WP Google Maps - Version 6.2.1

Version Description

Please update your WP Google Maps version to 6.2.1 to ensure you are using the latest security enhancements.

Release Info

Developer	WPGMaps
Plugin	WP Google Maps
Version	6.2.1
Comparing to
See all releases

Code changes from version 6.2.0 to 6.2.1

Files changed (7) hide show

base/includes/wp-google-maps-polylines.php +3 -3
cache/timthumb_cacheLastCleanTime.touch +0 -0
cache/timthumb_int_1feb94dfe4564036dfa309e87c1c70aa.timthumb.txt +0 -0
cache/timthumb_int_9b31d30bd2ddcfe0c062091cc5c498d7.timthumb.txt +0 -0
cache/wpgmaps.tmp +1 -0
readme.txt +6 -0
wpGoogleMaps.php +146 -143

base/includes/wp-google-maps-polylines.php CHANGED Viewed

	@@ -93,7 +93,7 @@ function wpgmza_b_pro_edit_polyline($mid) {
93	global $wpdb;
94	if ($_GET['action'] == "edit_polyline" && isset($mid)) {
95	$res = wpgmza_get_map_data($mid);
96	- $pol = wpgmza_b_return_polyline_options($_GET['poly_id']);
97
98	echo "
99
	@@ -105,7 +105,7 @@ function wpgmza_b_pro_edit_polyline($mid) {
105	<h2>".__("Edit Polyline","wp-google-maps")."</h2>
106	<form action='?page=wp-google-maps-menu&action=edit&map_id=".$mid."' method='post' id='wpgmaps_edit_poly_form'>
107	<input type='hidden' name='wpgmaps_map_id' id='wpgmaps_map_id' value='".$mid."' />
108	- <input type='hidden' name='wpgmaps_poly_id' id='wpgmaps_poly_id' value='".$_GET['poly_id']."' />
109	<table>
110	<tr>
111	<td>
	@@ -170,7 +170,7 @@ function wpgmza_b_pro_edit_polyline($mid) {
170
171	}
172	function wpgmaps_b_admin_add_polyline_javascript($mapid) {
173	- $res = wpgmza_get_map_data($_GET['map_id']);
174	$wpgmza_settings = get_option("WPGMZA_OTHER_SETTINGS");
175
176


93	global $wpdb;
94	if ($_GET['action'] == "edit_polyline" && isset($mid)) {
95	$res = wpgmza_get_map_data($mid);
96	+ $pol = wpgmza_b_return_polyline_options(sanitize_text_field($_GET['poly_id']));
97
98	echo "
99

105	<h2>".__("Edit Polyline","wp-google-maps")."</h2>
106	<form action='?page=wp-google-maps-menu&action=edit&map_id=".$mid."' method='post' id='wpgmaps_edit_poly_form'>
107	<input type='hidden' name='wpgmaps_map_id' id='wpgmaps_map_id' value='".$mid."' />
108	+ <input type='hidden' name='wpgmaps_poly_id' id='wpgmaps_poly_id' value='".sanitize_text_field($_GET['poly_id'])."' />
109	<table>
110	<tr>
111	<td>

170
171	}
172	function wpgmaps_b_admin_add_polyline_javascript($mapid) {
173	+ $res = wpgmza_get_map_data(sanitize_text_field($_GET['map_id']));
174	$wpgmza_settings = get_option("WPGMZA_OTHER_SETTINGS");
175
176

cache/timthumb_cacheLastCleanTime.touch ADDED Viewed

File without changes

cache/timthumb_int_1feb94dfe4564036dfa309e87c1c70aa.timthumb.txt ADDED Viewed

Binary file

cache/timthumb_int_9b31d30bd2ddcfe0c062091cc5c498d7.timthumb.txt ADDED Viewed

Binary file

cache/wpgmaps.tmp ADDED Viewed

	@@ -0,0 +1 @@


1	+ Permission Check

readme.txt CHANGED Viewed

	@@ -184,6 +184,9 @@ Try [Nifty Maps](http://www.niftymaps.co) - Comprehensive Map Builder for all we
184
185	== Upgrade Notice ==
186



187	= 6.1.10 =
188	Please update WP Google Maps to version 6.1.10 to enable our latest security enhancements.
189
	@@ -195,6 +198,9 @@ Please upgrade your version of WP Google Maps to version 6.0.27 as it includes m
195
196	== Changelog ==
197



198	= 6.2.0 - Liberty Update - 2015-06-24 - Medium Priority =
199	* Security enhancements (map editor, marker location, map settings)
200	* Weather has been removed (deprecated by Google Maps)


184
185	== Upgrade Notice ==
186
187	+ = 6.2.1 =
188	+ Please update your WP Google Maps version to 6.2.1 to ensure you are using the latest security enhancements.
189	+
190	= 6.1.10 =
191	Please update WP Google Maps to version 6.1.10 to enable our latest security enhancements.
192

198
199	== Changelog ==
200
201	+ = 6.2.1 - Security Update - 2015-07-13 - High Priority =
202	+ * Security enhancements to the map editor page, map javascript, marker categories and front end code
203	+
204	= 6.2.0 - Liberty Update - 2015-06-24 - Medium Priority =
205	* Security enhancements (map editor, marker location, map settings)
206	* Weather has been removed (deprecated by Google Maps)

wpGoogleMaps.php CHANGED Viewed

	@@ -3,12 +3,15 @@
3	Plugin Name: WP Google Maps
4	Plugin URI: http://www.wpgmaps.com
5	Description: The easiest to use Google Maps plugin! Create custom Google Maps with high quality markers containing locations, descriptions, images and links. Add your customized map to your WordPress posts and/or pages quickly and easily with the supplied shortcode. No fuss.
6	- Version: 6.2.0
7	Author: WP Google Maps
8	Author URI: http://www.wpgmaps.com
9	*/
10
11	- /* 6.2.0 - ~~Liberty~~ Update - 2015-06-24 - ~~Medium~~ Priority



