Dynamic Widgets - Version 1.5.2

Version Description

It's highly recommended to update asap. A possible security vulnerability has been found in all previous versions.

=

Download this release

Release Info

Developer qurl
Plugin Icon wp plugin Dynamic Widgets
Version 1.5.2
Comparing to
See all releases

Code changes from version 1.5.1 to 1.5.2

Files changed (6) hide show
  1. classes/dynwid_class.php +4 -4
  2. dynamic-widgets.php +45 -41
  3. dynwid_admin_edit.php +17 -9
  4. dynwid_admin_save.php +34 -31
  5. dynwid_worker.php +4 -3
  6. readme.txt +10 -4
classes/dynwid_class.php CHANGED
@@ -126,7 +126,7 @@
126
  $query = "INSERT INTO " . $this->dbtable . "
127
  (widget_id, maintype, name, value)
128
  VALUES
129
- ('" . $widget_id . "', 'date', '" . $name . "', '" . $date . "')";
130
  $this->wpdb->query($query);
131
  }
132
  }
@@ -163,14 +163,14 @@
163
  $query = "INSERT INTO " . $this->dbtable . "
164
  (widget_id, maintype, name, value)
165
  VALUES
166
- ('" . $widget_id . "', '" . $maintype . "', 'default', '" . $opt_default . "')";
167
  $this->wpdb->query($query);
168
  }
169
  foreach ( $act as $option ) {
170
  $query = "INSERT INTO " . $this->dbtable . "
171
  (widget_id, maintype, name, value)
172
  VALUES
173
- ('" . $widget_id . "', '" . $maintype . "', '" . $option . "', '" . $opt_act . "')";
174
  $this->wpdb->query($query);
175
  }
176
  }
@@ -186,7 +186,7 @@
186
  $query = "INSERT INTO " . $this->dbtable . "
187
  (widget_id, maintype, value)
188
  VALUES
189
- ('" . $widget_id . "', '" . $maintype . "', '" . $value . "')";
190
  $this->wpdb->query($query);
191
  }
192
 
126
  $query = "INSERT INTO " . $this->dbtable . "
127
  (widget_id, maintype, name, value)
128
  VALUES
129
+ ('" . $this->wpdb->escape($widget_id) . "', 'date', '" . $this->wpdb->escape($name) . "', '" . $this->wpdb->escape($date) . "')";
130
  $this->wpdb->query($query);
131
  }
132
  }
163
  $query = "INSERT INTO " . $this->dbtable . "
164
  (widget_id, maintype, name, value)
165
  VALUES
166
+ ('" . $this->wpdb->escape($widget_id) . "', '" . $this->wpdb->escape($maintype) . "', 'default', '" . $this->wpdb->escape($opt_default) . "')";
167
  $this->wpdb->query($query);
168
  }
169
  foreach ( $act as $option ) {
170
  $query = "INSERT INTO " . $this->dbtable . "
171
  (widget_id, maintype, name, value)
172
  VALUES
173
+ ('" . $this->wpdb->escape($widget_id) . "', '" . $this->wpdb->escape($maintype) . "', '" . $this->wpdb->escape($option) . "', '" . $this->wpdb->escape($opt_act) . "')";
174
  $this->wpdb->query($query);
175
  }
176
  }
186
  $query = "INSERT INTO " . $this->dbtable . "
187
  (widget_id, maintype, value)
188
  VALUES
189
+ ('" . $this->wpdb->escape($widget_id) . "', '" . $this->wpdb->escape($maintype) . "', '" . $this->wpdb->escape($value) . "')";
190
  $this->wpdb->query($query);
191
  }
192
 
dynamic-widgets.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin URI: http://www.qurl.nl/dynamic-widgets/
5
  * Description: Dynamic Widgets gives you full control on which pages your widgets will appear. It lets you dynamicly show or hide widgets on WordPress pages.
6
  * Author: Qurl
7
- * Version: 1.5.1
8
  * Author URI: http://www.qurl.nl/
9
  * Tags: widget, widgets, dynamic, sidebar, custom, rules, logic, admin, condition, conditional tags, hide, show, wpml, qtranslate, wpec, buddypress, pods
10
  *
@@ -15,7 +15,7 @@
15
  *
16
  * Released under the GPL v.2, http://www.gnu.org/copyleft/gpl.html
17
  *
18
- * @version $Id: dynamic-widgets.php 523481 2012-03-25 19:49:08Z qurl $
19
  * @copyright 2011 Jacco Drabbe
20
  *
21
  * Thanks to Alexis Nomine for the contribution of the French (fr_FR) language files, several L10N fixes and change of the edit options UI.
@@ -67,7 +67,7 @@
67
  define('DW_PLUGIN', dirname(__FILE__) . '/' . 'plugin/');
68
  define('DW_TIME_LIMIT', 86400); // 1 day
69
  define('DW_URL', 'http://www.qurl.nl');
70
- define('DW_VERSION', '1.5.1');
71
  define('DW_VERSION_URL_CHECK', DW_URL . '/wp-content/uploads/php/dw_version.php?v=' . DW_VERSION . '&n=');
72
  define('DW_WPML_API', '/inc/wpml-api.php'); // WPML Plugin support - API file relative to ICL_PLUGIN_PATH
73
  define('DW_WPML_ICON', 'img/wpml_icon.png'); // WPML Plugin support - WPML icon
@@ -151,7 +151,6 @@
151
  update_option('dynwid_version', DW_VERSION);
152
  }
153
 
