WD Google Maps – Google Maps builder Plugin - Version 1.0.61

Version Description

  • Fixed: Security issues
Download this release

Release Info

Developer 10web
Plugin Icon 128x128 WD Google Maps – Google Maps builder Plugin
Version 1.0.61
Comparing to
See all releases

Code changes from version 1.0.60 to 1.0.61

Files changed (24) hide show
  1. admin/controllers/GMWDController.php +2 -2
  2. admin/controllers/GMWDControllerMaps_gmwd.php +14 -15
  3. admin/controllers/GMWDControllerOptions_gmwd.php +32 -61
  4. admin/models/GMWDModelMaps_gmwd.php +7 -7
  5. admin/models/GMWDModelMarkers_gmwd.php +1 -1
  6. admin/models/GMWDModelPolygons_gmwd.php +1 -1
  7. admin/models/GMWDModelPolylines_gmwd.php +2 -2
  8. admin/views/GMWDViewMaps_gmwd.php +6 -6
  9. admin/views/GMWDViewMarkers_gmwd.php +2 -141
  10. admin/views/GMWDViewPolygons_gmwd.php +2 -2
  11. admin/views/GMWDViewPolylines_gmwd.php +2 -2
  12. admin/views/GMWDViewShortcode_gmwd.php +48 -22
  13. framework/GMWDHelper.php +3 -3
  14. frontend/controllers/GMWDControllerFrontendMap.php +1 -1
  15. frontend/models/GMWDModelFrontendMap.php +5 -5
  16. gmwd_admin_class.php +1 -1
  17. gmwd_class.php +1 -1
  18. google-maps-setup.php +38 -14
  19. preview.php +0 -4
  20. readme.txt +4 -7
  21. wd-google-maps.php +7 -2
  22. wd/includes/deactivate.php +5 -5
  23. wd/includes/notices.php +7 -7
  24. wd/includes/subscribe.php +1 -1
admin/controllers/GMWDController.php CHANGED
@@ -65,7 +65,7 @@ class GMWDController {
65
 
66
  protected function remove( $table_name = "" ) {
67
  global $wpdb;
68
- $ids = isset($_POST["ids"]) ? $_POST["ids"] : (isset($_POST["id"]) ? array( $_POST["id"] ) : array());
69
  if ( $table_name == "" ) {
70
  $page = $this->page ? $this->page : "maps_gmwd";
71
  $page = explode("_", $page);
@@ -127,7 +127,7 @@ class GMWDController {
127
  protected function dublicate( $table_name_widthout_prefix = "" ) {
128
  global $wpdb;
129
  if ( isset($_POST["ids"]) ) {
130
- $ids = $_POST["ids"];
131
  }
132
  if ( $table_name_widthout_prefix == "" ) {
133
  $page = explode("_", $this->page);
65
 
66
  protected function remove( $table_name = "" ) {
67
  global $wpdb;
68
+ $ids = isset($_POST["ids"]) ? array_map('intval', $_POST["ids"]) : (isset($_POST["id"]) ? array( intval($_POST["id"]) ) : array());
69
  if ( $table_name == "" ) {
70
  $page = $this->page ? $this->page : "maps_gmwd";
71
  $page = explode("_", $page);
127
  protected function dublicate( $table_name_widthout_prefix = "" ) {
128
  global $wpdb;
129
  if ( isset($_POST["ids"]) ) {
130
+ $ids = array_map('intval', $_POST["ids"]);
131
  }
132
  if ( $table_name_widthout_prefix == "" ) {
133
  $page = explode("_", $this->page);
admin/controllers/GMWDControllerMaps_gmwd.php CHANGED
@@ -6,21 +6,20 @@ class GMWDControllerMaps_gmwd extends GMWDController {
6
  public function display_pois() {
7
  $this->view->display_pois();
8
  }
9
-
10
- public function remove( $table_name = "" ) {
11
- global $wpdb;
12
- $ids = isset($_POST["ids"]) ? $_POST["ids"] : (isset($_POST["id"]) ? array( $_POST["id"] ) : array());
13
- if ( empty($ids) === FALSE ) {
14
- foreach ( $ids as $id ) {
15
- $where = array( "map_id" => (int) $id );
16
- $where_format = array( '%d' );
17
- $wpdb->delete($wpdb->prefix . "gmwd_markers", $where, $where_format);
18
- $wpdb->delete($wpdb->prefix . "gmwd_polygons", $where, $where_format);
19
- $wpdb->delete($wpdb->prefix . "gmwd_polylines", $where, $where_format);
20
- }
21
- }
22
- parent::remove($table_name);
23
- }
24
 
25
  public function map_data() {
26
  $map_model = GMWDHelper::get_model("maps");
6
  public function display_pois() {
7
  $this->view->display_pois();
8
  }
9
+ public function remove($table_name = ""){
10
+ global $wpdb;
11
+ $ids = isset($_POST["ids"]) ? array_map('intval', $_POST["ids"]) :(isset($_POST["id"]) ? array(intval($_POST["id"])) : array());
12
+ if(empty($ids) === false){
13
+ foreach($ids as $id){
14
+ $where = array("map_id" => (int)$id);
15
+ $where_format = array('%d');
16
+ $wpdb->delete( $wpdb->prefix ."gmwd_markers", $where, $where_format);
17
+ $wpdb->delete( $wpdb->prefix ."gmwd_polygons", $where, $where_format);
18
+ $wpdb->delete( $wpdb->prefix ."gmwd_polylines", $where, $where_format);
19
+ }
20
+ }
21
+ parent::remove($table_name);
22
+ }
 
23
 
24
  public function map_data() {
25
  $map_model = GMWDHelper::get_model("maps");
admin/controllers/GMWDControllerOptions_gmwd.php CHANGED
@@ -1,64 +1,35 @@
1
  <?php
2
 
3
- class GMWDControllerOptions_gmwd extends GMWDController{
4
- ////////////////////////////////////////////////////////////////////////////////////////
5
- // Events //
6
- ////////////////////////////////////////////////////////////////////////////////////////
7
- ////////////////////////////////////////////////////////////////////////////////////////
8
- // Constants //
9
- ////////////////////////////////////////////////////////////////////////////////////////
10
- ////////////////////////////////////////////////////////////////////////////////////////
11
- // Variables //
12
- ////////////////////////////////////////////////////////////////////////////////////////
13
- ////////////////////////////////////////////////////////////////////////////////////////
14
- // Constructor & Destructor //
15
- ////////////////////////////////////////////////////////////////////////////////////////
16
- ////////////////////////////////////////////////////////////////////////////////////////
17
- // Public Methods //
18
- ////////////////////////////////////////////////////////////////////////////////////////
19
- public function apply(){
20
- global $wpdb;
21
- $query = "SELECT name FROM ". $wpdb->prefix . "gmwd_options";
22
- // get option names
23
- $names = $wpdb->get_col( $query , 0 );
24
-
25
- // update options
26
-
27
- for ($i = 0; $i < count($names); $i++) {
28
- $name = $names[$i];
29
- $value = isset($_POST[$name]) ? $_POST[$name] : null;
30
-
31
- if ($value !== null ) {
32
- $data = array();
33
- $data["value"] = esc_html($value);
34
- $where = array("name"=>$name);
35
- $where_format = $format = array('%s');
36
- $wpdb->update( $wpdb->prefix . "gmwd_options", $data, $where, $format, $where_format );
37
- }
38
- }
39
-
40
- GMWDHelper::gmwd_redirect("admin.php?page=options_gmwd&message_id=10");
41
-
42
- }
43
-
44
- public function setup(){
45
- $this->view->gmwd_setup();
46
- }
47
- public function setup_general(){
48
- $this->view->gmwd_setup_general();
49
  }
50
- public function setup_ready(){
51
- $this->view->gmwd_setup_ready();
52
- }
53
- ////////////////////////////////////////////////////////////////////////////////////////
54
- // Getters & Setters //
55
- ////////////////////////////////////////////////////////////////////////////////////////
56
- ////////////////////////////////////////////////////////////////////////////////////////
57
- // Private Methods //
58
- ////////////////////////////////////////////////////////////////////////////////////////
59
-
60
-
61
- ////////////////////////////////////////////////////////////////////////////////////////
62
- // Listeners //
63
- ////////////////////////////////////////////////////////////////////////////////////////
64
- }
1
  <?php
2
 