12	* Security enhancements (map editor, marker location, map settings)
13	* Weather has been removed (deprecated by Google Maps)
14	* Major bug fix (Google Map places bug) - caused the map markers not to show if the map store locator was not enabled
	@@ -169,8 +172,8 @@ $wpgmza_tblname_poly = $wpdb->prefix . "wpgmza_polygon";
169	$wpgmza_tblname_polylines = $wpdb->prefix . "wpgmza_polylines";
170	$wpgmza_tblname_categories = $wpdb->prefix. "wpgmza_categories";
171	$wpgmza_tblname_category_maps = $wpdb->prefix. "wpgmza_category_maps";
172	- $wpgmza_version = "6.2.0";
173	- $wpgmza_p_version = "6.2.0";
174	$wpgmza_t = "basic";
175	define("WPGMAPS", $wpgmza_version);
176	define("WPGMAPS_DIR",plugin_dir_url(__FILE__));
	@@ -667,12 +670,12 @@ function wpgmaps_admin_javascript_basic() {
667	else if (is_admin() && isset( $_GET['page'] ) && $_GET['page'] == 'wp-google-maps-menu' && isset( $_GET['action'] ) && $_GET['action'] == "edit") {
668
669	if (!$_GET['map_id']) { return; }
670	- $wpgmza_check = wpgmaps_update_xml_file($_GET['map_id']);
671	if ( is_wp_error($wpgmza_check) ) wpgmza_return_error($wpgmza_check);
672
673
674
675	- $res = wpgmza_get_map_data($_GET['map_id']);
676	$wpgmza_settings = get_option("WPGMZA_OTHER_SETTINGS");
677
678	$map_other_settings = maybe_unserialize($res->other_settings);
	@@ -731,9 +734,9 @@ function wpgmaps_admin_javascript_basic() {
731	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
732	}
733	if (PHP_VERSION_ID < 50300) {
734	- $markers = json_encode(wpgmaps_return_markers($_GET['map_id']));
735	} else {
736	- $markers = json_encode(wpgmaps_return_markers($_GET['map_id']),JSON_HEX_APOS);
737	}
738	}
739
	@@ -805,7 +808,7 @@ function wpgmaps_admin_javascript_basic() {
805	var myLatLng = new google.maps.LatLng(<?php echo $wpgmza_lat; ?>,<?php echo $wpgmza_lng; ?>);
806	MYMAP.init('#wpgmza_map', myLatLng, <?php echo $start_zoom; ?>);
807	UniqueCode=Math.round(Math.random()*10000);
808	- MYMAP.placeMarkers('<?php echo wpgmaps_get_marker_url($_GET['map_id']); ?>?u='+UniqueCode,<?php echo sanitize_text_field($_GET['map_id']); ?>);
809	}
810
811	jQuery("#wpgmza_map").css({
	@@ -1173,7 +1176,7 @@ function wpgmaps_admin_javascript_basic() {
1173
1174
1175	<?php
1176	- $total_poly_array = wpgmza_b_return_polygon_id_array($_GET['map_id']);
1177	if ($total_poly_array > 0) {
1178	foreach ($total_poly_array as $poly_id) {
1179	$polyoptions = wpgmza_b_return_poly_options($poly_id);
	@@ -1238,7 +1241,7 @@ function wpgmaps_admin_javascript_basic() {
1238
1239	<?php
1240	/* polylines */
1241	- $total_polyline_array = wpgmza_b_return_polyline_id_array($_GET['map_id']);
1242	if ($total_polyline_array > 0) {
1243	foreach ($total_polyline_array as $poly_id) {
1244	$polyoptions = wpgmza_b_return_polyline_options($poly_id);
	@@ -2838,22 +2841,22 @@ function wpgmaps_head() {
2838
2839
2840
2841	- $map_id = ~~esc_attr~~($_POST['wpgmza_id']);
2842	- $map_title = esc_attr($_POST['wpgmza_title']);
2843	- $map_height = ~~esc_attr~~($_POST['wpgmza_height']);
2844	- $map_width = ~~esc_attr~~($_POST['wpgmza_width']);
2845	- $map_width_type = ~~esc_attr~~($_POST['wpgmza_map_width_type']);
2846	if ($map_width_type == "%") { $map_width_type = "\%"; }
2847	- $map_height_type = ~~esc_attr~~($_POST['wpgmza_map_height_type']);
2848	if ($map_height_type == "%") { $map_height_type = "\%"; }
2849	- $map_start_location = ~~esc_attr~~($_POST['wpgmza_start_location']);
2850	- $map_start_zoom = intval($_POST['wpgmza_start_zoom']);
2851	- $type = intval($_POST['wpgmza_map_type']);
2852	- $alignment = intval($_POST['wpgmza_map_align']);
2853	- $bicycle_enabled = intval($_POST['wpgmza_bicycle']);
2854	- $traffic_enabled = intval($_POST['wpgmza_traffic']);
2855	-
2856	- $map_max_zoom = intval($_POST['wpgmza_max_zoom']);
2857
2858
2859	$gps = explode(",",$map_start_location);
	@@ -2861,11 +2864,11 @@ function wpgmaps_head() {
2861	$map_start_lng = $gps[1];
2862
2863	$other_settings = array();
2864	- $other_settings['store_locator_enabled'] = intval($_POST['wpgmza_store_locator']);
2865	- $other_settings['store_locator_distance'] = intval($_POST['wpgmza_store_locator_distance']);
2866	- $other_settings['store_locator_bounce'] = intval($_POST['wpgmza_store_locator_bounce']);
2867	$other_settings['store_locator_query_string'] = sanitize_text_field($_POST['wpgmza_store_locator_query_string']);
2868	- if (isset($_POST['wpgmza_store_locator_restrict'])) { $other_settings['wpgmza_store_locator_restrict'] = ~~esc_attr~~($_POST['wpgmza_store_locator_restrict']); }
2869
2870
2871	$other_settings['map_max_zoom'] = sanitize_text_field($map_max_zoom);
	@@ -2875,7 +2878,7 @@ function wpgmaps_head() {
2875	$other_settings['weather_layer_temp_type'] = intval($_POST['wpgmza_weather_temp_type']);
2876	$other_settings['cloud_layer'] = intval($_POST['wpgmza_cloud']);
2877	*/
2878	- $other_settings['transport_layer'] = intval($_POST['wpgmza_transport']);
2879
2880	$other_settings_data = maybe_serialize($other_settings);
2881
	@@ -2935,9 +2938,9 @@ function wpgmaps_head() {
2935	else if (isset($_POST['wpgmza_save_maker_location'])){
2936	global $wpdb;
2937	global $wpgmza_tblname;
2938	- $mid = ~~esc_attr~~($_POST['wpgmaps_marker_id']);
2939	- $wpgmaps_marker_lat = ~~esc_attr~~($_POST['wpgmaps_marker_lat']);
2940	- $wpgmaps_marker_lng = ~~esc_attr~~($_POST['wpgmaps_marker_lng']);
2941
2942	$rows_affected = $wpdb->query( $wpdb->prepare(
2943	"UPDATE $wpgmza_tblname SET
	@@ -2959,23 +2962,23 @@ function wpgmaps_head() {
2959	else if (isset($_POST['wpgmza_save_poly'])){
2960	global $wpdb;
2961	global $wpgmza_tblname_poly;
2962	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
2963	if (!isset($_POST['wpgmza_polygon']) \|\| $_POST['wpgmza_polygon'] == "") {
2964	echo "<div class='error'>";
2965	_e("You cannot save a blank polygon","wp-google-maps");
2966	echo "</div>";
2967
2968	} else {
2969	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polygon']);
2970
2971	- if (isset($_POST['poly_name'])) { $polyname = ~~esc_attr~~($_POST['poly_name']); } else { $polyname = "Polyline"; }
2972	- if (isset($_POST['poly_line'])) { $linecolor = ~~esc_attr~~($_POST['poly_line']); } else { $linecolor = "000000"; }
2973	- if (isset($_POST['poly_fill'])) { $fillcolor = ~~esc_attr~~($_POST['poly_fill']); } else { $fillcolor = "66FF00"; }
2974	- if (isset($_POST['poly_opacity'])) { $opacity = ~~esc_attr~~($_POST['poly_opacity']); } else { $opacity = "0.5"; }
2975	- if (isset($_POST['poly_line_opacity'])) { $line_opacity = ~~esc_attr~~($_POST['poly_line_opacity']); } else { $line_opacity = "0.5"; }
2976	- if (isset($_POST['poly_line_hover_line_color'])) { $ohlinecolor = ~~esc_attr~~($_POST['poly_line_hover_line_color']); } else { $ohlinecolor = ""; }
2977	- if (isset($_POST['poly_hover_fill_color'])) { $ohfillcolor = ~~esc_attr~~($_POST['poly_hover_fill_color']); } else { $ohfillcolor = ""; }
2978	- if (isset($_POST['poly_hover_opacity'])) { $ohopacity = ~~esc_attr~~($_POST['poly_hover_opacity']); } else { $ohopacity = ""; }
2979
2980	$rows_affected = $wpdb->query( $wpdb->prepare(
2981	"INSERT INTO $wpgmza_tblname_poly SET
	@@ -3013,24 +3016,24 @@ function wpgmaps_head() {
3013	else if (isset($_POST['wpgmza_edit_poly'])){
3014	global $wpdb;
3015	global $wpgmza_tblname_poly;
3016	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3017	- $pid = ~~esc_attr~~($_POST['wpgmaps_poly_id']);
3018	if (!isset($_POST['wpgmza_polygon']) \|\| $_POST['wpgmza_polygon'] == "") {
3019	echo "<div class='error'>";
3020	_e("You cannot save a blank polygon","wp-google-maps");
3021	echo "</div>";
3022
3023	} else {
3024	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polygon']);
3025
3026	- if (isset($_POST['poly_name'])) { $polyname = ~~esc_attr~~($_POST['poly_name']); } else { $polyname = "Polyline"; }
3027	- if (isset($_POST['poly_line'])) { $linecolor = ~~esc_attr~~($_POST['poly_line']); } else { $linecolor = "000000"; }
3028	- if (isset($_POST['poly_fill'])) { $fillcolor = ~~esc_attr~~($_POST['poly_fill']); } else { $fillcolor = "66FF00"; }
3029	- if (isset($_POST['poly_opacity'])) { $opacity = ~~esc_attr~~($_POST['poly_opacity']); } else { $opacity = "0.5"; }
3030	- if (isset($_POST['poly_line_opacity'])) { $line_opacity = ~~esc_attr~~($_POST['poly_line_opacity']); } else { $line_opacity = "0.5"; }
3031	- if (isset($_POST['poly_line_hover_line_color'])) { $ohlinecolor = ~~esc_attr~~($_POST['poly_line_hover_line_color']); } else { $ohlinecolor = ""; }
3032	- if (isset($_POST['poly_hover_fill_color'])) { $ohfillcolor = ~~esc_attr~~($_POST['poly_hover_fill_color']); } else { $ohfillcolor = ""; }
3033	- if (isset($_POST['poly_hover_opacity'])) { $ohopacity = ~~esc_attr~~($_POST['poly_hover_opacity']); } else { $ohopacity = ""; }
3034
3035
3036	$rows_affected = $wpdb->query( $wpdb->prepare(
	@@ -3069,20 +3072,20 @@ function wpgmaps_head() {
3069	else if (isset($_POST['wpgmza_save_polyline'])){
3070	global $wpdb;
3071	global $wpgmza_tblname_polylines;
3072	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3073	if (!isset($_POST['wpgmza_polyline']) \|\| $_POST['wpgmza_polyline'] == "") {
3074	echo "<div class='error'>";
3075	_e("You cannot save a blank polyline","wp-google-maps");
3076	echo "</div>";
3077
3078	} else {
3079	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polyline']);
3080
3081
3082	- if (isset($_POST['poly_name'])) { $polyname = ~~esc_attr~~($_POST['poly_name']); } else { $polyname = ""; }
3083	- if (isset($_POST['poly_line'])) { $linecolor = ~~esc_attr~~($_POST['poly_line']); } else { $linecolor = "000000"; }
3084	- if (isset($_POST['poly_thickness'])) { $linethickness = ~~esc_attr~~($_POST['poly_thickness']); } else { $linethickness = "0"; }
3085	- if (isset($_POST['poly_opacity'])) { $opacity = ~~esc_attr~~($_POST['poly_opacity']); } else { $opacity = "1"; }
3086
3087	$rows_affected = $wpdb->query( $wpdb->prepare(
3088	"INSERT INTO $wpgmza_tblname_polylines SET
	@@ -3112,19 +3115,19 @@ function wpgmaps_head() {
3112	else if (isset($_POST['wpgmza_edit_polyline'])){
3113	global $wpdb;
3114	global $wpgmza_tblname_polylines;
3115	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3116	- $pid = ~~esc_attr~~($_POST['wpgmaps_poly_id']);
3117	if (!isset($_POST['wpgmza_polyline']) \|\| $_POST['wpgmza_polyline'] == "") {
3118	echo "<div class='error'>";
3119	_e("You cannot save a blank polyline","wp-google-maps");
3120	echo "</div>";
3121
3122	} else {
3123	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polyline']);
3124	- if (isset($_POST['poly_name'])) { $polyname = ~~esc_attr~~($_POST['poly_name']); } else { $polyname = ""; }
3125	- if (isset($_POST['poly_line'])) { $linecolor = ~~esc_attr~~($_POST['poly_line']); } else { $linecolor = "000000"; }
3126	- if (isset($_POST['poly_thickness'])) { $linethickness = ~~esc_attr~~($_POST['poly_thickness']); } else { $linethickness = "0"; }
3127	- if (isset($_POST['poly_opacity'])) { $opacity = ~~esc_attr~~($_POST['poly_opacity']); } else { $opacity = "1"; }
3128
3129	$rows_affected = $wpdb->query( $wpdb->prepare(
3130	"UPDATE $wpgmza_tblname_polylines SET
	@@ -3154,21 +3157,21 @@ function wpgmaps_head() {
3154	else if (isset($_POST['wpgmza_save_settings'])){
3155	global $wpdb;
3156	$wpgmza_data = array();
3157	- if (isset($_POST['wpgmza_settings_map_streetview'])) { $wpgmza_data['wpgmza_settings_map_streetview'] = ~~esc_attr~~($_POST['wpgmza_settings_map_streetview']); }