154
-
155
  /**
156
  * dynwid_add_admin_help_tab() Add help tab for WP >= 3.3
157
  * @since 1.5.0
@@ -804,44 +803,49 @@
804
  // Now adding the dynwid text & link
805
  // echo '<p><input id="dw_hide_title_' . str_replace('-', '_', $widget_id) . '" type="checkbox" name="dw_hide_title_' . $widget_id . '" ' . ( ($checked ? ' checked="checked"' : '' ) ) . ' /> <label for="dw_hide_title_' . str_replace('-', '_', $widget_id) . '">Hide the title</label></p>';
806
  echo '<p>' . __('Dynamic Widgets', DW_L10N_DOMAIN) . ': ';
807
- echo '<a style="text-decoration:none;" title="' . __('Edit Dynamic Widgets Options', DW_L10N_DOMAIN) . '" href="themes.php?page=dynwid-config&action=edit&id=' . $widget_id . '&returnurl=widgets.php' . '">';
808
- echo ( $DW->hasOptions($widget_id) ) ? __('Dynamic', DW_L10N_DOMAIN) : __('Static', DW_L10N_DOMAIN);
809
- echo '</a>';
810
- if ( $DW->hasOptions($widget_id) ) {
811
- $s = array();
812
- $opt = $DW->getOpt($widget_id, NULL);
813
- foreach ( $opt as $widget ) {
814
- $type = $widget->maintype;
815
- if ( $type != 'individual' && substr($type, -6) != 'childs' && ! preg_match('/.*-tax_.*/', $type) ) {
816
- $single = array('single-author', 'single-category', 'single-tag', 'single-post');
817
- if ( in_array($type, $single) ) {
818
- $type = 'single';
819
- }
820
- if (! in_array($type, $s) ) {
821
- $s[ ] = $type;
822
- }
823
- }
824
- }
825
 
826
- $last = count($s) - 1;
827
- $string = '';
828
- for ( $i = 0; $i < $last; $i++ ) {
829
- $type = $s[$i];
830
- if (! empty($DW->dwoptions[$type]) ) {
831
- $string .= $DW->dwoptions[$type];
832
- }
833
- $string .= ( ($last - 1) == $i ) ? ' ' . __('and', DW_L10N_DOMAIN) . ' ' : ', ';
834
- }
835
- $type = $s[$last];
836
- if ( isset($DW->dwoptions[$type]) ) {
837
- $string .= $DW->dwoptions[$type];
838
- }
839
-
840
- $output = '<br /><small>';
841
- $output .= ( count($opt) > 1 ) ? __('Options set for', DW_L10N_DOMAIN) : __('Option set for', DW_L10N_DOMAIN);
842
- $output .= ' ' . $string . '.</small>';
843
- echo $output;
844
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
845
  echo '</p>';
846
  }
847
 
4
  * Plugin URI: http://www.qurl.nl/dynamic-widgets/
5
  * Description: Dynamic Widgets gives you full control on which pages your widgets will appear. It lets you dynamicly show or hide widgets on WordPress pages.
6
  * Author: Qurl
7
+ * Version: 1.5.2
8
  * Author URI: http://www.qurl.nl/
9
  * Tags: widget, widgets, dynamic, sidebar, custom, rules, logic, admin, condition, conditional tags, hide, show, wpml, qtranslate, wpec, buddypress, pods
10
  *
15
  *
16
  * Released under the GPL v.2, http://www.gnu.org/copyleft/gpl.html
17
  *
18
+ * @version $Id: dynamic-widgets.php 532982 2012-04-18 17:35:12Z qurl $
19
  * @copyright 2011 Jacco Drabbe
20
  *
21
  * Thanks to Alexis Nomine for the contribution of the French (fr_FR) language files, several L10N fixes and change of the edit options UI.
67
  define('DW_PLUGIN', dirname(__FILE__) . '/' . 'plugin/');
68
  define('DW_TIME_LIMIT', 86400); // 1 day
69
  define('DW_URL', 'http://www.qurl.nl');
70
+ define('DW_VERSION', '1.5.2');
71
  define('DW_VERSION_URL_CHECK', DW_URL . '/wp-content/uploads/php/dw_version.php?v=' . DW_VERSION . '&n=');
72
  define('DW_WPML_API', '/inc/wpml-api.php'); // WPML Plugin support - API file relative to ICL_PLUGIN_PATH
73
  define('DW_WPML_ICON', 'img/wpml_icon.png'); // WPML Plugin support - WPML icon
151
  update_option('dynwid_version', DW_VERSION);
152
  }
153
 
