WP Google Map - Version 1.8.1

Version Description

Hot fix: Security issue fixed.

Release Info

Developer	milonfci
Plugin	WP Google Map
Version	1.8.1
Comparing to
See all releases

Code changes from version 1.8.0 to 1.8.1

Files changed (14) hide show

admin/assets/js/geo_based_map_edit.js +2 -2
admin/includes/markers-icons.php +1 -1
admin/includes/markers-settings.php +2 -2
admin/includes/wgm_messages_viewer.php +1 -1
admin/includes/wpgmap_edit.php +3 -3
includes/Classes/Migration.php +2 -2
includes/Traits/AssetHandler.php +6 -5
includes/Traits/InitActions.php +3 -3
includes/Traits/MapCRUD.php +18 -3
includes/Traits/MarkerCRUD.php +50 -14
includes/Traits/Menu.php +1 -1
includes/Traits/SetupWizard.php +6 -0
readme.txt +5 -2
srm_gmap_embed.php +1 -1

admin/assets/js/geo_based_map_edit.js CHANGED Viewed

	@@ -386,8 +386,8 @@ function wgm_initWpGmap(lat, lng, map_type) {
386	* @since 1.0.0
387	*/
388	jQuery(document.body).find('#wpgmap_map_zoom').on('keyup', function (element) {
389	- var point = wgm_marker1.getPosition(); // Get marker position
390	- wgm_map.panTo(~~point~~); // Pan map to that position
391	var current_zoom = parseInt(document.getElementById('wpgmap_map_zoom').value);
392	setTimeout("wgm_map.setZoom(" + current_zoom + ")", 800); // Zoom in after 500 m second
393	});


386	* @since 1.0.0
387	*/
388	jQuery(document.body).find('#wpgmap_map_zoom').on('keyup', function (element) {
389	+ // var point = wgm_marker1.getPosition(); // Get marker position
390	+ wgm_map.panTo(wgm_map.center); // Pan map to that position
391	var current_zoom = parseInt(document.getElementById('wpgmap_map_zoom').value);
392	setTimeout("wgm_map.setZoom(" + current_zoom + ")", 800); // Zoom in after 500 m second
393	});

admin/includes/markers-icons.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<ul class="wgm_gmap_embed_marker_icons">
2	<?php
3	global $wpdb;
4	- $wpgmap_marker_icons = $wpdb->get_results( "SELECT type, file_name FROM {$wpdb->prefix}wgm_icons", OBJECT );
5	foreach ( $wpgmap_marker_icons as $key => $marker_icon ) {
6
7	// $map_icon_data = array(


1	<ul class="wgm_gmap_embed_marker_icons">
2	<?php
3	global $wpdb;
4	+ $wpgmap_marker_icons = $wpdb->get_results( $wpdb->prepare("SELECT type, file_name FROM {$wpdb->prefix}wgm_icons"), OBJECT );
5	foreach ( $wpgmap_marker_icons as $key => $marker_icon ) {
6
7	// $map_icon_data = array(

admin/includes/markers-settings.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <?php $map_id = isset($_GET['id']) ? esc_html($_GET['id']) : 0; ?>
2	<!--<div class="wgm_gmap_marker_list" style="display: none" map_id="--><?php //echo $map_id;?><!--">-->
3	<div style="text-align: right;margin-top:10px;" class="add_new_marker_btn_area">
4	<button type="button" value="New Marker" class="button button-primary add_new_marker"
	@@ -174,7 +174,7 @@
174	<!-- </label>-->
175	<!-- </td>-->
176	<!-- </tr>-->
177	- <?php $map_id = (isset($_GET['tag']) && $_GET['tag'] == 'edit') ? sanitize_text_field(esc_html($_GET['id'])) : 0; ?>
178	<tr>
179	<td>
180	<button class=" button button-primary button-large wgm_marker_cancel" type="button">


1	+ <?php $map_id = isset($_GET['id']) ? sanitize_text_field(esc_html($_GET['id'])) : 0; ?>
2	<!--<div class="wgm_gmap_marker_list" style="display: none" map_id="--><?php //echo $map_id;?><!--">-->
3	<div style="text-align: right;margin-top:10px;" class="add_new_marker_btn_area">
4	<button type="button" value="New Marker" class="button button-primary add_new_marker"

