Context Navigation

← Previous Changeset
Next Changeset →

Changeset 992286

Timestamp:

09/18/2014 12:10:21 AM (12 years ago)

Author:

leocaseiro

Message:

Version 1.5 Released

Location:

custom-options-plus

Files:

: 6 edited
: 1 copied

tags/1.5 (copied) (copied from custom-options-plus/trunk)
tags/1.5/custom-options-plus.php (modified) (15 diffs)
tags/1.5/js/functions.js (modified) (1 diff)
tags/1.5/readme.txt (modified) (5 diffs)
trunk/custom-options-plus.php (modified) (15 diffs)
trunk/js/functions.js (modified) (1 diff)
trunk/readme.txt (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

custom-options-plus/tags/1.5/custom-options-plus.php

-                      r983371
+                      r992286
 You can for example, register the address and phone numbers of your company to leave in the header of your site. So, if someday relocate, you do not need to change your theme. Just change administratively.
 You can also enter the login of your social networks. How to login twitter, Facebook, Youtube, contact email and more.
 Version: 1.4.1
+Version: 1.5
 Author: Leo Caseiro
 Author URI: http://leocaseiro.com.br/
-*/
-/*  Copyright 2011-2014 Leo Caseiro (http://leocaseiro.com.br/)
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License, version 2, as
-    published by the Free Software Foundation.
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
 …
+}
 define( 'COP_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
 define( 'COP_PLUGIN_NAME', trim( dirname( COP_PLUGIN_BASENAME ), '/' ) );
 …
 define( 'COP_PLUGIN_URL', WP_PLUGIN_URL . '/' . COP_PLUGIN_NAME );
+global $wpdb;
+//Added on 1.5
+define( 'COP_OPTIONS_PREFIX', 'cop_' );
+define( 'COP_PLUGIN_VERSION', '1.5' );
+global $wpdb, $COP_TABLE;
 define( 'COP_TABLE',  $wpdb->prefix . 'custom_options_plus' );
+//Added on 1.5 as GLOBAL
+$COP_TABLE = COP_TABLE;
 //Create a table in MySQL database when activate plugin
 function cop_setup() {
     global $wpdb;
+    $wpdb->query('
         CREATE TABLE IF NOT EXISTS ' . COP_TABLE . ' (
+    global $wpdb, $COP_TABLE;
+    $sql = "CREATE TABLE IF NOT EXISTS $COP_TABLE (
           `id` int(5) NOT NULL AUTO_INCREMENT,
           `label` varchar(100) NOT NULL,
 …
           PRIMARY KEY (`id`)
         ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+    ' );
+}
+    ";
+    require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
+    dbDelta($sql);
+    update_option(COP_OPTIONS_PREFIX . 'version', COP_PLUGIN_VERSION);
+}
 register_activation_hook( __FILE__, 'cop_setup' );
 …
 function cop_load_js_and_css() {
+    wp_register_script( 'functions.js', COP_PLUGIN_DIR . 'functions.js', array('jquery'), '2.5.9' );
+    wp_register_script( 'jquery.stringToSlug.min.js', COP_PLUGIN_DIR . 'jquery.stringToSlug.min.js', array('jquery'), '2.5.9' );
+}
+    wp_register_script( 'functions.js', COP_PLUGIN_DIR . 'functions.js', array('jquery'), COP_PLUGIN_VERSION );
+    wp_register_script( 'jquery.stringToSlug.min.js', COP_PLUGIN_DIR . 'jquery.stringToSlug.min.js', array('jquery'), COP_PLUGIN_VERSION );
+}
 function cop_insert() {
     global $wpdb;
     $_POST['label'] = filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['name']  = filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['value'] = filter_var($_POST['value'], FILTER_UNSAFE_RAW);
     return $wpdb->insert(
         COP_TABLE,
         array(
             'label' => $_POST['label'],
+    $_POST['label'] = stripslashes_deep(filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['name']  = stripslashes_deep(filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['value'] = stripslashes_deep(filter_var($_POST['value'], FILTER_UNSAFE_RAW));
+    return $wpdb->insert(
+        COP_TABLE,
+        array(
+            'label' => $_POST['label'],
             'name' => $_POST['name'],
             'value' => stripslashes($_POST['value'])
+        )
+        ),
+        array('%s','%s','%s')
     );
+}
 …
 function cop_update() {
     global $wpdb;
     $_POST['id']    = filter_var($_POST['id'], FILTER_VALIDATE_INT);