 
154
  /**
155
  * dynwid_add_admin_help_tab() Add help tab for WP >= 3.3
156
  * @since 1.5.0
803
  // Now adding the dynwid text & link
804
  // echo '<p><input id="dw_hide_title_' . str_replace('-', '_', $widget_id) . '" type="checkbox" name="dw_hide_title_' . $widget_id . '" ' . ( ($checked ? ' checked="checked"' : '' ) ) . ' /> <label for="dw_hide_title_' . str_replace('-', '_', $widget_id) . '">Hide the title</label></p>';
805
  echo '<p>' . __('Dynamic Widgets', DW_L10N_DOMAIN) . ': ';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
806
 
807
+ if ( array_key_exists($widget_id, $DW->registered_widgets) ) {
808
+ echo '<a style="text-decoration:none;" title="' . __('Edit Dynamic Widgets Options', DW_L10N_DOMAIN) . '" href="themes.php?page=dynwid-config&action=edit&id=' . $widget_id . '&returnurl=widgets.php' . '">';
809
+ echo ( $DW->hasOptions($widget_id) ) ? __('Dynamic', DW_L10N_DOMAIN) : __('Static', DW_L10N_DOMAIN);
810
+ echo '</a>';
811
+ if ( $DW->hasOptions($widget_id) ) {
812
+ $s = array();
813
+ $opt = $DW->getOpt($widget_id, NULL);
814
+ foreach ( $opt as $widget ) {
815
+ $type = $widget->maintype;
816
+ if ( $type != 'individual' && substr($type, -6) != 'childs' && ! preg_match('/.*-tax_.*/', $type) ) {
817
+ $single = array('single-author', 'single-category', 'single-tag', 'single-post');
818
+ if ( in_array($type, $single) ) {
819
+ $type = 'single';
820
+ }
821
+ if (! in_array($type, $s) ) {
822
+ $s[ ] = $type;
823
+ }
824
+ }
825
+ }
826
+
827
+ $last = count($s) - 1;
828
+ $string = '';
829
+ for ( $i = 0; $i < $last; $i++ ) {
830
+ $type = $s[$i];
831
+ if (! empty($DW->dwoptions[$type]) ) {
832
+ $string .= $DW->dwoptions[$type];
833
+ }
834
+ $string .= ( ($last - 1) == $i ) ? ' ' . __('and', DW_L10N_DOMAIN) . ' ' : ', ';
835
+ }
836
+ $type = $s[$last];
837
+ if ( isset($DW->dwoptions[$type]) ) {
838
+ $string .= $DW->dwoptions[$type];
839
+ }
840
+
841
+ $output = '<br /><small>';
842
+ $output .= ( count($opt) > 1 ) ? __('Options set for', DW_L10N_DOMAIN) : __('Option set for', DW_L10N_DOMAIN);
843
+ $output .= ' ' . $string . '.</small>';
844
+ echo $output;
845
+ }
846
+ } else {
847
+ echo '<em>' . __('Save the widget first', DW_L10N_DOMAIN) . '...</em>';
848
+ }
849
  echo '</p>';
850
  }
851
 
dynwid_admin_edit.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * dynwid_admin_edit.php - Options settings
4
  *
5
- * @version $Id: dynwid_admin_edit.php 488903 2012-01-12 18:17:27Z qurl $
6
  * @copyright 2011 Jacco Drabbe
7
  */
8
 
@@ -11,6 +11,14 @@
11
  DW_QT::detect();
12
  DW_WPSC::detect();
13
  DW_WPML::detect();
 
 
 
 
 
 
 
 
14
  ?>
15
 
16
  <style type="text/css">
@@ -146,8 +154,8 @@ h4 {
146
  }
147
  ?>
148
 
149
- <h3><?php _e('Edit options for the widget', DW_L10N_DOMAIN); ?>: <em><?php echo $DW->getName($_GET['id']); ?></em></h3>
150
- <?php echo ( DW_DEBUG ) ? '<pre>ID = ' . $_GET['id'] . '</pre><br />' : ''; ?>
151
 
