myCRED - Version 2.4.7

Version Description

Bug fixes.

Download this release

Release Info

Developer wpexpertsio
Plugin Icon 128x128 myCRED
Version 2.4.7
Comparing to
See all releases

Code changes from version 2.4.6.1 to 2.4.7

Files changed (48) hide show
  1. addons/badges/includes/mycred-badge-shortcodes.php +0 -1
  2. addons/badges/myCRED-addon-badges.php +5 -3
  3. addons/buy-creds/includes/buycred-functions.php +5 -7
  4. addons/buy-creds/includes/buycred-shortcodes.php +1 -1
  5. addons/buy-creds/modules/buycred-module-core.php +1 -0
  6. addons/buy-creds/modules/buycred-module-pending.php +2 -1
  7. addons/cash-creds/assets/css/withdraw.css +0 -4
  8. addons/cash-creds/includes/cashcred-shortcodes.php +1 -3
  9. addons/cash-creds/modules/cashcred-module-core.php +1 -0
  10. addons/cash-creds/modules/cashcred-module-withdrawal.php +5 -3
  11. addons/coupons/myCRED-addon-coupons.php +2 -1
  12. addons/email-notices/includes/mycred-email-object.php +4 -0
  13. addons/gateway/event-booking/mycred-eventespresso3.php +1 -1
  14. addons/notifications/myCRED-addon-notifications.php +1 -1
  15. addons/ranks/includes/mycred-rank-functions.php +1 -1
  16. addons/ranks/myCRED-addon-ranks.php +1 -0
  17. addons/sell-content/myCRED-addon-sell-content.php +2 -1
  18. addons/transfer/assets/js/mycred-transfer.js +8 -2
  19. addons/transfer/css/transfer.css +2 -2
  20. addons/transfer/includes/mycred-transfer-functions.php +5 -5
  21. addons/transfer/includes/mycred-transfer-object.php +229 -12
  22. addons/transfer/includes/mycred-transfer-widgets.php +46 -5
  23. addons/transfer/myCRED-addon-transfer.php +44 -37
  24. assets/css/mycred-edit-balance.css +1 -2
  25. includes/classes/class.query-leaderboard.php +25 -20
  26. includes/classes/class.query-log.php +9 -7
  27. includes/hooks/external/mycred-hook-buddypress.php +2 -1
  28. includes/hooks/external/mycred-hook-contact-form7.php +188 -181
  29. includes/hooks/external/mycred-hook-woocommerce.php +3 -1
  30. includes/hooks/mycred-hook-referrals.php +4 -2
  31. includes/importers/mycred-balances.php +1 -1
  32. includes/importers/mycred-cubepoints.php +1 -1
  33. includes/importers/mycred-log-entries.php +1 -1
  34. includes/mycred-functions.php +44 -5
  35. includes/mycred-remote.php +11 -11
  36. includes/mycred-tools-bulk-assign.php +111 -5
  37. includes/mycred-tools-import-export.php +185 -42
  38. includes/mycred-tools-setup-import-export.php +87 -115
  39. includes/mycred-tools.php +13 -13
  40. includes/mycred-walkthrough.php +1 -1
  41. modules/mycred-module-export.php +1 -1
  42. modules/mycred-module-hooks.php +3 -2
  43. modules/mycred-module-log.php +7 -4
  44. modules/mycred-module-management.php +85 -29
  45. modules/mycred-module-network.php +6 -5
  46. modules/mycred-module-settings.php +10 -55
  47. mycred.php +6 -6
  48. readme.txt +11 -1
addons/badges/includes/mycred-badge-shortcodes.php CHANGED
@@ -153,7 +153,6 @@ if (! function_exists('mycred_render_my_badges') ) :
153
 
154
  if ( $badge->level_image !== false ) {
155
 
156
- var_dump( $level, $badge );
157
 
158
  echo '<div class="demo-badge-image">' . wp_kses_post( $badge->get_image( $level ) ) . '</div>';
159
 
153
 
154
  if ( $badge->level_image !== false ) {
155
 
 
156
 
157
  echo '<div class="demo-badge-image">' . wp_kses_post( $badge->get_image( $level ) ) . '</div>';
158
 
addons/badges/myCRED-addon-badges.php CHANGED
@@ -1393,8 +1393,9 @@ th#badge-users { width: 10%; }
1393
  if ( ! empty( $_POST['mycred_badge']['levels'] ) ) {
1394
 
1395
  $level_row = 0;
1396
-
1397
- foreach ( $_POST['mycred_badge']['levels'] as $level_id => $level_setup ) {
 
1398
 
1399
  $level = array();
1400
 
@@ -1895,7 +1896,8 @@ th#badge-users { width: 10%; }
1895
  $users_badges = mycred_get_users_badges( $user_id );
1896
 
1897
  if ( ! empty( $_POST['mycred_badge_manual']['badges'] ) ) {
1898
- foreach ( $_POST['mycred_badge_manual']['badges'] as $badge_id => $data ) {
 
1899
 
1900
  $badge = mycred_get_badge( $badge_id );
1901
 
1393
  if ( ! empty( $_POST['mycred_badge']['levels'] ) ) {
1394
 
1395
  $level_row = 0;
1396
+
1397
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1398
+ foreach( $_POST['mycred_badge']['levels'] as $level_id => $level_setup ){
1399
 
1400
  $level = array();
1401
 
1896
  $users_badges = mycred_get_users_badges( $user_id );
1897
 
1898
  if ( ! empty( $_POST['mycred_badge_manual']['badges'] ) ) {
1899
+
1900
+ foreach ( mycred_sanitize_array( wp_unslash( $_POST['mycred_badge_manual']['badges'] ) ) as $badge_id => $data ) {
1901
 
1902
  $badge = mycred_get_badge( $badge_id );
1903
 
addons/buy-creds/includes/buycred-functions.php CHANGED
@@ -404,7 +404,7 @@ if ( ! function_exists( 'buycred_get_pending_payment' ) ) :
404
 
405
  // Construct fake pending object ( when no pending payment object exists )
406
  if ( is_array( $payment_id ) ) {
407
-
408
  $pending_payment = new StdClass();
409
  $pending_payment->payment_id = false;
410
  $pending_payment->public_id = $payment_id['public_id'];
@@ -422,9 +422,7 @@ if ( ! function_exists( 'buycred_get_pending_payment' ) ) :
422
  }
423
 
424
  else {
425
-
426
  $payment_id = buycred_get_pending_payment_id( $payment_id );
427
-
428
  if ( $payment_id === false ) return false;
429
 
430
  $pending_payment = new StdClass();
@@ -440,13 +438,13 @@ if ( ! function_exists( 'buycred_get_pending_payment' ) ) :
440
  $pending_payment->transaction_id = $pending_payment->public_id;
441
 
442
  $pending_payment->cancel_url = buycred_get_cancel_transaction_url( $pending_payment->public_id );
443
-
444
  $pending_payment->pay_now_url = add_query_arg( array(
445
  'mycred_buy' => $pending_payment->gateway_id,
446
  'amount' => $pending_payment->amount,
447
  'revisit' => $payment_id,
448
  'token' => wp_create_nonce( 'mycred-buy-creds' )
449
- ), set_url_scheme( esc_url_raw( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) );
450
 
451
  }
452
 
@@ -488,7 +486,7 @@ if ( ! function_exists( 'buycred_add_pending_comment' ) ) :
488
  'comment_author_email' => $author_email,
489
  'comment_content' => $comment,
490
  'comment_type' => 'buycred',
491
- 'comment_author_IP' => sanitize_text_field( $_SERVER['REMOTE_ADDR'] ),
492
  'comment_date' => $time,
493
  'comment_approved' => 1,
494
  'user_id' => 0
@@ -506,7 +504,7 @@ if ( ! function_exists( 'buycred_get_cancel_transaction_url' ) ) :
506
  function buycred_get_cancel_transaction_url( $transaction_id = NULL ) {
507
 
508
  $settings = mycred_get_buycred_settings();
509
- $base = set_url_scheme( sanitize_url( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) );
510
 
511
  // Cancel page
512
  if ( $settings['cancelled']['use'] == 'page' ) {
404
 
405
  // Construct fake pending object ( when no pending payment object exists )
406
  if ( is_array( $payment_id ) ) {
407
+
408
  $pending_payment = new StdClass();
409
  $pending_payment->payment_id = false;
410
  $pending_payment->public_id = $payment_id['public_id'];
422
  }
423
 
424
  else {
 
425
  $payment_id = buycred_get_pending_payment_id( $payment_id );
 
426
  if ( $payment_id === false ) return false;
427
 
428
  $pending_payment = new StdClass();
438
  $pending_payment->transaction_id = $pending_payment->public_id;
439
 
440
  $pending_payment->cancel_url = buycred_get_cancel_transaction_url( $pending_payment->public_id );
441
+ $url = ( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) ? set_url_scheme( esc_url_raw( wp_unslash( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) ) : '';
442
  $pending_payment->pay_now_url = add_query_arg( array(
443
  'mycred_buy' => $pending_payment->gateway_id,
444
  'amount' => $pending_payment->amount,
445
  'revisit' => $payment_id,
446
  'token' => wp_create_nonce( 'mycred-buy-creds' )
447
+ ), $url );
448
 
449
  }
450
 
486
  'comment_author_email' => $author_email,
487
  'comment_content' => $comment,
488
  'comment_type' => 'buycred',
489
+ 'comment_author_IP' => isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '',
490
  'comment_date' => $time,
491
  'comment_approved' => 1,
492
  'user_id' => 0
504
  function buycred_get_cancel_transaction_url( $transaction_id = NULL ) {
505
 
506
  $settings = mycred_get_buycred_settings();
507
+ $base = ( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) ? set_url_scheme( sanitize_text_field( wp_unslash( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) ) : '';
508
 
509
  // Cancel page
510
  if ( $settings['cancelled']['use'] == 'page' ) {
addons/buy-creds/includes/buycred-shortcodes.php CHANGED
@@ -77,7 +77,7 @@ if ( ! function_exists( 'mycred_render_buy_points' ) ) :
77
  if ( empty( $classes ) || ! in_array( 'mycred-buy-link', $classes ) )
78
  $classes[] = 'mycred-buy-link';
79
 
80
- $current_url = set_url_scheme( sanitize_url( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) );
81
  if ( is_ssl() )
82
  $current_url = str_replace( 'http://', 'https://', $current_url );
83
 
77
  if ( empty( $classes ) || ! in_array( 'mycred-buy-link', $classes ) )
78
  $classes[] = 'mycred-buy-link';
79
 
80
+ $current_url = ( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) ? set_url_scheme( sanitize_text_field( wp_unslash( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) ) : '';( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) ? set_url_scheme( sanitize_text_field( wp_unslash( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) ) : '';
81
  if ( is_ssl() )
82
  $current_url = str_replace( 'http://', 'https://', $current_url );
83
 
addons/buy-creds/modules/buycred-module-core.php CHANGED
@@ -1458,6 +1458,7 @@ jQuery(function($) {
1458
 
1459
  if ( isset( $_POST['mycred_adjust_users_buyrates'] ) && is_array( $_POST['mycred_adjust_users_buyrates'] ) && ! empty( $_POST['mycred_adjust_users_buyrates'] ) ) {
1460
 
 
1461
  foreach ( $_POST['mycred_adjust_users_buyrates'] as $ctype => $gateway ) {
1462
 
1463
  $ctype = sanitize_key( $ctype );
1458
 
1459
  if ( isset( $_POST['mycred_adjust_users_buyrates'] ) && is_array( $_POST['mycred_adjust_users_buyrates'] ) && ! empty( $_POST['mycred_adjust_users_buyrates'] ) ) {
1460
 
1461
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1462
  foreach ( $_POST['mycred_adjust_users_buyrates'] as $ctype => $gateway ) {
1463
 
1464
  $ctype = sanitize_key( $ctype );
addons/buy-creds/modules/buycred-module-pending.php CHANGED
@@ -743,7 +743,8 @@ jQuery(function($){
743
  public function save_pending_payment( $post_id, $post ) {
744
 
745
  if ( ! $this->core->user_is_point_editor() || ! isset( $_POST['buycred_pending_payment'] ) ) return;
746
-
 
747
  $pending_payment = $_POST['buycred_pending_payment'];
748
  $changed = false;
749
 
743
  public function save_pending_payment( $post_id, $post ) {
744
 
745
  if ( ! $this->core->user_is_point_editor() || ! isset( $_POST['buycred_pending_payment'] ) ) return;
746
+
747
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
748
  $pending_payment = $_POST['buycred_pending_payment'];
749
  $changed = false;
750
 
addons/cash-creds/assets/css/withdraw.css CHANGED
@@ -76,10 +76,6 @@
76
  float: right;
77
  }
78
 
79
- div#submit_button, .amount_label{
80
- float: left;
81
- }
82
-
83
  .cashcred-tab{
84
  display:none;
85
  }
76
  float: right;
77
  }
78
 
 
 
 
 
79
  .cashcred-tab{
80
  display:none;
81
  }
addons/cash-creds/includes/cashcred-shortcodes.php CHANGED
@@ -231,9 +231,7 @@ if ( ! function_exists( 'mycred_render_cashcred' ) ) :
231
  <div class="mycred-cashcred-withdraw-form-footer">
232
  <div id="cashcred_total" class="form-group">
233
  <strong>
234
-
235
-
236
- <span class="amount_label"><?php echo esc_html__( 'Amount:', 'mycred' ) . '&nbsp'; ?></span>
237
  <span id="cashcred_currency_symbol"></span>
238
  <span id="cashcred_total_amount"></span>
239
  </strong>
231
  <div class="mycred-cashcred-withdraw-form-footer">
232
  <div id="cashcred_total" class="form-group">
233
  <strong>
234
+ <span class="amount_label"><?php echo esc_html__( 'Amount:', 'mycred' ); ?></span>
 
 
235
  <span id="cashcred_currency_symbol"></span>
236
  <span id="cashcred_total_amount"></span>
237
  </strong>
addons/cash-creds/modules/cashcred-module-core.php CHANGED
@@ -432,6 +432,7 @@ if ( ! class_exists( 'myCRED_cashCRED_Module' ) ) :
432
 
433
  $payment_methods = array();
434
 
 
435
  foreach ( $_POST['cashcred_user_settings'] as $type_id => $value ) {
436
 
437
  $payment_method_data = array();
432
 
433
  $payment_methods = array();
434
 
435
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.InputNotValidated
436
  foreach ( $_POST['cashcred_user_settings'] as $type_id => $value ) {
437
 
438
  $payment_method_data = array();
addons/cash-creds/modules/cashcred-module-withdrawal.php CHANGED
@@ -1133,13 +1133,12 @@ if ( ! class_exists( 'cashCRED_Pending_Payments' ) ) :
1133
 
1134
  if ( ! $this->core->user_is_point_editor() || ! isset( $_POST['cashcred_pending_payment'] ) ) return;
1135
 
1136
- $pending_payment = $_POST['cashcred_pending_payment'];
1137
-
1138
  $old_status = mycred_get_post_meta( $post_id, 'status', true );
1139
  $new_status = isset( $_POST['status'] ) ? sanitize_text_field( wp_unslash( $_POST['status'] ) ) : '';
1140
  $user_id = isset( $_POST['user_id'] ) ? absint( $_POST['user_id'] ) : 0;
1141
  $user_settings = mycred_get_user_meta( $user_id, cashcred_get_user_settings(), '', true );
1142
- $updated_user_settings = $_POST['cashcred_user_settings'];
 
1143
 
1144
  $changed_fields = array();
1145
 
@@ -1155,6 +1154,9 @@ if ( ! class_exists( 'cashCRED_Pending_Payments' ) ) :
1155
 
1156
  mycred_update_user_meta( $user_id, cashcred_get_user_settings(), '', $updated_user_settings );
1157
 
 
 
 
1158
  foreach ( $pending_payment as $meta_key => $meta_value ) {
1159
 
1160
  $new_value = sanitize_text_field( $meta_value );
1133
 
1134
  if ( ! $this->core->user_is_point_editor() || ! isset( $_POST['cashcred_pending_payment'] ) ) return;
1135
 
 
 
1136
  $old_status = mycred_get_post_meta( $post_id, 'status', true );
1137
  $new_status = isset( $_POST['status'] ) ? sanitize_text_field( wp_unslash( $_POST['status'] ) ) : '';
1138
  $user_id = isset( $_POST['user_id'] ) ? absint( $_POST['user_id'] ) : 0;
1139
  $user_settings = mycred_get_user_meta( $user_id, cashcred_get_user_settings(), '', true );
1140
+
1141
+ $updated_user_settings = isset( $_POST['cashcred_user_settings'] ) ? mycred_sanitize_array( wp_unslash( $_POST['cashcred_user_settings'] ) ) : array();
1142
 
1143
  $changed_fields = array();
1144
 
1154
 
1155
  mycred_update_user_meta( $user_id, cashcred_get_user_settings(), '', $updated_user_settings );
1156
 
1157
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1158
+ $pending_payment = $_POST['cashcred_pending_payment'];
1159
+
1160
  foreach ( $pending_payment as $meta_key => $meta_value ) {
1161
 
1162
  $new_value = sanitize_text_field( $meta_value );
addons/coupons/myCRED-addon-coupons.php CHANGED
@@ -996,7 +996,8 @@ if ( ! class_exists( 'myCRED_Coupons_Module' ) ) :
996
  if( ! isset( $_POST['mycred_coupon']['check'] ) ){
997
  $_POST['mycred_coupon']['check'] = false;
998
  }
999
-
 
1000
  foreach ( $_POST['mycred_coupon'] as $meta_key => $meta_value ) {
1001
 
1002
  if( $meta_key == 'reward' ){
996
  if( ! isset( $_POST['mycred_coupon']['check'] ) ){
997
  $_POST['mycred_coupon']['check'] = false;
998
  }
999
+
1000
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1001
  foreach ( $_POST['mycred_coupon'] as $meta_key => $meta_value ) {
1002
 
1003
  if( $meta_key == 'reward' ){
addons/email-notices/includes/mycred-email-object.php CHANGED
@@ -194,6 +194,10 @@ if ( ! class_exists( 'myCRED_Email' ) ) :
194
 
195
  if ( empty( $event ) || ! array_key_exists( 'user_id', $event ) ) return false;
196
 
 
 
 
 
197
  $user_id = absint( $event['user_id'] );
198
 
199
  $user = get_userdata( $user_id );
194
 
195
  if ( empty( $event ) || ! array_key_exists( 'user_id', $event ) ) return false;
196
 
197
+ $send = apply_filters( 'mycred_email_event', true, $event );
198
+
199
+ if( ! $send ) return;
200
+
201
  $user_id = absint( $event['user_id'] );
202
 
203
  $user = get_userdata( $user_id );
addons/gateway/event-booking/mycred-eventespresso3.php CHANGED
@@ -450,7 +450,7 @@ if ( ! class_exists( 'myCRED_Espresso_Gateway' ) ) :
450
  <?php if ( $this->update ) : ?>
451
  <h2 style="color: green;"><?php esc_html_e( 'Settings Updated', 'mycred' ); ?></h2>
452
  <?php endif; ?>
453
- <form method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>#mycred-gate">
454
 
455
  <?php do_action( 'mycred_espresso_before_prefs' ); ?>
456
 
450
  <?php if ( $this->update ) : ?>
451
  <h2 style="color: green;"><?php esc_html_e( 'Settings Updated', 'mycred' ); ?></h2>
452
  <?php endif; ?>
453
+ <form method="post" action="<?php echo isset( $_SERVER['REQUEST_URI'] ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : ''; ?>#mycred-gate">
454
 
455
  <?php do_action( 'mycred_espresso_before_prefs' ); ?>
456
 
addons/notifications/myCRED-addon-notifications.php CHANGED
@@ -71,7 +71,7 @@ if ( ! class_exists( 'myCRED_Notifications_Module' ) ) :
71
  foreach ( (array) $notices as $notice ) {
72
 
73
  $notice = str_replace( array( "\r", "\n", "\t" ), '', $notice );
74
- echo '<!-- Notice --><script type="text/javascript">(function(jQuery){jQuery.noticeAdd({ text: "' . wp_kses_post( $notice ) . '",stay: ' . esc_js( $stay ) . '});})(jQuery);</script>';
75
 
76
  }
77
 
71
  foreach ( (array) $notices as $notice ) {
72
 
73
  $notice = str_replace( array( "\r", "\n", "\t" ), '', $notice );
74
+ echo '<!-- Notice --><script type="text/javascript">(function(jQuery){jQuery.noticeAdd({ text: `' . wp_kses_post( $notice ) . '`,stay: ' . esc_js( $stay ) . '});})(jQuery);</script>';
75
 
76
  }
77
 
addons/ranks/includes/mycred-rank-functions.php CHANGED
@@ -548,7 +548,7 @@ endif;
548
  if ( ! function_exists( 'mycred_get_ranks' ) ) :
549
  function mycred_get_ranks( $status = 'publish', $number = '-1', $order = 'DESC', $point_type = MYCRED_DEFAULT_TYPE_KEY ) {
550
 
551
- $cache_key = 'ranks-published-' . $point_type;
552
  $ranks = wp_cache_get( $cache_key, MYCRED_SLUG );
553
  $results = array();
554
 
548
  if ( ! function_exists( 'mycred_get_ranks' ) ) :
549
  function mycred_get_ranks( $status = 'publish', $number = '-1', $order = 'DESC', $point_type = MYCRED_DEFAULT_TYPE_KEY ) {
550
 
551
+ $cache_key = 'ranks-published-' . $point_type . $status . $number . $order;
552
  $ranks = wp_cache_get( $cache_key, MYCRED_SLUG );
553
  $results = array();
554
 
addons/ranks/myCRED-addon-ranks.php CHANGED
@@ -1518,6 +1518,7 @@ if ( ! class_exists( 'myCRED_Ranks_Module' ) ) :
1518
 
1519
  $type_object = new myCRED_Point_Type( $point_type );
1520
 
 
1521
  foreach ( $_POST['mycred_rank'] as $meta_key => $meta_value ) {
1522
 
1523
  if ( $meta_key == 'ctype' ) continue;
1518
 
1519
  $type_object = new myCRED_Point_Type( $point_type );
1520
 
1521
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1522
  foreach ( $_POST['mycred_rank'] as $meta_key => $meta_value ) {
1523
 
1524
  if ( $meta_key == 'ctype' ) continue;
addons/sell-content/myCRED-addon-sell-content.php CHANGED
@@ -681,6 +681,7 @@ if ( ! class_exists( 'myCRED_Sell_Content_Module' ) ) :
681
 
682
  if ( isset( $_POST['mycred_sell_this'] ) && ! empty( $_POST['mycred_sell_this'] ) ) {
683
 
 
684
  foreach ( $_POST['mycred_sell_this'] as $point_type => $share ) {
685
 
686
  $share = sanitize_text_field( $share );
@@ -1381,7 +1382,7 @@ if ( ! class_exists( 'myCRED_Sell_Content_Module' ) ) :
1381
  'status' => 'disabled',
1382
  'price' => 0,
1383
  'expire' => 0
1384
- ), $_POST['mycred_sell_this'][ $point_type ] );
1385
 
1386
  if ( $submission['status'] == '' ) $submission['status'] = 'disabled';
1387
 
681
 
682
  if ( isset( $_POST['mycred_sell_this'] ) && ! empty( $_POST['mycred_sell_this'] ) ) {
683
 
684
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
685
  foreach ( $_POST['mycred_sell_this'] as $point_type => $share ) {
686
 
687
  $share = sanitize_text_field( $share );
1382
  'status' => 'disabled',
1383
  'price' => 0,
1384
  'expire' => 0
1385
+ ), mycred_sanitize_array( wp_unslash( $_POST['mycred_sell_this'][ $point_type ] ) ) );
1386
 
1387
  if ( $submission['status'] == '' ) $submission['status'] = 'disabled';
1388
 
addons/transfer/assets/js/mycred-transfer.js CHANGED
@@ -126,8 +126,14 @@
126
 
127
  }
128
 
129
- else if ( myCREDTransfer[ response.data ] !== undefined )
130
- alert( myCREDTransfer[ response.data ][ $( formid + ' [name="mycred_new_transfer[ctype]"]' ).val() ] );
 
 
 
 
 
 
131
 
132
  }
133
 
126
 
127
  }
128
 
129
+ else if ( myCREDTransfer[ response.data ] !== undefined ) {
130
+
131
+ if ( typeof myCREDTransfer[ response.data ] === 'object' )
132
+ alert( myCREDTransfer[ response.data ][ $( formid + ' [name="mycred_new_transfer[ctype]"]' ).val() ] );
133
+ else
134
+ alert( myCREDTransfer[ response.data ] );
135
+
136
+ }
137
 
138
  }
139
 
addons/transfer/css/transfer.css CHANGED
@@ -26,8 +26,8 @@
26
  .mycred-transfer-info { margin: 0; padding: 6px 0; display: block; clear: both; float: none; }
27
  .mycred-transfer-info p { font-size: smaller; line-height: 16px; margin: 0; padding: 0; }
28
 
29
- ul.ui-autocomplete { border: none; margin: 0; padding: 6px 0 0 0; width: 100%; z-index: 10 !important; }
30
  ul.ui-autocomplete li { background-color: white; padding: 0 4px; display: block; margin: 0; width: 90%; text-align: left; border-bottom: 1px solid silver; list-style-type: none; }
31
  ul.ui-autocomplete li:first-child { border-top: 1px solid silver; }
32
  ul.ui-autocomplete li:hover { background-color: #eee; }
33
- ul.ui-autocomplete li a { display: block; cursor: pointer; width: 100%; margin: 0; padding: 8px 0; }
26
  .mycred-transfer-info { margin: 0; padding: 6px 0; display: block; clear: both; float: none; }
27
  .mycred-transfer-info p { font-size: smaller; line-height: 16px; margin: 0; padding: 0; }
28
 
29
+ /* ul.ui-autocomplete { border: none; margin: 0; padding: 6px 0 0 0; width: 100%; z-index: 10 !important; }
30
  ul.ui-autocomplete li { background-color: white; padding: 0 4px; display: block; margin: 0; width: 90%; text-align: left; border-bottom: 1px solid silver; list-style-type: none; }
31
  ul.ui-autocomplete li:first-child { border-top: 1px solid silver; }
32
  ul.ui-autocomplete li:hover { background-color: #eee; }
33
+ ul.ui-autocomplete li a { display: block; cursor: pointer; width: 100%; margin: 0; padding: 8px 0; } */
addons/transfer/includes/mycred-transfer-functions.php CHANGED
@@ -174,28 +174,28 @@ if ( ! function_exists( 'mycred_get_transfer_recipient' ) ) :
174
  $settings = mycred_get_addon_settings( 'transfers' );
175
  $recipient_id = false;
176
 