3
+ class GMWDControllerOptions_gmwd extends GMWDController {
4
+ public function apply() {
5
+ global $wpdb;
6
+ $query = "SELECT name FROM " . $wpdb->prefix . "gmwd_options";
7
+ // get option names
8
+ $names = $wpdb->get_col($query, 0);
9
+ // update options
10
+ for ( $i = 0; $i < count($names); $i++ ) {
11
+ $name = $names[$i];
12
+ $value = isset($_POST[$name]) ? sanitize_text_field($_POST[$name]) : NULL;
13
+ if ( $value !== NULL ) {
14
+ $data = array();
15
+ $data["value"] = $value;
16
+ $where = array( "name" => $name );
17
+ $where_format = $format = array( '%s' );
18
+ $wpdb->update($wpdb->prefix . "gmwd_options", $data, $where, $format, $where_format);
19
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
20
  }
21
+ GMWDHelper::gmwd_redirect("admin.php?page=options_gmwd&message_id=10");
22
+ }
23
+
24
+ public function setup() {
25
+ $this->view->gmwd_setup();
26
+ }
27
+
28
+ public function setup_general() {
29
+ $this->view->gmwd_setup_general();
30
+ }
31
+
32
+ public function setup_ready() {
33
+ $this->view->gmwd_setup_ready();
34
+ }
35
+ }
admin/models/GMWDModelMaps_gmwd.php CHANGED
@@ -27,9 +27,9 @@ class GMWDModelMaps_gmwd extends GMWDModel {
27
  $limit_polygons = isset($_POST["limit_polygons"]) ? (int)$_POST["limit_polygons"] : 20;
28
  $limit_polylines = isset($_POST["limit_polylines"]) ? (int)$_POST["limit_polylines"] : 20;
29
 
30
- $filter_by_markers = isset($_POST["filter_by_markers"]) ? esc_html(stripslashes($_POST["filter_by_markers"])) : "";
31
- $filter_by_polygons = isset($_POST["filter_by_polygons"]) ? esc_html(stripslashes($_POST["filter_by_polygons"])) : "";
32
- $filter_by_polylines = isset($_POST["filter_by_polylines"]) ? esc_html(stripslashes($_POST["filter_by_polylines"])) : "";
33
 
34
  $where_markers = "";
35
  if($filter_by_markers){
@@ -163,10 +163,10 @@ class GMWDModelMaps_gmwd extends GMWDModel {
163
  }
164
  public function get_rows(){
165
  global $wpdb;
166
- $where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? 'WHERE title LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
167
- $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
168
  $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
169
- $order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'id') . ' ' . $asc_or_desc;
170
  if (isset($_POST['page_number']) && $_POST['page_number']) {
171
  $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
172
  }
@@ -182,7 +182,7 @@ class GMWDModelMaps_gmwd extends GMWDModel {
182
  }
183
  public function page_nav() {
184
  global $wpdb;
185
- $where = ((isset($_POST['search_value']) && (esc_html(stripslashes($_POST['search_value'])) != '')) ? 'WHERE title LIKE "%' . esc_html(stripslashes($_POST['search_value'])) . '%"' : '');
186
  $query = "SELECT COUNT(*) FROM " . $wpdb->prefix . "gmwd_maps " . $where;
187
  $total = $wpdb->get_var($query);
188
  $page_nav['total'] = $total;
27
  $limit_polygons = isset($_POST["limit_polygons"]) ? (int)$_POST["limit_polygons"] : 20;
28
  $limit_polylines = isset($_POST["limit_polylines"]) ? (int)$_POST["limit_polylines"] : 20;
29
 
30
+ $filter_by_markers = isset($_POST["filter_by_markers"]) ? sanitize_text_field(stripslashes($_POST["filter_by_markers"])) : "";
31
+ $filter_by_polygons = isset($_POST["filter_by_polygons"]) ? sanitize_text_field(stripslashes($_POST["filter_by_polygons"])) : "";
32
+ $filter_by_polylines = isset($_POST["filter_by_polylines"]) ? sanitize_text_field(stripslashes($_POST["filter_by_polylines"])) : "";
33
 
34
  $where_markers = "";
35
  if($filter_by_markers){
163
  }
164
  public function get_rows(){
165
  global $wpdb;
166
+ $where = ((isset($_POST['search_value']) && (sanitize_text_field(stripslashes($_POST['search_value'])) != '')) ? 'WHERE title LIKE "%' . sanitize_text_field(stripslashes($_POST['search_value'])) . '%"' : '');
167
+ $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? sanitize_text_field(stripslashes($_POST['asc_or_desc'])) : 'asc');
168
  $asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
169
+ $order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && sanitize_text_field(stripslashes($_POST['order_by'])) != '') ? sanitize_text_field(stripslashes($_POST['order_by'])) : 'id') . ' ' . $asc_or_desc;
170
  if (isset($_POST['page_number']) && $_POST['page_number']) {
171
  $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
172
  }
182
  }
183
  public function page_nav() {
184
  global $wpdb;
185
+ $where = ((isset($_POST['search_value']) && (sanitize_text_field(stripslashes($_POST['search_value'])) != '')) ? 'WHERE title LIKE "%' . sanitize_text_field(stripslashes($_POST['search_value'])) . '%"' : '');
186
  $query = "SELECT COUNT(*) FROM " . $wpdb->prefix . "gmwd_maps " . $where;
187
  $total = $wpdb->get_var($query);
188
  $page_nav['total'] = $total;
admin/models/GMWDModelMarkers_gmwd.php CHANGED
@@ -24,7 +24,7 @@ class GMWDModelMarkers_gmwd extends GMWDModel {
24
  $row = json_decode($row);
25
  $row->title = str_replace("@@@",'&quot;',$row->title);
26
  $row->address = str_replace("@@@",'&quot;',$row->address);
27
- if(isset($_GET["dublicated"]) && $_GET["dublicated"] == 1){
28
  $row->id = "";
29
  }
30
  }
24
  $row = json_decode($row);
25
  $row->title = str_replace("@@@",'&quot;',$row->title);
26
  $row->address = str_replace("@@@",'&quot;',$row->address);
27
+ if(isset($_GET["dublicated"]) && intval($_GET["dublicated"]) == 1){
28
  $row->id = "";
29
  }
30
  }
admin/models/GMWDModelPolygons_gmwd.php CHANGED
@@ -23,7 +23,7 @@ class GMWDModelPolygons_gmwd extends GMWDModel {
23
  $row = json_decode(htmlspecialchars_decode(stripslashes($_POST["data"])));
24
  $row = json_decode($row);
25
  $row->title = str_replace("@@@",'&quot;',$row->title);
26
- if(isset($_GET["dublicated"]) && $_GET["dublicated"] == 1){
27
  $row->id = "";
28
  }
29
  }
23
  $row = json_decode(htmlspecialchars_decode(stripslashes($_POST["data"])));
24
  $row = json_decode($row);
25
  $row->title = str_replace("@@@",'&quot;',$row->title);
26
+ if(isset($_GET["dublicated"]) && intval($_GET["dublicated"]) == 1){
27
  $row->id = "";
28
  }
29
  }
admin/models/GMWDModelPolylines_gmwd.php CHANGED
@@ -19,11 +19,11 @@ class GMWDModelPolylines_gmwd extends GMWDModel {
19
  public function get_row($id){
20
  global $wpdb;
21
  $id = (int)$id;
22
- if(isset($_POST["data"]) && $_POST["data"] != "{}"){
23
  $row = json_decode(htmlspecialchars_decode(stripslashes($_POST["data"])));
24
  $row = json_decode($row);
25
  $row->title = str_replace("@@@",'&quot;',$row->title);
26
- if(isset($_GET["dublicated"]) && $_GET["dublicated"] == 1){
27
  $row->id = "";
28
  }
29
  }
19
  public function get_row($id){
20
  global $wpdb;
21
  $id = (int)$id;
22
+ if(isset($_POST["data"]) && sanitize_text_field($_POST["data"]) != "{}"){
23
  $row = json_decode(htmlspecialchars_decode(stripslashes($_POST["data"])));
24
  $row = json_decode($row);
25
  $row->title = str_replace("@@@",'&quot;',$row->title);
26
+ if(isset($_GET["dublicated"]) && intval($_GET["dublicated"]) == 1){
27
  $row->id = "";
28
  }
29
  }
admin/views/GMWDViewMaps_gmwd.php CHANGED
@@ -21,9 +21,9 @@ class GMWDViewMaps_gmwd extends GMWDView{
21
  public function display(){
22
  $rows = $this->model->get_rows();
23
  $page_nav = $this->model->page_nav();
24
- $search_value = ((isset($_POST['search_value'])) ? esc_html(stripslashes($_POST['search_value'])) : '');
25
- $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(stripslashes($_POST['asc_or_desc'])) : 'asc');
26
- $order_by = (isset($_POST['order_by']) ? esc_html(stripslashes($_POST['order_by'])) : 'id');
27
  $order_class = 'manage-column column-title sorted ' . $asc_or_desc;
28
 
