WP Notification Bars - Version 1.0.9

Version Description

  • Security improvements
Download this release

Release Info

Developer MyThemeShop
Plugin Icon 128x128 WP Notification Bars
Version 1.0.9
Comparing to
See all releases

Code changes from version 1.0.8 to 1.0.9

Files changed (5) hide show
  1. admin/class-wp-notification-bars-admin.php +16 -12
  2. includes/class-wp-notification-bars-shared.php +1 -1
  3. includes/class-wp-notification-bars.php +1 -1
  4. readme.txt +5 -2
  5. wp-notification-bars.php +1 -1
admin/class-wp-notification-bars-admin.php CHANGED
@@ -636,20 +636,20 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
636
  $opt_val = isset( $value[ $name ] ) ? $value[ $name ] : $default;
637
 
638
  ?>
639
- <div id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>_row" class="form-row">
640
- <label class="form-label" for="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>"><?php echo esc_html( $label ); ?></label>
641
  <div class="form-option <?php echo esc_attr( $class ); ?>">
642
  <?php
643
  switch ( $type ) {
644
 
645
  case 'text':
646
  ?>
647
- <input type="text" name="mtsnb_fields[<?php echo sanitize_html_class( $name ); ?>]" id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>" value="<?php echo esc_attr( $opt_val ); ?>" />
648
  <?php
649
  break;
650
  case 'select':
651
  ?>
652
- <select name="mtsnb_fields[<?php echo sanitize_html_class( $name ); ?>]" id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>">
653
  <?php foreach ( $options as $val => $label ) { ?>
654
  <option value="<?php echo esc_attr( $val ); ?>" <?php selected( $opt_val, $val, true ); ?>><?php echo esc_html( $label ); ?></option>
655
  <?php } ?>
@@ -658,22 +658,22 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
658
  break;
659
  case 'number':
660
  ?>
661
- <input type="number" step="1" min="<?php echo (int) $min; ?>" name="mtsnb_fields[<?php echo sanitize_html_class( $name ); ?>]" id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>" value="<?php echo esc_attr( $opt_val ); ?>" class="small-text"/>
662
  <?php
663
  break;
664
  case 'color':
665
  ?>
666
- <input type="text" name="mtsnb_fields[<?php echo sanitize_html_class( $name ); ?>]" id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>" value="<?php echo esc_attr( $opt_val ); ?>" class="mtsnb-color-picker" />
667
  <?php
668
  break;
669
  case 'textarea':
670
  ?>
671
- <textarea name="mtsnb_fields[<?php echo sanitize_html_class( $name ); ?>]" id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>" class="mtsnb-textarea"><?php echo esc_textarea( $opt_val ); ?></textarea>
672
  <?php
673
  break;
674
  case 'checkbox':
675
  ?>
676
- <input type="checkbox" name="mtsnb_fields[<?php echo sanitize_html_class( $name ); ?>]" id="mtsnb_fields_<?php echo sanitize_html_class( $name ); ?>" value="1" <?php checked( $opt_val, '1', true ); ?> />
677
  <?php
678
  break;
679
  case 'info':
@@ -1017,7 +1017,7 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
1017
  return;
1018
  }
1019
 
1020
- $val = $_POST['mtsnb_override_bar_field'];
1021
 
1022
  if ( strpos( $val, ',' ) === false ) {
1023
  // No comma, must be single value - still needs to be in an array for now
@@ -1027,6 +1027,8 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
1027
  $post_ids = explode( ',', $val );
1028
  }
1029
 
 
 
1030
  // Update the meta field in the database.
1031
  update_post_meta( $post_id, '_mtsnb_override_bar', $post_ids );
1032
  }
@@ -1040,7 +1042,7 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
1040
 
1041
  $result = array();
1042
 
1043
- $search = $_REQUEST['q']; // phpcs:ignore WordPress.Security.NonceVerification
1044
 
1045
  $ads_query = array(
1046
  'posts_per_page' => -1,
@@ -1081,8 +1083,8 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
1081
 
1082
  $result = array();
1083
 
1084
- if ( isset( $_REQUEST['post_ids'] ) ) {
1085
- $post_ids = $_REQUEST['post_ids'];
1086
  if ( strpos( $post_ids, ',' ) === false ) {
1087
  // There is no comma, so we can't explode, but we still want an array
1088
  $post_ids = array( $post_ids );
@@ -1094,6 +1096,8 @@ if ( ! class_exists( 'MTSNBF_Admin' ) ) {
1094
  $post_ids = array();
1095
  }
1096
 