177
- if ( ! empty( $value ) ) {
178
 
179
  // A numeric ID has been provided that we need to validate
180
  if ( is_numeric( $value ) ) {
181
 
182
  $user = get_userdata( $value );
 
183
  if ( isset( $user->ID ) )
184
  $recipient_id = $user->ID;
185
-
186
  }
187
 
188
  // A username has been provided
189
- elseif ( $settings['autofill'] == 'user_login' ) {
190
-
191
  $user = get_user_by( 'login', $value );
192
  if ( isset( $user->ID ) )
193
  $recipient_id = $user->ID;
194
 
195
  }
196
 
 
197
  // An email address has been provided
198
- elseif ( $settings['autofill'] == 'user_email' ) {
199
 
200
  $user = get_user_by( 'email', $value );
201
  if ( isset( $user->ID ) )
174
  $settings = mycred_get_addon_settings( 'transfers' );
175
  $recipient_id = false;
176
 
177
+ if ( ! empty( $value ) ) {
178
 
179
  // A numeric ID has been provided that we need to validate
180
  if ( is_numeric( $value ) ) {
181
 
182
  $user = get_userdata( $value );
183
+
184
  if ( isset( $user->ID ) )
185
  $recipient_id = $user->ID;
 
186
  }
187
 
188
  // A username has been provided
189
+ if ( $settings['autofill'] == 'user_login' ) {
 
190
  $user = get_user_by( 'login', $value );
191
  if ( isset( $user->ID ) )
192
  $recipient_id = $user->ID;
193
 
194
  }
195
 
196
+
197
  // An email address has been provided
198
+ if ( $settings['autofill'] == 'user_email' || is_email($value) ) {
199
 
200
  $user = get_user_by( 'email', $value );
201
  if ( isset( $user->ID ) )
addons/transfer/includes/mycred-transfer-object.php CHANGED
@@ -388,6 +388,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
388
  if ( empty( $this->transferable_types ) ) {
389
 
390
  $this->errors['excluded'] = $transfer_notices['excluded'];
 
391
 
392
  return false;
393
 
@@ -397,6 +398,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
397
  if ( ! $this->user_can_transfer_minimum() ) {
398
 
399
  $this->errors['minimum'] = $transfer_notices['minimum'];
 
400
 
401
  return false;
402
 
@@ -406,6 +408,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
406
  if ( $this->user_is_over_limit() ) {
407
 
408
  $this->errors['limit'] = $transfer_notices['limit'];
 
409
 
410
  return false;
411
 
@@ -648,7 +651,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
648
  $this->request['amount'] = $transfered_attributes->amount;
649
  }
650
 
651
- $this->recipient_id = absint( $recipient_id );
652
 
653
  // We are trying to transfer to ourselves
654
  if ( $this->recipient_id == $this->sender_id )
@@ -1011,7 +1014,6 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1011
  )
1012
  );
1013
 
1014
-
1015
  $field = '<div class="form-group select-recipient-wrapper">';
1016
  if ( $this->args['recipient_label'] != '' ) $field .= '<label class="recipient-label">' . esc_html( $this->args['recipient_label'] ) . '</label>';
1017
 
@@ -1073,6 +1075,49 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1073
  */
1074
  public function get_transfer_points_field( $return = false ) {
1075
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1076
  // Transfer of one particular point type
1077
  if ( count( $this->transferable_types ) == 1 ) {
1078
 
@@ -1099,7 +1144,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1099
  if ( $return )
1100
  return $field;
1101
 
1102
- echo $field;
1103
 
1104
  }
1105
 
@@ -1110,16 +1155,59 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1110
  */
1111
  public function get_transfer_amount_field( $return = false ) {
1112
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1113
  $type_id = $this->transferable_types[0];
1114
  $balance = $this->balances[ $type_id ];
1115
  $point_type = $balance->point_type;
1116
 
1117
  $field = '<div class="form-group select-amount-wrapper">';
1118
- if ( $this->args['amount_label'] != '' ) $field .= '<label class="amount-label">' . esc_html( $this->args['amount_label'] ) . '</label>';
1119
 
1120
  // User needs to nominate the amount
1121
  if ( ! is_array( $this->transfer_amount ) && $this->transfer_amount == 0 ){
1122
- $field .= '<input type="text" name="mycred_new_transfer[amount]" placeholder="' . esc_html( $this->args['amount_placeholder'] ) . '" class="form-control" value="" />';
1123
  }
1124
  // Multiple amounts to pick from
1125
  elseif ( is_array( $this->transfer_amount ) && count( $this->transfer_amount ) > 1 ) {
@@ -1127,7 +1215,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1127
  $field .= '<select name="mycred_new_transfer[amount]" class="form-control">';
1128
 
1129
  foreach ( $this->transfer_amount as $amount )
1130
- $field .= '<option value="' . esc_attr( $amount ) . '">' . esc_attr( $amount ) . '</option>';
1131
 
1132
  $field .= '</select>';
1133
 
@@ -1138,7 +1226,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1138
 
1139
  $this->shortcode_attr['amount'] = $this->transfer_amount;
1140
  $field .= '<input type="hidden" name="mycred_new_transfer[amount]" value="' . esc_attr( $this->transfer_amount ) . '" />';
1141
- $field .= '<span class="form-control-static" id="mycred-transfer-form-amount-field">' . esc_attr( $this->transfer_amount ) . '</span>';
1142
 
1143
  }
1144
 
@@ -1149,7 +1237,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1149
  if ( $return )
1150
  return $field;
1151
 
1152
- echo $field;
1153
 
1154
  }
1155
 
@@ -1160,6 +1248,49 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1160
  */
1161
  public function get_transfer_point_type_field( $return = false ) {
1162
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1163
  $field = '<input type="hidden" name="mycred_new_transfer[ctype]" value="' . esc_attr( $this->transferable_types[0] ) . '" />';
1164
 
1165
  $this->shortcode_attr['types'][] = $this->transferable_types[0];
@@ -1187,7 +1318,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1187
  if ( $return )
1188
  return $field;
1189
 
1190
- echo $field;
1191
 
1192
  }
1193
 
@@ -1202,6 +1333,49 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1202
 
1203
  $field = '';
1204
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1205
  if ( (bool) $this->args['show_message'] && $this->settings['message'] > 0 ) {
1206
 
1207
  $field = '<div class="form-group message-wrapper">';
@@ -1223,7 +1397,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1223
  if ( $return )
1224
  return $field;
1225
 
1226
- echo $field;
1227
 
1228
  }
1229
 
@@ -1234,6 +1408,49 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1234
  */
1235
  public function get_transfer_extra_fields( $return = false ) {
1236
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1237
  // Show Balance
1238
  $extras = array();
1239
  if ( (bool) $this->args['show_balance'] && ! empty( $this->settings['templates']['balance'] ) ) {
@@ -1294,7 +1511,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1294
  if ( $return )
1295
  return $field;
1296
 
1297
- echo $field;
1298
 
1299
  }
1300
 
@@ -1388,7 +1605,7 @@ if ( ! class_exists( 'myCRED_Transfer' ) ) :
1388
  if ( $return )
1389
  return $content;
1390
 
1391
- echo $content;
1392
 
1393
  }
1394
 
388
  if ( empty( $this->transferable_types ) ) {
389
 
390
  $this->errors['excluded'] = $transfer_notices['excluded'];
391
+ $mycred_do_transfer = false;
392
 
393
  return false;
394
 
398
  if ( ! $this->user_can_transfer_minimum() ) {
399
 
400
  $this->errors['minimum'] = $transfer_notices['minimum'];
401
+ $mycred_do_transfer = false;
402
 
403
  return false;
404
 
408
  if ( $this->user_is_over_limit() ) {
409
 
410
  $this->errors['limit'] = $transfer_notices['limit'];
411
+ $mycred_do_transfer = false;
412
 
413
  return false;
414
 
651
  $this->request['amount'] = $transfered_attributes->amount;
652
  }
653
 
654
+ $this->recipient_id = apply_filters( 'mycred_transfer_recipient', absint( $recipient_id ), $this->request );
655
 
656
  // We are trying to transfer to ourselves
657
  if ( $this->recipient_id == $this->sender_id )
1014
  )
1015
  );
1016
 
 
1017
  $field = '<div class="form-group select-recipient-wrapper">';
1018
  if ( $this->args['recipient_label'] != '' ) $field .= '<label class="recipient-label">' . esc_html( $this->args['recipient_label'] ) . '</label>';
1019
 
1075
  */
1076
  public function get_transfer_points_field( $return = false ) {
1077
 
1078
+ $allowed_html = array(
1079
+ 'label' => array(
1080
+ 'class' => array()
1081
+ ),
1082
+ 'input' => array(
1083
+ 'type' => array(),
1084
+ 'value' => array(),
1085
+ 'name' => array(),
1086
+ 'class' => array(),
1087
+ 'aria-required' => array(),
1088
+ 'data-form' => array(),
1089
+ 'placeholder' => array(),
1090
+ 'autocomplete' => array(),
1091
+ 'id' => array()
1092
+ ),
1093
+ 'ul' => array(
1094
+ 'id' => array(),
1095
+ 'tabindex' => array(),
1096
+ 'class' => array(),
1097
+ 'unselectable' => array(),
1098
+ 'style' => array(),
1099
+ ),
1100
+ 'li' => array(
1101
+ 'class' => array()
1102
+ ),
1103
+ 'div' => array(
1104
+ 'class' => array(),
1105
+ 'id' => array(),
1106
+ 'tabindex' => array()
1107
+ ),
1108
+ 'span' => array(
1109
+ 'class' => array()
1110
+ ),
1111
+ 'select' => array(
1112
+ 'name' => array(),
1113
+ 'class' => array()
1114
+ ),
1115
+ 'option' => array(
1116
+ 'value' => array(),
1117
+ 'selected' => array()
1118
+ )
1119
+ );
1120
+
1121
  // Transfer of one particular point type
1122
  if ( count( $this->transferable_types ) == 1 ) {
1123
 
1144
  if ( $return )
1145
  return $field;
1146
 
1147
+ echo wp_kses( $field , $allowed_html );
1148
 
1149
  }
1150
 
1155
  */
1156
  public function get_transfer_amount_field( $return = false ) {
1157
 
1158
+ $allowed_html = array(
1159
+ 'label' => array(
1160
+ 'class' => array()
1161
+ ),
1162
+ 'input' => array(
1163
+ 'type' => array(),
1164
+ 'value' => array(),
1165
+ 'name' => array(),
1166
+ 'class' => array(),
1167
+ 'aria-required' => array(),
1168
+ 'data-form' => array(),
1169
+ 'placeholder' => array(),
1170
+ 'autocomplete' => array(),
1171
+ 'id' => array()
1172
+ ),
1173
+ 'ul' => array(
1174
+ 'id' => array(),
1175
+ 'tabindex' => array(),
1176
+ 'class' => array(),
1177
+ 'unselectable' => array(),
1178
+ 'style' => array(),
1179
+ ),
1180
+ 'li' => array(
1181
+ 'class' => array()
1182
+ ),
1183
+ 'div' => array(
1184
+ 'class' => array(),
1185
+ 'id' => array(),
1186
+ 'tabindex' => array()
1187
+ ),
1188
+ 'span' => array(
1189
+ 'class' => array()
1190
+ ),
1191
+ 'select' => array(
1192
+ 'name' => array(),
1193
+ 'class' => array()
1194
+ ),
1195
+ 'option' => array(
1196
+ 'value' => array(),
1197
+ 'selected' => array()
1198
+ )
1199
+ );
1200
+
1201
  $type_id = $this->transferable_types[0];
1202
  $balance = $this->balances[ $type_id ];
1203
  $point_type = $balance->point_type;
1204
 
1205
  $field = '<div class="form-group select-amount-wrapper">';
1206
+ if ( $this->args['amount_label'] != '' ) $field .= '<label class="amount-label">' . esc_attr( $this->args['amount_label'] ) . '</label>';
1207
 
1208
  // User needs to nominate the amount
1209
  if ( ! is_array( $this->transfer_amount ) && $this->transfer_amount == 0 ){
1210
+ $field .= '<input type="text" name="mycred_new_transfer[amount]" placeholder="' . esc_attr( $this->args['amount_placeholder'] ) . '" class="form-control" value="" />';
1211
  }
1212
  // Multiple amounts to pick from
1213
  elseif ( is_array( $this->transfer_amount ) && count( $this->transfer_amount ) > 1 ) {
1215
  $field .= '<select name="mycred_new_transfer[amount]" class="form-control">';
1216
 
1217
  foreach ( $this->transfer_amount as $amount )
1218
+ $field .= '<option value="' . esc_attr( $amount ) . '">' . esc_html( $amount ) . '</option>';
1219
 
1220
  $field .= '</select>';
1221
 
1226
 
1227
  $this->shortcode_attr['amount'] = $this->transfer_amount;
1228
  $field .= '<input type="hidden" name="mycred_new_transfer[amount]" value="' . esc_attr( $this->transfer_amount ) . '" />';
1229
+ $field .= '<span class="form-control-static" id="mycred-transfer-form-amount-field">' . esc_html( $this->transfer_amount ) . '</span>';
1230
 
1231
  }
1232
 
1237
  if ( $return )
1238
  return $field;
1239
 
1240
+ echo wp_kses( $field , $allowed_html );
1241
 
1242
  }
1243
 
1248
  */
1249
  public function get_transfer_point_type_field( $return = false ) {
1250
 
1251
+ $allowed_html = array(
1252
+ 'label' => array(
1253
+ 'class' => array()
1254
+ ),
1255
+ 'input' => array(
1256
+ 'type' => array(),
1257
+ 'value' => array(),
1258
+ 'name' => array(),
1259
+ 'class' => array(),
1260
+ 'aria-required' => array(),
1261
+ 'data-form' => array(),
1262
+ 'placeholder' => array(),
1263
+ 'autocomplete' => array(),
1264
+ 'id' => array()
1265
+ ),
1266
+ 'ul' => array(
1267
+ 'id' => array(),
1268
+ 'tabindex' => array(),
1269
+ 'class' => array(),
1270
+ 'unselectable' => array(),
1271
+ 'style' => array(),
1272
+ ),
1273
+ 'li' => array(
1274
+ 'class' => array()
1275
+ ),
1276
+ 'div' => array(
1277
+ 'class' => array(),
1278
+ 'id' => array(),
1279
+ 'tabindex' => array()
1280
+ ),
1281
+ 'span' => array(
1282
+ 'class' => array()
1283
+ ),
1284
+ 'select' => array(
1285
+ 'name' => array(),
1286
+ 'class' => array()
1287
+ ),
1288
+ 'option' => array(
1289
+ 'value' => array(),
1290
+ 'selected' => array()
1291
+ )
1292
+ );
1293
+
1294
  $field = '<input type="hidden" name="mycred_new_transfer[ctype]" value="' . esc_attr( $this->transferable_types[0] ) . '" />';
1295
 
1296
  $this->shortcode_attr['types'][] = $this->transferable_types[0];
1318
  if ( $return )
1319
  return $field;
1320
 
1321
+ echo wp_kses( $field, $allowed_html );
1322
 
1323
  }
1324
 
1333
 
1334
  $field = '';
1335
 
1336
+ $allowed_html = array(
1337
+ 'label' => array(
1338
+ 'class' => array()
1339
+ ),
1340
+ 'input' => array(
1341
+ 'type' => array(),
1342
+ 'value' => array(),
1343
+ 'name' => array(),
1344
+ 'class' => array(),
1345
+ 'aria-required' => array(),
1346
+ 'data-form' => array(),
1347
+ 'placeholder' => array(),
1348
+ 'autocomplete' => array(),
1349
+ 'id' => array()
1350
+ ),
1351
+ 'ul' => array(
1352
+ 'id' => array(),
1353
+ 'tabindex' => array(),
1354
+ 'class' => array(),
1355
+ 'unselectable' => array(),
1356
+ 'style' => array(),
1357
+ ),
1358
+ 'li' => array(
1359
+ 'class' => array()
1360
+ ),
1361
+ 'div' => array(
1362
+ 'class' => array(),
1363
+ 'id' => array(),
1364
+ 'tabindex' => array()
1365
+ ),
1366
+ 'span' => array(
1367
+ 'class' => array()
1368
+ ),
1369
+ 'select' => array(
1370
+ 'name' => array(),
1371
+ 'class' => array()
1372
+ ),
1373
+ 'option' => array(
1374
+ 'value' => array(),
1375
+ 'selected' => array()
1376
+ )
1377
+ );
1378
+
1379
  if ( (bool) $this->args['show_message'] && $this->settings['message'] > 0 ) {
1380
 
1381
  $field = '<div class="form-group message-wrapper">';
1397
  if ( $return )
1398
  return $field;
1399
 
1400
+ echo wp_kses( $field, $allowed_html );
1401
 
1402
  }
1403
 
1408
  */
1409
  public function get_transfer_extra_fields( $return = false ) {
1410
 
1411
+ $allowed_html = array(
1412
+ 'label' => array(
1413
+ 'class' => array()
1414
+ ),
1415
+ 'input' => array(
1416
+ 'type' => array(),
1417
+ 'value' => array(),
1418
+ 'name' => array(),
1419
+ 'class' => array(),
1420
+ 'aria-required' => array(),
1421
+ 'data-form' => array(),
1422
+ 'placeholder' => array(),
1423
+ 'autocomplete' => array(),
1424
+ 'id' => array()
1425
+ ),
1426
+ 'ul' => array(
1427
+ 'id' => array(),
1428
+ 'tabindex' => array(),
1429
+ 'class' => array(),
1430
+ 'unselectable' => array(),
1431
+ 'style' => array(),
1432
+ ),
1433
+ 'li' => array(
1434
+ 'class' => array()
1435
+ ),
1436
+ 'div' => array(
1437
+ 'class' => array(),
1438
+ 'id' => array(),
1439
+ 'tabindex' => array()
1440
+ ),
1441
+ 'span' => array(
1442
+ 'class' => array()
1443
+ ),
1444
+ 'select' => array(
1445
+ 'name' => array(),
1446
+ 'class' => array()
1447
+ ),
1448
+ 'option' => array(
1449
+ 'value' => array(),
1450
+ 'selected' => array()
1451
+ )
1452
+ );
1453
+
1454
  // Show Balance
1455
  $extras = array();
1456
  if ( (bool) $this->args['show_balance'] && ! empty( $this->settings['templates']['balance'] ) ) {
1511
  if ( $return )
1512
  return $field;
1513
 
1514
+ echo wp_kses_post( $field, $allowed_html );
1515
 
1516
  }
1517
 
1605
  if ( $return )
1606
  return $content;
1607
 
1608
+ echo wp_kses_post( $content );
1609
 
1610
  }
1611
 
addons/transfer/includes/mycred-transfer-widgets.php CHANGED
@@ -30,6 +30,47 @@ if ( ! class_exists( 'myCRED_Widget_Transfer' ) ) :
30
  */
31
  public function widget( $args, $instance ) {
32
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
33
  extract( $args, EXTR_SKIP );
34
 
35
  $instance = shortcode_atts( array(
@@ -45,14 +86,14 @@ if ( ! class_exists( 'myCRED_Widget_Transfer' ) ) :
45
  'placeholder' => ''
46
  ), $instance );
47
 
48
- echo $before_widget;
49
 
50
  // Title
51
  if ( ! empty( $instance['title'] ) )
52
- echo $before_title . $instance['title'] . $after_title;
53
 
54
  // Let the shortcode to the job
55
- echo mycred_transfer_render( array(
56
  'button' => $instance['button'],
57
  'pay_to' => $instance['pay_to'],
58
  'show_balance' => $instance['show_balance'],
@@ -62,9 +103,9 @@ if ( ! class_exists( 'myCRED_Widget_Transfer' ) ) :
62
  'excluded' => $instance['excluded'],
63
  'types' => $instance['types'],
64
  'placeholder' => $instance['placeholder']
65
- ) );
66
 
67
- echo $after_widget;
68
 
69
  }
70
 
30
  */
31
  public function widget( $args, $instance ) {
32
 
33
+ $allowed_html = array(
34
+ 'label' => array(
35
+ 'class' => array()
36
+ ),
37
+ 'input' => array(
38
+ 'type' => array(),
39
+ 'value' => array(),
40
+ 'name' => array(),
41
+ 'class' => array(),
42
+ 'aria-required' => array(),
43
+ 'data-form' => array(),
44
+ 'placeholder' => array(),
45
+ 'autocomplete' => array(),
46
+ 'id' => array()
47
+ ),
48
+ 'span' => array(
49
+ 'class' => array()
50
+ ),
51
+ 'form' => array(
52
+ 'id' => array(),
53
+ 'class' => array(),
54
+ 'method' => array(),
55
+ 'data-ref' => array()
56
+ ),
57
+ 'div' => array(
58
+ 'class' => array(),
59
+ 'id' => array()
60
+ ),
61
+ 'button' => array(
62
+ 'class' => array()
63
+ ),
64
+ 'select' => array(
65
+ 'name' => array(),
66
+ 'class' => array()
67
+ ),
68
+ 'option' => array(
69
+ 'value' => array(),
70
+ 'selected' => array()
71
+ )
72
+ );
73
+
74
  extract( $args, EXTR_SKIP );
75
 
76
  $instance = shortcode_atts( array(
86
  'placeholder' => ''
87
  ), $instance );
88
 
89
+ echo wp_kses_post( $before_widget );
90
 
91
  // Title
92
  if ( ! empty( $instance['title'] ) )
93
+ echo wp_kses_post( $before_title . $instance['title'] . $after_title );
94
 
95
  // Let the shortcode to the job
96
+ echo wp_kses( mycred_transfer_render( array(
97
  'button' => $instance['button'],
98
  'pay_to' => $instance['pay_to'],
99
  'show_balance' => $instance['show_balance'],
103
  'excluded' => $instance['excluded'],
104
  'types' => $instance['types'],
105
  'placeholder' => $instance['placeholder']
106
+ ) ), $allowed_html );
107
 
108
+ echo wp_kses_post( $after_widget );
109
 
110
  }
111
 
addons/transfer/myCRED-addon-transfer.php CHANGED
@@ -101,10 +101,6 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
101
  */
102
  public function register_script() {
103
 
104
- global $mycred_do_transfer;
105
-
106
- $mycred_do_transfer = false;
107
-
108
  // Register script
109
  wp_register_script(
110
  'mycred-transfer',
@@ -113,6 +109,12 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
113
  '1.7'
114
  );
115
 
 
 
 
 
 
 
116
  }
117
 
118
  /**
@@ -128,7 +130,9 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
128
  if ( $mycred_do_transfer !== true ) return;
129
 
130
  // Autofill CSS
131
- echo '<style type="text/css">' . apply_filters( 'mycred_transfer_autofill_css', '.ui-autocomplete { position: absolute; z-index: 1000; cursor: default; padding: 0; margin-top: 2px; list-style: none; background-color: #ffffff; border: 1px solid #ccc; -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); } .ui-autocomplete > li { padding: 3px 20px; } .ui-autocomplete > li:hover { background-color: #DDD; cursor: pointer; } .ui-autocomplete > li.ui-state-focus { background-color: #DDD; } .ui-helper-hidden-accessible { display: none; }', $this ) . '</style>';
 
 
132
 
133
  // Prep Script
134
  $base = array(
@@ -171,7 +175,7 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
171
  array_merge_recursive( $base, $messages )
172
  );
173
 
174
- wp_enqueue_script( 'mycred-transfer' );
175
 
176
  }
177
 
@@ -189,7 +193,7 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
189
 
190
  $results = array();
191
  $user_id = get_current_user_id();
192
- $string = sanitize_text_field( $_REQUEST['string']['term'] );
193
 
194
  // Let other play
195
  do_action( 'mycred_transfer_autofill_find', $this->transfers, $this->core );
@@ -224,8 +228,11 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
224
  */
225
  public function ajax_call_transfer() {
226
 
 
227
  parse_str( $_POST['form'], $post );
228
 
 
 
229
  // Generate Transaction ID for our records
230
  $user_id = get_current_user_id();
231
 
@@ -286,8 +293,8 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
286
 
287
  <?php else : ?>
288
 
289
- <p class="form-control-static"><?php echo $this->core->plural(); ?></p>
290
- <input type="hidden" name="mycred_pref_core[transfers][types][]" value="<?php echo MYCRED_DEFAULT_TYPE_KEY; ?>" />
291
 
292
  <?php endif; ?>
293
 
@@ -295,8 +302,8 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
295
  </div>
296
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
297
  <div class="form-group">
298
- <label for="<?php echo $this->field_id( 'reload' ); ?>"><?php esc_html_e( 'Reload', 'mycred' ); ?></label>
299
- <select name="<?php echo $this->field_name( 'reload' ); ?>" id="<?php echo $this->field_id( 'reload' ); ?>" class="form-control">
300
  <?php
301
 
302
  foreach ( $yes_no as $value => $label ) {
@@ -310,21 +317,21 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
310
  </div>
311
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
312
  <div class="form-group">
313
- <label for="<?php echo $this->field_id( 'message' ); ?>"><?php esc_html_e( 'Message Length', 'mycred' ); ?></label>
314
- <input type="text" name="<?php echo $this->field_name( 'message' ); ?>" id="<?php echo $this->field_id( 'message' ); ?>" class="form-control" value="<?php echo absint( $settings['message'] ); ?>" />
315
  <p><span class="description"><?php esc_html_e( 'The maximum length of messages users can attach to a transfer. Use zero to disable.', 'mycred' ); ?></span></p>
316
  </div>
317
  </div>
318
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
319
  <div class="form-group">
320
- <label for="<?php echo $this->field_id( 'autofill' ); ?>"><?php esc_html_e( 'Autofill Recipient', 'mycred' ); ?></label>
321
- <select name="<?php echo $this->field_name( 'autofill' ); ?>" id="<?php echo $this->field_id( 'autofill' ); ?>" class="form-control">
322
  <?php
323
 
324
  foreach ( $autofills as $key => $label ) {
325
- echo '<option value="' . $key . '"';
326
  if ( $autofill == $key ) echo ' selected="selected"';
327
- echo '>' . $label . '</option>';
328
  }
329
 
330
  ?>
@@ -336,7 +343,7 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
336
  <div class="row">
337
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
338
  <div class="form-group">
339
- <label for="<?php echo $this->field_id( array( 'limit' => 'none' ) ); ?>"><?php esc_html_e( 'Limits', 'mycred' ); ?></label>
340
  <?php
341
 
342
  // Loop though limits
@@ -344,7 +351,7 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
344
  foreach ( $limits as $key => $description ) {
345
 
346
  ?>
347
- <div class="radio"><label for="<?php echo $this->field_id( array( 'limit' => $key ) ); ?>"><input type="radio" name="<?php echo $this->field_name( array( 'limit' => 'limit' ) ); ?>" id="<?php echo $this->field_id( array( 'limit' => $key ) ); ?>" <?php checked( $limit, $key ); ?> value="<?php echo $key; ?>" /> <?php echo $description; ?></label></div>
348
  <?php
349
 
