Ninja Tables – WP Data Table Plugin for WordPress - Version 4.1.13

Version Description

Download this release

Release Info

Developer techjewel
Plugin Icon 128x128 Ninja Tables – WP Data Table Plugin for WordPress
Version 4.1.13
Comparing to
See all releases

Code changes from version 4.1.12 to 4.1.13

Files changed (13) hide show
  1. admin/DeactivationMessage.php +6 -6
  2. admin/NinjaTablesAdmin.php +63 -49
  3. includes/NinjaTablesDeactivator.php +6 -6
  4. includes/libs/Lead/LeadOptIn.php +16 -16
  5. includes/libs/TableDrivers/NinjaFooTable.php +7 -6
  6. includes/libs/TableDrivers/views/ninja_foo_table.php +1 -1
  7. includes/libs/TableDrivers/views/ninja_footable_css.php +1 -1
  8. includes/ninja_tables-global-functions.php +185 -104
  9. ninja-tables.php +2 -2
  10. public/NinjaTablePublic.php +1 -1
  11. public/views/frameless/show_review.php +2 -1
  12. public/views/table_inner_html.php +9 -9
  13. readme.txt +5 -1
admin/DeactivationMessage.php CHANGED
@@ -80,17 +80,17 @@ class DeactivationMessage
80
  public function get_request_from() {
81
  $ipaddress = '';
82
  if (isset($_SERVER['HTTP_CLIENT_IP']))
83
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
84
  else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
85
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
86
  else if(isset($_SERVER['HTTP_X_FORWARDED']))
87
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
88
  else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
89
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
90
  else if(isset($_SERVER['HTTP_FORWARDED']))
91
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
92
  else if(isset($_SERVER['REMOTE_ADDR']))
93
- $ipaddress = $_SERVER['REMOTE_ADDR'];
94
  else
95
  $ipaddress = 'UNKNOWN';
96
  return $ipaddress;
80
  public function get_request_from() {
81
  $ipaddress = '';
82
  if (isset($_SERVER['HTTP_CLIENT_IP']))
83
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
84
  else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
85
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
86
  else if(isset($_SERVER['HTTP_X_FORWARDED']))
87
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
88
  else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
89
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
90
  else if(isset($_SERVER['HTTP_FORWARDED']))
91
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
92
  else if(isset($_SERVER['REMOTE_ADDR']))
93
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
94
  else
95
  $ipaddress = 'UNKNOWN';
96
  return $ipaddress;
admin/NinjaTablesAdmin.php CHANGED
@@ -47,10 +47,10 @@ class NinjaTablesAdmin
47
  /**
48
  * Initialize the class and set its properties.
49
  *
 
 
50
  * @since 1.0.0
51
  *
52
- * @param string $plugin_name The name of this plugin.
53
- * @param string $version The version of this plugin.
54
  */
55
  public function __construct($plugin_name = 'ninja-tables', $version = NINJA_TABLES_VERSION)
56
  {
@@ -160,25 +160,25 @@ class NinjaTablesAdmin
160
  'ninja_table_tools_menu'
161
  );
162
 
163
- if (!defined('NINJA_CHARTS_VERSION')) {
164
- $submenu['ninja_tables']['ninja_charts'] = array(
165
- __('Charts', 'ninja-tables'),
166
- $capability,
167
- 'admin.php?page=ninja_tables#/charts'
168
- );
169
- } else {
170
- $submenu['ninja_tables']['ninja_charts'] = array(
171
- __('Charts', 'ninja-tables'),
172
- $capability,
173
- 'admin.php?page=ninja-charts#/chart-list'
174
- );
175
-
176
- $submenu['ninja_tables']['add_chart'] = array(
177
- __('Add Chart', 'ninja-tables'),
178
- $capability,
179
- 'admin.php?page=ninja-charts#/add-chart',
180
- );
181
- }
182
 
183
  if (!defined('NINJATABLESPRO')) {
184
  $submenu['ninja_tables']['upgrade_pro'] = array(
@@ -212,7 +212,7 @@ class NinjaTablesAdmin
212
  }
213
  }
214
 
215
- ninjaTablesAdminPrintStyles();
216
 
217
  $submenu['ninja_tables']['help'] = array(
218
  __('Help', 'ninja-tables'),
@@ -667,7 +667,6 @@ class NinjaTablesAdmin
667
  $tablePreference = ninja_tables_sanitize_array($_REQUEST['table_settings']);
668
  if ($tablePreference && is_array($tablePreference)) {
669
  $formattedTablePreference = ninjaTableNormalize($tablePreference);
670
-
671
  update_post_meta($tableId, '_ninja_table_settings', $formattedTablePreference);
672
  }
673
  }
@@ -816,7 +815,7 @@ class NinjaTablesAdmin
816
  * Get the order by field and order by type values.
817
  *
818
  * @param $tableId
819
- * @param null $tableSettings
820
  *
821
  * @return array
822
  */
@@ -846,8 +845,14 @@ class NinjaTablesAdmin
846
  public function storeData()
847
  {
848
  $tableId = intval($_REQUEST['table_id']);
849
- ninja_tables_allowed_css_properties();
850
- $row = ninja_tables_sanitize_array($_REQUEST['row']);
 
 
 
 
 
 
851
  $formattedRow = array();
852
 
853
  foreach ($row as $key => $item) {
@@ -870,7 +875,10 @@ class NinjaTablesAdmin
870
  );
871
  }
872
 
873
- $createdAt = isset($_REQUEST['created_at']) && sanitize_text_field($_REQUEST['created_at']);
 
 
 
874
 
875
  if ($createdAt) {
876
  $attributes['created_at'] = $createdAt;
@@ -941,15 +949,23 @@ class NinjaTablesAdmin
941
  public function updateSingleCell()
942
  {
943
  $rowId = intval($_REQUEST['row_id']);
944
- $data = ninja_tables_sanitize_array($_REQUEST);
945
- $columnKey = sanitize_text_field($data['column_key']);
946
- $columnValue = wp_unslash($data['column_value']);
947
 
948
  // get The row first
949
  $row = ninja_tables_DbTable()
950
  ->where('id', $rowId)
951
  ->first();
952
 
 
 
 
 
 
 
 
 
 
 
 
953
  $values = json_decode($row->value, true);
954
  $values[$columnKey] = $columnValue;
955
  ninja_tables_DbTable()
@@ -1036,7 +1052,7 @@ class NinjaTablesAdmin
1036
 
1037
  $sortingType = ArrayHelper::get($tableSettings, 'sorting_type', 'by_created_at');
1038
 
1039
- $tableColumns = ninja_table_get_table_columns($tableId, 'admin');
1040
  $data = ninjaTablesGetTablesDataByID($tableId, $tableColumns, $sortingType, true);
1041
 
