Changeset 770831

Timestamp:

09/12/2013 08:40:43 AM (12 years ago)

Author:

laki_patel

Message:

Fix SQL Injection and Cross Site Scripting issues

Location:

indianic-testimonial/trunk

Files:

• add.php (modified) (2 diffs)
• listing_template.php (modified) (7 diffs)
• settings.php (modified) (3 diffs)
• testimonial.php (modified) (10 diffs)
• view.php (modified) (5 diffs)
• widget.php (modified) (3 diffs)
• widget_template.php (modified) (3 diffs)

indianic-testimonial/trunk/add.php

@@ -4 +4 @@
   $_result = $_result[0];
   
-  $id = $_result->id;
-  $project_name = $_result->project_name;
-  $project_url = $_result->project_url;
-  $client_name = $_result->client_name;
-  $city = $_result->city;
-  $state = $_result->state;
-  $country = $_result->country;
-  $description = $_result->description;
-  $tags = $_result->tags;
-  $video_url = $_result->video_url;
-  $thumb_img_url = $_result->thumb_img_url;
-  $large_img_url = $_result->large_img_url;
-  $is_featured = $_result->is_featured;
+  $id = esc_attr($_result->id);
+  $project_name = esc_attr($_result->project_name);
+  $project_url = esc_attr($_result->project_url);
+  $client_name = esc_attr($_result->client_name);
+  $city = esc_attr($_result->city);
+  $state = esc_attr($_result->state);
+  $country = esc_attr($_result->country);
+  $description = esc_attr($_result->description);
+  $tags = esc_attr($_result->tags);
+  $video_url = esc_attr($_result->video_url);
+  $thumb_img_url = esc_attr($_result->thumb_img_url);
+  $large_img_url = esc_attr($_result->large_img_url);
+  $is_featured = esc_attr($_result->is_featured);
 }
 ?>
@@ -26 +26 @@
   <div id="message" class="below-h2"></div>
   <form name="testimonial_add" method="post" action="" enctype="multipart/form-data">
+    <?php wp_nonce_field('save_testimonial','_nonce'); ?>
     <input type="hidden" name="action" value="iNIC_testimonial_save" />
     <?php
     if (isset($_REQUEST['id']) && $_REQUEST['id']) {
-      echo '<input type="hidden" name="id" value="' . $_REQUEST['id'] . '" />';
+      echo '<input type="hidden" name="id" value="' . esc_attr($_REQUEST['id']) . '" />';
     }
     ?>

indianic-testimonial/trunk/listing_template.php

@@ -58 +58 @@
 
     <form name="testimonial_listing_template" method="post" action="">
+      <?php wp_nonce_field('save_testimonial_listing_template','_nonce'); ?>
       <input type="hidden" name="action" value="iNIC_testimonial_save_listing_template" />
 
@@ -71 +72 @@
           <tr>
             <th><label for="title">Title</label></th>
-            <td><input name="title" type="text" id="title" value="<?php echo $title; ?>" class="regular-text"></td>
+            <td><input name="title" type="text" id="title" value="<?php echo esc_attr($title); ?>" class="regular-text"></td>
           </tr>
 
@@ -77 +78 @@
           <tr>
             <th><label for="no_of_testimonial">No. of Testimonials</label></th>
-            <td><input name="no_of_testimonial" type="text" id="no_of_testimonial" value="<?php echo $no_of_testimonial; ?>" class="small-text"></td>
+            <td><input name="no_of_testimonial" type="text" id="no_of_testimonial" value="<?php echo esc_attr($no_of_testimonial); ?>" class="small-text"></td>
           </tr>
 
           <tr>
             <th><label for="list_per_page">Listing Testimonials Per Page</label></th>
-            <td><input name="list_per_page" type="text" id="list_per_page" value="<?php echo $list_per_page; ?>" class="small-text"></td>
+            <td><input name="list_per_page" type="text" id="list_per_page" value="<?php echo esc_attr($list_per_page); ?>" class="small-text"></td>
           </tr>
 
@@ -94 +95 @@
                 foreach ($_table_field as $_table_field) {
                   $_is_selected = $_ord_by[0] == $_table_field->Field ? ' selected="selected"' : '';
-                  echo "<option value=\"{$_table_field->Field}\"{$_is_selected}>{$_table_field->Field}</option>";
+                  echo "<option value=\"".  esc_attr($_table_field->Field)."\"{$_is_selected}>{$_table_field->Field}</option>";
                 }
                 ?>
@@ -107 +108 @@
           <tr>
             <th><label for="filter_by_country">Filter by Country</label></th>
-            <td><input name="filter_by_country" type="text" id="filter_by_country" value="<?php echo $filter_by_country; ?>" class="regular-text"> Comma Separated. <code>country1,country2,country3</code></td>
+            <td><input name="filter_by_country" type="text" id="filter_by_country" value="<?php echo esc_attr($filter_by_country); ?>" class="regular-text"> Comma Separated. <code>country1,country2,country3</code></td>
           </tr>
 
