diff --git a/core/class-helper.php b/core/class-helper.php index 939470c..7639a36 100644 --- a/core/class-helper.php +++ b/core/class-helper.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core - * @version 4.4.53 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core; @@ -44,7 +44,7 @@ public static function get_plugin_data() /** * Set custom timezone if set in the options. * - * @version 4.4.58 + * @version 4.4.59 * * @return void */ @@ -52,7 +52,7 @@ public static function set_timezone() { $options = new Services\Options(); - $timezone = $options->get_option('helpful_timezone'); + $timezone = $options->get_option('helpful_timezone', date_default_timezone_get(), 'esc_attr'); if (isset($timezone) && '' !== trim($timezone) && false === self::is_timezone($timezone)) { $options->update_option('helpful_timezone', ''); @@ -358,6 +358,8 @@ public static function datatables_language_string() /** * Returns non-permitted characters and words from the WordPress blacklist. * + * @version 4.4.59 + * * @return string */ public static function get_disallowed_keys() @@ -365,10 +367,10 @@ public static function get_disallowed_keys() $options = new Services\Options(); if (version_compare(get_bloginfo('version'), '5.5.0') >= 0) { - return trim($options->get_option('disallowed_keys')); + return trim($options->get_option('disallowed_keys', '', 'esc_attr')); } - return trim($options->get_option('blacklist_keys')); + return trim($options->get_option('blacklist_keys', '', 'esc_attr')); } /** @@ -458,7 +460,7 @@ public static function set_capability($option, $value) /** * Checks if the feedback was deactivated by option. * - * @version 4.4.53 + * @version 4.4.59 * * @return bool */ @@ -466,7 +468,7 @@ public static function is_feedback_disabled() { $options = new Services\Options(); - if ('on' === $options->get_option('helpful_feedback_disabled')) { + if ('on' === $options->get_option('helpful_feedback_disabled', 'off', 'esc_attr')) { return true; } diff --git a/core/helpers/class-database.php b/core/helpers/class-database.php index ef438c2..8f52e45 100644 --- a/core/helpers/class-database.php +++ b/core/helpers/class-database.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Helpers - * @version 4.4.51 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Helpers; @@ -179,6 +179,7 @@ public static function handle_table_instances() * Updates database tables. * * @global $wpdb + * @version 4.4.59 * * @return void */ @@ -186,7 +187,7 @@ public static function update_tables() { $options = new Services\Options(); - if ($options->get_option('helpful_update_table_integer')) { + if ($options->get_option('helpful_update_table_integer', false, 'intval')) { return; } diff --git a/core/helpers/class-feedback.php b/core/helpers/class-feedback.php index b4589cf..71703f2 100644 --- a/core/helpers/class-feedback.php +++ b/core/helpers/class-feedback.php @@ -70,8 +70,9 @@ public static function get_feedback($entry) * Get feedback items. * * @global $wpdb + * @version 4.4.59 * - * @param integer $limit posts per page. + * @param int $limit posts per page. * * @return object */ @@ -80,7 +81,7 @@ public static function get_feedback_items($limit = null) $options = new Services\Options(); if (is_null($limit)) { - $limit = absint($options->get_option('helpful_widget_amount')); + $limit = intval($options->get_option('helpful_widget_amount', 3, 'intval')); } global $wpdb; @@ -214,6 +215,8 @@ public static function insert_feedback() /** * Send feedback email. * + * @version 4.4.59 + * * @param array $feedback feedback data. * * @return void @@ -227,7 +230,7 @@ public static function send_email($feedback) */ self::send_email_voter($feedback); - if ('on' !== $options->get_option('helpful_feedback_send_email')) { + if ('on' !== $options->get_option('helpful_feedback_send_email', 'off', 'esc_attr')) { return; } @@ -262,7 +265,7 @@ public static function send_email($feedback) $tags = apply_filters('helpful_feedback_email_tags', $tags); /* email subject */ - $subject = $options->get_option('helpful_feedback_subject'); + $subject = $options->get_option('helpful_feedback_subject', '', 'kses_wot'); $subject = str_replace(array_keys($tags), array_values($tags), $subject); /* unserialize feedback fields */ @@ -274,7 +277,7 @@ public static function send_email($feedback) } /* body */ - $body = $options->get_option('helpful_feedback_email_content'); + $body = $options->get_option('helpful_feedback_email_content', '', 'kses'); $body = str_replace(array_keys($tags), array_values($tags), $body); /* receivers by post meta */ @@ -290,7 +293,7 @@ public static function send_email($feedback) $helpful_receivers = []; if ($options->get_option('helpful_feedback_receivers')) { - $helpful_receivers = $options->get_option('helpful_feedback_receivers'); + $helpful_receivers = $options->get_option('helpful_feedback_receivers', '', 'esc_attr'); $helpful_receivers = helpful_trim_all($helpful_receivers); $helpful_receivers = explode(',', $helpful_receivers); } @@ -328,6 +331,8 @@ public static function send_email($feedback) /** * Send feedback email to voter. * + * @version 4.4.59 + * * @param array $feedback feedback data. * * @return void @@ -336,7 +341,7 @@ public static function send_email_voter($feedback) { $options = new Services\Options(); - if ('on' !== $options->get_option('helpful_feedback_send_email_voter')) { + if ('on' !== $options->get_option('helpful_feedback_send_email_voter', 'off', 'esc_attr')) { return; } @@ -365,7 +370,7 @@ public static function send_email_voter($feedback) $tags = apply_filters('helpful_feedback_email_tags', $tags); /* subject */ - $subject = $options->get_option('helpful_feedback_subject_voter'); + $subject = $options->get_option('helpful_feedback_subject_voter', '', 'kses_wot'); $subject = str_replace(array_keys($tags), array_values($tags), $subject); /* unserialize feedback fields */ @@ -377,7 +382,7 @@ public static function send_email_voter($feedback) } /* Body */ - $body = $options->get_option('helpful_feedback_email_content_voter'); + $body = $options->get_option('helpful_feedback_email_content_voter', '', 'kses'); $body = str_replace(array_keys($tags), array_values($tags), $body); /* Receivers */ @@ -442,7 +447,7 @@ public static function get_feedback_count($post_id = null) * Render after messages or feedback form, after vote. * Checks if custom template exists. * - * @version 4.4.51 + * @version 4.4.59 * @since 4.4.0 * * @param integer $post_id post id. @@ -476,16 +481,16 @@ public static function after_vote($post_id, $show_feedback = false) if (true === $show_feedback) { $type = 'none'; - $feedback_text = $options->get_option('helpful_feedback_message_voted'); + $feedback_text = $options->get_option('helpful_feedback_message_voted', '', 'kses'); $feedback_text = apply_filters('helpful_pre_feedback_message_voted', $feedback_text, $post_id); } if ('pro' === $type) { - $feedback_text = $options->get_option('helpful_feedback_message_pro'); + $feedback_text = $options->get_option('helpful_feedback_message_pro', '', 'kses'); if (false === $show_feedback) { if (!