Version Description
- Hot fix: Security issue fixed.
Download this release
Release Info
Developer | milonfci |
Plugin | WP Google Map |
Version | 1.8.1 |
Comparing to | |
See all releases |
Code changes from version 1.8.0 to 1.8.1
- admin/assets/js/geo_based_map_edit.js +2 -2
- admin/includes/markers-icons.php +1 -1
- admin/includes/markers-settings.php +2 -2
- admin/includes/wgm_messages_viewer.php +1 -1
- admin/includes/wpgmap_edit.php +3 -3
- includes/Classes/Migration.php +2 -2
- includes/Traits/AssetHandler.php +6 -5
- includes/Traits/InitActions.php +3 -3
- includes/Traits/MapCRUD.php +18 -3
- includes/Traits/MarkerCRUD.php +50 -14
- includes/Traits/Menu.php +1 -1
- includes/Traits/SetupWizard.php +6 -0
- readme.txt +5 -2
- srm_gmap_embed.php +1 -1
admin/assets/js/geo_based_map_edit.js
CHANGED
@@ -386,8 +386,8 @@ function wgm_initWpGmap(lat, lng, map_type) {
|
|
386 |
* @since 1.0.0
|
387 |
*/
|
388 |
jQuery(document.body).find('#wpgmap_map_zoom').on('keyup', function (element) {
|
389 |
-
var point = wgm_marker1.getPosition(); // Get marker position
|
390 |
-
wgm_map.panTo(
|
391 |
var current_zoom = parseInt(document.getElementById('wpgmap_map_zoom').value);
|
392 |
setTimeout("wgm_map.setZoom(" + current_zoom + ")", 800); // Zoom in after 500 m second
|
393 |
});
|
386 |
* @since 1.0.0
|
387 |
*/
|
388 |
jQuery(document.body).find('#wpgmap_map_zoom').on('keyup', function (element) {
|
389 |
+
// var point = wgm_marker1.getPosition(); // Get marker position
|
390 |
+
wgm_map.panTo(wgm_map.center); // Pan map to that position
|
391 |
var current_zoom = parseInt(document.getElementById('wpgmap_map_zoom').value);
|
392 |
setTimeout("wgm_map.setZoom(" + current_zoom + ")", 800); // Zoom in after 500 m second
|
393 |
});
|
admin/includes/markers-icons.php
CHANGED
@@ -1,7 +1,7 @@
|
|
1 |
<ul class="wgm_gmap_embed_marker_icons">
|
2 |
<?php
|
3 |
global $wpdb;
|
4 |
-
$wpgmap_marker_icons = $wpdb->get_results( "SELECT type, file_name FROM {$wpdb->prefix}wgm_icons", OBJECT );
|
5 |
foreach ( $wpgmap_marker_icons as $key => $marker_icon ) {
|
6 |
|
7 |
// $map_icon_data = array(
|
1 |
<ul class="wgm_gmap_embed_marker_icons">
|
2 |
<?php
|
3 |
global $wpdb;
|
4 |
+
$wpgmap_marker_icons = $wpdb->get_results( $wpdb->prepare("SELECT type, file_name FROM {$wpdb->prefix}wgm_icons"), OBJECT );
|
5 |
foreach ( $wpgmap_marker_icons as $key => $marker_icon ) {
|
6 |
|
7 |
// $map_icon_data = array(
|
admin/includes/markers-settings.php
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
-
<?php $map_id = isset($_GET['id']) ? esc_html($_GET['id']) : 0; ?>
|
2 |
<!--<div class="wgm_gmap_marker_list" style="display: none" map_id="--><?php //echo $map_id;?><!--">-->
|
3 |
<div style="text-align: right;margin-top:10px;" class="add_new_marker_btn_area">
|
4 |
<button type="button" value="New Marker" class="button button-primary add_new_marker"
|
@@ -174,7 +174,7 @@
|
|
174 |
<!-- </label>-->
|
175 |
<!-- </td>-->
|
176 |
<!-- </tr>-->
|
177 |
-
<?php $map_id = (isset($_GET['tag']) && $_GET['tag'] == 'edit') ? sanitize_text_field(esc_html($_GET['id'])) : 0; ?>
|
178 |
<tr>
|
179 |
<td>
|
180 |
<button class=" button button-primary button-large wgm_marker_cancel" type="button">
|
1 |
+
<?php $map_id = isset($_GET['id']) ? sanitize_text_field(esc_html($_GET['id'])) : 0; ?>
|
2 |
<!--<div class="wgm_gmap_marker_list" style="display: none" map_id="--><?php //echo $map_id;?><!--">-->
|
3 |