174	<!-- </label>-->
175	<!-- </td>-->
176	<!-- </tr>-->
177	+ <?php $map_id = (isset($_GET['tag']) && sanitize_text_field(esc_html($_GET['tag'] == 'edit'))) ? sanitize_text_field(esc_html($_GET['id'])) : 0; ?>
178	<tr>
179	<td>
180	<button class=" button button-primary button-large wgm_marker_cancel" type="button">

admin/includes/wgm_messages_viewer.php CHANGED Viewed

	@@ -6,7 +6,7 @@ if (isset($_GET['message'])) {
6	<p>
7	<strong>
8	<?php
9	- $message_status = $_GET['message'];
10	switch ($message_status) {
11	case 1:
12	echo __( 'Map has been created Successfully. <a href="' . esc_url( 'https://youtu.be/o90H34eacHg?t=231' ) . '" target="_blank"> See How to use >></a>', 'gmap-embed' );


6	<p>
7	<strong>
8	<?php
9	+ $message_status = sanitize_text_field(esc_html($_GET['message']));
10	switch ($message_status) {
11	case 1:
12	echo __( 'Map has been created Successfully. <a href="' . esc_url( 'https://youtu.be/o90H34eacHg?t=231' ) . '" target="_blank"> See How to use >></a>', 'gmap-embed' );

admin/includes/wpgmap_edit.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php if (!defined('ABSPATH')) exit;
2	- $gmap_data = $this->get_wpgmapembed_data(intval($_GET['id']));
3	$wpgmap_single = json_decode($gmap_data);
4	list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_single->wpgmap_center_lat_lng));
5	?>
	@@ -24,7 +24,7 @@ list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_sin
24	// echo '<a target="_blank" href="' . esc_url('https://srmilon.info/documentation?utm_source=admin_map_edit&utm_medium=admin_link&utm_campaign=header_menu') . '" class="button wgm_btn" style="float:right;width:auto;padding: 5px 7px;font-size: 11px;margin-right: 5px;"><i style="line-height: 25px;" class="dashicons dashicons-book"></i> ' . __('Help Manual', 'gmap-embed') . '</a>';
25	?>
26	<span style="float: right;margin: 0px 8px 0 0;">Shortcode <input type="text"
27	- value="<?php echo esc_attr('[gmap-embed id="' . esc_html($_GET['id']) . '"]'); ?>"
28	style="padding: 2px 10px;border: 2px #008dff solid;" onclick="this.select()"></span>
29	<hr class="wp-header-end">
30	<div id="gmap_container_inner">
	@@ -33,7 +33,7 @@ list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_sin
33	<?php require_once WGM_PLUGIN_PATH . 'admin/includes/wgm_messages_viewer.php'; ?>
34
35	<input id="wpgmap_map_id" name="wpgmap_map_id"
36	- value="<?php echo isset($_GET['id']) ? intval(esc_html($_GET['id'])) : 0; ?>" type="hidden"/>
37	<div class="wp-gmap-properties-outer">
38	<div class="wgm_wpgmap_tab">
39	<ul class="wgm_wpgmap_tab">


1	<?php if (!defined('ABSPATH')) exit;
2	+ $gmap_data = $this->get_wpgmapembed_data(intval(sanitize_text_field(esc_html($_GET['id']))));
3	$wpgmap_single = json_decode($gmap_data);
4	list($wpgmap_center_lat, $wpgmap_center_lng) = explode(',', esc_html($wpgmap_single->wpgmap_center_lat_lng));
5	?>