3158	- if (isset($_POST['wpgmza_settings_map_zoom'])) { $wpgmza_data['wpgmza_settings_map_zoom'] = ~~esc_attr~~($_POST['wpgmza_settings_map_zoom']); }
3159	- if (isset($_POST['wpgmza_settings_map_pan'])) { $wpgmza_data['wpgmza_settings_map_pan'] = ~~esc_attr~~($_POST['wpgmza_settings_map_pan']); }
3160	- if (isset($_POST['wpgmza_settings_map_type'])) { $wpgmza_data['wpgmza_settings_map_type'] = ~~esc_attr~~($_POST['wpgmza_settings_map_type']); }
3161	- if (isset($_POST['wpgmza_settings_force_jquery'])) { $wpgmza_data['wpgmza_settings_force_jquery'] = ~~esc_attr~~($_POST['wpgmza_settings_force_jquery']); }
3162	- if (isset($_POST['wpgmza_settings_map_scroll'])) { $wpgmza_data['wpgmza_settings_map_scroll'] = ~~esc_attr~~($_POST['wpgmza_settings_map_scroll']); }
3163	- if (isset($_POST['wpgmza_settings_map_draggable'])) { $wpgmza_data['wpgmza_settings_map_draggable'] = ~~esc_attr~~($_POST['wpgmza_settings_map_draggable']); }
3164	- if (isset($_POST['wpgmza_settings_map_clickzoom'])) { $wpgmza_data['wpgmza_settings_map_clickzoom'] = ~~esc_attr~~($_POST['wpgmza_settings_map_clickzoom']); }
3165	- if (isset($_POST['wpgmza_settings_map_open_marker_by'])) { $wpgmza_data['wpgmza_settings_map_open_marker_by'] = ~~esc_attr~~($_POST['wpgmza_settings_map_open_marker_by']); }
3166	- if (isset($_POST['wpgmza_api_version'])) { $wpgmza_data['wpgmza_api_version'] = ~~esc_attr~~($_POST['wpgmza_api_version']); }
3167	- if (isset($_POST['wpgmza_custom_css'])) { $wpgmza_data['wpgmza_custom_css'] = ~~esc_attr~~($_POST['wpgmza_custom_css']); }
3168	- if (isset($_POST['wpgmza_marker_xml_location'])) { update_option("wpgmza_xml_location",$_POST['wpgmza_marker_xml_location']); }
3169	- if (isset($_POST['wpgmza_marker_xml_url'])) { update_option("wpgmza_xml_url",$_POST['wpgmza_marker_xml_url']); }
3170	- if (isset($_POST['wpgmza_access_level'])) { $wpgmza_data['wpgmza_settings_access_level'] = ~~esc_attr~~($_POST['wpgmza_access_level']); }
3171	- if (isset($_POST['wpgmza_settings_marker_pull'])) { $wpgmza_data['wpgmza_settings_marker_pull'] = ~~esc_attr~~($_POST['wpgmza_settings_marker_pull']); }
3172
3173	update_option('WPGMZA_OTHER_SETTINGS', $wpgmza_data);
3174	echo "<div class='updated'>";
	@@ -3223,17 +3226,17 @@ function wpgmaps_head_old() {
3223	global $wpdb;
3224
3225
3226	- $map_id = ~~esc_attr~~($_POST['wpgmza_id']);
3227	- $map_title = ~~esc_attr~~($_POST['wpgmza_title']);
3228	- $map_height = ~~esc_attr~~($_POST['wpgmza_height']);
3229	- $map_width = ~~esc_attr~~($_POST['wpgmza_width']);
3230
3231
3232	- $map_width_type = ~~esc_attr~~($_POST['wpgmza_map_width_type']);
3233	if ($map_width_type == "%") { $map_width_type = "\%"; }
3234	- $map_height_type = ~~esc_attr~~($_POST['wpgmza_map_height_type']);
3235	if ($map_height_type == "%") { $map_height_type = "\%"; }
3236	- $map_start_location = ~~esc_attr~~($_POST['wpgmza_start_location']);
3237	$map_start_zoom = intval($_POST['wpgmza_start_zoom']);
3238	$type = intval($_POST['wpgmza_map_type']);
3239	$alignment = intval($_POST['wpgmza_map_align']);
	@@ -3244,8 +3247,8 @@ function wpgmaps_head_old() {
3244	$bicycle_enabled = intval($_POST['wpgmza_bicycle']);
3245	$traffic_enabled = intval($_POST['wpgmza_traffic']);
3246	$dbox = intval($_POST['wpgmza_dbox']);
3247	- $dbox_width = ~~esc_attr~~($_POST['wpgmza_dbox_width']);
3248	- $default_to = ~~esc_attr~~($_POST['wpgmza_default_to']);
3249	$listmarkers = intval($_POST['wpgmza_listmarkers']);
3250	$listmarkers_advanced = intval($_POST['wpgmza_listmarkers_advanced']);
3251	$filterbycat = intval($_POST['wpgmza_filterbycat']);
	@@ -3254,9 +3257,9 @@ function wpgmaps_head_old() {
3254	$gps = explode(",",$map_start_location);
3255	$map_start_lat = $gps[0];
3256	$map_start_lng = $gps[1];
3257	- $map_default_marker = $_POST['upload_default_marker'];
3258	- $kml = ~~esc_attr~~($_POST['wpgmza_kml']);
3259	- $fusion = ~~esc_attr~~($_POST['wpgmza_fusion']);
3260
3261	$data['map_default_starting_lat'] = $map_start_lat;
3262	$data['map_default_starting_lng'] = $map_start_lng;
	@@ -3358,9 +3361,9 @@ function wpgmaps_head_old() {
3358	else if (isset($_POST['wpgmza_save_maker_location'])){
3359	global $wpdb;
3360	global $wpgmza_tblname;
3361	- $mid = ~~esc_attr~~($_POST['wpgmaps_marker_id']);
3362	- $wpgmaps_marker_lat = ~~esc_attr~~($_POST['wpgmaps_marker_lat']);
3363	- $wpgmaps_marker_lng = ~~esc_attr~~($_POST['wpgmaps_marker_lng']);
3364
3365	$rows_affected = $wpdb->query( $wpdb->prepare(
3366	"UPDATE $wpgmza_tblname SET
	@@ -3386,11 +3389,11 @@ function wpgmaps_head_old() {
3386	else if (isset($_POST['wpgmza_save_poly'])){
3387	global $wpdb;
3388	global $wpgmza_tblname_poly;
3389	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3390	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polygon']);
3391	- $linecolor = ~~esc_attr~~($_POST['poly_line']);
3392	- $fillcolor = ~~esc_attr~~($_POST['poly_fill']);
3393	- $opacity = ~~esc_attr~~($_POST['poly_opacity']);
3394
3395	$rows_affected = $wpdb->query( $wpdb->prepare(
3396	"INSERT INTO $wpgmza_tblname_poly SET
	@@ -3417,12 +3420,12 @@ function wpgmaps_head_old() {
3417	else if (isset($_POST['wpgmza_edit_poly'])){
3418	global $wpdb;
3419	global $wpgmza_tblname_poly;
3420	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3421	- $pid = ~~esc_attr~~($_POST['wpgmaps_poly_id']);
3422	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polygon']);
3423	- $linecolor = ~~esc_attr~~($_POST['poly_line']);
3424	- $fillcolor = ~~esc_attr~~($_POST['poly_fill']);
3425	- $opacity = ~~esc_attr~~($_POST['poly_opacity']);
3426
3427	$rows_affected = $wpdb->query( $wpdb->prepare(
3428	"UPDATE $wpgmza_tblname_poly SET
	@@ -3449,11 +3452,11 @@ function wpgmaps_head_old() {
3449	else if (isset($_POST['wpgmza_save_polyline'])){
3450	global $wpdb;
3451	global $wpgmza_tblname_polylines;
3452	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3453	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polyline']);
3454	- $linecolor = ~~esc_attr~~($_POST['poly_line']);
3455	- $linethickness = ~~esc_attr~~($_POST['poly_thickness']);
3456	- $opacity = ~~esc_attr~~($_POST['poly_opacity']);
3457
3458	$rows_affected = $wpdb->query( $wpdb->prepare(
3459	"INSERT INTO $wpgmza_tblname_polylines SET
	@@ -3480,12 +3483,12 @@ function wpgmaps_head_old() {
3480	else if (isset($_POST['wpgmza_edit_polyline'])){
3481	global $wpdb;
3482	global $wpgmza_tblname_polylines;
3483	- $mid = ~~esc_attr~~($_POST['wpgmaps_map_id']);
3484	- $pid = ~~esc_attr~~($_POST['wpgmaps_poly_id']);
3485	- $wpgmaps_polydata = ~~esc_attr~~($_POST['wpgmza_polyline']);
3486	- $linecolor = ~~esc_attr~~($_POST['poly_line']);
3487	- $linethickness = ~~esc_attr~~($_POST['poly_thickness']);
3488	- $opacity = ~~esc_attr~~($_POST['poly_opacity']);
3489
3490	$rows_affected = $wpdb->query( $wpdb->prepare(
3491	"UPDATE $wpgmza_tblname_polylines SET
	@@ -3511,27 +3514,27 @@ function wpgmaps_head_old() {
3511	}
3512	else if (isset($_POST['wpgmza_save_settings'])){
3513	global $wpdb;
3514	- $wpgmza_data['wpgmza_settings_image_width'] = ~~esc_attr~~($_POST['wpgmza_settings_image_width']);
3515	- $wpgmza_data['wpgmza_settings_image_height'] = ~~esc_attr~~($_POST['wpgmza_settings_image_height']);
3516	- $wpgmza_data['wpgmza_settings_use_timthumb'] = ~~esc_attr~~($_POST['wpgmza_settings_use_timthumb']);
3517	- $wpgmza_data['wpgmza_settings_infowindow_width'] = ~~esc_attr~~($_POST['wpgmza_settings_infowindow_width']);
3518	- $wpgmza_data['wpgmza_settings_infowindow_links'] = ~~esc_attr~~($_POST['wpgmza_settings_infowindow_links']);
3519	- $wpgmza_data['wpgmza_settings_infowindow_address'] = ~~esc_attr~~($_POST['wpgmza_settings_infowindow_address']);
3520	- $wpgmza_data['wpgmza_settings_infowindow_link_text'] = ~~esc_attr~~($_POST['wpgmza_settings_infowindow_link_text']);
3521	- $wpgmza_data['wpgmza_settings_map_streetview'] = ~~esc_attr~~($_POST['wpgmza_settings_map_streetview']);
3522	- $wpgmza_data['wpgmza_settings_map_zoom'] = ~~esc_attr~~($_POST['wpgmza_settings_map_zoom']);
3523	- $wpgmza_data['wpgmza_settings_map_pan'] = ~~esc_attr~~($_POST['wpgmza_settings_map_pan']);
3524	- $wpgmza_data['wpgmza_settings_map_type'] = ~~esc_attr~~($_POST['wpgmza_settings_map_type']);
3525	- $wpgmza_data['wpgmza_settings_map_scroll'] = ~~esc_attr~~($_POST['wpgmza_settings_map_scroll']);
3526	- $wpgmza_data['wpgmza_settings_map_draggable'] = ~~esc_attr~~($_POST['wpgmza_settings_map_draggable']);
3527	- $wpgmza_data['wpgmza_settings_map_clickzoom'] = ~~esc_attr~~($_POST['wpgmza_settings_map_clickzoom']);
3528	- $wpgmza_data['wpgmza_settings_ugm_striptags'] = ~~esc_attr~~($_POST['wpgmza_settings_map_striptags']);
3529	- $wpgmza_data['wpgmza_settings_force_jquery'] = ~~esc_attr~~($_POST['wpgmza_settings_force_jquery']);
3530	- $wpgmza_data['wpgmza_settings_markerlist_category'] = ~~esc_attr~~($_POST['wpgmza_settings_markerlist_category']);
3531	- $wpgmza_data['wpgmza_settings_markerlist_icon'] = ~~esc_attr~~($_POST['wpgmza_settings_markerlist_icon']);
3532	- $wpgmza_data['wpgmza_settings_markerlist_title'] = ~~esc_attr~~($_POST['wpgmza_settings_markerlist_title']);
3533	- $wpgmza_data['wpgmza_settings_markerlist_address'] = ~~esc_attr~~($_POST['wpgmza_settings_markerlist_address']);
3534	- $wpgmza_data['wpgmza_settings_markerlist_description'] = ~~esc_attr~~($_POST['wpgmza_settings_markerlist_description']);
3535	update_option('WPGMZA_OTHER_SETTINGS', $wpgmza_data);
3536	echo "<div class='updated'>";
3537	_e("Your settings have been saved.","wp-google-maps");
	@@ -3588,7 +3591,7 @@ function wpgmaps_menu_layout() {
3588	}
3589	} else {
3590	$res = wpgmza_get_map_data(sanitize_text_field($_GET['map_id']));
3591	- echo "<h2>".__("Delete your map","wp-google-maps")."</h2><p>".__("Are you sure you want to delete the map","wp-google-maps")." <strong>\"".$res->map_title."?\"</strong> <br /><a href='?page=wp-google-maps-menu&action=trash&map_id=".$_GET['map_id']."&s=1'>".__("Yes","wp-google-maps")."</a> \| <a href='?page=wp-google-maps-menu'>".__("No","wp-google-maps")."</a></p>";
3592	}
3593	}
3594	if ($_GET['action'] == "duplicate" && isset($_GET['map_id'])) {
	@@ -4104,7 +4107,7 @@ function wpgmaps_list_maps() {
4104	}
4105	echo "<tr id=\"record_".$result->id."\">";
4106	echo "<td class='id column-id'>".$result->id."</td>";
4107	- echo "<td class='map_title column-map_title'><strong><big><a href=\"?page=wp-google-maps-menu&action=edit&map_id=".$result->id."\" title=\"".__("Edit","wp-google-maps")."\">".$result->map_title."</a></big></strong><br /><a href=\"?page=wp-google-maps-menu&action=edit&map_id=".$result->id."\" title=\"".__("Edit","wp-google-maps")."\">".__("Edit","wp-google-maps")."</a> $trashlink</td>";
4108	echo "<td class='map_width column-map_width'>".$result->map_width."".stripslashes($result->map_width_type)."</td>";
4109	echo "<td class='map_width column-map_height'>".$result->map_height."".stripslashes($result->map_height_type)."</td>";
4110	echo "<td class='type column-type'>".$map_type."</td>";
	@@ -4385,7 +4388,7 @@ function wpgmza_basic_menu() {
4385	</tr>
4386	<tr>
4387	<td>".__("Map Name","wp-google-maps").":</td>
4388	- <td><input id='wpgmza_title' name='wpgmza_title' type='text' size='20' maxlength='50' value='".$res->map_title."' /></td>
4389	</tr>
4390	<tr>
4391	<td>".__("Width","wp-google-maps").":</td>