<div style="text-align: right;margin-top:10px;" class="add_new_marker_btn_area">
|
4 |
<button type="button" value="New Marker" class="button button-primary add_new_marker"
|
174 |
<!-- </label>-->
|
175 |
<!-- </td>-->
|
176 |
<!-- </tr>-->
|
177 |
+
<?php $map_id = (isset($_GET['tag']) && sanitize_text_field(esc_html($_GET['tag'] == 'edit'))) ? sanitize_text_field(esc_html($_GET['id'])) : 0; ?>
|
178 |
<tr>
|
179 |
<td>
|
180 |
<button class=" button button-primary button-large wgm_marker_cancel" type="button">
|
admin/includes/wgm_messages_viewer.php
CHANGED
@@ -6,7 +6,7 @@ if (isset($_GET['message'])) {
|
|
6 |
<p>
|
7 |
<strong>
|
8 |
<?php
|
9 |
-
$message_status = $_GET['message'];
|
10 |
switch ($message_status) {
|
11 |
case 1:
|
12 |
echo __( 'Map has been created Successfully. <a href="' . esc_url( 'https://youtu.be/o90H34eacHg?t=231' ) . '" target="_blank"> See How to use >></a>', 'gmap-embed' );
|
6 |
<p>
|
7 |
<strong>
|
8 |
<?php
|
9 |
+
$message_status = sanitize_text_field(esc_html($_GET['message']));
|
10 |
switch ($message_status) {
|
11 |
case 1:
|
12 |
echo __( 'Map has been created Successfully. <a href="' . esc_url( 'https://youtu.be/o90H34eacHg?t=231' ) . '" target="_blank"> See How to use >></a>', 'gmap-embed' );
|
admin/includes/wpgmap_edit.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php if (!defined('ABSPATH')) exit;
|
2 |
-
$gmap_data = $this->get_wpgmapembed_data(intval($_GET['id']));
|
3 |
$wpgmap_single = json_decode($gmap_data);
|
4 |
list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_single->wpgmap_center_lat_lng));
|
5 |
?>
|
@@ -24,7 +24,7 @@ list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_sin
|
|
24 |
// echo '<a target="_blank" href="' . esc_url('https://srmilon.info/documentation?utm_source=admin_map_edit&utm_medium=admin_link&utm_campaign=header_menu') . '" class="button wgm_btn" style="float:right;width:auto;padding: 5px 7px;font-size: 11px;margin-right: 5px;"><i style="line-height: 25px;" class="dashicons dashicons-book"></i> ' . __('Help Manual', 'gmap-embed') . '</a>';
|
25 |
?>
|
26 |
<span style="float: right;margin: 0px 8px 0 0;">Shortcode <input type="text"
|
27 |
-
value="<?php echo esc_attr('[gmap-embed id="' . esc_html($_GET['id']) . '"]'); ?>"
|
28 |
style="padding: 2px 10px;border: 2px #008dff solid;" onclick="this.select()"></span>
|
29 |
<hr class="wp-header-end">
|
30 |
<div id="gmap_container_inner">
|
@@ -33,7 +33,7 @@ list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_sin
|
|
33 |
<?php require_once WGM_PLUGIN_PATH . 'admin/includes/wgm_messages_viewer.php'; ?>
|
34 |
|
35 |
<input id="wpgmap_map_id" name="wpgmap_map_id"
|
36 |
-
value="<?php echo isset($_GET['id']) ? intval(esc_html($_GET['id'])) : 0; ?>" type="hidden"/>
|
37 |
<div class="wp-gmap-properties-outer">
|
38 |
<div class="wgm_wpgmap_tab">
|
39 |
<ul class="wgm_wpgmap_tab">
|
1 |
<?php if (!defined('ABSPATH')) exit;
|
2 |
+
$gmap_data = $this->get_wpgmapembed_data(intval(sanitize_text_field(esc_html($_GET['id']))));
|
3 |
$wpgmap_single = json_decode($gmap_data);
|
4 |
list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_single->wpgmap_center_lat_lng));
|
5 |
?>
|
24 |
// echo '<a target="_blank" href="' . esc_url('https://srmilon.info/documentation?utm_source=admin_map_edit&utm_medium=admin_link&utm_campaign=header_menu') . '" class="button wgm_btn" style="float:right;width:auto;padding: 5px 7px;font-size: 11px;margin-right: 5px;"><i style="line-height: 25px;" class="dashicons dashicons-book"></i> ' . __('Help Manual', 'gmap-embed') . '</a>';