29
  $per_page = $this->model->per_page();
@@ -78,7 +78,7 @@ class GMWDViewMaps_gmwd extends GMWDView{
78
  </th>
79
  <th class="col <?php if ($order_by == 'id') {echo $order_class;} ?>" width="8%">
80
  <a onclick="gmwdFormInputSet('order_by', 'id');
81
- gmwdFormInputSet('asc_or_desc', '<?php echo ((isset($_POST['asc_or_desc']) && isset($_POST['order_by']) && (esc_html(stripslashes($_POST['order_by'])) == 'id') && esc_html(stripslashes($_POST['asc_or_desc'])) == 'asc') ? 'desc' : 'asc'); ?>');
82
  document.getElementById('adminForm').submit();return false;" href="">
83
  <span>ID</span><span class="sorting-indicator"></span>
84
  </a>
@@ -86,7 +86,7 @@ class GMWDViewMaps_gmwd extends GMWDView{
86
 
87
  <th class="col <?php if ($order_by == 'title') {echo $order_class;} ?>">
88
  <a onclick="gmwdFormInputSet('order_by', 'title');
89
- gmwdFormInputSet('asc_or_desc', '<?php echo ((isset($_POST['asc_or_desc']) && isset($_POST['order_by']) && (esc_html(stripslashes($_POST['order_by'])) == 'title') && esc_html(stripslashes($_POST['asc_or_desc'])) == 'asc') ? 'desc' : 'asc'); ?>');
90
  document.getElementById('adminForm').submit();return false;" href="">
91
  <span><?php _e("Title","gmwd"); ?></span><span class="sorting-indicator"></span>
92
  </a>
@@ -99,7 +99,7 @@ class GMWDViewMaps_gmwd extends GMWDView{
99
  </th>
100
  <th class="col <?php if ($order_by == 'published') {echo $order_class;} ?>" width="10%">
101
  <a onclick="gmwdFormInputSet('order_by', 'published');
102
- gmwdFormInputSet('asc_or_desc', '<?php echo ((isset($_POST['asc_or_desc']) && isset($_POST['order_by']) && (esc_html(stripslashes($_POST['order_by'])) == 'published') && esc_html(stripslashes($_POST['asc_or_desc'])) == 'asc') ? 'desc' : 'asc'); ?>');
103
  document.getElementById('adminForm').submit();return false;" href="">
104
  <span><?php _e("Published","gmwd"); ?></span><span class="sorting-indicator"></span>
105
  </a>
21
  public function display(){
22
  $rows = $this->model->get_rows();
23
  $page_nav = $this->model->page_nav();
24
+ $search_value = ((isset($_POST['search_value'])) ? sanitize_text_field(stripslashes($_POST['search_value'])) : '');
25
+ $asc_or_desc = ((isset($_POST['asc_or_desc'])) ? sanitize_text_field(stripslashes($_POST['asc_or_desc'])) : 'asc');
26
+ $order_by = (isset($_POST['order_by']) ? sanitize_text_field(stripslashes($_POST['order_by'])) : 'id');
27
  $order_class = 'manage-column column-title sorted ' . $asc_or_desc;
28
 
29
  $per_page = $this->model->per_page();
78
  </th>
79
  <th class="col <?php if ($order_by == 'id') {echo $order_class;} ?>" width="8%">
80
  <a onclick="gmwdFormInputSet('order_by', 'id');
81
+ gmwdFormInputSet('asc_or_desc', '<?php echo ((isset($_POST['asc_or_desc']) && isset($_POST['order_by']) && (sanitize_text_field(stripslashes($_POST['order_by'])) == 'id') && sanitize_text_field(stripslashes($_POST['asc_or_desc'])) == 'asc') ? 'desc' : 'asc'); ?>');
82
  document.getElementById('adminForm').submit();return false;" href="">
83
  <span>ID</span><span class="sorting-indicator"></span>
84
  </a>
86
 
87
  <th class="col <?php if ($order_by == 'title') {echo $order_class;} ?>">
88
  <a onclick="gmwdFormInputSet('order_by', 'title');
89
+ gmwdFormInputSet('asc_or_desc', '<?php echo ((isset($_POST['asc_or_desc']) && isset($_POST['order_by']) && (sanitize_text_field(stripslashes($_POST['order_by'])) == 'title') && sanitize_text_field(stripslashes($_POST['asc_or_desc'])) == 'asc') ? 'desc' : 'asc'); ?>');
90
  document.getElementById('adminForm').submit();return false;" href="">
91
  <span><?php _e("Title","gmwd"); ?></span><span class="sorting-indicator"></span>
92
  </a>
99
  </th>
100
  <th class="col <?php if ($order_by == 'published') {echo $order_class;} ?>" width="10%">
101
  <a onclick="gmwdFormInputSet('order_by', 'published');
102
+ gmwdFormInputSet('asc_or_desc', '<?php echo ((isset($_POST['asc_or_desc']) && isset($_POST['order_by']) && (sanitize_text_field(stripslashes($_POST['order_by'])) == 'published') && sanitize_text_field(stripslashes($_POST['asc_or_desc'])) == 'asc') ? 'desc' : 'asc'); ?>');
103
  document.getElementById('adminForm').submit();return false;" href="">
104
  <span><?php _e("Published","gmwd"); ?></span><span class="sorting-indicator"></span>
105
  </a>
admin/views/GMWDViewMarkers_gmwd.php CHANGED
@@ -23,7 +23,7 @@ class GMWDViewMarkers_gmwd extends GMWDView{
23
  $row = $this->model->get_row($id);
24
  $animations = array("NONE" => __("None","gmwd"), "BOUNCE" => __("Bounce","gmwd"),"DROP" => __("Drop","gmwd"));
25
  $custom_marker_sizes = array("16" => "16X16","24" => "24X24","32" => "32X32", "48" => "48X48","64" => "64X64","122" => "122X122","256" => "256X256");
26
- $page = esc_html(stripslashes($_GET["page"]));
27
  $query_url = admin_url('admin-ajax.php');
28
 
29
  $query_url_select_icon = add_query_arg(array('action' => 'select_marker_icon', 'page' => 'markers_gmwd', 'task' => 'select_icon', 'width' => '900', 'height' => '600', 'callback' => 'selectMarkerIcon', 'nonce_gmwd' => wp_create_nonce('nonce_gmwd'), 'TB_iframe' => '1' ), $query_url);
@@ -210,7 +210,7 @@ class GMWDViewMarkers_gmwd extends GMWDView{
210
  <script>
211
  var _type = "markers";
212
  var GMWD_URL = "<?php echo GMWD_URL;?>";
213
- var _hiddenName = "<?php echo isset($_GET["hiddenName"]) ? esc_html(stripslashes($_GET["hiddenName"])) : ""; ?>";
214
  var markerDefaultIcon = "<?php echo gmwd_get_option("marker_default_icon");?>";
215
 
216
  </script>
@@ -226,145 +226,6 @@ class GMWDViewMarkers_gmwd extends GMWDView{
226
  }
227
 