1042
  $header = array();
@@ -1593,11 +1609,11 @@ class NinjaTablesAdmin
1593
  'text_color' => 'rgb(255,255,255)'
1594
  ),
1595
  'print' => array(
1596
- 'status' => 'no',
1597
- 'label' => 'Print',
1598
- 'all_rows' => 'no',
1599
- 'bg_color' => 'rgb(0,0,0)',
1600
- 'text_color' => 'rgb(255,255,255)',
1601
  'header_each_page' => 'no',
1602
  'footer_each_page' => 'no',
1603
  ),
@@ -1660,7 +1676,6 @@ class NinjaTablesAdmin
1660
  ), 200);
1661
  }
1662
 
1663
-
1664
  private function getIntegrity()
1665
  {
1666
  if (defined('NINJATABLESPRO')) {
@@ -1685,7 +1700,6 @@ class NinjaTablesAdmin
1685
  return apply_filters('ninja_table_integrity', 'valid');
1686
  }
1687
 
1688
-
1689
  public function clearTablesCache()
1690
  {
1691
  ninja_table_clear_all_cache();
@@ -1694,22 +1708,22 @@ class NinjaTablesAdmin
1694
  ), 200);
1695
  }
1696
 
1697
- /**
1698
- * Installs extra plugins when necessary.
1699
- */
1700
- private function installExtraPlugins()
1701
- {
1702
- $plugin = [
1703
- 'name' => 'Ninja Charts',
1704
- 'repo-slug' => 'ninja-charts',
1705
- 'file' => 'ninja-charts.php',
1706
  'redirect' => self_admin_url('admin.php?page=ninja-charts#/chart-list')
1707
- ];
1708
 
1709
  (new \NinjaTables\Classes\BackgroundInstaller())->install($plugin);
1710
 
1711
  wp_send_json_success(array(
1712
- 'message' => 'Successfully enabled Ninja Charts.',
1713
  'redirect' => $plugin['redirect']
1714
  ));
1715
  }
47
  /**
48
  * Initialize the class and set its properties.
49
  *
50
+ * @param string $plugin_name The name of this plugin.
51
+ * @param string $version The version of this plugin.
52
  * @since 1.0.0
53
  *
 
 
54
  */
55
  public function __construct($plugin_name = 'ninja-tables', $version = NINJA_TABLES_VERSION)
56
  {
160
  'ninja_table_tools_menu'
161
  );
162
 
163
+ if (!defined('NINJA_CHARTS_VERSION')) {
164
+ $submenu['ninja_tables']['ninja_charts'] = array(
165
+ __('Charts', 'ninja-tables'),
166
+ $capability,
167
+ 'admin.php?page=ninja_tables#/charts'
168
+ );
169
+ } else {
170
+ $submenu['ninja_tables']['ninja_charts'] = array(
171
+ __('Charts', 'ninja-tables'),
172
+ $capability,
173
+ 'admin.php?page=ninja-charts#/chart-list'
174
+ );
175
+
176
+ $submenu['ninja_tables']['add_chart'] = array(
177
+ __('Add Chart', 'ninja-tables'),
178
+ $capability,
179
+ 'admin.php?page=ninja-charts#/add-chart',
180
+ );
181
+ }
182
 
183
  if (!defined('NINJATABLESPRO')) {
184
  $submenu['ninja_tables']['upgrade_pro'] = array(
212
  }
213
  }
214
 
215
+ ninjaTablesAdminPrintStyles();
216
 
217
  $submenu['ninja_tables']['help'] = array(
218
  __('Help', 'ninja-tables'),
667
  $tablePreference = ninja_tables_sanitize_array($_REQUEST['table_settings']);
668
  if ($tablePreference && is_array($tablePreference)) {
669
  $formattedTablePreference = ninjaTableNormalize($tablePreference);
 
670
  update_post_meta($tableId, '_ninja_table_settings', $formattedTablePreference);
671
  }
672
  }
815
  * Get the order by field and order by type values.
816
  *
817
  * @param $tableId
818
+ * @param null $tableSettings
819
  *
820
  * @return array
821
  */
845
  public function storeData()
846
  {
847
  $tableId = intval($_REQUEST['table_id']);
848
+
849
+ if (user_can_richedit()) {
850
+ $row = ninja_tables_sanitize_table_content_array(ArrayHelper::get($_REQUEST, 'row', []), $tableId);
851
+ } else {
852
+ ninja_tables_allowed_css_properties();
853
+ $row = ninja_tables_sanitize_array(ArrayHelper::get($_REQUEST, 'row', []));
854
+ }
855
+
856
  $formattedRow = array();
857
 
858
  foreach ($row as $key => $item) {
875
  );
876
  }
877
 
878
+ $createdAt = '';
879
+ if (isset($_REQUEST['created_at'])) {
880
+ $createdAt = sanitize_text_field($_REQUEST['created_at']);
881
+ }
882
 
883
  if ($createdAt) {
884
  $attributes['created_at'] = $createdAt;
949
  public function updateSingleCell()
950
  {
951
  $rowId = intval($_REQUEST['row_id']);
 
 
 
952
 
953
  // get The row first
954
  $row = ninja_tables_DbTable()
955
  ->where('id', $rowId)
956
  ->first();
957
 
958
+ if (user_can_richedit()) {
959
+ $data = ninja_tables_sanitize_table_content_array($_REQUEST, $row->table_id);
960
+ } else {
961
+ ninja_tables_allowed_css_properties();
962
+ $data = ninja_tables_sanitize_array($_REQUEST);
963
+ }
964
+
965
+ $columnKey = sanitize_text_field($data['column_key']);
966
+ $columnValue = wp_unslash($data['column_value']);
967
+
968
+
969
  $values = json_decode($row->value, true);
970
  $values[$columnKey] = $columnValue;
971
  ninja_tables_DbTable()
1052
 
1053
  $sortingType = ArrayHelper::get($tableSettings, 'sorting_type', 'by_created_at');
1054
 
1055
+ $tableColumns = ninja_table_get_table_columns($tableId, 'admin');
1056
  $data = ninjaTablesGetTablesDataByID($tableId, $tableColumns, $sortingType, true);
1057
 
1058
  $header = array();
1609
  'text_color' => 'rgb(255,255,255)'
1610
  ),
1611
  'print' => array(
1612
+ 'status' => 'no',
1613
+ 'label' => 'Print',
1614
+ 'all_rows' => 'no',
1615
+ 'bg_color' => 'rgb(0,0,0)',
1616
+ 'text_color' => 'rgb(255,255,255)',
1617
  'header_each_page' => 'no',
1618
  'footer_each_page' => 'no',
1619
  ),
1676
  ), 200);
1677
  }
1678
 
 
1679
  private function getIntegrity()
1680
  {
1681
  if (defined('NINJATABLESPRO')) {
1700
  return apply_filters('ninja_table_integrity', 'valid');
1701
  }
1702
 
 
1703
  public function clearTablesCache()
1704
  {
1705
  ninja_table_clear_all_cache();
1708
  ), 200);
1709
  }
1710
 