           <tr>
             <th><label for="filter_by_tags">Filter by Tags</label></th>
-            <td><input name="filter_by_tags" type="text" id="filter_by_tags" value="<?php echo $filter_by_tags; ?>" class="regular-text"> Comma Separated. <code>tag1,tag2,tag3</code></td>
+            <td><input name="filter_by_tags" type="text" id="filter_by_tags" value="<?php echo esc_attr($filter_by_tags); ?>" class="regular-text"> Comma Separated. <code>tag1,tag2,tag3</code></td>
           </tr>
 
           <tr>
             <th><label for="custom_query">Custom SQL Where condition</label></th>
-            <td><input name="custom_query" type="text" id="custom_query" value="<?php echo $custom_query; ?>" class="regular-text">LIKE <code>feature='1' AND city != ''</code></td>
+            <td><input name="custom_query" type="text" id="custom_query" value="<?php echo esc_attr($custom_query); ?>" class="regular-text">LIKE <code>feature='1' AND city != ''</code></td>
           </tr>
 
@@ -133 +134 @@
           <tr class="hidewhennotfeatured">
             <th><label for="no_of_featured">No. of Featured</label></th>
-            <td><input name="no_of_featured" type="text" id="no_of_featured" value="<?php echo $no_of_featured ? $no_of_featured : 1; ?>" class="small-text"></td>
+            <td><input name="no_of_featured" type="text" id="no_of_featured" value="<?php echo $no_of_featured ? esc_attr($no_of_featured) : 1; ?>" class="small-text"></td>
           </tr>
 
           <tr class="hidewhennotfeatured">
             <th><label for="featured_template">Featured HTML Template</label></th>
-            <td><?php wp_editor(stripslashes($featured_template), 'featured_template', array('media_buttons' => false, 'textarea_rows' => 10, 'tinymce' => false)); ?></td>
+            <td><?php wp_editor(esc_attr(stripslashes($featured_template)), 'featured_template', array('media_buttons' => false, 'textarea_rows' => 10, 'tinymce' => false)); ?></td>
           </tr>
 
           <tr>
             <th><label for="listing_template_odd">Listing HTML Template (Odd)</label></th>
-            <td><?php wp_editor(stripslashes($listing_template_odd), 'listing_template_odd', array('media_buttons' => false, 'textarea_rows' => 10, 'tinymce' => false)); ?></td>
+            <td><?php wp_editor(esc_attr(stripslashes($listing_template_odd)), 'listing_template_odd', array('media_buttons' => false, 'textarea_rows' => 10, 'tinymce' => false)); ?></td>
           </tr>
 
           <tr>
             <th><label for="listing_template_even">Listing HTML Template (Even)</label></th>
-            <td><?php wp_editor(stripslashes($listing_template_even), 'listing_template_even', array('media_buttons' => false, 'textarea_rows' => 10, 'tinymce' => false)); ?></td>
+            <td><?php wp_editor(esc_attr(stripslashes($listing_template_even)), 'listing_template_even', array('media_buttons' => false, 'textarea_rows' => 10, 'tinymce' => false)); ?></td>
           </tr>
 
@@ -225 +226 @@
             echo "<tr>
                     <td>
-                      {$_results->title}<br /><i>[iNICtestimonial tpl={$_results->id}]</i>
+                      ".  esc_html($_results->title)."<br /><i>[iNICtestimonial tpl=".  esc_html($_results->id)."]</i>
                       <div class=\"row-actions\">
-                        <span class=\"edit\"><a href=\"admin.php?page=inic_testimonial_listing_template&type=add&id={$_results->id}\" title=\"Edit this item\">Edit</a> | </span>
-                        <span class=\"trash\"><a class=\"submitdelete\" title=\"Delete this item\" href=\"javascript:void(0)\" rel=\"{$_results->id}\">Delete</a></span>
+                        <span class=\"edit\"><a href=\"admin.php?page=inic_testimonial_listing_template&type=add&id=".  esc_attr($_results->id)."\" title=\"Edit this item\">Edit</a> | </span>
+                        <span class=\"trash\"><a class=\"submitdelete\" title=\"Delete this item\" href=\"javascript:void(0)\" rel=\"".  esc_attr($_results->id)."\">Delete</a></span>
                       </div>
                     </td>
-                    <td>{$_results->no_of_testimonial}</td>
-                    <td>{$_results->list_per_page}</td>
-                    <td>{$_results->ord_by}</td>
-                    <td>{$_filter_by}</td>
-                    <td>{$_results->show_featured_at}{$_no_of_featured}</td>
+                    <td>".  esc_html($_results->no_of_testimonial)."</td>
+                    <td>".  esc_html($_results->list_per_page)."</td>
+                    <td>".  esc_html($_results->ord_by)."</td>
+                    <td>".  esc_html($_filter_by)."</td>
+                    <td>".  esc_html($_results->show_featured_at)." ".  esc_html($_no_of_featured)."</td>
                   </tr>";
           }

