Popup Builder – Responsive WordPress Pop up

Version Description

Release Info

Developer	Sygnoos
Plugin	Popup Builder – Responsive WordPress Pop up
Version	4.0.9
Comparing to
See all releases

Code changes from version 4.0.8 to 4.0.9

Files changed (18) hide show

com/classes/Actions.php +1 -1
com/classes/ConditionCreator.php +1 -1
com/classes/PopupLoader.php +3 -3
com/classes/RegisterPostType.php +2 -2
com/classes/Updates.php +1 -1
com/classes/components/Menu.php +1 -1
com/classes/dataTable/Subscribers.php +1 -1
com/config/configPackage.php +1 -1
com/helpers/AdminHelper.php +6 -6
com/libs/Importer.php +1 -1
com/libs/ListTable.php +1 -1
com/libs/Table.php +1 -1
popup-builder.php +1 -1
public/views/customEditor.php +1 -1
public/views/htmlCustomButtonElement.php +1 -1
public/views/mediaButton.php +1 -1
public/views/options/subscription.php +1 -1
readme.txt +5 -2

com/classes/Actions.php CHANGED Viewed

	@@ -1434,7 +1434,7 @@ class Actions
1434	wp_redirect(get_home_url());
1435	exit();
1436	}
1437	- $query .= ' ORDER BY '.$orderBy.' '.$_GET['order'];
1438	}
1439	}
1440	$content = '';


1434	wp_redirect(get_home_url());
1435	exit();
1436	}
1437	+ $query .= ' ORDER BY '.$orderBy.' '.sanitize_text_field($_GET['order']);
1438	}
1439	}
1440	$content = '';

com/classes/ConditionCreator.php CHANGED Viewed

	@@ -437,7 +437,7 @@ class ConditionCreator
437	$popupId = $conditionObj->getPopupId();
438	}
439	else if(!empty($_GET['post'])) {
440	- $popupId = $_GET['post'];
441	}
442
443	return $popupId;


437	$popupId = $conditionObj->getPopupId();
438	}
439	else if(!empty($_GET['post'])) {
440	+ $popupId = sanitize_text_field($_GET['post']);
441	}
442
443	return $popupId;

com/classes/PopupLoader.php CHANGED Viewed

	@@ -55,8 +55,8 @@ class PopupLoader
55	if (isset($_GET['sg_popup_id']) \|\| isset($_GET['sg_popup_preview_id']) \|\| $currentUrl !== false) {
56	$args = array();
57	$previewPopups = array();
58	- $getterId = isset($_GET['sg_popup_id']) ? (int)$_GET['sg_popup_id'] : 0;
59	- $previewedPopupId = isset($_GET['sg_popup_preview_id']) ? (int)$_GET['sg_popup_preview_id'] : 0;
60	if (isset($_GET['sg_popup_preview_id'])) {
61	$getterId = $previewedPopupId;
62	$args['is-preview'] = true;
	@@ -67,7 +67,7 @@ class PopupLoader
67	if ($currentUrl !== false) {
68	$getterId = $previewedPopupId;
69	if (isset($_GET['preview_id'])) {
70	- $getterId = (int)$_GET['preview_id'];
71	}
72	}
73


55	if (isset($_GET['sg_popup_id']) \|\| isset($_GET['sg_popup_preview_id']) \|\| $currentUrl !== false) {
56	$args = array();
57	$previewPopups = array();
58	+ $getterId = isset($_GET['sg_popup_id']) ? (int)sanitize_text_field($_GET['sg_popup_id']) : 0;
59	+ $previewedPopupId = isset($_GET['sg_popup_preview_id']) ? (int)sanitize_text_field($_GET['sg_popup_preview_id']) : 0;
60	if (isset($_GET['sg_popup_preview_id'])) {
61	$getterId = $previewedPopupId;
62	$args['is-preview'] = true;

