PayPal Donation - Version 1.3.1

Version Description

  • 10/1/21
  • Fix - Security Issues
Download this release

Release Info

Developer scottpaterson
Plugin Icon 128x128 PayPal Donation
Version 1.3.1
Comparing to
See all releases

Code changes from version 1.3 to 1.3.1

Files changed (13) hide show
  1. easy-paypal-donation.php +3 -1
  2. includes/private_button_inserter.php +2 -0
  3. includes/private_buttons.php +12 -2
  4. includes/private_buttons_edit.php +22 -2
  5. includes/private_buttons_new.php +16 -5
  6. includes/private_filters.php +2 -0
  7. includes/private_functions.php +4 -0
  8. includes/private_orders.php +4 -2
  9. includes/private_settings.php +4 -2
  10. includes/private_widget.php +2 -0
  11. includes/public_ipn.php +2 -0
  12. includes/public_shortcode.php +2 -0
  13. readme.txt +5 -1
easy-paypal-donation.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  /*
4
  Plugin Name: Accept Donations with PayPal
5
  Plugin URI: https://wpplugin.org/downloads/paypal-donation-pro/
@@ -8,7 +10,7 @@ Tags: donation, donate, donations, charity, paypal, paypal donation, ecommerce,
8
  Author: Scott Paterson
9
  Author URI: https://wpplugin.org
10
  License: GPL2
11
- Version: 1.3
12
  */
13
 
14
  /* Copyright 2014-2021 Scott Paterson
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  /*
6
  Plugin Name: Accept Donations with PayPal
7
  Plugin URI: https://wpplugin.org/downloads/paypal-donation-pro/
10
  Author: Scott Paterson
11
  Author URI: https://wpplugin.org
12
  License: GPL2
13
+ Version: 1.3.1
14
  */
15
 
16
  /* Copyright 2014-2021 Scott Paterson
includes/private_button_inserter.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  add_action('init', 'wpedon_button_media_buttons_init');
4
 
5
  function wpedon_button_media_buttons_init() {
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  add_action('init', 'wpedon_button_media_buttons_init');
6
 
7
  function wpedon_button_media_buttons_init() {
includes/private_buttons.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  function wpedon_plugin_buttons() {
4
 
5
  if (!isset($_GET['action']) || $_GET['action'] == "delete" || !empty($_GET['action2']) == "delete") {
@@ -249,7 +251,7 @@ function wpedon_plugin_buttons() {
249
  ?>
250
 
251
  <form id="products-filter" method="get">
252
- <input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
253
  <?php $testListTable->display() ?>
254
  </form>
255
 
@@ -279,7 +281,15 @@ function wpedon_plugin_buttons() {
279
  // end admin products page edit product
280
 
281
  // admin products page delete product
282
- if (isset($_GET['action']) && $_GET['action'] == "delete" || isset($_GET['action2']) && $_GET['action2'] == "delete") {
 
 
 
 
 
 
 
 
283
 
284
  if (!empty($_GET['inline']) == "true") {
285
  $post_id = array($_GET['product']);
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  function wpedon_plugin_buttons() {
6
 
7
  if (!isset($_GET['action']) || $_GET['action'] == "delete" || !empty($_GET['action2']) == "delete") {
251
  ?>
252
 
253
  <form id="products-filter" method="get">
254
+ <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
255
  <?php $testListTable->display() ?>
256
  </form>
257
 
281
  // end admin products page edit product
282
 
283
  // admin products page delete product
284
+ if (isset($_GET['action']) && $_GET['action'] == "delete" || isset($_GET['action2']) && $_GET['action2'] == "delete") {
285
+
286
+ // check nonce for security
287
+ $nonce = $_REQUEST['_wpnonce'];
288
+ $action = 'bulk-products';
289
+
290
+ if ( ! wp_verify_nonce( $nonce, $action ) ) {
291
+ wp_die('Security check fail');
292
+ }
293
 
294
  if (!empty($_GET['inline']) == "true") {
295
  $post_id = array($_GET['product']);
includes/private_buttons_edit.php CHANGED
@@ -1,7 +1,18 @@
1
  <?php
 
 
 
 
2
  if (isset($_POST['update'])) {
3
 
4
  $post_id = intval($_GET['product']);
 