3	Plugin Name: WP Google Maps
4	Plugin URI: http://www.wpgmaps.com
5	Description: The easiest to use Google Maps plugin! Create custom Google Maps with high quality markers containing locations, descriptions, images and links. Add your customized map to your WordPress posts and/or pages quickly and easily with the supplied shortcode. No fuss.
6	+ Version: 6.2.1
7	Author: WP Google Maps
8	Author URI: http://www.wpgmaps.com
9	*/
10
11	+ /* 6.2.1 - Security Update - 2015-07-13 - High Priority
12	+ * Security enhancements to the map editor page, map javascript, marker categories and front end code
13	+ *
14	+ * 6.2.0 - Liberty Update - 2015-06-24 - Medium Priority
15	* Security enhancements (map editor, marker location, map settings)
16	* Weather has been removed (deprecated by Google Maps)
17	* Major bug fix (Google Map places bug) - caused the map markers not to show if the map store locator was not enabled

172	$wpgmza_tblname_polylines = $wpdb->prefix . "wpgmza_polylines";
173	$wpgmza_tblname_categories = $wpdb->prefix. "wpgmza_categories";
174	$wpgmza_tblname_category_maps = $wpdb->prefix. "wpgmza_category_maps";
175	+ $wpgmza_version = "6.2.1";
176	+ $wpgmza_p_version = "6.2.1";
177	$wpgmza_t = "basic";
178	define("WPGMAPS", $wpgmza_version);
179	define("WPGMAPS_DIR",plugin_dir_url(__FILE__));