 
 
1097
  if ( is_array( $post_ids ) && ! empty( $post_ids ) ) {
1098
 
1099
  $posts = get_posts(
636
  $opt_val = isset( $value[ $name ] ) ? $value[ $name ] : $default;
637
 
638
  ?>
639
+ <div id="mtsnb_fields_<?php echo esc_attr( $name ); ?>_row" class="form-row">
640
+ <label class="form-label" for="mtsnb_fields_<?php echo esc_attr( $name ); ?>"><?php echo esc_html( $label ); ?></label>
641
  <div class="form-option <?php echo esc_attr( $class ); ?>">
642
  <?php
643
  switch ( $type ) {
644
 
645
  case 'text':
646
  ?>
647
+ <input type="text" name="mtsnb_fields[<?php echo esc_attr( $name ); ?>]" id="mtsnb_fields_<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $opt_val ); ?>" />
648
  <?php
649
  break;
650
  case 'select':
651
  ?>
652
+ <select name="mtsnb_fields[<?php echo esc_attr( $name ); ?>]" id="mtsnb_fields_<?php echo esc_attr( $name ); ?>">
653
  <?php foreach ( $options as $val => $label ) { ?>
654
  <option value="<?php echo esc_attr( $val ); ?>" <?php selected( $opt_val, $val, true ); ?>><?php echo esc_html( $label ); ?></option>
655
  <?php } ?>
658
  break;
659
  case 'number':
660
  ?>
661
+ <input type="number" step="1" min="<?php echo (int) $min; ?>" name="mtsnb_fields[<?php echo esc_attr( $name ); ?>]" id="mtsnb_fields_<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $opt_val ); ?>" class="small-text"/>
662
  <?php
663
  break;
664
  case 'color':
665
  ?>
666
+ <input type="text" name="mtsnb_fields[<?php echo esc_attr( $name ); ?>]" id="mtsnb_fields_<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $opt_val ); ?>" class="mtsnb-color-picker" />
667
  <?php
668
  break;
669
  case 'textarea':
670
  ?>
671
+ <textarea name="mtsnb_fields[<?php echo esc_attr( $name ); ?>]" id="mtsnb_fields_<?php echo esc_attr( $name ); ?>" class="mtsnb-textarea"><?php echo esc_textarea( $opt_val ); ?></textarea>
672
  <?php
673
  break;
674
  case 'checkbox':
675
  ?>
676
+ <input type="checkbox" name="mtsnb_fields[<?php echo esc_attr( $name ); ?>]" id="mtsnb_fields_<?php echo esc_attr( $name ); ?>" value="1" <?php checked( $opt_val, '1', true ); ?> />
677
  <?php
678
  break;
679
  case 'info':
1017
  return;
1018
  }
1019
 
1020
+ $val = sanitize_text_field( $_POST['mtsnb_override_bar_field'] );
1021
 
1022
  if ( strpos( $val, ',' ) === false ) {
1023
  // No comma, must be single value - still needs to be in an array for now
1027
  $post_ids = explode( ',', $val );
1028
  }
1029
 
1030
+ $post_ids = array_map( 'absint', $post_ids );
1031
+
1032
  // Update the meta field in the database.
1033
  update_post_meta( $post_id, '_mtsnb_override_bar', $post_ids );
1034
  }
1042
 
1043
  $result = array();
1044
 
1045
+ $search = sanitize_text_field( $_REQUEST['q'] ); // phpcs:ignore WordPress.Security.NonceVerification
1046
 
1047
  $ads_query = array(
1048
  'posts_per_page' => -1,
1083
 
1084
  $result = array();
1085
 
1086
+ if ( isset( $_REQUEST['post_ids'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification
1087
+ $post_ids = sanitize_text_field( $_REQUEST['post_ids'] ); // phpcs:ignore WordPress.Security.NonceVerification
1088
  if ( strpos( $post_ids, ',' ) === false ) {
1089
  // There is no comma, so we can't explode, but we still want an array
1090
  $post_ids = array( $post_ids );
1096
  $post_ids = array();
1097
  }
1098
 
1099
+ $post_ids = array_map( 'absint', $post_ids );
1100
+
1101
  if ( is_array( $post_ids ) && ! empty( $post_ids ) ) {
1102
 
