ThirstyAffiliates Affiliate Link Manager - Version 3.10.11

Version Description

  • Bug Fix: Security fixes
Download this release

Release Info

Developer cartpauj
Plugin Icon 128x128 ThirstyAffiliates Affiliate Link Manager
Version 3.10.11
Comparing to
See all releases

Code changes from version 3.10.10 to 3.10.11

Helpers/Plugin_Constants.php CHANGED
@@ -27,7 +27,7 @@ class Plugin_Constants {
27
  // Plugin configuration constants
28
  const TOKEN = 'ta';
29
  const INSTALLED_VERSION = 'ta_installed_version';
30
- const VERSION = '3.10.10';
31
  const TEXT_DOMAIN = 'thirstyaffiliates';
32
  const THEME_TEMPLATE_PATH = 'thirstyaffiliates';
33
  const META_DATA_PREFIX = '_ta_';
27
  // Plugin configuration constants
28
  const TOKEN = 'ta';
29
  const INSTALLED_VERSION = 'ta_installed_version';
30
+ const VERSION = '3.10.11';
31
  const TEXT_DOMAIN = 'thirstyaffiliates';
32
  const THEME_TEMPLATE_PATH = 'thirstyaffiliates';
33
  const META_DATA_PREFIX = '_ta_';
Models/Affiliate_Links_CPT.php CHANGED
@@ -561,15 +561,15 @@ class Affiliate_Links_CPT implements Model_Interface , Initiable_Interface {
561
  $inserted_to_str = implode( ',' , $inserted_to );
562
 
563
  // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
564
- $results = $wpdb->get_results(
565
- "SELECT ID , post_title , post_type FROM $wpdb->posts WHERE ID IN ( $inserted_to_str )"
566
  );
567
 
568
  ob_start();
569
  foreach ( $results as $object ) : ?>
570
  <tr>
571
  <td class="id"><?php echo esc_html( $object->ID ); ?></td>
572
- <td class="title"><?php echo mb_strimwidth( esc_html( $object->post_title ) , 0 , 60 , "..." ); // phpcs:ignore WordPress.Security.EscapeOutput ?></td>
573
  <td class="post-type"><?php echo esc_html( $object->post_type ); ?></td>
574
  <td class="actions">
575
  <a class="view" href="<?php echo esc_url( get_permalink( $object->ID ) ); ?>" target="_blank"><span class="dashicons dashicons-admin-links"></span></a>
@@ -966,7 +966,7 @@ class Affiliate_Links_CPT implements Model_Interface , Initiable_Interface {
966
  $response = array( 'status' => 'success' , 'category_slug' => $category->slug );
967
  }
968
 
969
- @header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) );
970
  echo wp_json_encode( $response );
971
  wp_die();
972
  }
@@ -1003,7 +1003,7 @@ class Affiliate_Links_CPT implements Model_Interface , Initiable_Interface {
1003
  );
1004
  }
1005
 
1006
- @header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) );
1007
  echo wp_json_encode( $response );
1008
  wp_die();
1009
  }
561
  $inserted_to_str = implode( ',' , $inserted_to );
562
 
563
  // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
564
+ $results = $wpdb->get_results(
565
+ "SELECT ID , post_title , post_type FROM $wpdb->posts WHERE ID IN ( $inserted_to_str )"
566
  );
567
 
568
  ob_start();
569
  foreach ( $results as $object ) : ?>
570
  <tr>
571
  <td class="id"><?php echo esc_html( $object->ID ); ?></td>
572
+ <td class="title"><?php echo esc_html( mb_strimwidth( $object->post_title , 0 , 60 , "..." ) ); ?></td>
573
  <td class="post-type"><?php echo esc_html( $object->post_type ); ?></td>
574
  <td class="actions">
575
  <a class="view" href="<?php echo esc_url( get_permalink( $object->ID ) ); ?>" target="_blank"><span class="dashicons dashicons-admin-links"></span></a>
966
  $response = array( 'status' => 'success' , 'category_slug' => $category->slug );
967
  }
968
 
969
+ @header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) );
970
  echo wp_json_encode( $response );
971
  wp_die();
972
  }
1003
  );
1004
  }
1005
 