67	if ($currentUrl !== false) {
68	$getterId = $previewedPopupId;
69	if (isset($_GET['preview_id'])) {
70	+ $getterId = (int)sanitize_text_field($_GET['preview_id']);
71	}
72	}
73

com/classes/RegisterPostType.php CHANGED Viewed

	@@ -143,7 +143,7 @@ class RegisterPostType
143	$popupId = 0;
144
145	if (!empty($_GET['post'])) {
146	- $popupId = (int)$_GET['post'];
147	}
148
149	$popupType = $this->getPopupTypeName();
	@@ -162,7 +162,7 @@ class RegisterPostType
162	* if the post id doesn't exist, we try to find it with $_GET['sgpb_type']
163	*/
164	if (!empty($_GET['post'])) {
165	- $popupId = (int)$_GET['post'];
166	$popupOptionsData = SGPopup::getPopupOptionsById($popupId);
167	if (!empty($popupOptionsData['sgpb-type'])) {
168	$popupType = $popupOptionsData['sgpb-type'];


143	$popupId = 0;
144
145	if (!empty($_GET['post'])) {
146	+ $popupId = (int)sanitize_text_field($_GET['post']);
147	}
148
149	$popupType = $this->getPopupTypeName();

162	* if the post id doesn't exist, we try to find it with $_GET['sgpb_type']
163	*/
164	if (!empty($_GET['post'])) {
165	+ $popupId = (int)sanitize_text_field($_GET['post']);
166	$popupOptionsData = SGPopup::getPopupOptionsById($popupId);
167	if (!empty($popupOptionsData['sgpb-type'])) {
168	$popupType = $popupOptionsData['sgpb-type'];

com/classes/Updates.php CHANGED Viewed

	@@ -164,7 +164,7 @@ class Updates
164	public function sgpbAdminNotices()
165	{
166	if (isset($_GET['sl_activation']) && !empty($_GET['message'])) {
167	- switch ($_GET['sl_activation']) {
168	case 'false':
169	$message = urldecode($_GET['message']);
170	?>


164	public function sgpbAdminNotices()
165	{
166	if (isset($_GET['sl_activation']) && !empty($_GET['message'])) {
167	+ switch (sanitize_text_field($_GET['sl_activation'])) {
168	case 'false':
169	$message = urldecode($_GET['message']);
170	?>

com/classes/components/Menu.php CHANGED Viewed

	@@ -225,7 +225,7 @@ class SGPBMenu
225	{
226	delete_post_meta($item_id, '_menu_sgpb_popup_id');
227	if (isset($_POST['menu-item-pb'][$item_id]['popup'])) {
228	- $popupId = (int)$_POST['menu-item-pb'][$item_id]['popup'];
229	update_post_meta($item_id, '_menu_sgpb_popup_id', $popupId);
230	}
231	}


225	{
226	delete_post_meta($item_id, '_menu_sgpb_popup_id');
227	if (isset($_POST['menu-item-pb'][$item_id]['popup'])) {
228	+ $popupId = (int)sanitize_text_field($_POST['menu-item-pb'][$item_id]['popup']);
229	update_post_meta($item_id, '_menu_sgpb_popup_id', $popupId);
230	}
231	}

com/classes/dataTable/Subscribers.php CHANGED Viewed

	@@ -97,7 +97,7 @@ class Subscribers extends SGPBTable
97	$selectedPopup = '';
98
99	if (isset($_GET['sgpb-subscription-popup-id'])) {
100	- $selectedPopup = (int)$_GET['sgpb-subscription-popup-id'];
101	}
102
103	ob_start();


97	$selectedPopup = '';
98
99	if (isset($_GET['sgpb-subscription-popup-id'])) {
100	+ $selectedPopup = (int)sanitize_text_field($_GET['sgpb-subscription-popup-id']);
101	}
102
103	ob_start();

com/config/configPackage.php CHANGED Viewed

	@@ -3,6 +3,6 @@ if (!defined('ABSPATH')) {
3	exit();
4	}
5
6	- define('SG_POPUP_VERSION', '4.0.8');
7	define('SGPB_POPUP_PKG', SGPB_POPUP_PKG_FREE);
8	define('POPUP_BUILDER_BASENAME', 'popupbuilder-platinum/popup-builder.php');