24	// echo '<a target="_blank" href="' . esc_url('https://srmilon.info/documentation?utm_source=admin_map_edit&utm_medium=admin_link&utm_campaign=header_menu') . '" class="button wgm_btn" style="float:right;width:auto;padding: 5px 7px;font-size: 11px;margin-right: 5px;"><i style="line-height: 25px;" class="dashicons dashicons-book"></i> ' . __('Help Manual', 'gmap-embed') . '</a>';
25	?>
26	<span style="float: right;margin: 0px 8px 0 0;">Shortcode <input type="text"
27	+ value="<?php echo esc_attr('[gmap-embed id="' . sanitize_text_field(esc_html($_GET['id'])) . '"]'); ?>"
28	style="padding: 2px 10px;border: 2px #008dff solid;" onclick="this.select()"></span>
29	<hr class="wp-header-end">
30	<div id="gmap_container_inner">

33	<?php require_once WGM_PLUGIN_PATH . 'admin/includes/wgm_messages_viewer.php'; ?>
34
35	<input id="wpgmap_map_id" name="wpgmap_map_id"
36	+ value="<?php echo isset($_GET['id']) ? intval(sanitize_text_field(esc_html($_GET['id']))) : 0; ?>" type="hidden"/>
37	<div class="wp-gmap-properties-outer">
38	<div class="wgm_wpgmap_tab">
39	<ul class="wgm_wpgmap_tab">

includes/Classes/Migration.php CHANGED Viewed

	@@ -68,7 +68,7 @@ class Migration
68	'updated_by' => get_current_user_id()
69	];
70	$wp_gmap_marker_data = wp_parse_args($map_marker_data, $defaults);
71	- $is_marker_already_exist = $wpdb->get_var("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_markers WHERE map_id='~~$map_id~~'");
72	if ($is_marker_already_exist == 0) {
73	$wpdb->insert(
74	$wpdb->prefix . 'wgm_markers',
	@@ -97,7 +97,7 @@ class Migration
97	'file_name' => $map_marker_data['icon']
98	);
99
100	- $is_marker_icon_already_exist = $wpdb->get_var("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_icons WHERE file_name='{$map_marker_data['icon']~~}'"~~);
101	if ($is_marker_icon_already_exist == 0) {
102	$defaults = array(
103	'type' => 'uploaded_marker_icon',


68	'updated_by' => get_current_user_id()
69	];
70	$wp_gmap_marker_data = wp_parse_args($map_marker_data, $defaults);
71	+ $is_marker_already_exist = $wpdb->get_var($wpdb->prepare("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'",$map_id));
72	if ($is_marker_already_exist == 0) {
73	$wpdb->insert(
74	$wpdb->prefix . 'wgm_markers',

97	'file_name' => $map_marker_data['icon']
98	);
99
100	+ $is_marker_icon_already_exist = $wpdb->get_var($wpdb->prepare("SELECT COUNT(id) FROM {$wpdb->prefix}wgm_icons WHERE file_name='%'",$map_marker_data['icon']));
101	if ($is_marker_icon_already_exist == 0) {
102	$defaults = array(
103	'type' => 'uploaded_marker_icon',

includes/Traits/AssetHandler.php CHANGED Viewed

	@@ -67,9 +67,9 @@ trait AssetHandler
67	'ajax_nonce' => wp_create_nonce('ajax_nonce'),
68	);
69
70	- if (isset($_GET['tag']) and $_GET['tag'] == 'edit') {
71
72	- $map_id = isset($_GET['id']) ? intval(esc_html($_GET['id'])) : 0;
73	$current_map_marker_lat_lng = explode(',', get_post_meta($map_id, 'wpgmap_latlng', true));
74	$current_map_marker_lat = isset($current_map_marker_lat_lng[0]) ? $current_map_marker_lat_lng[0] : 40.73359922990751;
75	$current_map_marker_lng = isset($current_map_marker_lat_lng[1]) ? $current_map_marker_lat_lng[1] : -74.02791395625002;
	@@ -143,8 +143,9 @@ trait AssetHandler
143	*/
144	function enqueue_admin_gmap_scripts()
145	{

