Post Grid - Version 2.1.13

Version Description

2021-12-15 - fix - SQL security issue fixed.

Release Info

Developer	pickplugins
Plugin	Post Grid
Version	2.1.13
Comparing to
See all releases

Code changes from version 2.1.10 to 2.1.13

Files changed (8) hide show

assets/frontend/js/scripts.js +47 -2
includes/duplicate-post.php +7 -11
includes/functions.php +5 -5
includes/menu/settings-old.php +169 -0
includes/metabox-post-grid-hook.php +20 -0
post-grid.php +2 -2
readme.txt +12 -1
templates/post-grid-hook.php +3 -11

assets/frontend/js/scripts.js CHANGED Viewed

@@ -1,6 +1,6 @@
             jQuery(document).ready(function($){
-            -
                $(document).on('submit', '.post-grid .post-grid-search forms', function(e){
                     e.preventDefault();
@@ -36,7 +36,7 @@ jQuery(document).ready(function($){
                                     // console.log(html);
                                     // console.log('No enter');
                                     // console.log(pagination);
-            -
                                    console.log('Hello');
                                     $('#post-grid-'+grid_id+' .grid-items').html(html);
@@ -52,6 +52,51 @@ jQuery(document).ready(function($){
                 })
             });


1	jQuery(document).ready(function($){
2
3	+ $(document).on('submit change', '.post-grid .post-grid-search.ajax form', function(e){
4
5	e.preventDefault();
6

36	// console.log(html);
37	// console.log('No enter');
38	// console.log(pagination);
39	+ //console.log('Hello');
40
41
42	$('#post-grid-'+grid_id+' .grid-items').html(html);

52	})
53
54
55	+
56	+ $(document).on('keyup', '.post-grid .post-grid-search.ajax .search', function(e){
57	+
58	+ e.preventDefault();
59	+
60	+ var keyword = $(this).val();
61	+ var grid_id = $(this).attr('grid_id');
62	+ var key = e.which;
63	+
64	+ //console.log(key);
65	+
66	+
67	+ formData = $(this).serialize();
68	+
69	+ var is_reset = 'no';
70	+ if(keyword.length>3){
71	+
72	+ $('#post-grid-'+grid_id+' .search-loading').addClass('active');
73	+ //$('.pagination').fadeOut();
74	+
75	+ $.ajax({
76	+ type: 'POST',
77	+ context: this,
78	+ url:post_grid_ajax.post_grid_ajaxurl,
79	+ data: {"action": "post_grid_ajax_search", "grid_id":grid_id,"is_reset":is_reset,"formData":formData, },
80	+ success: function(response){
81	+
82	+ var datas = JSON.parse( response );
83	+ pagination = datas['pagination'];
84	+ html = datas['html'];
85	+
86	+ $('#post-grid-'+grid_id+' .grid-items').html(html);
87	+ //$('#post-grid-'+grid_id+' .search-icon').html('<i class="fas fa-search"></i>');
88	+ $('#post-grid-'+grid_id+' .paginate').html(pagination);
89	+ $('#post-grid-'+grid_id+' .search-loading').removeClass('active');
90	+
91	+
92	+ }
93	+ });
94	+ }
95	+
96	+ })
97	+
98	+
99	+
100	});
101
102

includes/duplicate-post.php CHANGED Viewed

	@@ -16,6 +16,7 @@ if(!class_exists('PPduplicatePost')){
16	add_action( 'admin_action_duplicate_post_as_draft', array($this, 'duplicate_post_as_draft') );
17
18

19	}
20
21
	@@ -104,18 +105,13 @@ if(!class_exists('PPduplicatePost')){
104	/*
105	* duplicate all post meta just in two SQL queries
106	*/
107	- ~~$post_meta_infos~~ = ~~$wpdb->get_results("SELECT~~ ~~meta_key, meta_value FROM $wpdb->postmeta WHERE post_id=$post_id");~~
108	- if (~~count(~~$~~post_meta_infos~~)~~!=0) {~~
109	- ~~$sql_query~~ = ~~"INSERT~~ ~~INTO~~ $~~wpdb->postmeta~~ ~~(post_id,~~ ~~meta_key, meta_value~~) ";
110	- foreach ($~~post_meta_infos~~ as $~~meta_info~~) {
111	- $~~meta_key~~ = $~~meta_info->meta_key;~~
112	- ~~if( $meta_key == '_wp_old_slug' ) continue;~~
113	- $meta_value = addslashes($meta_info->meta_value);
114	- $sql_query_sel[]= "SELECT $new_post_id, '$meta_key', '$meta_value'";
115	}
116	- $sql_query.= implode(" UNION ALL ", $sql_query_sel);
117	- $wpdb->query($sql_query);
118	- }
119
120
121	/*