 
 
 
 
 
 
5
 
6
  if (!$post_id) {
7
  echo'<script>window.location="admin.php?page=wpedon_buttons"; </script>';
@@ -100,12 +111,20 @@
100
 
101
  }
102
  }
 
 
 
 
 
 
 
 
103
 
104
  ?>
105
 
106
  <div style="width:98%;">
107
-
108
- <form method='post' action='<?php $_SERVER["REQUEST_URI"]; ?>'>
109
 
110
  <?php
111
  $post_id = sanitize_text_field($_GET['product']);
@@ -251,6 +270,7 @@
251
  Option / Amount 10: </td><td><input type="text" name="wpedon_button_scpricejname" id="wpedon_button_scpricejname" value="<?php echo esc_attr(get_post_meta($post_id,'wpedon_button_scpricejname',true)); ?>" style="width:94px;"><input style="width:93px;" type="text" name="wpedon_button_scpricej" id="wpedon_button_scpricej" value="<?php echo esc_attr(get_post_meta($post_id,'wpedon_button_scpricej',true)); ?>"></td><td> Optional
252
  </td></tr></table>
253
 
 
254
  <input type="hidden" name="update">
255
 
256
  </td></tr></table>
1
  <?php
2
+
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
+
6
  if (isset($_POST['update'])) {
7
 
8
  $post_id = intval($_GET['product']);
9
+
10
+ // check nonce for security
11
+ $nonce = $_REQUEST['_wpnonce'];
12
+ if ( ! wp_verify_nonce( $nonce, 'edit_'.$post_id ) ) {
13
+ echo "Nonce verification failed.";
14
+ exit;
15
+ }
16
 
17
  if (!$post_id) {
18
  echo'<script>window.location="admin.php?page=wpedon_buttons"; </script>';
111
 
112
  }
113
  }
114
+
115
+
116
+ // check nonce for security
117
+ $nonce = $_REQUEST['_wpnonce'];
118
+ if ( ! wp_verify_nonce( $nonce, 'edit_'.$post_id ) ) {
119
+ echo "Nonce verification failed.";
120
+ exit;
121
+ }
122
 
123
  ?>
124
 
125
  <div style="width:98%;">
126
+
127
+ <form method='post'>
128
 
129
  <?php
130
  $post_id = sanitize_text_field($_GET['product']);
270
  Option / Amount 10: </td><td><input type="text" name="wpedon_button_scpricejname" id="wpedon_button_scpricejname" value="<?php echo esc_attr(get_post_meta($post_id,'wpedon_button_scpricejname',true)); ?>" style="width:94px;"><input style="width:93px;" type="text" name="wpedon_button_scpricej" id="wpedon_button_scpricej" value="<?php echo esc_attr(get_post_meta($post_id,'wpedon_button_scpricej',true)); ?>"></td><td> Optional
271
  </td></tr></table>
272
 
273
+ <?php wp_nonce_field( 'edit_'.$post_id ); ?>
274
  <input type="hidden" name="update">
275
 
276
  </td></tr></table>
includes/private_buttons_new.php CHANGED
@@ -1,8 +1,18 @@
1
  <?php
2
 
3
- global $current_user;
 
 
4
 
5
  if (isset($_POST['update'])) {
 
 
 
 
 
 
 
 
6
  $my_post = array(
7
  'post_title' => sanitize_text_field($_POST['wpedon_button_name']),
8
  'post_status' => 'publish',
@@ -101,8 +111,8 @@ global $current_user;
101
  ?>
102
 
103
  <div style="width:98%;">
104
-
105
- <form method='post' action='<?php $_SERVER["REQUEST_URI"]; ?>'>
106
 
107
  <table width="100%"><tr><td valign="bottom" width="85%">
108
  <br />
@@ -123,7 +133,7 @@ global $current_user;
123
 
124
 
125
  <br />
126
-
127
  <div style="background-color:#fff;padding:8px;border: 1px solid #CCCCCC;"><br />
128
 