1711
+ /**
1712
+ * Installs extra plugins when necessary.
1713
+ */
1714
+ private function installExtraPlugins()
1715
+ {
1716
+ $plugin = [
1717
+ 'name' => 'Ninja Charts',
1718
+ 'repo-slug' => 'ninja-charts',
1719
+ 'file' => 'ninja-charts.php',
1720
  'redirect' => self_admin_url('admin.php?page=ninja-charts#/chart-list')
1721
+ ];
1722
 
1723
  (new \NinjaTables\Classes\BackgroundInstaller())->install($plugin);
1724
 
1725
  wp_send_json_success(array(
1726
+ 'message' => 'Successfully enabled Ninja Charts.',
1727
  'redirect' => $plugin['redirect']
1728
  ));
1729
  }
includes/NinjaTablesDeactivator.php CHANGED
@@ -59,17 +59,17 @@ class NinjaTablesDeActivator {
59
  private static function get_request_from() {
60
  $ipaddress = '';
61
  if (isset($_SERVER['HTTP_CLIENT_IP']))
62
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
63
  else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
64
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
65
  else if(isset($_SERVER['HTTP_X_FORWARDED']))
66
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
67
  else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
68
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
69
  else if(isset($_SERVER['HTTP_FORWARDED']))
70
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
71
  else if(isset($_SERVER['REMOTE_ADDR']))
72
- $ipaddress = $_SERVER['REMOTE_ADDR'];
73
  else
74
  $ipaddress = 'UNKNOWN';
75
  return $ipaddress;
59
  private static function get_request_from() {
60
  $ipaddress = '';
61
  if (isset($_SERVER['HTTP_CLIENT_IP']))
62
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
63
  else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
64
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
65
  else if(isset($_SERVER['HTTP_X_FORWARDED']))
66
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
67
  else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
68
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
69
  else if(isset($_SERVER['HTTP_FORWARDED']))
70
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
71
  else if(isset($_SERVER['REMOTE_ADDR']))
72
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
73
  else
74
  $ipaddress = 'UNKNOWN';
75
  return $ipaddress;
includes/libs/Lead/LeadOptIn.php CHANGED
@@ -75,22 +75,22 @@ class LeadOptIn
75
 
76
  // Function to get the client IP address
77
  public function get_request_from() {
78
- $ipaddress = '';
79
- if (isset($_SERVER['HTTP_CLIENT_IP']))
80
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
81
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
82
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
83
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
84
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
85
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
86
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
87
- else if(isset($_SERVER['HTTP_FORWARDED']))
88
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
89
- else if(isset($_SERVER['REMOTE_ADDR']))
90
- $ipaddress = $_SERVER['REMOTE_ADDR'];
91
- else
92
- $ipaddress = 'UNKNOWN';
93
- return $ipaddress;
94
  }
95
 
96
 
75
 
76
  // Function to get the client IP address
77
  public function get_request_from() {
78
+ $ipaddress = '';
79
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
80
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
81
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
82
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
83
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
84
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
85
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
86
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
87
+ else if(isset($_SERVER['HTTP_FORWARDED']))
88
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
89
+ else if(isset($_SERVER['REMOTE_ADDR']))
90
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
91
+ else
92
+ $ipaddress = 'UNKNOWN';
93
+ return $ipaddress;
94
  }
95
 
96
 
includes/libs/TableDrivers/NinjaFooTable.php CHANGED
@@ -87,7 +87,7 @@ class NinjaFooTable
87
  $css = self::generateCustomColorCSS($tableArray, $extra_css);
88
  if ($css) {
89
  add_action('ninja_tables_after_table_print', function () use ($css) {
90
- echo $css; // WPCS: XSS ok.
91
  });
92
  }
93
  }
@@ -466,7 +466,7 @@ class NinjaFooTable
466
 
467
  $table_vars['init_config'] = self::getNinjaTableConfig($table_vars);
468
 
469
- self::addInlineVars(json_encode($table_vars, true), $table_id, $table_instance_name);
470
  $foo_table_attributes = self::getFootableAtrributes($table_vars);
471
 
472
  // We have to check if these css already rendered
@@ -536,7 +536,7 @@ class NinjaFooTable
536
  if (!$ownOnly && $isHtmlCacheEnabled) {
537
  $cachedTableData = self::getTableCachedHTML($tableId, $table_vars);
538
  if ($cachedTableData) {
539
- echo $cachedTableData; // WPCS: XSS ok.
540
  return;
541
  }
542
  }
@@ -557,11 +557,12 @@ class NinjaFooTable
557
  'table_columns' => $tableColumns,
558
  'table_rows' => $formatted_data
559
  ));
 
560
  if ($isHtmlCacheEnabled) {
561
  update_post_meta($tableId, '__last_ninja_table_last_cached_time', time());
562
  }
563
  update_post_meta($tableId, '__ninja_cached_table_html', $tableHtml);
564
- echo $tableHtml; // WPCS: XSS ok.
565
  return;
566
  }
567
 
@@ -660,7 +661,7 @@ class NinjaFooTable
660
  add_action('wp_footer', function () use ($vars, $table_id, $table_instance_name) {
661
  ?>
662
  <script type="text/javascript">
663
- window['<?php echo esc_attr($table_instance_name);?>'] = <?php echo $vars; // WPCS: XSS ok. ?>
664
  </script>
665
  <?php
666
  });
@@ -704,7 +705,7 @@ class NinjaFooTable
704
  $atts_string = '';
705
  if ($atts) {
706
  foreach ($atts as $att_name => $att) {
707
- $atts_string .= $att_name . '="' . $att . '" ';
708
  }
709
  }
710
  return (string) $atts_string;
87
  $css = self::generateCustomColorCSS($tableArray, $extra_css);
88
  if ($css) {
89
  add_action('ninja_tables_after_table_print', function () use ($css) {
90
+ echo ninjaTablesEscCss($css);
91
  });
92
  }
93
  }
466
 
467
  $table_vars['init_config'] = self::getNinjaTableConfig($table_vars);
468
 
469
+ self::addInlineVars($table_vars, $table_id, $table_instance_name);
470
  $foo_table_attributes = self::getFootableAtrributes($table_vars);
471
 
472
  // We have to check if these css already rendered
536
  if (!$ownOnly && $isHtmlCacheEnabled) {
537
  $cachedTableData = self::getTableCachedHTML($tableId, $table_vars);
538
  if ($cachedTableData) {
539
+ ninjaTablesPrintSafeVar($cachedTableData );
540
  return;
541
  }
542
  }
557
  'table_columns' => $tableColumns,
558
  'table_rows' => $formatted_data
559
  ));
560
+
561
  if ($isHtmlCacheEnabled) {
562
  update_post_meta($tableId, '__last_ninja_table_last_cached_time', time());
563
  }
564
  update_post_meta($tableId, '__ninja_cached_table_html', $tableHtml);
565
+ ninjaTablesPrintSafeVar($tableHtml);
566
  return;
567
  }
568
 