350
  }
@@ -355,14 +362,14 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
355
  </div>
356
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
357
  <div class="form-group">
358
- <label for="<?php echo $this->field_id( array( 'limit' => 'amount' ) ); ?>"><?php esc_html_e( 'Limit Amount', 'mycred' ); ?></label>
359
- <input type="text" name="<?php echo $this->field_name( array( 'limit' => 'amount' ) ); ?>" id="<?php echo $this->field_id( array( 'limit' => 'amount' ) ); ?>" class="form-control" value="<?php echo $this->core->number( $settings['limit']['amount'] ); ?>" />
360
  </div>
361
  </div>
362
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
363
  <div class="form-group">
364
- <label for="<?php echo $this->field_id( array( 'templates' => 'button' ) ); ?>"><?php esc_html_e( 'Default Button Label', 'mycred' ); ?></label>
365
- <input type="text" name="<?php echo $this->field_name( array( 'templates' => 'button' ) ); ?>" id="<?php echo $this->field_id( array( 'templates' => 'button' ) ); ?>" class="form-control" value="<?php echo esc_attr( $settings['templates']['button'] ); ?>" />
366
  <p><span class="description"><?php esc_html_e( 'The default transfer button label. You can override this in the shortcode or widget if needed.', 'mycred' ); ?></span></p>
367
  </div>
368
  </div>
@@ -372,16 +379,16 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
372
  <div class="row">
373
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
374
  <div class="form-group">
375
- <label for="<?php echo $this->field_id( array( 'logs' => 'sending' ) ); ?>"><?php esc_html_e( 'Log template for sending', 'mycred' ); ?></label>
376
- <input type="text" name="<?php echo $this->field_name( array( 'logs' => 'sending' ) ); ?>" id="<?php echo $this->field_id( array( 'logs' => 'sending' ) ); ?>" class="form-control" value="<?php echo esc_attr( $settings['logs']['sending'] ); ?>" />
377
- <p><span class="description"><?php echo $this->core->available_template_tags( array( 'general', 'user' ), '%transfer_message%' ); ?></span></p>
378
  </div>
379
  </div>
380
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
381
  <div class="form-group">
382
- <label for="<?php echo $this->field_id( array( 'logs' => 'receiving' ) ); ?>"><?php esc_html_e( 'Log template for receiving', 'mycred' ); ?></label>
383
- <input type="text" name="<?php echo $this->field_name( array( 'logs' => 'receiving' ) ); ?>" id="<?php echo $this->field_id( array( 'logs' => 'receiving' ) ); ?>" class="form-control" value="<?php echo esc_attr( $settings['logs']['receiving'] ); ?>" />
384
- <p><span class="description"><?php echo $this->core->available_template_tags( array( 'general', 'user' ), '%transfer_message%' ); ?></span></p>
385
  </div>
386
  </div>
387
  </div>
@@ -390,15 +397,15 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
390
  <div class="row">
391
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
392
  <div class="form-group">
393
- <label for="<?php echo $this->field_id( array( 'errors' => 'low' ) ); ?>"><?php esc_html_e( 'Insufficient Funds Warning', 'mycred' ); ?></label>
394
- <input type="text" name="<?php echo $this->field_name( array( 'errors' => 'low' ) ); ?>" id="<?php echo $this->field_id( array( 'errors' => 'low' ) ); ?>" value="<?php echo esc_attr( $settings['errors']['low'] ); ?>" class="form-control" />
395
  <p><span class="description"><?php esc_html_e( 'Message to show the user if they try to send more then they can afford.', 'mycred' ); ?></span></p>
396
  </div>
397
  </div>
398
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
399
  <div class="form-group">
400
  <label for="mycred-transfer-log-receiving"><?php esc_html_e( 'Limit Reached Warning', 'mycred' ); ?></label>
401
- <input type="text" name="<?php echo $this->field_name( array( 'errors' => 'over' ) ); ?>" id="<?php echo $this->field_id( array( 'errors' => 'over' ) ); ?>" value="<?php echo esc_attr( $settings['errors']['over'] ); ?>" class="form-control" />
402
  <p><span class="description"><?php esc_html_e( 'Message to show the user once they reach their transfer limit. Ignored if no limits are enforced.', 'mycred' ); ?></span></p>
403
  </div>
404
  </div>
@@ -410,7 +417,7 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
410
  <?php
411
 
412
  wp_editor( $settings['templates']['login'], $this->field_id( array( 'templates' => 'login' ) ), array(
413
- 'textarea_name' => $this->field_name( array( 'templates' => 'login' ) ),
414
  'textarea_rows' => 10
415
  ) );
416
 
@@ -424,11 +431,11 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
424
  <?php
425
 
426
  wp_editor( $settings['templates']['limit'], $this->field_id( array( 'templates' => 'limit' ) ), array(
427
- 'textarea_name' => $this->field_name( array( 'templates' => 'limit' ) ),
428
  'textarea_rows' => 10
429
  ) );
430
 
431
- echo '<p>' . $this->core->available_template_tags( array( 'general' ), '%limit% %left%' ) . '</p>';
432
 
433
  ?>
434
  </div>
@@ -440,11 +447,11 @@ if ( ! class_exists( 'myCRED_Transfer_Module' ) ) :
440
  <?php
441
 
442
  wp_editor( $settings['templates']['balance'], $this->field_id( array( 'templates' => 'balance' ) ), array(
443
- 'textarea_name' => $this->field_name( array( 'templates' => 'balance' ) ),
444
  'textarea_rows' => 10
445
  ) );
446
 
447
- echo '<p>' . $this->core->available_template_tags( array( 'general' ), '%balance%' ) . '</p>';
448
 
449
  ?>
450
  </div>
101
  */
102
  public function register_script() {
103
 
 
 
 
 
104
  // Register script
105
  wp_register_script(
106
  'mycred-transfer',
109
  '1.7'
110
  );
111
 
112
+ //Register style
113
+ wp_register_style(
114
+ 'mycred-transfer',
115
+ plugins_url( 'css/transfer.css', myCRED_TRANSFER )
116
+ );
117
+
118
  }
119
 
120
  /**
130
  if ( $mycred_do_transfer !== true ) return;
131
 
132
  // Autofill CSS
133
+ wp_enqueue_style( 'mycred-transfer' );
134
+ $style = apply_filters( 'mycred_transfer_autofill_css', '.ui-autocomplete { position: absolute; z-index: 1000; cursor: default; padding: 0; margin-top: 2px; list-style: none; background-color: #ffffff; border: 1px solid #ccc; -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); } .ui-autocomplete > li { padding: 3px 20px; } .ui-autocomplete > li:hover { background-color: #DDD; cursor: pointer; } .ui-autocomplete > li.ui-state-focus { background-color: #DDD; } .ui-helper-hidden-accessible { display: none; }', $this );
135
+ wp_add_inline_style( 'mycred-transfer', $style );
136
 
137
  // Prep Script
138
  $base = array(
175
  array_merge_recursive( $base, $messages )
176
  );
177
 
178
+ wp_enqueue_script( 'mycred-transfer' );
179
 
180
  }
181
 
193
 
194
  $results = array();
195
  $user_id = get_current_user_id();
196
+ $string = isset( $_REQUEST['string']['term'] ) ? sanitize_key( $_REQUEST['string']['term'] ) : '';
197
 
198
  // Let other play
199
  do_action( 'mycred_transfer_autofill_find', $this->transfers, $this->core );
228
  */
229
  public function ajax_call_transfer() {
230
 
231
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
232
  parse_str( $_POST['form'], $post );
233
 
234
+ $post = mycred_sanitize_array( $post );
235
+
236
  // Generate Transaction ID for our records
237
  $user_id = get_current_user_id();
238
 
293
 
294
  <?php else : ?>
295
 
296
+ <p class="form-control-static"><?php echo esc_html( $this->core->plural() ); ?></p>
297
+ <input type="hidden" name="mycred_pref_core[transfers][types][]" value="<?php echo esc_attr( MYCRED_DEFAULT_TYPE_KEY ); ?>" />
298
 
299
  <?php endif; ?>
300
 
302
  </div>
303
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
304
  <div class="form-group">
305
+ <label for="<?php echo esc_attr( $this->field_id( 'reload' ) ); ?>"><?php esc_html_e( 'Reload', 'mycred' ); ?></label>
306
+ <select name="<?php echo esc_attr( $this->field_name( 'reload' ) ); ?>" id="<?php echo esc_attr( $this->field_id( 'reload' ) ); ?>" class="form-control">
307
  <?php
308
 
309
  foreach ( $yes_no as $value => $label ) {
317
  </div>
318
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
319
  <div class="form-group">
320
+ <label for="<?php echo esc_attr( $this->field_id( 'message' ) ); ?>"><?php esc_html_e( 'Message Length', 'mycred' ); ?></label>
321
+ <input type="text" name="<?php echo esc_attr( $this->field_name( 'message' ) ); ?>" id="<?php echo esc_attr( $this->field_id( 'message' ) ); ?>" class="form-control" value="<?php echo esc_attr( absint( $settings['message'] ) ); ?>" />
322
  <p><span class="description"><?php esc_html_e( 'The maximum length of messages users can attach to a transfer. Use zero to disable.', 'mycred' ); ?></span></p>
323
  </div>
324
  </div>
325
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
326
  <div class="form-group">
327
+ <label for="<?php echo esc_attr( $this->field_id( 'autofill' ) ); ?>"><?php esc_html_e( 'Autofill Recipient', 'mycred' ); ?></label>
328
+ <select name="<?php echo esc_attr( $this->field_name( 'autofill' ) ); ?>" id="<?php echo esc_attr( $this->field_id( 'autofill' ) ); ?>" class="form-control">
329
  <?php
330
 
331
  foreach ( $autofills as $key => $label ) {
332
+ echo '<option value="' . esc_attr( $key ) . '"';
333
  if ( $autofill == $key ) echo ' selected="selected"';
334
+ echo '>' . esc_html( $label ) . '</option>';
335
  }
336
 
337
  ?>
343
  <div class="row">
344
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
345
  <div class="form-group">
346
+ <label for="<?php echo esc_attr( $this->field_id( array( 'limit' => 'none' ) ) ); ?>"><?php esc_html_e( 'Limits', 'mycred' ); ?></label>
347
  <?php
348
 
349
  // Loop though limits
351
  foreach ( $limits as $key => $description ) {
352
 
353
  ?>
354
+ <div class="radio"><label for="<?php echo esc_attr( $this->field_id( array( 'limit' => $key ) ) ); ?>"><input type="radio" name="<?php echo esc_attr( $this->field_name( array( 'limit' => 'limit' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'limit' => $key ) ) ); ?>" <?php checked( $limit, $key ); ?> value="<?php echo esc_attr( $key ); ?>" /> <?php echo esc_html( $description ); ?></label></div>
355
  <?php
356
 
357
  }
362
  </div>
363
  <div class="col-lg-3 col-md-3 col-sm-12 col-xs-12">
364
  <div class="form-group">
365
+ <label for="<?php echo esc_attr( $this->field_id( array( 'limit' => 'amount' ) ) ); ?>"><?php esc_html_e( 'Limit Amount', 'mycred' ); ?></label>
366
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( 'limit' => 'amount' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'limit' => 'amount' ) ) ); ?>" class="form-control" value="<?php echo esc_attr( $this->core->number( $settings['limit']['amount'] ) ); ?>" />
367
  </div>
368
  </div>
369
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
370
  <div class="form-group">
371
+ <label for="<?php echo esc_attr( $this->field_id( array( 'templates' => 'button' ) ) ); ?>"><?php esc_html_e( 'Default Button Label', 'mycred' ); ?></label>
372
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( 'templates' => 'button' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'templates' => 'button' ) ) ); ?>" class="form-control" value="<?php echo esc_attr( $settings['templates']['button'] ); ?>" />
373
  <p><span class="description"><?php esc_html_e( 'The default transfer button label. You can override this in the shortcode or widget if needed.', 'mycred' ); ?></span></p>
374
  </div>
375
  </div>
379
  <div class="row">
380
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
381
  <div class="form-group">
382
+ <label for="<?php echo esc_attr( $this->field_id( array( 'logs' => 'sending' ) ) ); ?>"><?php esc_html_e( 'Log template for sending', 'mycred' ); ?></label>
383
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( 'logs' => 'sending' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'logs' => 'sending' ) ) ); ?>" class="form-control" value="<?php echo esc_attr( $settings['logs']['sending'] ); ?>" />
384
+ <p><span class="description"><?php echo wp_kses_post( $this->core->available_template_tags( array( 'general', 'user' ) , '%transfer_message%' ) ); ?></span></p>
385
  </div>
386
  </div>
387
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
388
  <div class="form-group">
389
+ <label for="<?php echo esc_attr( $this->field_id( array( 'logs' => 'receiving' ) ) ); ?>"><?php esc_html_e( 'Log template for receiving', 'mycred' ); ?></label>
390
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( 'logs' => 'receiving' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'logs' => 'receiving' ) ) ); ?>" class="form-control" value="<?php echo esc_attr( $settings['logs']['receiving'] ); ?>" />
391
+ <p><span class="description"><?php echo wp_kses_post( $this->core->available_template_tags( array( 'general', 'user' ), '%transfer_message%' ) ); ?></span></p>
392
  </div>
393
  </div>
394
  </div>
397
  <div class="row">
398
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
399
  <div class="form-group">
400
+ <label for="<?php echo esc_attr( $this->field_id( array( 'errors' => 'low' ) ) ); ?>"><?php esc_html_e( 'Insufficient Funds Warning', 'mycred' ); ?></label>
401
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( 'errors' => 'low' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'errors' => 'low' ) ) ); ?>" value="<?php echo esc_attr( $settings['errors']['low'] ); ?>" class="form-control" />
402
  <p><span class="description"><?php esc_html_e( 'Message to show the user if they try to send more then they can afford.', 'mycred' ); ?></span></p>
403
  </div>
404
  </div>
405
  <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
406
  <div class="form-group">
407
  <label for="mycred-transfer-log-receiving"><?php esc_html_e( 'Limit Reached Warning', 'mycred' ); ?></label>
408
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( 'errors' => 'over' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( 'errors' => 'over' ) ) ); ?>" value="<?php echo esc_attr( $settings['errors']['over'] ); ?>" class="form-control" />
409
  <p><span class="description"><?php esc_html_e( 'Message to show the user once they reach their transfer limit. Ignored if no limits are enforced.', 'mycred' ); ?></span></p>
410
  </div>
411
  </div>
417
  <?php
418
 
419
  wp_editor( $settings['templates']['login'], $this->field_id( array( 'templates' => 'login' ) ), array(
420
+ 'textarea_name' => esc_attr( $this->field_name( array( 'templates' => 'login' ) ) ),
421
  'textarea_rows' => 10
422
  ) );
423
 
431
  <?php
432
 
433
  wp_editor( $settings['templates']['limit'], $this->field_id( array( 'templates' => 'limit' ) ), array(
434
+ 'textarea_name' => esc_attr( $this->field_name( array( 'templates' => 'limit' ) ) ),
435
  'textarea_rows' => 10
436
  ) );
437
 
438
+ echo '<p>' . wp_kses_post( $this->core->available_template_tags( array( 'general' ), '%limit% %left%' ) ) . '</p>';
439
 
440
  ?>
441
  </div>
447
  <?php
448
 
449
  wp_editor( $settings['templates']['balance'], $this->field_id( array( 'templates' => 'balance' ) ), array(
450
+ 'textarea_name' => esc_attr( $this->field_name( array( 'templates' => 'balance' ) ) ),
451
  'textarea_rows' => 10
452
  ) );
453
 
454
+ echo '<p>' . wp_kses_post( $this->core->available_template_tags( array( 'general' ), '%balance%' ) ) . '</p>';
455
 
456
  ?>
457
  </div>
assets/css/mycred-edit-balance.css CHANGED
@@ -62,6 +62,7 @@ p.mycred-p { margin: 12px 0 0 0; }
62
  .balance-row input.half { width: 60% !important; display: inline-block !important; margin-right: 6px; }
63
  .balance-row input.short { width: 30% !important; display: inline-block !important; margin: 0 3px; }
64
  #mycred-edit-user-wrapper h2 { margin: 12px 0 6px 0; }
 
65
 
66
  @media screen and (max-width: 782px) {
67
 
@@ -74,12 +75,10 @@ p.mycred-p { margin: 12px 0 0 0; }
74
 
75
  .mycred-wrapper.color-option { width: 100%; }
76
 
77
-
78
  }
79
 
80
  @media screen and (min-width: 1400px) {
81
 
82
  .mycred-wrapper.color-option { width: 24% !important; }
83
 
84
-
85
  }
62
  .balance-row input.half { width: 60% !important; display: inline-block !important; margin-right: 6px; }
63
  .balance-row input.short { width: 30% !important; display: inline-block !important; margin: 0 3px; }
64
  #mycred-edit-user-wrapper h2 { margin: 12px 0 6px 0; }
65
+ #edit-mycred-balance, #mycred-custom-reference-wrapper, #mycred-users-mini-ledger { display: none; }
66
 
67
  @media screen and (max-width: 782px) {
68
 
75
 
76
  .mycred-wrapper.color-option { width: 100%; }
77
 
 
78
  }
79
 
80
  @media screen and (min-width: 1400px) {
81
 
82
  .mycred-wrapper.color-option { width: 24% !important; }
83
 
 
84
  }
includes/classes/class.query-leaderboard.php CHANGED
@@ -311,10 +311,10 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
311
 
312
  global $wpdb, $mycred_log_table;
313
 
314
- $query = '';
315
- $exclude_filter = $this->get_excludefilter();
316
- $exclude_user_filter = $this->get_exclude_userfilter();
317
- $multisite_check = $this->get_multisitefilter();
318
 
319
  /**
320
  * Total balance with timeframe
@@ -334,7 +334,7 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
334
 
335
  }
336
 
337
- $query = $wpdb->prepare( "
338
  SELECT l.user_id AS ID, SUM( l.creds ) AS cred
339
  FROM {$mycred_log_table} l
340
  {$multisite_check}
@@ -344,7 +344,8 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
344
  {$exclude_user_filter}
345
  GROUP BY l.user_id
346
  ORDER BY SUM( l.creds ) {$this->order}, l.user_id ASC
347
- {$this->limit};", $point_type_values );
 
348
 
349
  }
350
 
@@ -368,7 +369,7 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
368
 
369
  }
370
 
371
- $query = $wpdb->prepare( "
372
  SELECT DISTINCT u.ID, l.meta_value AS cred
373
  FROM {$wpdb->users} u
374
  INNER JOIN {$wpdb->usermeta} l ON ( u.ID = l.user_id )
@@ -376,8 +377,9 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
376
  WHERE {$point_type_is}
377
  {$exclude_filter}
378
  {$exclude_user_filter}
379
- ORDER BY l.meta_value+0 {$this->order}, l.user_id ASC
380
- {$this->limit};", $point_type_values );
 
381
 
382
  }
383
 
@@ -807,6 +809,7 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
807
 
808
  // Option to exclude zero balances
809
  $query = '';
 
810
  if ( $this->args['exclude_zero'] ) {
811
 
812
  $balance_format = '%d';
@@ -815,8 +818,7 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
815
  $balance_format = 'CAST( %f AS DECIMAL( ' . $length . ', ' . $this->core->format['decimals'] . ' ) )';
816
  }
817
 
818
- if ( ! $this->args['total'] )
819
- $query = $wpdb->prepare( "AND l.meta_value != {$balance_format}", $this->core->zero() );
820
 
821
  }
822
 
@@ -836,26 +838,29 @@ if ( ! class_exists( 'myCRED_Query_Leaderboard' ) ) :
836
  global $wpdb;
837
 
838
  // Option to exclude zero balances
839
- $query = '';
840
- $checkIDs='~^\d+(,\d+)*$~';
841
- $exclude=$this->args['exclude'];
842
 
843
- if (!empty($exclude)) {
844
 
845
- if(preg_match($checkIDs,$exclude)){
846
 
847
- $exclude=$this->args['exclude'];
848
 
849
  }
850
- elseif(!preg_match($checkIDs,$exclude)){
851
 
852
- $exclude=mycred_leaderboard_exclude_role($exclude);
853
 
854
  }
855
- $query = $wpdb->prepare( "AND l.user_id NOT IN ($exclude)");
 
856
 
857
  }
 
858
  return apply_filters( 'mycred_leaderboard_exclude_user_filter', $query, $this );
 
859
  }
860
 
861
  /**
311
 
312
  global $wpdb, $mycred_log_table;
313
 
314
+ $query = '';
315
+ $exclude_filter = $this->get_excludefilter();
316
+ $exclude_user_filter = $this->get_exclude_userfilter();
317
+ $multisite_check = $this->get_multisitefilter();
318
 
319
  /**
320
  * Total balance with timeframe
334
 
335
  }
336
 
337
+ $query = $wpdb->prepare( "
338
  SELECT l.user_id AS ID, SUM( l.creds ) AS cred
339
  FROM {$mycred_log_table} l
340
  {$multisite_check}
344
  {$exclude_user_filter}
345
  GROUP BY l.user_id
346
  ORDER BY SUM( l.creds ) {$this->order}, l.user_id ASC
347
+ {$this->limit};", $point_type_values
348
+ );
349
 
350
  }
351
 
369
 
370
  }
371
 
372
+ $query = $wpdb->prepare( "
373
  SELECT DISTINCT u.ID, l.meta_value AS cred
374
  FROM {$wpdb->users} u
375
  INNER JOIN {$wpdb->usermeta} l ON ( u.ID = l.user_id )
377
  WHERE {$point_type_is}
378
  {$exclude_filter}
379
  {$exclude_user_filter}
380
+ ORDER BY l.meta_value+0 {$this->order}, u.ID ASC
381
+ {$this->limit};", $point_type_values
382
+ );
383
 
384
  }
385
 
809
 
810
  // Option to exclude zero balances
811
  $query = '';
812
+
813
  if ( $this->args['exclude_zero'] ) {
814
 
815
  $balance_format = '%d';
818
  $balance_format = 'CAST( %f AS DECIMAL( ' . $length . ', ' . $this->core->format['decimals'] . ' ) )';
819
  }
820
 
821
+ $query = $wpdb->prepare( "AND l.meta_value != {$balance_format}", $this->core->zero() );
 
822
 
823
  }
824
 
838
  global $wpdb;
839
 
840
  // Option to exclude zero balances
841
+ $query = '';
842
+ $checkIDs = '~^\d+(,\d+)*$~';
843
+ $exclude = $this->args['exclude'];
844
 
845
+ if ( ! empty( $exclude ) ) {
846
 
847
+ if( preg_match( $checkIDs, $exclude ) ) {
848
 
849
+ $exclude = $this->args['exclude'];
850
 
851
  }
852
+ elseif( ! preg_match( $checkIDs, $exclude ) ) {
853
 
854
+ $exclude = mycred_leaderboard_exclude_role($exclude);
855
 
856
  }
857
+
858
+ $query = $wpdb->prepare( "AND l.user_id NOT IN ($exclude)" );
859
 
860
  }
861
+
862
  return apply_filters( 'mycred_leaderboard_exclude_user_filter', $query, $this );
863
+
864
  }
865
 
866
  /**
includes/classes/class.query-log.php CHANGED
@@ -1285,8 +1285,9 @@ if ( ! class_exists( 'myCRED_Query_Log' ) ) :
1285
  $current = $this->get_pagenum();
1286
 
1287
  $removable_query_args = wp_removable_query_args();
 
1288
 
1289
- $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
1290
  $current_url = remove_query_arg( $removable_query_args, $current_url );
1291
  $current_url = str_replace( '/' . $current . '/', '/', $current_url );
1292
  $current_url = apply_filters( 'mycred_log_front_nav_url', $current_url, $this );
@@ -1383,7 +1384,8 @@ if ( ! class_exists( 'myCRED_Query_Log' ) ) :
1383
  $output = '';
1384
  $total_pages = $this->max_num_pages;
1385
  $current = $this->get_pagenum();
1386
- $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
 
1387
 
1388
  if ( ! $this->is_admin )
1389
  $current_url = str_replace( '/page/' . $current . '/', '/', $current_url );
@@ -1692,7 +1694,7 @@ if ( ! class_exists( 'myCRED_Query_Log' ) ) :
1692
  public function the_entry( $log_entry, $wrap = 'td' ) {
1693
 
1694
  if ( $this->render_mode )
1695
- echo $this->get_the_entry( $log_entry, $wrap );
1696
 
1697
  }
1698
 
@@ -1769,9 +1771,9 @@ if ( ! class_exists( 'myCRED_Query_Log' ) ) :
1769
  $content = $time = apply_filters( 'mycred_log_date', date_i18n( $date_format, $log_entry->time ), $log_entry->time, $log_entry );
1770
  $content = '<time>' . $content . '</time>';
1771
 
1772
- if ( $this->is_admin ) {
1773
 
1774
- $request_page = isset( $_REQUEST['page'] ) ? intval( $_REQUEST['page'] ) : 0;
1775
 
1776
  $content .= '<div class="row-actions"><span class="view"><a href="' . esc_url( add_query_arg( array( 'page' => $request_page, 'time' => $this->get_time_for_filter( $log_entry->time ) ), admin_url( 'admin.php' ) ) ) . '">' . esc_html__( 'Filter by Date', 'mycred' ) . '</a></span></div>';
1777
 
@@ -1832,7 +1834,7 @@ if ( ! class_exists( 'myCRED_Query_Log' ) ) :
1832
 
1833
  if ( ! isset( $_REQUEST['user'] ) || $_REQUEST['user'] == '' ) {
1834
 
1835
- $request_page = isset( $_REQUEST['page'] ) ? intval( $_REQUEST['page'] ) : 0;
1836
 
1837
  $actions['view'] = '<a href="' . add_query_arg( array( 'page' => $request_page, 'user' => $entry->user_id ), admin_url( 'admin.php' ) ) . '">' . $filter_label . '</a>';
1838
  }
@@ -2028,7 +2030,7 @@ jQuery(function($) {
2028
  */
2029
  protected function get_time_for_filter( $timestamp ) {
2030
 
2031
- $start = strtotime( date( 'Y-m-d 00:00:00' ), $timestamp );
2032
  $end = $start + ( DAY_IN_SECONDS - 1 );
2033
 
2034
  return $start . ',' . $end;
1285
  $current = $this->get_pagenum();
1286
 
1287
  $removable_query_args = wp_removable_query_args();
1288
+ $url = ( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) ? set_url_scheme( sanitize_text_field( wp_unslash( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) ) : '';
1289
 