|
25 |
?>
|
26 |
<span style="float: right;margin: 0px 8px 0 0;">Shortcode <input type="text"
|
27 |
+
value="<?php echo esc_attr('[gmap-embed id="' . sanitize_text_field(esc_html($_GET['id'])) . '"]'); ?>"
|
28 |
style="padding: 2px 10px;border: 2px #008dff solid;" onclick="this.select()"></span>
|
29 |
<hr class="wp-header-end">
|
30 |
<div id="gmap_container_inner">
|
33 |
<?php require_once WGM_PLUGIN_PATH . 'admin/includes/wgm_messages_viewer.php'; ?>
|
34 |
|
35 |
<input id="wpgmap_map_id" name="wpgmap_map_id"
|
36 |
+
value="<?php echo isset($_GET['id']) ? intval(sanitize_text_field(esc_html($_GET['id']))) : 0; ?>" type="hidden"/>
|
37 |
<div class="wp-gmap-properties-outer">
|
38 |
<div class="wgm_wpgmap_tab">
|
39 |
<ul class="wgm_wpgmap_tab">
|
includes/Classes/Migration.php
CHANGED
@@ -68,7 +68,7 @@ class Migration
|
|
68 |
'updated_by' => get_current_user_id()
|
69 |
];
|
70 |
$wp_gmap_marker_data = wp_parse_args($map_marker_data, $defaults);
|
71 |
-
$is_marker_already_exist = $wpdb->get_var("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_markers WHERE map_id='
|
72 |
if ($is_marker_already_exist == 0) {
|
73 |
$wpdb->insert(
|
74 |
$wpdb->prefix . 'wgm_markers',
|
@@ -97,7 +97,7 @@ class Migration
|
|
97 |
'file_name' => $map_marker_data['icon']
|
98 |
);
|
99 |
|
100 |
-
$is_marker_icon_already_exist = $wpdb->get_var("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_icons WHERE file_name='
|
101 |
if ($is_marker_icon_already_exist == 0) {
|
102 |
$defaults = array(
|
103 |
'type' => 'uploaded_marker_icon',
|
68 |
'updated_by' => get_current_user_id()
|
69 |
];
|
70 |
$wp_gmap_marker_data = wp_parse_args($map_marker_data, $defaults);
|
71 |
+
$is_marker_already_exist = $wpdb->get_var($wpdb->prepare("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'",$map_id));
|
72 |
if ($is_marker_already_exist == 0) {
|
73 |
$wpdb->insert(
|
74 |
$wpdb->prefix . 'wgm_markers',
|
97 |
'file_name' => $map_marker_data['icon']
|
98 |
);
|
99 |
|
100 |
+
$is_marker_icon_already_exist = $wpdb->get_var($wpdb->prepare("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_icons WHERE file_name='%'",$map_marker_data['icon']));
|
101 |
if ($is_marker_icon_already_exist == 0) {
|
102 |
$defaults = array(
|
103 |
'type' => 'uploaded_marker_icon',
|
includes/Traits/AssetHandler.php
CHANGED
@@ -67,9 +67,9 @@ trait AssetHandler
|
|
67 |
'ajax_nonce' => wp_create_nonce('ajax_nonce'),
|
68 |
);
|
69 |
|
70 |
-
if (isset($_GET['tag']) and $_GET['tag'] == 'edit') {
|
71 |
|
72 |
-
$map_id = isset($_GET['id']) ? intval(esc_html($_GET['id'])) : 0;
|
73 |
$current_map_marker_lat_lng = explode(',', get_post_meta($map_id, 'wpgmap_latlng', true));
|
74 |
$current_map_marker_lat = isset($current_map_marker_lat_lng[0]) ? $current_map_marker_lat_lng[0] : 40.73359922990751;
|
75 |
$current_map_marker_lng = isset($current_map_marker_lat_lng[1]) ? $current_map_marker_lat_lng[1] : -74.02791395625002;
|
@@ -143,8 +143,9 @@ trait AssetHandler
|
|
143 |
*/
|
144 |
function enqueue_admin_gmap_scripts()
|
145 |
{
|
|
|
146 |
global $pagenow;
|
147 |
-
if ($pagenow == 'post.php' || $pagenow == 'post-new.php' || (isset($_GET['page']) and ($
|
148 |
|
149 |
// Registering common scripts (Included: Google API)
|
150 |
$this->registerCommonScripts();
|
@@ -173,7 +174,7 @@ trait AssetHandler
|
|
173 |
|
174 |
|
175 |
/** Edit and Add Map page */