661
  add_action('wp_footer', function () use ($vars, $table_id, $table_instance_name) {
662
  ?>
663
  <script type="text/javascript">
664
+ window['<?php echo esc_attr($table_instance_name);?>'] = <?php echo json_encode($vars, true); ?>
665
  </script>
666
  <?php
667
  });
705
  $atts_string = '';
706
  if ($atts) {
707
  foreach ($atts as $att_name => $att) {
708
+ $atts_string .= $att_name . '="' . esc_attr($att) . '" ';
709
  }
710
  }
711
  return (string) $atts_string;
includes/libs/TableDrivers/views/ninja_foo_table.php CHANGED
@@ -13,7 +13,7 @@
13
  $table); ?>
14
  <?php endif; ?>
15
  <?php do_action('ninja_tables_before_table_print', $table, $table_vars); ?>
16
- <table data-ninja_table_instance="<?php echo esc_attr($table_instance_name); ?>" <?php echo $foo_table_attributes; // WPCS: XSS ok. ?>
17
  id="footable_<?php echo intval($table_id); ?>"
18
  data-unique_identifier="<?php echo esc_attr($tableArray['uniqueID']); ?>"
19
  class=" foo-table ninja_footable foo_table_<?php echo intval($table_id); ?> <?php echo esc_attr($tableArray['uniqueID']); ?> <?php echo esc_attr($table_classes); ?>">
13
  $table); ?>
14
  <?php endif; ?>
15
  <?php do_action('ninja_tables_before_table_print', $table, $table_vars); ?>
16
+ <table data-ninja_table_instance="<?php echo esc_attr($table_instance_name); ?>" <?php ninjaTablesPrintSafeVar($foo_table_attributes); ?>
17
  id="footable_<?php echo intval($table_id); ?>"
18
  data-unique_identifier="<?php echo esc_attr($tableArray['uniqueID']); ?>"
19
  class=" foo-table ninja_footable foo_table_<?php echo intval($table_id); ?> <?php echo esc_attr($tableArray['uniqueID']); ?> <?php echo esc_attr($table_classes); ?>">
includes/libs/TableDrivers/views/ninja_footable_css.php CHANGED
@@ -155,5 +155,5 @@ $cellPrefix = $css_prefix.'.ninja_footable.ninja_table_pro tbody tr.nt_row_id_'.
155
  }
156
  <?php endif; ?>
157
  <?php endif; ?>
158
- <?php echo $custom_css; // WPCS: XSS ok. ?>
159
  </style>
155
  }
156
  <?php endif; ?>
157
  <?php endif; ?>
158
+ <?php echo ninjaTablesEscCss($custom_css); ?>
159
  </style>
includes/ninja_tables-global-functions.php CHANGED
@@ -45,37 +45,37 @@ if (!function_exists('getDefaultNinjaTableSettings')) {
45
  $renderType = defined('NINJATABLESPRO') ? 'legacy_table' : 'ajax_table';
46
  $settings = get_option('_ninja_table_default_appearance_settings');
47
  $defaults = array(
48
- "perPage" => 20,
49
- "show_all" => false,
50
- "library" => 'footable',
51
- "css_lib" => 'semantic_ui',
52
- "enable_ajax" => false,
53
- "css_classes" => array(),
54
- "enable_search" => true,
55
- "column_sorting" => true,
56
- "default_sorting" => 'old_first',
57
- "sorting_type" => "by_created_at",
58
- "table_color" => 'ninja_no_color_table',
59
- "render_type" => $renderType,
60
- "table_color_type" => 'pre_defined_color',
61
- "expand_type" => 'default',
62
- 'stackable' => 'no',
63
- 'stacks_devices' => array(),
64
  'stacks_appearances' => array(),
65
- 'table_font_family' => 'inherit',
66
- 'table_font_size' => 14,
67
  );
68
- if(!$settings) {
69
  $defaults['css_classes'] = array(
70
  'selectable',
71
  'striped',
72
  'vertical_centered'
73
  );
74
  }
75
- if(!$settings) {
76
  $settings = array();
77
  }
78
- $settings = wp_parse_args($settings,$defaults);
79
 
80
  return apply_filters('get_default_ninja_table_settings', $settings);
81
  }
@@ -174,16 +174,16 @@ function ninjaTablesAllowedHtmlTags($tags)
174
  {
175
  $tags['a']['download'] = true;
176
  $tags['iframe'] = array(
177
- 'src' => true,
178
- 'srcdoc' => true,
179
- 'width' => true,
180
- 'height' => true,
181
- 'scrolling' => true,
182
- 'frameborder' => true,
183
- 'allow' => true,
184
- 'style' => true,
185
  'allowfullscreen' => true,
186
- 'name' => true
187
  );
188
 
189
  return $tags;
@@ -192,7 +192,7 @@ function ninjaTablesAllowedHtmlTags($tags)
192
  /**
193
  * Determine if the table's data has been migrated for manual sorting.
194
  *
195
- * @param int $tableId
196
  * @return bool
197
  */
198
  function ninjaTablesDataMigratedForManualSort($tableId)
@@ -207,7 +207,7 @@ function ninjaTablesDataMigratedForManualSort($tableId)
207
  /**
208
  * Determine if the user wants to disable the caching for the table.
209
  *
210
- * @param int $tableId
211
  * @return bool
212
  */
213
  function ninja_tables_shouldNotCache($tableId)
@@ -251,60 +251,100 @@ if (!function_exists('ninja_tables_is_valid_url')) {
251
  }
252
  }
253
 
254
- function ninja_tables_allowed_html_tags() {
 
255
  $tags = wp_kses_allowed_html('post');
256
 
257
  // form fields - input
258
- $tags['input'] = [
259
  'class' => [],
260
- 'id' => [],
261
- 'name' => [],
262
- 'value' => [],
263
- 'type' => [],
264
  'src' => []
265
  ];
266
- // select
267
- $tags['select'] = [
268
- 'class' => [],
269
- 'id' => [],
270
- 'name' => [],
271
- 'value' => [],
272
- 'type' => [],
273
  ];
274
- // select options
275
- $tags['option'] = [
276
  'selected' => [],
277
  ];
278
- // style
279
- $tags['style'] = [
280
- 'types' => [],
281
  ];
282
  // iframe
283
  $tags['iframe'] = [
284
- 'width' => [],
285
- 'height' => [],
286
- 'src' => [],
287
- 'srcdoc' => [],
288
- 'title' => [],
289
- 'frameborder' => [],
290
- 'allow' => [],
291
- 'class' => [],
292
- 'id' => [],
293
- 'allowfullscreen' => [],
294
- 'style' => [],
295
  ];
296
  // form
297
  $tags['form'] = [
298
- 'target' => [],
299
- 'action' => [],
300
- 'method' => [],
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
301
  ];
302
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
303
  return apply_filters('ninja_tables/allowed_html_tags', $tags);
304
  }
305
 
306
- function ninja_tables_allowed_css_properties() {
307
- add_filter( 'safe_style_css', function( $styles ) {
 
