Shortcodes by Angie Makes - Version 2.07

Version Description

Download this release

Release Info

Developer cbaldelomar
Plugin Icon wp plugin Shortcodes by Angie Makes
Version 2.07
Comparing to
See all releases

Code changes from version 2.06 to 2.07

Files changed (4) hide show
  1. README.md +1 -1
  2. includes/ajax.php +15 -8
  3. readme.txt +1 -1
  4. wc-shortcodes.php +2 -2
README.md CHANGED
@@ -66,7 +66,7 @@ Use the shortcode manager in the TinyMCE text editor
66
 
67
  ## Changelog ##
68
 
69
- ### Version 2.06
70
 
71
  * sanitized, escaped, and validated all POST calls
72
 
66
 
67
  ## Changelog ##
68
 
69
+ ### Version 2.07
70
 
71
  * sanitized, escaped, and validated all POST calls
72
 
includes/ajax.php CHANGED
@@ -25,7 +25,11 @@ function wc_shortcodes_send_rsvp_email() {
25
  $email_to = $admin_email;
26
  }
27
 
28
- $rsvp_name = trim( $_POST['rsvp_name'] );
 
 
 
 
29
  if ( $rsvp_name === '') {
30
  $error[] = 'Please enter your name.';
31
  $hasError = true;
@@ -33,7 +37,7 @@ function wc_shortcodes_send_rsvp_email() {
33
  $message[] = 'Name: ' . esc_html( $rsvp_name );
34
  }
35
 
36
- $rsvp_number = trim( $_POST['rsvp_number'] );
37
  if ( $rsvp_number === '') {
38
  $error[] = 'Please select a number.';
39
  $hasError = true;
@@ -41,7 +45,7 @@ function wc_shortcodes_send_rsvp_email() {
41
  $message[] = 'Number: ' . esc_html( $rsvp_number );
42
  }
43
 
44
- $rsvp_event = trim( $_POST['rsvp_event'] );
45
  if ( $rsvp_event === '') {
46
  $error[] = 'Please select event.';
47
  $hasError = true;
@@ -82,8 +86,9 @@ function wc_shortcodes_post_lookup_callback() {
82
  global $wpdb; //get access to the WordPress database object variable
83
 
84
  //get names of all businesses
85
- $request = '%' . $wpdb->esc_like( stripslashes( $_POST['request'] ) ) . '%'; //escape for use in LIKE statement
86
- $post_type = stripslashes( $_POST['post_type'] );
 
87
  $sql = "
88
  select
89
  ID,
@@ -128,9 +133,9 @@ function wc_shortcodes_terms_lookup_callback() {
128
  global $wpdb; //get access to the WordPress database object variable
129
 
130
  //get names of all businesses
131
- $request = '%' . $wpdb->esc_like( stripslashes( $_POST['request'] ) ) . '%'; //escape for use in LIKE statement
132
- $post_type = stripslashes( $_POST['post_type'] );
133
- $taxonomy = stripslashes( $_POST['taxonomy'] );
134
 
135
  if ( empty( $taxonomy ) ) {
136
  $titles = array();
@@ -185,8 +190,10 @@ add_action( 'wp_ajax_wc_terms_lookup', 'wc_shortcodes_terms_lookup_callback' );
185
 
186
  function wc_shortcodes_mce_popup() {
187
 
 
188
  $tag = $_POST['tag'];
189
  $shortcode = stripslashes( $_POST['shortcode'] );
 
190
  $attr = wc_shortcodes_parse_shortcode( $tag, $shortcode );
191
 
192
  switch ( $tag ) {
25
  $email_to = $admin_email;
26
  }
27
 
28
+ $email_to = sanitize_email( $email_to );
29
+ $email_title = sanitize_text_field( $email_to );
30
+ $email_success_message = sanitize_text_field( $email_to );
31
+
32
+ $rsvp_name = trim( sanitize_text_field( $_POST['rsvp_name'] ) );
33
  if ( $rsvp_name === '') {
34
  $error[] = 'Please enter your name.';
35
  $hasError = true;
37
  $message[] = 'Name: ' . esc_html( $rsvp_name );
38
  }
39
 