1290
+ $current_url = $url;
1291
  $current_url = remove_query_arg( $removable_query_args, $current_url );
1292
  $current_url = str_replace( '/' . $current . '/', '/', $current_url );
1293
  $current_url = apply_filters( 'mycred_log_front_nav_url', $current_url, $this );
1384
  $output = '';
1385
  $total_pages = $this->max_num_pages;
1386
  $current = $this->get_pagenum();
1387
+ $url = ( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) ? set_url_scheme( sanitize_text_field( wp_unslash( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ) ) : '';
1388
+ $current_url = $url;
1389
 
1390
  if ( ! $this->is_admin )
1391
  $current_url = str_replace( '/page/' . $current . '/', '/', $current_url );
1694
  public function the_entry( $log_entry, $wrap = 'td' ) {
1695
 
1696
  if ( $this->render_mode )
1697
+ echo wp_kses_post( $this->get_the_entry( $log_entry, $wrap ) );
1698
 
1699
  }
1700
 
1771
  $content = $time = apply_filters( 'mycred_log_date', date_i18n( $date_format, $log_entry->time ), $log_entry->time, $log_entry );
1772
  $content = '<time>' . $content . '</time>';
1773
 
1774
+ if ( $this->is_admin && empty( $_REQUEST['time'] ) ) {
1775
 
1776
+ $request_page = isset( $_REQUEST['page'] ) ? sanitize_key( wp_unslash( $_REQUEST['page'] ) ) : 'mycred';
1777
 
1778
  $content .= '<div class="row-actions"><span class="view"><a href="' . esc_url( add_query_arg( array( 'page' => $request_page, 'time' => $this->get_time_for_filter( $log_entry->time ) ), admin_url( 'admin.php' ) ) ) . '">' . esc_html__( 'Filter by Date', 'mycred' ) . '</a></span></div>';
1779
 
1834
 
1835
  if ( ! isset( $_REQUEST['user'] ) || $_REQUEST['user'] == '' ) {
1836
 
1837
+ $request_page = isset( $_REQUEST['page'] ) ? sanitize_key( wp_unslash( $_REQUEST['page'] ) ) : 'mycred';
1838
 
1839
  $actions['view'] = '<a href="' . add_query_arg( array( 'page' => $request_page, 'user' => $entry->user_id ), admin_url( 'admin.php' ) ) . '">' . $filter_label . '</a>';
1840
  }
2030
  */
2031
  protected function get_time_for_filter( $timestamp ) {
2032
 
2033
+ $start = strtotime( date( 'Y-m-d 00:00:00', $timestamp ) );
2034
  $end = $start + ( DAY_IN_SECONDS - 1 );
2035
 
2036
  return $start . ',' . $end;
includes/hooks/external/mycred-hook-buddypress.php CHANGED
@@ -292,7 +292,8 @@ function mycred_load_buddypress_profile_hook() {
292
  public function ajax_addremove_friend() {
293
 
294
  // Bail if not a POST action
295
- if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
 
296
  return;
297
 
298
  $user_id = bp_loggedin_user_id();
292
  public function ajax_addremove_friend() {
293
 
294
  // Bail if not a POST action
295
+ $request_method = isset( $_SERVER['REQUEST_METHOD'] ) ? strtoupper( sanitize_key( $_SERVER['REQUEST_METHOD'] ) ) : '';
296
+ if( 'POST' !== $request_method )
297
  return;
298
 
299
  $user_id = bp_loggedin_user_id();
includes/hooks/external/mycred-hook-contact-form7.php CHANGED
@@ -9,16 +9,16 @@ if ( ! defined( 'myCRED_VERSION' ) ) exit;
9
  add_filter( 'mycred_setup_hooks', 'mycred_register_contact_form_seven_hook', 50 );
10
  function mycred_register_contact_form_seven_hook( $installed ) {
11
 
12
- if ( ! function_exists( 'wpcf7' ) ) return $installed;
13
 
14
- $installed['contact_form7'] = array(
15
- 'title' => __( 'Contact Form 7 Form Submissions', 'mycred' ),
16
- 'description' => __( 'Awards %_plural% for successful form submissions (by logged in users).', 'mycred' ),
17
- 'documentation' => 'http://codex.mycred.me/hooks/submitting-contact-form-7-forms/',
18
- 'callback' => array( 'myCRED_Contact_Form7' )
19
- );
20
 
21
- return $installed;
22
 
23
  }
24
 
@@ -30,213 +30,220 @@ function mycred_register_contact_form_seven_hook( $installed ) {
30
  add_action( 'mycred_load_hooks', 'mycred_load_contact_form_seven_hook', 50 );
31
  function mycred_load_contact_form_seven_hook() {
32
 
33
- // If the hook has been replaced or if plugin is not installed, exit now
34
- if ( class_exists( 'myCRED_Contact_Form7' ) || ! function_exists( 'wpcf7' ) ) return;
35
 
36
- class myCRED_Contact_Form7 extends myCRED_Hook {
37
 
38
- /**
39
- * Construct
40
- */
41
- public function __construct( $hook_prefs, $type = MYCRED_DEFAULT_TYPE_KEY ) {
42
 
43
- parent::__construct( array(
44
- 'id' => 'contact_form7',
45
- 'defaults' => array()
46
- ), $hook_prefs, $type );
47
-
48
- }
49
-
50
- /**
51
- * Run
52
- * @since 0.1
53
- * @version 1.0
54
- */
55
- public function run() {
56
-
57
- add_action( 'wpcf7_mail_sent', array( $this, 'form_submission' ) );
58
 
59
- }
 
 
 
60
 
61
- /**
62
- * Get Forms
63
- * Queries all Contact Form 7 forms.
64
- * @since 0.1
65
- * @version 1.3
66
- */
67
- public function get_forms() {
68
 
69
- global $wpdb;
 
 
 
 
 
 
 
 
 
 
 
 
 
70
 
71
- $restuls = array();
72
- $posts_table = mycred_get_db_column( 'posts' );
73
- $forms = $wpdb->get_results( $wpdb->prepare( "
74
- SELECT ID, post_title
75
- FROM {$posts_table}
76
- WHERE post_type = %s
77
- ORDER BY ID ASC;", 'wpcf7_contact_form' ) );
78
 
79
- if ( $forms ) {
80
- foreach ( $forms as $form )
81
- $restuls[ $form->ID ] = $form->post_title;
82
- }
 
 
 
83
 
84
- return $restuls;
85
 
86
- }
 
 
 
 
 
 
87
 
88
- /**
89
- * Successful Form Submission
90
- * @since 0.1
91
- * @version 1.4.1
92
- */
93
- public function form_submission( $form_object ) {
94
 
95
- // Login is required
96
- if ( ! is_user_logged_in() ) return;
97
 
98
- $form_id = ( version_compare( WPCF7_VERSION, '4.8', '<' ) ) ? $form_object->id : $form_object->id();
99
 
100
- if ( ! isset( $this->prefs[ $form_id ] ) || ! $this->prefs[ $form_id ]['creds'] != 0 ) return;
 
 
 
 
 
101
 
102
- // Check for exclusions
103
- $user_id = get_current_user_id();
104
- if ( $this->core->exclude_user( $user_id ) ) return;
105
 
106
- // Limit
107
- if ( $this->over_hook_limit( $form_id, 'contact_form_submission' ) ) return;
108
 
109
- $this->core->add_creds(
110
- 'contact_form_submission',
111
- $user_id,
112
- $this->prefs[ $form_id ]['creds'],
113
- $this->prefs[ $form_id ]['log'],
114
- $form_id,
115
- array( 'ref_type' => 'post' ),
116
- $this->mycred_type
117
- );
118
 
119
- }
 
120
 
121
- /**
122
- * Preferences for Contact Form 7 Hook
123
- * @since 0.1
124
- * @version 1.2.1
125
- */
126
- public function preferences() {
127
 
128
- $prefs = $this->prefs;
129
- if ( $prefs === false ) $prefs = array();
 
 
 
 
 
 
 
130
 
131
- $forms = $this->get_forms();
132
 
133
- // No forms found
134
- if ( empty( $forms ) ) {
135
- echo '<p>' . esc_html__( 'No forms found.', 'mycred' ) . '</p>';
136
- return;
137
- }
138
-
139
- // Loop though prefs to make sure we always have a default settings (happens when a new form has been created)
140
- foreach ( $forms as $form_id => $form_title ) {
141
-
142
- if ( ! array_key_exists( $form_id, $prefs ) ) {
143
- $prefs[ $form_id ] = array(
144
- 'creds' => 0,
145
- 'log' => '%plural% for submitting form',
146
- 'limit' => '0/x'
147
- );
148
- }
149
-
150
- if ( ! isset( $prefs[ $form_id ]['limit'] ) )
151
- $prefs[ $form_id ]['limit'] = '0/x';
152
-
153
- }
154
 
155
- // Set pref if empty
156
- if ( empty( $prefs ) ) $this->prefs = $prefs;
157
-
158
- // Loop for settings
159
- foreach ( $forms as $form_id => $form_title ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
160
 
161
  ?>
162
  <div class="hook-instance">
163
- <h3><?php printf( esc_html__( 'Form: %s', 'mycred' ), esc_html( $form_title ) ); ?></h3>
164
- <div class="row">
165
- <div class="col-lg-2 col-md-6 col-sm-12 col-xs-12">
166
- <div class="form-group">
167
- <label for="<?php echo esc_attr( $this->field_id( array( $form_id, 'creds' ) ) ); ?>"><?php echo esc_html( $this->core->plural() ); ?></label>
168
- <input type="text" name="<?php echo esc_attr( $this->field_name( array( $form_id, 'creds' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( $form_id, 'creds' ) ) ); ?>" value="<?php echo esc_attr( $this->core->number( $prefs[ $form_id ]['creds'] ) ); ?>" class="form-control" />
169
- </div>
170
- </div>
171
- <div class="col-lg-4 col-md-6 col-sm-12 col-xs-12">
172
- <div class="form-group">
173
- <label for="<?php echo esc_attr( $this->field_id( array( $form_id, 'limit' ) ) ); ?>"><?php esc_html_e( 'Limit', 'mycred' ); ?></label>
174
- <?php echo wp_kses(
175
- $this->hook_limit_setting( $this->field_name( array( $form_id, 'limit' ) ), $this->field_id( array( $form_id, 'limit' ) ), $prefs[ $form_id ]['limit'] ),
176
- array(
177
- 'div' => array(
178
- 'class' => array()
179
- ),
180
- 'input' => array(
181
- 'type' => array(),
182
- 'size' => array(),
183
- 'class' => array(),
184
- 'name' => array(),
185
- 'id' => array(),
186
- 'value' => array()
187
- ),
188
- 'select' => array(
189
- 'name' => array(),
190
- 'id' => array(),
191
- 'class' => array()
192
- ),
193
- 'option' => array(
194
- 'value' => array(),
195
- 'selected' => array()
196
- )
197
- )
198
- );
199
- ?>
200
- </div>
201
- </div>
202
- <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
203
- <div class="form-group">
204
- <label for="<?php echo esc_attr( $this->field_id( array( $form_id, 'log' ) ) ); ?>"><?php esc_html_e( 'Log template', 'mycred' ); ?></label>
205
- <input type="text" name="<?php echo esc_attr( $this->field_name( array( $form_id, 'log' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( $form_id, 'log' ) ) ); ?>" placeholder="<?php esc_attr_e( 'required', 'mycred' ); ?>" value="<?php echo esc_attr( $prefs[ $form_id ]['log'] ); ?>" class="form-control" />
206
- <span class="description"><?php echo wp_kses_post( $this->available_template_tags( array( 'general', 'post' ) ) ); ?></span>
207
- </div>
208
- </div>
209
- </div>
210
  </div>
211
  <?php
212
 
213
- }
214
 
215
- }
216
-
217
- /**
218
- * Sanitise Preferences
219
- * @since 1.6
220
- * @version 1.0
221
- */
222
- public function sanitise_preferences( $data ) {
223
 
224
- $forms = $this->get_forms();
225
- foreach ( $forms as $form_id => $form_title ) {
226
 
227
- if ( isset( $data[ $form_id ]['limit'] ) && isset( $data[ $form_id ]['limit_by'] ) ) {
228
- $limit = sanitize_text_field( $data[ $form_id ]['limit'] );
229
- if ( $limit == '' ) $limit = 0;
230
- $data[ $form_id ]['limit'] = $limit . '/' . $data[ $form_id ]['limit_by'];
231
- unset( $data[ $form_id ]['limit_by'] );
232
- }
233
 
234
- }
235
 
236
- return $data;
237
 
238
- }
239
 
240
- }
241
 
242
- }
9
  add_filter( 'mycred_setup_hooks', 'mycred_register_contact_form_seven_hook', 50 );
10
  function mycred_register_contact_form_seven_hook( $installed ) {
11
 
12
+ if ( ! function_exists( 'wpcf7' ) ) return $installed;
13
 
14
+ $installed['contact_form7'] = array(
15
+ 'title' => __( 'Contact Form 7 Form Submissions', 'mycred' ),
16
+ 'description' => __( 'Awards %_plural% for successful form submissions (by logged in users).', 'mycred' ),
17
+ 'documentation' => 'http://codex.mycred.me/hooks/submitting-contact-form-7-forms/',
18
+ 'callback' => array( 'myCRED_Contact_Form7' )
19
+ );
20
 
21
+ return $installed;
22
 
23
  }
24
 
30
  add_action( 'mycred_load_hooks', 'mycred_load_contact_form_seven_hook', 50 );
31
  function mycred_load_contact_form_seven_hook() {
32
 
33
+ // If the hook has been replaced or if plugin is not installed, exit now
34
+ if ( class_exists( 'myCRED_Contact_Form7' ) || ! function_exists( 'wpcf7' ) ) return;
35
 
36
+ class myCRED_Contact_Form7 extends myCRED_Hook {
37
 
38
+ public $user_id = 0;
 
 
 
39
 
40
+ /**
41
+ * Construct
42
+ */
43
+ public function __construct( $hook_prefs, $type = MYCRED_DEFAULT_TYPE_KEY ) {
 
 
 
 
 
 
 
 
 
 
 
44
 
45
+ parent::__construct( array(
46
+ 'id' => 'contact_form7',
47
+ 'defaults' => array()
48
+ ), $hook_prefs, $type );
49
 
50
+ }
 
 
 
 
 
 
51
 
52
+ /**
53
+ * Run
54
+ * @since 0.1
55
+ * @version 1.0
56
+ */
57
+ public function run() {
58
+
59
+ if ( is_user_logged_in() ) {
60
+
61
+ $this->user_id = get_current_user_id();
62
+
63
+ add_action( 'wpcf7_submit', array( $this, 'form_submission' ), 10, 2 );
64
+
65
+ }
66
 
67
+ }
 
 
 
 
 
 
68
 
69
+ /**
70
+ * Get Forms
71
+ * Queries all Contact Form 7 forms.
72
+ * @since 0.1
73
+ * @version 1.3
74
+ */
75
+ public function get_forms() {
76
 
77
+ global $wpdb;
78
 
79
+ $restuls = array();
80
+ $posts_table = mycred_get_db_column( 'posts' );
81
+ $forms = $wpdb->get_results( $wpdb->prepare( "
82
+ SELECT ID, post_title
83
+ FROM {$posts_table}
84
+ WHERE post_type = %s
85
+ ORDER BY ID ASC;", 'wpcf7_contact_form' ) );
86
 
87
+ if ( $forms ) {
88
+ foreach ( $forms as $form )
89
+ $restuls[ $form->ID ] = $form->post_title;
90
+ }
 
 
91
 
92
+ return $restuls;
 
93
 
94
+ }
95
 
96
+ /**
97
+ * Successful Form Submission
98
+ * @since 0.1
99
+ * @version 1.4.1
100
+ */
101
+ public function form_submission( $form, $result ) {
102
 
103
+ // Login is required
104
+ if ( empty( $this->user_id ) ) return;
 
105
 
106
+ $form_id = ( version_compare( WPCF7_VERSION, '4.8', '<' ) ) ? $form->id : $form->id();
 
107
 
108
+ if ( ! isset( $this->prefs[ $form_id ] ) || ! $this->prefs[ $form_id ]['creds'] != 0 ) return;
 
 
 
 
 
 
 
 
109
 
110
+ // Check for exclusions
111
+ if ( $this->core->exclude_user( $this->user_id ) ) return;
112
 
113
+ // Limit
114
+ if ( $this->over_hook_limit( $form_id, 'contact_form_submission' ) ) return;
 
 
 
 
115
 
116
+ $this->core->add_creds(
117
+ 'contact_form_submission',
118
+ $this->user_id,
119
+ $this->prefs[ $form_id ]['creds'],
120
+ $this->prefs[ $form_id ]['log'],
121
+ $form_id,
122
+ array( 'ref_type' => 'post' ),
123
+ $this->mycred_type
124
+ );
125
 
126
+ }
127
 
128
+ /**
129
+ * Preferences for Contact Form 7 Hook
130
+ * @since 0.1
131
+ * @version 1.2.1
132
+ */
133
+ public function preferences() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
134
 
135
+ $prefs = $this->prefs;
136
+ if ( $prefs === false ) $prefs = array();
137
+
138
+ $forms = $this->get_forms();
139
+
140
+ // No forms found
141
+ if ( empty( $forms ) ) {
142
+ echo '<p>' . esc_html__( 'No forms found.', 'mycred' ) . '</p>';
143
+ return;
144
+ }
145
+
146
+ // Loop though prefs to make sure we always have a default settings (happens when a new form has been created)
147
+ foreach ( $forms as $form_id => $form_title ) {
148
+
149
+ if ( ! array_key_exists( $form_id, $prefs ) ) {
150
+ $prefs[ $form_id ] = array(
151
+ 'creds' => 0,
152
+ 'log' => '%plural% for submitting form',
153
+ 'limit' => '0/x'
154
+ );
155
+ }
156
+
157
+ if ( ! isset( $prefs[ $form_id ]['limit'] ) )
158
+ $prefs[ $form_id ]['limit'] = '0/x';
159
+
160
+ }
161
+
162
+ // Set pref if empty
163
+ if ( empty( $prefs ) ) $this->prefs = $prefs;
164
+
165
+ // Loop for settings
166
+ foreach ( $forms as $form_id => $form_title ) {
167
 
168
  ?>
169
  <div class="hook-instance">
170
+ <h3><?php printf( esc_html__( 'Form: %s', 'mycred' ), esc_html( $form_title ) ); ?></h3>
171
+ <div class="row">
172
+ <div class="col-lg-2 col-md-6 col-sm-12 col-xs-12">
173
+ <div class="form-group">
174
+ <label for="<?php echo esc_attr( $this->field_id( array( $form_id, 'creds' ) ) ); ?>"><?php echo esc_html( $this->core->plural() ); ?></label>
175
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( $form_id, 'creds' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( $form_id, 'creds' ) ) ); ?>" value="<?php echo esc_attr( $this->core->number( $prefs[ $form_id ]['creds'] ) ); ?>" class="form-control" />
176
+ </div>
177
+ </div>
178
+ <div class="col-lg-4 col-md-6 col-sm-12 col-xs-12">
179
+ <div class="form-group">
180
+ <label for="<?php echo esc_attr( $this->field_id( array( $form_id, 'limit' ) ) ); ?>"><?php esc_html_e( 'Limit', 'mycred' ); ?></label>
181
+ <?php echo wp_kses(
182
+ $this->hook_limit_setting( $this->field_name( array( $form_id, 'limit' ) ), $this->field_id( array( $form_id, 'limit' ) ), $prefs[ $form_id ]['limit'] ),
183
+ array(
184
+ 'div' => array(
185
+ 'class' => array()
186
+ ),
187
+ 'input' => array(
188
+ 'type' => array(),
189
+ 'size' => array(),
190
+ 'class' => array(),
191
+ 'name' => array(),
192
+ 'id' => array(),
193
+ 'value' => array()
194
+ ),
195
+ 'select' => array(
196
+ 'name' => array(),
197
+ 'id' => array(),
198
+ 'class' => array()
199
+ ),
200
+ 'option' => array(
201
+ 'value' => array(),
202
+ 'selected' => array()
203
+ )
204
+ )
205
+ );
206
+ ?>
207
+ </div>
208
+ </div>
209
+ <div class="col-lg-6 col-md-6 col-sm-12 col-xs-12">
210
+ <div class="form-group">
211
+ <label for="<?php echo esc_attr( $this->field_id( array( $form_id, 'log' ) ) ); ?>"><?php esc_html_e( 'Log template', 'mycred' ); ?></label>
212
+ <input type="text" name="<?php echo esc_attr( $this->field_name( array( $form_id, 'log' ) ) ); ?>" id="<?php echo esc_attr( $this->field_id( array( $form_id, 'log' ) ) ); ?>" placeholder="<?php esc_attr_e( 'required', 'mycred' ); ?>" value="<?php echo esc_attr( $prefs[ $form_id ]['log'] ); ?>" class="form-control" />
213
+ <span class="description"><?php echo wp_kses_post( $this->available_template_tags( array( 'general', 'post' ) ) ); ?></span>
214
+ </div>
215
+ </div>
216
+ </div>
217
  </div>
218
  <?php
219
 
220
+ }
221
 
222
+ }
223
+
224
+ /**
225
+ * Sanitise Preferences
226
+ * @since 1.6
227
+ * @version 1.0
228
+ */
229
+ public function sanitise_preferences( $data ) {
230
 
231
+ $forms = $this->get_forms();
232
+ foreach ( $forms as $form_id => $form_title ) {
233
 
234
+ if ( isset( $data[ $form_id ]['limit'] ) && isset( $data[ $form_id ]['limit_by'] ) ) {
235
+ $limit = sanitize_text_field( $data[ $form_id ]['limit'] );
236
+ if ( $limit == '' ) $limit = 0;
237
+ $data[ $form_id ]['limit'] = $limit . '/' . $data[ $form_id ]['limit_by'];
238
+ unset( $data[ $form_id ]['limit_by'] );
239
+ }
240
 
241
+ }
242
 
243
+ return $data;
244
 
245
+ }
246
 
247
+ }
248
 
249
+ }
includes/hooks/external/mycred-hook-woocommerce.php CHANGED
@@ -226,7 +226,8 @@ if ( ! function_exists( 'mycred_woo_save_reward_settings' ) ) :
226
  if ( ! isset( $_POST['mycred_reward'] ) || empty( $_POST['mycred_reward'] ) || $post_type != 'product' ) return;
227
 
228
  $new_setup = array();
229
- foreach ( $_POST['mycred_reward'] as $point_type => $setup ) {
 
230
 
231
  if ( empty( $setup ) ) continue;
232
 
@@ -255,6 +256,7 @@ if ( ! function_exists( 'mycred_woo_save_product_variation_detail' ) ) :
255
  if ( ! isset( $_POST['_mycred_reward'] ) || empty( $_POST['_mycred_reward'] ) || ! array_key_exists( $post_id, $_POST['_mycred_reward'] ) ) return;
256
 
257
  $new_setup = array();
 
258
  foreach ( $_POST['_mycred_reward'][ $post_id ] as $point_type => $value ) {
259
 
260
  $value = sanitize_text_field( $value );
226
  if ( ! isset( $_POST['mycred_reward'] ) || empty( $_POST['mycred_reward'] ) || $post_type != 'product' ) return;
227
 
228
  $new_setup = array();
229
+
230
+ foreach ( mycred_sanitize_array( wp_unslash( $_POST['mycred_reward'] ) ) as $point_type => $setup ) {
231
 
232
  if ( empty( $setup ) ) continue;
233
 
256
  if ( ! isset( $_POST['_mycred_reward'] ) || empty( $_POST['_mycred_reward'] ) || ! array_key_exists( $post_id, $_POST['_mycred_reward'] ) ) return;
257
 
258
  $new_setup = array();
259
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
260
  foreach ( $_POST['_mycred_reward'][ $post_id ] as $point_type => $value ) {
261
 
262
  $value = sanitize_text_field( $value );
includes/hooks/mycred-hook-referrals.php CHANGED
@@ -285,7 +285,8 @@ if ( ! class_exists( 'myCRED_Hook_Affiliate' ) ) :
285
  if ( $user_id !== NULL && ! is_user_logged_in() ) {
286
 
287
  // Attempt to get the users IP
288
- $IP = apply_filters( 'mycred_affiliate_IP', $_SERVER['REMOTE_ADDR'], 'visit', $this );
 
289
  if ( $IP != '' && $IP != '0.0.0.0' ) {
290
 
291
  // If referral counts
@@ -365,7 +366,8 @@ if ( ! class_exists( 'myCRED_Hook_Affiliate' ) ) :
365
 
366
 
367
  // Attempt to get the users IP
368
- $IP = apply_filters( 'mycred_affiliate_IP', $_SERVER['REMOTE_ADDR'], 'signup', $this );
 
369
 
370
  if ( $this->core->has_entry( 'signup_referral', $new_user_id, $user_id, $IP, $this->mycred_type ) ) return;
371
 
285
  if ( $user_id !== NULL && ! is_user_logged_in() ) {
286
 
287
  // Attempt to get the users IP
288
+ $remote_addr = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '';
289
+ $IP = sanitize_key( apply_filters( 'mycred_affiliate_IP', $remote_addr, 'visit', $this ) );
290
  if ( $IP != '' && $IP != '0.0.0.0' ) {
291
 
292
  // If referral counts
366
 
367
 
368
  // Attempt to get the users IP
369
+ $remote_addr = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '';
370
+ $IP = sanitize_key( apply_filters( 'mycred_affiliate_IP', $remote_addr, 'signup', $this ) );
371
 
372
  if ( $this->core->has_entry( 'signup_referral', $new_user_id, $user_id, $IP, $this->mycred_type ) ) return;
373
 
includes/importers/mycred-balances.php CHANGED
@@ -227,7 +227,7 @@ if ( ! class_exists( 'myCRED_Importer_Balances' ) ) :
227
  }
228
 
229
  if ( $ran ) {
230
- echo '<div class="updated notice notice-success is-dismissible"><p>' . sprintf( esc_html__( 'Import complete - A total of <strong>%d</strong> balances were successfully imported. <strong>%d</strong> was skipped.', 'mycred' ), esc_html( $this->imported ), esc_html( $this->skipped ) ) . '</p></div>';
231
  echo '<p><a href="' . esc_url( admin_url( 'users.php' ) ) . '" class="button button-large button-primary">' . esc_html__( 'View Users', 'mycred' ) . '</a></p>';
232
  }
233
 
227
  }
228
 
229
  if ( $ran ) {
230
+ echo '<div class="updated notice notice-success is-dismissible"><p>' . sprintf( wp_kses_post( __( 'Import complete - A total of <strong>%d</strong> balances were successfully imported. <strong>%d</strong> was skipped.', 'mycred' ) ), esc_html( $this->imported ), esc_html( $this->skipped ) ) . '</p></div>';
231
  echo '<p><a href="' . esc_url( admin_url( 'users.php' ) ) . '" class="button button-large button-primary">' . esc_html__( 'View Users', 'mycred' ) . '</a></p>';
232
  }
233
 
includes/importers/mycred-cubepoints.php CHANGED
@@ -352,7 +352,7 @@ if ( ! class_exists( 'myCRED_Importer_CubePoints' ) ) :
352
  else {
353
 