16	add_action( 'admin_action_duplicate_post_as_draft', array($this, 'duplicate_post_as_draft') );
17
18
19	+
20	}
21
22

105	/*
106	* duplicate all post meta just in two SQL queries
107	*/
108	+ // Copy post metadata
109	+ $data = get_post_custom($post_id);
110	+ foreach ( $data as $key => $values) {
111	+ foreach ($values as $value) {
112	+ add_post_meta( $new_post_id, $key, maybe_unserialize( $value ) );// it is important to unserialize data to avoid conflicts.
113	+ }


114	}



115
116
117	/*

includes/functions.php CHANGED Viewed

	@@ -160,7 +160,7 @@ function post_grid_get_media($item_post_id, $media_source, $featured_img_size, $
160	$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post_content, $matches);
161
162	if(!empty($matches[1][0]))
163	- $first_img = $matches[1][0];
164
165	if(empty($first_img)) {
166	$html_thumb.= '';
	@@ -576,7 +576,7 @@ function post_grid_media($post_id, $args ){
576	$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post_content, $matches);
577
578	if(!empty($matches[1][0]))
579	- $first_img = $matches[1][0];
580
581	if(empty($first_img)) {
582	$html_thumb.= '';
	@@ -624,9 +624,9 @@ function post_grid_media($post_id, $args ){
624	if ($search !=""){
625	/** split the text */
626	$stringParts = explode(":", $search);
627	- $firstPart = $stringParts[0];
628	/** copy the post_id */
629	- $ImagePost = $stringParts[1];
630	/** error_log("postNo:" .$ImagePost); */
631	$getimage=wp_get_attachment_image($ImagePost,$size='medium' );
632
	@@ -646,7 +646,7 @@ function post_grid_media($post_id, $args ){
646	$output = preg_match_all('/?<img src=[\'"]([^\'"]+)[\'"].*?>/i', $output, $matches);
647	}
648	if(!empty($matches[1][0])) {
649	- $first_img = $matches[1][0];
650	/** error_log('first_img:' .$first_img); */
651	$last_char = $first_img[strlen($first_img) - 1]; // Check to see if a slash is at the end of the line
652	if ($last_char == '\\') {


160	$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post_content, $matches);
161
162	if(!empty($matches[1][0]))
163	+ $first_img = isset($matches[1][0]) ? $matches[1][0] : '';
164
165	if(empty($first_img)) {
166	$html_thumb.= '';

576	$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post_content, $matches);
577
578	if(!empty($matches[1][0]))
579	+ $first_img = isset($matches[1][0]) ? $matches[1][0] : '';
580
581	if(empty($first_img)) {
582	$html_thumb.= '';

624	if ($search !=""){
625	/** split the text */
626	$stringParts = explode(":", $search);
627	+ $firstPart = isset($stringParts[0]) ? $stringParts[0] : '';
628	/** copy the post_id */
629	+ $ImagePost = isset($stringParts[1]) ? $stringParts[1] : '';
630	/** error_log("postNo:" .$ImagePost); */
631	$getimage=wp_get_attachment_image($ImagePost,$size='medium' );
632

646	$output = preg_match_all('/?<img src=[\'"]([^\'"]+)[\'"].*?>/i', $output, $matches);
647	}
648	if(!empty($matches[1][0])) {
649	+ $first_img = isset($matches[1][0]) ? $matches[1][0] : '';
650	/** error_log('first_img:' .$first_img); */
651	$last_char = $first_img[strlen($first_img) - 1]; // Check to see if a slash is at the end of the line
652	if ($last_char == '\\') {