146	global $pagenow;
147	- if ($pagenow == 'post.php' \|\| $pagenow == 'post-new.php' \|\| (isset($_GET['page']) and ($~~_GET['~~page'] == 'wpgmapembed' or $~~_GET['~~page'] == 'wpgmapembed-settings' or $~~_GET['~~page'] == 'wpgmapembed-new' or $~~_GET['~~page'] == 'wgm_setup_wizard' or $~~_GET['~~page'] == 'wpgmapembed-support'))) {
148
149	// Registering common scripts (Included: Google API)
150	$this->registerCommonScripts();
	@@ -173,7 +174,7 @@ trait AssetHandler
173
174
175	/** Edit and Add Map page */
176	- if ($pagenow == 'post.php' \|\| $pagenow == 'post-new.php' \|\| (isset($_GET['page']) and ($~~_GET['~~page'] == 'wpgmapembed' or $~~_GET['~~page'] == 'wpgmapembed-new'))) {
177	wp_enqueue_script('wgm-map-curd-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_map_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_map_crud.js'), true);
178	wp_enqueue_script('wp-gmap-markers-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_marker_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_marker_crud.js'), true);
179	# Datatable
	@@ -182,7 +183,7 @@ trait AssetHandler
182	}
183
184	/** Setup Wizard */
185	- if (isset($_GET['page']) and ($~~_GET['~~page'] == 'wgm_setup_wizard')) {
186	wp_enqueue_style('wp-gmap-setup-wizard-css', WGM_PLUGIN_URL . 'admin/assets/css/setup_wizard.css', array(), filemtime(WGM_PLUGIN_PATH . '/admin/assets/css/setup_wizard.css'));
187	wp_enqueue_script('wp-gmap-setup-wizard-js', WGM_PLUGIN_URL . 'admin/assets/js/setup_wizard.js', array(), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/setup_wizard.js'), true);
188	}


67	'ajax_nonce' => wp_create_nonce('ajax_nonce'),
68	);
69
70	+ if (isset($_GET['tag']) and sanitize_text_field(esc_html($_GET['tag'])) == 'edit') {
71
72	+ $map_id = isset($_GET['id']) ? intval(sanitize_text_field(esc_html($_GET['id']))) : 0;
73	$current_map_marker_lat_lng = explode(',', get_post_meta($map_id, 'wpgmap_latlng', true));
74	$current_map_marker_lat = isset($current_map_marker_lat_lng[0]) ? $current_map_marker_lat_lng[0] : 40.73359922990751;
75	$current_map_marker_lng = isset($current_map_marker_lat_lng[1]) ? $current_map_marker_lat_lng[1] : -74.02791395625002;

143	*/
144	function enqueue_admin_gmap_scripts()
145	{
146	+ $page = isset($_GET['page']) ? $_GET['page'] : '';
147	global $pagenow;
148	+ if ($pagenow == 'post.php' \|\| $pagenow == 'post-new.php' \|\| (isset($_GET['page']) and ($page == 'wpgmapembed' or $page == 'wpgmapembed-settings' or $page == 'wpgmapembed-new' or $page == 'wgm_setup_wizard' or $page == 'wpgmapembed-support'))) {
149
150	// Registering common scripts (Included: Google API)
151	$this->registerCommonScripts();

174
175
176	/** Edit and Add Map page */
177	+ if ($pagenow == 'post.php' \|\| $pagenow == 'post-new.php' \|\| (isset($_GET['page']) and ($page == 'wpgmapembed' or $page == 'wpgmapembed-new'))) {
178	wp_enqueue_script('wgm-map-curd-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_map_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_map_crud.js'), true);
179	wp_enqueue_script('wp-gmap-markers-js', WGM_PLUGIN_URL . 'admin/assets/js/wgm_marker_crud.js', array('wp-gmap-common-js'), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/wgm_marker_crud.js'), true);
180	# Datatable

183	}
184
185	/** Setup Wizard */
186	+ if (isset($_GET['page']) and ($page == 'wgm_setup_wizard')) {
187	wp_enqueue_style('wp-gmap-setup-wizard-css', WGM_PLUGIN_URL . 'admin/assets/css/setup_wizard.css', array(), filemtime(WGM_PLUGIN_PATH . '/admin/assets/css/setup_wizard.css'));
188	wp_enqueue_script('wp-gmap-setup-wizard-js', WGM_PLUGIN_URL . 'admin/assets/js/setup_wizard.js', array(), filemtime(WGM_PLUGIN_PATH . 'admin/assets/js/setup_wizard.js'), true);
189	}