152
  <div style="border-color: #E3E3E3;border-radius: 6px 6px 6px 6px;border-style: solid;border-width: 1px;padding: 5px;">
153
  <b><?php _e('Quick settings', DW_L10N_DOMAIN); ?></b>
@@ -156,11 +164,11 @@ h4 {
156
  </p>
157
  </div><br />
158
 
159
- <form id="dwsave" action="<?php echo trailingslashit(admin_url()) . 'themes.php?page=dynwid-config&action=edit&id=' . $_GET['id']; ?>" method="post">
160
- <?php wp_nonce_field('plugin-name-action_edit_' . $_GET['id']); ?>
161
  <input type="hidden" name="dynwid_save" value="yes" />
162
- <input type="hidden" name="widget_id" value="<?php echo $_GET['id']; ?>" />
163
- <input type="hidden" id="returnurl" name="returnurl" value="<?php echo ( (isset($_GET['returnurl'])) ? trailingslashit(admin_url()) . $_GET['returnurl'] : '' ); ?>" />
164
 
165
  <div id="dynwid">
166
  <?php
@@ -245,9 +253,9 @@ Save as a quick setting <input type="text" name="qsetting" value="" />
245
  <div style="float:left">
246
  <input class="button-primary" type="submit" value="<?php _e('Save'); ?>" /> &nbsp;&nbsp;
247
  </div>
248
- <?php $url = (! empty($_GET['returnurl']) ) ? trailingslashit(admin_url()) . $_GET['returnurl'] : trailingslashit(admin_url()) . 'themes.php?page=dynwid-config'; ?>
249
 
250
- <?php if ( empty($_GET['returnurl']) ) { ?>
251
  <div style="float:left">
252
  <input class="button-primary" type="button" value="<?php _e('Save'); ?> & <?php _e('Return', DW_L10N_DOMAIN); ?>" onclick="saveandreturn()" /> &nbsp;&nbsp;
253
  </div>
2
  /**
3
  * dynwid_admin_edit.php - Options settings
4
  *
5
+ * @version $Id: dynwid_admin_edit.php 532982 2012-04-18 17:35:12Z qurl $
6
  * @copyright 2011 Jacco Drabbe
7
  */
8
 
11
  DW_QT::detect();
12
  DW_WPSC::detect();
13
  DW_WPML::detect();
14
+
15
+ // Sanitizing some stuff
16
+ $widget_id = ( isset($_GET['id']) && ! empty($_GET['id']) ) ? esc_attr($_GET['id']) : '';
17
+ $return_url = ( isset($_GET['returnurl']) && ! empty($_GET['returnurl']) ) ? esc_url($_GET['returnurl']) : '';
18
+
19
+ if (! array_key_exists($widget_id, $DW->registered_widgets) ) {
20
+ wp_die('WidgetID is not valid');
21
+ }
22
  ?>
23
 
24
  <style type="text/css">
154
  }
155
  ?>
156
 
157
+ <h3><?php _e('Edit options for the widget', DW_L10N_DOMAIN); ?>: <em><?php echo $DW->getName($widget_id); ?></em></h3>
158
+ <?php echo ( DW_DEBUG ) ? '<pre>ID = ' . $widget_id . '</pre><br />' : ''; ?>
159
 
160
  <div style="border-color: #E3E3E3;border-radius: 6px 6px 6px 6px;border-style: solid;border-width: 1px;padding: 5px;">
161
  <b><?php _e('Quick settings', DW_L10N_DOMAIN); ?></b>
164
  </p>
165
  </div><br />
166
 
167
+ <form id="dwsave" action="<?php echo trailingslashit(admin_url()) . 'themes.php?page=dynwid-config&action=edit&id=' . $widget_id; ?>" method="post">
168
+ <?php wp_nonce_field('plugin-name-action_edit_' . $widget_id); ?>
169
  <input type="hidden" name="dynwid_save" value="yes" />
170
+ <input type="hidden" name="widget_id" value="<?php echo $widget_id; ?>" />
171
+ <input type="hidden" id="returnurl" name="returnurl" value="<?php echo ( (! empty($return_url)) ? trailingslashit(admin_url()) . $return_url : '' ); ?>" />
172
 
173
  <div id="dynwid">
174
  <?php
253
  <div style="float:left">
254
  <input class="button-primary" type="submit" value="<?php _e('Save'); ?>" /> &nbsp;&nbsp;
255
  </div>
256
+ <?php $url = (! empty($return_url) ) ? trailingslashit(admin_url()) . $return_url : trailingslashit(admin_url()) . 'themes.php?page=dynwid-config'; ?>
257
 