354
  $show_greet = false;
355
- echo '<div class="updated notice notice-success is-dismissible"><p>' . sprintf( esc_html__( 'Import complete - A total of <strong>%d</strong> balances were successfully imported. <strong>%d</strong> was skipped.', 'mycred' ), esc_html( $this->imported ), esc_html( $this->skipped ) ) . '</p></div>';
356
  echo '<p><a href="' . esc_url( admin_url( 'users.php' ) ) . '" class="button button-large button-primary">' . esc_html__( 'View Users', 'mycred' ) . '</a></p>';
357
 
358
  }
352
  else {
353
 
354
  $show_greet = false;
355
+ echo '<div class="updated notice notice-success is-dismissible"><p>' . sprintf( wp_kses_post( __( 'Import complete - A total of <strong>%d</strong> balances were successfully imported. <strong>%d</strong> was skipped.', 'mycred' ) ), esc_html( $this->imported ), esc_html( $this->skipped ) ) . '</p></div>';
356
  echo '<p><a href="' . esc_url( admin_url( 'users.php' ) ) . '" class="button button-large button-primary">' . esc_html__( 'View Users', 'mycred' ) . '</a></p>';
357
 
358
  }
includes/importers/mycred-log-entries.php CHANGED
@@ -211,7 +211,7 @@ if ( ! class_exists( 'myCRED_Importer_Log_Entires' ) ) :
211
  }
212
 
213
  if ( $ran ) {
214
- echo '<div class="updated notice notice-success is-dismissible"><p>' . sprintf( esc_html__( 'Import complete - A total of <strong>%d</strong> log entries were successfully imported. <strong>%d</strong> was skipped.', 'mycred' ), esc_html( $this->imported ), esc_html( $this->skipped ) ) . '</p></div>';
215
  echo '<p><a href="' . esc_url( admin_url( 'admin.php?page=' . MYCRED_SLUG ) ) . '" class="button button-large button-primary">' . esc_html__( 'View Log', 'mycred' ) . '</a></p>';
216
  }
217
 
211
  }
212
 
213
  if ( $ran ) {
214
+ echo '<div class="updated notice notice-success is-dismissible"><p>' . sprintf( wp_kses_post( __( 'Import complete - A total of <strong>%d</strong> log entries were successfully imported. <strong>%d</strong> was skipped.', 'mycred' ) ), esc_html( $this->imported ), esc_html( $this->skipped ) ) . '</p></div>';
215
  echo '<p><a href="' . esc_url( admin_url( 'admin.php?page=' . MYCRED_SLUG ) ) . '" class="button button-large button-primary">' . esc_html__( 'View Log', 'mycred' ) . '</a></p>';
216
  }
217
 
includes/mycred-functions.php CHANGED
@@ -694,9 +694,13 @@ if ( ! class_exists( 'myCRED_Settings' ) ) :
694
  $comment_url = '#item-has-been-deleted';
695
  $comment_post_title = __( 'Deleted Item', 'mycred' );
696
 
 
 
697
  // Comment does not exist - see if we can re-construct
698
  if ( $comment === NULL ) {
699
 
 
 
700
  // Nope, no backup, bye
701
  if ( ! is_array( $data ) || ! array_key_exists( 'comment_ID', $data ) ) return $content;
702
 
@@ -709,12 +713,17 @@ if ( ! class_exists( 'myCRED_Settings' ) ) :
709
  }
710
  else {
711
 
 
 
712
  $comment_post = mycred_get_post( $comment->comment_post_ID );
713
  $comment_url = mycred_get_permalink( $comment_post );
714
  $comment_post_title = mycred_get_permalink( $comment_post );
715
 
 
716
  }
717
 
 
 
718
  // Let others play first
719
  $content = apply_filters( 'mycred_parse_tags_comment', $content, $comment, $data );
720
 
@@ -725,9 +734,8 @@ if ( ! class_exists( 'myCRED_Settings' ) ) :
725
 
726
  $content = str_replace( '%c_post_id%', $comment->comment_post_ID, $content );
727
  $content = str_replace( '%c_post_title%', esc_attr( $comment_post_title ), $content );
728
-
729
  $content = str_replace( '%c_post_url%', esc_url_raw( $comment_url ), $content );
730
- $content = str_replace( '%c_link_with_title%', '<a href="' . esc_url_raw( $comment_url ) . '">' . esc_attr( $comment_post_title ) . '</a>', $content );
731
 
732
  return $content;
733
 
@@ -2614,6 +2622,22 @@ endif;
2614
  if ( ! function_exists( 'mycred_types_select_from_dropdown' ) ) :
2615
  function mycred_types_select_from_dropdown( $name = '', $id = '', $selected = '', $return = false, $extra = '' ) {
2616
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2617
  $types = mycred_get_types();
2618
  $output = '';
2619
 
@@ -2644,7 +2668,7 @@ if ( ! function_exists( 'mycred_types_select_from_dropdown' ) ) :
2644
  if ( $return )
2645
  return $output;
2646
 
2647
- echo $output;
2648
 
2649
  }
2650
  endif;
@@ -2657,6 +2681,21 @@ endif;
2657
  if ( ! function_exists( 'mycred_types_select_from_checkboxes' ) ) :
2658
  function mycred_types_select_from_checkboxes( $name = '', $id = '', $selected_values = array(), $return = false ) {
2659
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2660
  $types = mycred_get_types();
2661
 
2662
  $output = '';
@@ -2675,7 +2714,7 @@ if ( ! function_exists( 'mycred_types_select_from_checkboxes' ) ) :
2675
  if ( $return )
2676
  return $output;
2677
 
2678
- echo $output;
2679
 
2680
  }
2681
  endif;
@@ -4161,7 +4200,7 @@ function mycred_create_select2( $options = '', $attributes = array(), $selected
4161
 
4162
  if( !empty( $attributes ) )
4163
  foreach( $attributes as $attr => $value )
4164
- $content .= "{$attr}='{$value}'";
4165
 
4166
  $content .= "style='width: 168px;'>";
4167
 
694
  $comment_url = '#item-has-been-deleted';
695
  $comment_post_title = __( 'Deleted Item', 'mycred' );
696
 
697
+
698
+
699
  // Comment does not exist - see if we can re-construct
700
  if ( $comment === NULL ) {
701
 
702
+
703
+
704
  // Nope, no backup, bye
705
  if ( ! is_array( $data ) || ! array_key_exists( 'comment_ID', $data ) ) return $content;
706
 
713
  }
714
  else {
715
 
716
+
717
+
718
  $comment_post = mycred_get_post( $comment->comment_post_ID );
719
  $comment_url = mycred_get_permalink( $comment_post );
720
  $comment_post_title = mycred_get_permalink( $comment_post );
721
 
722
+
723
  }
724
 
725
+
726
+
727
  // Let others play first
728
  $content = apply_filters( 'mycred_parse_tags_comment', $content, $comment, $data );
729
 
734
 
735
  $content = str_replace( '%c_post_id%', $comment->comment_post_ID, $content );
736
  $content = str_replace( '%c_post_title%', esc_attr( $comment_post_title ), $content );
 
737
  $content = str_replace( '%c_post_url%', esc_url_raw( $comment_url ), $content );
738
+ $content = str_replace( '%c_link_with_title%', '<a href="' . esc_url_raw( $comment_url ) . '">' . esc_attr($comment_post->post_title ) . '</a>', $content );
739
 
740
  return $content;
741
 
2622
  if ( ! function_exists( 'mycred_types_select_from_dropdown' ) ) :
2623
  function mycred_types_select_from_dropdown( $name = '', $id = '', $selected = '', $return = false, $extra = '' ) {
2624
 
2625
+ $allowed_html = array(
2626
+ 'input' => array(
2627
+ 'type' => array(),
2628
+ 'value' => array(),
2629
+ 'name' => array(),
2630
+ 'id' => array()
2631
+ ),
2632
+ 'select' => array(
2633
+ 'name' => array(),
2634
+ 'class' => array()
2635
+ ),
2636
+ 'option' => array(
2637
+ 'value' => array(),
2638
+ 'selected' => array()
2639
+ )
2640
+ );
2641
  $types = mycred_get_types();
2642
  $output = '';
2643
 
2668
  if ( $return )
2669
  return $output;
2670
 
2671
+ echo wp_kses( $output, $allowed_html) ;
2672
 
2673
  }
2674
  endif;
2681
  if ( ! function_exists( 'mycred_types_select_from_checkboxes' ) ) :
2682
  function mycred_types_select_from_checkboxes( $name = '', $id = '', $selected_values = array(), $return = false ) {
2683
 
2684
+ $allowed_html = array(
2685
+ 'label' => array(
2686
+ 'for' => array()
2687
+ ),
2688
+ 'input' => array(
2689
+ 'type' => array(),
2690
+ 'value' => array(),
2691
+ 'name' => array(),
2692
+ 'id' => array(),
2693
+ 'checked' => array()
2694
+ ),
2695
+ 'div' => array(
2696
+ 'class' => array()
2697
+ )
2698
+ );
2699
  $types = mycred_get_types();
2700
 
2701
  $output = '';
2714
  if ( $return )
2715
  return $output;
2716
 
2717
+ echo wp_kses( $output, $allowed_html );
2718
 
2719
  }
2720
  endif;
4200
 
4201
  if( !empty( $attributes ) )
4202
  foreach( $attributes as $attr => $value )
4203
+ $content .= "{$attr}='{$value}' ";
4204
 
4205
  $content .= "style='width: 168px;'>";
4206
 
includes/mycred-remote.php CHANGED
@@ -34,8 +34,8 @@ if ( ! class_exists( 'myCRED_Remote' ) ) :
34
  $this->core = mycred();
35
  $this->key = $key;
36
 
37
- $this->method = $_SERVER['REQUEST_METHOD'];
38
- $this->uri = explode( '/', $_SERVER['REQUEST_URI'] );
39
  $this->format = '';
40
 
41
  $this->parse_call();
@@ -105,12 +105,12 @@ if ( ! class_exists( 'myCRED_Remote' ) ) :
105
  $parameters = array();
106
 
107
  if ( isset( $_SERVER['QUERY_STRING'] ) )
108
- parse_str( $_SERVER['QUERY_STRING'], $parameters );
109
 
110
  $body = file_get_contents( "php://input" );
111
  $content_type = false;
112
  if ( isset( $_SERVER['CONTENT_TYPE'] ) ) {
113
- $content_type = $_SERVER['CONTENT_TYPE'];
114
  }
115
 
116
  switch ( $content_type ) {
@@ -168,22 +168,22 @@ if ( ! class_exists( 'myCRED_Remote' ) ) :
168
  public function get_host_IP() {
169
 
170
  if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) )
171
- $this->host = $_SERVER['HTTP_CLIENT_IP'];
172
 
173
  elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
174
- $this->host = $_SERVER['HTTP_X_FORWARDED_FOR'];
175
 
176
  elseif ( isset( $_SERVER['HTTP_X_FORWARDED'] ) )
177
- $this->host = $_SERVER['HTTP_X_FORWARDED'];
178
 
179
  elseif ( isset( $_SERVER['HTTP_FORWARDED_FOR'] ) )
180
- $this->host = $_SERVER['HTTP_FORWARDED_FOR'];
181
 
182
  elseif ( isset( $_SERVER['HTTP_FORWARDED'] ) )
183
- $this->host = $_SERVER['HTTP_FORWARDED'];
184
 
185
  elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
186
- $this->host = $_SERVER['REMOTE_ADDR'];
187
 
188
  else
189
  $this->host = 'UNKNOWN';
@@ -533,7 +533,7 @@ if ( ! function_exists( 'mycred_remote_init' ) ) :
533
  $prefs = mycred_get_remote();
534
  if ( ! $prefs['enabled'] ) return;
535
 
536
- $uri = explode( '/', $_SERVER['REQUEST_URI'] );
537
  if ( isset( $uri[1] ) && $uri[1] == $prefs['uri'] ) {
538
 
539
  // Load
34
  $this->core = mycred();
35
  $this->key = $key;
36
 
37
+ $this->method = isset( $_SERVER['REQUEST_METHOD'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) : '';
38
+ $this->uri = explode( '/', isset( $_SERVER['REQUEST_URI'] ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '' );
39
  $this->format = '';
40
 
41
  $this->parse_call();
105
  $parameters = array();
106
 
107
  if ( isset( $_SERVER['QUERY_STRING'] ) )
108
+ parse_str( sanitize_text_field( wp_unslash( $_SERVER['QUERY_STRING'] ) ), $parameters );
109
 
110
  $body = file_get_contents( "php://input" );
111
  $content_type = false;
112
  if ( isset( $_SERVER['CONTENT_TYPE'] ) ) {
113
+ $content_type = sanitize_text_field( wp_unslash( $_SERVER['CONTENT_TYPE'] ) );
114
  }
115
 
116
  switch ( $content_type ) {
168
  public function get_host_IP() {
169
 
170
  if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) )
171
+ $this->host = sanitize_text_field( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ) );
172
 
173
  elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
174
+ $this->host = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) );
175
 
176
  elseif ( isset( $_SERVER['HTTP_X_FORWARDED'] ) )
177
+ $this->host = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ) );
178
 
179
  elseif ( isset( $_SERVER['HTTP_FORWARDED_FOR'] ) )
180
+ $this->host = sanitize_text_field( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ) );
181
 
182
  elseif ( isset( $_SERVER['HTTP_FORWARDED'] ) )
183
+ $this->host = sanitize_text_field( wp_unslash( $_SERVER['HTTP_FORWARDED'] ) );
184
 
185
  elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
186
+ $this->host = sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) );
187
 
188
  else
189
  $this->host = 'UNKNOWN';
533
  $prefs = mycred_get_remote();
534
  if ( ! $prefs['enabled'] ) return;
535
 
536
+ $uri = explode( '/', isset( $_SERVER['REQUEST_URI'] ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '' );
537
  if ( isset( $uri[1] ) && $uri[1] == $prefs['uri'] ) {
538
 
539
  // Load
includes/mycred-tools-bulk-assign.php CHANGED
@@ -104,7 +104,24 @@ class myCRED_Tools_Bulk_Assign extends myCRED_Tools
104
  <thead>
105
  <tr>
106
  <td><label for=""><?php esc_html_e( 'Select Type', 'mycred' ) ?></label></td>
107
- <td><?php echo mycred_create_select2( $award_type, $award_args ); ?></td>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
108
  </tr>
109
  </thead>
110
 
@@ -131,7 +148,24 @@ class myCRED_Tools_Bulk_Assign extends myCRED_Tools
131
 
132
  <tr>
133
  <td><label for=""><?php esc_html_e( 'Select Point Type', 'mycred' ) ?></label></td>
134
- <td><?php echo mycred_create_select2( $point_types, $pt_args ); ?></td>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
135
  </tr>
136
 
137
  <tr>
@@ -169,7 +203,25 @@ class myCRED_Tools_Bulk_Assign extends myCRED_Tools
169
  <tbody class="bulk-award-badge" style="display: none;">
170
  <tr>
171
  <td><label for=""><?php esc_html_e( 'Select Badge(s)', 'mycred' ) ?></label></td>
172
- <td><?php echo mycred_create_select2( $badges, $badges_args ); ?></td>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
173
  </tr>
174
  </tbody>
175
 
@@ -177,7 +229,22 @@ class myCRED_Tools_Bulk_Assign extends myCRED_Tools
177
  <tr>
178
  <td><label for=""><?php esc_html_e( 'Select Rank', 'mycred' ) ?></label></td>
179
  <td>
180
- <?php echo mycred_create_select2( $ranks, $ranks_args ); ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
181
  </td>
182
  </tr>
183
  <tr class="bulk-award-rank">
@@ -191,7 +258,46 @@ class myCRED_Tools_Bulk_Assign extends myCRED_Tools
191
  </tbody>
192
 
193
  <!-- User fields -->
194
- <?php echo $this->users_fields( $user_args ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
195
 
196
  <!-- Award Button -->
197
  <tbody>
104
  <thead>
105
  <tr>
106
  <td><label for=""><?php esc_html_e( 'Select Type', 'mycred' ) ?></label></td>
107
+ <td>
108
+ <?php echo wp_kses(
109
+ mycred_create_select2( $award_type, $award_args ),
110
+ array(
111
+ 'select' => array(
112
+ 'id' => array(),
113
+ 'class' => array(),
114
+ 'name' => array(),
115
+ 'style' => array()
116
+ ),
117
+ 'option' => array(
118
+ 'value' => array(),
119
+ 'selected' => array()
120
+ ),
121
+ )
122
+ );
123
+ ?>
124
+ </td>
125
  </tr>
126
  </thead>
127
 
148
 
149
  <tr>
150
  <td><label for=""><?php esc_html_e( 'Select Point Type', 'mycred' ) ?></label></td>
151
+ <td>
152
+ <?php echo wp_kses(
153
+ mycred_create_select2( $point_types, $pt_args ),
154
+ array(
155
+ 'select' => array(
156
+ 'id' => array(),
157
+ 'name' => array(),
158
+ 'class' => array(),
159
+ 'style' => array()
160
+ ),
161
+ 'option' => array(
162
+ 'value' => array(),
163
+ 'selected' => array()
164
+ ),
165
+ )
166
+ );
167
+ ?>
168
+ </td>
169
  </tr>
170
 
171
  <tr>
203
  <tbody class="bulk-award-badge" style="display: none;">
204
  <tr>
205
  <td><label for=""><?php esc_html_e( 'Select Badge(s)', 'mycred' ) ?></label></td>
206
+ <td>
207
+ <?php echo wp_kses(
208
+ mycred_create_select2( $badges, $badges_args ),
209
+ array(
210
+ 'select' => array(
211
+ 'id' => array(),
212
+ 'name' => array(),
213
+ 'class' => array(),
214
+ 'style' => array(),
215
+ 'multiple' => array()
216
+ ),
217
+ 'option' => array(
218
+ 'value' => array(),
219
+ 'selected' => array()
220
+ ),
221
+ )
222
+ );
223
+ ?>
224
+ </td>
225
  </tr>
226
  </tbody>
227
 
229
  <tr>
230
  <td><label for=""><?php esc_html_e( 'Select Rank', 'mycred' ) ?></label></td>
231
  <td>
232
+ <?php echo wp_kses(
233
+ mycred_create_select2( $ranks, $ranks_args ),
234
+ array(
235
+ 'select' => array(
236
+ 'id' => array(),
237
+ 'name' => array(),
238
+ 'class' => array(),
239
+ 'style' => array()
240
+ ),
241
+ 'option' => array(
242
+ 'value' => array(),
243
+ 'selected' => array()
244
+ ),
245
+ )
246
+ );
247
+ ?>
248
  </td>
249
  </tr>
250
  <tr class="bulk-award-rank">
258
  </tbody>
259
 
260
  <!-- User fields -->
261
+ <?php
262
+ $allowed_html = array(
263
+ 'tbody' => array(),
264
+ 'p' => array(),
265
+ 'i' => array(),
266
+ 'tr' => array(
267
+ 'class' => array()
268
+ ),
269
+ 'td' => array(
270
+ 'class' => array()
271
+ ),
272
+ 'label' => array(
273
+ 'class' => array(),
274
+ 'for' => array()
275
+ ),
276
+ 'input' => array(
277
+ 'type' => array(),
278
+ 'value' => array(),
279
+ 'name' => array(),
280
+ 'class' => array(),
281
+ 'id' => array(),
282
+ 'checked' => array()
283
+ ),
284
+ 'span' => array(
285
+ 'class' => array()
286
+ ),
287
+ 'select' => array(
288
+ 'id' => array(),
289
+ 'style' => array(),
290
+ 'name' => array(),
291
+ 'class' => array(),
292
+ 'multiple' => array()
293
+ ),
294
+ 'option' => array(
295
+ 'value' => array(),
296
+ 'selected' => array()
297
+ )
298
+ );
299
+
300
+ echo wp_kses( $this->users_fields( $user_args ), $allowed_html );?>
301
 
302
  <!-- Award Button -->
303
  <tbody>
includes/mycred-tools-import-export.php CHANGED
@@ -18,37 +18,37 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
18
  $ranks = get_mycred_tools_page_url( 'ranks' );
19
  $setup = get_mycred_tools_page_url( 'setup' );
20
 
21
- $page = isset( $_GET['mycred-tools'] ) ? $_GET['mycred-tools'] : '';
22
 
23
  $heading = $_GET['mycred-tools'] == 'setup' ? __( 'Export','mycred' ) : __( 'Import','mycred' );
24
 
25
- echo "<h1>{$heading}</h1>";
26
  ?>
27
 
28
  <div class="subsubsub">
29
- <a href="<?php echo $points; ?>" class="<?php echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'points' ) ? 'current' : ''; ?>"><?php esc_html_e( 'Points','mycred' ); ?></a>
30
  <?php
31
  if( class_exists( 'myCRED_Badge' ) )
32
  {
33
  $current = ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'badges' ) ? 'current' : '';
34
- echo "| <a href='{$badges}' class='{$current}'> Badges</a>";
35
  }
36
 
37
  if( class_exists( 'myCRED_Ranks_Module' ) )
38
  {
39
  $current = ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'ranks' ) ? 'current' : '';
40
- echo "| <a href='{$ranks}' class='{$current}'>Ranks</a>";
41
  }
42
  ?>
43
 
44
- | <a href="<?php echo $setup; ?>" class="<?php echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'setup' ) ? 'current' : ''; ?>"><?php esc_html_e( 'Setup','mycred' ); ?></a>
45
 
46
- <input type="hidden" class="request-tab" value="<?php echo $_GET['mycred-tools'] ?>" />
47
  </div>
48
  <br class="clear">
49
  <?php
50
 
51
- echo $this->get_body( $page );
52
  }
53
 
54
  public function get_body( $page )
@@ -141,12 +141,40 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
141
 
142
  <div class="mycred-container">
143
  <label><?php esc_html_e( 'Select Point Types','mycred' ); ?></label>
144
- <?php echo mycred_create_select2( $pt_options, $pr_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
145
  </div>
146
 
147
  <div class="mycred-container">
148
- <label><?php esc_html_e( 'User Field in Exported File', 'mycred' ); ?></label>
149
- <?php echo mycred_create_select2( $uf_options, $uf_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
150
  </div>
151
 
152
  <div class="mycred-container">
@@ -215,7 +243,20 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
215
  <td>
216
  <form method="post" enctype="multipart/form-data">
217
  <input type="file" id="import-file" name="file" accept=".csv" />
218
- <?php echo mycred_create_select2( $type_options, $type_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
219
  <button class="button button-primary", id="import">
220
  <span class="dashicons dashicons-database-import v-align-middle"></span> <?php esc_html_e( 'Import User Badges','mycred' ); ?>
221
  </button>
@@ -255,17 +296,57 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
255
 
256
  <div class="mycred-container">
257
  <label><?php esc_html_e( 'Select Badges','mycred' ); ?></label>
258
- <?php echo mycred_create_select2( $badges_options, $badges_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
259
  </div>
260
 
261
  <div class="mycred-container">
262
  <label><?php esc_html_e( 'User Field in Exported File', 'mycred' ); ?></label>
263
- <?php echo mycred_create_select2( $uf_options, $uf_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
264
  </div>
265
 
266
  <div class="mycred-container">
267
  <label><?php esc_html_e( 'Badge Fields in Exported File', 'mycred' ); ?></label>
268
- <?php echo mycred_create_select2( $badges_fields_options, $badges_fields_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
269
  </div>
270
 
271
  <div class="mycred-container">
@@ -335,7 +416,20 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
335
  <td>
336
  <form method="post" enctype="multipart/form-data">
337
  <input type="file" id="import-file" name="file" accept=".csv" />
338
- <?php echo mycred_create_select2( $type_options, $type_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
339
  <button class="button button-primary", id="import">
340
  <span class="dashicons dashicons-database-import v-align-middle"></span> <?php esc_html_e( 'Import User Ranks','mycred' ); ?>
341
  </button>
@@ -375,17 +469,57 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
375
 
376
  <div class="mycred-container">
377
  <label><?php esc_html_e( 'Select Ranks','mycred' ); ?></label>
378
- <?php echo mycred_create_select2( $ranks_options, $ranks_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
379
  </div>
380
 
381
  <div class="mycred-container">
382
  <label><?php esc_html_e( 'User Field in Exported File', 'mycred' ); ?></label>
383
- <?php echo mycred_create_select2( $uf_options, $uf_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
384
  </div>
385
 
386
  <div class="mycred-container">
387
  <label><?php esc_html_e( 'Rank Fields in Exported File', 'mycred' ); ?></label>
388
- <?php echo mycred_create_select2( $ranks_fields_options, $ranks_fields_attr ) ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
389
  </div>
390
 
391
  <div class="mycred-container">
@@ -960,17 +1094,18 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
960
  if( isset( $_POST['action'] ) && $_POST['action'] == 'mycred-tools-import-export' )
961
  {
962
  //Export Raw points
963
- if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'points' && $_POST['request'] == 'export' )
964
  {
965
- $point_types = sanitize_text_field( $_POST['types'] );
966
- $point_types = stripslashes( $point_types );
967
  $point_types = json_decode( $point_types );
968
 
969
  $point_types = mycred_sanitize_array( $point_types );
970
 
971
- $user_field = sanitize_text_field( $_POST['user_field'] );
 
972
 
973
- return $this->export_csv( 'points', sanitize_text_field( $_POST['template'] ), $user_field, $point_types );
974
 
975
  die;
976
  }
@@ -978,7 +1113,9 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
978
  //Import Points
979
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'points' && $_POST['request'] == 'import' && isset( $_FILES ) )
980
  {
981
- $file_path = sanitize_text_field( $_FILES['_file']['tmp_name'] );
 
 
982
 
983
  $this->import_csv( $file_path, 'points' );
984
  }
@@ -1001,21 +1138,21 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
1001
 
1002
  //Badges
1003
  //Export Raw Badges
1004
- if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'badges' && $_POST['request'] == 'export' )
1005
  {
1006
- $template = sanitize_text_field( $_POST['template'] );
1007
 
1008
- $user_field = sanitize_text_field( $_POST['user_field'] );
1009
 
1010
- $post_field = sanitize_text_field( $_POST['post_field'] );
1011
 
1012
- $badges = stripslashes( $_POST['types'] );
1013
 
1014
  $badges = json_decode( $badges );
1015
 
1016
  $badges = mycred_sanitize_array( $badges );
1017
 
1018
- return $this->export_csv( 'badges', $template, $user_field, $badges, $post_field);
1019
 