$options->get_option('helpful_feedback_after_pro') || true === $hide_feedback) { - $content = do_shortcode($options->get_option('helpful_after_pro')); + $content = do_shortcode($options->get_option('helpful_after_pro', '', 'kses')); if (get_post_meta($post_id, 'helpful_after_pro', true)) { $content = do_shortcode(get_post_meta($post_id, 'helpful_after_pro', true)); @@ -497,11 +502,11 @@ public static function after_vote($post_id, $show_feedback = false) } if ('contra' === $type) { - $feedback_text = $options->get_option('helpful_feedback_message_contra'); + $feedback_text = $options->get_option('helpful_feedback_message_contra', '', 'kses'); if (false === $show_feedback) { if (!$options->get_option('helpful_feedback_after_contra') || true === $hide_feedback) { - $content = do_shortcode($options->get_option('helpful_after_contra')); + $content = do_shortcode($options->get_option('helpful_after_contra', '', 'kses')); if (get_post_meta($post_id, 'helpful_after_contra', true)) { $content = do_shortcode(get_post_meta($post_id, 'helpful_after_contra', true)); @@ -514,7 +519,7 @@ public static function after_vote($post_id, $show_feedback = false) if ('none' === $type) { if (!$options->get_option('helpful_feedback_after_pro') && !$options->get_option('helpful_feedback_after_contra') && false === $show_feedback) { - $content = do_shortcode($options->get_option('helpful_after_fallback')); + $content = do_shortcode($options->get_option('helpful_after_fallback', '', 'kses')); if (get_post_meta($post_id, 'helpful_after_fallback', true)) { $content = do_shortcode(get_post_meta($post_id, 'helpful_after_fallback', true)); diff --git a/core/helpers/class-optimize.php b/core/helpers/class-optimize.php index afcbfc0..561f978 100644 --- a/core/helpers/class-optimize.php +++ b/core/helpers/class-optimize.php @@ -267,6 +267,8 @@ public static function clear_cache() /** * Update meta fields * + * @version 4.4.59 + * * @return array */ public static function update_metas() @@ -274,7 +276,7 @@ public static function update_metas() $options = new Services\Options(); $response = []; - $post_types = $options->get_option('helpful_post_types'); + $post_types = $options->get_option('helpful_post_types', [], 'esc_attr'); $args = [ 'post_type' => $post_types, @@ -289,7 +291,7 @@ public static function update_metas() $percentages = false; - if ($options->get_option('helpful_percentages')) { + if ('on' === $options->get_option('helpful_percentages', 'off', 'esc_attr')) { $percentages = true; } diff --git a/core/helpers/class-stats.php b/core/helpers/class-stats.php index cedf13e..05528ee 100644 --- a/core/helpers/class-stats.php +++ b/core/helpers/class-stats.php @@ -57,6 +57,7 @@ private static function helpful_date($format, $timestamp_with_offset = false, $g * Get amount of pro by post id. * * @global $wpdb, $post + * @version 4.4.59 * * @param int $post_id if null current post id. * @param bool $percentages return percentage values on true. @@ -84,10 +85,10 @@ public static function get_pro($post_id = null, $percentages = false) $sql = $wpdb->prepare("SELECT COUNT(*) FROM $helpful WHERE pro = 1 AND post_id = %d", intval($post_id)); $cache_name = 'helpful_pro_' . $post_id; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $var = get_transient($cache_name); if ('on' !== $cache_active) { @@ -122,6 +123,7 @@ public static function get_pro($post_id = null, $percentages = false) * Get contra count by post id. * * @global $wpdb, $post + * @version 4.4.59 * * @param int $post_id if null current post id. * @param bool $percentages return percentage values on true. @@ -149,10 +151,10 @@ public static function get_contra($post_id = null, $percentages = false) $sql = $wpdb->prepare("SELECT COUNT(*) FROM $helpful WHERE contra = 1 AND post_id = %d", intval($post_id)); $cache_name = 'helpful_contra_' . $post_id; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $var = get_transient($cache_name); if ('on' !== $cache_active) { @@ -187,6 +189,7 @@ public static function get_contra($post_id = null, $percentages = false) * Get pro count of all posts. * * @global $wpdb + * @version 4.4.59 * * @param bool $percentages return percentage values on true. * @@ -202,10 +205,10 @@ public static function get_pro_all($percentages = false) $sql = "SELECT COUNT(*) FROM $helpful WHERE pro = 1"; $cache_name = 'helpful_pro_all'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $var = get_transient($cache_name); if ('on' !== $cache_active) { @@ -238,6 +241,7 @@ public static function get_pro_all($percentages = false) * Get contra count of all posts. * * @global $wpdb + * @version 4.4.59 * * @param bool $percentages return percentage values on true. * @@ -253,10 +257,10 @@ public static function get_contra_all($percentages = false) $sql = "SELECT COUNT(*) FROM $helpful WHERE contra = 1"; $cache_name = 'helpful_contra_all'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $var = get_transient($cache_name); if ('on' !== $cache_active) { @@ -288,6 +292,7 @@ public static function get_contra_all($percentages = false) * Get years * * @global $wpdb + * @version 4.4.59 * * @return array */ @@ -301,10 +306,10 @@ public static function get_years() $sql = "SELECT time FROM $helpful ORDER BY time DESC"; $cache_name = 'helpful/stats/years'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -335,6 +340,7 @@ public static function get_years() * Stats for today. * * @global $wpdb + * @version 4.4.59 * * @param int $year response year. * @@ -357,10 +363,10 @@ public static function get_stats_today($year) $sql = $wpdb->prepare($query, intval($year)); $cache_name = 'helpful/stats/today/' . $year; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -419,6 +425,7 @@ public static function get_stats_today($year) * Stats for yesterday. * * @global $wpdb + * @version 4.4.59 * * @param int $year response year. * @@ -441,10 +448,10 @@ public static function get_stats_yesterday($year) $sql = $wpdb->prepare($query, intval($year)); $cache_name = 'helpful/stats/yesterday/' . $year; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -503,6 +510,7 @@ public static function get_stats_yesterday($year) * Stats for week * * @global $wpdb + * @version 4.4.59 * * @param int $year response year. * @@ -525,10 +533,10 @@ public static function get_stats_week($year) $sql = $wpdb->prepare($query, intval($year)); $cache_name = 'helpful/stats/week/' . $year; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -613,6 +621,7 @@ public static function get_stats_week($year) * Stats for month * * @global $wpdb + * @version 4.4.59 * * @param int $year response year. * @param int $month response month. @@ -643,10 +652,10 @@ public static function get_stats_month($year, $month = null) $sql = $wpdb->prepare($query, intval($month), intval($year)); $cache_name = 'helpful/stats/month/' . $month . '/' . $year; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -731,6 +740,7 @@ public static function get_stats_month($year, $month = null) * Stats for year * * @global $wpdb + * @version 4.4.59 * * @param int $year response year. * @@ -752,10 +762,10 @@ public static function get_stats_year($year) $sql = $wpdb->prepare($query, intval($year)); $cache_name = 'helpful/stats/year/' . $year; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -839,6 +849,7 @@ public static function get_stats_year($year) * Stats by range * * @global $wpdb + * @version 4.4.59 * * @param string $from time string. * @param string $to time string. @@ -862,10 +873,10 @@ public static function get_stats_range($from, $to) $sql = $wpdb->prepare($query, $from, $to); $cache_name = 'helpful/stats/range/' . $from . '/' . $to; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -939,6 +950,7 @@ public static function get_stats_range($from, $to) * Stats for total * * @global $wpdb + * @version 4.4.59 * * @return array */ @@ -952,10 +964,10 @@ public static function get_stats_total() $sql = "SELECT pro, contra, time FROM $helpful"; $cache_name = 'helpful/stats/total'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -1013,6 +1025,8 @@ public static function get_stats_total() /** * Get most helpful posts. + * + * @version 4.4.59 * * @param int $limit posts per page. * @param string|array $post_type @@ -1024,13 +1038,13 @@ public static function get_most_helpful($limit = null, $post_type = null) $options = new Services\Options(); if (is_null($limit)) { - $limit = intval($options->get_option('helpful_widget_amount')); + $limit = intval($options->get_option('helpful_widget_amount', 3, 'intval')); } else { $limit = intval($limit); } if (is_null($post_type)) { - $post_type = $options->get_option('helpful_post_types'); + $post_type = $options->get_option('helpful_post_types', [], 'esc_attr'); } $args = [ @@ -1041,10 +1055,10 @@ public static function get_most_helpful($limit = null, $post_type = null) ]; $cache_name = 'helpful_most_helpful'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $query = get_transient($cache_name); if ('on' !== $cache_active) { @@ -1108,6 +1122,8 @@ public static function get_most_helpful($limit = null, $post_type = null) /** * Get least helpful posts. * + * @version 4.4.59 + * * @param int $limit posts per page. * @param string|array $post_type * @@ -1118,11 +1134,11 @@ public static function get_least_helpful($limit = null, $post_type = null) $options = new Services\Options(); if (is_null($limit)) { - $limit = absint($options->get_option('helpful_widget_amount')); + $limit = intval($options->get_option('helpful_widget_amount', 3, 'intval')); } if (is_null($post_type)) { - $post_type = $options->get_option('helpful_post_types'); + $post_type = $options->get_option('helpful_post_types', [], 'esc_attr'); } $args = [ @@ -1133,10 +1149,10 @@ public static function get_least_helpful($limit = null, $post_type = null) ]; $cache_name = 'helpful_least_helpful'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $query = get_transient($cache_name); if ('on' !== $cache_active) { @@ -1201,6 +1217,7 @@ public static function get_least_helpful($limit = null, $post_type = null) * Get recently helpful pro posts * * @global $wpdb + * @version 4.4.59 * * @param int $limit posts per page. * @@ -1211,7 +1228,7 @@ public static function get_recently_pro($limit = null) $options = new Services\Options(); if (is_null($limit)) { - $limit = absint($options->get_option('helpful_widget_amount')); + $limit = absint($options->get_option('helpful_widget_amount', 3, 'intval')); } global $wpdb; @@ -1229,10 +1246,10 @@ public static function get_recently_pro($limit = null) $sql = $wpdb->prepare($sql, 1, intval($limit)); $cache_name = 'helpful_recently_pro'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -1269,6 +1286,7 @@ public static function get_recently_pro($limit = null) * Get recently unhelpful pro posts. * * @global $wpdb + * @version 4.4.59 * * @param int $limit posts per page. * @@ -1279,7 +1297,7 @@ public static function get_recently_contra($limit = null) $options = new Services\Options(); if (is_null($limit)) { - $limit = absint($options->get_option('helpful_widget_amount')); + $limit = absint($options->get_option('helpful_widget_amount', 3, 'intval')); } global $wpdb; @@ -1297,10 +1315,10 @@ public static function get_recently_contra($limit = null) $sql = $wpdb->prepare($sql, 1, intval($limit)); $cache_name = 'helpful_recently_contra'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { @@ -1395,6 +1413,8 @@ public static function get_single_post_stats($post_id) /** * Returns everything at once and saves the result in a transient to reduce the number of queries for the widget. * + * @version 4.4.59 + * * @return array */ public static function get_widget_stats() @@ -1402,19 +1422,19 @@ public static function get_widget_stats() $options = new Services\Options(); $cache_name = 'helpful_widget_stats'; - $cache_time = $options->get_option('helpful_cache_time', 'minute'); - $cache_active = $options->get_option('helpful_caching', 'off'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); + $cache_active = $options->get_option('helpful_caching', 'off', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; $results = get_transient($cache_name); if ('on' !== $cache_active) { $results = [ - 'most_helpful' => $options->get_option('helpful_widget_pro') ? self::get_most_helpful() : null, - 'least_helpful' => $options->get_option('helpful_widget_contra') ? self::get_least_helpful() : null, - 'recently_pro' => $options->get_option('helpful_widget_pro_recent') ? self::get_recently_pro() : null, - 'recently_contra' => $options->get_option('helpful_widget_contra_recent') ? self::get_recently_contra() : null, - 'feedback_items' => $options->get_option('helpful_feedback_widget') ? Feedback::get_feedback_items() : null, + 'most_helpful' => $options->get_option('helpful_widget_pro', false, 'bool') ? self::get_most_helpful() : null, + 'least_helpful' => $options->get_option('helpful_widget_contra', false, 'bool') ? self::get_least_helpful() : null, + 'recently_pro' => $options->get_option('helpful_widget_pro_recent', false, 'bool') ? self::get_recently_pro() : null, + 'recently_contra' => $options->get_option('helpful_widget_contra_recent', false, 'bool') ? self::get_recently_contra() : null, + 'feedback_items' => $options->get_option('helpful_feedback_widget', false, 'bool') ? Feedback::get_feedback_items() : null, 'pro_total' => intval(self::get_pro_all()), 'contra_total' => intval(self::get_contra_all()), ]; @@ -1424,11 +1444,11 @@ public static function get_widget_stats() if (false === $results) { $results = [ - 'most_helpful' => $options->get_option('helpful_widget_pro') ? self::get_most_helpful() : null, - 'least_helpful' => $options->get_option('helpful_widget_contra') ? self::get_least_helpful() : null, - 'recently_pro' => $options->get_option('helpful_widget_pro_recent') ? self::get_recently_pro() : null, - 'recently_contra' => $options->get_option('helpful_widget_contra_recent') ? self::get_recently_contra() : null, - 'feedback_items' => $options->get_option('helpful_feedback_widget') ? Feedback::get_feedback_items() : null, + 'most_helpful' => $options->get_option('helpful_widget_pro', false, 'bool') ? self::get_most_helpful() : null, + 'least_helpful' => $options->get_option('helpful_widget_contra', false, 'bool') ? self::get_least_helpful() : null, + 'recently_pro' => $options->get_option('helpful_widget_pro_recent', false, 'bool') ? self::get_recently_pro() : null, + 'recently_contra' => $options->get_option('helpful_widget_contra_recent', false, 'bool') ? self::get_recently_contra() : null, + 'feedback_items' => $options->get_option('helpful_feedback_widget', false, 'bool') ? Feedback::get_feedback_items() : null, 'pro_total' => intval(self::get_pro_all()), 'contra_total' => intval(self::get_contra_all()), ]; diff --git a/core/helpers/class-user.php b/core/helpers/class-user.php index 969d327..d42c6ca 100644 --- a/core/helpers/class-user.php +++ b/core/helpers/class-user.