Version Description
- Code improvements
=
Download this release
Release Info
| Developer | codepeople |
| Plugin |  Payment Form for PayPal Pro |
| Version | 1.1.55 |
| Comparing to | |
| See all releases | |
Code changes from version 1.1.54 to 1.1.55
- README.txt +5 -2
- cp_ppp.php +2 -2
- cp_ppp_admin_int_message_list.inc.php +8 -7
README.txt
CHANGED
|
@@ -293,7 +293,10 @@ A: In all plugin versions you can turn off IP tracking to avoid saving that user
|
|
| 293 |
= 1.1.54 =
|
| 294 |
* Added new nonces verifications
|
| 295 |
|
|
|
|
|
|
|
|
|
|
| 296 |
== Upgrade Notice ==
|
| 297 |
|
| 298 |
-
= 1.1.
|
| 299 |
-
*
|
| 293 |
= 1.1.54 =
|
| 294 |
* Added new nonces verifications
|
| 295 |
|
| 296 |
+
= 1.1.55 =
|
| 297 |
+
* Code improvements
|
| 298 |
+
|
| 299 |
== Upgrade Notice ==
|
| 300 |
|
| 301 |
+
= 1.1.55 =
|
| 302 |
+
* Code improvements
|
cp_ppp.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Payment Form for PayPal Pro
|
| 4 |
Plugin URI: https://wordpress.dwbooster.com/forms/paypal-payment-pro-form
|
| 5 |
Description: Payment Form for PayPal Pro to accept credit cards directly into your website. Official PayPal Partner.
|
| 6 |
-
Version: 1.1.
|
| 7 |
Author: CodePeople
|
| 8 |
Author URI: https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro
|
| 9 |
License: GPL
|
|
@@ -1003,7 +1003,7 @@ function cp_ppp_check_posted_data() {
|
|
| 1003 |
$rows_affected = $wpdb->insert( CP_PPP_POSTS_TABLE_NAME, array( 'formid' => CP_PPP_ID,
|
| 1004 |
'time' => current_time('mysql'),
|
| 1005 |
'ipaddr' => ($saveipaddr?$_SERVER['REMOTE_ADDR']:'-'),
|
| 1006 |
-
'notifyto' => (@$_POST[$to]?$_POST[$to]:''),
|
| 1007 |
'paypal_post' => serialize($params),
|
| 1008 |
'posted_data' => serialize($params),
|
| 1009 |
'data' =>$buffer_A .($coupon?"\n\nCoupon code:".$coupon->code.$discount_note:"")
|
| 3 |
Plugin Name: Payment Form for PayPal Pro
|
| 4 |
Plugin URI: https://wordpress.dwbooster.com/forms/paypal-payment-pro-form
|
| 5 |
Description: Payment Form for PayPal Pro to accept credit cards directly into your website. Official PayPal Partner.
|
| 6 |
+
Version: 1.1.55
|
| 7 |
Author: CodePeople
|
| 8 |
Author URI: https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro
|
| 9 |
License: GPL
|
| 1003 |
$rows_affected = $wpdb->insert( CP_PPP_POSTS_TABLE_NAME, array( 'formid' => CP_PPP_ID,
|
| 1004 |
'time' => current_time('mysql'),
|
| 1005 |
'ipaddr' => ($saveipaddr?$_SERVER['REMOTE_ADDR']:'-'),
|
| 1006 |
+
'notifyto' => sanitize_email((@$_POST[$to]?$_POST[$to]:'')),
|
| 1007 |
'paypal_post' => serialize($params),
|
| 1008 |
'posted_data' => serialize($params),
|
| 1009 |
'data' =>$buffer_A .($coupon?"\n\nCoupon code:".$coupon->code.$discount_note:"")
|
cp_ppp_admin_int_message_list.inc.php
CHANGED
|
@@ -11,13 +11,14 @@ if (!defined('CP_PPP_ID'))
|
|
| 11 |
|
| 12 |
global $wpdb;
|
| 13 |
|
|
|
|
| 14 |
|
| 15 |
$current_user = wp_get_current_user();
|
| 16 |
$current_user_access = current_user_can('manage_options');
|
| 17 |
|
| 18 |
$message = "";
|
| 19 |
|
| 20 |
-
if (isset($_GET['lu']) && $_GET['lu'] != '')
|
| 21 |
{
|
| 22 |
$wpdb->query( $wpdb->prepare (
|
| 23 |
'UPDATE `'.CP_PPP_POSTS_TABLE_NAME.'` SET paid=%s WHERE id=%d',
|
|
@@ -26,7 +27,7 @@ if (isset($_GET['lu']) && $_GET['lu'] != '')
|
|
| 26 |
);
|
| 27 |
$message = "Item updated";
|
| 28 |
}
|
| 29 |
-
else if (isset($_GET['ld']) && $_GET['ld'] != '')
|
| 30 |
{
|
| 31 |
$wpdb->query( $wpdb->prepare ( 'DELETE FROM `'.CP_PPP_POSTS_TABLE_NAME.'` WHERE id=%d', intval($_GET['ld'])) );
|
| 32 |
$message = "Item deleted";
|
|
@@ -70,13 +71,13 @@ if ($message) echo "<div id='setting-error-settings_updated' class='updated sett
|
|
| 70 |
<script type="text/javascript">
|
| 71 |
function cp_updateMessageItem(id,status)
|
| 72 |
{
|
| 73 |
-
document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&status='+status+'&lu='+id+'&
|
| 74 |
}
|
| 75 |
function cp_deleteMessageItem(id)
|
| 76 |
{
|
| 77 |
if (confirm('Are you sure that you want to delete this item?'))