308
  $style_tags = ['display', 'opacity', 'visibility'];
309
  $style_tags = apply_filters('ninja_tables/allowed_css_properties', $style_tags);
310
 
@@ -312,7 +352,7 @@ function ninja_tables_allowed_css_properties() {
312
  $styles[] = $tag;
313
  }
314
  return $styles;
315
- } );
316
  }
317
 
318
  if (!function_exists('ninja_tables_sanitize_array')) {
@@ -325,11 +365,23 @@ if (!function_exists('ninja_tables_sanitize_array')) {
325
  $array[$key] = wp_kses($value, ninja_tables_allowed_html_tags());
326
  }
327
  }
328
-
329
  return $array;
330
  }
331
  }
332
 
 
 
 
 
 
 
 
 
 
 
 
 
 
333
 
334
  function ninjaTableGetExternalCachedData($tableId)
335
  {
@@ -374,7 +426,7 @@ if (!function_exists('getNinjaFluentFormMenuIcon')) {
374
  if (!function_exists('ninjaTablesGetPostStatuses')) {
375
  function ninjaTablesGetPostStatuses()
376
  {
377
- $post_status = [
378
  ['key' => 'publish', 'label' => 'Publish'],
379
  ['key' => 'pending', 'label' => 'Pending'],
380
  ['key' => 'draft', 'label' => 'Draft'],
@@ -404,7 +456,7 @@ if (!function_exists('ninja_table_format_header')) {
404
  function ninja_table_format_header($header)
405
  {
406
  $acceptedChars = array(
407
- 'a','b','c','d','e','f','g','h','i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q',
408
  'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9'
409
  );
410
 
@@ -416,7 +468,7 @@ if (!function_exists('ninja_table_format_header')) {
416
  $chars = str_split($string);
417
  $key = '';
418
  foreach ($chars as $char) {
419
- if(in_array($char, $acceptedChars)) {
420
  $key .= $char;
421
  }
422
  }
@@ -433,17 +485,17 @@ if (!function_exists('ninja_table_format_header')) {
433
  }
434
  }
435
 
436
- if(!function_exists('ninja_table_url_slug')) {
437
  function ninja_table_url_slug($str, $options = array())
438
  {
439
  // Make sure string is in UTF-8 and strip invalid UTF-8 characters
440
  $str = mb_convert_encoding((string)$str, 'UTF-8', mb_list_encodings());
441
 
442
  $defaults = array(
443
- 'delimiter' => '_',
444
- 'limit' => null,
445
- 'lowercase' => true,
446
- 'replacements' => array(),
447
  'transliterate' => true,
448
  );
449
 
@@ -795,15 +847,15 @@ function ninjaTableInsertDataToTable($tableId, $values, $header)
795
  }
796
 
797
  $data = array(
798
- 'table_id' => $tableId,
799
- 'attribute' => 'value',
800
- 'owner_id' => $userId,
801
- 'value' => json_encode($itemTemp, JSON_UNESCAPED_UNICODE),
802
  'created_at' => date('Y-m-d H:i:s', $timeStamp + $index),
803
  'updated_at' => $time
804
  );
805
 
806
- if(isset($item['position']) && defined('NINJAPROPLUGIN_VERSION')) {
807
  $data['position'] = $item['position'];
808
  }
809
 
@@ -819,16 +871,17 @@ function ninjaTableInsertDataToTable($tableId, $values, $header)
819
  }
820
  }
821
 
822
- function ninjaTablePerChunk($table_id = false) {
 
823
  return apply_filters('ninja_table_per_chunk', 3000, $table_id);
824
  }
825
 
826
  function ninja_table_clear_all_cache()
827
  {
828
  $tables = ninjaDB()->table('posts')
829
- ->select('ID')
830
- ->where('post_type', 'ninja-table')
831
- ->get();
832
  foreach ($tables as $table) {
833
  ninjaTablesClearTableDataCache($table->ID);
834
  }
@@ -838,11 +891,12 @@ function ninja_table_clear_all_cache()
838
  /**
839
  * Batch insert data using raw SQL query.
840
  *
841
- * @param string $table
842
- * @param array $rows
843
  * @return bool|int
844
  */
845
- function ninjtaTableBatchInsert($table, $rows) {
 
846
  global $wpdb;
847
 
848
  // Extract column list from first row of data
@@ -872,10 +926,11 @@ function ninjtaTableBatchInsert($table, $rows) {
872
  /**
873
  * Normalize every item, i.e. make string "true" to boolean true
874
  *
875
- * @param array $data
876
  * @return array
877
  */
878
- function ninjaTableNormalize($data = []) {
 
879
  foreach ($data as $key => $item) {
880
  if ($item == 'false') {
881
  $item = false;
@@ -900,10 +955,11 @@ function ninjaTableNormalize($data = []) {
900
  /**
901
  * Parse the given html content get the table IDs from the matched shortcodes.
902
  *
903
- * @param string $content
904
  * @return array
905
  */
906
- function ninjaTablesGetShortCodeIds($content) {
 
907
  $tag = 'ninja_tables';
908
 
909
  if (false === strpos($content, '[')) {
@@ -937,11 +993,13 @@ function ninjaTablesGetShortCodeIds($content) {
937
  /**
938
  * Preloads frontend custom font.
939
  */
940
- function ninjaTablePreloadFont () {
 
941
  add_action('wp_head', function () {
942
  $preloadFontUrl = NINJA_TABLES_DIR_URL . "assets/fonts/ninja-tables.woff2?" . NINJA_TABLES_PRELOAD_FONT_VERSION;
943
  ?>
944
- <link rel="preload" as="font" href="<?php echo esc_url($preloadFontUrl) ?>" type="font/woff2" crossorigin="anonymous">
 
945
  <?php
946
  }, 99);
947
  }
@@ -949,7 +1007,8 @@ function ninjaTablePreloadFont () {
949
  /**
950
  * Prints admin styles
951
  */
952
- function ninjaTablesAdminPrintStyles() {
 
953
  add_action('admin_print_styles', function () {
954
  ?>
955
  <style>
@@ -972,15 +1031,37 @@ function ninjaTablesAdminPrintStyles() {
972
  */
973
  function ninjaTablesValidateNonce($key = 'ninja_table_admin_nonce')
974
  {
975
- $nonce = \NinjaTables\Classes\ArrayHelper::get($_REQUEST, $key);
976
 
977
- if (!wp_verify_nonce($nonce, $key)) {
978
- $errors = apply_filters('ninja_tables_nonce_error', [
979
- '_ninjatablesnonce' => [
980
- __('Nonce verification failed, please try again.', 'ninja-tables')
981
- ]
982
- ]);
983
 