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Helpers - * @version 4.4.55 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Helpers; @@ -20,6 +20,8 @@ class User /** * Get user string * + * @version 4.4.59 + * * @return string|null */ public static function get_user() @@ -28,17 +30,17 @@ public static function get_user() $user = self::get_user_string(); - if ('on' === $options->get_option('helpful_user_random')) { + if ('on' === $options->get_option('helpful_user_random', 'off', 'esc_attr')) { return self::get_user_string(); } - if ('on' === $options->get_option('helpful_wordpress_user')) { + if ('on' === $options->get_option('helpful_wordpress_user', 'off', 'esc_attr')) { if (is_user_logged_in()) { return get_current_user_id(); } } - if ('on' === $options->get_option('helpful_ip_user')) { + if ('on' === $options->get_option('helpful_ip_user', 'off', 'esc_attr')) { if (isset($_SERVER['REMOTE_ADDR'])) { return sanitize_text_field($_SERVER['REMOTE_ADDR']); } @@ -78,7 +80,7 @@ public static function get_user_string() /** * Set user string * - * @version 4.4.55 + * @version 4.4.59 * @since 4.4.0 * * @return void @@ -91,7 +93,7 @@ public static function set_user() /** * No more user is set using sessions or cookies. */ - if ('on' === $options->get_option('helpful_user_random')) { + if ('on' === $options->get_option('helpful_user_random', 'off', 'esc_attr')) { return; } @@ -106,7 +108,7 @@ public static function set_user() } $session_start = apply_filters('helpful_session_start', true); - $sessions_disabled = $options->get_option('helpful_sessions_false'); + $sessions_disabled = $options->get_option('helpful_sessions_false', 'off', 'esc_attr'); if (!is_bool($session_start)) { $session_start = true; @@ -123,7 +125,7 @@ public static function set_user() * * @global $wpdb * - * @version 4.4.51 + * @version 4.4.59 * @since 4.4.0 * * @param string $user_id user id. @@ -136,11 +138,11 @@ public static function check_user($user_id, $post_id, $instance = null) { $options = new Services\Options(); - if ($options->get_option('helpful_multiple')) { + if ('on' === $options->get_option('helpful_multiple', 'off', 'esc_attr')) { return false; } - if ('on' === $options->get_option('helpful_user_random')) { + if ('on' === $options->get_option('helpful_user_random', 'off', 'esc_attr')) { return false; } @@ -241,6 +243,8 @@ public static function get_user_vote_status($user_id, $post_id) /** * Get avatar or default helpful avatar by email. * + * @version 4.4.59 + * * @param string $email user email. * @param integer $size image size. * @@ -252,7 +256,7 @@ public static function get_avatar($email = null, $size = 55) $default = plugins_url('core/assets/images/avatar.jpg', HELPFUL_FILE); - if ($options->get_option('helpful_feedback_gravatar')) { + if ('on' === $options->get_option('helpful_feedback_gravatar', 'off', 'esc_attr')) { if (!is_null($email)) { return get_avatar($email, $size, $default); } diff --git a/core/helpers/class-values.php b/core/helpers/class-values.php index c214cb8..75a9f25 100644 --- a/core/helpers/class-values.php +++ b/core/helpers/class-values.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Helpers - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Helpers; @@ -35,6 +35,7 @@ class Values * Defaults values for shortcodes. * * @global $helpful, $post + * @version 4.4.59 * * @return array */ @@ -59,22 +60,22 @@ public static function get_defaults() $values = [ 'heading_tag' => 'h3', - 'heading' => self::convert_tags($options->get_option('helpful_heading'), $post_id), - 'content' => self::convert_tags($options->get_option('helpful_content'), $post_id), - 'button_pro' => $options->get_option('helpful_pro'), - 'button_contra' => $options->get_option('helpful_contra'), - 'button_pro_disabled' => ('on' === $options->get_option('helpful_pro_disabled')) ? 1 : 0, - 'button_contra_disabled' => ('on' === $options->get_option('helpful_contra_disabled')) ? 1 : 0, - 'counter' => (!$options->get_option('helpful_count_hide')), + 'heading' => self::convert_tags($options->get_option('helpful_heading', '', 'kses'), $post_id), + 'content' => self::convert_tags($options->get_option('helpful_content', '', 'kses'), $post_id), + 'button_pro' => $options->get_option('helpful_pro', '', 'kses'), + 'button_contra' => $options->get_option('helpful_contra', '', 'kses'), + 'button_pro_disabled' => ('on' === $options->get_option('helpful_pro_disabled', 'off', 'esc_attr')) ? 1 : 0, + 'button_contra_disabled' => ('on' === $options->get_option('helpful_contra_disabled', 'off', 'esc_attr')) ? 1 : 0, + 'counter' => ('off' === $options->get_option('helpful_count_hide', 'off', 'esc_attr')), 'count_pro' => Stats::get_pro($post_id), 'count_pro_percent' => Stats::get_pro($post_id, true), 'count_contra' => Stats::get_contra($post_id), 'count_contra_percent' => Stats::get_contra($post_id, true), - 'credits' => $options->get_option('helpful_credits'), + 'credits' => ('on' === $options->get_option('helpful_credits', 'on', 'esc_attr')), 'credits_html' => $credits['html'], 'exists' => User::check_user($user_id, $post_id) ? 1 : 0, - 'exists_text' => self::convert_tags($options->get_option('helpful_exists'), $post_id), - 'exists_hide' => ('on' === $options->get_option('helpful_exists_hide')) ? 1 : 0, + 'exists_text' => self::convert_tags($options->get_option('helpful_exists', '', 'kses'), $post_id), + 'exists_hide' => ('on' === $options->get_option('helpful_exists_hide', 'off', 'esc_attr')) ? 1 : 0, 'post_id' => $post_id, 'user_id' => User::get_user(), ]; @@ -373,6 +374,8 @@ public static function get_data() /** * Sync post meta + * + * @version 4.4.59 * * @return void */ @@ -384,7 +387,7 @@ public static function sync_post_meta() if (false === ($query = get_transient($transient))) { - $post_types = $options->get_option('helpful_post_types'); + $post_types = $options->get_option('helpful_post_types', [], 'esc_attr'); $args = [ 'post_type' => $post_types, @@ -394,9 +397,9 @@ public static function sync_post_meta() ]; $query = new \WP_Query($args); - $cache_time = $options->get_option('helpful_cache_time', 'minute'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); $cache_times = Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; set_transient($transient, $query, $cache_time); diff --git a/core/modules/class-admin.php b/core/modules/class-admin.php index 01726ce..a7468bb 100644 --- a/core/modules/class-admin.php +++ b/core/modules/class-admin.