indianic-testimonial/trunk/settings.php

@@ -38 +38 @@
     
     <form name="testimonial_setting" method="post" action="">
+    <?php wp_nonce_field('save_testimonial_options','_nonce'); ?>
+    
         <input type="hidden" name="action" value="iNIC_testimonial_save_setting" />
         <table class="form-table">
@@ -53 +55 @@
                 <tr>
                     <th><label for="inic_testimonial_admin_list_per_page">Admin pages show at most</label></th>
-                    <td><input name="inic_testimonial_admin_list_per_page" type="text" id="inic_testimonial_admin_list_per_page" value="<?php echo get_option("inic_testimonial_admin_list_per_page"); ?>" class="small-text"> Testimonials</td>
+          <td><input name="inic_testimonial_admin_list_per_page" type="text" id="inic_testimonial_admin_list_per_page" value="<?php echo esc_attr(get_option("inic_testimonial_admin_list_per_page")); ?>" class="small-text"> Testimonials</td>
                 </tr>
                 
@@ -65 +67 @@
                         foreach($_table_field as $_table_field) {
                           $_is_selected = $_ord_by[0] == $_table_field->Field ? ' selected="selected"' : '';
-                          echo "<option value=\"{$_table_field->Field}\"{$_is_selected}>{$_table_field->Field}</option>";
+                          echo "<option value=\"".  esc_attr($_table_field->Field)."\"{$_is_selected}>".  esc_attr($_table_field->Field)."</option>";
                         }
                         ?>

indianic-testimonial/trunk/testimonial.php

@@ -49 +49 @@
 
     $_search = array("{#ID}", "{#ProjectName}", "{#ProjectUrl}", "{#ClientName}", "{#City}", "{#State}", "{#Country}", "{#Description}", "{#Tags}", "{#VideoUrl}", "{#ThumbImgUrl}", "{#LargeImgUrl}", "{#Counter}");
-    $_replace = array($_data->id, $_data->project_name, $_data->project_url, $_data->client_name, $_data->city, $_data->state, $_data->country, $_data->description, $_data->tags, $_data->video_url, $_data->thumb_img_url, $_data->large_img_url, $_data->counter);
-    $_code_value = array("{#ID}" => $_data->id, "{#ProjectName}" => $_data->project_name, "{#ProjectUrl}" => $_data->project_url, "{#ClientName}" => $_data->client_name, "{#City}" => $_data->city, "{#State}" => $_data->state, "{#Country}" => $_data->country, "{#Description}" => $_data->description, "{#Tags}" => $_data->tags, "{#VideoUrl}" => $_data->video_url, "{#ThumbImgUrl}" => $_data->thumb_img_url, "{#LargeImgUrl}" => $_data->large_img_url, "{#Counter}" => $_data->counter);
+    $_replace = array(esc_html($_data->id), esc_html($_data->project_name), esc_html($_data->project_url), esc_html($_data->client_name), esc_html($_data->city), esc_html($_data->state), esc_html($_data->country), esc_html($_data->description), esc_html($_data->tags), esc_html($_data->video_url), esc_html($_data->thumb_img_url), esc_html($_data->large_img_url), esc_html($_data->counter));
+    $_code_value = array("{#ID}" => esc_html($_data->id), "{#ProjectName}" => esc_html($_data->project_name), "{#ProjectUrl}" => esc_html($_data->project_url), "{#ClientName}" => esc_html($_data->client_name), "{#City}" => esc_html($_data->city), "{#State}" => esc_html($_data->state), "{#Country}" => esc_html($_data->country), "{#Description}" => esc_html($_data->description), "{#Tags}" => esc_html($_data->tags), "{#VideoUrl}" => esc_html($_data->video_url), "{#ThumbImgUrl}" => esc_html($_data->thumb_img_url), "{#LargeImgUrl}" => esc_html($_data->large_img_url), "{#Counter}" => esc_html($_data->counter));
 