228
  public function select_icon(){
229
- wp_print_scripts('jquery');
230
- $markers = array(
231
- "standart" => array("title" => __("Standart","gmwd"), "count" => 53),
232
- "coloring" => array("title" => __("Coloring","gmwd"), "count" => 14),
233
- "modern" => array("title" => __("Modern","gmwd"), "count" => 14),
234
- "cloth_texture" => array("title" => __("Cloth Texture","gmwd"), "count" => 14),
235
- "paper_texture" => array("title" => __("Paper Texture","gmwd"), "count" => 14),
236
- "retro" => array("title" => __("Retro","gmwd"), "count" => 14),
237
- "wood_texture" => array("title" => __("Wood Texture","gmwd"), "count" => 14),
238
- "added" => array("title" => __("Added Markers","gmwd"), "count" => ""),
239
- "custom" => array("title" => __("Create Custom","gmwd"), "count" => "")
240
- );
241
-
242
- ?>
243
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>load-styles.php?c=1&amp;dir=ltr&amp;load=admin-bar,wp-admin,dashicons,buttons,wp-auth-check" rel="stylesheet">
244
- <?php if (get_bloginfo('version') < '3.9') { ?>
245
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>css/colors<?php echo ((get_bloginfo('version') < '3.8') ? '-fresh' : ''); ?>.min.css" id="colors-css" rel="stylesheet">
246
- <?php } ?>
247
- <link media="all" type="text/css" href="<?php echo GMWD_URL . '/css/admin_main.css'; ?>" rel="stylesheet">
248
- <?php
249
- wp_enqueue_script('admin_main');
250
- wp_enqueue_script('markers_gmwd');
251
- wp_enqueue_script('jscolor');
252
- ?>
253
- <!-- header -->
254
- <div class="gmwd_opacity_div">
255
- <div class="gmwd_opacity_div_loading"><img src="<?php echo GMWD_URL;?>/images/loading.gif"></div>
256
- </div>
257
- <div class="gmwd_edit">
258
- <h2 style="margin-top:0">
259
- <span><?php _e("Choose Marker Image","gmwd");?></span>
260
- </h2>
261
- <div class="wd-row wd-table" style="width:100%">
262
- <div class="wd-cell wd-cell-valign-top">
263
- <ul class="wd-marker-tabs wd-clear">
264
- <?php foreach($markers as $marker_key => $marker_type){
265
- ?>
266
- <li>
267
- <a href="#marker-<?php echo $marker_key;?>" class="<?php echo $marker_key=="standart" ? "wd-marker-active-tab" : "" ;?>"><?php echo $marker_type["title"];?></a>
268
- </li>
269
- <?php
270
- }
271
- ?>
272
-
273
- </ul>
274
- </div>
275
- <div class="wd-marker-tabs-container wd-cell wd-cell-valign-top">
276
- <?php
277
- foreach($markers as $marker_key => $marker_type){
278
- if($marker_type["count"] == ""){
279
- continue;
280
- }
281
- ?>
282
- <div id="marker-<?php echo $marker_key;?>" class="wd-marker-container">
283
- <div class="wd-clear">
284
- <?php
285
- if(get_option("gmwd_download_markers") == 1){
286
- for($i=1; $i<$marker_type["count"]; $i++){
287
- ?>
288
- <div class="icon-block wd-left" onclick="gmwdChooseIcon(this);" data-icon-type="<?php echo str_replace("_", "", $marker_key);?>" data-icon-number="<?php echo $i;?>">
289
- <img src="<?php echo GMWD_URL . '/images/markers/'.str_replace("_", "", $marker_key).'/'.str_replace("_", "", $marker_key).'_'.$i.'_64.png';?>" width="60" style="vertical-align:middle;">
290
- </div>
291
- <?php
292
- }
293
- }
294
- else{
295
- ?>
296
- <div class="gmwd_download_markers">
297
- <a href="#" onclick="downloadMarkers(); return false;"><?php _e("Click to Download Markers","gmwd"); ?></a>
298
- </div>
299
- <?php
300
- }
301
- ?>
302
- </div>
303
- </div>
304
- <?php
305
- }
306
- ?>
307
- <div id="marker-added" class="wd-marker-container">
308
- <div class="wd-clear">
309
- <?php
310
- $added_markers = scandir(GMWD_DIR . "/images/markers/custom/customcreated");
311
-
312
- if(count($added_markers) > 2){
313
- for($i=0; $i<count($added_markers); $i++){
314
- if($added_markers[$i] == "." || $added_markers[$i] == ".." || substr_count($added_markers[$i], "_") > 1){
315
- continue;
316
- }
317
-
318
- ?>
319
- <div class="icon-block wd-left" onclick="gmwdChooseIcon(this);" data-icon-type="custom_added" data-icon-number="0">
320
- <img src="<?php echo GMWD_URL . '/images/markers/custom/customcreated/'.$added_markers[$i];?>" width="60" style="vertical-align:middle;">
321
- </div>
322
- <?php
323
- }
324
- }
325
- else{
326
- _e("You Have Not Created Any Markers","gmwd");
327
- }
328
-
329
- ?>
330
- </div>
331
- </div>
332
- <div id="marker-custom" class="wd-marker-container">
333
- <div class="wd-table">
334
- <div class="wd-cell wd-cell-valign-top">
335
- <div class="wd-clear custom-icons">
336
- <?php
337
- for($i=1; $i<26; $i++){
338
- ?>
339
- <div class="icon-block wd-left icon_tmpl" >
340
- <img src="<?php echo GMWD_URL . '/images/markers/custom/modern/marker_'.$i.'.png';?>" width="60" style="vertical-align:middle;" onclick="iconChange(this);" id="marker_<?php echo $i;?>">
341
- </div>
342
- <?php
343
- }
344
- ?>
345
- </div>
346
- </div>
347
- <div class="wd-cell wd-cell-valign-top">
348
- <?php _e("Background Color:","gmwd") ;?><br>
349
- <input type="text" class="color" id="background_color" onchange="backgroundChange();" value="00a0d2"><br>
350
- <?php _e("Icon Background Color:","gmwd") ;?><br>
351
- <input type="text" class="color" id="icon_background_color" onchange="backgroundChange();">
352
-
353
- <div class="custom-icon-result wd-row" id="icon_result">
354
- <img id='result_img' src='<?php echo GMWD_URL . '/images/markers/custom/modern/background.png';?>' />
355
- </div>
356
- <button class="wd-btn wd-btn-primary" onclick="gmwdChooseIcon(this);return false;" data-icon-type="custom" data-icon-number="0"> <?php _e("Get Image","gmwd") ;?></button>
357
- </div>
358
- </div>
359
- <input type="hidden" id="current_marker" value="">
360
- <input type="hidden" id="custom_marker_url" value="" name="custom_marker_url">
361
- </div>
362
- </div>
363
- </div>
364
- </div>
365
-
366
- <?php
367
- die();
368
  }
369
  ////////////////////////////////////////////////////////////////////////////////////////
370
  // Getters & Setters //
23
  $row = $this->model->get_row($id);
24
  $animations = array("NONE" => __("None","gmwd"), "BOUNCE" => __("Bounce","gmwd"),"DROP" => __("Drop","gmwd"));
25
  $custom_marker_sizes = array("16" => "16X16","24" => "24X24","32" => "32X32", "48" => "48X48","64" => "64X64","122" => "122X122","256" => "256X256");
26
+ $page = sanitize_text_field(stripslashes($_GET["page"]));
27
  $query_url = admin_url('admin-ajax.php');
28
 
29
  $query_url_select_icon = add_query_arg(array('action' => 'select_marker_icon', 'page' => 'markers_gmwd', 'task' => 'select_icon', 'width' => '900', 'height' => '600', 'callback' => 'selectMarkerIcon', 'nonce_gmwd' => wp_create_nonce('nonce_gmwd'), 'TB_iframe' => '1' ), $query_url);
210
  <script>
211
  var _type = "markers";
212
  var GMWD_URL = "<?php echo GMWD_URL;?>";
213
+ var _hiddenName = "<?php echo isset($_GET["hiddenName"]) ? sanitize_text_field(stripslashes($_GET["hiddenName"])) : ""; ?>";
214
  var markerDefaultIcon = "<?php echo gmwd_get_option("marker_default_icon");?>";
215
 
216
  </script>
226
  }
227
 
228
  public function select_icon(){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
229
  }
230
  ////////////////////////////////////////////////////////////////////////////////////////
231
  // Getters & Setters //
admin/views/GMWDViewPolygons_gmwd.php CHANGED
@@ -19,7 +19,7 @@ class GMWDViewPolygons_gmwd extends GMWDView{
19
  ////////////////////////////////////////////////////////////////////////////////////////
20
  public function edit($id){
21
  $row = $this->model->get_row($id);
22
- $page = esc_html(stripslashes($_GET["page"]));
23
 
24
  ?>
25
 
@@ -167,7 +167,7 @@ class GMWDViewPolygons_gmwd extends GMWDView{
167
  gmwdSlider(this.jQuery || this.Zepto, jQuery("#wd-overlays"));
168
  jscolor.init();
169
  var _type = "polygons";
170
- var _hiddenName = "<?php echo isset($_GET["hiddenName"]) ? esc_html(stripslashes($_GET["hiddenName"])) : ""; ?>";
171
  var markerDefaultIcon = "<?php echo gmwd_get_option("marker_default_icon");?>";
172
  </script>
173
  <?php
19
  ////////////////////////////////////////////////////////////////////////////////////////
20
  public function edit($id){
21
  $row = $this->model->get_row($id);
22
+ $page = sanitize_text_field(stripslashes($_GET["page"]));
23
 
24
  ?>
25
 
167
  gmwdSlider(this.jQuery || this.Zepto, jQuery("#wd-overlays"));
168
  jscolor.init();
169
  var _type = "polygons";
170
+ var _hiddenName = "<?php echo isset($_GET["hiddenName"]) ? sanitize_text_field(stripslashes($_GET["hiddenName"])) : ""; ?>";
171
  var markerDefaultIcon = "<?php echo gmwd_get_option("marker_default_icon");?>";
172
  </script>
173
  <?php
admin/views/GMWDViewPolylines_gmwd.php CHANGED
@@ -20,7 +20,7 @@ class GMWDViewPolylines_gmwd extends GMWDView{
20
 
21
  public function edit($id){
22
  $row = $this->model->get_row($id);
23
- $page = esc_html(stripslashes($_GET["page"]));
24
 