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -54,6 +54,8 @@ public function __construct() /** * Register admin menu. * + * @version 4.4.59 + * * @return void */ public function register_admin_menu() @@ -63,7 +65,7 @@ public function register_admin_menu() add_menu_page( __('Helpful', 'helpful'), __('Helpful', 'helpful'), - $options->get_option('helpful_capability', 'manage_options'), + $options->get_option('helpful_capability', 'manage_options', 'blank'), 'helpful', [ & $this, 'callback_admin_page'], 'dashicons-thumbs-up', @@ -74,7 +76,7 @@ public function register_admin_menu() 'helpful', __('Settings', 'helpful'), __('Settings', 'helpful'), - $options->get_option('helpful_settings_capability', 'manage_options'), + $options->get_option('helpful_settings_capability', 'manage_options', 'blank'), 'helpful', [ & $this, 'callback_admin_page'] ); @@ -109,6 +111,8 @@ public function callback_admin_page() /** * Enqueue backend scripts and styles, if current screen is helpful * + * @version 4.4.59 + * * @param string $hook_suffix * * @return void @@ -118,7 +122,7 @@ public function enqueue_scripts($hook_suffix) $options = new Services\Options(); /* shrink admin columns */ - if ('on' === $options->get_option('helpful_shrink_admin_columns')) { + if ('on' === $options->get_option('helpful_shrink_admin_columns', 'off', 'esc_attr')) { $file = plugins_url('core/assets/css/admin-columns.css', HELPFUL_FILE); wp_enqueue_style('helpful-admin-columns', $file); } @@ -181,6 +185,7 @@ public function enqueue_scripts($hook_suffix) * Register columns on admin pages * * @global $pagenow + * @version 4.4.59 * * @return void */ @@ -190,8 +195,8 @@ public function init_columns() $options = new Services\Options(); - $post_types = $options->get_option('helpful_post_types'); - $hide_cols = $options->get_option('helpful_hide_admin_columns'); + $post_types = $options->get_option('helpful_post_types', [], 'esc_attr'); + $hide_cols = $options->get_option('helpful_hide_admin_columns', 'off', 'esc_attr'); if (isset($hide_cols) && 'on' === $hide_cols) { return; @@ -222,6 +227,8 @@ public function init_columns() /** * Set column titles + * + * @version 4.4.59 * * @param array $defaults defatul columns. * @@ -236,9 +243,9 @@ public function register_columns($defaults) $columns[$key] = $value; if ('title' === $key) { - $columns['helpful-pro'] = $options->get_option('helpful_column_pro') ? $options->get_option('helpful_column_pro') : _x('Pro', 'column name', 'helpful'); - $columns['helpful-contra'] = $options->get_option('helpful_column_contra') ? $options->get_option('helpful_column_contra') : _x('Contra', 'column name', 'helpful'); - $columns['helpful-feedback'] = $options->get_option('helpful_column_feedback') ? $options->get_option('helpful_column_feedback') : _x('Feedback', 'column name', 'helpful'); + $columns['helpful-pro'] = $options->get_option('helpful_column_pro', '', 'esc_attr') ? $options->get_option('helpful_column_pro', '', 'esc_attr') : _x('Pro', 'column name', 'helpful'); + $columns['helpful-contra'] = $options->get_option('helpful_column_contra', '', 'esc_attr') ? $options->get_option('helpful_column_contra', '', 'esc_attr') : _x('Contra', 'column name', 'helpful'); + $columns['helpful-feedback'] = $options->get_option('helpful_column_feedback', '', 'esc_attr') ? $options->get_option('helpful_column_feedback', '', 'esc_attr') : _x('Feedback', 'column name', 'helpful'); } endforeach; @@ -248,6 +255,8 @@ public function register_columns($defaults) /** * Columns callback * + * @version 4.4.59 + * * @param string $column_name column name. * @param integer $post_id post id. * @@ -258,7 +267,7 @@ public function populate_columns($column_name, $post_id) $options = new Services\Options(); if ('helpful-pro' === $column_name) { - if ($options->get_option('helpful_percentages')) { + if ('on' === $options->get_option('helpful_percentages', 'off', 'esc_attr')) { $percent = Helpers\Stats::get_pro($post_id, true); $pro = Helpers\Stats::get_pro($post_id); update_post_meta($post_id, 'helpful-pro', $pro); @@ -272,7 +281,7 @@ public function populate_columns($column_name, $post_id) } if ('helpful-contra' === $column_name) { - if ($options->get_option('helpful_percentages')) { + if ('on' === $options->get_option('helpful_percentages', 'off', 'esc_attr')) { $percent = Helpers\Stats::get_contra($post_id, true); $contra = Helpers\Stats::get_contra($post_id); update_post_meta($post_id, 'helpful-contra', $contra); diff --git a/core/modules/class-core.php b/core/modules/class-core.php index bcfb04f..41edcf7 100644 --- a/core/modules/class-core.php +++ b/core/modules/class-core.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.55 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -99,13 +99,15 @@ public function set_user_cookie() /** * Set default options. * + * @version 4.4.59 + * * @return void */ public function setup_defaults() { $options = new Services\Options(); - if ($options->get_option('helpful_defaults')) { + if ($options->get_option('helpful_defaults', 0, 'intval')) { return; } @@ -135,6 +137,8 @@ public function setup_tables() /** * Default values for settings. * + * @version 4.4.59 + * * @param bool $status set true for filling defaults. * * @return bool @@ -180,15 +184,17 @@ public function set_defaults($status = false) 'helpful_widget_pro_recent' => true, 'helpful_widget_contra_recent' => true, 'helpful_feedback_subject' => _x('There\'s new feedback for you.', 'feedback email subject', 'helpful'), - 'helpful_feedback_receivers' => get_option('admin_email'), + 'helpful_feedback_receivers' => get_option('admin_email', '', 'esc_attr'), 'helpful_feedback_email_content' => $feedback_email_content, ]; $options = apply_filters('helpful_options', $options); + $service = new Services\Options(); + foreach ($options as $slug => $value): - if (!get_option($slug)) { - update_option($slug, $value); + if (!$service->get_option($slug)) { + $service->update_option($slug, $value); } endforeach; @@ -198,16 +204,20 @@ public function set_defaults($status = false) /** * Tries to load Helpful first so other plugins don't jump the queue in content. * + * @version 4.4.59 + * * @return void */ public function load_first() { - if (!get_option('helpful_plugin_first')) { + $service = new Services\Options(); + + if ('off' === $service->get_option('helpful_plugin_first', 'off', 'esc_attr')) { return; } $path = str_replace(WP_PLUGIN_DIR . '/', '', HELPFUL_FILE); - if ($plugins = get_option('active_plugins')) { + if ($plugins = $service->get_option('active_plugins', [], 'esc_attr')) { if ($key = array_search($path, $plugins)) { array_splice($plugins, $key, 1); array_unshift($plugins, $path); diff --git a/core/modules/class-elementor-widget.php b/core/modules/class-elementor-widget.php index 162931a..1728d28 100644 --- a/core/modules/class-elementor-widget.php +++ b/core/modules/class-elementor-widget.