     preg_match('#\[IF\s(.+?)](.+?)\[/IF]#s', $_tpl_data, $matches_if);
@@ -136 +136 @@
         $_testimonial_result = isset($_array_chunk[$_current_page - 1]) && $_array_chunk[$_current_page - 1] ? $_array_chunk[$_current_page - 1] : $_array_chunk[0];
         $_pagination = "";
-        
+
         if ($_total_pages > 1) {
           $_pagination .= "<div class='testimonial_pagination'>";
-          
-          if($_current_page > 1) {
-            $_pagination .= "<a href=\"?".build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => 1)))."\" title=\"Go to the first page\" class=\"first-page\">&laquo;</a> ";
-            $_pagination .= "<a href=\"?".build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => ($_current_page - 1))))."\" title=\"Go to the previous page\" class=\"prev-page\">&lsaquo;</a> ";
+
+          if ($_current_page > 1) {
+            $_pagination .= "<a href=\"?" . build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => 1))) . "\" title=\"Go to the first page\" class=\"first-page\">&laquo;</a> ";
+            $_pagination .= "<a href=\"?" . build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => ($_current_page - 1)))) . "\" title=\"Go to the previous page\" class=\"prev-page\">&lsaquo;</a> ";
           }
-          
+
           for ($i = 1; $i <= $_total_pages; ++$i) {
             $_url_prefix = build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => $i)));
@@ -150 +150 @@
             $_pagination .= "<a href=\"?{$_url_prefix}\"{$_is_active}>{$i}</a> ";
           }
-          
-          if($_current_page < $_total_pages) {
-            $_pagination .= "<a href=\"?".build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => ($_current_page + 1))))."\" title=\"Go to the next page\" class=\"next-page\">&rsaquo;</a> ";
-            $_pagination .= "<a href=\"?".build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => $_total_pages)))."\" title=\"Go to the last page\" class=\"last-page\">&raquo;</a> ";
+
+          if ($_current_page < $_total_pages) {
+            $_pagination .= "<a href=\"?" . build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => ($_current_page + 1)))) . "\" title=\"Go to the next page\" class=\"next-page\">&rsaquo;</a> ";
+            $_pagination .= "<a href=\"?" . build_query(array_merge($_REQUEST, array($this->blog_page_pagination_key => $_total_pages))) . "\" title=\"Go to the last page\" class=\"last-page\">&raquo;</a> ";
           }
-          
+
           $_pagination .= "</div>";
         }
-
       }
 
@@ -196 +195 @@
   public function iNIC_testimonial_save() {
 
+    if (!wp_verify_nonce($_POST['_nonce'], 'save_testimonial')) {
+      echo json_encode(array('error' => "Sorry, your nonce did not verify."));
+      die();
+    }
+
     $_search = array("http://", "https://");
     $_replace = array("", "");
 
     $_data = array(
-        "project_name" => $_POST['project_name'],
-        "project_url" => $_POST['project_url'],
-        "client_name" => $_POST['client_name'],
-        "city" => $_POST['client_city'],
-        "state" => $_POST['client_state'],
-        "country" => $_POST['client_country'],
-        "description" => $_POST['description'],
-        "tags" => $_POST['tags'],
-        "video_url" => $_POST['video_url'],
-        "thumb_img_url" => str_replace($_SERVER['HTTP_HOST'], "", str_replace($_search, $_replace, $_POST['thumb_img'])),
-        "large_img_url" => str_replace($_SERVER['HTTP_HOST'], "", str_replace($_search, $_replace, $_POST['large_img'])),
-        "is_featured" => $_POST['is_featured']
+        "project_name" => esc_html($this->clean_text($_POST['project_name'])),
+        "project_url" => esc_html($this->clean_text($_POST['project_url'])),
+        "client_name" => esc_html($this->clean_text($_POST['client_name'])),
+        "city" => esc_html($this->clean_text($_POST['client_city'])),
+        "state" => esc_html($this->clean_text($_POST['client_state'])),
+        "country" => esc_html($this->clean_text($_POST['client_country'])),
+        "description" => esc_html($this->clean_text($_POST['description'])),
+        "tags" => esc_html($this->clean_text($_POST['tags'])),
+        "video_url" => esc_html($this->clean_text($_POST['video_url'])),
+        "thumb_img_url" => str_replace($_SERVER['HTTP_HOST'], "", str_replace($_search, $_replace, esc_html($this->clean_text($_POST['thumb_img'])))),
+        "large_img_url" => str_replace($_SERVER['HTTP_HOST'], "", str_replace($_search, $_replace, esc_html($this->clean_text($_POST['large_img'])))),
+        "is_featured" => esc_html($this->clean_text($_POST['is_featured']))
     );
 
@@ -237 +241 @@
     if ($_POST['action'] == 'iNIC_testimonial_save_listing_template') {
 
