/my-account/profile.php

@@ -61 +61 @@
         </ul>
         
-        <form enctype="multipart/form-data"   method="POST" action="<?php echo  esc_url_raw(str_replace( '%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>">
+        <form enctype="multipart/form-data"   method="POST" action="<?php echo  esc_url(str_replace( '%7E', '~',sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI']))) ); ?>">
         <ul class="box">
             <li style="display: block;" class="box1 tab-box active">
@@ -86 +86 @@
 
                     <p class="option-info"><?php echo esc_html__('Website', 'question-answer' ); ?></p>
-                    <input type="text" placeholder="www.yourwebsite.com" name="qa_website" value="<?php echo esc_url_raw($qa_website); ?>" />
+                    <input type="text" placeholder="www.yourwebsite.com" name="qa_website" value="<?php echo esc_url($qa_website); ?>" />
                 </div>
             </li>

question-answer/trunk/templates/single-question/answer-section.php

@@ -71 +71 @@
         <?php if( $qa_show_answer_filter == 'yes' ) { ?>
         <div class="float_right answer_header_status">
-            <form enctype="multipart/form-data" id="qa_sort_answer_form" action="<?php echo esc_url(str_replace( '%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>" method="GET">
+            <form enctype="multipart/form-data" id="qa_sort_answer_form" action="<?php echo esc_url(str_replace( '%7E', '~', sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI']))) ); ?>" method="GET">
                 <span><?php echo esc_html__('Sort By:', 'question-answer'); ?></span>
                 <select name="qa_sort_answer" class="qa_sort_answer">

question-answer/trunk/templates/single-question/single-question-hook.php

@@ -1320 +1320 @@
                 <?php if ($qa_show_answer_filter == 'yes') { ?>
                     <div class="float_right answer_header_status">
-                        <form enctype="multipart/form-data" id="qa_sort_answer_form" action="<?php echo esc_url(str_replace('%7E', '~', wp_unslash($_SERVER['REQUEST_URI']))); ?>" method="GET">
+                        <form enctype="multipart/form-data" id="qa_sort_answer_form" action="<?php echo esc_url(str_replace('%7E', '~', sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])))); ?>" method="GET">
                             <span><?php echo esc_html__('Sort By:', 'question-answer'); ?></span>
                             <select name="qa_sort_answer" class="qa_sort_answer">

question-answer/trunk/templates/template-registration-form.php

@@ -42 +42 @@
     
  
-    <form action="<?php echo esc_url_raw(wp_unslash($_SERVER['REQUEST_URI'])); ?> " method="post">
+    <form action="<?php echo esc_url(sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI']))); ?> " method="post">
     <p>
     <label for="username"><?php echo esc_html__('Username', 'question-answer'); ?><strong>*</strong><br>