258
+ <?php if ( empty($return_url) ) { ?>
259
  <div style="float:left">
260
  <input class="button-primary" type="button" value="<?php _e('Save'); ?> & <?php _e('Return', DW_L10N_DOMAIN); ?>" onclick="saveandreturn()" /> &nbsp;&nbsp;
261
  </div>
dynwid_admin_save.php CHANGED
@@ -2,13 +2,16 @@
2
  /**
3
  * dynwid_admin_save.php - Saving options to the database
4
  *
5
- * @version $Id: dynwid_admin_save.php 513944 2012-03-03 15:19:22Z qurl $
6
  * @copyright 2011 Jacco Drabbe
7
  */
8
 
9
  // Security - nonce, etc.
10
- check_admin_referer('plugin-name-action_edit_' . $_POST['widget_id']);
11
- if (! array_key_exists($_POST['widget_id'], $DW->registered_widgets) ) {
 
 
 
12
  wp_die('WidgetID is not valid');
13
  }
14
 
@@ -28,8 +31,8 @@
28
 
29
  // Date check
30
  if ( $_POST['date'] == 'no' ) {
31
- $date_start = trim($_POST['date_start']);
32
- $date_end = trim($_POST['date_end']);
33
 
34
  if (! preg_match('/^[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}$/', $date_start) && ! preg_match('/^[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}$/', $date_end) ) {
35
  wp_redirect( $_SERVER['REQUEST_URI'] . '&work=none' );
@@ -58,7 +61,7 @@
58
  }
59
 
60
  // Removing already set options
61
- $DW->resetOptions($_POST['widget_id']);
62
 
63
  // Role
64
  DWModule::save('role', 'complex');
@@ -74,7 +77,7 @@
74
  }
75
 
76
  if ( count($dates) > 0 ) {
77
- $DW->addDate($_POST['widget_id'], $dates);
78
  }
79
  }
80
 
@@ -93,32 +96,32 @@
93
  // -- Author
94
  if ( isset($_POST['single_author_act']) && count($_POST['single_author_act']) > 0 ) {
95
  if ( $_POST['single'] == 'yes' ) {
96
- $DW->addSingleOption($_POST['widget_id'], 'single', '1');
97
  }
98
- $DW->addMultiOption($_POST['widget_id'], 'single-author', $_POST['single'], $_POST['single_author_act']);
99
  }
100
 
101
  // -- Category
102
  if ( isset($_POST['single_category_act']) && count($_POST['single_category_act']) > 0 ) {
103
  if ( $_POST['single'] == 'yes' && count($_POST['single_author_act']) == 0 ) {
104
- $DW->addSingleOption($_POST['widget_id'], 'single', '1');
105
  }
106
- $DW->addMultiOption($_POST['widget_id'], 'single-category', $_POST['single'], $_POST['single_category_act']);
107
  }
108
 
109
  // ---- Childs
110
  if ( isset($_POST['single_category_act']) && count($_POST['single_category_act']) > 0 && isset($_POST['single_category_childs_act']) && count($_POST['single_category_childs_act']) > 0 ) {
111
- $DW->addChilds($_POST['widget_id'], 'single-category-childs', $_POST['single'], $_POST['single_category_act'], $_POST['single_category_childs_act']);
112
  }
113
 
114
  // -- Individual / Posts / Tag
115
  if ( isset($_POST['individual']) && $_POST['individual'] == '1' ) {
116
- $DW->addSingleOption($_POST['widget_id'], 'individual', '1');
117
  if ( isset($_POST['single_post_act']) && count($_POST['single_post_act']) > 0 ) {
118
- $DW->addMultiOption($_POST['widget_id'], 'single-post', $_POST['single'], $_POST['single_post_act']);
119
  }
120
  if ( isset($_POST['single_tag_act']) && count($_POST['single_tag_act']) > 0 ) {
121
- $DW->addMultiOption($_POST['widget_id'], 'single-tag', $_POST['single'], $_POST['single_tag_act']);
122
  }
123
  }
124
 
@@ -148,9 +151,9 @@
148
  $_POST['page_act'] = array();
149
  }
150
 
151
- $DW->addMultiOption($_POST['widget_id'], 'page', $_POST['page'], $_POST['page_act']);
152
  } else if ( $_POST['page'] == 'no' ) {
153
- $DW->addSingleOption($_POST['widget_id'], 'page');
154
  }
155
 
156
  // -- Childs
@@ -161,13 +164,13 @@
161
  foreach ( $_POST['page_tax_list'] as $tax ) {
162
  $act_tax_field = $tax . '_act';
163
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 ) {
164
- $DW->addMultiOption($_POST['widget_id'], $tax, $_POST['page'], $_POST[$act_tax_field]);
165
  }
166
 