984
- wp_send_json(['errors' => $errors], 422);
985
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
986
  }
45
  $renderType = defined('NINJATABLESPRO') ? 'legacy_table' : 'ajax_table';
46
  $settings = get_option('_ninja_table_default_appearance_settings');
47
  $defaults = array(
48
+ "perPage" => 20,
49
+ "show_all" => false,
50
+ "library" => 'footable',
51
+ "css_lib" => 'semantic_ui',
52
+ "enable_ajax" => false,
53
+ "css_classes" => array(),
54
+ "enable_search" => true,
55
+ "column_sorting" => true,
56
+ "default_sorting" => 'old_first',
57
+ "sorting_type" => "by_created_at",
58
+ "table_color" => 'ninja_no_color_table',
59
+ "render_type" => $renderType,
60
+ "table_color_type" => 'pre_defined_color',
61
+ "expand_type" => 'default',
62
+ 'stackable' => 'no',
63
+ 'stacks_devices' => array(),
64
  'stacks_appearances' => array(),
65
+ 'table_font_family' => 'inherit',
66
+ 'table_font_size' => 14,
67
  );
68
+ if (!$settings) {
69
  $defaults['css_classes'] = array(
70
  'selectable',
71
  'striped',
72
  'vertical_centered'
73
  );
74
  }
75
+ if (!$settings) {
76
  $settings = array();
77
  }
78
+ $settings = wp_parse_args($settings, $defaults);
79
 
80
  return apply_filters('get_default_ninja_table_settings', $settings);
81
  }
174
  {
175
  $tags['a']['download'] = true;
176
  $tags['iframe'] = array(
177
+ 'src' => true,
178
+ 'srcdoc' => true,
179
+ 'width' => true,
180
+ 'height' => true,
181
+ 'scrolling' => true,
182
+ 'frameborder' => true,
183
+ 'allow' => true,
184
+ 'style' => true,
185
  'allowfullscreen' => true,
186
+ 'name' => true
187
  );
188
 
189
  return $tags;
192
  /**
193
  * Determine if the table's data has been migrated for manual sorting.
194
  *
195
+ * @param int $tableId
196
  * @return bool
197
  */
198
  function ninjaTablesDataMigratedForManualSort($tableId)
207
  /**
208
  * Determine if the user wants to disable the caching for the table.
209
  *
210
+ * @param int $tableId
211
  * @return bool
212
  */
213
  function ninja_tables_shouldNotCache($tableId)
251
  }
252
  }
253
 
254
+ function ninja_tables_allowed_html_tags()
255
+ {
256
  $tags = wp_kses_allowed_html('post');
257
 
258
  // form fields - input
259
+ $tags['input'] = [
260
  'class' => [],
261
+ 'id' => [],
262
+ 'name' => [],
263
+ 'value' => [],
264
+ 'type' => [],
265
  'src' => []
266
  ];
267
+ // select
268
+ $tags['select'] = [
269
+ 'class' => [],
270
+ 'id' => [],
271
+ 'name' => [],
272
+ 'value' => [],
273
+ 'type' => [],
274
  ];
275
+ // select options
276
+ $tags['option'] = [
277
  'selected' => [],
278
  ];
279
+ // style
280
+ $tags['style'] = [
281
+ 'types' => [],
282
  ];
283
  // iframe
284
  $tags['iframe'] = [
285
+ 'width' => [],
286
+ 'height' => [],
287
+ 'src' => [],
288
+ 'srcdoc' => [],
289
+ 'title' => [],
290
+ 'frameborder' => [],
291
+ 'allow' => [],
292
+ 'class' => [],
293
+ 'id' => [],
294
+ 'allowfullscreen' => [],
295
+ 'style' => [],
296
  ];
297
  // form
298
  $tags['form'] = [
299
+ 'target' => [],
300
+ 'action' => [],
301
+ 'method' => [],
302
+ ];
303
+ //button
304
+ $tags['button']['onclick'] = [];
305
+ // svg
306
+ $tags['svg'] = [
307
+ 'width' => [],
308
+ 'height' => [],
309
+ ];
310
+ // circle
311
+ $tags['circle'] = [
312
+ 'cx' => [],
313
+ 'cy' => [],
314
+ 'r' => [],
315
+ 'stroke' => [],
316
+ 'fill' => [],
317
+ 'stroke-width' => [],
318
  ];
319
 
320
+ if (empty($tags['svg'])) {
321
+ $svg_args = array(
322
+ 'svg' => array(
323
+ 'class' => true,
324
+ 'aria-hidden' => true,
325
+ 'aria-labelledby' => true,
326
+ 'role' => true,
327
+ 'xmlns' => true,
328
+ 'width' => true,
329
+ 'height' => true,
330
+ 'viewbox' => true, // <= Must be lower case!
331
+ ),
332
+ 'g' => array('fill' => true),
333
+ 'title' => array('title' => true),
334
+ 'path' => array(
335
+ 'd' => true,
336
+ 'fill' => true,
337
+ )
338
+ );
339
+ $tags = array_merge($tags, $svg_args);
340
+ }
341
+
342
  return apply_filters('ninja_tables/allowed_html_tags', $tags);
343
  }
344
 
345
+ function ninja_tables_allowed_css_properties()
346
+ {
347
+ add_filter('safe_style_css', function ($styles) {
348
  $style_tags = ['display', 'opacity', 'visibility'];
349
  $style_tags = apply_filters('ninja_tables/allowed_css_properties', $style_tags);
350
 
352
  $styles[] = $tag;
353
  }
354
  return $styles;
355
+ });
356
  }
357
 
358
  if (!function_exists('ninja_tables_sanitize_array')) {
365
  $array[$key] = wp_kses($value, ninja_tables_allowed_html_tags());
366
  }
367
  }
 
368
  return $array;
369
  }
370
  }
371
 
372
+ function ninja_tables_sanitize_table_content_array(array $array, $tableId)
373
+ {
374
+ foreach ($array as $key => $value) {
375
+ if (is_array($value)) {
376
+ $array[$key] = ninja_tables_sanitize_array($value);
377
+ } else {
378
+ $array[$key] = sanitize_post_field('post_content', $value, $tableId, 'db');
379
+ }
380
+ }
381
+
382
+ return $array;
383
+ }
384
+
385
 
386
  function ninjaTableGetExternalCachedData($tableId)
387
  {
426
  if (!function_exists('ninjaTablesGetPostStatuses')) {
427
  function ninjaTablesGetPostStatuses()
428
  {
429
+ $post_status = [
430
  ['key' => 'publish', 'label' => 'Publish'],
431
  ['key' => 'pending', 'label' => 'Pending'],
432
  ['key' => 'draft', 'label' => 'Draft'],
456
  function ninja_table_format_header($header)
457
  {
458
  $acceptedChars = array(
459
+ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q',
460
  'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9'
461
  );
462
 
468
  $chars = str_split($string);
469
  $key = '';
470
  foreach ($chars as $char) {
471
+ if (in_array($char, $acceptedChars)) {
472
  $key .= $char;
473
  }
474
  }
485
  }
486
  }
487
 
488
+ if (!function_exists('ninja_table_url_slug')) {
489
  function ninja_table_url_slug($str, $options = array())
490
  {
491
  // Make sure string is in UTF-8 and strip invalid UTF-8 characters
492
  $str = mb_convert_encoding((string)$str, 'UTF-8', mb_list_encodings());
493
 