+      if (!wp_verify_nonce($_POST['_nonce'], 'save_testimonial_listing_template')) {
+        echo json_encode(array('error' => "Sorry, your nonce did not verify."));
+        die();
+      }
+
       if ($_POST['title'] && $_POST['listing_template_odd']) {
         $_POST['ord_by'] = "{$_POST['ord_by']} {$_POST['ord_type']}";
         $_POST['no_of_featured'] = $_POST['no_of_featured'] ? $_POST['no_of_featured'] : "1";
-        $_POST['filter_by_country'] = $_POST['filter_by_country'] ? str_replace(", ", ",", $_POST['filter_by_country']) : "";
+        $_POST['filter_by_country'] = $_POST['filter_by_country'] ? str_replace(", ", ",", $this->clean_text($_POST['filter_by_country'])) : "";
         $_POST['filter_by_tags'] = str_replace(", ", ",", $_POST['filter_by_tags']);
-        $_POST['custom_query'] = $_POST['custom_query'] ? str_replace("WHERE ", "", stripslashes($_POST['custom_query'])) : "";
-        $_POST['featured_template'] = stripslashes($_POST['featured_template']);
-        $_POST['listing_template_odd'] = stripslashes($_POST['listing_template_odd']);
-        $_POST['listing_template_even'] = stripslashes($_POST['listing_template_even']);
+        $_POST['custom_query'] = $_POST['custom_query'] ? str_replace("WHERE ", "", stripslashes($this->clean_text($_POST['custom_query']))) : "";
+        $_POST['featured_template'] = $this->clean_text(stripslashes($_POST['featured_template']));
+        $_POST['listing_template_odd'] = $this->clean_text(stripslashes($_POST['listing_template_odd']));
+        $_POST['listing_template_even'] = $this->clean_text(stripslashes($_POST['listing_template_even']));
 
         unset($_POST['action'], $_POST['ord_type']);
@@ -304 +313 @@
     if ($_POST['action'] == "iNIC_testimonial_save_widget") {
 
+      if (!wp_verify_nonce($_POST['_nonce'], 'save_testimonial_widget_template')) {
+        echo json_encode(array('error' => "Sorry, your nonce did not verify."));
+        die();
+      }
+
       if ($_POST['widget_title']) {
         $_POST['no_of_testimonials'] = $_POST['no_of_testimonials'] && is_numeric($_POST['no_of_testimonials']) ? $_POST['no_of_testimonials'] : "";
@@ -311 +325 @@
 
         $_data = array(
-            "title" => $_POST['widget_title'],
-            "no_of_testimonial" => $_POST['no_of_testimonials'],
-            "only_featured" => $_POST['list_only_featured_testimonials'],
-            "filter_by_country" => $_POST['filter_by_country'],
-            "filter_by_tags" => $_POST['filter_by_tags'],
-            "display_randomly" => $_POST['display_randomly'],
-            "html_template" => $_POST['widget_template'],
+            "title" => esc_html($this->clean_text($_POST['widget_title'])),
+            "no_of_testimonial" => $this->clean_text($_POST['no_of_testimonials']),
+            "only_featured" => $this->clean_text($_POST['list_only_featured_testimonials']),
+            "filter_by_country" => $this->clean_text($_POST['filter_by_country']),
+            "filter_by_tags" => $this->clean_text($_POST['filter_by_tags']),
+            "display_randomly" => $this->clean_text($_POST['display_randomly']),
+            "html_template" => $this->clean_text($_POST['widget_template']),
         );
-        
+
         if (isset($_POST['id']) && $_POST['id']) {
           $this->wpdb->update("{$this->wpdb->prefix}inic_testimonial_widget", $_data, array('id' => $_POST['id']));
@@ -342 +356 @@
 
   public function iNIC_testimonial_save_setting() {
+
+    if (!wp_verify_nonce($_POST['_nonce'], 'save_testimonial_options')) {
+      echo json_encode(array('error' => "Sorry, your nonce did not verify."));
+      die();
+    }
+
     $_POST['inic_testimonial_admin_list_per_page'] = (is_numeric($_POST['inic_testimonial_admin_list_per_page']) && $_POST['inic_testimonial_admin_list_per_page'] > 0) ? $_POST['inic_testimonial_admin_list_per_page'] : "10";
-    update_option('inic_testimonial_admin_list_per_page', $_POST['inic_testimonial_admin_list_per_page']);
-    update_option('inic_testimonial_html_template', $_POST['inic_testimonial_html_template']);
+    update_option('inic_testimonial_admin_list_per_page', is_numeric($_POST['inic_testimonial_admin_list_per_page']) ? $_POST['inic_testimonial_admin_list_per_page'] : 15);
+    update_option('inic_testimonial_html_template', $this->clean_text($_POST['inic_testimonial_html_template']));
     update_option("inic_testimonial_list_ord_by", "{$_POST['ord_by']} {$_POST['ord_type']}");
     $_data['msg'] = "IndiaNIC Testimonial Setting has been saved successfully.";
@@ -358 +378 @@
     add_submenu_page("inic_testimonial_view", "Widget Template", "Widget Template", 'administrator', "inic_testimonial_widget_template", array($this, 'inic_testimonial_widget_template'));
     add_submenu_page("inic_testimonial_view", "Settings", "Settings", 'administrator', "inic_testimonial_settings", array($this, 'testimonial_settings'));
-    
+
     require_once "{$this->pluginPath}/listing_data_table.php";
     $this->tbl = new listing_data_table();
@@ -450 +470 @@
   }
 
