Payment Form for PayPal Pro - Version 1.1.55

Version Description

  • Code improvements

=

Download this release

Release Info

Developer codepeople
Plugin Icon 128x128 Payment Form for PayPal Pro
Version 1.1.55
Comparing to
See all releases

Code changes from version 1.1.54 to 1.1.55

README.txt CHANGED
@@ -293,7 +293,10 @@ A: In all plugin versions you can turn off IP tracking to avoid saving that user
293
= 1.1.54 =
294
* Added new nonces verifications
295
296
== Upgrade Notice ==
297
298
- = 1.1.54 =
299
- * Added new nonces verifications
293
= 1.1.54 =
294
* Added new nonces verifications
295
296
+ = 1.1.55 =
297
+ * Code improvements
298
+
299
== Upgrade Notice ==
300
301
+ = 1.1.55 =
302
+ * Code improvements
cp_ppp.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: Payment Form for PayPal Pro
4
Plugin URI: https://wordpress.dwbooster.com/forms/paypal-payment-pro-form
5
Description: Payment Form for PayPal Pro to accept credit cards directly into your website. Official PayPal Partner.
6
- Version: 1.1.54
7
Author: CodePeople
8
Author URI: https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro
9
License: GPL
@@ -1003,7 +1003,7 @@ function cp_ppp_check_posted_data() {
1003
$rows_affected = $wpdb->insert( CP_PPP_POSTS_TABLE_NAME, array( 'formid' => CP_PPP_ID,
1004
'time' => current_time('mysql'),
1005
'ipaddr' => ($saveipaddr?$_SERVER['REMOTE_ADDR']:'-'),
1006
- 'notifyto' => (@$_POST[$to]?$_POST[$to]:''),
1007
'paypal_post' => serialize($params),
1008
'posted_data' => serialize($params),
1009
'data' =>$buffer_A .($coupon?"\n\nCoupon code:".$coupon->code.$discount_note:"")
3
Plugin Name: Payment Form for PayPal Pro
4
Plugin URI: https://wordpress.dwbooster.com/forms/paypal-payment-pro-form
5
Description: Payment Form for PayPal Pro to accept credit cards directly into your website. Official PayPal Partner.
6
+ Version: 1.1.55
7
Author: CodePeople
8
Author URI: https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro
9
License: GPL
1003
$rows_affected = $wpdb->insert( CP_PPP_POSTS_TABLE_NAME, array( 'formid' => CP_PPP_ID,
1004
'time' => current_time('mysql'),
1005
'ipaddr' => ($saveipaddr?$_SERVER['REMOTE_ADDR']:'-'),
1006
+ 'notifyto' => sanitize_email((@$_POST[$to]?$_POST[$to]:'')),
1007
'paypal_post' => serialize($params),
1008
'posted_data' => serialize($params),
1009
'data' =>$buffer_A .($coupon?"\n\nCoupon code:".$coupon->code.$discount_note:"")
cp_ppp_admin_int_message_list.inc.php CHANGED
@@ -11,13 +11,14 @@ if (!defined('CP_PPP_ID'))
11
12
global $wpdb;
13
14
15
$current_user = wp_get_current_user();
16
$current_user_access = current_user_can('manage_options');
17
18
$message = "";
19
20
- if (isset($_GET['lu']) && $_GET['lu'] != '')
21
{
22
$wpdb->query( $wpdb->prepare (
23
'UPDATE `'.CP_PPP_POSTS_TABLE_NAME.'` SET paid=%s WHERE id=%d',
@@ -26,7 +27,7 @@ if (isset($_GET['lu']) && $_GET['lu'] != '')
26
);
27
$message = "Item updated";
28
}
29
- else if (isset($_GET['ld']) && $_GET['ld'] != '')
30
{
31
$wpdb->query( $wpdb->prepare ( 'DELETE FROM `'.CP_PPP_POSTS_TABLE_NAME.'` WHERE id=%d', intval($_GET['ld'])) );
32
$message = "Item deleted";
@@ -70,13 +71,13 @@ if ($message) echo "<div id='setting-error-settings_updated' class='updated sett
70
<script type="text/javascript">
71
function cp_updateMessageItem(id,status)
72
{
73
- document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&status='+status+'&lu='+id+'&r='+Math.random( );