494
  $defaults = array(
495
+ 'delimiter' => '_',
496
+ 'limit' => null,
497
+ 'lowercase' => true,
498
+ 'replacements' => array(),
499
  'transliterate' => true,
500
  );
501
 
847
  }
848
 
849
  $data = array(
850
+ 'table_id' => $tableId,
851
+ 'attribute' => 'value',
852
+ 'owner_id' => $userId,
853
+ 'value' => json_encode($itemTemp, JSON_UNESCAPED_UNICODE),
854
  'created_at' => date('Y-m-d H:i:s', $timeStamp + $index),
855
  'updated_at' => $time
856
  );
857
 
858
+ if (isset($item['position']) && defined('NINJAPROPLUGIN_VERSION')) {
859
  $data['position'] = $item['position'];
860
  }
861
 
871
  }
872
  }
873
 
874
+ function ninjaTablePerChunk($table_id = false)
875
+ {
876
  return apply_filters('ninja_table_per_chunk', 3000, $table_id);
877
  }
878
 
879
  function ninja_table_clear_all_cache()
880
  {
881
  $tables = ninjaDB()->table('posts')
882
+ ->select('ID')
883
+ ->where('post_type', 'ninja-table')
884
+ ->get();
885
  foreach ($tables as $table) {
886
  ninjaTablesClearTableDataCache($table->ID);
887
  }
891
  /**
892
  * Batch insert data using raw SQL query.
893
  *
894
+ * @param string $table
895
+ * @param array $rows
896
  * @return bool|int
897
  */
898
+ function ninjtaTableBatchInsert($table, $rows)
899
+ {
900
  global $wpdb;
901
 
902
  // Extract column list from first row of data
926
  /**
927
  * Normalize every item, i.e. make string "true" to boolean true
928
  *
929
+ * @param array $data
930
  * @return array
931
  */
932
+ function ninjaTableNormalize($data = [])
933
+ {
934
  foreach ($data as $key => $item) {
935
  if ($item == 'false') {
936
  $item = false;
955
  /**
956
  * Parse the given html content get the table IDs from the matched shortcodes.
957
  *
958
+ * @param string $content
959
  * @return array
960
  */
961
+ function ninjaTablesGetShortCodeIds($content)
962
+ {
963
  $tag = 'ninja_tables';
964
 
965
  if (false === strpos($content, '[')) {
993
  /**
994
  * Preloads frontend custom font.
995
  */
996
+ function ninjaTablePreloadFont()
997
+ {
998
  add_action('wp_head', function () {
999
  $preloadFontUrl = NINJA_TABLES_DIR_URL . "assets/fonts/ninja-tables.woff2?" . NINJA_TABLES_PRELOAD_FONT_VERSION;
1000
  ?>
1001
+ <link rel="preload" as="font" href="<?php echo esc_url($preloadFontUrl) ?>" type="font/woff2"
1002
+ crossorigin="anonymous">
1003
  <?php
1004
  }, 99);
1005
  }
1007
  /**
1008
  * Prints admin styles
1009
  */
1010
+ function ninjaTablesAdminPrintStyles()
1011
+ {
1012
  add_action('admin_print_styles', function () {
1013
  ?>
1014
  <style>
1031
  */
1032
  function ninjaTablesValidateNonce($key = 'ninja_table_admin_nonce')
1033
  {
1034
+ $nonce = \NinjaTables\Classes\ArrayHelper::get($_REQUEST, $key);
1035
 
1036
+ if (!wp_verify_nonce($nonce, $key)) {
1037
+ $errors = apply_filters('ninja_tables_nonce_error', [
1038
+ '_ninjatablesnonce' => [
1039
+ __('Nonce verification failed, please try again.', 'ninja-tables')
1040
+ ]
1041
+ ]);
1042
 
1043
+ wp_send_json(['errors' => $errors], 422);
1044
+ }
1045
+ }
1046
+
1047
+ if (!function_exists('ninjaTablesPrintSafeVar')) {
1048
+ function ninjaTablesPrintSafeVar($content, $esc_func = false)
1049
+ {
1050
+ if ($esc_func) {
1051
+ echo call_user_func($esc_func, $content);
1052
+ }
1053
+ // PHPCS - This content var is hardcoded variable or already escaped the contents by esc_* functions.
1054
+ echo $content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
1055
+ }
1056
+ }
1057
+
1058
+ if (!function_exists('ninjaTablesEscCss')) {
1059
+ function ninjaTablesEscCss($css)
1060
+ {
1061
+ if (preg_match('#</?\w+#', $css)) {
1062
+ return '';
1063
+ }
1064
+
1065
+ return $css;
1066
+ }
1067
  }
ninja-tables.php CHANGED
@@ -16,7 +16,7 @@
16
  * Plugin Name: Ninja Tables
17
  * Plugin URI: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/
18
  * Description: The Easiest & Fastest Responsive Table Plugin on WordPress. Multiple templates, drag-&-drop live table builder, multiple color scheme, and styles.
19
- * Version: 4.1.12
20
  * Author: WPManageNinja LLC
21
  * Author URI: https://wpmanageninja.com/
22
  * License: GPL-2.0+
@@ -33,7 +33,7 @@ if (!defined('WPINC')) {
33
  define('NINJA_TABLES_DIR_URL', plugin_dir_url(__FILE__));
34
  define('NINJA_TABLES_DIR_PATH', plugin_dir_path(__FILE__));
35
  define('NINJA_TABLES_PUBLIC_DIR_URL', NINJA_TABLES_DIR_URL . 'public/');
36
- define('NINJA_TABLES_VERSION', '4.1.12');
37
  define('NINJA_TABLES_ASSET_VERSION', '3.1.0');
38
  define('NINJA_TABLES_PRELOAD_FONT_VERSION', "1a82860cb5286f7833a2c33fbdd1d76c");
39
 
16
  * Plugin Name: Ninja Tables
17
  * Plugin URI: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/
18
  * Description: The Easiest & Fastest Responsive Table Plugin on WordPress. Multiple templates, drag-&-drop live table builder, multiple color scheme, and styles.
19
+ * Version: 4.1.13
20
  * Author: WPManageNinja LLC
21
  * Author URI: https://wpmanageninja.com/
22
  * License: GPL-2.0+
33
  define('NINJA_TABLES_DIR_URL', plugin_dir_url(__FILE__));
34
  define('NINJA_TABLES_DIR_PATH', plugin_dir_path(__FILE__));
35
  define('NINJA_TABLES_PUBLIC_DIR_URL', NINJA_TABLES_DIR_URL . 'public/');
36
+ define('NINJA_TABLES_VERSION', '4.1.13');
37
  define('NINJA_TABLES_ASSET_VERSION', '3.1.0');
38
  define('NINJA_TABLES_PRELOAD_FONT_VERSION', "1a82860cb5286f7833a2c33fbdd1d76c");
39
 
public/NinjaTablePublic.php CHANGED
@@ -455,7 +455,7 @@ class NinjaTablePublic
455
  NinjaFooTable::$tableCssStatuses[$tableId] = true;
456
 