|
176 |
-
if ($pagenow == 'post.php' || $pagenow == 'post-new.php' || (isset($_GET['page']) and ($
|
177 |
wp_enqueue_script('wgm-map-curd-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_map_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_map_crud.js'), true);
|
178 |
wp_enqueue_script('wp-gmap-markers-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_marker_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_marker_crud.js'), true);
|
179 |
# Datatable
|
@@ -182,7 +183,7 @@ trait AssetHandler
|
|
182 |
}
|
183 |
|
184 |
/** Setup Wizard */
|
185 |
-
if (isset($_GET['page']) and ($
|
186 |
wp_enqueue_style('wp-gmap-setup-wizard-css', WGM_PLUGIN_URL . 'admin/assets/css/setup_wizard.css', array(), filemtime(WGM_PLUGIN_PATH . '/admin/assets/css/setup_wizard.css'));
|
187 |
wp_enqueue_script('wp-gmap-setup-wizard-js', WGM_PLUGIN_URL . 'admin/assets/js/setup_wizard.js', array(), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/setup_wizard.js'), true);
|
188 |
}
|
67 |
'ajax_nonce' => wp_create_nonce('ajax_nonce'),
|
68 |
);
|
69 |
|
70 |
+
if (isset($_GET['tag']) and sanitize_text_field(esc_html($_GET['tag'])) == 'edit') {
|
71 |
|
72 |
+
$map_id = isset($_GET['id']) ? intval(sanitize_text_field(esc_html($_GET['id']))) : 0;
|
73 |
$current_map_marker_lat_lng = explode(',', get_post_meta($map_id, 'wpgmap_latlng', true));
|
74 |
$current_map_marker_lat = isset($current_map_marker_lat_lng[0]) ? $current_map_marker_lat_lng[0] : 40.73359922990751;
|
75 |
$current_map_marker_lng = isset($current_map_marker_lat_lng[1]) ? $current_map_marker_lat_lng[1] : -74.02791395625002;
|
143 |
*/
|
144 |
function enqueue_admin_gmap_scripts()
|
145 |
{
|
146 |
+
$page = isset($_GET['page']) ? $_GET['page'] : '';
|
147 |
global $pagenow;
|
148 |
+
if ($pagenow == 'post.php' || $pagenow == 'post-new.php' || (isset($_GET['page']) and ($page == 'wpgmapembed' or $page == 'wpgmapembed-settings' or $page == 'wpgmapembed-new' or $page == 'wgm_setup_wizard' or $page == 'wpgmapembed-support'))) {
|
149 |
|
150 |
// Registering common scripts (Included: Google API)
|
151 |
$this->registerCommonScripts();
|
174 |
|
175 |
|
176 |
/** Edit and Add Map page */
|
177 |
+
if ($pagenow == 'post.php' || $pagenow == 'post-new.php' || (isset($_GET['page']) and ($page == 'wpgmapembed' or $page == 'wpgmapembed-new'))) {
|
178 |
wp_enqueue_script('wgm-map-curd-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_map_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_map_crud.js'), true);
|
179 |
wp_enqueue_script('wp-gmap-markers-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_marker_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_marker_crud.js'), true);
|
180 |
# Datatable
|
183 |
}
|
184 |
|
185 |
/** Setup Wizard */
|
186 |
+
if (isset($_GET['page']) and ($page == 'wgm_setup_wizard')) {
|
187 |
wp_enqueue_style('wp-gmap-setup-wizard-css', WGM_PLUGIN_URL . 'admin/assets/css/setup_wizard.css', array(), filemtime(WGM_PLUGIN_PATH . '/admin/assets/css/setup_wizard.css'));
|
188 |
wp_enqueue_script('wp-gmap-setup-wizard-js', WGM_PLUGIN_URL . 'admin/assets/js/setup_wizard.js', array(), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/setup_wizard.js'), true);
|
189 |
}
|
includes/Traits/InitActions.php
CHANGED
@@ -30,12 +30,12 @@ trait InitActions
|
|
30 |
add_action('gmap_embed_review_already_did', array($this, 'review_already_did'));
|
31 |
add_action('gmap_embed_review_later', array($this, 'review_later'));