includes/Traits/InitActions.php CHANGED Viewed

	@@ -30,12 +30,12 @@ trait InitActions
30	add_action('gmap_embed_review_already_did', array($this, 'review_already_did'));
31	add_action('gmap_embed_review_later', array($this, 'review_later'));
32	if (isset($_GET['plugin'])) {
33	- $plugin = sanitize_text_field($_GET['plugin']);
34	if ($plugin === $this->plugin_slug) {
35	- if (isset($_GET['dismiss']) and $_GET['dismiss'] == 1) {
36	do_action('gmap_embed_review_already_did');
37	}
38	- if (isset($_GET['later']) and $_GET['later'] == 1) {
39	do_action('gmap_embed_review_later');
40	}
41	wp_safe_redirect($this->redirect_to());


30	add_action('gmap_embed_review_already_did', array($this, 'review_already_did'));
31	add_action('gmap_embed_review_later', array($this, 'review_later'));
32	if (isset($_GET['plugin'])) {
33	+ $plugin = sanitize_text_field(esc_html(($_GET['plugin'])));
34	if ($plugin === $this->plugin_slug) {
35	+ if (isset($_GET['dismiss']) and sanitize_text_field(esc_html($_GET['dismiss'])) == 1) {
36	do_action('gmap_embed_review_already_did');
37	}
38	+ if (isset($_GET['later']) and sanitize_text_field(esc_html($_GET['later'])) == 1) {
39	do_action('gmap_embed_review_later');
40	}
41	wp_safe_redirect($this->redirect_to());

includes/Traits/MapCRUD.php CHANGED Viewed

	@@ -60,6 +60,13 @@ trait MapCRUD
60	*/
61	public function save_wpgmapembed_data()
62	{







63	$error = '';
64	// Getting ajax fileds value
65	$meta_data = array(
	@@ -97,7 +104,7 @@ trait MapCRUD
97	);
98	$post_id = wp_insert_post($post_array);
99	} elseif ($action_type == 'update') {
100	- $post_id = intval($_POST['map_data']['post_id']);
101	}
102
103	// Updating post meta
	@@ -171,7 +178,7 @@ trait MapCRUD
171	public function get_wpgmapembed_data($gmap_id = '')
172	{
173	if ($gmap_id == '') {
174	- $gmap_id = intval($_POST['wpgmap_id']);
175	}
176
177	$gmap_data = array(
	@@ -199,6 +206,14 @@ trait MapCRUD
199	public function remove_wpgmapembed_data()
200	{
201








202	$meta_data = array(
203	'wpgmap_title',
204	'wpgmap_heading_class',
	@@ -213,7 +228,7 @@ trait MapCRUD
213	'wpgmap_enable_direction'
214	);
215
216	- $post_id = intval($_POST['post_id']);
217	wp_delete_post($post_id);
218	foreach ($meta_data as $field_name => $value) {
219	delete_post_meta($post_id, $field_name, $value);


60	*/
61	public function save_wpgmapembed_data()
62	{
63	+ if (!current_user_can('administrator')) {
64	+ echo json_encode(array(
65	+ 'responseCode' => 0,
66	+ 'message' => 'Unauthorized access tried.'
67	+ ));
68	+ wp_die();
69	+ }
70	$error = '';
71	// Getting ajax fileds value
72	$meta_data = array(

104	);
105	$post_id = wp_insert_post($post_array);
106	} elseif ($action_type == 'update') {
107	+ $post_id = intval(sanitize_text_field(esc_html($_POST['map_data']['post_id'])));
108	}
109
110	// Updating post meta

178	public function get_wpgmapembed_data($gmap_id = '')
179	{
180	if ($gmap_id == '') {
181	+ $gmap_id = intval(sanitize_text_field(esc_html($_POST['wpgmap_id'])));
182	}
183
184	$gmap_data = array(

206	public function remove_wpgmapembed_data()
207	{
208
209	+ if (!current_user_can('administrator')) {
210	+ $returnArray = array(
211	+ 'responseCode' => 0,
212	+ 'message' => "Unauthorized access tried."
213	+ );
214	+ echo json_encode($returnArray);
215	+ wp_die();
216	+ }
217	$meta_data = array(
218	'wpgmap_title',
219	'wpgmap_heading_class',