40
+ $rsvp_number = trim( sanitize_text_field( $_POST['rsvp_number'] ) );
41
  if ( $rsvp_number === '') {
42
  $error[] = 'Please select a number.';
43
  $hasError = true;
45
  $message[] = 'Number: ' . esc_html( $rsvp_number );
46
  }
47
 
48
+ $rsvp_event = trim( sanitize_text_field( $_POST['rsvp_event'] ) );
49
  if ( $rsvp_event === '') {
50
  $error[] = 'Please select event.';
51
  $hasError = true;
86
  global $wpdb; //get access to the WordPress database object variable
87
 
88
  //get names of all businesses
89
+ $request = '%' . $wpdb->esc_like( stripslashes( sanitize_text_field( $_POST['request'] ) ) ) . '%'; //escape for use in LIKE statement
90
+ $post_type = stripslashes( sanitize_text_field( $_POST['post_type'] ) );
91
+
92
  $sql = "
93
  select
94
  ID,
133
  global $wpdb; //get access to the WordPress database object variable
134
 
135
  //get names of all businesses
136
+ $request = '%' . $wpdb->esc_like( stripslashes( sanitize_text_field( $_POST['request'] ) ) ) . '%'; //escape for use in LIKE statement
137
+ $post_type = stripslashes( sanitize_text_field( $_POST['post_type'] ) );
138
+ $taxonomy = stripslashes( sanitize_text_field( $_POST['taxonomy'] ) );
139
 
140
  if ( empty( $taxonomy ) ) {
141
  $titles = array();
190
 
191
  function wc_shortcodes_mce_popup() {
192
 
193
+ // no need to sanitize here.
194
  $tag = $_POST['tag'];
195
  $shortcode = stripslashes( $_POST['shortcode'] );
196
+
197
  $attr = wc_shortcodes_parse_shortcode( $tag, $shortcode );
198
 
199
  switch ( $tag ) {
readme.txt CHANGED
@@ -88,7 +88,7 @@ Use the shortcode manager in the TinyMCE text editor
88
 
89
  == Changelog ==
90
 
91
- = Version 2.06 =
92
 
93
  * sanitized, escaped, and validated all POST calls
94
 
88
 
89
  == Changelog ==
90
 
91
+ = Version 2.07 =
92
 
93
  * sanitized, escaped, and validated all POST calls
94
 
wc-shortcodes.php CHANGED
@@ -5,11 +5,11 @@ Plugin URI: http://webplantmedia.com/starter-themes/wordpresscanvas/features/sho
5
  Description: A family of shortcodes to enhance site functionality.
6
  Author: Chris Baldelomar
7
  Author URI: http://webplantmedia.com/
8
- Version: 2.06
9
  License: GPLv2 or later
10
  */
11
 
12
- define( 'WC_SHORTCODES_VERSION', '2.06' );
13
  define( 'WC_SHORTCODES_PREFIX', 'wc_shortcodes_' );
14
  define( '_WC_SHORTCODES_PREFIX', '_wc_shortcodes_' );
15
  define( 'WC_SHORTCODES_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
5
  Description: A family of shortcodes to enhance site functionality.
6
  Author: Chris Baldelomar
7
  Author URI: http://webplantmedia.com/
8
+ Version: 2.07
9
  License: GPLv2 or later
10
  */
11
 
12
+ define( 'WC_SHORTCODES_VERSION', '2.07' );
13
  define( 'WC_SHORTCODES_PREFIX', 'wc_shortcodes_' );
14
  define( '_WC_SHORTCODES_PREFIX', '_wc_shortcodes_' );
15
  define( 'WC_SHORTCODES_PLUGIN_URL', plugin_dir_url( __FILE__ ) );