1020
  die;
1021
  }
@@ -1023,9 +1160,11 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
1023
  //Import Badges
1024
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'badges' && $_POST['request'] == 'import' && isset( $_FILES ) )
1025
  {
1026
- $file_path = sanitize_text_field( $_FILES['_file']['tmp_name'] );
1027
 
1028
- $import_format_type = sanitize_text_field( $_POST['import_format_type'] );
 
 
 
1029
 
1030
  $this->import_csv( $file_path, 'badges', $import_format_type );
1031
  }
@@ -1043,9 +1182,10 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
1043
  //Import Ranks
1044
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'ranks' && $_POST['request'] == 'import' && isset( $_FILES ) )
1045
  {
1046
- $file_path = sanitize_text_field( $_FILES['_file']['tmp_name'] );
 
1047
 
1048
- $import_format_type = sanitize_text_field( $_POST['import_format_type'] );
1049
 
1050
  $this->import_csv( $file_path, 'ranks', $import_format_type );
1051
  }
@@ -1053,13 +1193,14 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
1053
  //Export Raw Ranks
1054
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'ranks' && $_POST['request'] == 'export' )
1055
  {
1056
- $template = sanitize_text_field( $_POST['template'] );
1057
 
1058
- $user_field = sanitize_text_field( $_POST['user_field'] );
 
 
1059
 
1060
- $post_field = sanitize_text_field( $_POST['post_field'] );
1061
 
1062
- $ranks = stripslashes( $_POST['types'] );
1063
 
1064
  $ranks = json_decode( $ranks );
1065
 
@@ -1083,9 +1224,10 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
1083
  //Export Setup
1084
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'setup' && ( isset( $_POST['template'] ) && $_POST['template'] == 'raw' ) )
1085
  {
1086
- $setup_types = mycred_sanitize_array( $_POST['setup_types'] );
1087
 
1088
- $template = sanitize_text_field( $_POST['template'] );
 
 
1089
 
1090
  return $this->export_csv( 'setup', $template, '', '', $setup_types );
1091
  }
@@ -1094,7 +1236,8 @@ class myCRED_Tools_Import_Export extends myCRED_Setup_Import_Export
1094
  //Import Setup
1095
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'setup' && $_POST['request'] == 'import' )
1096
  {
1097
- $file_path = sanitize_text_field( $_FILES['_file']['tmp_name'] );
 
1098
 
1099
  $this->import_setup_json( $file_path );
1100
  }
18
  $ranks = get_mycred_tools_page_url( 'ranks' );
19
  $setup = get_mycred_tools_page_url( 'setup' );
20
 
21
+ $page = isset( $_GET['mycred-tools'] ) ? sanitize_text_field( wp_unslash( $_GET['mycred-tools'] ) ) : '';
22
 
23
  $heading = $_GET['mycred-tools'] == 'setup' ? __( 'Export','mycred' ) : __( 'Import','mycred' );
24
 
25
+ echo '<h1>' . esc_html( $heading ) . '</h1>';
26
  ?>
27
 
28
  <div class="subsubsub">
29
+ <a href="<?php echo esc_url( $points ); ?>" class="<?php echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'points' ) ? 'current' : ''; ?>"><?php esc_html_e( 'Points','mycred' ); ?></a>
30
  <?php
31
  if( class_exists( 'myCRED_Badge' ) )
32
  {
33
  $current = ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'badges' ) ? 'current' : '';
34
+ echo '| <a href="' . esc_url( $badges ) . '" class="' . esc_attr( $current ) . '"> Badges</a>';
35
  }
36
 
37
  if( class_exists( 'myCRED_Ranks_Module' ) )
38
  {
39
  $current = ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'ranks' ) ? 'current' : '';
40
+ echo '| <a href="' . esc_url( $ranks ) . '" class="' . esc_attr( $current ) . '">Ranks</a>';
41
  }
42
  ?>
43
 
44
+ | <a href="<?php echo esc_url( $setup ); ?>" class="<?php echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'setup' ) ? 'current' : ''; ?>"><?php esc_html_e( 'Setup','mycred' ); ?></a>
45
 
46
+ <input type="hidden" class="request-tab" value="<?php echo esc_attr( sanitize_text_field( wp_unslash( $_GET['mycred-tools'] ) ) ); ?>" />
47
  </div>
48
  <br class="clear">
49
  <?php
50
 
51
+ $this->get_body( $page );
52
  }
53
 
54
  public function get_body( $page )
141
 
142
  <div class="mycred-container">
143
  <label><?php esc_html_e( 'Select Point Types','mycred' ); ?></label>
144
+ <?php
145
+ echo wp_kses(
146
+ mycred_create_select2( $pt_options, $pr_attr ),
147
+ array(
148
+ 'select' => array(
149
+ 'id' => array(),
150
+ 'style' => array(),
151
+ 'multiple' => array()
152
+ ),
153
+ 'option' => array(
154
+ 'value' => array(),
155
+ 'selected' => array()
156
+ ),
157
+ )
158
+ );
159
+ ?>
160
  </div>
161
 
162
  <div class="mycred-container">
163
+ <label><?php esc_html_e( 'User Field in Exported File', 'mycred' );?></label>
164
+ <?php echo wp_kses(
165
+ mycred_create_select2( $uf_options, $uf_attr ),
166
+ array(
167
+ 'select' => array(
168
+ 'id' => array(),
169
+ 'style' => array()
170
+ ),
171
+ 'option' => array(
172
+ 'value' => array(),
173
+ 'selected' => array()
174
+ ),
175
+ )
176
+ );
177
+ ?>
178
  </div>
179
 
180
  <div class="mycred-container">
243
  <td>
244
  <form method="post" enctype="multipart/form-data">
245
  <input type="file" id="import-file" name="file" accept=".csv" />
246
+ <?php echo wp_kses(
247
+ mycred_create_select2( $type_options, $type_attr ),
248
+ array(
249
+ 'select' => array(
250
+ 'id' => array(),
251
+ 'style' => array()
252
+ ),
253
+ 'option' => array(
254
+ 'value' => array(),
255
+ 'selected' => array()
256
+ ),
257
+ )
258
+ );
259
+ ?>
260
  <button class="button button-primary", id="import">
261
  <span class="dashicons dashicons-database-import v-align-middle"></span> <?php esc_html_e( 'Import User Badges','mycred' ); ?>
262
  </button>
296
 
297
  <div class="mycred-container">
298
  <label><?php esc_html_e( 'Select Badges','mycred' ); ?></label>
299
+ <?php echo wp_kses(
300
+ mycred_create_select2( $badges_options, $badges_attr ),
301
+ array(
302
+ 'select' => array(
303
+ 'id' => array(),
304
+ 'style' => array(),
305
+ 'multiple' => array()
306
+ ),
307
+ 'option' => array(
308
+ 'value' => array(),
309
+ 'selected' => array()
310
+ ),
311
+ )
312
+ );
313
+ ?>
314
  </div>
315
 
316
  <div class="mycred-container">
317
  <label><?php esc_html_e( 'User Field in Exported File', 'mycred' ); ?></label>
318
+ <?php echo wp_kses(
319
+ mycred_create_select2( $uf_options, $uf_attr ),
320
+ array(
321
+ 'select' => array(
322
+ 'id' => array(),
323
+ 'style' => array()
324
+ ),
325
+ 'option' => array(
326
+ 'value' => array(),
327
+ 'selected' => array()
328
+ ),
329
+ )
330
+ );
331
+ ?>
332
  </div>
333
 
334
  <div class="mycred-container">
335
  <label><?php esc_html_e( 'Badge Fields in Exported File', 'mycred' ); ?></label>
336
+ <?php echo wp_kses(
337
+ mycred_create_select2( $badges_fields_options, $badges_fields_attr ),
338
+ array(
339
+ 'select' => array(
340
+ 'id' => array(),
341
+ 'style' => array()
342
+ ),
343
+ 'option' => array(
344
+ 'value' => array(),
345
+ 'selected' => array()
346
+ ),
347
+ )
348
+ );
349
+ ?>
350
  </div>
351
 
352
  <div class="mycred-container">
416
  <td>
417
  <form method="post" enctype="multipart/form-data">
418
  <input type="file" id="import-file" name="file" accept=".csv" />
419
+ <?php echo wp_kses(
420
+ mycred_create_select2( $type_options, $type_attr ),
421
+ array(
422
+ 'select' => array(
423
+ 'id' => array(),
424
+ 'style' => array()
425
+ ),
426
+ 'option' => array(
427
+ 'value' => array(),
428
+ 'selected' => array()
429
+ ),
430
+ )
431
+ );
432
+ ?>
433
  <button class="button button-primary", id="import">
434
  <span class="dashicons dashicons-database-import v-align-middle"></span> <?php esc_html_e( 'Import User Ranks','mycred' ); ?>
435
  </button>
469
 
470
  <div class="mycred-container">
471
  <label><?php esc_html_e( 'Select Ranks','mycred' ); ?></label>
472
+ <?php echo wp_kses(
473
+ mycred_create_select2( $ranks_options, $ranks_attr ),
474
+ array(
475
+ 'select' => array(
476
+ 'id' => array(),
477
+ 'style' => array(),
478
+ 'multiple' => array()
479
+ ),
480
+ 'option' => array(
481
+ 'value' => array(),
482
+ 'selected' => array()
483
+ ),
484
+ )
485
+ );
486
+ ?>
487
  </div>
488
 
489
  <div class="mycred-container">
490
  <label><?php esc_html_e( 'User Field in Exported File', 'mycred' ); ?></label>
491
+ <?php echo wp_kses(
492
+ mycred_create_select2( $uf_options, $uf_attr ),
493
+ array(
494
+ 'select' => array(
495
+ 'id' => array(),
496
+ 'style' => array()
497
+ ),
498
+ 'option' => array(
499
+ 'value' => array(),
500
+ 'selected' => array()
501
+ ),
502
+ )
503
+ );
504
+ ?>
505
  </div>
506
 
507
  <div class="mycred-container">
508
  <label><?php esc_html_e( 'Rank Fields in Exported File', 'mycred' ); ?></label>
509
+ <?php echo wp_kses(
510
+ mycred_create_select2( $ranks_fields_options, $ranks_fields_attr ),
511
+ array(
512
+ 'select' => array(
513
+ 'id' => array(),
514
+ 'style' => array()
515
+ ),
516
+ 'option' => array(
517
+ 'value' => array(),
518
+ 'selected' => array()
519
+ ),
520
+ )
521
+ );
522
+ ?>
523
  </div>
524
 
525
  <div class="mycred-container">
1094
  if( isset( $_POST['action'] ) && $_POST['action'] == 'mycred-tools-import-export' )
1095
  {
1096
  //Export Raw points
1097
+ if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'points' && isset( $_POST['request'] ) && $_POST['request'] == 'export' )
1098
  {
1099
+
1100
+ $point_types = isset( $_POST['types'] ) ? sanitize_text_field( wp_unslash( $_POST['types'] ) ) : json_encode( array( MYCRED_DEFAULT_TYPE_KEY ) );
1101
  $point_types = json_decode( $point_types );
1102
 
1103
  $point_types = mycred_sanitize_array( $point_types );
1104
 
1105
+ $user_field = isset( $_POST['user_field'] ) ? sanitize_text_field( wp_unslash( $_POST['user_field'] ) ) : 'id';
1106
+ $template = isset( $_POST['template'] ) ? sanitize_text_field( wp_unslash( $_POST['template'] ) ) : 'raw';
1107
 
1108
+ return $this->export_csv( 'points', $template, $user_field, $point_types );
1109
 
1110
  die;
1111
  }
1113
  //Import Points
1114
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'points' && $_POST['request'] == 'import' && isset( $_FILES ) )
1115
  {
1116
+
1117
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1118
+ $file_path = isset( $_FILES['_file']['tmp_name'] ) ? sanitize_text_field( $_FILES['_file']['tmp_name'] ) : '';
1119
 
1120
  $this->import_csv( $file_path, 'points' );
1121
  }
1138
 
1139
  //Badges
1140
  //Export Raw Badges
1141
+ if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'badges' && isset( $_POST['request'] ) && $_POST['request'] == 'export' )
1142
  {
1143
+ $template = isset( $_POST['template'] ) ? sanitize_text_field( wp_unslash( $_POST['template'] ) ) : 'raw';
1144
 
1145
+ $user_field = isset( $_POST['user_field'] ) ? sanitize_text_field( wp_unslash( $_POST['user_field'] ) ) : 'id';
1146
 
1147
+ $post_field = isset( $_POST['post_field'] ) ? sanitize_text_field( wp_unslash( $_POST['post_field'] ) ) : 'id';
1148
 
1149
+ $badges = isset( $_POST['types'] ) ? sanitize_text_field( wp_unslash( $_POST['types'] ) ) : json_encode( array() );
1150
 
1151
  $badges = json_decode( $badges );
1152
 
1153
  $badges = mycred_sanitize_array( $badges );
1154
 
1155
+ return $this->export_csv( 'badges', $template, $user_field, $badges, $post_field );
1156
 
1157
  die;
1158
  }
1160
  //Import Badges
1161
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'badges' && $_POST['request'] == 'import' && isset( $_FILES ) )
1162
  {
 
1163
 
1164
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1165
+ $file_path = isset( $_FILES['_file']['tmp_name'] ) ? sanitize_text_field( $_FILES['_file']['tmp_name'] ) : '';
1166
+
1167
+ $import_format_type = isset( $_POST['import_format_type'] ) ? sanitize_text_field( wp_unslash( $_POST['import_format_type'] ) ) : 'id';
1168
 
1169
  $this->import_csv( $file_path, 'badges', $import_format_type );
1170
  }
1182
  //Import Ranks
1183
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'ranks' && $_POST['request'] == 'import' && isset( $_FILES ) )
1184
  {
1185
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1186
+ $file_path = isset( $_FILES['_file']['tmp_name'] ) ? sanitize_text_field( $_FILES['_file']['tmp_name'] ) : '';
1187
 
1188
+ $import_format_type = isset( $_POST['import_format_type'] ) ? sanitize_text_field( wp_unslash( $_POST['import_format_type'] ) ) : 'id';
1189
 
1190
  $this->import_csv( $file_path, 'ranks', $import_format_type );
1191
  }
1193
  //Export Raw Ranks
1194
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'ranks' && $_POST['request'] == 'export' )
1195
  {
 
1196
 
1197
+ $template = isset( $_POST['template'] ) ? sanitize_text_field( wp_unslash( $_POST['template'] ) ) : 'raw';
1198
+
1199
+ $user_field = isset( $_POST['user_field'] ) ? sanitize_text_field( wp_unslash( $_POST['user_field'] ) ) : 'id';
1200
 
1201
+ $post_field = isset( $_POST['post_field'] ) ? sanitize_text_field( wp_unslash( $_POST['post_field'] ) ) : 'id';
1202
 
1203
+ $ranks = isset( $_POST['types'] ) ? sanitize_text_field( wp_unslash( $_POST['types'] ) ) : json_encode( array() );
1204
 
1205
  $ranks = json_decode( $ranks );
1206
 
1224
  //Export Setup
1225
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'setup' && ( isset( $_POST['template'] ) && $_POST['template'] == 'raw' ) )
1226
  {
 
1227
 
1228
+ $setup_types = isset( $_POST['setup_types'] ) ? mycred_sanitize_array( wp_unslash( $_POST['setup_types'] ) ) : array();
1229
+
1230
+ $template = isset( $_POST['template'] ) ? sanitize_text_field( wp_unslash( $_POST['template'] ) ) : 'raw';
1231
 
1232
  return $this->export_csv( 'setup', $template, '', '', $setup_types );
1233
  }
1236
  //Import Setup
1237
  if( isset( $_POST['request_tab'] ) && $_POST['request_tab'] == 'setup' && $_POST['request'] == 'import' )
1238
  {
1239
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1240
+ $file_path = isset( $_FILES['_file']['tmp_name'] ) ? sanitize_text_field( $_FILES['_file']['tmp_name'] ) : '';
1241
 
1242
  $this->import_setup_json( $file_path );
1243
  }
includes/mycred-tools-setup-import-export.php CHANGED
@@ -13,155 +13,127 @@ class myCRED_Setup_Import_Export
13
  {
14
  $this->mycred_tools_import_export = new myCRED_Tools_Import_Export();
15
  ?>
16
- <input type="hidden" class="request-tab" value="<?php if( isset( $_GET['mycred-tools'] ) ) echo $_GET['mycred-tools'] ?>" />
17
  <form action="" enctype="multipart/form-data" class="mycred-tools-setup">
18
  <h3><?php esc_html_e( 'Setup', 'mycred' ); ?></h3>
19
  <?php
20
- if( !empty( $this->mycred_tools_import_export->core_point_types ) )
21
- {
22
- ?>
23
-
24
  <div>
25
  <div>
26
- <label class='mycred-switch1'>
27
- <input type='checkbox' value='all-points' name='all_points' id='all-points'>
28
- <span class='slider round'></span>
29
  </label>
30
  <label for="all-points"><b>All Point Types</b></label>
31
  </div>
32
-
33
- <?php
34
- foreach( $this->mycred_tools_import_export->core_point_types as $key => $value )
35
- {
36
- echo "
37
  <ol>
38
  <li>
39
- <label class='mycred-switch1'>
40
- <input type='checkbox' value='{$key}' name='point_type' id='{$key}-point'>
41
- <span class='slider round'></span>
42
  </label>
43
- <label for='{$key}-point'><b>{$value}</b></labal>
44
  </li>
45
  <ol>
46
  <li>
47
- <label class='mycred-switch1'>
48
- <input type='checkbox' value='{$key}' name='hooks' id='{$key}-hooks'>
49
- <span class='slider round'></span>
50
  </label>
51
- <label for='{$key}-hooks'>Hooks</labal>
52
  </li>
53
  <li>
54
- <label class='mycred-switch1'>
55
- <input type='checkbox' value='{$key}' name='ranks' id='{$key}-ranks'>
56
- <span class='slider round'></span>
57
  </label>
58
- <label for='{$key}-ranks'>Ranks</labal>
59
  </li>
60
  </ol>
61
  </ol>
62
- ";
63
- }
64
- }
65
- ?>
66
- </div>
67
- <ul>
68
- <?php
69
-
70
- if( !empty( $this->mycred_tools_import_export->get_badge_categories() ) )
71
- {
72
- echo "
73
  <li>
74
- <label class='mycred-switch1'>
75
- <input type='checkbox' value='all-achievements' name='all_achievements' id='all-achievements'>
76
- <span class='slider round'></span>
77
  </label>
78
- <label for='all-achievements'><b>All Achievement Types</b></label>
79
  </li>
80
- ";
81
- echo "<ol>";
82
- foreach( $this->mycred_tools_import_export->get_badge_categories() as $category )
83
- {
84
- echo
85
- "<li>
86
- <label class='mycred-switch1'>
87
- <input type='checkbox' value='{$category->cat_ID}' name='achievements' id='cate-{$category->cat_ID}'>
88
- <span class='slider round'></span>
89
- </label>
90
- <label for='cate-{$category->cat_ID}'><b>{$category->name}</b></label>
91
- </li>";
92
 
93
  $badges = mycred_get_badges_by_term_id( $category->cat_ID );
94
 
95
- foreach( $badges as $badge )
96
- {
97
- echo
98
- "<ol>
99
- <li>
100
- <label class='mycred-switch1'>
101
- <input type='checkbox' value='{$badge->ID}' name='badge_{$category->cat_ID}' id='badge-{$badge->ID}-{$category->cat_ID}'>
102
- <span class='slider round'></span>
103
- </label>
104
- <label for='badge-{$badge->ID}-{$category->cat_ID}'><b>{$badge->post_title}</b></label>
105
- </li>
106
- <li>
107
- <label class='mycred-switch1'>
108
- <input type='checkbox' value='{$badge->ID}' name='levels_{$category->cat_ID}' id='level-{$badge->ID}-{$category->cat_ID}'>
109
- <span class='slider round'></span>
110
- </label>
111
- <label for='level-{$badge->ID}-{$category->cat_ID}'>Levels</label>
112
- </li>
113
- </ol>";
114
- }
115
- }
116
- echo "</ol>";
117
- }
118
-
119
- ?>
120
- </ul>
121
- <ul>
122
-
123
- <?php
124
-
125
- $un_cat_badges = $this->mycred_tools_import_export->get_uncat_badge_ids();
126
-
127
- if( !empty( $un_cat_badges ) )
128
- {
129
- echo "
130
- <li>
131
- <label class='mycred-switch1'>
132
- <input type='checkbox' value='uncat-achievements' name='uncat_achievements' id='uncat-achievements'>
133
- <span class='slider round'></span>
134
- </label>
135
- <label for='uncat-achievements'><b>Uncategorized Achievements</b></label>
136
- </li>
137
- ";
138
- foreach( $un_cat_badges as $data )
139
- {
140
- $id = $data['ID'];
141
- $title = get_the_title( $id );
142
- echo
143
- "<ol>
144
  <li>
145
- <label class='mycred-switch1'>
146
- <input type='checkbox' value='{$id}' name='badge' id='uncat-badge-{$id}'>
147
- <span class='slider round'></span>
148
  </label>
149
- <label for='uncat-badge-{$id}'><b>{$title}</b></label>
150
  </li>
151
  <li>
152
- <label class='mycred-switch1'>
153
- <input type='checkbox' value='{$id}' name='levels' id='uncat-level-{$id}'>
154
- <span class='slider round'></span>
155
  </label>
156
- <label for='uncat-level-{$id}'>Levels</label>
157
  </li>
158
- </ol>";
159
- }
160
- }
 
 
 
161
 
162
-
163
- ?>
164
- </ul>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
165
 
166
  <button class="button button-primary" id="export-raw">
167
  <span class="dashicons dashicons-database-export v-align-middle"></span> <?php esc_html_e( 'Export Setup', 'mycred' ); ?>
13
  {
14
  $this->mycred_tools_import_export = new myCRED_Tools_Import_Export();
15
  ?>
16
+ <input type="hidden" class="request-tab" value="<?php if( isset( $_GET['mycred-tools'] ) ) echo sanitize_key( $_GET['mycred-tools'] );?>" />
17
  <form action="" enctype="multipart/form-data" class="mycred-tools-setup">
18
  <h3><?php esc_html_e( 'Setup', 'mycred' ); ?></h3>
19
  <?php
20
+ if( ! empty( $this->mycred_tools_import_export->core_point_types ) ) :?>
 
 
 
21
  <div>
22
  <div>
23
+ <label class="mycred-switch1">
24
+ <input type="checkbox" value="all-points" name="all_points" id="all-points">
25
+ <span class="slider round"></span>
26
  </label>
27
  <label for="all-points"><b>All Point Types</b></label>
28
  </div>
29
+ <?php foreach( $this->mycred_tools_import_export->core_point_types as $key => $value ):?>
 
 
 
 
30
  <ol>
31
  <li>
32
+ <label class="mycred-switch1">
33
+ <input type="checkbox" value="<?php echo esc_attr( $key );?>" name="point_type" id="<?php echo esc_attr( $key );?>-point">
34
+ <span class="slider round"></span>
35
  </label>
36
+ <label for="<?php echo esc_attr( $key );?>-point"><b><?php echo esc_html( $value );?></b></labal>
37
  </li>
38
  <ol>
39
  <li>
40
+ <label class="mycred-switch1">
41
+ <input type="checkbox" value="<?php echo esc_attr( $key );?>" name="hooks" id="<?php echo esc_attr( $key );?>-hooks">
42
+ <span class="slider round"></span>
43
  </label>
44
+ <label for="<?php echo esc_attr( $key );?>-hooks">Hooks</labal>
45
  </li>
46
  <li>
47
+ <label class="mycred-switch1">
48
+ <input type="checkbox" value="<?php echo esc_attr( $key );?>" name="ranks" id="<?php echo esc_attr( $key );?>-ranks">
49
+ <span class="slider round"></span>
50
  </label>
51
+ <label for="<?php echo esc_attr( $key );?>-ranks">Ranks</labal>
52
  </li>
53
  </ol>
54
  </ol>
55
+ <?php endforeach;?>
56
+ </div>
57
+ <?php endif;?>
58
+
59
+ <?php if( !empty( $this->mycred_tools_import_export->get_badge_categories() ) ):?>
60
+ <ul>
 
 
 
 
 
61
  <li>
62
+ <label class="mycred-switch1">
63
+ <input type="checkbox" value="all-achievements" name="all_achievements" id="all-achievements">
64
+ <span class="slider round"></span>
65
  </label>
66
+ <label for="all-achievements"><b>All Achievement Types</b></label>
67
  </li>
68
+ <ol>
69
+ <?php foreach( $this->mycred_tools_import_export->get_badge_categories() as $category ):?>
70
+ <li>
71
+ <label class="mycred-switch1">
72
+ <input type="checkbox" value="<?php echo esc_attr( $category->cat_ID );?>" name="achievements" id="cate-<?php echo esc_attr( $category->cat_ID );?>">
73
+ <span class="slider round"></span>
74
+ </label>
75
+ <label for="cate-<?php echo esc_attr( $category->cat_ID );?>"><b><?php echo esc_html( $category->name );?></b></label>
76
+ </li>
77
+ <?php
 
 
78
 
79
  $badges = mycred_get_badges_by_term_id( $category->cat_ID );
80
 
81
+ foreach( $badges as $badge ):?>
82
+ <ol>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
83
  <li>
84
+ <label class="mycred-switch1">
85
+ <input type="checkbox" value="<?php echo esc_attr( $badge->ID );?>" name="badge_<?php echo esc_attr( $category->cat_ID );?>" id="badge-<?php echo esc_attr( $badge->ID );?>-<?php echo esc_attr( $category->cat_ID );?>">
86
+ <span class="slider round"></span>
87
  </label>
88
+ <label for="badge-<?php echo esc_attr( $badge->ID );?>-<?php echo esc_attr( $category->cat_ID );?>"><b><?php echo esc_html( $badge->post_title );?></b></label>
89
  </li>
90
  <li>
91
+ <label class="mycred-switch1">
92
+ <input type="checkbox" value="<?php echo esc_attr( $badge->ID );?>" name="levels_<?php echo esc_attr( $category->cat_ID );?>" id="level-<?php echo esc_attr( $badge->ID );?>-<?php echo esc_attr( $category->cat_ID );?>">
93
+ <span class="slider round"></span>
94
  </label>
95
+ <label for="level-<?php echo esc_attr( $badge->ID );?>-<?php echo esc_attr( $category->cat_ID );?>">Levels</label>
96
  </li>
97
+ </ol>
98
+ <?php endforeach;?>
99
+ <?php endforeach;?>
100
+ </ol>
101
+ </ul>
102
+ <?php endif;?>
103
 