1006
+ @header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) );
1007
  echo wp_json_encode( $response );
1008
  wp_die();
1009
  }
Models/Marketing.php CHANGED
@@ -225,12 +225,9 @@ class Marketing implements Model_Interface , Activatable_Interface , Initiable_I
225
  type: 'POST',
226
  data: {
227
  action: 'ta_dismiss_review_prompt',
228
- _ajax_nonce: "<?php echo wp_create_nonce( 'ta_dismiss_review_prompt' ); // phpcs:ignore WordPress.Security.EscapeOutput ?>",
229
  type: type
230
  },
231
- })
232
- .done(function(data) {
233
-
234
  });
235
  }
236
 
@@ -347,7 +344,7 @@ class Marketing implements Model_Interface , Activatable_Interface , Initiable_I
347
  <h4><?php esc_html_e('Enable Enhanced Javascript Redirect','thirstyaffiliates'); ?></h4>
348
  <p><?php esc_html_e("ThirstyAffiliates version 3.2.5 introduces a new method of redirecting via javascript which will only run on your website's frontend.
349
  We've added this so the plugin can provide more accurate tracking data of your affiliate link clicks.
350
- This feature is turned on automatically for <strong>new installs</strong>, but for this install we would like to give you the choice of enabling the feature or not.",'thirstyaffiliates'); ?>
351
  </p>
352
  <p>
353
  <button type="button" class="button-primary" id="ta_enable_js_redirect_trigger">
@@ -462,9 +459,9 @@ class Marketing implements Model_Interface , Activatable_Interface , Initiable_I
462
  */
463
  public function advanced_features_marketing_metabox_cb( $post ) {
464
 
465
- $url = esc_url( 'https://thirstyaffiliates.com/pricing/?utm_source=Free%20Plugin&utm_medium=Pro&utm_campaign=Sidebar' );
466
- $img = esc_url( $this->_constants->IMAGES_ROOT_URL() . 'sidebar.jpg' );
467
- echo '<a href="' . $url . '" target="_blank"><img src="' . $img . '"></a>'; // phpcs:ignore WordPress.Security.EscapeOutput
468
  }
469
 
470
  public function dismiss_review_prompt() {
225
  type: 'POST',
226
  data: {
227
  action: 'ta_dismiss_review_prompt',
228
+ _ajax_nonce: "<?php echo esc_js( wp_create_nonce( 'ta_dismiss_review_prompt' ) ); ?>",
229
  type: type
230
  },
 
 
 
231
  });
232
  }
233
 
344
  <h4><?php esc_html_e('Enable Enhanced Javascript Redirect','thirstyaffiliates'); ?></h4>
345
  <p><?php esc_html_e("ThirstyAffiliates version 3.2.5 introduces a new method of redirecting via javascript which will only run on your website's frontend.
346
  We've added this so the plugin can provide more accurate tracking data of your affiliate link clicks.
347
+ This feature is turned on automatically for <strong>new installs</strong>, but for this install we would like to give you the choice of enabling the feature or not.",'thirstyaffiliates'); ?>
348
  </p>
349
  <p>
350
  <button type="button" class="button-primary" id="ta_enable_js_redirect_trigger">
459
  */
460
  public function advanced_features_marketing_metabox_cb( $post ) {
461
 
462
+ $url = 'https://thirstyaffiliates.com/pricing/?utm_source=Free%20Plugin&utm_medium=Pro&utm_campaign=Sidebar';
463
+ $img = $this->_constants->IMAGES_ROOT_URL() . 'sidebar.jpg';
464
+ echo '<a href="' . esc_url( $url ) . '" target="_blank"><img src="' . esc_url( $img ) . '"></a>';
465
  }
466
 
467
  public function dismiss_review_prompt() {
Models/Notifications.php CHANGED
@@ -740,7 +740,7 @@ class Notifications implements Model_Interface {
740
 
741
  <div class="thirstyaff-notifications-body">
742
  <div class="thirstyaff-notifications-messages">
743
- <?php echo $notifications_html; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
744
  </div>
745
  </div>
746
 
740
 
741
  <div class="thirstyaff-notifications-body">
742
  <div class="thirstyaff-notifications-messages">
743
+ <?php echo wp_kses_post( $notifications_html ); ?>
744
  </div>
745
  </div>
746
 
Models/Rewrites_Redirection.php CHANGED
@@ -378,14 +378,18 @@ class Rewrites_Redirection implements Model_Interface , Deactivatable_Interface
378
 
379
  global $post;
380
 
381
- $is_apache = strpos( $_SERVER[ 'SERVER_SOFTWARE' ] , 'Apache' ) !== false; // phpcs:ignore WordPress.Security
 