25
  ?>
26
  <div class="pois_wrapper gmwd_edit">
@@ -135,7 +135,7 @@ class GMWDViewPolylines_gmwd extends GMWDView{
135
  gmwdSlider(this.jQuery || this.Zepto, jQuery("#wd-overlays"));
136
  jscolor.init();
137
  var _type = "polylines";
138
- var _hiddenName = "<?php echo isset($_GET["hiddenName"]) ? esc_html(stripslashes($_GET["hiddenName"])) : ""; ?>";
139
  var markerDefaultIcon = "<?php echo gmwd_get_option("marker_default_icon");?>";
140
  </script>
141
  <?php
20
 
21
  public function edit($id){
22
  $row = $this->model->get_row($id);
23
+ $page = sanitize_text_field(stripslashes($_GET["page"]));
24
 
25
  ?>
26
  <div class="pois_wrapper gmwd_edit">
135
  gmwdSlider(this.jQuery || this.Zepto, jQuery("#wd-overlays"));
136
  jscolor.init();
137
  var _type = "polylines";
138
+ var _hiddenName = "<?php echo isset($_GET["hiddenName"]) ? sanitize_text_field(stripslashes($_GET["hiddenName"])) : ""; ?>";
139
  var markerDefaultIcon = "<?php echo gmwd_get_option("marker_default_icon");?>";
140
  </script>
141
  <?php
admin/views/GMWDViewShortcode_gmwd.php CHANGED
@@ -17,7 +17,8 @@ class GMWDViewShortcode_gmwd extends GMWDView{
17
  ////////////////////////////////////////////////////////////////////////////////////////
18
  // Public Methods //
19
  ////////////////////////////////////////////////////////////////////////////////////////
20
- public function display() {
 
21
  $shortcodes = $this->model->get_shortcodes();
22
  $max_short_code_id = $this->model->get_shortcode_max_id();
23
 
@@ -39,30 +40,55 @@ class GMWDViewShortcode_gmwd extends GMWDView{
39
  $map_api_url .= "&key=" . $api_keys[rand(0,4)];
40
  }
41
 
 
 
 
 
 
42
 
43
- wp_enqueue_script('admin_main');
44
- wp_enqueue_script('simple-slider');
45
- wp_enqueue_script('frontend_init_map-js', $map_api_url );
46
- wp_enqueue_script('gmwd_init_map_admin-js', GMWD_URL . '/js/init_map_admin.js');
47
- ?>
48
-
49
- <!--<script language="javascript" type="text/javascript" src="<?php echo site_url(); ?> /wp-includes/js/tinymce/tiny_mce_popup.js"></script>
50
- <script language="javascript" type="text/javascript" src="<?php echo site_url(); ?>/wp-includes/js/tinymce/utils/mctabs.js"></script>
51
- <script language="javascript" type="text/javascript" src="<?php echo site_url(); ?>/wp-includes/js/tinymce/utils/form_utils.js"></script>-->
52
-
53
- <?php if (get_bloginfo('version') >= '4.5') { ?>
54
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>load-styles.php?c=1&dir=ltr&load%5B%5D=dashicons,admin-bar,common,forms,admin-menu,dashboard,list-tables,edit,revisions,media,themes,about,nav-menus,widgets,site-icon,&load%5B%5D=l10n,buttons,wp-auth-check,media-views" rel="stylesheet">
55
- <?php }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
56
  else{
57
- ?>
58
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>load-styles.php?c=1&amp;dir=ltr&amp;load=admin-bar,wp-admin,dashicons,buttons,wp-auth-check" rel="stylesheet">
59
- <?php
 
 
 
 
 
60
  }
61
- if (get_bloginfo('version') < '3.9') { ?>
62
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>css/colors<?php echo ((get_bloginfo('version') < '3.8') ? '-fresh' : ''); ?>.min.css" id="colors-css" rel="stylesheet">
63
- <?php } ?>
64
- <link media="all" type="text/css" href="<?php echo GMWD_URL . '/css/admin_main.css'; ?>" rel="stylesheet">
65
- <link media="all" type="text/css" href="<?php echo GMWD_URL . '/css/simple-slider.css'; ?>" rel="stylesheet">
 
66
  <div class="" >
67
 
68
  <?php
17
  ////////////////////////////////////////////////////////////////////////////////////////
18
  // Public Methods //
19
  ////////////////////////////////////////////////////////////////////////////////////////
20
+ public function display() {
21
+
22
  $shortcodes = $this->model->get_shortcodes();
23
  $max_short_code_id = $this->model->get_shortcode_max_id();
24
 
40
  $map_api_url .= "&key=" . $api_keys[rand(0,4)];
41
  }
42
 
43
+ $version = get_option("gmwd_version");
44
+ wp_register_script('admin_main', GMWD_URL . '/js/admin_main.js', array(), $version);
45
+ wp_register_script('simple-slider', GMWD_URL . '/js/simple-slider.js', array(), $version);
46
+ wp_register_script('frontend_init_map-js', $map_api_url, array(), $version);
47
+ wp_register_script('gmwd_init_map_admin-js', GMWD_URL . '/js/init_map_admin.js', array(), $version);
48
 
49
+ wp_print_scripts('admin_main');
50
+ wp_print_scripts('simple-slider');
51
+ wp_print_scripts('frontend_init_map-js');
52
+ wp_print_scripts('gmwd_init_map_admin-js');
53
+ if (get_bloginfo('version') >= '4.5') {
54
+ $required_styles = array(
55
+ 'admin-bar',
56
+ 'dashicons',
57
+ 'common',
58
+ 'forms',
59
+ 'admin-menu',
60
+ 'dashboard',
61
+ 'list-tables',
62
+ 'edit',
63
+ 'revisions',
64
+ 'media',
65
+ 'themes',
66
+ 'about',
67
+ 'nav-menus',
68
+ 'widgets',
69
+ 'site-icon',
70
+ 'wp-admin', // admin styles
71
+ 'buttons', // buttons styles
72
+ 'media-views', // media uploader styles
73
+ 'wp-auth-check', // check all
74
+ );
75
+ }
76
  else{
77
+ $required_styles = array(
78
+ 'admin-bar',
79
+ 'dashicons',
80
+ 'wp-admin', // admin styles
81
+ 'buttons', // buttons styles
82
+ 'media-views', // media uploader styles
83
+ 'wp-auth-check', // check all
84
+ );
85
  }
86
+
87
+ wp_register_style('admin_main', GMWD_URL . '/css/admin_main.css', $required_styles, $version);
88
+ wp_register_style( 'simple-slider', GMWD_URL . '/css/simple-slider.css', array(), $version );
89
+ wp_print_styles('admin_main');
90
+ wp_print_styles('simple-slider');
91
+ ?>
92
  <div class="" >
93
 
94
  <?php
framework/GMWDHelper.php CHANGED
@@ -210,7 +210,7 @@ class GMWDHelper {
210
  </div>
211
  <?php if (!$pager) { ?>
212
  <input type="hidden" id="page_number" name="page_number" value="<?php echo ((isset($_POST['page_number'])) ? (int) $_POST['page_number'] : 1); ?>" />
213
- <input type="hidden" id="search_or_not" name="search_or_not" value="<?php echo ((isset($_POST['search_or_not'])) ? esc_html($_POST['search_or_not']) : ''); ?>"/>
214
  <?php
215
  }
216
  }
@@ -244,9 +244,9 @@ class GMWDHelper {
244
  }
245
 
246
  public static function print_message() {
247
- $message_id = isset($_GET["message_id"]) ? $_GET["message_id"] : "";
248
  if(!ctype_digit($message_id) && $message_id ){
249
- echo '<div style="width:99%"><div class="error"><p><strong>'.sanitize_text_field($message_id) .'</strong></p></div></div>';
250
  return;
251
  }
252
  switch($message_id){
210
  </div>
211
  <?php if (!$pager) { ?>
212
  <input type="hidden" id="page_number" name="page_number" value="<?php echo ((isset($_POST['page_number'])) ? (int) $_POST['page_number'] : 1); ?>" />
213
+ <input type="hidden" id="search_or_not" name="search_or_not" value="<?php echo ((isset($_POST['search_or_not'])) ? sanitize_text_field($_POST['search_or_not']) : ''); ?>"/>
214
  <?php
215
  }
216
  }
244
  }
245
 
246
  public static function print_message() {
247
+ $message_id = isset($_GET["message_id"]) ? sanitize_text_field($_GET["message_id"]) : "";
248
  if(!ctype_digit($message_id) && $message_id ){
249
+ echo '<div style="width:99%"><div class="error"><p><strong>'.$message_id .'</strong></p></div></div>';
250
  return;
251
  }
252
  switch($message_id){
frontend/controllers/GMWDControllerFrontendMap.php CHANGED
@@ -37,7 +37,7 @@ class GMWDControllerFrontendMap extends GMWDControllerFrontend{
37
  $radius = floatval($_POST["radius"]);
38
  $lat = floatval($_POST["lat"]);
39
  $lng = floatval($_POST["lng"]);
40
- $distance_in = esc_html(stripslashes($_POST["distance_in"]));
41
 