includes/menu/settings-old.php ADDED Viewed

	@@ -0,0 +1,169 @@


1	+ <?php
2	+
3	+
4	+ /*
5	+ * @Author pickplugins
6	+ * Copyright: 2015 pickplugins.com
7	+ */
8	+
9	+ if ( ! defined('ABSPATH')) exit; // if direct access
10	+
11	+
12	+
13	+ $post_grid_settings_tab = array();
14	+
15	+ $post_grid_settings_tab[] = array(
16	+ 'id' => 'general',
17	+ 'title' => __('<i class="fas fa-laptop-code"></i> General','post-grid'),
18	+ 'priority' => 1,
19	+ 'active' => true,
20	+ );
21	+
22	+
23	+
24	+
25	+
26	+
27	+
28	+ $post_grid_settings_tabs = apply_filters('post_grid_settings', $post_grid_settings_tab);
29	+
30	+
31	+ $tabs_sorted = array();
32	+ foreach ($post_grid_settings_tabs as $page_key => $tab) $tabs_sorted[$page_key] = isset( $tab['priority'] ) ? $tab['priority'] : 0;
33	+ array_multisort($tabs_sorted, SORT_ASC, $post_grid_settings_tabs);
34	+
35	+
36	+
37	+
38	+
39	+
40	+
41	+
42	+
43	+
44	+
45	+
46	+
47	+ ?>
48	+
49	+
50	+
51	+
52	+
53	+ <div class="wrap">
54	+
55	+
56	+ <h2><?php echo __('Post Grid - Settings','post-grid')?></h2><br>
57	+
58	+ <?php
59	+
60	+ if(empty($_POST['post_grid_hidden'])) {
61	+
62	+ $post_grid_license = get_option('post_grid_license');
63	+ $license_key = isset($post_grid_license['license_key']) ? $post_grid_license['license_key'] : '';
64	+
65	+
66	+ }
67	+ else{
68	+
69	+ $nonce = sanitize_text_field($_POST['_wpnonce']);
70	+
71	+ if(wp_verify_nonce( $nonce, 'post_grid_nonce' ) && $_POST['post_grid_hidden'] == 'Y') {
72	+
73	+ $license_key = sanitize_text_field($_POST['license_key']);
74	+ $post_grid_license = array(
75	+ 'license_key'=>$license_key,
76	+ 'license_status'=>'pending',
77	+
78	+ );
79	+
80	+ update_option('post_grid_license', $post_grid_license);
81	+
82	+
83	+
84	+
85	+
86	+ ?>
87	+ <div class="updated notice is-dismissible"><p><strong><?php _e('Changes Saved.', 'post-grid' ); ?></strong></p></div>
88	+
89	+ <?php
90	+ }
91	+ }
92	+
93	+
94	+
95	+ //var_dump($post_grid_1);
96	+
97	+ ?>
98	+
99	+
100	+ <form method="post" action="<?php echo str_replace( '%7E', '~', esc_url_raw($_SERVER['REQUEST_URI'])); ?>">
101	+ <input type="hidden" name="post_grid_hidden" value="Y">
102	+
103	+
104	+ <div class="clear clearfix"></div>
105	+ <div class="settings-tabs vertical">
106	+ <ul class="tab-navs">
107	+ <?php
108	+ foreach ($post_grid_settings_tabs as $tab){
109	+ $id = $tab['id'];
110	+ $title = $tab['title'];
111	+ $active = $tab['active'];
112	+ $data_visible = isset($tab['data_visible']) ? $tab['data_visible'] : '';
113	+ $hidden = isset($tab['hidden']) ? $tab['hidden'] : false;
114	+ ?>
115	+ <li class="tab-nav <?php if($hidden) echo 'hidden';?> <?php if($active) echo 'active';?>" data-id="<?php echo $id; ?>"><?php echo $title; ?></li>
116	+ <?php
117	+ }
118	+ ?>
119	+ </ul>
120	+ <?php
121	+ foreach ($post_grid_settings_tabs as $tab){
122	+ $id = $tab['id'];
123	+ $title = $tab['title'];
124	+ $active = $tab['active'];
125	+
126	+
127	+ ?>
128	+
129	+ <div class="tab-content <?php if($active) echo 'active';?>" id="<?php echo $id; ?>">
130	+ <?php
131	+ do_action('post_grid_settings_'.$id, $tab);
132	+ ?>
133	+ </div>
134	+ <?php
135	+ }
136	+ ?>
137	+ </div>
138	+ <div class="clear clearfix"></div>
139	+
140	+
141	+
142	+ <p class="submit">
143	+ <?php wp_nonce_field( 'post_grid_nonce' ); ?>
144	+ <input type="submit" name="submit" value="<?php _e('Update', 'post-grid'); ?>" class="button-primary" />
145	+
146	+ </p>
147	+ </form>
148	+
149	+
150	+
151	+
152	+
153	+
154	+
155	+
156	+
157	+
158	+
159	+
160	+
161	+
162	+
163	+
164	+
165	+
166	+
167	+
168	+
169	+ </div>

includes/metabox-post-grid-hook.php CHANGED Viewed

	@@ -1717,6 +1717,8 @@ function post_grid_metabox_tabs_content_search($tab, $post_id){
1717	$settings_tabs_field = new settings_tabs_field();
1718	$post_grid_meta_options = get_post_meta($post_id, 'post_grid_meta_options', true);
1719