167
  // ---- Childs >> Can't use DWModule::childSave() cause of $name != $tax, but $name == 'page'
168
  $act_tax_childs_field = $tax . '_childs_act';
169
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 && isset($_POST[$act_tax_childs_field]) && count($_POST[$act_tax_childs_field]) > 0 ) {
170
- $DW->addChilds($_POST['widget_id'], $tax . '-childs', $_POST['page'], $_POST[$act_tax_field], $_POST[$act_tax_childs_field]);
171
  }
172
  }
173
  }
@@ -222,9 +225,9 @@
222
  $_POST[$act_field] = array();
223
  }
224
 
225
- $DW->addMultiOption($_POST['widget_id'], $type, $_POST[$type], $_POST[$act_field]);
226
  } else if ( $_POST[$type] == 'no' ) {
227
- $DW->addSingleOption($_POST['widget_id'], $type);
228
  }
229
 
230
  // -- Childs
@@ -234,13 +237,13 @@
234
  foreach ( $tax_list as $tax ) {
235
  $act_tax_field = $tax . '_act';
236
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 ) {
237
- $DW->addMultiOption($_POST['widget_id'], $tax, $_POST[$type], $_POST[$act_tax_field]);
238
  }
239
 
240
  // ---- Childs >> Can't use DWModule::childSave() cause of $name != $tax, but $name == $type
241
  $act_tax_childs_field = $tax . '_childs_act';
242
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 && isset($_POST[$act_tax_childs_field]) && count($_POST[$act_tax_childs_field]) > 0 ) {
243
- $DW->addChilds($_POST['widget_id'], $tax . '-childs', $_POST[$type], $_POST[$act_tax_field], $_POST[$act_tax_childs_field]);
244
  }
245
  }
246
  }
@@ -258,9 +261,9 @@
258
  $_POST[$act_field] = array();
259
  }
260
 
261
- $DW->addMultiOption($_POST['widget_id'], $type, $_POST[$type], $_POST[$act_field]);
262
  } else if ( $_POST[$type] == 'no' ) {
263
- $DW->addSingleOption($_POST['widget_id'], $type);
264
  }
265
 
266
  DWModule::childSave($type);
@@ -289,14 +292,14 @@
289
  DWModule::save('pods', 'complex');
290
 
291
  // Redirect to ReturnURL
292
- if (! empty($_POST['returnurl']) ) {
293
  $q = array();
294
 
295
  // Checking if there are arguments set
296
- $pos = strpos($_POST['returnurl'],'?');
297
  if ( $pos !== FALSE ) {
298
  // evaluate the args
299
- $query_string = substr($_POST['returnurl'], ($pos+1));
300
  $args = explode('&', $query_string);
301
  foreach ( $args as $arg ) {
302
  @list($name, $value) = explode('=', $arg);
@@ -304,12 +307,12 @@
304
  $q[ ] = $name . '=' . $value;
305
  }
306
  }
307
- $script_url = substr($_POST['returnurl'],0,$pos);
308
  } else {
309
- $script_url = $_POST['returnurl'];
310
  }
311
  $q[ ] = 'dynwid_save=yes';
312
- $q[ ] = 'widget_id=' . $_POST['widget_id'];
313
 
314
  wp_redirect( $script_url . '?' . implode('&', $q) );
315
  die();
2
  /**
3
  * dynwid_admin_save.php - Saving options to the database
4
  *
5
+ * @version $Id: dynwid_admin_save.php 532982 2012-04-18 17:35:12Z qurl $
6
  * @copyright 2011 Jacco Drabbe
7
  */
8
 
9
  // Security - nonce, etc.
10
+ $widget_id = ( isset($_POST['widget_id']) && ! empty($_POST['widget_id']) ) ? esc_attr($_POST['widget_id']) : '';
11
+ $returnurl = ( isset($_POST['returnurl']) && ! empty($_POST['returnurl']) ) ? esc_url($_POST['returnurl']) : '';
12
+
13
+ check_admin_referer('plugin-name-action_edit_' . $widget_id);
14
+ if (! array_key_exists($widget_id, $DW->registered_widgets) ) {
15
  wp_die('WidgetID is not valid');
16
  }
17
 
31
 
32
  // Date check
33
  if ( $_POST['date'] == 'no' ) {
34
+ $date_start = trim(esc_attr($_POST['date_start']));
35
+ $date_end = trim(esc_attr($_POST['date_end']));
36
 
37
  if (! preg_match('/^[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}$/', $date_start) && ! preg_match('/^[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}$/', $date_end) ) {
38
  wp_redirect( $_SERVER['REQUEST_URI'] . '&work=none' );
61
  }
62
 
63
  // Removing already set options
64
+ $DW->resetOptions($widget_id);
65
 
66
  // Role
67
  DWModule::save('role', 'complex');
77
  }
78
 
79
  if ( count($dates) > 0 ) {
80
+ $DW->addDate($widget_id, $dates);
81
  }
82
  }
83
 