670	else if (is_admin() && isset( $_GET['page'] ) && $_GET['page'] == 'wp-google-maps-menu' && isset( $_GET['action'] ) && $_GET['action'] == "edit") {
671
672	if (!$_GET['map_id']) { return; }
673	+ $wpgmza_check = wpgmaps_update_xml_file(sanitize_text_field($_GET['map_id']));
674	if ( is_wp_error($wpgmza_check) ) wpgmza_return_error($wpgmza_check);
675
676
677
678	+ $res = wpgmza_get_map_data(sanitize_text_field($_GET['map_id']));
679	$wpgmza_settings = get_option("WPGMZA_OTHER_SETTINGS");
680
681	$map_other_settings = maybe_unserialize($res->other_settings);

734	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
735	}
736	if (PHP_VERSION_ID < 50300) {
737	+ $markers = json_encode(wpgmaps_return_markers(sanitize_text_field($_GET['map_id'])));
738	} else {
739	+ $markers = json_encode(wpgmaps_return_markers(sanitize_text_field($_GET['map_id'])),JSON_HEX_APOS);
740	}
741	}
742

808	var myLatLng = new google.maps.LatLng(<?php echo $wpgmza_lat; ?>,<?php echo $wpgmza_lng; ?>);
809	MYMAP.init('#wpgmza_map', myLatLng, <?php echo $start_zoom; ?>);
810	UniqueCode=Math.round(Math.random()*10000);
811	+ MYMAP.placeMarkers('<?php echo wpgmaps_get_marker_url(sanitize_text_field($_GET['map_id'])); ?>?u='+UniqueCode,<?php echo sanitize_text_field($_GET['map_id']); ?>);
812	}
813
814	jQuery("#wpgmza_map").css({

1176
1177
1178	<?php
1179	+ $total_poly_array = wpgmza_b_return_polygon_id_array(sanitize_text_field($_GET['map_id']));
1180	if ($total_poly_array > 0) {
1181	foreach ($total_poly_array as $poly_id) {
1182	$polyoptions = wpgmza_b_return_poly_options($poly_id);

1241
1242	<?php
1243	/* polylines */
1244	+ $total_polyline_array = wpgmza_b_return_polyline_id_array(sanitize_text_field($_GET['map_id']));
1245	if ($total_polyline_array > 0) {
1246	foreach ($total_polyline_array as $poly_id) {
1247	$polyoptions = wpgmza_b_return_polyline_options($poly_id);