     $_POST['label'] = filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['name']  = filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['value'] = filter_var($_POST['value'], FILTER_UNSAFE_RAW);
+    $_POST['label'] = stripslashes_deep(filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['name']  = stripslashes_deep(filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['value'] = stripslashes_deep(filter_var($_POST['value'], FILTER_UNSAFE_RAW));
     return $wpdb->update(
         COP_TABLE,
         array(
             'label' => $_POST['label'],
+        COP_TABLE,
+        array(
+            'label' => $_POST['label'],
             'name'  => $_POST['name'],
             'value' => stripslashes($_POST['value'])
         ),
+        array ('id' => $_POST['id'])
+        array ('id' => $_POST['id']),
+        array('%s','%s','%s'),
+        array('%d')
     );
 …
 function cop_delete( $id ) {
+    global $wpdb;
+    return $wpdb->query($wpdb->prepare('DELETE FROM ' . COP_TABLE . ' WHERE id = \'%d\' ', $id) );
+    global $wpdb, $COP_TABLE;
+    return $wpdb->query($wpdb->prepare("DELETE FROM $COP_TABLE WHERE id = %d ", $id) );
+}
 function cop_get_options() {
+    global $wpdb;
+    return $wpdb->get_results('SELECT * FROM ' . COP_TABLE . ' ORDER BY label ASC');
+    global $wpdb, $COP_TABLE;
+    return $wpdb->get_results("SELECT id, label, name, value FROM $COP_TABLE ORDER BY label ASC");
+}
 function cop_get_option( $id ) {
+    global $wpdb;
+    return $wpdb->get_row('SELECT * FROM ' . COP_TABLE . ' WHERE id = ' . $id );
+    global $wpdb, $COP_TABLE;
+    return $wpdb->get_row($wpdb->prepare("SELECT id, label, name, value FROM $COP_TABLE WHERE id = %d",  $id ));
+}
 …
     wp_enqueue_script( 'stringToSlug', COP_PLUGIN_URL . '/js/jquery.stringToSlug.min.js', array('jquery'), '2.5.9' );
     wp_enqueue_script( 'copFunctions', COP_PLUGIN_URL . '/js/functions.js', array('stringToSlug') );
     $id     = '';
     $label  = '';
     $name   = '';
     $value  = '';
     $message = '';
     if ( isset($_GET['del']) && $_GET['del'] > 0 ) :
         if ( cop_delete( $_GET['del'] ) ) :
             $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
         endif;
     elseif ( isset($_POST['id']) ) :
         if ($_POST['id'] == '') :
             cop_insert();
             $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
         elseif ($_POST['id'] > 0) :
+            $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
+        elseif ($_POST['id'] > 0) :
             cop_update();
             $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
+            $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
         endif;
     elseif ( isset($_GET['id']) && $_GET['id'] > 0 ) :
         $option = cop_get_option( $_GET['id'] );
         $id     = $option->id;
         $label  = $option->label;
         $name   = $option->name;
         $value  = $option->value;
     endif;
     $options = cop_get_options();
 ?>
     <div class="wrap">
         <div id="icon-tools" class="icon32"></div><h2>Custom Options Plus <a href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>#new-custom-option" class="add-new-h2">Add New</a></h2>
         <?php echo $message; ?>
         <br />
 …
                     <tbody id="the-list">
                         <?php $trclass = 'class="alternate"';
                         foreach ($options as $option ) :
+                        foreach ($options as $option ) :
                         ?>
                         <tr <?php echo $trclass; ?> rowspan="2">
 …
                                 <?php echo $option->label; ?>
                                 <div class="row-actions">
                                     <span class="edit"><a href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>&id=<?php echo $option->id; ?>#new-custom-option">Edit</a> | </span>
+                                    <span class="edit"><a href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>&amp;id=<?php echo $option->id; ?>#new-custom-option">Edit</a> | </span>