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -61,6 +61,8 @@ public function get_categories() /** * Register widget controls. * + * @version 4.4.59 + * * @return void */ protected function _register_controls() @@ -111,7 +113,7 @@ protected function _register_controls() 'label' => esc_html_x('Headline', 'elementor option name', 'helpful'), 'label_block' => true, 'type' => \Elementor\Controls_Manager::TEXT, - 'default' => $options->get_option('helpful_heading'), + 'default' => $options->get_option('helpful_heading', '', 'kses'), ] ); @@ -121,7 +123,7 @@ protected function _register_controls() 'label' => esc_html_x('Content', 'elementor option name', 'helpful'), 'label_block' => true, 'type' => \Elementor\Controls_Manager::TEXTAREA, - 'default' => $options->get_option('helpful_content'), + 'default' => $options->get_option('helpful_content', '', 'kses'), ] ); @@ -131,7 +133,7 @@ protected function _register_controls() 'label' => esc_html_x('Pro', 'elementor option name', 'helpful'), 'label_block' => true, 'type' => \Elementor\Controls_Manager::TEXT, - 'default' => $options->get_option('helpful_pro'), + 'default' => $options->get_option('helpful_pro', '', 'kses'), ] ); @@ -141,7 +143,7 @@ protected function _register_controls() 'label' => esc_html_x('Contra', 'elementor option name', 'helpful'), 'label_block' => true, 'type' => \Elementor\Controls_Manager::TEXT, - 'default' => $options->get_option('helpful_contra'), + 'default' => $options->get_option('helpful_contra', '', 'kses'), ] ); @@ -169,7 +171,7 @@ protected function _register_controls() 'description' => esc_html_x('This option overrides the Helpful theme and applies to all Helpful on the site. You will also need to reload the page to see the changes.', 'elementor option description', 'helpful'), 'type' => \Elementor\Controls_Manager::SELECT, 'options' => $choices, - 'default' => $options->get_option('helpful_theme'), + 'default' => $options->get_option('helpful_theme', '', 'esc_attr'), ] ); diff --git a/core/modules/class-feedback-admin.php b/core/modules/class-feedback-admin.php index 2be1e91..7954459 100644 --- a/core/modules/class-feedback-admin.php +++ b/core/modules/class-feedback-admin.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -125,6 +125,8 @@ public function enqueue_scripts($hook_suffix) /** * Ajax get feedback items * + * @version 4.4.59 + * * @return void */ public function ajax_get_feedback_items() @@ -139,7 +141,7 @@ public function ajax_get_feedback_items() $filters = ['all', 'pro', 'contra']; $sql = "SELECT * FROM $table_name"; - $limit = $options->get_option('helpful_feedback_amount', 10); + $limit = $options->get_option('helpful_feedback_amount', 3, 'intval'); $limit = intval(apply_filters('helpful_feedback_limit', $limit)); $page = 1; diff --git a/core/modules/class-frontend.php b/core/modules/class-frontend.php index e2bed4e..ceb2e84 100644 --- a/core/modules/class-frontend.php +++ b/core/modules/class-frontend.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.55 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -128,7 +128,8 @@ public function default_themes($themes) * * @global $post * - * @version 4.4.55 + * @version 4.4.59 + * * @since 4.4.0 * * @return void @@ -141,7 +142,7 @@ public function enqueue_scripts() $options = new Services\Options(); - $active_theme = $options->get_option('helpful_theme'); + $active_theme = $options->get_option('helpful_theme', '', 'esc_attr'); $themes = apply_filters('helpful_themes', []); $plugin = Helper::get_plugin_data(); @@ -203,7 +204,7 @@ public function enqueue_scripts() * * @global $post * - * @version 4.4.55 + * @version 4.4.59 * @since 4.3.0 * * @param string $content post content. @@ -229,7 +230,7 @@ public function the_content($content) $options = new Services\Options(); $helpful = Helpers\Values::get_defaults(); - $post_types = $options->get_option('helpful_post_types'); + $post_types = $options->get_option('helpful_post_types', [], 'esc_attr'); $user_id = Helpers\User::get_user(); if ('on' === get_post_meta($helpful['post_id'], 'helpful_hide_on_post', true)) { @@ -240,7 +241,7 @@ public function the_content($content) return $content; } - if ('on' === $options->get_option('helpful_hide_in_content')) { + if ('on' === $options->get_option('helpful_hide_in_content', 'off', 'esc_attr')) { return $content; } @@ -268,7 +269,7 @@ public function the_content($content) * * @global $post * - * @version 4.4.53 + * @version 4.4.59 * @since 4.3.0 * * @param array $atts shortcode attributes. @@ -300,7 +301,7 @@ public function helpful($atts, $content = '') $object = new Services\Helpful($helpful['post_id'], $helpful); - if ('on' === $options->get_option('helpful_exists_hide') && $object->current_user_has_voted()) { + if ('on' === $options->get_option('helpful_exists_hide', 'off', 'esc_attr') && $object->current_user_has_voted()) { return $content; } @@ -325,7 +326,7 @@ public function helpful($atts, $content = '') return $content; } - if (1 === $helpful['exists'] && $options->get_option('helpful_feedback_after_vote')) { + if (1 === $helpful['exists'] && 'on' === $options->get_option('helpful_feedback_after_vote', 'off', 'esc_attr')) { if (!Helper::is_feedback_disabled()) { $content = Helpers\Feedback::after_vote($helpful['post_id'], true); $content = Helpers\Values::convert_tags($content, $helpful['post_id']); @@ -357,7 +358,7 @@ public function helpful($atts, $content = '') /** * Ajax save user vote and render response. * - * @version 4.4.51 + * @version 4.4.59 * @since 4.4.0 * * @return void @@ -389,7 +390,7 @@ public function save_vote() $value = sanitize_text_field($_POST['value']); } - if (is_user_logged_in() && 'on' === $options->get_option('helpful_wordpress_user')) { + if (is_user_logged_in() && 'on' === $options->get_option('helpful_wordpress_user', 'off', 'esc_attr')) { $user_id = get_current_user_id(); } @@ -416,7 +417,7 @@ public function save_vote() /** * Ajax save user feedback and render response. * - * @version 4.4.51 + * @version 4.4.59 * @since 4.4.0 * * @return void @@ -445,7 +446,7 @@ public function save_feedback() } if (!empty($_REQUEST['website']) && true === $spam_protection) { - $message = do_shortcode($options->get_option('helpful_feedback_message_spam')); + $message = do_shortcode($options->get_option('helpful_feedback_message_spam', '', 'kses')); $message = apply_filters('helpful_pre_feedback_message_spam', $message, $post_id); echo Helpers\Values::convert_tags($message, $post_id); wp_die(); @@ -463,7 +464,7 @@ public function save_feedback() $helpful_type[$post_id] = $type; if ('pro' === $type) { - $message = do_shortcode($options->get_option('helpful_after_pro')); + $message = do_shortcode($options->get_option('helpful_after_pro', '', 'kses')); if (get_post_meta($post_id, 'helpful_after_pro', true)) { $message = do_shortcode(get_post_meta($post_id, 'helpful_after_pro', true)); @@ -471,7 +472,7 @@ public function save_feedback() $message = apply_filters('helpful_pre_after_pro', $message, $post_id); } elseif ('contra' === $type) { - $message = do_shortcode($options->get_option('helpful_after_contra')); + $message = do_shortcode($options->get_option('helpful_after_contra', '', 'kses')); if (get_post_meta($post_id, 'helpful_after_contra', true)) { $message = do_shortcode(get_post_meta($post_id, 'helpful_after_contra', true)); @@ -479,7 +480,7 @@ public function save_feedback() $message = apply_filters('helpful_pre_after_contra', $message, $post_id); } else { - $message = do_shortcode($options->get_option('helpful_after_fallback')); + $message = do_shortcode($options->get_option('helpful_after_fallback', '', 'kses')); if (get_post_meta($post_id, 'helpful_after_fallback', true)) { $message = do_shortcode(get_post_meta($post_id, 'helpful_after_fallback', true)); @@ -496,17 +497,19 @@ public function save_feedback() /** * Filters the frontend nonces and set the value to false, using option. * + * @version 4.4.59 + * * @return void */ public function filter_nonces() { $options = new Services\Options(); - if ('on' === $options->get_option('helpful_disable_frontend_nonce')) { + if ('on' === $options->get_option('helpful_disable_frontend_nonce', 'off', 'esc_attr')) { add_filter('helpful_verify_frontend_nonce', '__return_false'); } - if ('on' === $options->get_option('helpful_disable_feedback_nonce')) { + if ('on' === $options->get_option('helpful_disable_feedback_nonce', 'off', 'esc_attr')) { add_filter('helpful_verify_feedback_nonce', '__return_false'); } } diff --git a/core/modules/class-metabox.php b/core/modules/class-metabox.php index 59a3ff3..10a9028 100644 --- a/core/modules/class-metabox.php +++ b/core/modules/class-metabox.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -41,11 +41,15 @@ public static function get_instance() /** * Class constructor * + * @version 4.4.59 + * * @return void */ public function __construct() { - if (!get_option('helpful_metabox')) { + $service = new Services\Options(); + + if ('off' === $service->get_option('helpful_metabox', 'off', 'esc_attr')) { return; } @@ -58,13 +62,15 @@ public function __construct() /** * Add metabox to post types. * + * @version 4.4.59 + * * @return void */ public function add_metabox() { $options = new Services\Options(); - $post_types = $options->get_option('helpful_post_types'); + $post_types = $options->get_option('helpful_post_types', [], 'esc_attr'); if (isset($post_types) && is_array($post_types)) { add_meta_box( diff --git a/core/modules/class-widget.php b/core/modules/class-widget.php index 87c45d7..acec32c 100644 --- a/core/modules/class-widget.php +++ b/core/modules/class-widget.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Modules - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Modules; @@ -57,6 +57,8 @@ public function __construct() /** * Enqueue styles and scripts * + * @version 4.4.59 + * * @param string $hook_suffix * * @return void @@ -65,7 +67,7 @@ public function enqueue_scripts($hook_suffix) { $options = new Services\Options(); - if ('index.php' !== $hook_suffix || $options->get_option('helpful_widget')) { + if ('index.php' !== $hook_suffix || 'on' === $options->get_option('helpful_widget', 'off', 'esc_attr')) { return; } @@ -88,6 +90,7 @@ public function enqueue_scripts($hook_suffix) * Dashboard widget options * * @global $wp_meta_boxes + * @version 4.4.59 * * @return void */ @@ -95,7 +98,7 @@ public function widget_setup() { $options = new Services\Options(); - if ($options->get_option('helpful_widget')) { + if ('on' === $options->get_option('helpful_widget', 'off', 'esc_attr')) { return; } diff --git a/core/services/class-cookie.php b/core/services/class-cookie.php index 91405fc..3c5025f 100644 --- a/core/services/class-cookie.php +++ b/core/services/class-cookie.php @@ -4,7 +4,7 @@ * @subpackage Core\Services * @copyright Copyright (c) 2015, Pippin Williamson * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License - * @version 4.4.55 + * @version 4.4.59 * @since 4.4.55 */ namespace Helpful\Core\Services; @@ -20,8 +20,11 @@ class Cookie { /** + * @version 4.4.59 + * * @param string $key * @param mixed $value + * * @return void */ public function set(string $key, $value) @@ -33,7 +36,7 @@ public function set(string $key, $value) $options = new Options(); $lifetime = '+30 days'; $lifetime = apply_filters('helpful_user_cookie_time', $lifetime); - $samesite = $options->get_option('helpful_cookies_samesite') ?: 'Strict'; + $samesite = $options->get_option('helpful_cookies_samesite', 'Strict', 'esc_attr') ?: 'Strict'; if (70300 <= PHP_VERSION_ID) { diff --git a/core/services/class-csv.php b/core/services/class-csv.php index 08903aa..d54def6 100644 --- a/core/services/class-csv.php +++ b/core/services/class-csv.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Services - * @version 4.4.50 + * @version 4.4.59 * @since 4.4.49 */ namespace Helpful\Core\Services; @@ -59,6 +59,8 @@ public function add_items(array $items) } /** + * @version 4.4.59 + * * @return void */ public function create_file() @@ -96,7 +98,7 @@ public function create_file() $separators = [ ';', ',' ]; $separators = apply_filters( 'helpful_export_separators', $separators ); - $option = $options->get_option( 'helpful_export_separator' ); + $option = $options->get_option('helpful_export_separator', ';', 'esc_attr'); if ( $option && in_array( $option, $separators ) ) { $separator = esc_html( $option ); diff --git a/core/services/class-options.php b/core/services/class-options.php index 755e0d7..f48e178 100644 --- a/core/services/class-options.php +++ b/core/services/class-options.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Services - * @version 4.4.55 + * @version 4.4.59 * @since 4.4.47 */ namespace Helpful\Core\Services; @@ -23,11 +23,13 @@ class Options private $options; /** + * @version 4.4.59 + * * @return void */ public function __construct() { - $options = maybe_unserialize(get_option('helpful_options')); + $options = maybe_unserialize(get_option('helpful_options', [])); $this->options = (!is_array($options)) ? [] : $options; } @@ -76,24 +78,36 @@ public function delete_option($name) } /** + * @version 4.4.59 + * * @param string $name * @param mixed $default + * @param string $security + * * @return mixed */ - public function get_option($name, $default = false) { + public function get_option($name, $default = false, $security = 'blank') { if (!is_string($name)) { return $default; } + $option = null; + if (isset($this->options[$name])) { - // return apply_filters('helpful/get_option/' . $name, $this->options[$name]); + $option = $this->options[$name]; } if (get_option($name)) { - return apply_filters('helpful/get_option/' . $name, get_option($name)); + $option = get_option($name); } - return $default; + $option = apply_filters('helpful/get_option/' . $name, $option); + + if (apply_filters('helpful/get_option/handle_security', true)) { + $option = $this->handle_security($option, $security); + } + + return (isset($option)) ? $option : $default; } /** @@ -103,4 +117,87 @@ public function