2841
2842
2843
2844	+ $map_id = intval(sanitize_text_field($_POST['wpgmza_id']));
2845	+ $map_title = sanitize_text_field(esc_attr($_POST['wpgmza_title']));
2846	+ $map_height = sanitize_text_field($_POST['wpgmza_height']);
2847	+ $map_width = sanitize_text_field($_POST['wpgmza_width']);
2848	+ $map_width_type = sanitize_text_field($_POST['wpgmza_map_width_type']);
2849	if ($map_width_type == "%") { $map_width_type = "\%"; }
2850	+ $map_height_type = sanitize_text_field($_POST['wpgmza_map_height_type']);
2851	if ($map_height_type == "%") { $map_height_type = "\%"; }
2852	+ $map_start_location = sanitize_text_field($_POST['wpgmza_start_location']);
2853	+ $map_start_zoom = intval(sanitize_text_field($_POST['wpgmza_start_zoom']));
2854	+ $type = intval(sanitize_text_field($_POST['wpgmza_map_type']));
2855	+ $alignment = intval(sanitize_text_field($_POST['wpgmza_map_align']));
2856	+ $bicycle_enabled = intval(sanitize_text_field($_POST['wpgmza_bicycle']));
2857	+ $traffic_enabled = intval(sanitize_text_field($_POST['wpgmza_traffic']));
2858	+
2859	+ $map_max_zoom = intval(sanitize_text_field($_POST['wpgmza_max_zoom']));
2860
2861
2862	$gps = explode(",",$map_start_location);

2864	$map_start_lng = $gps[1];
2865
2866	$other_settings = array();
2867	+ $other_settings['store_locator_enabled'] = intval(sanitize_text_field($_POST['wpgmza_store_locator']));
2868	+ $other_settings['store_locator_distance'] = intval(sanitize_text_field($_POST['wpgmza_store_locator_distance']));
2869	+ $other_settings['store_locator_bounce'] = intval(sanitize_text_field($_POST['wpgmza_store_locator_bounce']));
2870	$other_settings['store_locator_query_string'] = sanitize_text_field($_POST['wpgmza_store_locator_query_string']);
2871	+ if (isset($_POST['wpgmza_store_locator_restrict'])) { $other_settings['wpgmza_store_locator_restrict'] = sanitize_text_field($_POST['wpgmza_store_locator_restrict']); }
2872
2873
2874	$other_settings['map_max_zoom'] = sanitize_text_field($map_max_zoom);

2878	$other_settings['weather_layer_temp_type'] = intval($_POST['wpgmza_weather_temp_type']);
2879	$other_settings['cloud_layer'] = intval($_POST['wpgmza_cloud']);
2880	*/
2881	+ $other_settings['transport_layer'] = intval(sanitize_text_field($_POST['wpgmza_transport']));
2882
2883	$other_settings_data = maybe_serialize($other_settings);
2884

2938	else if (isset($_POST['wpgmza_save_maker_location'])){
2939	global $wpdb;
2940	global $wpgmza_tblname;
2941	+ $mid = sanitize_text_field($_POST['wpgmaps_marker_id']);
2942	+ $wpgmaps_marker_lat = sanitize_text_field($_POST['wpgmaps_marker_lat']);
2943	+ $wpgmaps_marker_lng = sanitize_text_field($_POST['wpgmaps_marker_lng']);
2944
2945	$rows_affected = $wpdb->query( $wpdb->prepare(
2946	"UPDATE $wpgmza_tblname SET

2962	else if (isset($_POST['wpgmza_save_poly'])){
2963	global $wpdb;
2964	global $wpgmza_tblname_poly;
2965	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
2966	if (!isset($_POST['wpgmza_polygon']) \|\| $_POST['wpgmza_polygon'] == "") {
2967	echo "<div class='error'>";
2968	_e("You cannot save a blank polygon","wp-google-maps");
2969	echo "</div>";
2970
2971	} else {
2972	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polygon']);
2973
2974	+ if (isset($_POST['poly_name'])) { $polyname = sanitize_text_field($_POST['poly_name']); } else { $polyname = "Polyline"; }
2975	+ if (isset($_POST['poly_line'])) { $linecolor = sanitize_text_field($_POST['poly_line']); } else { $linecolor = "000000"; }
2976	+ if (isset($_POST['poly_fill'])) { $fillcolor = sanitize_text_field($_POST['poly_fill']); } else { $fillcolor = "66FF00"; }
2977	+ if (isset($_POST['poly_opacity'])) { $opacity = sanitize_text_field($_POST['poly_opacity']); } else { $opacity = "0.5"; }
2978	+ if (isset($_POST['poly_line_opacity'])) { $line_opacity = sanitize_text_field($_POST['poly_line_opacity']); } else { $line_opacity = "0.5"; }
2979	+ if (isset($_POST['poly_line_hover_line_color'])) { $ohlinecolor = sanitize_text_field($_POST['poly_line_hover_line_color']); } else { $ohlinecolor = ""; }
2980	+ if (isset($_POST['poly_hover_fill_color'])) { $ohfillcolor = sanitize_text_field($_POST['poly_hover_fill_color']); } else { $ohfillcolor = ""; }
2981	+ if (isset($_POST['poly_hover_opacity'])) { $ohopacity = sanitize_text_field($_POST['poly_hover_opacity']); } else { $ohopacity = ""; }
2982
2983	$rows_affected = $wpdb->query( $wpdb->prepare(
2984	"INSERT INTO $wpgmza_tblname_poly SET

3016	else if (isset($_POST['wpgmza_edit_poly'])){
3017	global $wpdb;
3018	global $wpgmza_tblname_poly;
3019	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3020	+ $pid = sanitize_text_field($_POST['wpgmaps_poly_id']);
3021	if (!isset($_POST['wpgmza_polygon']) \|\| $_POST['wpgmza_polygon'] == "") {
3022	echo "<div class='error'>";
3023	_e("You cannot save a blank polygon","wp-google-maps");
3024	echo "</div>";
3025
3026	} else {
3027	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polygon']);
3028
3029	+ if (isset($_POST['poly_name'])) { $polyname = sanitize_text_field($_POST['poly_name']); } else { $polyname = "Polyline"; }
3030	+ if (isset($_POST['poly_line'])) { $linecolor = sanitize_text_field($_POST['poly_line']); } else { $linecolor = "000000"; }
3031	+ if (isset($_POST['poly_fill'])) { $fillcolor = sanitize_text_field($_POST['poly_fill']); } else { $fillcolor = "66FF00"; }
3032	+ if (isset($_POST['poly_opacity'])) { $opacity = sanitize_text_field($_POST['poly_opacity']); } else { $opacity = "0.5"; }
3033	+ if (isset($_POST['poly_line_opacity'])) { $line_opacity = sanitize_text_field($_POST['poly_line_opacity']); } else { $line_opacity = "0.5"; }
3034	+ if (isset($_POST['poly_line_hover_line_color'])) { $ohlinecolor = sanitize_text_field($_POST['poly_line_hover_line_color']); } else { $ohlinecolor = ""; }
3035	+ if (isset($_POST['poly_hover_fill_color'])) { $ohfillcolor = sanitize_text_field($_POST['poly_hover_fill_color']); } else { $ohfillcolor = ""; }
3036	+ if (isset($_POST['poly_hover_opacity'])) { $ohopacity = sanitize_text_field($_POST['poly_hover_opacity']); } else { $ohopacity = ""; }
3037
3038
3039	$rows_affected = $wpdb->query( $wpdb->prepare(

3072	else if (isset($_POST['wpgmza_save_polyline'])){
3073	global $wpdb;
3074	global $wpgmza_tblname_polylines;
3075	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3076	if (!isset($_POST['wpgmza_polyline']) \|\| $_POST['wpgmza_polyline'] == "") {
3077	echo "<div class='error'>";
3078	_e("You cannot save a blank polyline","wp-google-maps");
3079	echo "</div>";
3080
3081	} else {
3082	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polyline']);
3083
3084
3085	+ if (isset($_POST['poly_name'])) { $polyname = sanitize_text_field($_POST['poly_name']); } else { $polyname = ""; }
3086	+ if (isset($_POST['poly_line'])) { $linecolor = sanitize_text_field($_POST['poly_line']); } else { $linecolor = "000000"; }
3087	+ if (isset($_POST['poly_thickness'])) { $linethickness = sanitize_text_field($_POST['poly_thickness']); } else { $linethickness = "0"; }
3088	+ if (isset($_POST['poly_opacity'])) { $opacity = sanitize_text_field($_POST['poly_opacity']); } else { $opacity = "1"; }
3089
3090	$rows_affected = $wpdb->query( $wpdb->prepare(
3091	"INSERT INTO $wpgmza_tblname_polylines SET