                                     <span class="delete"><a onclick="return confirm('Are you sure want to delete item?')" class="submitdelete" title="Delete <?php echo $option->label; ?>" href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>&del=<?php echo $option->id; ?>">Delete</a></span>
                                 </div>
                             </td>
                             <td>
                                 <input style="font-size:12px;" type="text" onfocus="this.select();" readonly="readonly" value="<?php echo $option->name; ?>" class="shortcode-in-list-table wp-ui-text-highlight code">
+                                <textarea style="font-size:12px;" type="text" onclick="this.select();" onfocus="this.select();" readonly="readonly" class="shortcode-in-list-table wp-ui-text-highlight code"><?php echo $option->name; ?></textarea>
                             </td>
                             <td><?php echo htmlentities(utf8_decode($option->value)); ?></td>
+                            <td><div style="overflow:auto; min-height:99%; width:99%; margin:2px; padding:2px; background-color:#eee; clear:both;"><?php echo $option->value; ?></div></td>
                         </tr>
                         <?php
 …
         <br />
         <?php endif; ?>
         <form method="post" action="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>">
             <input type="hidden" name="id" value="<?php echo $id; ?>" />
             <h3 id="new-custom-option">Add new Custom Option</h3>
             <table class="form-table">
+            <table class="form-table">
                 <tbody>
                     <tr valign="top">
                         <td scope="row">
+                        <th scope="row">
                             <label for="label">Label:</label>
                         </td>
 …
                     </tr>
                     <tr>
                         <td scope="row">
+                        <th scope="row">
                             <label for="name">*Name:</label>
                         </td>
                         <td>
                             <input name="name" type="text" id="name" value="<?php echo $name; ?>" class="regular-text">
                         </td>
+                        </td>
                     </tr>
                     <tr>
                         <td scope="row">
+                        <th scope="row">
                             <label for="value">Value:</label>
                         </td>
                         <td>
                             <textarea name="value" rows="7" cols="40" type="text" id="value" class="regular-text code"><?php echo $value; ?></textarea>
                         </td>
+                        </td>
                     </tr>
                 </tbody>
 …
             <p class="submit"><input type="submit" name="submit" id="submit" class="button-primary" value="<?php _e('Save Changes'); ?>"></p>
         </form>
     </div>
 <?php
 …
 //get your single option
 function get_custom( $name ) {
+    global $wpdb;
+    global $wpdb, $COP_TABLE;
     if ( '' != $name ) :
         return $wpdb->get_var( $wpdb->prepare( 'SELECT value FROM ' . COP_TABLE . ' WHERE name = \'%s\' LIMIT 1', $name ) );
+        return $wpdb->get_var( $wpdb->prepare( "SELECT value FROM $COP_TABLE WHERE name = %s LIMIT 1", $name ) );
     else :
         return false;
     endif;
+}
+}
 //get your array options
 function get_customs( $name ) {
     global $wpdb;
+    global $wpdb, $COP_TABLE;
     if ( '' != $name ) :
         $list = $wpdb->get_results( $wpdb->prepare( 'SELECT value FROM ' . COP_TABLE . ' WHERE name = \'%s\' ', $name ) , ARRAY_A);
+        $list = $wpdb->get_results( $wpdb->prepare( "SELECT value FROM $COP_TABLE WHERE name = %s ", $name ) , ARRAY_A);
         $array = array();
         foreach ( $list as $key => $name ) :
 …
 //Tutorial em Help Button
+//Tutorial on Help Button
 function cop_plugin_help($contextual_help, $screen_id, $screen) {