96
  // -- Author
97
  if ( isset($_POST['single_author_act']) && count($_POST['single_author_act']) > 0 ) {
98
  if ( $_POST['single'] == 'yes' ) {
99
+ $DW->addSingleOption($widget_id, 'single', '1');
100
  }
101
+ $DW->addMultiOption($widget_id, 'single-author', $_POST['single'], $_POST['single_author_act']);
102
  }
103
 
104
  // -- Category
105
  if ( isset($_POST['single_category_act']) && count($_POST['single_category_act']) > 0 ) {
106
  if ( $_POST['single'] == 'yes' && count($_POST['single_author_act']) == 0 ) {
107
+ $DW->addSingleOption($widget_id, 'single', '1');
108
  }
109
+ $DW->addMultiOption($widget_id, 'single-category', $_POST['single'], $_POST['single_category_act']);
110
  }
111
 
112
  // ---- Childs
113
  if ( isset($_POST['single_category_act']) && count($_POST['single_category_act']) > 0 && isset($_POST['single_category_childs_act']) && count($_POST['single_category_childs_act']) > 0 ) {
114
+ $DW->addChilds($widget_id, 'single-category-childs', $_POST['single'], $_POST['single_category_act'], $_POST['single_category_childs_act']);
115
  }
116
 
117
  // -- Individual / Posts / Tag
118
  if ( isset($_POST['individual']) && $_POST['individual'] == '1' ) {
119
+ $DW->addSingleOption($widget_id, 'individual', '1');
120
  if ( isset($_POST['single_post_act']) && count($_POST['single_post_act']) > 0 ) {
121
+ $DW->addMultiOption($widget_id, 'single-post', $_POST['single'], $_POST['single_post_act']);
122
  }
123
  if ( isset($_POST['single_tag_act']) && count($_POST['single_tag_act']) > 0 ) {
124
+ $DW->addMultiOption($widget_id, 'single-tag', $_POST['single'], $_POST['single_tag_act']);
125
  }
126
  }
127
 
151
  $_POST['page_act'] = array();
152
  }
153
 
154
+ $DW->addMultiOption($widget_id, 'page', $_POST['page'], $_POST['page_act']);
155
  } else if ( $_POST['page'] == 'no' ) {
156
+ $DW->addSingleOption($widget_id, 'page');
157
  }
158
 
159
  // -- Childs
164
  foreach ( $_POST['page_tax_list'] as $tax ) {
165
  $act_tax_field = $tax . '_act';
166
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 ) {
167
+ $DW->addMultiOption($widget_id, $tax, $_POST['page'], $_POST[$act_tax_field]);
168
  }
169
 
170
  // ---- Childs >> Can't use DWModule::childSave() cause of $name != $tax, but $name == 'page'
171
  $act_tax_childs_field = $tax . '_childs_act';
172
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 && isset($_POST[$act_tax_childs_field]) && count($_POST[$act_tax_childs_field]) > 0 ) {
173
+ $DW->addChilds($widget_id, $tax . '-childs', $_POST['page'], $_POST[$act_tax_field], $_POST[$act_tax_childs_field]);
174
  }
175
  }
176
  }
225
  $_POST[$act_field] = array();
226
  }
227
 
228
+ $DW->addMultiOption($widget_id, $type, $_POST[$type], $_POST[$act_field]);
229
  } else if ( $_POST[$type] == 'no' ) {
230
+ $DW->addSingleOption($widget_id, $type);
231
  }
232
 
233
  // -- Childs
237
  foreach ( $tax_list as $tax ) {
238
  $act_tax_field = $tax . '_act';
239
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 ) {
240
+ $DW->addMultiOption($widget_id, $tax, $_POST[$type], $_POST[$act_tax_field]);
241
  }
242
 
243
  // ---- Childs >> Can't use DWModule::childSave() cause of $name != $tax, but $name == $type
244
  $act_tax_childs_field = $tax . '_childs_act';
245
  if ( isset($_POST[$act_tax_field]) && count($_POST[$act_tax_field]) > 0 && isset($_POST[$act_tax_childs_field]) && count($_POST[$act_tax_childs_field]) > 0 ) {
246
+ $DW->addChilds($widget_id, $tax . '-childs', $_POST[$type], $_POST[$act_tax_field], $_POST[$act_tax_childs_field]);
247
  }
248
  }
249
  }
261
  $_POST[$act_field] = array();
262
  }
263
 
264
+ $DW->addMultiOption($widget_id, $type, $_POST[$type], $_POST[$act_field]);
265
  } else if ( $_POST[$type] == 'no' ) {
266
+ $DW->addSingleOption($widget_id, $type);
267
  }
268
 