+  public function clean_text($script_str) {
+    $script_str = htmlspecialchars_decode($script_str);
+    $search_arr = array('<script', '</script>');
+    $script_str = str_ireplace($search_arr, $search_arr, $script_str);
+    $split_arr = explode('<script', $script_str);
+    $remove_jscode_arr = array();
+
+    foreach ($split_arr as $key => $val) {
+      $newarr = explode('</script>', $split_arr[$key]);
+      $remove_jscode_arr[] = ($key == 0) ? $newarr[0] : $newarr[1];
+    }
+
+    return implode('', $remove_jscode_arr);
+  }
+
 }
 

indianic-testimonial/trunk/view.php

@@ -2 +2 @@
 
 if (isset($_GET['id']) && $_GET['id'] && isset($_GET['action']) && $_GET['action'] == 'delete') {
-  $this->wpdb->query("DELETE FROM {$this->wpdb->prefix}inic_testimonial WHERE id={$_GET['id']}");
+  $this->wpdb->delete("{$this->wpdb->prefix}inic_testimonial", array('id' => $_GET['id']));
   if ($this->wpdb->rows_affected) {
     $_data['updated'] = "The testimonial has been deleted successfully.";
@@ -8 +8 @@
 }
     
-$_ord_by = get_option("inic_testimonial_list_ord_by") ? " ORDER BY " . get_option("inic_testimonial_list_ord_by") : "";
-$_result_per_page = get_option("inic_testimonial_admin_list_per_page");
+$_ord_by = get_option("inic_testimonial_list_ord_by") ? " ORDER BY " . esc_html(get_option("inic_testimonial_list_ord_by")) : "";
+$_result_per_page = esc_attr(get_option("inic_testimonial_admin_list_per_page"));
 ?>
 
@@ -19 +19 @@
   if(isset($_data) && is_array($_data)) {
     foreach($_data as $_message_type => $_message) {
-      echo '<div id="message" class="'.$_message_type.' below-h2"><p>'.$_message.'</p></div>';
+      echo '<div id="message" class="'.  esc_attr($_message_type).' below-h2"><p>'.$_message.'</p></div>';
     }
   }
@@ -36 +36 @@
       $this->tbl->display_col_function(function($item, $column_name) {
                 $item['is_featured'] = $item['is_featured'] ? "<br /><code style=\"color:#C00;\"> Featured </code>" : "";
-                return "<a href=\"{$item['project_url']}\" target=\"blank\">{$item['project_name']}</a><br /><i>[ {$item['tags']} ]{$item['is_featured']}</i>";
+                return "<a href=\"".  esc_attr($item['project_url'])."\" target=\"blank\">".  esc_html($item['project_name'])."</a><br /><i>[ ".  esc_html($item['tags'])." ]{$item['is_featured']}</i>";
               });
 
       $this->tbl->add_col('client_name', "Client Name", true);
       $this->tbl->display_col_function(function($item, $column_name) {
-                $item['city'] = $item['city'] ? "<br /><i>[ City: {$item['city']} ]</i>" : "";
-                $item['state'] = $item['state'] ? "<br /><i>[ State: {$item['state']} ]</i>" : "";
-                $item['country'] = $item['country'] ? "<br /><i>[ Country: {$item['country']} ]</i>" : "";
-                return "{$item['client_name']}{$item['city']}{$item['state']}{$item['country']}";
+                $item['city'] = $item['city'] ? "<br /><i>[ City: ".  esc_html($item['city'])." ]</i>" : "";
+                $item['state'] = $item['state'] ? "<br /><i>[ State: ".  esc_html($item['state'])." ]</i>" : "";
+                $item['country'] = $item['country'] ? "<br /><i>[ Country: ".  esc_html($item['country'])." ]</i>" : "";
+                return esc_html($item['client_name']) .  "{$item['city']}{$item['state']}{$item['country']}";
               });
 