382
 
383
  if ( $is_apache || ! is_object( $post ) || $post->post_type !== Plugin_Constants::AFFILIATE_LINKS_CPT || ! $this->_helper_functions->is_user_agent_bot() )
384
  return;
385
 
386
- $message = apply_filters( 'ta_blocked_bots_non_apache_message' , sprintf( __( "<h1>Forbidden</h1><p>You don't have permission to access %s on this server.</p>" , 'thirstyaffiliates' ) , $_SERVER[ 'REQUEST_URI' ] ) ); // phpcs:ignore WordPress.Security
 
387
  header( 'HTTP/1.0 403 Forbidden' );
388
- die( $message ); // phpcs:ignore WordPress.Security.EscapeOutput
 
 
389
  }
390
 
391
 
378
 
379
  global $post;
380
 
381
+ $server_software = isset( $_SERVER['SERVER_SOFTWARE'] ) ? sanitize_text_field( wp_unslash( $_SERVER['SERVER_SOFTWARE'] ) ) : '';
382
+ $is_apache = strpos( $server_software, 'Apache' ) !== false;
383
 
384
  if ( $is_apache || ! is_object( $post ) || $post->post_type !== Plugin_Constants::AFFILIATE_LINKS_CPT || ! $this->_helper_functions->is_user_agent_bot() )
385
  return;
386
 
387
+ $request_uri = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '';
388
+ $message = apply_filters( 'ta_blocked_bots_non_apache_message' , sprintf( __( "<h1>Forbidden</h1><p>You don't have permission to access %s on this server.</p>" , 'thirstyaffiliates' ) , esc_html( $request_uri ) ) );
389
  header( 'HTTP/1.0 403 Forbidden' );
390
+ echo wp_kses_post( $message );
391
+ exit;
392
+
393
  }
394
 
395
 
Models/Script_Loader.php CHANGED
@@ -362,7 +362,7 @@ class Script_Loader implements Model_Interface {
362
  <img src="%3$s" alt="%2$s" data-active="%4$s" />
363
  </a>
364
  </div>',
365
- $this->get_items_html(), // phpcs:ignore WordPress.Security.EscapeOutput
366
  esc_attr__( 'See Quick Links', 'thirstyaffiliates' ),
367
  esc_url( $this->_constants->IMAGES_ROOT_URL() . 'admin-flyout.svg' ),
368
  esc_url( $this->_constants->IMAGES_ROOT_URL() . 'admin-flyout.svg' ),
362
  <img src="%3$s" alt="%2$s" data-active="%4$s" />
363
  </a>
364
  </div>',
365
+ $this->get_items_html(),
366
  esc_attr__( 'See Quick Links', 'thirstyaffiliates' ),
367
  esc_url( $this->_constants->IMAGES_ROOT_URL() . 'admin-flyout.svg' ),
368
  esc_url( $this->_constants->IMAGES_ROOT_URL() . 'admin-flyout.svg' ),
Models/Settings.php CHANGED
@@ -2148,10 +2148,17 @@ class Settings implements Model_Interface , Activatable_Interface , Initiable_In
2148
 
2149
  <div class="ta-upgrade-header" id="ta-upgrade-header">
2150
  <span id="close-ta-upgrade-header">X</span>
2151
- <?php _e( 'You\'re using ThirstyAffiliates Lite. To unlock more features, consider <a href="https://thirstyaffiliates.com/pricing?utm_source=plugin_admin&utm_medium=link&utm_campaign=in_plugin&utm_content=upgrade_header">upgrading to Pro.</a>' ); // phpcs:ignore WordPress.Security.EscapeOutput ?>
 
 
 
 
 
 
 
2152
  </div>
2153
 
2154
- <div id="ta-admin-header"><img class="ta-logo" src="<?php echo esc_url( $this->_constants->IMAGES_ROOT_URL() . 'TA.svg' ); ?>" /></div>
2155
 
2156
  <script>
2157
  jQuery(document).ready(function($) {
@@ -2163,7 +2170,7 @@ class Settings implements Model_Interface , Activatable_Interface , Initiable_In
2163
  type: 'POST',
2164
  data: {
2165
  action: 'ta_dismiss_upgrade_header',
2166
- _ajax_nonce: "<?php echo wp_create_nonce( 'ta_dismiss_upgrade_header' ); // phpcs:ignore WordPress.Security.EscapeOutput ?>"
2167
  },
2168
  })
2169
  .done(function() {
2148
 