|
| 78 |
{
|
| 79 |
-
document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&ld='+id+'&
|
| 80 |
}
|
| 81 |
}
|
| 82 |
</script>
|
|
@@ -149,9 +150,9 @@ echo paginate_links( array(
|
|
| 149 |
<tbody id="the-list">
|
| 150 |
<?php for ($i=($current_page-1)*$records_per_page; $i<$current_page*$records_per_page; $i++) if (isset($events[$i])) { ?>
|
| 151 |
<tr class='<?php if (!($i%2)) { ?>alternate <?php } ?>author-self status-draft format-default iedit' valign="top">
|
| 152 |
-
<td><?php echo $events[$i]->id; ?></td>
|
| 153 |
<td><?php echo substr($events[$i]->time,0,16); ?></td>
|
| 154 |
-
<td><?php echo $events[$i]->notifyto; ?></td>
|
| 155 |
<td><?php
|
| 156 |
$data = $events[$i]->data;
|
| 157 |
$posted_data = unserialize($events[$i]->posted_data);
|
|
@@ -167,7 +168,7 @@ echo paginate_links( array(
|
|
| 167 |
<?php
|
| 168 |
if ($events[$i]->paid) {
|
| 169 |
echo '<span style="color:#00aa00;font-weight:bold">'.__("Paid").'</span><hr />';
|
| 170 |
-
if (substr($events[$i]->paypal_post,0,2) != 'a:') echo str_replace("\n","<br />",$events[$i]->paypal_post);
|
| 171 |
}
|
| 172 |
else
|
| 173 |
echo '<span style="color:#ff0000;font-weight:bold">'.__("Not Paid").'</span>';
|
| 11 |
|
| 12 |
global $wpdb;
|
| 13 |
|
| 14 |
+
$nonce = wp_create_nonce( 'uname_pppromlist' );
|
| 15 |
|
| 16 |
$current_user = wp_get_current_user();
|
| 17 |
$current_user_access = current_user_can('manage_options');
|
| 18 |
|
| 19 |
$message = "";
|
| 20 |
|
| 21 |
+
if (isset($_GET['lu']) && $_GET['lu'] != '' && wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_pppromlist' ))
|
| 22 |
{
|
| 23 |
$wpdb->query( $wpdb->prepare (
|
| 24 |
'UPDATE `'.CP_PPP_POSTS_TABLE_NAME.'` SET paid=%s WHERE id=%d',
|
| 27 |
);
|
| 28 |
$message = "Item updated";
|
| 29 |
}
|
| 30 |
+
else if (isset($_GET['ld']) && $_GET['ld'] != '' && wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_pppromlist' ))
|
| 31 |
{
|
| 32 |
$wpdb->query( $wpdb->prepare ( 'DELETE FROM `'.CP_PPP_POSTS_TABLE_NAME.'` WHERE id=%d', intval($_GET['ld'])) );
|
| 33 |
$message = "Item deleted";
|
| 71 |
<script type="text/javascript">
|
| 72 |
function cp_updateMessageItem(id,status)
|
| 73 |
{
|
| 74 |
+
document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&status='+status+'&lu='+id+'&_wpnonce=<?php echo $nonce; ?>';
|
| 75 |
}
|
| 76 |
function cp_deleteMessageItem(id)
|
| 77 |
{
|
| 78 |
if (confirm('Are you sure that you want to delete this item?'))
|
| 79 |
{
|
| 80 |
+
document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&ld='+id+'&_wpnonce=<?php echo $nonce; ?>';
|
| 81 |
}
|
| 82 |
}
|
| 83 |
</script>
|
| 150 |
<tbody id="the-list">
|
| 151 |
<?php for ($i=($current_page-1)*$records_per_page; $i<$current_page*$records_per_page; $i++) if (isset($events[$i])) { ?>
|
| 152 |
<tr class='<?php if (!($i%2)) { ?>alternate <?php } ?>author-self status-draft format-default iedit' valign="top">
|
| 153 |
+
<td><?php echo intval($events[$i]->id); ?></td>
|
| 154 |
<td><?php echo substr($events[$i]->time,0,16); ?></td>
|
| 155 |
+
<td><?php echo sanitize_email($events[$i]->notifyto); ?></td>
|
| 156 |
<td><?php
|
| 157 |
$data = $events[$i]->data;
|
| 158 |
$posted_data = unserialize($events[$i]->posted_data);
|
| 168 |
<?php
|
| 169 |
if ($events[$i]->paid) {
|
| 170 |
echo '<span style="color:#00aa00;font-weight:bold">'.__("Paid").'</span><hr />';
|
| 171 |
+
if (substr($events[$i]->paypal_post,0,2) != 'a:') echo esc_html(str_replace("\n","<br />",$events[$i]->paypal_post));
|
| 172 |
}
|
| 173 |
else
|
| 174 |
echo '<span style="color:#ff0000;font-weight:bold">'.__("Not Paid").'</span>';
|