custom-options-plus/tags/1.5/js/functions.js

-                      r867617
+                      r992286
+jQuery(document).ready( function() {
+    jQuery("#label").stringToSlug({
+        setEvents: 'keyup keydown blur',
+        getPut: '#name',
+        space: '_'
+    });
+jQuery(document).ready( function($) {
+    if ($("#name").val() === '') {
+            $("#label").stringToSlug({
+            setEvents: 'keyup keydown blur',
+            getPut: '#name',
+            space: '_'
+        });
+    }
 });

custom-options-plus/tags/1.5/readme.txt

-                      r983371
+                      r992286
 === Custom Options Plus ===
+=== Custom Options Plus ===
 Contributors: leocaseiro
 Donate link: http://leocaseiro.com.br/contato/
 …
 Requires at least: 2.7
 Tested up to: 4.0
 Stable tag: 1.4.1
+Stable tag: 1.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 == Description ==
+== Description ==
 Custom Options Plus is the easiest way to add your custom variables as a Settings Page for your Theme.
 …
 [Support on GitHub](https://github.com/leocaseiro/Wordpress-Plugin-Custom-Options-Plus/issues "GitHub Issues for Support"), please!
 == Installation ==
+== Installation ==
 . Download the plugin.
 . Activate the plugin.
 …
 == Changelog ==
+= 1.5 =
+* Lot of best practices improvements on code
+* ESCAPE bug fix following suggestion from @pierre-r on github Issue #4
+* SQL Injection improvement using correctly $wpdp->prepare
+* Plugin Version added
+* Admin Layout improvements
+* Automatic name generated only on Add New mode
+= 1.4.1 =
+* README improvements
 = 1.4 =
 …
 = 1.1 =
 * Value field from varchar(255) to text
 * SQL Injection fix following suggestion by Andy Stratton in http://wordpress.org/support/topic/plugin-custom-options-plus-stripslashes-needed-on-submission-of-content?replies=1
+* SQL Injection fix following suggestion from Andy Stratton in http://wordpress.org/support/topic/plugin-custom-options-plus-stripslashes-needed-on-submission-of-content?replies=1
 * New Layout using WP List Table