3	exit();
4	}
5
6	+ define('SG_POPUP_VERSION', '4.0.9');
7	define('SGPB_POPUP_PKG', SGPB_POPUP_PKG_FREE);
8	define('POPUP_BUILDER_BASENAME', 'popupbuilder-platinum/popup-builder.php');

com/helpers/AdminHelper.php CHANGED Viewed

	@@ -345,7 +345,7 @@ class AdminHelper
345	$query .= ' LEFT JOIN '.$postsTablename.' ON '.$postsTablename.'.ID='.$subscribersTablename.'.subscriptionType';
346
347	if (isset($_GET['sgpb-subscription-popup-id']) && !empty($_GET['sgpb-subscription-popup-id'])) {
348	- $filterCriteria = ~~esc_sql~~($_GET['sgpb-subscription-popup-id']);
349	if ($filterCriteria != 'all') {
350	$searchQuery .= " AND (subscriptionType = $filterCriteria)";
351	}
	@@ -354,7 +354,7 @@ class AdminHelper
354	$searchQuery .= ' AND ';
355	}
356	if (isset($_GET['s']) && !empty($_GET['s'])) {
357	- $searchCriteria = ~~esc_sql~~($_GET['s']);
358	$lastPartOfTheQuery = substr($searchQuery, -5);
359	if (strpos($lastPartOfTheQuery, 'AND') <= 0) {
360	$searchQuery .= ' AND ';
	@@ -362,7 +362,7 @@ class AdminHelper
362	$searchQuery .= "(firstName LIKE '%$searchCriteria%' or lastName LIKE '%$searchCriteria%' or email LIKE '%$searchCriteria%' or $postsTablename.post_title LIKE '%$searchCriteria%')";
363	}
364	if (isset($_GET['sgpb-subscribers-date']) && !empty($_GET['sgpb-subscribers-date'])) {
365	- $filterCriteria = ~~esc_sql~~($_GET['sgpb-subscribers-date']);
366	if ($filterCriteria != 'all') {
367	if ($searchQuery != '') {
368	$searchQuery .= ' AND ';
	@@ -786,13 +786,13 @@ class AdminHelper
786	{
787	$type = '';
788	if (!empty($_GET['sgpb_type'])) {
789	- $type = $_GET['sgpb_type'];
790	}
791
792	$currentPostType = self::getCurrentPostType();
793
794	if ($currentPostType == SG_POPUP_POST_TYPE && !empty($_GET['post'])) {
795	- $popupObj = SGPopup::find($_GET['post']);
796	if (is_object($popupObj)) {
797	$type = $popupObj->getType();
798	}
	@@ -817,7 +817,7 @@ class AdminHelper
817	}
818
819	if (empty($currentPostType) && !empty($_GET['post'])) {
820	- $currentPostType = get_post_type($_GET['post']);
821	}
822
823	return $currentPostType;


345	$query .= ' LEFT JOIN '.$postsTablename.' ON '.$postsTablename.'.ID='.$subscribersTablename.'.subscriptionType';
346
347	if (isset($_GET['sgpb-subscription-popup-id']) && !empty($_GET['sgpb-subscription-popup-id'])) {
348	+ $filterCriteria = sanitize_text_field($_GET['sgpb-subscription-popup-id']);
349	if ($filterCriteria != 'all') {
350	$searchQuery .= " AND (subscriptionType = $filterCriteria)";
351	}

354	$searchQuery .= ' AND ';
355	}
356	if (isset($_GET['s']) && !empty($_GET['s'])) {
357	+ $searchCriteria = sanitize_text_field($_GET['s']);
358	$lastPartOfTheQuery = substr($searchQuery, -5);
359	if (strpos($lastPartOfTheQuery, 'AND') <= 0) {
360	$searchQuery .= ' AND ';

362	$searchQuery .= "(firstName LIKE '%$searchCriteria%' or lastName LIKE '%$searchCriteria%' or email LIKE '%$searchCriteria%' or $postsTablename.post_title LIKE '%$searchCriteria%')";
363	}
364	if (isset($_GET['sgpb-subscribers-date']) && !empty($_GET['sgpb-subscribers-date'])) {
365	+ $filterCriteria = sanitize_text_field($_GET['sgpb-subscribers-date']);
366	if ($filterCriteria != 'all') {
367	if ($searchQuery != '') {
368	$searchQuery .= ' AND ';