228	'wpgmap_enable_direction'
229	);
230
231	+ $post_id = intval(sanitize_text_field(esc_html($_POST['post_id'])));
232	wp_delete_post($post_id);
233	foreach ($meta_data as $field_name => $value) {
234	delete_post_meta($post_id, $field_name, $value);

includes/Traits/MarkerCRUD.php CHANGED Viewed

	@@ -38,6 +38,15 @@ trait MarkerCRUD
38	*/
39	public function save_map_marker()
40	{









41	global $wpdb;
42	$marker_data = $_POST['map_markers_data'];
43	$map_id = sanitize_text_field(esc_html($marker_data['wpgmap_map_id']));
	@@ -114,6 +123,15 @@ trait MarkerCRUD
114
115	public function update_map_marker()
116	{









117	global $wpdb;
118	$error = '';
119	$marker_data = $_POST['map_markers_data'];
	@@ -194,9 +212,18 @@ trait MarkerCRUD
194	*/
195	public function save_marker_icon()
196	{









197	global $wpdb;
198	$error = '';
199	- $icon_url = $_POST['data']['icon_url'];
200	// Getting ajax fields value
201	$map_icon_data = array(
202	'type' => 'uploaded_marker_icon',
	@@ -205,7 +232,7 @@ trait MarkerCRUD
205	'file_name' => $icon_url
206	);
207
208	- $is_marker_icon_already_exist = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_icons WHERE file_name='{$icon_url~~}'"~~);
209	if ($is_marker_icon_already_exist == 0) {
210	$defaults = array(
211	'file_name' => ''
	@@ -241,7 +268,7 @@ trait MarkerCRUD
241	{
242	global $wpdb;
243	$map_id = sanitize_text_field(esc_html($map_id));
244	- return $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_markers WHERE map_id='~~{$map_id}~~'");
245	}
246
247	/**
	@@ -249,17 +276,17 @@ trait MarkerCRUD
249	*/
250	public function get_markers_by_map_id()
251	{
252	- if (!wp_verify_nonce($_POST['data']['ajax_nonce'], 'ajax_nonce')) {
253	die ('Busted!');
254	}
255
256	global $wpdb;
257	$map_id = sanitize_text_field(esc_html($_POST['data']['map_id']));
258	$filtered_map_markers = [];
259	- $map_markers = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='{$map_id~~}'"~~);
260	- if(count($map_markers)>0){
261	- foreach($map_markers as $key~~=>$~~map_marker){
262	- $map_marker->marker_desc=wp_unslash(html_entity_decode($map_marker->marker_desc));
263	$filtered_map_markers[$key] = $map_marker;
264	}
265
	@@ -280,8 +307,8 @@ trait MarkerCRUD
280	{
281	$return_json = array();
282	global $wpdb;
283	- $map_id = $_GET['map_id'];
284	- $wpgmap_markers = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='{$map_id~~}'"~~);
285	if (count($wpgmap_markers) > 0) {
286	foreach ($wpgmap_markers as $marker_key => $wpgmap_marker) {
287	$action = '<a href="" class="wpgmap_marker_edit button button-small"
	@@ -309,7 +336,16 @@ trait MarkerCRUD
309	*/
310	public function delete_marker()
311	{
312	- ~~$marker_id~~ ~~= esc_attr~~(~~$_POST[~~'~~data~~'~~]['marker_id']~~);









313	global $wpdb;
314	$wpdb->delete(
315	$wpdb->prefix . 'wgm_markers',
	@@ -328,9 +364,9 @@ trait MarkerCRUD
328	public function get_marker_data_by_marker_id()
329	{
330	global $wpdb;
331	- $marker_id = ~~esc_attr~~($_POST['data']['marker_id']);
332	- $result = $wpdb->get_row(" SELECT * FROM {$wpdb->prefix}wgm_markers WHERE id='~~$marker_id~~'", OBJECT);
333	- $result->marker_desc=wp_unslash(html_entity_decode($result->marker_desc));
334	echo json_encode($result);
335	wp_die();
336	}