custom-options-plus/trunk/custom-options-plus.php

-                      r983371
+                      r992286
 You can for example, register the address and phone numbers of your company to leave in the header of your site. So, if someday relocate, you do not need to change your theme. Just change administratively.
 You can also enter the login of your social networks. How to login twitter, Facebook, Youtube, contact email and more.
 Version: 1.4.1
+Version: 1.5
 Author: Leo Caseiro
 Author URI: http://leocaseiro.com.br/
-*/
-/*  Copyright 2011-2014 Leo Caseiro (http://leocaseiro.com.br/)
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License, version 2, as
-    published by the Free Software Foundation.
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
 …
+}
 define( 'COP_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
 define( 'COP_PLUGIN_NAME', trim( dirname( COP_PLUGIN_BASENAME ), '/' ) );
 …
 define( 'COP_PLUGIN_URL', WP_PLUGIN_URL . '/' . COP_PLUGIN_NAME );
+global $wpdb;
+//Added on 1.5
+define( 'COP_OPTIONS_PREFIX', 'cop_' );
+define( 'COP_PLUGIN_VERSION', '1.5' );
+global $wpdb, $COP_TABLE;
 define( 'COP_TABLE',  $wpdb->prefix . 'custom_options_plus' );
+//Added on 1.5 as GLOBAL
+$COP_TABLE = COP_TABLE;
 //Create a table in MySQL database when activate plugin
 function cop_setup() {
     global $wpdb;
+    $wpdb->query('
         CREATE TABLE IF NOT EXISTS ' . COP_TABLE . ' (
+    global $wpdb, $COP_TABLE;
+    $sql = "CREATE TABLE IF NOT EXISTS $COP_TABLE (
           `id` int(5) NOT NULL AUTO_INCREMENT,
           `label` varchar(100) NOT NULL,
 …
           PRIMARY KEY (`id`)
         ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+    ' );
+}
+    ";
+    require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
+    dbDelta($sql);
+    update_option(COP_OPTIONS_PREFIX . 'version', COP_PLUGIN_VERSION);
+}
 register_activation_hook( __FILE__, 'cop_setup' );
 …
 function cop_load_js_and_css() {
+    wp_register_script( 'functions.js', COP_PLUGIN_DIR . 'functions.js', array('jquery'), '2.5.9' );
+    wp_register_script( 'jquery.stringToSlug.min.js', COP_PLUGIN_DIR . 'jquery.stringToSlug.min.js', array('jquery'), '2.5.9' );
+}
+    wp_register_script( 'functions.js', COP_PLUGIN_DIR . 'functions.js', array('jquery'), COP_PLUGIN_VERSION );
+    wp_register_script( 'jquery.stringToSlug.min.js', COP_PLUGIN_DIR . 'jquery.stringToSlug.min.js', array('jquery'), COP_PLUGIN_VERSION );
+}
 function cop_insert() {
     global $wpdb;
     $_POST['label'] = filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['name']  = filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['value'] = filter_var($_POST['value'], FILTER_UNSAFE_RAW);
     return $wpdb->insert(
         COP_TABLE,
         array(
             'label' => $_POST['label'],
+    $_POST['label'] = stripslashes_deep(filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['name']  = stripslashes_deep(filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['value'] = stripslashes_deep(filter_var($_POST['value'], FILTER_UNSAFE_RAW));
+    return $wpdb->insert(
+        COP_TABLE,
+        array(
+            'label' => $_POST['label'],
             'name' => $_POST['name'],
             'value' => stripslashes($_POST['value'])
+        )
+        ),
+        array('%s','%s','%s')
     );
+}
 …
 function cop_update() {
     global $wpdb;
     $_POST['id']    = filter_var($_POST['id'], FILTER_VALIDATE_INT);
     $_POST['label'] = filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['name']  = filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS);
     $_POST['value'] = filter_var($_POST['value'], FILTER_UNSAFE_RAW);
+    $_POST['label'] = stripslashes_deep(filter_var($_POST['label'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['name']  = stripslashes_deep(filter_var($_POST['name'], FILTER_SANITIZE_SPECIAL_CHARS));
+    $_POST['value'] = stripslashes_deep(filter_var($_POST['value'], FILTER_UNSAFE_RAW));
     return $wpdb->update(
         COP_TABLE,
         array(
             'label' => $_POST['label'],
+        COP_TABLE,
+        array(
+            'label' => $_POST['label'],
             'name'  => $_POST['name'],
             'value' => stripslashes($_POST['value'])
         ),
+        array ('id' => $_POST['id'])
+        array ('id' => $_POST['id']),
+        array('%s','%s','%s'),
+        array('%d')
     );
 …
 function cop_delete( $id ) {
+    global $wpdb;
+    return $wpdb->query($wpdb->prepare('DELETE FROM ' . COP_TABLE . ' WHERE id = \'%d\' ', $id) );
+    global $wpdb, $COP_TABLE;
+    return $wpdb->query($wpdb->prepare("DELETE FROM $COP_TABLE WHERE id = %d ", $id) );
+}
 function cop_get_options() {
+    global $wpdb;
+    return $wpdb->get_results('SELECT * FROM ' . COP_TABLE . ' ORDER BY label ASC');
+    global $wpdb, $COP_TABLE;
+    return $wpdb->get_results("SELECT id, label, name, value FROM $COP_TABLE ORDER BY label ASC");
+}
 function cop_get_option( $id ) {
+    global $wpdb;
+    return $wpdb->get_row('SELECT * FROM ' . COP_TABLE . ' WHERE id = ' . $id );
+    global $wpdb, $COP_TABLE;
+    return $wpdb->get_row($wpdb->prepare("SELECT id, label, name, value FROM $COP_TABLE WHERE id = %d",  $id ));
+}
 …
     wp_enqueue_script( 'stringToSlug', COP_PLUGIN_URL . '/js/jquery.stringToSlug.min.js', array('jquery'), '2.5.9' );
     wp_enqueue_script( 'copFunctions', COP_PLUGIN_URL . '/js/functions.js', array('stringToSlug') );
     $id     = '';
     $label  = '';
     $name   = '';
     $value  = '';
     $message = '';
     if ( isset($_GET['del']) && $_GET['del'] > 0 ) :
         if ( cop_delete( $_GET['del'] ) ) :
             $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
         endif;
     elseif ( isset($_POST['id']) ) :
         if ($_POST['id'] == '') :
             cop_insert();