457
  add_action('wp_head', function () use ($css) {
458
- echo $css; // WPCS: XSS ok.
459
  }, 99);
460
  }
461
  }
455
  NinjaFooTable::$tableCssStatuses[$tableId] = true;
456
 
457
  add_action('wp_head', function () use ($css) {
458
+ echo ninjaTablesEscCss($css);
459
  }, 99);
460
  }
461
  }
public/views/frameless/show_review.php CHANGED
@@ -32,7 +32,8 @@
32
 
33
  <div class="nt_preview_body">
34
  <div class="nt_preview_body_wrapper">
35
- <?php echo(do_shortcode('[ninja_tables id="' . $table_id . '"]')); ?>
 
36
  </div>
37
  </div>
38
  <div class="nt_preview_fotter">
32
 
33
  <div class="nt_preview_body">
34
  <div class="nt_preview_body_wrapper">
35
+ <?php // The shortcode HTML is already escaped line by line at table_inner_html.php ?>
36
+ <?php echo do_shortcode('[ninja_tables id="' . $table_id . '"]'); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
37
  </div>
38
  </div>
39
  <div class="nt_preview_fotter">
public/views/table_inner_html.php CHANGED
@@ -20,7 +20,7 @@ $hasImageFunction = function_exists('nt_parse_image_column');
20
  $header_row = '<th scope="col" ' . $colspan . ' class="' . implode(' ', (array)$table_column['classes']) . ' ' . $table_column['breakpoints'] . '">' . do_shortcode($table_column['title']) . '</th>' . $header_row;
21
  ?>
22
  <?php $counter = 1; endforeach; ?>
23
- <?php echo $header_row; // WPCS: XSS ok. ?>
24
  </tr>
25
  </thead>
26
  <tbody>
@@ -47,10 +47,10 @@ if ($table_rows && count($table_columns)):
47
  $column_value = (isset($table_row[$table_column['name']]) ? $table_row[$table_column['name']] : null);
48
  $columnValueDataAtts = '';
49
  $columnType = (isset($table_column['original']['data_type']) ? $table_column['original']['data_type'] : null);
50
- if(is_array($column_value)) {
51
- if($columnType == 'image') {
52
  $columnValueDataAtts = json_encode($column_value);
53
- if($hasImageFunction) {
54
  $column_value = nt_parse_image_column($column_value, $table_column);
55
  } else {
56
  $column_value = '';
@@ -60,8 +60,8 @@ if ($table_rows && count($table_columns)):
60
  $column_value = implode(', ', $column_value);
61
  $column_value = do_shortcode($column_value);
62
  }
63
- } else if($columnType == 'button') {
64
- if($hasImageFunction) {
65
  $column_value = nt_parse_button_column($column_value, $table_column);
66
  }
67
  } else {
@@ -82,8 +82,8 @@ if ($table_rows && count($table_columns)):
82
  // if colspan counter is greater than 1 then we are adding the colspan into the dom
83
  }
84
 
85
- if($columnValueDataAtts) {
86
- $row = '<td' . $colspan . ' data-json_values='.$columnValueDataAtts.'>' . $column_value . '</td>' . $row;
87
  } else {
88
  $row = '<td' . $colspan . '>' . $column_value . '</td>' . $row;
89
  }
@@ -91,7 +91,7 @@ if ($table_rows && count($table_columns)):
91
  $colSpanCounter = 1;
92
  // we are reseting the colspan counter value here because the colspan is done for this iteration
93
  }
94
- echo $row; // WPCS: XSS ok.
95
  ?>
96
  </tr>
97
  <?php endforeach; ?>
20
  $header_row = '<th scope="col" ' . $colspan . ' class="' . implode(' ', (array)$table_column['classes']) . ' ' . $table_column['breakpoints'] . '">' . do_shortcode($table_column['title']) . '</th>' . $header_row;
21
  ?>
22
  <?php $counter = 1; endforeach; ?>
23
+ <?php ninjaTablesPrintSafeVar($header_row); // the $header_row html attributes from admins are already escaped and sanitized ?>
24
  </tr>
25
  </thead>
26
  <tbody>
47
  $column_value = (isset($table_row[$table_column['name']]) ? $table_row[$table_column['name']] : null);
48
  $columnValueDataAtts = '';
49
  $columnType = (isset($table_column['original']['data_type']) ? $table_column['original']['data_type'] : null);
50
+ if (is_array($column_value)) {
51
+ if ($columnType == 'image') {
52
  $columnValueDataAtts = json_encode($column_value);
53
+ if ($hasImageFunction) {
54
  $column_value = nt_parse_image_column($column_value, $table_column);
55
  } else {
56
  $column_value = '';
60
  $column_value = implode(', ', $column_value);
61
  $column_value = do_shortcode($column_value);
62
  }
63
+ } else if ($columnType == 'button') {
64
+ if ($hasImageFunction) {
65
  $column_value = nt_parse_button_column($column_value, $table_column);
66
  }
67
  } else {
82
  // if colspan counter is greater than 1 then we are adding the colspan into the dom
83
  }
84
 
85
+ if ($columnValueDataAtts) {
86
+ $row = '<td' . $colspan . ' data-json_values=' . $columnValueDataAtts . '>' . $column_value . '</td>' . $row;
87
  } else {
88
  $row = '<td' . $colspan . '>' . $column_value . '</td>' . $row;
89
  }
91
  $colSpanCounter = 1;
92
  // we are reseting the colspan counter value here because the colspan is done for this iteration
93
  }
94
+ ninjaTablesPrintSafeVar($row); //the $row html attributes from admins are already escaped and sanitized
95
  ?>
96
  </tr>
97
  <?php endforeach; ?>
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: table builder, table plugin, wpdatatables, wordpress tables, table grid, c
5
  Requires at least: 4.5
6
  Requires PHP: 5.4 or greater
7
  Tested up to: 5.9
8
- Stable tag: 4.1.12
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -315,6 +315,10 @@ Yes, you can connect your Google spreadsheets to your WordPress table plugin by
315
 
316
  == Changelog ==
317
 
 
 
 
 
318
  =4.1.12 (Date: March 11, 2022) =
319
  * Fix Data _esc issues
320
  * UI improvements
5
  Requires at least: 4.5
6
  Requires PHP: 5.4 or greater
7
  Tested up to: 5.9
8
+ Stable tag: 4.1.13
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
315
 
316
  == Changelog ==
317
 
318
+ =4.1.13 Date: March 18, 2021) =
319
+ * Fix Data sanitization and esc_* functions
320
+ * Support for Raw HTMLs in table cells
321
+
322
  =4.1.12 (Date: March 11, 2022) =
323
  * Fix Data _esc issues
324
  * UI improvements