38	*/
39	public function save_map_marker()
40	{
41	+ if (!current_user_can('administrator')) {
42	+ $returnArray = array(
43	+ 'responseCode' => 0,
44	+ 'message' => "Unauthorized access tried."
45	+ );
46	+ echo json_encode($returnArray);
47	+ wp_die();
48	+ }
49	+
50	global $wpdb;
51	$marker_data = $_POST['map_markers_data'];
52	$map_id = sanitize_text_field(esc_html($marker_data['wpgmap_map_id']));

123
124	public function update_map_marker()
125	{
126	+ if (!current_user_can('administrator')) {
127	+ $returnArray = array(
128	+ 'responseCode' => 0,
129	+ 'message' => "Unauthorized access tried."
130	+ );
131	+ echo json_encode($returnArray);
132	+ wp_die();
133	+ }
134	+
135	global $wpdb;
136	$error = '';
137	$marker_data = $_POST['map_markers_data'];

212	*/
213	public function save_marker_icon()
214	{
215	+ if (!current_user_can('administrator')) {
216	+ $returnArray = array(
217	+ 'responseCode' => 0,
218	+ 'message' => "Unauthorized access tried."
219	+ );
220	+ echo json_encode($returnArray);
221	+ wp_die();
222	+ }
223	+
224	global $wpdb;
225	$error = '';
226	+ $icon_url = sanitize_text_field(esc_html($_POST['data']['icon_url']));
227	// Getting ajax fields value
228	$map_icon_data = array(
229	'type' => 'uploaded_marker_icon',

232	'file_name' => $icon_url
233	);
234
235	+ $is_marker_icon_already_exist = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_icons WHERE file_name='%s'", $icon_url));
236	if ($is_marker_icon_already_exist == 0) {
237	$defaults = array(
238	'file_name' => ''

268	{
269	global $wpdb;
270	$map_id = sanitize_text_field(esc_html($map_id));
271	+ return $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'",$map_id));
272	}
273
274	/**

276	*/
277	public function get_markers_by_map_id()
278	{
279	+ if (!wp_verify_nonce(sanitize_text_field(esc_html($_POST['data']['ajax_nonce'])), 'ajax_nonce')) {
280	die ('Busted!');
281	}
282
283	global $wpdb;
284	$map_id = sanitize_text_field(esc_html($_POST['data']['map_id']));
285	$filtered_map_markers = [];
286	+ $map_markers = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'", $map_id));
287	+ if (count($map_markers) > 0) {
288	+ foreach ($map_markers as $key => $map_marker) {
289	+ $map_marker->marker_desc = wp_unslash(html_entity_decode($map_marker->marker_desc));
290	$filtered_map_markers[$key] = $map_marker;
291	}
292

307	{
308	$return_json = array();
309	global $wpdb;
310	+ $map_id = intval(sanitize_text_field(esc_html($_GET['map_id'])));
311	+ $wpgmap_markers = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE map_id='%d'", $map_id));
312	if (count($wpgmap_markers) > 0) {
313	foreach ($wpgmap_markers as $marker_key => $wpgmap_marker) {
314	$action = '<a href="" class="wpgmap_marker_edit button button-small"

336	*/
337	public function delete_marker()
338	{
339	+ if (!current_user_can('administrator')) {
340	+ $returnArray = array(
341	+ 'responseCode' => 0,
342	+ 'message' => "Unauthorized access tried."
343	+ );
344	+ echo json_encode($returnArray);
345	+ wp_die();
346	+ }
347	+
348	+ $marker_id = sanitize_text_field(esc_html($_POST['data']['marker_id']));
349	global $wpdb;
350	$wpdb->delete(
351	$wpdb->prefix . 'wgm_markers',