|
32 |
if (isset($_GET['plugin'])) {
|
33 |
-
$plugin = sanitize_text_field($_GET['plugin']);
|
34 |
if ($plugin === $this->plugin_slug) {
|
35 |
-
if (isset($_GET['dismiss']) and $_GET['dismiss'] == 1) {
|
36 |
do_action('gmap_embed_review_already_did');
|
37 |
}
|
38 |
-
if (isset($_GET['later']) and $_GET['later'] == 1) {
|
39 |
do_action('gmap_embed_review_later');
|
40 |
}
|
41 |
wp_safe_redirect($this->redirect_to());
|
30 |
add_action('gmap_embed_review_already_did', array($this, 'review_already_did'));
|
31 |
add_action('gmap_embed_review_later', array($this, 'review_later'));
|
32 |
if (isset($_GET['plugin'])) {
|
33 |
+
$plugin = sanitize_text_field(esc_html(($_GET['plugin'])));
|
34 |
if ($plugin === $this->plugin_slug) {
|
35 |
+
if (isset($_GET['dismiss']) and sanitize_text_field(esc_html($_GET['dismiss'])) == 1) {
|
36 |
do_action('gmap_embed_review_already_did');
|
37 |
}
|
38 |
+
if (isset($_GET['later']) and sanitize_text_field(esc_html($_GET['later'])) == 1) {
|
39 |
do_action('gmap_embed_review_later');
|
40 |
}
|
41 |
wp_safe_redirect($this->redirect_to());
|
includes/Traits/MapCRUD.php
CHANGED
@@ -60,6 +60,13 @@ trait MapCRUD
|
|
60 |
*/
|
61 |
public function save_wpgmapembed_data()
|
62 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
63 |
$error = '';
|
64 |
// Getting ajax fileds value
|
65 |
$meta_data = array(
|
@@ -97,7 +104,7 @@ trait MapCRUD
|
|
97 |
);
|
98 |
$post_id = wp_insert_post($post_array);
|
99 |
} elseif ($action_type == 'update') {
|
100 |
-
$post_id = intval($_POST['map_data']['post_id']);
|
101 |
}
|
102 |
|
103 |
// Updating post meta
|
@@ -171,7 +178,7 @@ trait MapCRUD
|
|
171 |
public function get_wpgmapembed_data($gmap_id = '')
|
172 |
{
|
173 |
if ($gmap_id == '') {
|
174 |
-
$gmap_id = intval($_POST['wpgmap_id']);
|
175 |
}
|
176 |
|
177 |
$gmap_data = array(
|
@@ -199,6 +206,14 @@ trait MapCRUD
|
|
199 |
public function remove_wpgmapembed_data()
|
200 |
{
|
201 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
202 |
$meta_data = array(
|
203 |
'wpgmap_title',
|
204 |
'wpgmap_heading_class',
|
@@ -213,7 +228,7 @@ trait MapCRUD
|
|
213 |
'wpgmap_enable_direction'
|
214 |
);
|
215 |
|
216 |
-
$post_id = intval($_POST['post_id']);
|
217 |
wp_delete_post($post_id);
|
218 |
foreach ($meta_data as $field_name => $value) {
|
219 |
delete_post_meta($post_id, $field_name, $value);
|
60 |
*/
|
61 |
public function save_wpgmapembed_data()
|
62 |
{
|
63 |
+
if (!current_user_can('administrator')) {
|
64 |
+
echo json_encode(array(
|
65 |
+
'responseCode' => 0,
|
66 |
+
'message' => 'Unauthorized access tried.'
|
67 |
+
));
|
68 |
+
wp_die();
|
69 |
+
}
|
70 |
$error = '';
|
71 |
// Getting ajax fileds value
|
72 |
$meta_data = array(
|
104 |
);
|
105 |
$post_id = wp_insert_post($post_array);
|
106 |
} elseif ($action_type == 'update') {
|
107 |
+
$post_id = intval(sanitize_text_field(esc_html($_POST['map_data']['post_id'])));
|
108 |
}
|
109 |
|
110 |
// Updating post meta
|
178 |
public function get_wpgmapembed_data($gmap_id = '')
|
179 |
{
|
180 |
if ($gmap_id == '') {
|
181 |
+
$gmap_id = intval(sanitize_text_field(esc_html($_POST['wpgmap_id'])));
|
182 |
}
|
183 |
|
184 |
$gmap_data = array(
|
206 |
public function remove_wpgmapembed_data()
|
207 |
{
|
208 |
|
209 |
+
if (!current_user_can('administrator')) {
|
210 |
+
$returnArray = array(
|
211 |
+
'responseCode' => 0,
|
212 |
+
'message' => "Unauthorized access tried."