104
+ <?php
105
+
106
+ $un_cat_badges = $this->mycred_tools_import_export->get_uncat_badge_ids();
107
+
108
+ if ( ! empty( $un_cat_badges ) ):?>
109
+ <ul>
110
+ <li>
111
+ <label class="mycred-switch1">
112
+ <input type="checkbox" value="uncat-achievements" name="uncat_achievements" id="uncat-achievements">
113
+ <span class="slider round"></span>
114
+ </label>
115
+ <label for="uncat-achievements"><b>Uncategorized Achievements</b></label>
116
+ </li>
117
+ <?php foreach( $un_cat_badges as $data ):?>
118
+ <ol>
119
+ <li>
120
+ <label class="mycred-switch1">
121
+ <input type="checkbox" value="<?php echo esc_attr( $data['ID'] ); ?>" name="badge" id="uncat-badge-<?php echo esc_attr( $data['ID'] ); ?>">
122
+ <span class="slider round"></span>
123
+ </label>
124
+ <label for="uncat-badge-<?php echo esc_attr( $data['ID'] ); ?>"><b><?php echo esc_html( get_the_title( $data['ID'] ) ); ?></b></label>
125
+ </li>
126
+ <li>
127
+ <label class="mycred-switch1">
128
+ <input type="checkbox" value="<?php echo esc_attr( $data['ID'] ); ?>" name="levels" id="uncat-level-<?php echo esc_attr( $data['ID'] ); ?>">
129
+ <span class="slider round"></span>
130
+ </label>
131
+ <label for="uncat-level-<?php echo esc_attr( $data['ID'] ); ?>">Levels</label>
132
+ </li>
133
+ </ol>
134
+ <?php endforeach;?>
135
+ </ul>
136
+ <?php endif;?>
137
 
138
  <button class="button button-primary" id="export-raw">
139
  <span class="dashicons dashicons-database-export v-align-middle"></span> <?php esc_html_e( 'Export Setup', 'mycred' ); ?>
includes/mycred-tools.php CHANGED
@@ -110,8 +110,8 @@ class myCRED_Tools {
110
  <div class="clear"></div>
111
  <div class="mycred-tools-main-nav">
112
  <h2 class="nav-tab-wrapper">
113
- <a href="<?php echo admin_url('admin.php?page=mycred-tools') ?>" class="nav-tab <?php echo !isset( $_GET['mycred-tools'] ) ? 'nav-tab-active' : ''; ?>">Bulk Assign</a>
114
- <a href="<?php echo $import_export ?>" class="nav-tab <?php echo ( isset( $_GET['mycred-tools'] ) && in_array( $_GET['mycred-tools'], $pages ) ) ? 'nav-tab-active' : ''; ?>">Import/Export</a>
115
  <!-- <a href="<?php //echo $logs_cleanup ?>" class="nav-tab <?php //echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'logs-cleanup' ) ? 'nav-tab-active' : ''; ?>">Logs Cleanup</a>
116
  <a href="<?php //echo $reset_data ?>" class="nav-tab <?php //echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'reset-data' ) ? 'nav-tab-active' : ''; ?>">Reset Data</a> -->
117
  </h2>
@@ -209,7 +209,7 @@ class myCRED_Tools {
209
 
210
  if( isset( $_REQUEST['selected_type'] ) ) {
211
 
212
- $selected_type = sanitize_text_field( $_REQUEST['selected_type'] );
213
 
214
  switch ( $selected_type ) {
215
  case 'points':
@@ -241,7 +241,7 @@ class myCRED_Tools {
241
 
242
  }
243
 
244
- $point_type = sanitize_text_field( $_REQUEST['point_type'] );
245
  $current_user_id = get_current_user_id();
246
  $mycred = mycred( $point_type );
247
 
@@ -259,9 +259,9 @@ class myCRED_Tools {
259
 
260
  }
261
 
262
- $points_to_award = sanitize_text_field( $_REQUEST['points_to_award'] );
263
 
264
- $log_entry = isset( $_REQUEST['log_entry'] ) ? ( sanitize_text_field( $_REQUEST['log_entry'] ) == 'true' ? true : false ) : false;
265
 
266
  $users_to_award = $this->get_requested_users();
267
 
@@ -274,7 +274,7 @@ class myCRED_Tools {
274
  //Entries with log
275
  if( $log_entry ) {
276
 
277
- $log_entry_text = isset( $_REQUEST['log_entry_text'] ) ? sanitize_text_field( $_REQUEST['log_entry_text'] ) : '';
278
 
279
  if( empty( $log_entry_text ) ) {
280
 
@@ -358,9 +358,9 @@ class myCRED_Tools {
358
  }
359
 
360
  if ( $is_revoke )
361
- $selected_badges = isset( $_REQUEST['badges_to_revoke'] ) ? sanitize_text_field( $_REQUEST['badges_to_revoke'] ) : '';
362
  else
363
- $selected_badges = isset( $_REQUEST['badges_to_award'] ) ? sanitize_text_field( $_REQUEST['badges_to_award'] ) : '';
364
 
365
  $selected_badges = json_decode( stripslashes( $selected_badges ) );
366
 
@@ -407,7 +407,7 @@ class myCRED_Tools {
407
 
408
  if ( isset( $_REQUEST['award_to_all_users'] ) ) {
409
 
410
- $award_to_all_users = sanitize_text_field( $_REQUEST['award_to_all_users'] ) == 'true' ? true : false;
411
 
412
  if ( $award_to_all_users ) {
413
 
@@ -422,8 +422,8 @@ class myCRED_Tools {
422
  }
423
  else {
424
 
425
- $selected_users = isset( $_REQUEST['users'] ) ? sanitize_text_field( $_REQUEST['users'] ) : '[]';
426
- $selected_user_roles = isset( $_REQUEST['user_roles'] ) ? sanitize_text_field( $_REQUEST['user_roles'] ) : '[]';
427
 
428
  $selected_users = json_decode( stripslashes( $selected_users ) );
429
  $selected_user_roles = json_decode( stripslashes( $selected_user_roles ) );
@@ -469,7 +469,7 @@ class myCRED_Tools {
469
 
470
  if( isset( $_GET['action'] ) && $_GET['action'] == 'mycred-tools-select-user' )
471
  {
472
- $search = sanitize_text_field( $_GET['search'] );
473
 
474
  $results = mycred_get_users_by_name_email( $search, 'user_email' );
475
 
110
  <div class="clear"></div>
111
  <div class="mycred-tools-main-nav">
112
  <h2 class="nav-tab-wrapper">
113
+ <a href="<?php echo esc_url( admin_url('admin.php?page=mycred-tools') ) ?>" class="nav-tab <?php echo !isset( $_GET['mycred-tools'] ) ? 'nav-tab-active' : ''; ?>">Bulk Assign</a>
114
+ <a href="<?php echo esc_url( $import_export ) ?>" class="nav-tab <?php echo ( isset( $_GET['mycred-tools'] ) && in_array( $_GET['mycred-tools'], $pages ) ) ? 'nav-tab-active' : ''; ?>">Import/Export</a>
115
  <!-- <a href="<?php //echo $logs_cleanup ?>" class="nav-tab <?php //echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'logs-cleanup' ) ? 'nav-tab-active' : ''; ?>">Logs Cleanup</a>
116
  <a href="<?php //echo $reset_data ?>" class="nav-tab <?php //echo ( isset( $_GET['mycred-tools'] ) && $_GET['mycred-tools'] == 'reset-data' ) ? 'nav-tab-active' : ''; ?>">Reset Data</a> -->
117
  </h2>
209
 
210
  if( isset( $_REQUEST['selected_type'] ) ) {
211
 
212
+ $selected_type = sanitize_key( $_REQUEST['selected_type'] );
213
 
214
  switch ( $selected_type ) {
215
  case 'points':
241
 
242
  }
243
 
244
+ $point_type = sanitize_key( $_REQUEST['point_type'] );
245
  $current_user_id = get_current_user_id();
246
  $mycred = mycred( $point_type );
247
 
259
 
260
  }
261
 
262
+ $points_to_award = sanitize_text_field( wp_unslash( $_REQUEST['points_to_award'] ) );
263
 
264
+ $log_entry = isset( $_REQUEST['log_entry'] ) ? ( sanitize_key( $_REQUEST['log_entry'] ) == 'true' ? true : false ) : false;
265
 
266
  $users_to_award = $this->get_requested_users();
267
 
274
  //Entries with log
275
  if( $log_entry ) {
276
 
277
+ $log_entry_text = isset( $_REQUEST['log_entry_text'] ) ? sanitize_key( $_REQUEST['log_entry_text'] ) : '';
278
 
279
  if( empty( $log_entry_text ) ) {
280
 
358
  }
359
 
360
  if ( $is_revoke )
361
+ $selected_badges = isset( $_REQUEST['badges_to_revoke'] ) ? sanitize_key( $_REQUEST['badges_to_revoke'] ) : '';
362
  else
363
+ $selected_badges = isset( $_REQUEST['badges_to_award'] ) ? sanitize_key( $_REQUEST['badges_to_award'] ) : '';
364
 
365
  $selected_badges = json_decode( stripslashes( $selected_badges ) );
366
 
407
 
408
  if ( isset( $_REQUEST['award_to_all_users'] ) ) {
409
 
410
+ $award_to_all_users = sanitize_key( $_REQUEST['award_to_all_users'] ) == 'true' ? true : false;
411
 
412
  if ( $award_to_all_users ) {
413
 
422
  }
423
  else {
424
 
425
+ $selected_users = isset( $_REQUEST['users'] ) ? sanitize_key( $_REQUEST['users'] ) : '[]';
426
+ $selected_user_roles = isset( $_REQUEST['user_roles'] ) ? sanitize_key( $_REQUEST['user_roles'] ) : '[]';
427
 
428
  $selected_users = json_decode( stripslashes( $selected_users ) );
429
  $selected_user_roles = json_decode( stripslashes( $selected_user_roles ) );
469
 
470
  if( isset( $_GET['action'] ) && $_GET['action'] == 'mycred-tools-select-user' )
471
  {
472
+ $search = isset($_GET['search'] ) ? sanitize_key( $_GET['search'] ) : '';
473
 
474
  $results = mycred_get_users_by_name_email( $search, 'user_email' );
475
 
includes/mycred-walkthrough.php CHANGED
@@ -35,7 +35,7 @@ if ( ! class_exists( 'myCRED_walkthroug' ) ) :
35
  wp_register_script( 'mycred-tourguide-script', plugins_url( 'assets/js/tourguide.min.js',myCRED_THIS ), array( 'jquery' ), myCRED_VERSION , true );
36
 
37
 
38
- $step = intval($_GET['mycred_tour_guide']);
39
 
40
  $redirect_url = '';
41
 
35
  wp_register_script( 'mycred-tourguide-script', plugins_url( 'assets/js/tourguide.min.js',myCRED_THIS ), array( 'jquery' ), myCRED_VERSION , true );
36
 
37
 
38
+ $step = isset( $_GET['mycred_tour_guide'] ) ? intval($_GET['mycred_tour_guide']) : '';
39
 
40
  $redirect_url = '';
41
 
modules/mycred-module-export.php CHANGED
@@ -186,7 +186,7 @@ if ( ! class_exists( 'myCRED_Export_Module' ) ) :
186
  // First get a clean list of ids to delete
187
  $export = new myCRED_Query_Export( $args );
188
 
189
- $export->get_data_by_ids( $_GET['entry'] );
190
  $export->set_export_file_name( $file_name );
191
 
192
  $export->do_export();
186
  // First get a clean list of ids to delete
187
  $export = new myCRED_Query_Export( $args );
188
 
189
+ $export->get_data_by_ids( array_map( 'absint', wp_unslash( $_GET['entry'] ) ) );
190
  $export->set_export_file_name( $file_name );
191
 
192
  $export->do_export();
modules/mycred-module-hooks.php CHANGED
@@ -515,6 +515,7 @@ jQuery(function($) {
515
  $installed = $this->get();
516
 
517
  if ( ! empty( $_POST['sidebars'] ) ) {
 
518
  foreach ( $_POST['sidebars'] as $sidebar_id => $hooks ) {
519
 
520
  $hooks = explode( ',', $hooks );
@@ -601,10 +602,10 @@ jQuery(function($) {
601
 
602
  // Get hook settings
603
  if ( $ctype == MYCRED_DEFAULT_TYPE_KEY && array_key_exists( $hook_id, $_POST[$mycred_pref_hooks_save]['hook_prefs'] ) ) {
604
- $hook_prefs = $_POST[$mycred_pref_hooks_save]['hook_prefs'][ $hook_id ];
605
  }
606
  elseif ( $ctype != MYCRED_DEFAULT_TYPE_KEY && array_key_exists( $hook_id, $_POST[ $mycred_pref_hooks_save.'_' . $ctype ]['hook_prefs'] ) ) {
607
- $hook_prefs = $_POST[ $mycred_pref_hooks_save.'_' . $ctype ]['hook_prefs'][ $hook_id ];
608
  $mycred_pref_hooks_save = $mycred_pref_hooks_save . '_' . $ctype;
609
  }
610
 
515
  $installed = $this->get();
516
 
517
  if ( ! empty( $_POST['sidebars'] ) ) {
518
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
519
  foreach ( $_POST['sidebars'] as $sidebar_id => $hooks ) {
520
 
521
  $hooks = explode( ',', $hooks );
602
 
603
  // Get hook settings
604
  if ( $ctype == MYCRED_DEFAULT_TYPE_KEY && array_key_exists( $hook_id, $_POST[$mycred_pref_hooks_save]['hook_prefs'] ) ) {
605
+ $hook_prefs = mycred_sanitize_array( wp_unslash( $_POST[$mycred_pref_hooks_save]['hook_prefs'][ $hook_id ] ) );
606
  }
607
  elseif ( $ctype != MYCRED_DEFAULT_TYPE_KEY && array_key_exists( $hook_id, $_POST[ $mycred_pref_hooks_save.'_' . $ctype ]['hook_prefs'] ) ) {
608
+ $hook_prefs = mycred_sanitize_array( wp_unslash( $_POST[ $mycred_pref_hooks_save.'_' . $ctype ]['hook_prefs'][ $hook_id ] ) );
609
  $mycred_pref_hooks_save = $mycred_pref_hooks_save . '_' . $ctype;
610
  }
611
 
modules/mycred-module-log.php CHANGED
@@ -286,8 +286,11 @@ if ( ! class_exists( 'myCRED_Log_Module' ) ) :
286
  $screen = isset( $_POST['screen'] ) ? sanitize_key( $_POST['screen'] ) : '';
287
 
288
  // Parse form submission
 
289
  parse_str( $_POST['form'], $post );
290
 
 
 
291
  // Apply defaults
292
  $request = shortcode_atts( apply_filters( 'mycred_update_log_entry_request', array(
293
  'ref' => NULL,
@@ -461,7 +464,7 @@ if ( ! class_exists( 'myCRED_Log_Module' ) ) :
461
 
462
  // First get a clean list of ids to delete
463
  $entry_ids = array();
464
- foreach ( (array) $_GET['entry'] as $id ) {
465
  $id = absint( $id );
466
  if ( $id === 0 || in_array( $id, $entry_ids ) ) continue;
467
  $entry_ids[] = $id;
@@ -668,10 +671,10 @@ if ( ! class_exists( 'myCRED_Log_Module' ) ) :
668
  echo '<input type="hidden" name="s" value="' . esc_attr( $search_args['s'] ) . '" />';
669
 
670
  if ( isset( $_GET['ref'] ) )
671
- echo '<input type="hidden" name="show" value="' . esc_attr( $_GET['ref'] ) . '" />';
672
 
673
  if ( isset( $_GET['show'] ) )
674
- echo '<input type="hidden" name="show" value="' . esc_attr( $_GET['show'] ) . '" />';
675
 
676
  if ( array_key_exists( 'order', $search_args ) )
677
  echo '<input type="hidden" name="order" value="' . esc_attr( $search_args['order'] ) . '" />';
@@ -766,7 +769,7 @@ if ( ! class_exists( 'myCRED_Log_Module' ) ) :
766
  echo '<input type="hidden" name="ref" value="' . esc_attr( $search_args['ref'] ) . '" />';
767
 
768
  if ( isset( $_GET['show'] ) )
769
- echo '<input type="hidden" name="show" value="' . esc_attr( $_GET['show'] ) . '" />';
770
 
771
  elseif ( array_key_exists( 'time', $search_args ) )
772
  echo '<input type="hidden" name="time" value="' . esc_attr( $search_args['time'] ) . '" />';
286
  $screen = isset( $_POST['screen'] ) ? sanitize_key( $_POST['screen'] ) : '';
287
 
288
  // Parse form submission
289
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
290
  parse_str( $_POST['form'], $post );
291
 
292
+ $post = mycred_sanitize_array( $post );
293
+
294
  // Apply defaults
295
  $request = shortcode_atts( apply_filters( 'mycred_update_log_entry_request', array(
296
  'ref' => NULL,
464
 
465
  // First get a clean list of ids to delete
466
  $entry_ids = array();
467
+ foreach ( array_map( 'absint', wp_unslash( $_GET['entry'] ) ) as $id ) {
468
  $id = absint( $id );
469
  if ( $id === 0 || in_array( $id, $entry_ids ) ) continue;
470
  $entry_ids[] = $id;
671
  echo '<input type="hidden" name="s" value="' . esc_attr( $search_args['s'] ) . '" />';
672
 
673
  if ( isset( $_GET['ref'] ) )
674
+ echo '<input type="hidden" name="show" value="' . esc_attr( sanitize_key( $_GET['ref'] ) ) . '" />';
675
 
676
  if ( isset( $_GET['show'] ) )
677
+ echo '<input type="hidden" name="show" value="' . esc_attr( sanitize_key( $_GET['show'] ) ) . '" />';
678
 
679
  if ( array_key_exists( 'order', $search_args ) )
680
  echo '<input type="hidden" name="order" value="' . esc_attr( $search_args['order'] ) . '" />';
769
  echo '<input type="hidden" name="ref" value="' . esc_attr( $search_args['ref'] ) . '" />';
770
 
771
  if ( isset( $_GET['show'] ) )
772
+ echo '<input type="hidden" name="show" value="' . esc_attr( sanitize_key( $_GET['show'] ) ) . '" />';
773
 
774
  elseif ( array_key_exists( 'time', $search_args ) )
775
  echo '<input type="hidden" name="time" value="' . esc_attr( $search_args['time'] ) . '" />';
modules/mycred-module-management.php CHANGED
@@ -73,9 +73,13 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
73
  wp_send_json_error( 'ERROR_1' );
74
 
75
  // Get the form
 
76
  parse_str( $_POST['form'], $post );
 
77
  unset( $_POST );
78
 
 
 
79
  $submitted = $post['mycred_manage_balance'];
80
 
81
  // Prep submission
@@ -233,10 +237,10 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
233
 
234
  ?>
235
  <div class="row ledger header">
236
- <div class="col-xs-4"><strong><?php esc_html_e( 'Date', 'mycred' ); ?></strong></div>
237
- <div class="col-xs-4"><strong><?php esc_html_e( 'Time', 'mycred' ); ?></strong></div>
238
- <div class="col-xs-4"><strong><?php esc_html_e( 'Reference', 'mycred' ); ?></strong></div>
239
- <div class="col-xs-12"><strong><?php esc_html_e( 'Entry', 'mycred' ); ?></strong></div>
240
  </div>
241
  <?php
242
 
@@ -258,10 +262,10 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
258
 
259
  ?>
260
  <div class="row ledger">
261
- <div class="col-xs-4"><?php echo $date; ?></div>
262
- <div class="col-xs-4"><?php echo $time; ?></div>
263
- <div class="col-xs-4"><?php echo $ref; ?></div>
264
- <div class="col-xs-12"><?php echo $entry; ?></div>
265
  </div>
266
  <?php
267
 
@@ -398,7 +402,7 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
398
  if ( $screen === NULL || $screen->id != 'users' ) return;
399
 
400
  if ( isset( $query->query_vars['orderby'] ) ) {
401
-
402
  global $wpdb;
403
 
404
  $mycred_types = mycred_get_types();
@@ -409,15 +413,16 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
409
  $order = $query->query_vars['order'];
410
 
411
  $mycred = $this->core;
412
- if ( isset( $_REQUEST['ctype'] ) && array_key_exists( $_REQUEST['ctype'], $mycred_types ) )
413
- $mycred = mycred( $_REQUEST['ctype'] );
 
414
 
415
  // Sort by only showing users with a particular point type
416
- if ( $cred_id == 'balance' ) {
417
 
418
  $amount = $mycred->zero();
419
  if ( isset( $_REQUEST['amount'] ) )
420
- $amount = $mycred->number( $_REQUEST['amount'] );
421
 
422
  $query->query_from .= " LEFT JOIN {$wpdb->usermeta} mycred ON ({$wpdb->users}.ID = mycred.user_id AND mycred.meta_key = '{$mycred->cred_id}')";
423
  $query->query_where .= " AND mycred.meta_value = {$amount}";
@@ -569,7 +574,7 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
569
 
570
  ?>
571
  <div class="mycred-wrapper balance-wrapper disabled-option color-option">
572
- <div><?php echo $data['name']; ?></div>
573
  <div class="balance-row">
574
  <div class="balance-view"><?php esc_html_e( 'Excluded', 'mycred' ); ?></div>
575
  <div class="balance-edit">&nbsp;</div>
@@ -583,11 +588,11 @@ if ( ! class_exists( 'myCRED_Management_Module' ) ) :
583
 
584
  ?>
585
  <div class="mycred-wrapper balance-wrapper color-option selected">
586
- <?php if ( $data['can_edit'] ) : ?><div class="toggle-mycred-balance-editor"><a href="javascript:void(0);" data-type="<?php echo $point_type; ?>" data-view="<?php esc_attr_e( 'Edit', 'mycred' ); ?>" data-edit="<?php esc_attr_e( 'Cancel', 'mycred' ); ?>"><?php esc_html_e( 'Edit', 'mycred' ); ?></a></div><?php endif; ?>
587
- <div><?php echo $data['name']; ?></div>
588
- <div class="balance-row" id="mycred-balance-<?php echo $point_type; ?>">
589
- <div class="balance-view"><?php echo $data['formatted']; ?></div>
590
- <?php if ( $data['can_edit'] ) : ?><div class="balance-edit"><input type="text" name="mycred_new_balance[<?php echo $point_type; ?>]" value="" placeholder="<?php echo $data['raw']; ?>" size="12" /></div><?php endif; ?>
591
  </div>
592
  <?php
593
 
@@ -682,7 +687,8 @@ jQuery(function($){
682
  $editor_id = get_current_user_id();
683
 
684
  if ( isset( $_POST['mycred_new_balance'] ) && is_array( $_POST['mycred_new_balance'] ) && ! empty( $_POST['mycred_new_balance'] ) ) {
685
-
 
686
  foreach ( $_POST['mycred_new_balance'] as $point_type => $balance ) {
687
 
688
  $point_type = sanitize_key( $point_type );
@@ -731,8 +737,8 @@ jQuery(function($){
731
  ob_start();
732
 
733
  ?>
734
- <div id="edit-mycred-balance" style="display: none;">
735
- <?php if ( $name == 'myCRED' ) : ?><img id="mycred-token-sitting" class="hidden-sm hidden-xs" src="<?php echo plugins_url( 'assets/images/token-sitting.png', myCRED_THIS ); ?>" alt="Token looking on" /><?php endif; ?>
736
  <div class="mycred-container">
737
  <form class="form" method="post" action="" id="mycred-editor-form">
738
  <input type="hidden" name="mycred_manage_balance[type]" value="" id="mycred-edit-balance-of-type" />
@@ -780,17 +786,17 @@ jQuery(function($){
780
  <?php
781
 
782
  foreach ( $references as $ref_id => $ref_label ) {
783
- echo '<option value="' . $ref_id . '"';
784
  if ( $ref_id == $this->manual_reference ) echo ' selected="selected"';
785
- echo '>' . $ref_label . '</option>';
786
  }
787
 
788
- echo '<option value="mycred_custom">' . __( 'Log under a custom reference', 'mycred' ) . '</option>';
789
 
790
  ?>
791
  </select>
792
  </div>
793
- <div id="mycred-custom-reference-wrapper" style="display: none;">
794
  <input type="text" name="mycred_manage_balance[custom]" id="mycred-editor-custom-reference" placeholder="<?php esc_attr_e( 'lowercase without empty spaces', 'mycred' ); ?>" class="regular-text" value="" />
795
  </div>
796
  </div>
@@ -798,7 +804,7 @@ jQuery(function($){
798
  <div class="form-group">
799
  <label><?php esc_html_e( 'Log Entry', 'mycred' ); ?></label>
800
  <input type="text" name="mycred_manage_balance[entry]" id="mycred-editor-entry" placeholder="<?php esc_attr_e( 'optional', 'mycred' ); ?>" class="regular-text" value="" />
801
- <span class="description"><?php echo $mycred->available_template_tags( array( 'general', 'amount' ) ); ?></span>
802
  </div>
803
  </div>
804
  </div>
@@ -811,7 +817,7 @@ jQuery(function($){
811
  </div>
812
  </form>
813
 
814
- <div id="mycred-users-mini-ledger" style="display: none;">
815
  <div class="border">
816
  <div id="mycred-processing"><div class="loading-indicator"></div></div>
817
  </div>
@@ -825,7 +831,57 @@ jQuery(function($){
825
  $content = ob_get_contents();
826
  ob_end_clean();
827
 
828
- echo apply_filters( 'mycred_admin_inline_editor', $content );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
829
 
830
  }
831
 
73
  wp_send_json_error( 'ERROR_1' );
74
 
75
  // Get the form
76
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
77
  parse_str( $_POST['form'], $post );
78
+
79
  unset( $_POST );
80
 
81
+ $post = mycred_sanitize_array( $post );
82
+
83
  $submitted = $post['mycred_manage_balance'];
84
 
85
  // Prep submission
237
 
238
  ?>
239
  <div class="row ledger header">
240
+ <div class="col-md-3 col-sm-12"><strong><?php esc_html_e( 'Date', 'mycred' ); ?></strong></div>
241
+ <div class="col-md-3 col-sm-12"><strong><?php esc_html_e( 'Time', 'mycred' ); ?></strong></div>
242
+ <div class="col-md-3 col-sm-12"><strong><?php esc_html_e( 'Reference', 'mycred' ); ?></strong></div>
243
+ <div class="col-md-3 col-sm-12"><strong><?php esc_html_e( 'Entry', 'mycred' ); ?></strong></div>
244
  </div>
245
  <?php
246
 
262
 
263
  ?>
264
  <div class="row ledger">
265
+ <div class="col-md-3 col-sm-12"><?php echo esc_html( $date );?></div>
266
+ <div class="col-md-3 col-sm-12"><?php echo esc_html( $time );?></div>
267
+ <div class="col-md-3 col-sm-12"><?php echo esc_html( $ref );?></div>
268
+ <div class="col-md-3 col-sm-12"><?php echo esc_html( $entry );?></div>
269
  </div>
270
  <?php
271
 