3115	else if (isset($_POST['wpgmza_edit_polyline'])){
3116	global $wpdb;
3117	global $wpgmza_tblname_polylines;
3118	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3119	+ $pid = sanitize_text_field($_POST['wpgmaps_poly_id']);
3120	if (!isset($_POST['wpgmza_polyline']) \|\| $_POST['wpgmza_polyline'] == "") {
3121	echo "<div class='error'>";
3122	_e("You cannot save a blank polyline","wp-google-maps");
3123	echo "</div>";
3124
3125	} else {
3126	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polyline']);
3127	+ if (isset($_POST['poly_name'])) { $polyname = sanitize_text_field($_POST['poly_name']); } else { $polyname = ""; }
3128	+ if (isset($_POST['poly_line'])) { $linecolor = sanitize_text_field($_POST['poly_line']); } else { $linecolor = "000000"; }
3129	+ if (isset($_POST['poly_thickness'])) { $linethickness = sanitize_text_field($_POST['poly_thickness']); } else { $linethickness = "0"; }
3130	+ if (isset($_POST['poly_opacity'])) { $opacity = sanitize_text_field($_POST['poly_opacity']); } else { $opacity = "1"; }
3131
3132	$rows_affected = $wpdb->query( $wpdb->prepare(
3133	"UPDATE $wpgmza_tblname_polylines SET

3157	else if (isset($_POST['wpgmza_save_settings'])){
3158	global $wpdb;
3159	$wpgmza_data = array();
3160	+ if (isset($_POST['wpgmza_settings_map_streetview'])) { $wpgmza_data['wpgmza_settings_map_streetview'] = sanitize_text_field($_POST['wpgmza_settings_map_streetview']); }
3161	+ if (isset($_POST['wpgmza_settings_map_zoom'])) { $wpgmza_data['wpgmza_settings_map_zoom'] = sanitize_text_field($_POST['wpgmza_settings_map_zoom']); }
3162	+ if (isset($_POST['wpgmza_settings_map_pan'])) { $wpgmza_data['wpgmza_settings_map_pan'] = sanitize_text_field($_POST['wpgmza_settings_map_pan']); }
3163	+ if (isset($_POST['wpgmza_settings_map_type'])) { $wpgmza_data['wpgmza_settings_map_type'] = sanitize_text_field($_POST['wpgmza_settings_map_type']); }
3164	+ if (isset($_POST['wpgmza_settings_force_jquery'])) { $wpgmza_data['wpgmza_settings_force_jquery'] = sanitize_text_field($_POST['wpgmza_settings_force_jquery']); }
3165	+ if (isset($_POST['wpgmza_settings_map_scroll'])) { $wpgmza_data['wpgmza_settings_map_scroll'] = sanitize_text_field($_POST['wpgmza_settings_map_scroll']); }
3166	+ if (isset($_POST['wpgmza_settings_map_draggable'])) { $wpgmza_data['wpgmza_settings_map_draggable'] = sanitize_text_field($_POST['wpgmza_settings_map_draggable']); }
3167	+ if (isset($_POST['wpgmza_settings_map_clickzoom'])) { $wpgmza_data['wpgmza_settings_map_clickzoom'] = sanitize_text_field($_POST['wpgmza_settings_map_clickzoom']); }
3168	+ if (isset($_POST['wpgmza_settings_map_open_marker_by'])) { $wpgmza_data['wpgmza_settings_map_open_marker_by'] = sanitize_text_field($_POST['wpgmza_settings_map_open_marker_by']); }
3169	+ if (isset($_POST['wpgmza_api_version'])) { $wpgmza_data['wpgmza_api_version'] = sanitize_text_field($_POST['wpgmza_api_version']); }
3170	+ if (isset($_POST['wpgmza_custom_css'])) { $wpgmza_data['wpgmza_custom_css'] = sanitize_text_field($_POST['wpgmza_custom_css']); }
3171	+ if (isset($_POST['wpgmza_marker_xml_location'])) { update_option("wpgmza_xml_location",sanitize_text_field($_POST['wpgmza_marker_xml_location'])); }
3172	+ if (isset($_POST['wpgmza_marker_xml_url'])) { update_option("wpgmza_xml_url",sanitize_text_field($_POST['wpgmza_marker_xml_url'])); }
3173	+ if (isset($_POST['wpgmza_access_level'])) { $wpgmza_data['wpgmza_settings_access_level'] = sanitize_text_field($_POST['wpgmza_access_level']); }
3174	+ if (isset($_POST['wpgmza_settings_marker_pull'])) { $wpgmza_data['wpgmza_settings_marker_pull'] = sanitize_text_field($_POST['wpgmza_settings_marker_pull']); }
3175
3176	update_option('WPGMZA_OTHER_SETTINGS', $wpgmza_data);
3177	echo "<div class='updated'>";

3226	global $wpdb;
3227
3228
3229	+ $map_id = sanitize_text_field($_POST['wpgmza_id']);
3230	+ $map_title = sanitize_text_field($_POST['wpgmza_title']);
3231	+ $map_height = sanitize_text_field($_POST['wpgmza_height']);
3232	+ $map_width = sanitize_text_field($_POST['wpgmza_width']);
3233
3234
3235	+ $map_width_type = sanitize_text_field($_POST['wpgmza_map_width_type']);
3236	if ($map_width_type == "%") { $map_width_type = "\%"; }
3237	+ $map_height_type = sanitize_text_field($_POST['wpgmza_map_height_type']);
3238	if ($map_height_type == "%") { $map_height_type = "\%"; }
3239	+ $map_start_location = sanitize_text_field($_POST['wpgmza_start_location']);
3240	$map_start_zoom = intval($_POST['wpgmza_start_zoom']);
3241	$type = intval($_POST['wpgmza_map_type']);
3242	$alignment = intval($_POST['wpgmza_map_align']);

3247	$bicycle_enabled = intval($_POST['wpgmza_bicycle']);
3248	$traffic_enabled = intval($_POST['wpgmza_traffic']);
3249	$dbox = intval($_POST['wpgmza_dbox']);
3250	+ $dbox_width = sanitize_text_field($_POST['wpgmza_dbox_width']);
3251	+ $default_to = sanitize_text_field($_POST['wpgmza_default_to']);
3252	$listmarkers = intval($_POST['wpgmza_listmarkers']);
3253	$listmarkers_advanced = intval($_POST['wpgmza_listmarkers_advanced']);
3254	$filterbycat = intval($_POST['wpgmza_filterbycat']);

3257	$gps = explode(",",$map_start_location);
3258	$map_start_lat = $gps[0];
3259	$map_start_lng = $gps[1];
3260	+ $map_default_marker = sanitize_text_field($_POST['upload_default_marker']);
3261	+ $kml = sanitize_text_field($_POST['wpgmza_kml']);
3262	+ $fusion = sanitize_text_field($_POST['wpgmza_fusion']);
3263
3264	$data['map_default_starting_lat'] = $map_start_lat;
3265	$data['map_default_starting_lng'] = $map_start_lng;

3361	else if (isset($_POST['wpgmza_save_maker_location'])){
3362	global $wpdb;
3363	global $wpgmza_tblname;
3364	+ $mid = sanitize_text_field($_POST['wpgmaps_marker_id']);
3365	+ $wpgmaps_marker_lat = sanitize_text_field($_POST['wpgmaps_marker_lat']);
3366	+ $wpgmaps_marker_lng = sanitize_text_field($_POST['wpgmaps_marker_lng']);
3367
3368	$rows_affected = $wpdb->query( $wpdb->prepare(
3369	"UPDATE $wpgmza_tblname SET