269
  DWModule::childSave($type);
292
  DWModule::save('pods', 'complex');
293
 
294
  // Redirect to ReturnURL
295
+ if (! empty($returnurl) ) {
296
  $q = array();
297
 
298
  // Checking if there are arguments set
299
+ $pos = strpos($returnurl, '?');
300
  if ( $pos !== FALSE ) {
301
  // evaluate the args
302
+ $query_string = substr($returnurl, ($pos+1));
303
  $args = explode('&', $query_string);
304
  foreach ( $args as $arg ) {
305
  @list($name, $value) = explode('=', $arg);
307
  $q[ ] = $name . '=' . $value;
308
  }
309
  }
310
+ $script_url = substr($returnurl, 0, $pos);
311
  } else {
312
+ $script_url = $returnurl;
313
  }
314
  $q[ ] = 'dynwid_save=yes';
315
+ $q[ ] = 'widget_id=' . $widget_id;
316
 
317
  wp_redirect( $script_url . '?' . implode('&', $q) );
318
  die();
dynwid_worker.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * dynwid_worker.php - The worker does the actual work.
4
  *
5
- * @version $Id: dynwid_worker.php 518600 2012-03-13 17:58:23Z qurl $
6
  * @copyright 2011 Jacco Drabbe
7
  */
8
 
@@ -583,8 +583,9 @@
583
 
584
  case 'tag':
585
  if ( count($act) > 0 ) {
586
- $tag = array_keys( get_the_tags() );
587
- if ( (bool) array_intersect($tag, $act) ) {
 
588
  $display = $other;
589
  $DW->message('Exception triggered for ' . $widget_id . ' sets display to ' . $e . ' (rule T1)');
590
  }
2
  /**
3
  * dynwid_worker.php - The worker does the actual work.
4
  *
5
+ * @version $Id: dynwid_worker.php 528159 2012-04-06 15:53:56Z qurl $
6
  * @copyright 2011 Jacco Drabbe
7
  */
8
 
583
 
584
  case 'tag':
585
  if ( count($act) > 0 ) {
586
+ global $wp_query;
587
+ $tag = $wp_query->get_queried_object_id();
588
+ if ( in_array($tag, $act) ) {
589
  $display = $other;
590
  $DW->message('Exception triggered for ' . $widget_id . ' sets display to ' . $e . ' (rule T1)');
591
  }
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.qurl.nl/dynamic-widgets/donate/
4
  Tags: widget, widgets, dynamic, sidebar, custom, rules, logic, admin, condition, conditional tags, hide, show, wpml, qtranslate, wpec, buddypress, pods, bbpress
5
  Requires at least: 3.0.0
6
  Tested up to: 3.3.1
7
- Stable tag: 1.5.1
8
 
9
  Dynamic Widgets gives you full control on which pages your widgets will appear. It lets you dynamicly show or hide widgets on WordPress pages.
10
 
@@ -167,6 +167,12 @@ Please check the [Issue Tracker](http://www.qurl.nl/dynamic-widgets/issue-tracke
167
 
168
  == Changelog ==
169
 
 
 
 
 
 
 
170
  = Version 1.5.1 =
171
 
172
  * Added Custom Taxonomies support for Pages
@@ -360,12 +366,12 @@ Please check the [Issue Tracker](http://www.qurl.nl/dynamic-widgets/issue-tracke
360
 
361
  == Release notes ==
362
 
363
- This version has 2 features added and 7 bugs fixed.
364
 
365
  == Upgrade Notice ==
366
 
367
- = 1.5.1 =
368
- This version has 2 features added and 7 bugs fixed.
369
 
370
  == Screenshots ==
371
 
4
  Tags: widget, widgets, dynamic, sidebar, custom, rules, logic, admin, condition, conditional tags, hide, show, wpml, qtranslate, wpec, buddypress, pods, bbpress
5
  Requires at least: 3.0.0
6
  Tested up to: 3.3.1
7
+ Stable tag: 1.5.2
8
 
9
  Dynamic Widgets gives you full control on which pages your widgets will appear. It lets you dynamicly show or hide widgets on WordPress pages.
10
 
167
 
168
  == Changelog ==
169
 
170
+ = Version 1.5.2 =
171
+
172
+ * Bugfix for Tag archive rules are not followed correctly.
173
+ * Bugfix to prevent the error: WidgetID is invalid.
174
+ * Security fix for a possible XSS vulnerability.
175
+
176
  = Version 1.5.1 =
177
 
178
  * Added Custom Taxonomies support for Pages
366
 
367
  == Release notes ==
368
 
369
+ This version has 3 bugs fixed.
370
 
371
  == Upgrade Notice ==
372
 
373
+ = 1.5.2 =
374
+ It's highly recommended to update asap. A possible security vulnerability has been found in all previous versions.
375
 
376
  == Screenshots ==
377