129
  <table><tr><td>
@@ -232,7 +242,8 @@ global $current_user;
232
  Option / Amount 9: </td><td><input type="text" name="wpedon_button_scpriceiname" id="wpedon_button_scpriceiname" value="<?php if(isset($_POST['wpedon_button_scpriceiname'])) { echo esc_attr($_POST['wpedon_button_scpriceiname']); } ?>" style="width:94px;"><input style="width:93px;" type="text" name="wpedon_button_scpricei" id="wpedon_button_scpricei" value="<?php if(isset($_POST['wpedon_button_scpricei'])) { echo esc_attr($_POST['wpedon_button_scpricei']); } ?>"></td><td> Optional </td></tr><tr><td>
233
  Option / Amount 10: </td><td><input type="text" name="wpedon_button_scpricejname" id="wpedon_button_scpricejname" value="<?php if(isset($_POST['wpedon_button_scpricejname'])) { echo esc_attr($_POST['wpedon_button_scpricejname']); } ?>" style="width:94px;"><input style="width:93px;" type="text" name="wpedon_button_scpricej" id="wpedon_button_scpricej" value="<?php if(isset($_POST['wpedon_button_scpricej'])) { echo esc_attr($_POST['wpedon_button_scpricej']); } ?>"></td><td> Optional
234
  </td></tr></table>
235
-
 
236
  <input type="hidden" name="update">
237
 
238
  </td></tr></table>
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
+ global $current_user;
6
 
7
  if (isset($_POST['update'])) {
8
+
9
+ // check nonce for security
10
+ $nonce = $_REQUEST['_wpnonce'];
11
+ if ( ! wp_verify_nonce( $nonce, 'new_wpedon_button' ) ) {
12
+ echo "Nonce verification failed.";
13
+ exit;
14
+ }
15
+
16
  $my_post = array(
17
  'post_title' => sanitize_text_field($_POST['wpedon_button_name']),
18
  'post_status' => 'publish',
111
  ?>
112
 
113
  <div style="width:98%;">
114
+
115
+ <form method='post'>
116
 
117
  <table width="100%"><tr><td valign="bottom" width="85%">
118
  <br />
133
 
134
 
135
  <br />
136
+
137
  <div style="background-color:#fff;padding:8px;border: 1px solid #CCCCCC;"><br />
138
 
139
  <table><tr><td>
242
  Option / Amount 9: </td><td><input type="text" name="wpedon_button_scpriceiname" id="wpedon_button_scpriceiname" value="<?php if(isset($_POST['wpedon_button_scpriceiname'])) { echo esc_attr($_POST['wpedon_button_scpriceiname']); } ?>" style="width:94px;"><input style="width:93px;" type="text" name="wpedon_button_scpricei" id="wpedon_button_scpricei" value="<?php if(isset($_POST['wpedon_button_scpricei'])) { echo esc_attr($_POST['wpedon_button_scpricei']); } ?>"></td><td> Optional </td></tr><tr><td>
243
  Option / Amount 10: </td><td><input type="text" name="wpedon_button_scpricejname" id="wpedon_button_scpricejname" value="<?php if(isset($_POST['wpedon_button_scpricejname'])) { echo esc_attr($_POST['wpedon_button_scpricejname']); } ?>" style="width:94px;"><input style="width:93px;" type="text" name="wpedon_button_scpricej" id="wpedon_button_scpricej" value="<?php if(isset($_POST['wpedon_button_scpricej'])) { echo esc_attr($_POST['wpedon_button_scpricej']); } ?>"></td><td> Optional
244
  </td></tr></table>
245
+
246
+ <?php wp_nonce_field( 'new_wpedon_button' ); ?>
247
  <input type="hidden" name="update">
248
 
249
  </td></tr></table>
includes/private_filters.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  // media button inserter - change button text
4
 
5
  function wpedon_change_button_text( $translation, $text, $domain )
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  // media button inserter - change button text
6
 
7
  function wpedon_change_button_text( $translation, $text, $domain )
includes/private_functions.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  // display activation notice
4
  add_action('admin_notices', 'wpedon_admin_notices');
5
  function wpedon_admin_notices() {
1
  <?php
2
 
3
+
4
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5
+
6
+
7
  // display activation notice
8
  add_action('admin_notices', 'wpedon_admin_notices');
9
  function wpedon_admin_notices() {
includes/private_orders.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  function wpedon_plugin_orders() {
4
 