@@ -56 +56 @@
       $this->tbl->add_col('thumb_img_url', "Thumb Image");
       $this->tbl->display_col_function(function($item, $column_name) {
-                return $item['thumb_img_url'] ? "<a href=\"{$item['large_img_url']}\" target=\"_blank\"><img src=\"{$item['thumb_img_url']}\" width=\"100\" height=\"100\" /></a>" : "";
+                return $item['thumb_img_url'] ? "<a href=\"".  esc_attr($item['large_img_url'])."\" target=\"_blank\"><img src=\"".  esc_attr($item['thumb_img_url'])."\" width=\"100\" height=\"100\" /></a>" : "";
               });
 

indianic-testimonial/trunk/widget.php

@@ -24 +24 @@
     <p>
       <label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 
-      <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" />
+      <input class="widefat" id="<?php echo esc_attr($this->get_field_id('title')); ?>" name="<?php echo esc_attr($this->get_field_name('title')); ?>" type="text" value="<?php echo esc_attr($title); ?>" />
     </p>
 
     <p>
-      <label for="<?php echo $this->get_field_id('widget_template_id'); ?>"><?php _e('Select Widget Template:'); ?></label> 
-      <select class="widefat" id="<?php echo $this->get_field_id('widget_template_id'); ?>" name="<?php echo $this->get_field_name('widget_template_id'); ?>">
+      <label for="<?php echo esc_attr($this->get_field_id('widget_template_id')); ?>"><?php _e('Select Widget Template:'); ?></label> 
+      <select class="widefat" id="<?php echo esc_attr($this->get_field_id('widget_template_id')); ?>" name="<?php echo esc_attr($this->get_field_name('widget_template_id')); ?>">
         <?php
         $available_widget_tpl = $this->wpdb->get_results("SELECT * FROM {$this->wpdb->prefix}inic_testimonial_widget");
@@ -35 +35 @@
           foreach ($available_widget_tpl as $available_widget_tpl) {
             $_selected = $widget_template_id == $available_widget_tpl->id ? ' selected="selected"' : '';
-            echo "<option value=\"{$available_widget_tpl->id}\"{$_selected}>{$available_widget_tpl->title}</option>";
+            echo "<option value=\"".  esc_attr($available_widget_tpl->id)."\"{$_selected}>".  esc_html($available_widget_tpl->title)."</option>";
           }
         } else {
@@ -98 +98 @@
       }
       
-      //echo "SELECT * FROM {$this->wpdb->prefix}inic_testimonial{$_where}{$no_of_testimonial}";
       $_testimonial_listing = $this->wpdb->get_results("SELECT * FROM {$this->wpdb->prefix}inic_testimonial{$_where}{$display_randomly}{$no_of_testimonial}");
       if ($_testimonial_listing) {
         foreach ($_testimonial_listing as $_testimonial_listing) {
           $_search = array("{#ID}", "{#ProjectName}", "{#ProjectUrl}", "{#ClientName}", "{#City}", "{#State}", "{#Country}", "{#Description}", "{#Tags}", "{#VideoUrl}", "{#ThumbImgUrl}", "{#LargeImgUrl}", "{#Counter}");
-          $_replace = array($_testimonial_listing->id, $_testimonial_listing->project_name, $_testimonial_listing->project_url, $_testimonial_listing->client_name, $_testimonial_listing->city, $_testimonial_listing->state, $_testimonial_listing->country, $_testimonial_listing->description, $_testimonial_listing->tags, $_testimonial_listing->video_url, $_testimonial_listing->thumb_img_url, $_testimonial_listing->large_img_url, $i);
+          $_replace = array(esc_html($_testimonial_listing->id), esc_html($_testimonial_listing->project_name), esc_html($_testimonial_listing->project_url), esc_html($_testimonial_listing->client_name), esc_html($_testimonial_listing->city), esc_html($_testimonial_listing->state), esc_html($_testimonial_listing->country), esc_html($_testimonial_listing->description), esc_html($_testimonial_listing->tags), esc_html($_testimonial_listing->video_url), esc_html($_testimonial_listing->thumb_img_url), esc_html($_testimonial_listing->large_img_url), $i);
 