786	{
787	$type = '';
788	if (!empty($_GET['sgpb_type'])) {
789	+ $type = sanitize_text_field($_GET['sgpb_type']);
790	}
791
792	$currentPostType = self::getCurrentPostType();
793
794	if ($currentPostType == SG_POPUP_POST_TYPE && !empty($_GET['post'])) {
795	+ $popupObj = SGPopup::find(sanitize_text_field($_GET['post']));
796	if (is_object($popupObj)) {
797	$type = $popupObj->getType();
798	}

817	}
818
819	if (empty($currentPostType) && !empty($_GET['post'])) {
820	+ $currentPostType = get_post_type(sanitize_text_field($_GET['post']));
821	}
822
823	return $currentPostType;

com/libs/Importer.php CHANGED Viewed

	@@ -63,7 +63,7 @@ class WP_Import extends WP_Importer
63	case 2:
64	check_admin_referer('import-wordpress');
65	$this->fetch_attachments = (!empty($_POST['fetch_attachments']) && $this->allow_fetch_attachments());
66	- $this->id = (int) $_POST['import_id'];
67	$file = get_attached_file($this->id);
68	set_time_limit(0);
69	$this->import($file);


63	case 2:
64	check_admin_referer('import-wordpress');
65	$this->fetch_attachments = (!empty($_POST['fetch_attachments']) && $this->allow_fetch_attachments());
66	+ $this->id = (int) sanitize_text_field($_POST['import_id']);
67	$file = get_attached_file($this->id);
68	set_time_limit(0);
69	$this->import($file);

com/libs/ListTable.php CHANGED Viewed

	@@ -551,7 +551,7 @@ class SGPBListTable {
551	if ( !$month_count \|\| ( 1 == $month_count && 0 == $months[0]->month ) )
552	return;
553
554	- $m = isset( $_GET['m'] ) ? (int) $_GET['m'] : 0;
555	?>
556	<label for="filter-by-date" class="screen-reader-text"><?php _e( 'Filter by date' ); ?></label>
557	<select name="m" id="filter-by-date">


551	if ( !$month_count \|\| ( 1 == $month_count && 0 == $months[0]->month ) )
552	return;
553
554	+ $m = isset( $_GET['m'] ) ? (int) sanitize_text_field($_GET['m']) : 0;
555	?>
556	<label for="filter-by-date" class="screen-reader-text"><?php _e( 'Filter by date' ); ?></label>
557	<select name="m" id="filter-by-date">

com/libs/Table.php CHANGED Viewed

	@@ -120,7 +120,7 @@ class SGPBTable extends SGPBListTable
120	$query .= ' ORDER BY '.$orderby.' '.$order;
121	}
122
123	- $paged = isset($_GET["paged"]) ? (int)$_GET["paged"] : '';
124
125	if (empty($paged) \|\| !is_numeric($paged) \|\| $paged <= 0) {
126	$paged = 1;


120	$query .= ' ORDER BY '.$orderby.' '.$order;
121	}
122
123	+ $paged = isset($_GET["paged"]) ? (int)sanitize_text_field($_GET["paged"]) : '';
124
125	if (empty($paged) \|\| !is_numeric($paged) \|\| $paged <= 0) {
126	$paged = 1;

popup-builder.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Popup Builder
4	* Plugin URI: https://popup-builder.com
5	* Description: The most complete popup plugin. Html, image, iframe, shortcode, video and many other popup types. Manage popup dimensions, effects, themes and more.
6	- * Version: 4.0.8
7	* Author: Sygnoos
8	* Author URI: https://sygnoos.com
9	* License: GPLv2