3389	else if (isset($_POST['wpgmza_save_poly'])){
3390	global $wpdb;
3391	global $wpgmza_tblname_poly;
3392	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3393	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polygon']);
3394	+ $linecolor = sanitize_text_field($_POST['poly_line']);
3395	+ $fillcolor = sanitize_text_field($_POST['poly_fill']);
3396	+ $opacity = sanitize_text_field($_POST['poly_opacity']);
3397
3398	$rows_affected = $wpdb->query( $wpdb->prepare(
3399	"INSERT INTO $wpgmza_tblname_poly SET

3420	else if (isset($_POST['wpgmza_edit_poly'])){
3421	global $wpdb;
3422	global $wpgmza_tblname_poly;
3423	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3424	+ $pid = sanitize_text_field($_POST['wpgmaps_poly_id']);
3425	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polygon']);
3426	+ $linecolor = sanitize_text_field($_POST['poly_line']);
3427	+ $fillcolor = sanitize_text_field($_POST['poly_fill']);
3428	+ $opacity = sanitize_text_field($_POST['poly_opacity']);
3429
3430	$rows_affected = $wpdb->query( $wpdb->prepare(
3431	"UPDATE $wpgmza_tblname_poly SET

3452	else if (isset($_POST['wpgmza_save_polyline'])){
3453	global $wpdb;
3454	global $wpgmza_tblname_polylines;
3455	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3456	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polyline']);
3457	+ $linecolor = sanitize_text_field($_POST['poly_line']);
3458	+ $linethickness = sanitize_text_field($_POST['poly_thickness']);
3459	+ $opacity = sanitize_text_field($_POST['poly_opacity']);
3460
3461	$rows_affected = $wpdb->query( $wpdb->prepare(
3462	"INSERT INTO $wpgmza_tblname_polylines SET

3483	else if (isset($_POST['wpgmza_edit_polyline'])){
3484	global $wpdb;
3485	global $wpgmza_tblname_polylines;
3486	+ $mid = sanitize_text_field($_POST['wpgmaps_map_id']);
3487	+ $pid = sanitize_text_field($_POST['wpgmaps_poly_id']);
3488	+ $wpgmaps_polydata = sanitize_text_field($_POST['wpgmza_polyline']);
3489	+ $linecolor = sanitize_text_field($_POST['poly_line']);
3490	+ $linethickness = sanitize_text_field($_POST['poly_thickness']);
3491	+ $opacity = sanitize_text_field($_POST['poly_opacity']);
3492
3493	$rows_affected = $wpdb->query( $wpdb->prepare(
3494	"UPDATE $wpgmza_tblname_polylines SET

3514	}
3515	else if (isset($_POST['wpgmza_save_settings'])){
3516	global $wpdb;
3517	+ $wpgmza_data['wpgmza_settings_image_width'] = sanitize_text_field($_POST['wpgmza_settings_image_width']);
3518	+ $wpgmza_data['wpgmza_settings_image_height'] = sanitize_text_field($_POST['wpgmza_settings_image_height']);
3519	+ $wpgmza_data['wpgmza_settings_use_timthumb'] = sanitize_text_field($_POST['wpgmza_settings_use_timthumb']);
3520	+ $wpgmza_data['wpgmza_settings_infowindow_width'] = sanitize_text_field($_POST['wpgmza_settings_infowindow_width']);
3521	+ $wpgmza_data['wpgmza_settings_infowindow_links'] = sanitize_text_field($_POST['wpgmza_settings_infowindow_links']);
3522	+ $wpgmza_data['wpgmza_settings_infowindow_address'] = sanitize_text_field($_POST['wpgmza_settings_infowindow_address']);
3523	+ $wpgmza_data['wpgmza_settings_infowindow_link_text'] = sanitize_text_field($_POST['wpgmza_settings_infowindow_link_text']);
3524	+ $wpgmza_data['wpgmza_settings_map_streetview'] = sanitize_text_field($_POST['wpgmza_settings_map_streetview']);
3525	+ $wpgmza_data['wpgmza_settings_map_zoom'] = sanitize_text_field($_POST['wpgmza_settings_map_zoom']);
3526	+ $wpgmza_data['wpgmza_settings_map_pan'] = sanitize_text_field($_POST['wpgmza_settings_map_pan']);
3527	+ $wpgmza_data['wpgmza_settings_map_type'] = sanitize_text_field($_POST['wpgmza_settings_map_type']);
3528	+ $wpgmza_data['wpgmza_settings_map_scroll'] = sanitize_text_field($_POST['wpgmza_settings_map_scroll']);
3529	+ $wpgmza_data['wpgmza_settings_map_draggable'] = sanitize_text_field($_POST['wpgmza_settings_map_draggable']);
3530	+ $wpgmza_data['wpgmza_settings_map_clickzoom'] = sanitize_text_field($_POST['wpgmza_settings_map_clickzoom']);
3531	+ $wpgmza_data['wpgmza_settings_ugm_striptags'] = sanitize_text_field($_POST['wpgmza_settings_map_striptags']);
3532	+ $wpgmza_data['wpgmza_settings_force_jquery'] = sanitize_text_field($_POST['wpgmza_settings_force_jquery']);
3533	+ $wpgmza_data['wpgmza_settings_markerlist_category'] = sanitize_text_field($_POST['wpgmza_settings_markerlist_category']);
3534	+ $wpgmza_data['wpgmza_settings_markerlist_icon'] = sanitize_text_field($_POST['wpgmza_settings_markerlist_icon']);
3535	+ $wpgmza_data['wpgmza_settings_markerlist_title'] = sanitize_text_field($_POST['wpgmza_settings_markerlist_title']);
3536	+ $wpgmza_data['wpgmza_settings_markerlist_address'] = sanitize_text_field($_POST['wpgmza_settings_markerlist_address']);
3537	+ $wpgmza_data['wpgmza_settings_markerlist_description'] = sanitize_text_field($_POST['wpgmza_settings_markerlist_description']);
3538	update_option('WPGMZA_OTHER_SETTINGS', $wpgmza_data);
3539	echo "<div class='updated'>";
3540	_e("Your settings have been saved.","wp-google-maps");

3591	}
3592	} else {
3593	$res = wpgmza_get_map_data(sanitize_text_field($_GET['map_id']));
3594	+ echo "<h2>".__("Delete your map","wp-google-maps")."</h2><p>".__("Are you sure you want to delete the map","wp-google-maps")." <strong>\"".$res->map_title."?\"</strong> <br /><a href='?page=wp-google-maps-menu&action=trash&map_id=".sanitize_text_field($_GET['map_id'])."&s=1'>".__("Yes","wp-google-maps")."</a> \| <a href='?page=wp-google-maps-menu'>".__("No","wp-google-maps")."</a></p>";
3595	}
3596	}
3597	if ($_GET['action'] == "duplicate" && isset($_GET['map_id'])) {

4107	}
4108	echo "<tr id=\"record_".$result->id."\">";
4109	echo "<td class='id column-id'>".$result->id."</td>";
4110	+ echo "<td class='map_title column-map_title'><strong><big><a href=\"?page=wp-google-maps-menu&action=edit&map_id=".$result->id."\" title=\"".__("Edit","wp-google-maps")."\">".stripslashes($result->map_title)."</a></big></strong><br /><a href=\"?page=wp-google-maps-menu&action=edit&map_id=".$result->id."\" title=\"".__("Edit","wp-google-maps")."\">".__("Edit","wp-google-maps")."</a> $trashlink</td>";
4111	echo "<td class='map_width column-map_width'>".$result->map_width."".stripslashes($result->map_width_type)."</td>";
4112	echo "<td class='map_width column-map_height'>".$result->map_height."".stripslashes($result->map_height_type)."</td>";
4113	echo "<td class='type column-type'>".$map_type."</td>";

4388	</tr>
4389	<tr>
4390	<td>".__("Map Name","wp-google-maps").":</td>
4391	+ <td><input id='wpgmza_title' name='wpgmza_title' type='text' size='20' maxlength='50' value='".stripslashes($res->map_title)."' /></td>
4392	</tr>
4393	<tr>
4394	<td>".__("Width","wp-google-maps").":</td>