|
213 |
+
);
|
214 |
+
echo json_encode($returnArray);
|
215 |
+
wp_die();
|
216 |
+
}
|
217 |
$meta_data = array(
|
218 |
'wpgmap_title',
|
219 |
'wpgmap_heading_class',
|
228 |
'wpgmap_enable_direction'
|
229 |
);
|
230 |
|
231 |
+
$post_id = intval(sanitize_text_field(esc_html($_POST['post_id'])));
|
232 |
wp_delete_post($post_id);
|
233 |
foreach ($meta_data as $field_name => $value) {
|
234 |
delete_post_meta($post_id, $field_name, $value);
|
includes/Traits/MarkerCRUD.php
CHANGED
@@ -38,6 +38,15 @@ trait MarkerCRUD
|
|
38 |
*/
|
39 |
public function save_map_marker()
|
40 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
41 |
global $wpdb;
|
42 |
$marker_data = $_POST['map_markers_data'];
|
43 |
$map_id = sanitize_text_field(esc_html($marker_data['wpgmap_map_id']));
|
@@ -114,6 +123,15 @@ trait MarkerCRUD
|
|
114 |
|
115 |
public function update_map_marker()
|
116 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
global $wpdb;
|
118 |
$error = '';
|
119 |
$marker_data = $_POST['map_markers_data'];
|
@@ -194,9 +212,18 @@ trait MarkerCRUD
|
|
194 |
*/
|
195 |
public function save_marker_icon()
|
196 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
197 |
global $wpdb;
|
198 |
$error = '';
|
199 |
-
$icon_url = $_POST['data']['icon_url'];
|
200 |
// Getting ajax fields value
|
201 |
$map_icon_data = array(
|
202 |
'type' => 'uploaded_marker_icon',
|
@@ -205,7 +232,7 @@ trait MarkerCRUD
|
|
205 |
'file_name' => $icon_url
|
206 |
);
|
207 |
|
208 |
-
$is_marker_icon_already_exist = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_icons WHERE file_name='
|
209 |
if ($is_marker_icon_already_exist == 0) {
|
210 |
$defaults = array(
|
211 |
'file_name' => ''
|
@@ -241,7 +268,7 @@ trait MarkerCRUD
|
|
241 |
{
|
242 |
global $wpdb;
|
243 |
$map_id = sanitize_text_field(esc_html($map_id));
|
244 |
-
return $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_markers WHERE map_id='
|
245 |
}
|
246 |
|
247 |
/**
|
@@ -249,17 +276,17 @@ trait MarkerCRUD
|
|
249 |
*/
|
250 |
public function get_markers_by_map_id()
|
251 |
{
|
252 |
-
if (!wp_verify_nonce($_POST['data']['ajax_nonce'], 'ajax_nonce')) {
|
253 |
die ('Busted!');
|
254 |
}
|
255 |
|
256 |
global $wpdb;
|
257 |
$map_id = sanitize_text_field(esc_html($_POST['data']['map_id']));
|
258 |
$filtered_map_markers = [];
|
259 |
-
$map_markers = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='
|
260 |
-
if(count($map_markers)>0){
|
261 |
-
foreach($map_markers as $key
|
262 |
-
$map_marker->marker_desc=wp_unslash(html_entity_decode($map_marker->marker_desc));
|
263 |
$filtered_map_markers[$key] = $map_marker;
|
264 |
}
|
265 |
|
@@ -280,8 +307,8 @@ trait MarkerCRUD
|
|
280 |
{
|
281 |
$return_json = array();
|
282 |
global $wpdb;
|
283 |
-
$map_id = $_GET['map_id'];
|
284 |
-
$wpgmap_markers = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='
|
285 |
if (count($wpgmap_markers) > 0) {
|
286 |
foreach ($wpgmap_markers as $marker_key => $wpgmap_marker) {
|
287 |
$action = '<a href="" class="wpgmap_marker_edit button button-small"
|
@@ -309,7 +336,16 @@ trait MarkerCRUD
|
|
309 |
*/
|
310 |
public function delete_marker()
|
311 |
{
|
312 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
313 |
global $wpdb;
|
314 |
$wpdb->delete(
|
315 |
$wpdb->prefix . 'wgm_markers',
|
@@ -328,9 +364,9 @@ trait MarkerCRUD
|
|
328 |
public function get_marker_data_by_marker_id()
|
329 |
{
|
330 |
global $wpdb;
|
331 |
-
$marker_id =
|
332 |
-
$result = $wpdb->get_row("
|
333 |
-
$result->marker_desc=wp_unslash(html_entity_decode($result->marker_desc));
|
334 |
echo json_encode($result);
|
335 |
wp_die();
|
336 |
}
|
38 |
*/
|
39 |
public function save_map_marker()
|
40 |
{
|
41 |
+
if (!current_user_can('administrator')) {
|
42 |
+
$returnArray = array(
|
43 |
+
'responseCode' => 0,
|
44 |
+
'message' => "Unauthorized access tried."