42
  $distance_in = $distance_in == "km" ? 6371 : 3959;
43
 
37
  $radius = floatval($_POST["radius"]);
38
  $lat = floatval($_POST["lat"]);
39
  $lng = floatval($_POST["lng"]);
40
+ $distance_in = sanitize_text_field(stripslashes($_POST["distance_in"]));
41
 
42
  $distance_in = $distance_in == "km" ? 6371 : 3959;
43
 
frontend/models/GMWDModelFrontendMap.php CHANGED
@@ -62,10 +62,10 @@ class GMWDModelFrontendMap extends GMWDModelFrontend{
62
  if($id){
63
 
64
 
65
- $radius = isset($_POST["radius"]) ? esc_html(stripslashes($_POST["radius"])) : "";
66
- $lat = isset($_POST["lat"]) ? esc_html(stripslashes($_POST["lat"])) : "";
67
- $lng = isset($_POST["lng"]) ? esc_html(stripslashes($_POST["lng"])) : "";
68
- $distance_in = isset($_POST["distance_in"]) ? esc_html(stripslashes($_POST["distance_in"])) : "";
69
  $distance_in = $distance_in == "km" ? 6371 : 3959;
70
 
71
  $select_distance = "";
@@ -75,7 +75,7 @@ class GMWDModelFrontendMap extends GMWDModelFrontend{
75
  $having_distance = "HAVING distance<".$radius;
76
  }
77
 
78
- $limit = isset($_POST["limit"]) ? esc_html(stripslashes($_POST["limit"])) : 20;
79
  $limit_by = " LIMIT 0, ". (int)$limit;
80
 
81
  $markers = $wpdb->get_results("SELECT T_MARKERS.* ".$select_distance." FROM " . $wpdb->prefix . "gmwd_markers AS T_MARKERS WHERE T_MARKERS.published = '1' AND T_MARKERS.map_id= '".$id."' ".$having_distance." ORDER BY T_MARKERS.id");
62
  if($id){
63
 
64
 
65
+ $radius = isset($_POST["radius"]) ? sanitize_text_field(stripslashes($_POST["radius"])) : "";
66
+ $lat = isset($_POST["lat"]) ? sanitize_text_field(stripslashes($_POST["lat"])) : "";
67
+ $lng = isset($_POST["lng"]) ? sanitize_text_field(stripslashes($_POST["lng"])) : "";
68
+ $distance_in = isset($_POST["distance_in"]) ? sanitize_text_field(stripslashes($_POST["distance_in"])) : "";
69
  $distance_in = $distance_in == "km" ? 6371 : 3959;
70
 
71
  $select_distance = "";
75
  $having_distance = "HAVING distance<".$radius;
76
  }
77
 
78
+ $limit = isset($_POST["limit"]) ? intval(stripslashes($_POST["limit"])) : 20;
79
  $limit_by = " LIMIT 0, ". (int)$limit;
80
 
81
  $markers = $wpdb->get_results("SELECT T_MARKERS.* ".$select_distance." FROM " . $wpdb->prefix . "gmwd_markers AS T_MARKERS WHERE T_MARKERS.published = '1' AND T_MARKERS.map_id= '".$id."' ".$having_distance." ORDER BY T_MARKERS.id");
gmwd_admin_class.php CHANGED
@@ -12,7 +12,7 @@ class GMWDAdmin
12
  // Variables //
13
  ////////////////////////////////////////////////////////////////////////////////////////
14
  protected static $instance = null;
15
- private static $version = '1.0.60';
16
  ////////////////////////////////////////////////////////////////////////////////////////
17
  // Constructor & Destructor //
18
  ////////////////////////////////////////////////////////////////////////////////////////
12
  // Variables //
13
  ////////////////////////////////////////////////////////////////////////////////////////
14
  protected static $instance = null;
15
+ private static $version = '1.0.61';
16
  ////////////////////////////////////////////////////////////////////////////////////////
17
  // Constructor & Destructor //
18
  ////////////////////////////////////////////////////////////////////////////////////////
gmwd_class.php CHANGED
@@ -63,7 +63,7 @@ class GMWD{
63
  function add_localization() {
64
  $path = dirname(plugin_basename(__FILE__)) . '/languages/';
65
  $loaded = load_plugin_textdomain('gmwd', false, $path);
66
- if (isset($_GET['page']) && $_GET['page'] == basename(__FILE__) && !$loaded) {
67
  echo '<div class="error">Google Maps WD ' . __('Could not load the localization file: ' . $path, 'gmwd') . '</div>';
68
  return;
69
  }
63
  function add_localization() {
64
  $path = dirname(plugin_basename(__FILE__)) . '/languages/';
65
  $loaded = load_plugin_textdomain('gmwd', false, $path);
66
+ if (isset($_GET['page']) && sanitize_text_field($_GET['page']) == basename(__FILE__) && !$loaded) {
67
  echo '<div class="error">Google Maps WD ' . __('Could not load the localization file: ' . $path, 'gmwd') . '</div>';
68
  return;
69
  }
google-maps-setup.php CHANGED
@@ -50,8 +50,43 @@ class GMWDSetupWizard {
50
  'slug' => "setup_ready",
51
  )
52
  );
53
-
54
- wp_enqueue_style ( 'admin_main-css', GMWD_URL . '/css/admin_main.css', array (), '' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
55
  wp_enqueue_style ( 'simple_slider-css', GMWD_URL . '/css/simple-slider.css', array (), '' );
56
 
57
  wp_register_script ( 'jquery', FALSE, array ('jquery-core','jquery-migrate'), '1.10.2' );
@@ -111,17 +146,6 @@ class GMWDSetupWizard {
111
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
112
  <title><?php _e( 'Google Maps &rsaquo; Setup Wizard', 'gmwd' ); ?></title>
113
 
114
- <?php if (get_bloginfo('version') >= '4.5') { ?>
115
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>load-styles.php?c=1&dir=ltr&load%5B%5D=dashicons,admin-bar,common,forms,admin-menu,dashboard,list-tables,edit,revisions,media,themes,about,nav-menus,widgets,site-icon,&load%5B%5D=l10n,buttons,wp-auth-check,media-views" rel="stylesheet">
116
- <?php }
117
- else{
118
- ?>
119
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>load-styles.php?c=1&amp;dir=ltr&amp;load=admin-bar,wp-admin,dashicons,buttons,wp-auth-check" rel="stylesheet">
120
- <?php
121
- }
122
- if (get_bloginfo('version') < '3.9') { ?>
123
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>css/colors<?php echo ((get_bloginfo('version') < '3.8') ? '-fresh' : ''); ?>.min.css" id="colors-css" rel="stylesheet">
124
- <?php } ?>
125
  <?php do_action( 'admin_print_styles' ); ?>
126
  <?php do_action( 'admin_head' ); ?>
127
  <?php wp_print_scripts( 'jquery' ); ?>
@@ -481,7 +505,7 @@ class GMWDSetupWizard {
481
 
482
  for($i = 0; $i < count ( $names ); $i ++) {
483
  $name = $names [$i];
484
- $value = isset($_POST[$name]) ? $_POST[$name] : null;
485
 
486
  if ($value !== null) {
487
  $data = array ();
50
  'slug' => "setup_ready",
51
  )
52
  );
53
+
54
+ if (get_bloginfo('version') >= '4.5') {
55
+ $required_styles = array(
56
+ 'admin-bar',
57
+ 'dashicons',
58
+ 'common',
59
+ 'forms',
60
+ 'admin-menu',
61
+ 'dashboard',
62
+ 'list-tables',
63
+ 'edit',
64
+ 'revisions',
65
+ 'media',
66
+ 'themes',
67
+ 'about',
68
+ 'nav-menus',
69
+ 'widgets',
70
+ 'site-icon',
71
+ 'wp-admin', // admin styles
72
+ 'buttons', // buttons styles
73
+ 'media-views', // media uploader styles
74
+ 'wp-auth-check', // check all
75
+ );
76
+ }
77
+ else{
78
+ $required_styles = array(
79
+ 'admin-bar',
80
+ 'dashicons',
81
+ 'wp-admin', // admin styles
82
+ 'buttons', // buttons styles
83
+ 'media-views', // media uploader styles
84
+ 'wp-auth-check', // check all
85
+ );
86
+ }
87
+
88
+
89
+ wp_enqueue_style ( 'admin_main-css', GMWD_URL . '/css/admin_main.css', $required_styles, '' );
90
  wp_enqueue_style ( 'simple_slider-css', GMWD_URL . '/css/simple-slider.css', array (), '' );
91
 