402
  if ( $screen === NULL || $screen->id != 'users' ) return;
403
 
404
  if ( isset( $query->query_vars['orderby'] ) ) {
405
+ ;
406
  global $wpdb;
407
 
408
  $mycred_types = mycred_get_types();
413
  $order = $query->query_vars['order'];
414
 
415
  $mycred = $this->core;
416
+
417
+ if ( isset( $_REQUEST['ctype'] ) && array_key_exists( sanitize_key( wp_unslash( $_REQUEST['ctype'] ) ), $mycred_types ) )
418
+ $mycred = mycred( sanitize_key( wp_unslash( $_REQUEST['ctype'] ) ) );
419
 
420
  // Sort by only showing users with a particular point type
421
+ if ( $cred_id == 'mycred_default' ) {
422
 
423
  $amount = $mycred->zero();
424
  if ( isset( $_REQUEST['amount'] ) )
425
+ $amount = $mycred->number( intval( $_REQUEST['amount'] ) );
426
 
427
  $query->query_from .= " LEFT JOIN {$wpdb->usermeta} mycred ON ({$wpdb->users}.ID = mycred.user_id AND mycred.meta_key = '{$mycred->cred_id}')";
428
  $query->query_where .= " AND mycred.meta_value = {$amount}";
574
 
575
  ?>
576
  <div class="mycred-wrapper balance-wrapper disabled-option color-option">
577
+ <div><?php echo esc_html( $data['name'] ); ?></div>
578
  <div class="balance-row">
579
  <div class="balance-view"><?php esc_html_e( 'Excluded', 'mycred' ); ?></div>
580
  <div class="balance-edit">&nbsp;</div>
588
 
589
  ?>
590
  <div class="mycred-wrapper balance-wrapper color-option selected">
591
+ <?php if ( $data['can_edit'] ) : ?><div class="toggle-mycred-balance-editor"><a href="javascript:void(0);" data-type="<?php echo esc_attr( $point_type ); ?>" data-view="<?php esc_attr_e( 'Edit', 'mycred' ); ?>" data-edit="<?php esc_attr_e( 'Cancel', 'mycred' ); ?>"><?php esc_html_e( 'Edit', 'mycred' ); ?></a></div><?php endif; ?>
592
+ <div><?php echo esc_html( $data['name'] ); ?></div>
593
+ <div class="balance-row" id="mycred-balance-<?php echo esc_attr( $point_type ); ?>">
594
+ <div class="balance-view"><?php echo esc_html( $data['formatted'] ); ?></div>
595
+ <?php if ( $data['can_edit'] ) : ?><div class="balance-edit"><input type="text" name="mycred_new_balance[<?php echo esc_attr( $point_type ); ?>]" value="" placeholder="<?php echo esc_attr( $data['raw'] ); ?>" size="12" /></div><?php endif; ?>
596
  </div>
597
  <?php
598
 
687
  $editor_id = get_current_user_id();
688
 
689
  if ( isset( $_POST['mycred_new_balance'] ) && is_array( $_POST['mycred_new_balance'] ) && ! empty( $_POST['mycred_new_balance'] ) ) {
690
+
691
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
692
  foreach ( $_POST['mycred_new_balance'] as $point_type => $balance ) {
693
 
694
  $point_type = sanitize_key( $point_type );
737
  ob_start();
738
 
739
  ?>
740
+ <div id="edit-mycred-balance">
741
+ <?php if ( $name == 'myCRED' ) : ?><img id="mycred-token-sitting" class="hidden-sm hidden-xs" src="<?php echo esc_url( plugins_url( 'assets/images/token-sitting.png', myCRED_THIS ) ); ?>" alt="Token looking on" /><?php endif; ?>
742
  <div class="mycred-container">
743
  <form class="form" method="post" action="" id="mycred-editor-form">
744
  <input type="hidden" name="mycred_manage_balance[type]" value="" id="mycred-edit-balance-of-type" />
786
  <?php
787
 
788
  foreach ( $references as $ref_id => $ref_label ) {
789
+ echo '<option value="' . esc_attr( $ref_id ). '"';
790
  if ( $ref_id == $this->manual_reference ) echo ' selected="selected"';
791
+ echo '>' . esc_html( $ref_label ) . '</option>';
792
  }
793
 
794
+ echo '<option value="mycred_custom">' . esc_html__( 'Log under a custom reference', 'mycred' ) . '</option>';
795
 
796
  ?>
797
  </select>
798
  </div>
799
+ <div id="mycred-custom-reference-wrapper">
800
  <input type="text" name="mycred_manage_balance[custom]" id="mycred-editor-custom-reference" placeholder="<?php esc_attr_e( 'lowercase without empty spaces', 'mycred' ); ?>" class="regular-text" value="" />
801
  </div>
802
  </div>
804
  <div class="form-group">
805
  <label><?php esc_html_e( 'Log Entry', 'mycred' ); ?></label>
806
  <input type="text" name="mycred_manage_balance[entry]" id="mycred-editor-entry" placeholder="<?php esc_attr_e( 'optional', 'mycred' ); ?>" class="regular-text" value="" />
807
+ <span class="description"><?php echo wp_kses_post( $mycred->available_template_tags( array( 'general', 'amount' ) ) ); ?></span>
808
  </div>
809
  </div>
810
  </div>
817
  </div>
818
  </form>
819
 
820
+ <div id="mycred-users-mini-ledger">
821
  <div class="border">
822
  <div id="mycred-processing"><div class="loading-indicator"></div></div>
823
  </div>
831
  $content = ob_get_contents();
832
  ob_end_clean();
833
 
834
+ $allowed_html = array(
835
+ 'div' => array(
836
+ 'id' => array(),
837
+ 'class' => array(),
838
+ 'style' => array()
839
+ ),
840
+ 'img' => array(
841
+ 'id' => array(),
842
+ 'class' => array(),
843
+ 'src' => array(),
844
+ 'alt' => array()
845
+ ),
846
+ 'form' => array(
847
+ 'id' => array(),
848
+ 'class' => array(),
849
+ 'action' => array(),
850
+ 'method' => array()
851
+ ),
852
+ 'input' => array(
853
+ 'id' => array(),
854
+ 'class' => array(),
855
+ 'type' => array(),
856
+ 'value' => array(),
857
+ 'size' => array(),
858
+ 'placeholder' => array(),
859
+ 'name' => array()
860
+ ),
861
+ 'select' => array(
862
+ 'id' => array(),
863
+ 'name' => array()
864
+ ),
865
+ 'option' => array(
866
+ 'value' => array(),
867
+ 'selected' => array()
868
+ ),
869
+ 'span' => array(
870
+ 'id' => array(),
871
+ 'class' => array()
872
+ ),
873
+ 'button' => array(
874
+ 'id' => array(),
875
+ 'class' => array(),
876
+ 'type' => array()
877
+ ),
878
+ 'label' => array()
879
+ );
880
+
881
+ echo wp_kses(
882
+ apply_filters( 'mycred_admin_inline_editor', $content ),
883
+ $allowed_html
884
+ );
885
 
886
  }
887
 
modules/mycred-module-network.php CHANGED
@@ -107,7 +107,7 @@ if ( ! class_exists( 'myCRED_Network_Module' ) ) :
107
  $screen = get_current_screen();
108
  if ( $screen->id == 'sites-network' ) {
109
 
110
- echo '<style type="text/css">th#' . MYCRED_SLUG . ' { width: 15%; }</style>';
111
 
112
  }
113
 
@@ -153,6 +153,7 @@ if ( ! class_exists( 'myCRED_Network_Module' ) ) :
153
  }
154
  else {
155
 
 
156
  echo '<span class="dashicons dashicons-yes"' . ( $blog_id == 1 ? ' style="color: green;"' : '' ) . '></span><div class="row-actions"><span class="info" style="color: #666">' . ( $blog_id == 1 ? esc_html__( 'Master Template', 'mycred' ) : esc_html__( 'Enabled', 'mycred' ) ) . '</span></div>';
157
 
158
  }
@@ -238,7 +239,7 @@ h4.ui-accordion-header:before { content: "<?php esc_attr_e( 'click to open', 'my
238
 
239
  ?>
240
  <div class="wrap mycred-metabox" id="myCRED-wrap">
241
- <h1><?php printf( esc_html__( '%s Network', 'mycred' ), $name ); ?><?php if ( MYCRED_DEFAULT_LABEL === 'myCRED' ) : ?> <a href="http://codex.mycred.me/chapter-i/multisites/" class="page-title-action" target="_blank"><?php esc_html_e( 'Documentation', 'mycred' ); ?></a><?php endif; ?></h1>
242
  <?php
243
 
244
  if ( wp_is_large_network() ) {
@@ -254,14 +255,14 @@ h4.ui-accordion-header:before { content: "<?php esc_attr_e( 'click to open', 'my
254
  // Inform user that myCRED has not yet been setup
255
  $setup = get_blog_option( 1, 'mycred_setup_completed', false );
256
  if ( $setup === false )
257
- echo '<div class="error"><p>' . sprintf( esc_html__( 'Note! %s has not yet been setup.', 'mycred' ), $name ) . '</p></div>';
258
 
259
  // Settings Updated
260
  if ( isset( $_GET['settings-updated'] ) )
261
  echo '<div class="updated"><p>' . esc_html__( 'Settings Updated', 'mycred' ) . '</p></div>';
262
 
263
  ?>
264
- <form method="post" action="<?php echo admin_url( 'options.php' ); ?>" class="form" name="mycred-core-settings-form" novalidate>
265
 
266
  <?php settings_fields( 'mycred_network' ); ?>
267
 
@@ -311,7 +312,7 @@ h4.ui-accordion-header:before { content: "<?php esc_attr_e( 'click to open', 'my
311
  <div class="form-group">
312
  <label for="mycred-network-block"><?php esc_html_e( 'Blog IDs', 'mycred' ); ?></label>
313
  <input type="text" name="mycred_network[block]" id="mycred-network-block" value="<?php echo esc_attr( $this->settings['block'] ); ?>" class="form-control" />
314
- <p><span class="description"><?php printf( __( 'Comma separated list of blog ids where %s is to be disabled.', 'mycred' ), $name ); ?></span></p>
315
  </div>
316
  </div>
317
  </div>
107
  $screen = get_current_screen();
108
  if ( $screen->id == 'sites-network' ) {
109
 
110
+ echo '<style type="text/css">th#' . esc_attr( MYCRED_SLUG ) . ' { width: 15%; }</style>';
111
 
112
  }
113
 
153
  }
154
  else {
155
 
156
+ // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
157
  echo '<span class="dashicons dashicons-yes"' . ( $blog_id == 1 ? ' style="color: green;"' : '' ) . '></span><div class="row-actions"><span class="info" style="color: #666">' . ( $blog_id == 1 ? esc_html__( 'Master Template', 'mycred' ) : esc_html__( 'Enabled', 'mycred' ) ) . '</span></div>';
158
 
159
  }
239
 
240
  ?>
241
  <div class="wrap mycred-metabox" id="myCRED-wrap">
242
+ <h1><?php printf( esc_html__( '%s Network', 'mycred' ), esc_html( $name ) ); ?><?php if ( MYCRED_DEFAULT_LABEL === 'myCRED' ) : ?> <a href="http://codex.mycred.me/chapter-i/multisites/" class="page-title-action" target="_blank"><?php esc_html_e( 'Documentation', 'mycred' ); ?></a><?php endif; ?></h1>
243
  <?php
244
 
245
  if ( wp_is_large_network() ) {
255
  // Inform user that myCRED has not yet been setup
256
  $setup = get_blog_option( 1, 'mycred_setup_completed', false );
257
  if ( $setup === false )
258
+ echo '<div class="error"><p>' . sprintf( esc_html__( 'Note! %s has not yet been setup.', 'mycred' ), esc_html( $name ) ) . '</p></div>';
259
 
260
  // Settings Updated
261
  if ( isset( $_GET['settings-updated'] ) )
262
  echo '<div class="updated"><p>' . esc_html__( 'Settings Updated', 'mycred' ) . '</p></div>';
263
 
264
  ?>
265
+ <form method="post" action="<?php echo esc_url( admin_url( 'options.php' ) ); ?>" class="form" name="mycred-core-settings-form" novalidate>
266
 
267
  <?php settings_fields( 'mycred_network' ); ?>
268
 
312
  <div class="form-group">
313
  <label for="mycred-network-block"><?php esc_html_e( 'Blog IDs', 'mycred' ); ?></label>
314
  <input type="text" name="mycred_network[block]" id="mycred-network-block" value="<?php echo esc_attr( $this->settings['block'] ); ?>" class="form-control" />
315
+ <p><span class="description"><?php printf( esc_html__( 'Comma separated list of blog ids where %s is to be disabled.', 'mycred' ), esc_html( $name ) ); ?></span></p>
316
  </div>
317
  </div>
318
  </div>
modules/mycred-module-settings.php CHANGED
@@ -171,10 +171,12 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
171
  if ( ! isset( $_POST['type'] ) )
172
  wp_send_json_error( 'Missing point type' );
173
 
174
- $type = isset( $_POSt['type'] ) ? sanitize_text_field( wp_unslash( $_POST['type'] ) ) : '';
 
 
175
 
176
  // Identify users by
177
- switch ( $_POST['identify'] ) {
178
 
179
  case 'ID' :
180
 
@@ -455,8 +457,8 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
455
  // If the requested tab exists, localize the accordion script to open this tab.
456
  // For this to work, the variable "active" must be set to the position of the
457
  // tab starting with zero for "Core".
458
- if ( isset( $_REQUEST['open-tab'] ) && array_key_exists( $_REQUEST['open-tab'], $this->accordion_tabs ) )
459
- wp_localize_script( 'mycred-accordion', 'myCRED', array( 'active' => $this->accordion_tabs[ $_REQUEST['open-tab'] ] ) );
460
 
461
  wp_localize_script(
462
  'mycred-type-management',
@@ -597,58 +599,12 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
597
  );
598
 
599
  $allowed_html = array(
600
- 'input' => array(
601
- 'class' => array(),
602
- 'type' => array(),
603
- 'tabindex' => array(),
604
- 'autocorrect' => array(),
605
- 'autocapitalize' => array(),
606
- 'spellcheck' => array(),
607
- 'role' => array(),
608
- 'aria-autocomplete' => array(),
609
- 'autocomplete' => array(),
610
- 'aria-describedby' => array(),
611
- 'placeholder' => array(),
612
- 'style' => array()
613
- ),
614
- 'span' => array(
615
- 'class' => array(),
616
- 'dir' => array(),
617
- 'data-select2-id' => array(),
618
- 'style' => array(),
619
- 'aria-hidden' => array(),
620
- 'role' => array(),
621
- 'tabindex' => array(),
622
- 'aria-haspopup' => array(),
623
- 'aria-expanded' => array(),
624
- 'aria-disabled' => array()
625
- ),
626
- 'ul' => array(
627
- 'class' => array(),
628
- 'id' => array()
629
- ),
630
- 'li' => array(
631
- 'class' => array(),
632
- 'title' => array(),
633
- 'data-select2-id' => array(),
634
- ),
635
- 'button' => array(
636
- 'class' => array(),
637
- 'type' => array(),
638
- 'title' => array(),
639
- 'tabindex' => array(),
640
- 'aria-label' => array(),
641
- 'aria-describedby' => array(),
642
- ),
643
  'select' => array(
644
  'name' => array(),
645
  'id' => array(),
646
  'class' => array(),
647
  'style' => array(),
648
  'multiple' => array(),
649
- 'data-select2-id' => array(),
650
- 'tabindex' => array(),
651
- 'aria-hidden' => array()
652
  ),
653
  'option' => array(
654
  'value' => array(),
@@ -663,7 +619,7 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
663
  <?php $this->update_notice(); ?>
664
 
665
  <?php if ( MYCRED_DEFAULT_LABEL === 'myCRED' ) : ?>
666
- <p id="mycred-thank-you-text"><?php printf( esc_html__( 'Thank you for using %s. If you have a moment, please leave a %s.', 'mycred' ), esc_html_e( mycred_label() ), sprintf( '<a href="https://wordpress.org/support/plugin/mycred/reviews/?rate=5#new-post" target="_blank">%s</a>', esc_html__( 'review', 'mycred' ) ) ); ?><span id="mycred-social-media"><?php echo implode( ' ', $social ) ; ?></span></p>
667
  <?php endif; ?>
668
 
669
  <form method="post" action="options.php" class="form" name="mycred-core-settings-form" novalidate>
@@ -759,8 +715,7 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
759
  <div class="col-lg-2 col-md-2 col-sm-12 col-xs-12">
760
  <div class="form-group">
761
  <label for="<?php echo esc_attr( $excluded_ids_args['id'] ); ?>"><?php esc_html_e( 'Exclude Users', 'mycred' ); ?></label>
762
- <?php echo mycred_create_select2( $all_users, $excluded_ids_args, $excluded_ids ); ?>
763
- <?php //echo wp_kses( mycred_create_select2( $all_users, $excluded_ids_args, $excluded_ids ), $allowed_html ); ?>
764
  </div>
765
  <div class="form-group">
766
  <div class="checkbox">
@@ -774,7 +729,7 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
774
  <div class="col-lg-2 col-md-2 col-sm-12 col-xs-12">
775
  <div class="form-group">
776
  <label for="<?php echo esc_attr( $roles_args['id'] ); ?>"><?php esc_html_e( 'Exclude by User Role', 'mycred' ); ?></label>
777
- <?php echo mycred_create_select2( $roles, $roles_args, $excluded_roles ); ?>
778
  </div>
779
  </div>
780
  </div>
@@ -1300,7 +1255,7 @@ if ( ! class_exists( 'myCRED_Settings_Module' ) ) :
1300
 
1301
  if( isset( $_GET['action'] ) && $_GET['action'] == 'mycred-get-users-to-exclude' )
1302
  {
1303
- $search = sanitize_text_field( $_GET['search'] );
1304
 
1305
  $results = mycred_get_users_by_name_email( $search );
1306
 
171
  if ( ! isset( $_POST['type'] ) )
172
  wp_send_json_error( 'Missing point type' );
173
 
174
+ $type = isset( $_POST['type'] ) ? sanitize_text_field( wp_unslash( $_POST['type'] ) ) : '';
175
+
176
+ $identify = isset( $_POST['identify'] ) ? sanitize_text_field( wp_unslash( $_POST['identify'] ) ) : 'ID';
177
 
178
  // Identify users by
179
+ switch ( $identify ) {
180
 
181
  case 'ID' :
182
 
457
  // If the requested tab exists, localize the accordion script to open this tab.
458
  // For this to work, the variable "active" must be set to the position of the
459
  // tab starting with zero for "Core".
460
+ if ( isset( $_REQUEST['open-tab'] ) && array_key_exists( sanitize_key( wp_unslash( $_REQUEST['open-tab'] ) ), $this->accordion_tabs ) )
461
+ wp_localize_script( 'mycred-accordion', 'myCRED', array( 'active' => $this->accordion_tabs[ sanitize_key( wp_unslash( $_REQUEST['open-tab'] ) ) ] ) );
462
 
463
  wp_localize_script(
464
  'mycred-type-management',
599
  );
600
 
601
  $allowed_html = array(
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
602
  'select' => array(
603
  'name' => array(),
604
  'id' => array(),
605
  'class' => array(),
606
  'style' => array(),
607
  'multiple' => array(),
 
 
 
608
  ),
609
  'option' => array(
610
  'value' => array(),
619
  <?php $this->update_notice(); ?>
620
 
621
  <?php if ( MYCRED_DEFAULT_LABEL === 'myCRED' ) : ?>
622
+ <p id="mycred-thank-you-text"><?php printf( esc_html__( 'Thank you for using %s. If you have a moment, please leave a %s.', 'mycred' ), esc_html_e( mycred_label() ), sprintf( '<a href="https://wordpress.org/support/plugin/mycred/reviews/?rate=5#new-post" target="_blank">%s</a>', esc_html__( 'review', 'mycred' ) ) ); ?><span id="mycred-social-media"><?php echo wp_kses_post( implode( ' ', $social ) ); ?></span></p>
623
  <?php endif; ?>
624
 
625
  <form method="post" action="options.php" class="form" name="mycred-core-settings-form" novalidate>
715
  <div class="col-lg-2 col-md-2 col-sm-12 col-xs-12">
716
  <div class="form-group">
717
  <label for="<?php echo esc_attr( $excluded_ids_args['id'] ); ?>"><?php esc_html_e( 'Exclude Users', 'mycred' ); ?></label>
718
+ <?php echo wp_kses( mycred_create_select2( $all_users, $excluded_ids_args, $excluded_ids ), $allowed_html ); ?>
 
719
  </div>
720
  <div class="form-group">
721
  <div class="checkbox">
729
  <div class="col-lg-2 col-md-2 col-sm-12 col-xs-12">
730
  <div class="form-group">
731
  <label for="<?php echo esc_attr( $roles_args['id'] ); ?>"><?php esc_html_e( 'Exclude by User Role', 'mycred' ); ?></label>
732
+ <?php echo wp_kses( mycred_create_select2( $roles, $roles_args, $excluded_roles ), $allowed_html ); ?>
733
  </div>
734
  </div>
735
  </div>
1255
 
1256
  if( isset( $_GET['action'] ) && $_GET['action'] == 'mycred-get-users-to-exclude' )
1257
  {
1258
+ $search = isset( $_GET['search'] ) ? sanitize_text_field( wp_unslash( $_GET['search'] ) ) : '';
1259
 
1260
  $results = mycred_get_users_by_name_email( $search );
1261
 
mycred.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: myCred
4
  * Plugin URI: https://mycred.me
5
  * Description: An adaptive points management system for WordPress powered websites.
6
- * Version: 2.4.6.1
7
  * Tags: point, credit, loyalty program, engagement, reward, woocommerce rewards
8
  * Author: myCred
9
  * Author URI: https://mycred.me
@@ -20,7 +20,7 @@ if ( ! class_exists( 'myCRED_Core' ) ) :
20
  final class myCRED_Core {
21
 
22
  // Plugin Version
23
- public $version = '2.4.6.1';
24
 
25
  // Instnace
26
  protected static $_instance = NULL;
@@ -54,14 +54,14 @@ if ( ! class_exists( 'myCRED_Core' ) ) :
54
  * @since 1.7
55
  * @version 1.0
56
  */
57
- public function __clone() { _doing_it_wrong( __FUNCTION__, 'Cheatin&#8217; huh?', '2.4.6' ); }
58
 
59
  /**
60
  * Not allowed
61
  * @since 1.7
62
  * @version 1.0
63
  */
64
- public function __wakeup() { _doing_it_wrong( __FUNCTION__, 'Cheatin&#8217; huh?', '2.4.6' ); }
65
 
66
  /**
67
  * Get
@@ -82,7 +82,7 @@ if ( ! class_exists( 'myCRED_Core' ) ) :
82
  if ( ! defined( $name ) )
83
  define( $name, $value );
84
  elseif ( ! $definable && defined( $name ) )
85
- _doing_it_wrong( 'myCRED_Core->define()', 'Could not define: ' . $name . ' as it is already defined somewhere else!', '2.4.6' );
86
  }
87
 
88
  /**
@@ -94,7 +94,7 @@ if ( ! class_exists( 'myCRED_Core' ) ) :
94
  if ( file_exists( $required_file ) )
95
  require_once $required_file;
96
  else
97
- _doing_it_wrong( 'myCRED_Core->file()', 'Requested file ' . $required_file . ' not found.', '2.4.6' );
98
  }
99
 
100
  /**
3
  * Plugin Name: myCred
4
  * Plugin URI: https://mycred.me
5
  * Description: An adaptive points management system for WordPress powered websites.
6
+ * Version: 2.4.7
7
  * Tags: point, credit, loyalty program, engagement, reward, woocommerce rewards
8
  * Author: myCred
9
  * Author URI: https://mycred.me
20
  final class myCRED_Core {
21
 
22
  // Plugin Version
23
+ public $version = '2.4.7';
24
 
25
  // Instnace
26
  protected static $_instance = NULL;
54
  * @since 1.7
55
  * @version 1.0
56
  */
57
+ public function __clone() { _doing_it_wrong( __FUNCTION__, 'Cheatin&#8217; huh?', '2.4.7' ); }
58
 
59
  /**
60
  * Not allowed
61
  * @since 1.7
62
  * @version 1.0
63
  */
64
+ public function __wakeup() { _doing_it_wrong( __FUNCTION__, 'Cheatin&#8217; huh?', '2.4.7' ); }
65
 
66
  /**
67
  * Get
82
  if ( ! defined( $name ) )
83
  define( $name, $value );
84
  elseif ( ! $definable && defined( $name ) )
85
+ _doing_it_wrong( 'myCRED_Core->define()', 'Could not define: ' . esc_html( $name ) . ' as it is already defined somewhere else!', '2.4.7' );
86
  }
87
 
88
  /**
94
  if ( file_exists( $required_file ) )
95
  require_once $required_file;
96
  else
97
+ _doing_it_wrong( 'myCRED_Core->file()', 'Requested file ' . esc_html( $required_file ) . ' not found.', '2.4.7' );
98
  }
99
 
100
  /**
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mycred,wpexpertsio
3
  Tags: badges, gamification, loyalty, points, rewards
4
  Requires at least: 4.8
5
  Tested up to: 6.0
6
- Stable tag: 2.4.6.1
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -316,6 +316,9 @@ You can find a list of [frequently asked questions](https://mycred.me/about/faq/
316
 
317
  == Upgrade Notice ==
318
 
 
 
 
319
  = 2.4.6.1 =
320
  Bug fixes.
321
 
@@ -405,6 +408,13 @@ The banking module have been replaced by Central deposite module, and interest r
405
 
406
  == Changelog ==
407
 
 
 
 
 
 
 
 
408
  = 2.4.6.1 =
409
  - **FIX** - Badge level requirements not being saved.
410
  - **FIX** - Badge level requirements appear twice on the badge single page.
3
  Tags: badges, gamification, loyalty, points, rewards
4
  Requires at least: 4.8
5
  Tested up to: 6.0
6
+ Stable tag: 2.4.7
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
316
 
317
  == Upgrade Notice ==
318
 
319
+ = 2.4.7 =
320
+ Bug fixes.
321
+
322
  = 2.4.6.1 =
323
  Bug fixes.
324
 
408
 
409
  == Changelog ==
410
 
411
+ = 2.4.7 =
412
+ - **NEW** - Added filter "mycred_email_event".
413
+ - **FIX** - mycred_list_ranks order attribute was not working in some cases.
414
+ - **FIX** - mycred_transfer numeric username was not working.
415
+ - **FIX** - mycred_leaderboard exclude_zero attribute was not working.
416
+ - **FIX** - Fixed security vulnerabilities.
417
+
418
  = 2.4.6.1 =
419
  - **FIX** - Badge level requirements not being saved.
420
  - **FIX** - Badge level requirements appear twice on the badge single page.