|
45 |
+
);
|
46 |
+
echo json_encode($returnArray);
|
47 |
+
wp_die();
|
48 |
+
}
|
49 |
+
|
50 |
global $wpdb;
|
51 |
$marker_data = $_POST['map_markers_data'];
|
52 |
$map_id = sanitize_text_field(esc_html($marker_data['wpgmap_map_id']));
|
123 |
|
124 |
public function update_map_marker()
|
125 |
{
|
126 |
+
if (!current_user_can('administrator')) {
|
127 |
+
$returnArray = array(
|
128 |
+
'responseCode' => 0,
|
129 |
+
'message' => "Unauthorized access tried."
|
130 |
+
);
|
131 |
+
echo json_encode($returnArray);
|
132 |
+
wp_die();
|
133 |
+
}
|
134 |
+
|
135 |
global $wpdb;
|
136 |
$error = '';
|
137 |
$marker_data = $_POST['map_markers_data'];
|
212 |
*/
|
213 |
public function save_marker_icon()
|
214 |
{
|
215 |
+
if (!current_user_can('administrator')) {
|
216 |
+
$returnArray = array(
|
217 |
+
'responseCode' => 0,
|
218 |
+
'message' => "Unauthorized access tried."
|
219 |
+
);
|
220 |
+
echo json_encode($returnArray);
|
221 |
+
wp_die();
|
222 |
+
}
|
223 |
+
|
224 |
global $wpdb;
|
225 |
$error = '';
|
226 |
+
$icon_url = sanitize_text_field(esc_html($_POST['data']['icon_url']));
|
227 |
// Getting ajax fields value
|
228 |
$map_icon_data = array(
|
229 |
'type' => 'uploaded_marker_icon',
|
232 |
'file_name' => $icon_url
|
233 |
);
|
234 |
|
235 |
+
$is_marker_icon_already_exist = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_icons WHERE file_name='%s'", $icon_url));
|
236 |
if ($is_marker_icon_already_exist == 0) {
|
237 |
$defaults = array(
|
238 |
'file_name' => ''
|
268 |
{
|
269 |
global $wpdb;
|
270 |
$map_id = sanitize_text_field(esc_html($map_id));
|
271 |
+
return $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'",$map_id));
|
272 |
}
|
273 |
|
274 |
/**
|
276 |
*/
|
277 |
public function get_markers_by_map_id()
|
278 |
{
|
279 |
+
if (!wp_verify_nonce(sanitize_text_field(esc_html($_POST['data']['ajax_nonce'])), 'ajax_nonce')) {
|
280 |
die ('Busted!');
|
281 |
}
|
282 |
|
283 |
global $wpdb;
|
284 |
$map_id = sanitize_text_field(esc_html($_POST['data']['map_id']));
|
285 |
$filtered_map_markers = [];
|
286 |
+
$map_markers = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'", $map_id));
|
287 |
+
if (count($map_markers) > 0) {
|
288 |
+
foreach ($map_markers as $key => $map_marker) {
|
289 |
+
$map_marker->marker_desc = wp_unslash(html_entity_decode($map_marker->marker_desc));
|
290 |
$filtered_map_markers[$key] = $map_marker;
|
291 |
}
|
292 |
|
307 |
{
|
308 |
$return_json = array();
|
309 |
global $wpdb;
|
310 |
+
$map_id = intval(sanitize_text_field(esc_html($_GET['map_id'])));
|
311 |
+
$wpgmap_markers = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'", $map_id));
|
312 |
if (count($wpgmap_markers) > 0) {
|
313 |
foreach ($wpgmap_markers as $marker_key => $wpgmap_marker) {
|
314 |
$action = '<a href="" class="wpgmap_marker_edit button button-small"
|
336 |
*/
|
337 |
public function delete_marker()
|
338 |
{
|
339 |
+
if (!current_user_can('administrator')) {
|
340 |
+
$returnArray = array(
|
341 |
+
'responseCode' => 0,
|
342 |
+
'message' => "Unauthorized access tried."