92
  wp_register_script ( 'jquery', FALSE, array ('jquery-core','jquery-migrate'), '1.10.2' );
146
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
147
  <title><?php _e( 'Google Maps &rsaquo; Setup Wizard', 'gmwd' ); ?></title>
148
 
 
 
 
 
 
 
 
 
 
 
 
149
  <?php do_action( 'admin_print_styles' ); ?>
150
  <?php do_action( 'admin_head' ); ?>
151
  <?php wp_print_scripts( 'jquery' ); ?>
505
 
506
  for($i = 0; $i < count ( $names ); $i ++) {
507
  $name = $names [$i];
508
+ $value = isset($_POST[$name]) ? sanitize_text_field($_POST[$name]) : null;
509
 
510
  if ($value !== null) {
511
  $data = array ();
preview.php CHANGED
@@ -86,10 +86,6 @@ class GMWDPreview {
86
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
87
  <title><?php _e( 'Google Maps &rsaquo; Setup Wizard', 'gmwd' ); ?></title>
88
 
89
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>load-styles.php?c=1&amp;dir=ltr&amp;load=admin-bar,wp-admin,dashicons,buttons,wp-auth-check" rel="stylesheet">
90
- <?php if (get_bloginfo('version') < '3.9') { ?>
91
- <link media="all" type="text/css" href="<?php echo get_admin_url(); ?>css/colors<?php echo ((get_bloginfo('version') < '3.8') ? '-fresh' : ''); ?>.min.css" id="colors-css" rel="stylesheet">
92
- <?php } ?>
93
  <?php do_action( 'admin_print_styles' ); ?>
94
  <?php do_action( 'admin_head' ); ?>
95
  <?php wp_print_scripts( 'jquery' ); ?>
86
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
87
  <title><?php _e( 'Google Maps &rsaquo; Setup Wizard', 'gmwd' ); ?></title>
88
 
 
 
 
 
89
  <?php do_action( 'admin_print_styles' ); ?>
90
  <?php do_action( 'admin_head' ); ?>
91
  <?php wp_print_scripts( 'jquery' ); ?>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: webdorado,10web,wdsupport
3
  Tags: google map, google maps, map, map markers, maps, directions, google map plugin, google maps plugin, map plugin, wp google map, wp google maps, google map widget
4
  Requires at least: 3.4
5
  Tested up to: 5.2
6
- Stable tag: 1.0.60
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -12,7 +12,7 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  == Description ==
13
 
14
 
15
- [WordPress 10Web Google Maps](https://10web.io/plugins/wordpress-google-maps/)
16
  [Demo](https://demo.10web.io/google-maps/)
17
  [User Guide](https://help.10web.io/hc/en-us/articles/360017782751-Installation-Wizard-and-API-Configuration)
18
 
@@ -20,7 +20,7 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
20
  https://www.youtube.com/watch?v=bUI4ObvKlkA
21
 
22
 
23
- 10Web Google Maps combines quality and simplicity, offering you an easy way to add unlimited Maps to your website. It’s an out of the box solution with some powerful functionality and additional customization options. The plugin is distinguished for its feature-packed free version, offering what are usually premium features absolutely free, such as unlimited number of responsive maps, geolocation feature, store locator, layers, unlimited markers, and more. Another great thing about it is that it features an intuitive builder, letting you customize your maps and preview the changes immediately with the live preview option. For additional quality features like marker icon builder, directions, skins and themes, marker listing and multi-level marker categories there is the premium version, which will let you further personalize your maps. Plugin uses clean code, which guarantees smooth operation and compatibility with any WordPress theme.
24
 
25
 
26
 
@@ -139,10 +139,7 @@ Activate 10Web Google Maps by going to Plugins and pressing Activate button.
139
 
140
  == Changelog ==
141
 
142
- = 1.0.60 =
143
- * Fixed: Security issues
144
-
145
- = 1.0.59 =
146
  * Fixed: Security issues
147
 
148
  = 1.0.58 =
3
  Tags: google map, google maps, map, map markers, maps, directions, google map plugin, google maps plugin, map plugin, wp google map, wp google maps, google map widget
4
  Requires at least: 3.4
5
  Tested up to: 5.2
6
+ Stable tag: 1.0.61
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
12
  == Description ==
13
 
14
 
15
+ [10Web Map Builder for Google Maps](https://10web.io/plugins/wordpress-google-maps/)
16
  [Demo](https://demo.10web.io/google-maps/)
17
  [User Guide](https://help.10web.io/hc/en-us/articles/360017782751-Installation-Wizard-and-API-Configuration)
18
 
20
  https://www.youtube.com/watch?v=bUI4ObvKlkA
21
 
22
 
23
+ 10Web Map Builder for Google Maps combines quality and simplicity, offering you an easy way to add unlimited Maps to your website. It’s an out of the box solution with some powerful functionality and additional customization options. The plugin is distinguished for its feature-packed free version, offering what are usually premium features absolutely free, such as unlimited number of responsive maps, geolocation feature, store locator, layers, unlimited markers, and more. Another great thing about it is that it features an intuitive builder, letting you customize your maps and preview the changes immediately with the live preview option. For additional quality features like marker icon builder, directions, skins and themes, marker listing and multi-level marker categories there is the premium version, which will let you further personalize your maps. Plugin uses clean code, which guarantees smooth operation and compatibility with any WordPress theme.
24
 
25
 
26
 
139
 
140
  == Changelog ==
141
 
142
+ = 1.0.61 =
 
 
 
143
  * Fixed: Security issues
144
 
145
  = 1.0.58 =
wd-google-maps.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: 10Web Google Maps
5
  * Plugin URI: https://10web.io/plugins/wordpress-google-maps/
6
  * Description: 10Web Google Maps is an intuitive tool for creating Google maps with advanced markers, custom layers and overlays for your website.
7
- * Version: 1.0.60
8
  * Author: 10Web
9
  * Author URI: https://10web.io/plugins
10
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
@@ -30,6 +30,7 @@ if (is_admin()) {
30
  add_action('wp_ajax_add_rectangle', array('GMWDAdmin', 'gmwd_ajax'));
31
 
32
  add_action('admin_enqueue_scripts', 'gmwd_register_admin_scripts');
 
33
  }
34
 
35
 
@@ -41,6 +42,10 @@ function gmwd_register_admin_scripts() {
41
  wp_register_script('admin_main', GMWD_URL . '/js/admin_main.js', array(), $version );
42
  wp_register_script('markers_gmwd', GMWD_URL . '/js/markers_gmwd.js', array(), $version );
43
  wp_register_script('jscolor', GMWD_URL . '/js/jscolor/jscolor.js', array(), $version );
 
 
 
 
44
  }
45
 
46
  require_once('gmwd_class.php');
@@ -140,7 +145,7 @@ function gmwd_bp_install_notice()
140
  if (get_option('wds_bk_notice_status') !== false) {
141
  update_option('wds_bk_notice_status', '1', 'no');
142
  }
143
- if (!isset($_GET['page']) || strpos(esc_html($_GET['page']), '_gmwd') === false) {
144
  return '';
145
  }
146
 
4
  * Plugin Name: 10Web Google Maps
5
  * Plugin URI: https://10web.io/plugins/wordpress-google-maps/
6
  * Description: 10Web Google Maps is an intuitive tool for creating Google maps with advanced markers, custom layers and overlays for your website.
7
+ * Version: 1.0.61
8
  * Author: 10Web
9
  * Author URI: https://10web.io/plugins
10
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
30
  add_action('wp_ajax_add_rectangle', array('GMWDAdmin', 'gmwd_ajax'));
31
 
32
  add_action('admin_enqueue_scripts', 'gmwd_register_admin_scripts');
33
+ add_action('admin_enqueue_style', 'gmwd_register_admin_styles');
34
  }
35
 
36
 
42
  wp_register_script('admin_main', GMWD_URL . '/js/admin_main.js', array(), $version );
43
  wp_register_script('markers_gmwd', GMWD_URL . '/js/markers_gmwd.js', array(), $version );
44
  wp_register_script('jscolor', GMWD_URL . '/js/jscolor/jscolor.js', array(), $version );
45
+
46
+ wp_register_style( 'admin_main', GMWD_URL . '/css/admin_main.css', array(), $version );
47
+ wp_register_style( 'simple-slider', GMWD_URL . '/css/simple-slider.css', array(), $version );
48
+
49
  }
50
 
51
  require_once('gmwd_class.php');
145
  if (get_option('wds_bk_notice_status') !== false) {
146
  update_option('wds_bk_notice_status', '1', 'no');
147
  }
148
+ if (!isset($_GET['page']) || strpos(sanitize_text_field($_GET['page']), '_gmwd') === false) {
149
  return '';
150
  }
151
 
wd/includes/deactivate.php CHANGED
@@ -112,18 +112,18 @@ class TenWebLibDeactivate
112
  $wd_options = $this->config;
113
  if (isset($_POST[$wd_options->prefix . "_submit_and_deactivate"])) {
114
 