5
  if (!isset($_GET['action']) || $_GET['action'] == "delete" || $_GET['action2'] == "delete") {
@@ -252,7 +254,7 @@ function wpedon_plugin_orders() {
252
  ?>
253
 
254
  <form id="products-filter" method="get">
255
- <input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
256
  <?php $testListTable->display() ?>
257
  </form>
258
 
@@ -277,7 +279,7 @@ function wpedon_plugin_orders() {
277
 
278
  <div style="width:98%;">
279
 
280
- <form method='post' action='<?php $_SERVER["REQUEST_URI"]; ?>'>
281
 
282
  <?php
283
  $post_id = intval($_GET['order']);
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  function wpedon_plugin_orders() {
6
 
7
  if (!isset($_GET['action']) || $_GET['action'] == "delete" || $_GET['action2'] == "delete") {
254
  ?>
255
 
256
  <form id="products-filter" method="get">
257
+ <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
258
  <?php $testListTable->display() ?>
259
  </form>
260
 
279
 
280
  <div style="width:98%;">
281
 
282
+ <form method='post' action='<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>'>
283
 
284
  <?php
285
  $post_id = intval($_GET['order']);
includes/private_settings.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
 
4
  function wpedon_plugin_options() {
5
  if ( !current_user_can( "manage_options" ) ) {
@@ -47,8 +49,8 @@ jQuery(document).ready(function() {
47
 
48
  // settings page
49
  echo "<table width='100%'><tr><td width='70%'><br />";
50
- echo "<label style='color: #000;font-size:18pt;'><center>PayPal Donation Settings</center></label>";
51
- echo "<form method='post' action='".$_SERVER["REQUEST_URI"]."'>";
52
 
53
 
54
  // save and update options
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
 
6
  function wpedon_plugin_options() {
7
  if ( !current_user_can( "manage_options" ) ) {
49
 
50
  // settings page
51
  echo "<table width='100%'><tr><td width='70%'><br />";
52
+ echo "<label style='color: #000;font-size:18pt;'><center>Accept Donations with PayPal Settings</center></label>";
53
+ echo "<form method='post' action='".esc_attr($_SERVER["REQUEST_URI"])."'>";
54
 
55
 
56
  // save and update options
includes/private_widget.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class wpedon_button_widget extends WP_Widget {
4
 
5
  // constructor
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class wpedon_button_widget extends WP_Widget {
6
 
7
  // constructor
includes/public_ipn.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  // paypal post
4
  add_action('admin_post_add_wpedon_button_ipn', 'wpplugin_wpedon_button_ipn');
5
  add_action('admin_post_nopriv_add_wpedon_button_ipn', 'wpplugin_wpedon_button_ipn');
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  // paypal post
6
  add_action('admin_post_add_wpedon_button_ipn', 'wpplugin_wpedon_button_ipn');
7
  add_action('admin_post_nopriv_add_wpedon_button_ipn', 'wpplugin_wpedon_button_ipn');
includes/public_shortcode.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
 
4
  // shortcode
5
  add_shortcode('wpedon', 'wpedon_options');
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
 
6
  // shortcode
7
  add_shortcode('wpedon', 'wpedon_options');
readme.txt CHANGED
@@ -6,7 +6,7 @@ Author URI: https://wpplugin.org
6
  Requires at least: 3.0
7
  Tested up to: 5.8
8
  Requires PHP: 5.4
9
- Stable tag: 1.3
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -94,6 +94,10 @@ Yes, there is no limit to the amount of PayPal donations buttons that you can pu
94
 
95
  == Changelog ==
96
 
 
 
 
 
97
  = 1.3 =
98
  * 11/9/20
99
  * Fix - Changed the variables for logging and deubgging to use WordPress globals. The plugin now uses: WP_DEBUG and WP_DEBUG_LOG
6
  Requires at least: 3.0
7
  Tested up to: 5.8
8
  Requires PHP: 5.4
9
+ Stable tag: 1.3.1
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
94
 
95
  == Changelog ==
96
 
97
+ = 1.3.1 =
98
+ * 10/1/21
99
+ * Fix - Security Issues
100
+
101
  = 1.3 =
102
  * 11/9/20
103
  * Fix - Changed the variables for logging and deubgging to use WordPress globals. The plugin now uses: WP_DEBUG and WP_DEBUG_LOG