74
}
75
function cp_deleteMessageItem(id)
76
{
77
if (confirm('Are you sure that you want to delete this item?'))
78
{
79
- document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&ld='+id+'&r='+Math.random();
80
}
81
}
82
</script>
@@ -149,9 +150,9 @@ echo paginate_links( array(
149
<tbody id="the-list">
150
<?php for ($i=($current_page-1)*$records_per_page; $i<$current_page*$records_per_page; $i++) if (isset($events[$i])) { ?>
151
<tr class='<?php if (!($i%2)) { ?>alternate <?php } ?>author-self status-draft format-default iedit' valign="top">
152
- <td><?php echo $events[$i]->id; ?></td>
153
<td><?php echo substr($events[$i]->time,0,16); ?></td>
154
- <td><?php echo $events[$i]->notifyto; ?></td>
155
<td><?php
156
$data = $events[$i]->data;
157
$posted_data = unserialize($events[$i]->posted_data);
@@ -167,7 +168,7 @@ echo paginate_links( array(
167
<?php
168
if ($events[$i]->paid) {
169
echo '<span style="color:#00aa00;font-weight:bold">'.__("Paid").'</span><hr />';
170
- if (substr($events[$i]->paypal_post,0,2) != 'a:') echo str_replace("\n","<br />",$events[$i]->paypal_post);
171
}
172
else
173
echo '<span style="color:#ff0000;font-weight:bold">'.__("Not Paid").'</span>';
11
12
global $wpdb;
13
14
+ $nonce = wp_create_nonce( 'uname_pppromlist' );
15
16
$current_user = wp_get_current_user();
17
$current_user_access = current_user_can('manage_options');
18
19
$message = "";
20
21
+ if (isset($_GET['lu']) && $_GET['lu'] != '' && wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_pppromlist' ))
22
{
23
$wpdb->query( $wpdb->prepare (
24
'UPDATE `'.CP_PPP_POSTS_TABLE_NAME.'` SET paid=%s WHERE id=%d',
27
);
28
$message = "Item updated";
29
}
30
+ else if (isset($_GET['ld']) && $_GET['ld'] != '' && wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_pppromlist' ))
31
{
32
$wpdb->query( $wpdb->prepare ( 'DELETE FROM `'.CP_PPP_POSTS_TABLE_NAME.'` WHERE id=%d', intval($_GET['ld'])) );
33
$message = "Item deleted";
71
<script type="text/javascript">
72
function cp_updateMessageItem(id,status)
73
{
74
+ document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&status='+status+'&lu='+id+'&_wpnonce=<?php echo $nonce; ?>';
75
}
76
function cp_deleteMessageItem(id)
77
{
78
if (confirm('Are you sure that you want to delete this item?'))
79
{
80
+ document.location = 'admin.php?page=cp_ppp&cal=<?php echo CP_PPP_ID; ?>&list=1&ld='+id+'&_wpnonce=<?php echo $nonce; ?>';
81
}
82
}
83
</script>
150
<tbody id="the-list">
151
<?php for ($i=($current_page-1)*$records_per_page; $i<$current_page*$records_per_page; $i++) if (isset($events[$i])) { ?>
152
<tr class='<?php if (!($i%2)) { ?>alternate <?php } ?>author-self status-draft format-default iedit' valign="top">
153
+ <td><?php echo intval($events[$i]->id); ?></td>
154
<td><?php echo substr($events[$i]->time,0,16); ?></td>
155
+ <td><?php echo sanitize_email($events[$i]->notifyto); ?></td>
156
<td><?php
157
$data = $events[$i]->data;
158
$posted_data = unserialize($events[$i]->posted_data);
168
<?php
169
if ($events[$i]->paid) {
170
echo '<span style="color:#00aa00;font-weight:bold">'.__("Paid").'</span><hr />';
171
+ if (substr($events[$i]->paypal_post,0,2) != 'a:') echo esc_html(str_replace("\n","<br />",$events[$i]->paypal_post));
172
}
173
else
174
echo '<span style="color:#ff0000;font-weight:bold">'.__("Not Paid").'</span>';