115
- if ($_POST[$wd_options->prefix . "_submit_and_deactivate"] == 2 || $_POST[$wd_options->prefix . "_submit_and_deactivate"] == 3) {
116
  //$api = new TenWebLibApi( $wd_options );
117
 
118
  $data = array();
119
 
120
- $data["reason"] = isset($_POST[$wd_options->prefix . "_reasons"]) ? $_POST[$wd_options->prefix . "_reasons"] : "";
121
  $data["site_url"] = site_url();
122
  $data["product_id"] = $wd_options->plugin_id;
123
 
124
- $data["additional_details"] = isset($_POST[$wd_options->prefix . "_additional_details"]) ? $_POST[$wd_options->prefix . "_additional_details"] : "";
125
  $admin_data = wp_get_current_user();
126
- $data["email"] = isset($_POST[$wd_options->prefix . "_email"]) ? $_POST[$wd_options->prefix . "_email"] : $admin_data->data->user_email;
127
  $user_first_name = get_user_meta($admin_data->ID, "first_name", true);
128
  $user_last_name = get_user_meta($admin_data->ID, "last_name", true);
129
 
@@ -147,7 +147,7 @@ class TenWebLibDeactivate
147
  }*/
148
 
149
  }
150
- if ($_POST[$wd_options->prefix . "_submit_and_deactivate"] == 2 || $_POST[$wd_options->prefix . "_submit_and_deactivate"] == 1) {
151
  $deactivate_url =
152
  add_query_arg(
153
  array(
112
  $wd_options = $this->config;
113
  if (isset($_POST[$wd_options->prefix . "_submit_and_deactivate"])) {
114
 
115
+ if (intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 2 || intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 3) {
116
  //$api = new TenWebLibApi( $wd_options );
117
 
118
  $data = array();
119
 
120
+ $data["reason"] = isset($_POST[$wd_options->prefix . "_reasons"]) ? sanitize_text_field($_POST[$wd_options->prefix . "_reasons"]) : "";
121
  $data["site_url"] = site_url();
122
  $data["product_id"] = $wd_options->plugin_id;
123
 
124
+ $data["additional_details"] = isset($_POST[$wd_options->prefix . "_additional_details"]) ? sanitize_text_field($_POST[$wd_options->prefix . "_additional_details"]) : "";
125
  $admin_data = wp_get_current_user();
126
+ $data["email"] = isset($_POST[$wd_options->prefix . "_email"]) ? sanitize_email($_POST[$wd_options->prefix . "_email"]) : $admin_data->data->user_email;
127
  $user_first_name = get_user_meta($admin_data->ID, "first_name", true);
128
  $user_last_name = get_user_meta($admin_data->ID, "last_name", true);
129
 
147
  }*/
148
 
149
  }
150
+ if (intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 2 || intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 1) {
151
  $deactivate_url =
152
  add_query_arg(
153
  array(
wd/includes/notices.php CHANGED
@@ -131,9 +131,9 @@ class TenWebLibNotices {
131
  public function admin_notice_ignore() {
132
  $wd_options = $this->config;
133
  // If user clicks to ignore the notice, update the option to not show it again
134
- if ( isset( $_GET[$wd_options->prefix . '_admin_notice_ignore'] ) ) {
135
  $admin_notices_option = get_option( $wd_options->prefix . '_admin_notice', array() );
136
- $admin_notices_option[$_GET[$wd_options->prefix . '_admin_notice_ignore']]['dismissed'] = 1;
137
  update_option( $wd_options->prefix . '_admin_notice', $admin_notices_option );
138
  $query_str = remove_query_arg( $wd_options->prefix . '_admin_notice_ignore' );
139
  wp_redirect( $query_str );
@@ -149,12 +149,12 @@ class TenWebLibNotices {
149
  $admin_notices_option = get_option( $wd_options->prefix . '_admin_notice', array() );
150
  $current_date = current_time( "n/j/Y" );
151
  $date_array = explode( '/', $current_date );
152
- $interval = (isset($_GET['wd_int']) ? $_GET['wd_int'] : 14);
153
  $date_array[1] += $interval;
154
  $new_start = date( "n/j/Y", mktime( 0, 0, 0, $date_array[0], $date_array[1], $date_array[2] ) );
155
 
156
- $admin_notices_option[$_GET[$wd_options->prefix . '_admin_notice_temp_ignore']]['start'] = $new_start;
157
- $admin_notices_option[$_GET[$wd_options->prefix . '_admin_notice_temp_ignore']]['dismissed'] = 0;
158
  update_option( $wd_options->prefix . '_admin_notice', $admin_notices_option );
159
  $query_str = remove_query_arg( array( $wd_options->prefix . '_admin_notice_temp_ignore', 'wd_int' ) );
160
  wp_redirect( $query_str );
@@ -166,7 +166,7 @@ class TenWebLibNotices {
166
  $wd_options = $this->config;
167
  foreach ( $pages as $key => $page ) {
168
  if (is_array($page)) {
169
- if ( isset( $_GET['page'] ) && $_GET['page'] == $page[0] && isset($_GET['tab']) && $_GET['tab'] == $page[1] ) {
170
  return true;
171
  }
172
  }
@@ -177,7 +177,7 @@ class TenWebLibNotices {
177
  if ( get_current_screen()->id === $page ) {
178
  return true;
179
  }
180
- if ( isset($_GET['page']) && $_GET['page'] == $page ) {
181
  return true;
182
  }
183
  }
131
  public function admin_notice_ignore() {
132
  $wd_options = $this->config;
133
  // If user clicks to ignore the notice, update the option to not show it again
134
+ if ( isset( $_GET[$wd_options->prefix . '_admin_notice_ignore'] )) {
135
  $admin_notices_option = get_option( $wd_options->prefix . '_admin_notice', array() );
136
+ $admin_notices_option[sanitize_text_field($_GET[$wd_options->prefix . '_admin_notice_ignore'])]['dismissed'] = 1;
137
  update_option( $wd_options->prefix . '_admin_notice', $admin_notices_option );
138
  $query_str = remove_query_arg( $wd_options->prefix . '_admin_notice_ignore' );
139
  wp_redirect( $query_str );
149
  $admin_notices_option = get_option( $wd_options->prefix . '_admin_notice', array() );
150
  $current_date = current_time( "n/j/Y" );
151
  $date_array = explode( '/', $current_date );
152
+ $interval = (isset($_GET['wd_int']) ? intval($_GET['wd_int']) : 14);
153
  $date_array[1] += $interval;
154
  $new_start = date( "n/j/Y", mktime( 0, 0, 0, $date_array[0], $date_array[1], $date_array[2] ) );
155
 
156
+ $admin_notices_option[sanitize_text_field($_GET[$wd_options->prefix . '_admin_notice_temp_ignore'])]['start'] = $new_start;
157
+ $admin_notices_option[sanitize_text_field($_GET[$wd_options->prefix . '_admin_notice_temp_ignore'])]['dismissed'] = 0;
158
  update_option( $wd_options->prefix . '_admin_notice', $admin_notices_option );
159
  $query_str = remove_query_arg( array( $wd_options->prefix . '_admin_notice_temp_ignore', 'wd_int' ) );
160
  wp_redirect( $query_str );
166
  $wd_options = $this->config;
167
  foreach ( $pages as $key => $page ) {
168
  if (is_array($page)) {
169
+ if ( isset( $_GET['page'] ) && sanitize_text_field($_GET['page']) == $page[0] && isset($_GET['tab']) && sanitize_text_field($_GET['tab']) == $page[1] ) {
170
  return true;
171
  }
172
  }
177
  if ( get_current_screen()->id === $page ) {
178
  return true;
179
  }
180
+ if ( isset($_GET['page']) && sanitize_text_field($_GET['page']) == $page ) {
181
  return true;
182
  }
183
  }
wd/includes/subscribe.php CHANGED
@@ -53,7 +53,7 @@ class TenWebLibSubscribe
53
  $wd_options = $this->config;
54
  if (isset($_GET[$wd_options->prefix . "_sub_action"])) {
55
 
56
- if ($_GET[$wd_options->prefix . "_sub_action"] == "allow") {
57
  //$api = new TenWebLibApi($wd_options);
58
  $all_plugins = array();
59
  $plugins = get_plugins();
53
  $wd_options = $this->config;
54
  if (isset($_GET[$wd_options->prefix . "_sub_action"])) {
55
 
56
+ if (sanitize_text_field($_GET[$wd_options->prefix . "_sub_action"]) == "allow") {
57
  //$api = new TenWebLibApi($wd_options);
58
  $all_plugins = array();
59
  $plugins = get_plugins();