1103
  $posts = get_posts(
includes/class-wp-notification-bars-shared.php CHANGED
@@ -529,7 +529,7 @@ if ( ! class_exists( 'MTSNBF_Shared' ) ) {
529
  if ( isset( $_COOKIE['mtsnb_referrer'] ) ) {
530
 
531
  // Stored referrer url
532
- $referer = $_COOKIE['mtsnb_referrer'];
533
  }
534
  }
535
 
529
  if ( isset( $_COOKIE['mtsnb_referrer'] ) ) {
530
 
531
  // Stored referrer url
532
+ $referer = esc_url( $_COOKIE['mtsnb_referrer'] );
533
  }
534
  }
535
 
includes/class-wp-notification-bars.php CHANGED
@@ -69,7 +69,7 @@ class MTSNBF {
69
  public function __construct() {
70
 
71
  $this->plugin_name = 'wp-notification-bars';
72
- $this->version = '1.0.8';
73
 
74
  $this->load_dependencies();
75
  $this->set_locale();
69
  public function __construct() {
70
 
71
  $this->plugin_name = 'wp-notification-bars';
72
+ $this->version = '1.0.9';
73
 
74
  $this->load_dependencies();
75
  $this->set_locale();
readme.txt CHANGED
@@ -4,7 +4,7 @@ Creator's website link: http://mythemeshop.com/plugins/wp-notification-bars/
4
  Tags: notification, alert, notification bar, welcome google visitor, welcome facebook visitor, attention bar, floating bar, message, notice, sticky header, offer bar, hello bar
5
  Requires at least: 3.0.1
6
  Tested up to: 5.8.2
7
- Stable tag: 1.0.8
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -41,7 +41,7 @@ If after checking our Free WordPress video tutorials here:<br>
41
  &<br>
42
  <a href=“https://community.mythemeshop.com/tutorials/category/2-free-video-tutorials/“>https://community.mythemeshop.com/tutorials/category/2-free-video-tutorials/</a><br>
43
  <br>
44
- you are still stuck, please feel free to open a new thread, and a member of our support team will be happy to help.<br>
45
 
46
  Support link:<br>
47
  <a href=“https://community.mythemeshop.com/forum/11-free-plugin-support/”>https://community.mythemeshop.com/forum/11-free-plugin-support/</a><br>
@@ -74,6 +74,9 @@ Please disable all plugins and check if backup is working properly. Then you can
74
 
75
  == Changelog ==
76
 
 
 
 
77
  = 1.0.8 =
78
  * More security improvements
79
 
4
  Tags: notification, alert, notification bar, welcome google visitor, welcome facebook visitor, attention bar, floating bar, message, notice, sticky header, offer bar, hello bar
5
  Requires at least: 3.0.1
6
  Tested up to: 5.8.2
7
+ Stable tag: 1.0.9
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
41
  &<br>
42
  <a href=“https://community.mythemeshop.com/tutorials/category/2-free-video-tutorials/“>https://community.mythemeshop.com/tutorials/category/2-free-video-tutorials/</a><br>
43
  <br>
44
+ If you are still stuck, please feel free to open a new thread, and a member of our support team will be happy to help.<br>
45
 
46
  Support link:<br>
47
  <a href=“https://community.mythemeshop.com/forum/11-free-plugin-support/”>https://community.mythemeshop.com/forum/11-free-plugin-support/</a><br>
74
 
75
  == Changelog ==
76
 
77
+ = 1.0.9 =
78
+ * Security improvements
79
+
80
  = 1.0.8 =
81
  * More security improvements
82
 
wp-notification-bars.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: WP Notification Bars
5
  * Plugin URI: https://mythemeshop.com/plugins/wp-notification-bars/
6
  * Description: WP Notification Bars is a custom notification and alert bar plugin for WordPress which is perfect for marketing promotions, alerts, increasing click throughs to other pages and so much more.
7
- * Version: 1.0.8
8
  * Author: MyThemeShop
9
  * Author URI: https://mythemeshop.com/
10
  * Text Domain: wp-notification-bars
4
  * Plugin Name: WP Notification Bars
5
  * Plugin URI: https://mythemeshop.com/plugins/wp-notification-bars/
6
  * Description: WP Notification Bars is a custom notification and alert bar plugin for WordPress which is perfect for marketing promotions, alerts, increasing click throughs to other pages and so much more.
7
+ * Version: 1.0.9
8
  * Author: MyThemeShop
9
  * Author URI: https://mythemeshop.com/
10
  * Text Domain: wp-notification-bars