3	* Plugin Name: Popup Builder
4	* Plugin URI: https://popup-builder.com
5	* Description: The most complete popup plugin. Html, image, iframe, shortcode, video and many other popup types. Manage popup dimensions, effects, themes and more.
6	+ * Version: 4.0.9
7	* Author: Sygnoos
8	* Author URI: https://sygnoos.com
9	* License: GPLv2

public/views/customEditor.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- $popupId = !empty($_GET['post']) ? (int)$_GET['post'] : 0;
3	$editorModeJs = htmlentities('text/javascript');
4	$editorModeCss = htmlentities('text/css');
5


1	<?php
2	+ $popupId = !empty($_GET['post']) ? (int)sanitize_text_field($_GET['post']) : 0;
3	$editorModeJs = htmlentities('text/javascript');
4	$editorModeCss = htmlentities('text/css');
5

public/views/htmlCustomButtonElement.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	use sgpb\AdminHelper;
3
4	- $excludePostId = !empty($_GET['post']) ? (int)$_GET['post'] : 0;
5	$excludedPopups = array($excludePostId);
6	$allPopups = AdminHelper::getPopupsIdAndTitle($excludedPopups);
7	?>


1	<?php
2	use sgpb\AdminHelper;
3
4	+ $excludePostId = !empty($_GET['post']) ? (int)sanitize_text_field($_GET['post']) : 0;
5	$excludedPopups = array($excludePostId);
6	$allPopups = AdminHelper::getPopupsIdAndTitle($excludedPopups);
7	?>

public/views/mediaButton.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	$defaultData = \ConfigDataHelper::defaultData();
4	$excludePostId = 0;
5	if (isset($_GET['post']) && !empty($_GET['post'])) {
6	- $excludePostId = $_GET['post'];
7	}
8	$excludedPopups = array($excludePostId);
9	$allPopups = AdminHelper::getPopupsIdAndTitle($excludedPopups);


3	$defaultData = \ConfigDataHelper::defaultData();
4	$excludePostId = 0;
5	if (isset($_GET['post']) && !empty($_GET['post'])) {
6	+ $excludePostId = sanitize_text_field($_GET['post']);
7	}
8	$excludedPopups = array($excludePostId);
9	$allPopups = AdminHelper::getPopupsIdAndTitle($excludedPopups);

public/views/options/subscription.php CHANGED Viewed

	@@ -7,7 +7,7 @@
7	$popupId = 0;
8
9	if (!empty($_GET['post'])) {
10	- $popupId = (int)$_GET['post'];
11	$popupTypeObj->setSubsFormData($popupId);
12	}
13


7	$popupId = 0;
8
9	if (!empty($_GET['post'])) {
10	+ $popupId = (int)sanitize_text_field($_GET['post']);
11	$popupTypeObj->setSubsFormData($popupId);
12	}
13

readme.txt CHANGED Viewed

	@@ -6,9 +6,9 @@ Plugin URI: https://popup-builder.com
6	Donate link: https://popup-builder.com
7	Tags: popup, pop up, wordpress popup, popup maker, exit popup, popup builder, wordpress popup plugin
8	Requires at least: 4.2
9	- Tested up to: 5.8
10	Requires PHP: 5.3.3
11	- Stable tag: 4.0.8
12	License: GPLv2 or later
13	License URI: http://www.gnu.org/licenses/gpl-2.0.html
14
	@@ -145,6 +145,9 @@ Go to the Popup Builder settings and set your desired options.
145
146	== Changelog ==
147



148	= Version 4.0.8 =
149	* Security improvements and fixes.
150


6	Donate link: https://popup-builder.com
7	Tags: popup, pop up, wordpress popup, popup maker, exit popup, popup builder, wordpress popup plugin
8	Requires at least: 4.2
9	+ Tested up to: 5.9
10	Requires PHP: 5.3.3
11	+ Stable tag: 4.0.9
12	License: GPLv2 or later
13	License URI: http://www.gnu.org/licenses/gpl-2.0.html
14

145
146	== Changelog ==
147
148	+ = Version 4.0.9 =
149	+ * Security improvements and fixes.
150	+
151	= Version 4.0.8 =
152	* Security improvements and fixes.
153

Popup Builder – Responsive WordPress Pop up - Version 4.0.9

Version Description

Release Info

Code changes from version 4.0.8 to 4.0.9