|
343 |
+
);
|
344 |
+
echo json_encode($returnArray);
|
345 |
+
wp_die();
|
346 |
+
}
|
347 |
+
|
348 |
+
$marker_id = sanitize_text_field(esc_html($_POST['data']['marker_id']));
|
349 |
global $wpdb;
|
350 |
$wpdb->delete(
|
351 |
$wpdb->prefix . 'wgm_markers',
|
364 |
public function get_marker_data_by_marker_id()
|
365 |
{
|
366 |
global $wpdb;
|
367 |
+
$marker_id = sanitize_text_field(esc_html(($_POST['data']['marker_id'])));
|
368 |
+
$result = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE id='%d'", $marker_id), OBJECT);
|
369 |
+
$result->marker_desc = wp_unslash(html_entity_decode($result->marker_desc));
|
370 |
echo json_encode($result);
|
371 |
wp_die();
|
372 |
}
|
includes/Traits/Menu.php
CHANGED
@@ -65,7 +65,7 @@ trait Menu
|
|
65 |
*/
|
66 |
public function srm_gmap_main()
|
67 |
{
|
68 |
-
if (isset($_GET['tag']) and $_GET['tag'] == 'edit') {
|
69 |
require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_edit.php';
|
70 |
} else {
|
71 |
require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_list.php';
|
65 |
*/
|
66 |
public function srm_gmap_main()
|
67 |
{
|
68 |
+
if (isset($_GET['tag']) and sanitize_text_field(esc_html($_GET['tag'] == 'edit'))) {
|
69 |
require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_edit.php';
|
70 |
} else {
|
71 |
require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_list.php';
|
includes/Traits/SetupWizard.php
CHANGED
@@ -21,6 +21,12 @@ trait SetupWizard
|
|
21 |
*/
|
22 |
public function wpgmap_save_setup_wizard()
|
23 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
24 |
$api_key = isset($_POST['wgm_api_key']) ? sanitize_text_field(esc_html($_POST['wgm_api_key'])) : '';
|
25 |
$language = isset($_POST['wgm_language']) ? sanitize_text_field(esc_html($_POST['wgm_language'])) : '';
|
26 |
$regional_area = isset($_POST['wgm_regional_area']) ? sanitize_text_field(esc_html($_POST['wgm_regional_area'])) : '';
|
21 |
*/
|
22 |
public function wpgmap_save_setup_wizard()
|
23 |
{
|
24 |
+
if (!current_user_can('administrator')) {
|
25 |
+
echo json_encode(array(
|
26 |
+
'responseCode' => 403,
|
27 |
+
));
|
28 |
+
wp_die();
|
29 |
+
}
|
30 |
$api_key = isset($_POST['wgm_api_key']) ? sanitize_text_field(esc_html($_POST['wgm_api_key'])) : '';
|
31 |
$language = isset($_POST['wgm_language']) ? sanitize_text_field(esc_html($_POST['wgm_language'])) : '';
|
32 |
$regional_area = isset($_POST['wgm_regional_area']) ? sanitize_text_field(esc_html($_POST['wgm_regional_area'])) : '';
|
readme.txt
CHANGED
@@ -4,8 +4,8 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
|
|
4 |
Tags: google map, map, maps, google maps, map markers, google map plugin, google map embed, google maps plugin, wp google map, map plugin, map embed, best google maps, store locator, map direction, map widget, street view
|
5 |
Requires at least: 2.9
|
6 |
Tested up to: 5.8
|
7 |
-
Version: 1.8.
|
8 |
-
Stable tag: 1.8.
|
9 |
Requires PHP: 5.3
|
10 |
Text Domain: gmap-embed
|
11 |
License: GPLv2 or later
|
@@ -199,6 +199,9 @@ Learn more about how [Appsero collects and uses this data](https://appsero.com/p
|
|
199 |
|
200 |
== Changelog ==
|
201 |
|
|
|
|
|
|
|
202 |
= 1.8.0 =
|
203 |
* Multiple Marker system introduced.
|
204 |
* Complete Admin UI updated for a better experience.
|
4 |
Tags: google map, map, maps, google maps, map markers, google map plugin, google map embed, google maps plugin, wp google map, map plugin, map embed, best google maps, store locator, map direction, map widget, street view
|
5 |
Requires at least: 2.9
|
6 |
Tested up to: 5.8
|
7 |
+
Version: 1.8.1
|
8 |
+
Stable tag: 1.8.1
|
9 |
Requires PHP: 5.3
|
10 |
Text Domain: gmap-embed
|
11 |
License: GPLv2 or later
|
199 |
|
200 |
== Changelog ==
|
201 |
|
202 |
+
= 1.8.1 =
|
203 |
+
* Hot fix: Security issue fixed.
|
204 |
+
|
205 |
= 1.8.0 =
|
206 |
* Multiple Marker system introduced.
|
207 |
* Complete Admin UI updated for a better experience.
|
srm_gmap_embed.php
CHANGED
@@ -7,7 +7,7 @@
|
|
7 |
Text Domain: gmap-embed
|
8 |
Domain Path: /languages
|
9 |
Author URI: https://www.srmilon.info?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
|
10 |
-
Version: 1.8.
|
11 |
*/
|
12 |
|
13 |
use WGMSRM\Classes\Database;
|
7 |
Text Domain: gmap-embed
|
8 |
Domain Path: /languages
|
9 |
Author URI: https://www.srmilon.info?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
|
10 |
+
Version: 1.8.1
|
11 |
*/
|
12 |
|
13 |
use WGMSRM\Classes\Database;
|