-          $_code_value = array("{#ID}" => $_testimonial_listing->id, "{#ProjectName}" => $_testimonial_listing->project_name, "{#ProjectUrl}" => $_testimonial_listing->project_url, "{#ClientName}" => $_testimonial_listing->client_name, "{#City}" => $_testimonial_listing->city, "{#State}" => $_testimonial_listing->state, "{#Country}" => $_testimonial_listing->country, "{#Description}" => $_testimonial_listing->description, "{#Tags}" => $_testimonial_listing->tags, "{#VideoUrl}" => $_testimonial_listing->video_url, "{#ThumbImgUrl}" => $_testimonial_listing->thumb_img_url, "{#LargeImgUrl}" => $_testimonial_listing->large_img_url, "{#Counter}" => $i);
+          $_code_value = array("{#ID}" => esc_html($_testimonial_listing->id), "{#ProjectName}" => esc_html($_testimonial_listing->project_name), "{#ProjectUrl}" => esc_html($_testimonial_listing->project_url), "{#ClientName}" => esc_html($_testimonial_listing->client_name), "{#City}" => esc_html($_testimonial_listing->city), "{#State}" => esc_html($_testimonial_listing->state), "{#Country}" => esc_html($_testimonial_listing->country), "{#Description}" => esc_html($_testimonial_listing->description), "{#Tags}" => esc_html($_testimonial_listing->tags), "{#VideoUrl}" => esc_html($_testimonial_listing->video_url), "{#ThumbImgUrl}" => esc_html($_testimonial_listing->thumb_img_url), "{#LargeImgUrl}" => esc_html($_testimonial_listing->large_img_url), "{#Counter}" => $i);
           $inic_testimonial_html_template = $html_template;
           preg_match('#\[IF\s(.+?)](.+?)\[/IF]#s', $inic_testimonial_html_template, $matches_if);

indianic-testimonial/trunk/widget_template.php

@@ -50 +50 @@
       $_current_widget = $this->wpdb->get_results("SELECT * FROM {$this->wpdb->prefix}inic_testimonial_widget WHERE id='{$_GET['id']}'");
       $_current_widget = $_current_widget[0];
-      $id = $_current_widget->id;
-      $title = $_current_widget->title;
-      $no_of_testimonial = $_current_widget->no_of_testimonial;
-      $only_featured = $_current_widget->only_featured;
-      $filter_by_country = $_current_widget->filter_by_country;
-      $filter_by_tags = $_current_widget->filter_by_tags;
-      $display_randomly = $_current_widget->display_randomly;
-      $html_template = $_current_widget->html_template;
+      $id = esc_attr($_current_widget->id);
+      $title = esc_attr($_current_widget->title);
+      $no_of_testimonial = esc_attr($_current_widget->no_of_testimonial);
+      $only_featured = esc_attr($_current_widget->only_featured);
+      $filter_by_country = esc_attr($_current_widget->filter_by_country);
+      $filter_by_tags = esc_attr($_current_widget->filter_by_tags);
+      $display_randomly = esc_attr($_current_widget->display_randomly);
+      $html_template = esc_attr($_current_widget->html_template);
     } else {
       $id = $title = $no_of_testimonial = $only_featured = $filter_by_country = $filter_by_tags = $display_randomly = $html_template = false;
@@ -64 +64 @@
 
     <form name="testimonial_widget_template" method="post" action="">
+      <?php wp_nonce_field('save_testimonial_widget_template','_nonce'); ?>
       <input type="hidden" name="action" value="iNIC_testimonial_save_widget" />
 
@@ -158 +159 @@
             $_results->only_featured = ($_results->only_featured) ? 'Yes' : 'No';
             echo "<tr>
-                    <td>{$_results->title}
+                    <td>".  esc_html($_results->title)."
                       <div class=\"row-actions\">
-                        <span class=\"edit\"><a href=\"admin.php?page=inic_testimonial_widget_template&type=add&id={$_results->id}\" title=\"Edit this item\">Edit</a> | </span>
-                        <span class=\"trash\"><a class=\"submitdelete\" title=\"Delete this item\" href=\"javascript:void(0)\" rel=\"{$_results->id}\">Delete</a></span>
+                        <span class=\"edit\"><a href=\"admin.php?page=inic_testimonial_widget_template&type=add&id=".  esc_attr($_results->id)."\" title=\"Edit this item\">Edit</a> | </span>
+                        <span class=\"trash\"><a class=\"submitdelete\" title=\"Delete this item\" href=\"javascript:void(0)\" rel=\"".  esc_attr($_results->id)."\">Delete</a></span>
                       </div>
                     </td>
-                    <td>{$_results->no_of_testimonial}</td>
-                    <td>{$_results->only_featured}</td>
-                    <td>{$_results->filter_by_country}</td>
-                    <td>{$_results->filter_by_tags}</td>
+                    <td>". esc_html($_results->no_of_testimonial)."</td>
+                    <td>".  esc_html($_results->only_featured)."</td>
+                    <td>".  esc_html($_results->filter_by_country)."</td>
+                    <td>".  esc_html($_results->filter_by_tags)."</td>
                   </tr>";
           }