2149
  <div class="ta-upgrade-header" id="ta-upgrade-header">
2150
  <span id="close-ta-upgrade-header">X</span>
2151
+ <?php
2152
+ printf(
2153
+ /* translators: %1$s: open link tag, %2$s: close link tag */
2154
+ esc_html__( 'You\'re using ThirstyAffiliates Lite. To unlock more features, consider %1$supgrading to Pro%2$s.', 'thirstyaffiliates' ),
2155
+ '<a href="https://thirstyaffiliates.com/pricing?utm_source=plugin_admin&utm_medium=link&utm_campaign=in_plugin&utm_content=upgrade_header">',
2156
+ '</a>'
2157
+ );
2158
+ ?>
2159
  </div>
2160
 
2161
+ <div id="ta-admin-header"><img class="ta-logo" src="<?php echo esc_url( $this->_constants->IMAGES_ROOT_URL() . 'TA.svg' ); ?>" alt="" /></div>
2162
 
2163
  <script>
2164
  jQuery(document).ready(function($) {
2170
  type: 'POST',
2171
  data: {
2172
  action: 'ta_dismiss_upgrade_header',
2173
+ _ajax_nonce: "<?php echo esc_js( wp_create_nonce( 'ta_dismiss_upgrade_header' ) ); ?>"
2174
  },
2175
  })
2176
  .done(function() {
readme.txt CHANGED
@@ -4,8 +4,8 @@ Donate link:
4
  Tags: affiliate, link, affiliate link management, link cloaker, link redirect, shortlink, thirstyaffiliates, thirsty affiliates
5
  Requires at least: 5.0
6
  Requires PHP: 5.6
7
- Tested up to: 5.9
8
- Stable tag: 3.10.10
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -159,6 +159,9 @@ See our [Knowledge Base](https://thirstyaffiliates.com/knowledge-base/?utm_sourc
159
 
160
  == Changelog ==
161
 
 
 
 
162
  = 3.10.10 =
163
  * Bug Fix: Security fixes
164
 
4
  Tags: affiliate, link, affiliate link management, link cloaker, link redirect, shortlink, thirstyaffiliates, thirsty affiliates
5
  Requires at least: 5.0
6
  Requires PHP: 5.6
7
+ Tested up to: 6.0
8
+ Stable tag: 3.10.11
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
159
 
160
  == Changelog ==
161
 
162
+ = 3.10.11 =
163
+ * Bug Fix: Security fixes
164
+
165
  = 3.10.10 =
166
  * Bug Fix: Security fixes
167
 
thirstyaffiliates.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: ThirstyAffiliates
4
  * Plugin URI: http://thirstyaffiliates.com/
5
  * Description: ThirstyAffiliates is a revolution in affiliate link management. Collect, collate and store your affiliate links for use in your posts and pages.
6
- * Version: 3.10.10
7
  * Author: Caseproof
8
  * Author URI: https://caseproof.com/
9
  * Requires at least: 5.0
3
  * Plugin Name: ThirstyAffiliates
4
  * Plugin URI: http://thirstyaffiliates.com/
5
  * Description: ThirstyAffiliates is a revolution in affiliate link management. Collect, collate and store your affiliate links for use in your posts and pages.
6
+ * Version: 3.10.11
7
  * Author: Caseproof
8
  * Author URI: https://caseproof.com/
9
  * Requires at least: 5.0
views/cpt/view-inserted-link-scanner-metabox.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  <div class="scanned-inserted-status">
4
  <button id="inserted-link-scan-trigger" class="button-primary" type="button"><?php esc_html_e( 'Start Scan' , 'thirstyaffiliates' ); ?></button>
5
- <span class="last-scanned"><?php echo wp_kses_post( $last_scanned_txt ); // phpcs:ignore WordPress.Security.EscapeOutput ?></span>
6
  </div>
7
 
8
  <div class="inserted-into-table">
2
 
3
  <div class="scanned-inserted-status">
4
  <button id="inserted-link-scan-trigger" class="button-primary" type="button"><?php esc_html_e( 'Start Scan' , 'thirstyaffiliates' ); ?></button>
5
+ <span class="last-scanned"><?php echo wp_kses_post( $last_scanned_txt ); ?></span>
6
  </div>
7
 
8
  <div class="inserted-into-table">