             $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
         elseif ($_POST['id'] > 0) :
+            $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
+        elseif ($_POST['id'] > 0) :
             cop_update();
             $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
+            $message = '<div class="updated"><p><strong>' . __('Settings saved.') . '</strong></p></div>';
         endif;
     elseif ( isset($_GET['id']) && $_GET['id'] > 0 ) :
         $option = cop_get_option( $_GET['id'] );
         $id     = $option->id;
         $label  = $option->label;
         $name   = $option->name;
         $value  = $option->value;
     endif;
     $options = cop_get_options();
 ?>
     <div class="wrap">
         <div id="icon-tools" class="icon32"></div><h2>Custom Options Plus <a href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>#new-custom-option" class="add-new-h2">Add New</a></h2>
         <?php echo $message; ?>
         <br />
 …
                     <tbody id="the-list">
                         <?php $trclass = 'class="alternate"';
                         foreach ($options as $option ) :
+                        foreach ($options as $option ) :
                         ?>
                         <tr <?php echo $trclass; ?> rowspan="2">
 …
                                 <?php echo $option->label; ?>
                                 <div class="row-actions">
                                     <span class="edit"><a href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>&id=<?php echo $option->id; ?>#new-custom-option">Edit</a> | </span>
+                                    <span class="edit"><a href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>&amp;id=<?php echo $option->id; ?>#new-custom-option">Edit</a> | </span>
                                     <span class="delete"><a onclick="return confirm('Are you sure want to delete item?')" class="submitdelete" title="Delete <?php echo $option->label; ?>" href="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>&del=<?php echo $option->id; ?>">Delete</a></span>
                                 </div>
                             </td>
                             <td>
                                 <input style="font-size:12px;" type="text" onfocus="this.select();" readonly="readonly" value="<?php echo $option->name; ?>" class="shortcode-in-list-table wp-ui-text-highlight code">
+                                <textarea style="font-size:12px;" type="text" onclick="this.select();" onfocus="this.select();" readonly="readonly" class="shortcode-in-list-table wp-ui-text-highlight code"><?php echo $option->name; ?></textarea>
                             </td>
                             <td><?php echo htmlentities(utf8_decode($option->value)); ?></td>
+                            <td><div style="overflow:auto; min-height:99%; width:99%; margin:2px; padding:2px; background-color:#eee; clear:both;"><?php echo $option->value; ?></div></td>
                         </tr>
                         <?php
 …
         <br />
         <?php endif; ?>
         <form method="post" action="<?php echo preg_replace('/\\&.*/', '', $_SERVER['REQUEST_URI']); ?>">
             <input type="hidden" name="id" value="<?php echo $id; ?>" />
             <h3 id="new-custom-option">Add new Custom Option</h3>
             <table class="form-table">
+            <table class="form-table">
                 <tbody>
                     <tr valign="top">
                         <td scope="row">
+                        <th scope="row">
                             <label for="label">Label:</label>
                         </td>
 …
                     </tr>
                     <tr>
                         <td scope="row">
+                        <th scope="row">
                             <label for="name">*Name:</label>
                         </td>
                         <td>
                             <input name="name" type="text" id="name" value="<?php echo $name; ?>" class="regular-text">
                         </td>
+                        </td>
                     </tr>
                     <tr>
                         <td scope="row">
+                        <th scope="row">
                             <label for="value">Value:</label>
                         </td>
                         <td>
                             <textarea name="value" rows="7" cols="40" type="text" id="value" class="regular-text code"><?php echo $value; ?></textarea>
                         </td>
+                        </td>
                     </tr>
                 </tbody>
 …
             <p class="submit"><input type="submit" name="submit" id="submit" class="button-primary" value="<?php _e('Save Changes'); ?>"></p>
         </form>
     </div>
 <?php
 …
 //get your single option
 function get_custom( $name ) {
+    global $wpdb;
+    global $wpdb, $COP_TABLE;
     if ( '' != $name ) :
         return $wpdb->get_var( $wpdb->prepare( 'SELECT value FROM ' . COP_TABLE . ' WHERE name = \'%s\' LIMIT 1', $name ) );
+        return $wpdb->get_var( $wpdb->prepare( "SELECT value FROM $COP_TABLE WHERE name = %s LIMIT 1", $name ) );
     else :
         return false;
     endif;
+}
+}
 //get your array options
 function get_customs( $name ) {
     global $wpdb;
+    global $wpdb, $COP_TABLE;
     if ( '' != $name ) :
         $list = $wpdb->get_results( $wpdb->prepare( 'SELECT value FROM ' . COP_TABLE . ' WHERE name = \'%s\' ', $name ) , ARRAY_A);
+        $list = $wpdb->get_results( $wpdb->prepare( "SELECT value FROM $COP_TABLE WHERE name = %s ", $name ) , ARRAY_A);
         $array = array();
         foreach ( $list as $key => $name ) :
 …
 //Tutorial em Help Button
+//Tutorial on Help Button
 function cop_plugin_help($contextual_help, $screen_id, $screen) {