1720	$nav_top_search = !empty($post_grid_meta_options['nav_top']['search']) ? $post_grid_meta_options['nav_top']['search'] : 'no';
1721	$nav_top_search_placeholder = !empty($post_grid_meta_options['nav_top']['search_placeholder']) ? $post_grid_meta_options['nav_top']['search_placeholder'] : __('Start typing', 'post-grid');
1722	$nav_top_search_icon = !empty($post_grid_meta_options['nav_top']['search_icon']) ? $post_grid_meta_options['nav_top']['search_icon'] : '<i class="fas fa-search"></i>';
	@@ -1732,6 +1734,24 @@ function post_grid_metabox_tabs_content_search($tab, $post_id){
1732
1733	<?php
1734


















1735	$args = array(
1736	'id' => 'search',
1737	'parent' => 'post_grid_meta_options[nav_top]',


1717	$settings_tabs_field = new settings_tabs_field();
1718	$post_grid_meta_options = get_post_meta($post_id, 'post_grid_meta_options', true);
1719
1720	+ $search_action_type = !empty($post_grid_meta_options['nav_top']['action_type']) ? $post_grid_meta_options['nav_top']['action_type'] : 'ajax';
1721	+
1722	$nav_top_search = !empty($post_grid_meta_options['nav_top']['search']) ? $post_grid_meta_options['nav_top']['search'] : 'no';
1723	$nav_top_search_placeholder = !empty($post_grid_meta_options['nav_top']['search_placeholder']) ? $post_grid_meta_options['nav_top']['search_placeholder'] : __('Start typing', 'post-grid');
1724	$nav_top_search_icon = !empty($post_grid_meta_options['nav_top']['search_icon']) ? $post_grid_meta_options['nav_top']['search_icon'] : '<i class="fas fa-search"></i>';

1734
1735	<?php
1736
1737	+ $args = array(
1738	+ 'id' => 'action_type',
1739	+ 'parent' => 'post_grid_meta_options[nav_top]',
1740	+ 'title' => __('Search action','post-grid'),
1741	+ 'details' => __('Select search action type.','post-grid'),
1742	+ 'type' => 'radio',
1743	+ 'value' => $search_action_type,
1744	+ 'default' => 'ajax',
1745	+ 'args' => array(
1746	+ 'ajax'=>__('Ajax - on change keyword','post-grid'),
1747	+ 'form_submit'=>__('On form submit(GET method)','post-grid'),
1748	+ ),
1749	+ );
1750	+
1751	+ $settings_tabs_field->generate_field($args, $post_id);
1752	+
1753	+
1754	+
1755	$args = array(
1756	'id' => 'search',
1757	'parent' => 'post_grid_meta_options[nav_top]',

post-grid.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Post Grid by PickPlugins
4	Plugin URI: https://www.pickplugins.com/item/post-grid-create-awesome-grid-from-any-post-type-for-wordpress/
5	Description: Awesome post grid for query post from any post type and display on grid.
6	- Version: 2.1.10
7	Author: PickPlugins
8	Author URI: https://www.pickplugins.com/
9	License: GPLv2 or later
	@@ -21,7 +21,7 @@ if( !class_exists( 'PostGrid' )){
21	define('post_grid_plugin_dir', plugin_dir_path(__FILE__));
22	define('post_grid_plugin_basename', plugin_basename(__FILE__));
23	define('post_grid_plugin_name', 'Post Grid');
24	- define('post_grid_version', '2.1.10');
25	define('post_grid_server_url', 'https://www.pickplugins.com/demo/post-grid/');
26
27


3	Plugin Name: Post Grid by PickPlugins
4	Plugin URI: https://www.pickplugins.com/item/post-grid-create-awesome-grid-from-any-post-type-for-wordpress/
5	Description: Awesome post grid for query post from any post type and display on grid.
6	+ Version: 2.1.13
7	Author: PickPlugins
8	Author URI: https://www.pickplugins.com/
9	License: GPLv2 or later

21	define('post_grid_plugin_dir', plugin_dir_path(__FILE__));
22	define('post_grid_plugin_basename', plugin_basename(__FILE__));
23	define('post_grid_plugin_name', 'Post Grid');
24	+ define('post_grid_version', '2.1.13');
25	define('post_grid_server_url', 'https://www.pickplugins.com/demo/post-grid/');
26
27