get_options() { return apply_filters('helpful/get_options', $this->options); } + + /** + * @version 4.4.59 + * + * @param mixed $value + * @param string $security + * + * @return mixed + */ + private function handle_security($value, $security) + { + if ('blank' === $security) { + return $value; + } + + if (is_array($value) && !empty($value)) { + $result = []; + + foreach ($value as $key => $data) { + $result[$key] = $this->handle_security($data, $security); + } + + return $result; + } + + switch ($security) { + case 'bool': + $value = boolval($value); + break; + case 'esc_html': + $value = esc_html($value); + break; + case 'kses': + $value = $this->sanitize_input($value); + break; + case 'kses_deep': + $value = $this->sanitize_input_without_tags($value); + break; + case 'intval': + $value = intval($value); + break; + case 'floatval': + $value = floatval($value); + break; + case 'esc_attr'; + default: + $value = esc_attr($value); + } + + return $value; + } + + /** + * Filters the values of an option before saving them. Thus does not allow every + * HTML element and makes Helpful a bit more secure. + * + * @version 4.4.57 + * @since 4.4.57 + * + * @param mixed $value + * + * @return mixed + */ + public function sanitize_input($value) + { + return wp_kses($value, Helper::kses_allowed_tags()); + } + + /** + * Filters the values of an option before saving them. Thus does not allow + * HTML element and makes Helpful a bit more secure. + * + * @version 4.4.57 + * @since 4.4.57 + * + * @param mixed $value + * + * @return mixed + */ + public function sanitize_input_without_tags($value) + { + return wp_kses($value, []); + } } \ No newline at end of file diff --git a/core/services/class-session.php b/core/services/class-session.php index 20e3709..e5e636c 100644 --- a/core/services/class-session.php +++ b/core/services/class-session.php @@ -4,7 +4,7 @@ * @subpackage Core\Services * @copyright Copyright (c) 2015, Pippin Williamson * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License - * @version 4.4.50 + * @version 4.4.59 * @since 4.4.50 */ namespace Helpful\Core\Services; @@ -55,6 +55,8 @@ public function init() } /** + * @version 4.4.59 + * * @return bool */ public function should_start_session() @@ -80,7 +82,7 @@ public function should_start_session() } } - if ($options->get_option('helpful_sessions_false')) { + if ('on' === $options->get_option('helpful_sessions_false', 'off', 'esc_attr')) { $start_session = false; } diff --git a/core/tabs/class-design.php b/core/tabs/class-design.php index 5803b44..dfdc245 100644 --- a/core/tabs/class-design.php +++ b/core/tabs/class-design.php @@ -74,13 +74,15 @@ public function register_tab($tabs, $current) /** * Print custom css to wp_head. * + * @version 4.4.59 + * * @return void */ public function custom_css() { $options = new Services\Options(); - $custom_css = $options->get_option('helpful_css'); + $custom_css = $options->get_option('helpful_css', ''); // how to secure? $parser = new Vendor\Css_Parser(); diff --git a/core/tabs/class-start.php b/core/tabs/class-start.php index b9e1ef7..2bbc828 100644 --- a/core/tabs/class-start.php +++ b/core/tabs/class-start.php @@ -192,9 +192,9 @@ public function ajax_get_posts_data() if (false === ($query = get_transient($transient))) { $query = new \WP_Query($args); - $cache_time = $options->get_option('helpful_cache_time', 'minute'); + $cache_time = $options->get_option('helpful_cache_time', 'minute', 'esc_attr'); $cache_times = Helpers\Cache::get_cache_times(false); - $cache_time = $cache_times[$cache_time]; + $cache_time = (isset($cache_times[$cache_time])) ? $cache_times[$cache_time] : MINUTE_IN_SECONDS; set_transient($transient, $query, $cache_time); } diff --git a/core/tabs/class-system.php b/core/tabs/class-system.php index a937689..1e3e796 100644 --- a/core/tabs/class-system.php +++ b/core/tabs/class-system.php @@ -2,7 +2,7 @@ /** * @package Helpful * @subpackage Core\Tabs - * @version 4.4.50 + * @version 4.4.59 * @since 4.3.0 */ namespace Helpful\Core\Tabs; @@ -41,6 +41,8 @@ public static function get_instance() /** * Class constructor * + * @version 4.4.59 + * * @return void */ public function __construct() @@ -55,7 +57,7 @@ public function __construct() add_action('admin_init', [ & $this, 'reset_plugin']); add_action('admin_init', [ & $this, 'reset_feedback']); - if ($options->get_option('helpful_classic_editor')) { + if ('on' === $options->get_option('helpful_classic_editor', 'off', 'esc_attr')) { add_filter('use_block_editor_for_post', '__return_false', 10); } @@ -188,12 +190,15 @@ public function register_tab_content() * Reset helpful database and entries * * @global $wpdb + * @version 4.4.59 * * @return void */ public function reset_plugin() { - if (!get_option('helpful_uninstall')) { + $options = new Services\Options(); + + if (false === $options->get_option('helpful_uninstall', false, 'bool')) { return; } @@ -232,12 +237,15 @@ public function reset_plugin() * Reset helpful feedback database * * @global $wpdb + * @version 4.4.59 * * @return void */ public function reset_feedback() { - if (!get_option('helpful_uninstall_feedback')) { + $options = new Services\Options(); + + if (false === $options->get_option('helpful_uninstall_feedback', false, 'bool')) { return; } diff --git a/helpful.php b/helpful.php index b0818ad..91a7814 100644 --- a/helpful.php +++ b/helpful.php @@ -2,7 +2,7 @@ /** * Plugin Name: Helpful * Description: Add a fancy feedback form under your posts or post-types and ask your visitors a question. Give them the abbility to vote with yes or no. - * Version: 4.4.58 + * Version: 4.4.59 * Author: Pixelbart * Author URI: https://pixelbart.de * Text Domain: helpful @@ -86,11 +86,13 @@ public function get_plugin_version() /** * Outputs the Helpful version that was stored in the database. * + * @version 4.4.59 + * * @return string */ public function get_option_version() { - return get_option('helpful/version', '1.0.0'); + return esc_attr(get_option('helpful/version', '1.0.0')); } /** diff --git a/readme.txt b/readme.txt index af1e61b..d85e7e1 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Tags: helpful, poll, feedback, reviews, vote, review, voting Requires at least: 4.6 Tested up to: 5.8 Requires PHP: 5.6.20 -Stable tag: 4.4.58 +Stable tag: 4.4.59 License: MIT License License URI: https://opensource.org/licenses/MIT diff --git a/templates/feedback.php b/templates/feedback.php index 4267757..595a0f0 100644 --- a/templates/feedback.php +++ b/templates/feedback.php @@ -1,7 +1,7 @@
- get_option('helpful_feedback_label_message'); ?> + get_option('helpful_feedback_label_message', '', 'kses_wot'); ?>
@@ -32,7 +32,7 @@ get_option('helpful_feedback_name') && !is_user_logged_in()) : ?>
- get_option('helpful_feedback_label_name'); ?> + get_option('helpful_feedback_label_name', '', 'kses_wot'); ?>
@@ -42,7 +42,7 @@ get_option('helpful_feedback_email') && !is_user_logged_in()) : ?>
- get_option('helpful_feedback_label_email'); ?> + get_option('helpful_feedback_label_email', '', 'kses_wot'); ?>
@@ -51,14 +51,14 @@