364	public function get_marker_data_by_marker_id()
365	{
366	global $wpdb;
367	+ $marker_id = sanitize_text_field(esc_html(($_POST['data']['marker_id'])));
368	+ $result = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->prefix}wgm_markers WHERE id='%d'", $marker_id), OBJECT);
369	+ $result->marker_desc = wp_unslash(html_entity_decode($result->marker_desc));
370	echo json_encode($result);
371	wp_die();
372	}

includes/Traits/Menu.php CHANGED Viewed

	@@ -65,7 +65,7 @@ trait Menu
65	*/
66	public function srm_gmap_main()
67	{
68	- if (isset($_GET['tag']) and $_GET['tag'] == 'edit') {
69	require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_edit.php';
70	} else {
71	require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_list.php';


65	*/
66	public function srm_gmap_main()
67	{
68	+ if (isset($_GET['tag']) and sanitize_text_field(esc_html($_GET['tag'] == 'edit'))) {
69	require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_edit.php';
70	} else {
71	require WGM_PLUGIN_PATH . 'admin/includes/wpgmap_list.php';

includes/Traits/SetupWizard.php CHANGED Viewed

	@@ -21,6 +21,12 @@ trait SetupWizard
21	*/
22	public function wpgmap_save_setup_wizard()
23	{






24	$api_key = isset($_POST['wgm_api_key']) ? sanitize_text_field(esc_html($_POST['wgm_api_key'])) : '';
25	$language = isset($_POST['wgm_language']) ? sanitize_text_field(esc_html($_POST['wgm_language'])) : '';
26	$regional_area = isset($_POST['wgm_regional_area']) ? sanitize_text_field(esc_html($_POST['wgm_regional_area'])) : '';


21	*/
22	public function wpgmap_save_setup_wizard()
23	{
24	+ if (!current_user_can('administrator')) {
25	+ echo json_encode(array(
26	+ 'responseCode' => 403,
27	+ ));
28	+ wp_die();
29	+ }
30	$api_key = isset($_POST['wgm_api_key']) ? sanitize_text_field(esc_html($_POST['wgm_api_key'])) : '';
31	$language = isset($_POST['wgm_language']) ? sanitize_text_field(esc_html($_POST['wgm_language'])) : '';
32	$regional_area = isset($_POST['wgm_regional_area']) ? sanitize_text_field(esc_html($_POST['wgm_regional_area'])) : '';

readme.txt CHANGED Viewed

	@@ -4,8 +4,8 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4	Tags: google map, map, maps, google maps, map markers, google map plugin, google map embed, google maps plugin, wp google map, map plugin, map embed, best google maps, store locator, map direction, map widget, street view
5	Requires at least: 2.9
6	Tested up to: 5.8
7	- Version: 1.8.0
8	- Stable tag: 1.8.0
9	Requires PHP: 5.3
10	Text Domain: gmap-embed
11	License: GPLv2 or later
	@@ -199,6 +199,9 @@ Learn more about how [Appsero collects and uses this data](https://appsero.com/p
199
200	== Changelog ==
201



202	= 1.8.0 =
203	* Multiple Marker system introduced.
204	* Complete Admin UI updated for a better experience.


4	Tags: google map, map, maps, google maps, map markers, google map plugin, google map embed, google maps plugin, wp google map, map plugin, map embed, best google maps, store locator, map direction, map widget, street view
5	Requires at least: 2.9
6	Tested up to: 5.8
7	+ Version: 1.8.1
8	+ Stable tag: 1.8.1
9	Requires PHP: 5.3
10	Text Domain: gmap-embed
11	License: GPLv2 or later

199
200	== Changelog ==
201
202	+ = 1.8.1 =
203	+ * Hot fix: Security issue fixed.
204	+
205	= 1.8.0 =
206	* Multiple Marker system introduced.
207	* Complete Admin UI updated for a better experience.

srm_gmap_embed.php CHANGED Viewed

	@@ -7,7 +7,7 @@
7	Text Domain: gmap-embed
8	Domain Path: /languages
9	Author URI: https://www.srmilon.info?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
10	- Version: 1.8.0
11	*/
12
13	use WGMSRM\Classes\Database;


7	Text Domain: gmap-embed
8	Domain Path: /languages
9	Author URI: https://www.srmilon.info?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
10	+ Version: 1.8.1
11	*/
12
13	use WGMSRM\Classes\Database;