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@
4	Tags: post grid, grid, custom post grid, post type grid, grid display, category filter, custom post, filter, filtering, grid, layout, list, masonry, post, post filter, post layout, taxonomy, taxonomy filter,
5	Requires at least: 3.8
6	Tested up to: 5.8
7	- Stable tag: 2.1.10
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -222,6 +222,17 @@ then paste this shortcode anywhere in your page to display grid<br />
222
223	== Changelog ==
224











225	= 2.1.10 =
226	* 2021-07-31 add - featured image improved for responsive load.
227


4	Tags: post grid, grid, custom post grid, post type grid, grid display, category filter, custom post, filter, filtering, grid, layout, list, masonry, post, post filter, post layout, taxonomy, taxonomy filter,
5	Requires at least: 3.8
6	Tested up to: 5.8
7	+ Stable tag: 2.1.13
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

222
223	== Changelog ==
224
225	+
226	+ = 2.1.13 =
227	+ * 2021-12-15 - fix - SQL security issue fixed.
228	+
229	+ = 2.1.12 =
230	+ * 2021-12-09 fix - PHP warning issue fixed.
231	+
232	+
233	+ = 2.1.11 =
234	+ * 2021-08-06 add - search method added ajax and on form submit. ajax method pagination may not work properly, use on form submit instead.
235	+
236	= 2.1.10 =
237	* 2021-07-31 add - featured image improved for responsive load.
238

templates/post-grid-hook.php CHANGED Viewed

	@@ -114,27 +114,19 @@ function post_grid_container_search($args){
114
115	$font_aw_version = isset($post_grid_settings['font_aw_version']) ? $post_grid_settings['font_aw_version'] : 'v_5';
116

117
118	$nav_top_search = isset($post_grid_options['nav_top']['search']) ? $post_grid_options['nav_top']['search'] : 'no';
119	- $grid_type = isset($post_grid_options['grid_type']) ? $post_grid_options['grid_type'] : 'grid';
120
121	if($nav_top_search !='yes') return;
122
123
124	- if($font_aw_version == 'v_5'){
125	- $nav_top_search_icon = '<i class="fas fa-search"></i>';
126	- }elseif($font_aw_version == 'v_4'){
127	- $nav_top_search_icon = '<i class="fa fa-search"></i>';
128	- }
129
130	- $nav_top_search_placeholder = isset($post_grid_options['nav_top']['search_placeholder']) ? $post_grid_options['nav_top']['search_placeholder'] : __('Start typing', 'post-grid');
131	- $nav_top_search_icon = isset($post_grid_options['nav_top']['search_icon']) ? $post_grid_options['nav_top']['search_icon'] : $nav_top_search_icon;
132
133
134	- $keyword = isset($_GET['keyword']) ? sanitize_text_field($_GET['keyword']) : '';
135	$page_url = get_permalink(get_the_ID());
136	?>
137	- <div class="post-grid-search">
138	<form grid_id="<?php echo $grid_id; ?>" action="<?php echo $page_url; ?>" method="get">
139	<?php
140
	@@ -220,7 +212,7 @@ function post_grid_search_submit_field($args){
220
221	<?php wp_nonce_field( 'post_grid_search_nonce','_wpnonce', false ); ?>
222
223	- <input type="submit" value="Search">
224	<span class="search-loading"><?php echo $search_loading_icon; ?></span>
225
226	</div>


114
115	$font_aw_version = isset($post_grid_settings['font_aw_version']) ? $post_grid_settings['font_aw_version'] : 'v_5';
116
117	+ $search_action_type = !empty($post_grid_options['nav_top']['action_type']) ? $post_grid_options['nav_top']['action_type'] : 'ajax';
118
119	$nav_top_search = isset($post_grid_options['nav_top']['search']) ? $post_grid_options['nav_top']['search'] : 'no';

120
121	if($nav_top_search !='yes') return;
122
123





124


125
126

127	$page_url = get_permalink(get_the_ID());
128	?>
129	+ <div class="post-grid-search <?php echo $search_action_type; ?>">
130	<form grid_id="<?php echo $grid_id; ?>" action="<?php echo $page_url; ?>" method="get">
131	<?php
132

212
213	<?php wp_nonce_field( 'post_grid_search_nonce','_wpnonce', false ); ?>
214
215	+ <input type="submit" value="<?php echo __('Search', 'post-grid'); ?>">
216	<span class="search-loading"><?php echo $search_loading_icon; ?></span>
217
218	</div>