custom-options-plus/trunk/js/functions.js

-                      r867617
+                      r992286
+jQuery(document).ready( function() {
+    jQuery("#label").stringToSlug({
+        setEvents: 'keyup keydown blur',
+        getPut: '#name',
+        space: '_'
+    });
+jQuery(document).ready( function($) {
+    if ($("#name").val() === '') {
+            $("#label").stringToSlug({
+            setEvents: 'keyup keydown blur',
+            getPut: '#name',
+            space: '_'
+        });
+    }
 });

custom-options-plus/trunk/readme.txt

-                      r983371
+                      r992286
 === Custom Options Plus ===
+=== Custom Options Plus ===
 Contributors: leocaseiro
 Donate link: http://leocaseiro.com.br/contato/
 …
 Requires at least: 2.7
 Tested up to: 4.0
 Stable tag: 1.4.1
+Stable tag: 1.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 == Description ==
+== Description ==
 Custom Options Plus is the easiest way to add your custom variables as a Settings Page for your Theme.
 …
 [Support on GitHub](https://github.com/leocaseiro/Wordpress-Plugin-Custom-Options-Plus/issues "GitHub Issues for Support"), please!
 == Installation ==
+== Installation ==
 . Download the plugin.
 . Activate the plugin.
 …
 == Changelog ==
+= 1.5 =
+* Lot of best practices improvements on code
+* ESCAPE bug fix following suggestion from @pierre-r on github Issue #4
+* SQL Injection improvement using correctly $wpdp->prepare
+* Plugin Version added
+* Admin Layout improvements
+* Automatic name generated only on Add New mode
+= 1.4.1 =
+* README improvements
 = 1.4 =
 …
 = 1.1 =
 * Value field from varchar(255) to text
 * SQL Injection fix following suggestion by Andy Stratton in http://wordpress.org/support/topic/plugin-custom-options-plus-stripslashes-needed-on-submission-of-content?replies=1
+* SQL Injection fix following suggestion from Andy Stratton in http://wordpress.org/support/topic/plugin-custom-options-plus-stripslashes-needed-on-submission-of-content?replies=1
 * New Layout using WP List Table

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: