--- a/wp/wp-content/plugins/portfolio/bws_menu/class-bws-settings.php Thu Sep 29 08:06:27 2022 +0200
+++ b/wp/wp-content/plugins/portfolio/bws_menu/class-bws-settings.php Fri Sep 05 18:40:08 2025 +0200
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit;
+}
+
/**
* Displays the content on the plugin settings page
*
@@ -101,7 +105,8 @@
$this->trial_days = $args['trial_days'];
$this->licenses = $args['licenses'];
- $this->pro_page = $this->bws_license_plugin = '';
+ $this->pro_page = '';
+ $this->bws_license_plugin = '';
/* get $bws_plugins */
require dirname( __FILE__ ) . '/product_list.php';
if ( isset( $bws_plugins[ $this->plugin_basename ] ) ) {
@@ -178,7 +183,7 @@
<div id="misc-publishing-actions">
<?php
/**
- * Action - Display additional content for #misc-publishing-Actions
+ * Action - Display additional content for #misc-publishing-actions
*/
do_action( __CLASS__ . '_information_postbox_top' );
?>
@@ -222,15 +227,15 @@
</div><!-- .misc-pub-section -->
<?php
/**
- * Action - Display additional content for #misc-publishing-Actions
+ * Action - Display additional content for #misc-publishing-actions
*/
do_action( __CLASS__ . '_information_postbox_bottom' );
?>
</div>
<div class="clear"></div>
</div>
- <div id="major-publishing-Actions">
- <div id="publishing-Action">
+ <div id="major-publishing-actions">
+ <div id="publishing-action">
<input type="hidden" name="<?php echo esc_attr( $this->prefix ); ?>_form_submit" value="submit" />
<input id="bws-submit-button" type="submit" class="button button-primary button-large" value="<?php esc_html_e( 'Save Changes', 'bestwebsoft' ); ?>" />
<?php wp_nonce_field( $this->plugin_basename, 'bws_nonce_name' ); ?>
@@ -265,7 +270,8 @@
</div>
<?php
if ( ! empty( $this->wp_slug ) ) {
- bws_plugin_reviews_block( $this->plugins_info['Name'], $this->wp_slug );}
+ bws_plugin_reviews_block( $this->plugins_info['Name'], $this->wp_slug );
+ }
?>
</div>
</div>
@@ -291,9 +297,9 @@
<?php $this->display_tabs_content(); ?>
<div class="clear"></div>
<input type="hidden" name="bws_active_tab" value="<?php
- if ( isset( $_REQUEST['bws_active_tab'] ) ) {
- echo esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['bws_active_tab'] ) ) );
- }
+ if ( isset( $_REQUEST['bws_active_tab'] ) ) {
+ echo esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['bws_active_tab'] ) ) );
+ }
?>" />
</div>
<?php
@@ -331,8 +337,6 @@
* Displays the content of tabs
*
* @access private
- * @param string $tab_slug
- * @return void
*/
public function display_tabs_content() {
foreach ( $this->tabs as $tab_slug => $data ) {
@@ -357,11 +361,12 @@
* Save all options from all tabs and display errors\messages
*
* @access public
- * @param void
* @return array
*/
public function save_all_tabs_options() {
- $message = $notice = $error = '';
+ $message = '';
+ $notice = '';
+ $error = '';
/* Restore default settings */
if ( isset( $_POST['bws_restore_confirm'] ) && check_admin_referer( $this->plugin_basename, 'bws_settings_nonce_name' ) ) {
$this->restore_options();
@@ -435,21 +440,24 @@
<div class="updated fade inline"
<?php
if ( empty( $save_results['message'] ) ) {
- echo 'style="display:none"';}
+ echo 'style="display:none"';
+ }
?>
- ><p><strong><?php echo esc_html( $save_results['message'] ); ?></strong></p></div>
+ ><p><strong><?php echo ! empty( $save_results['message'] ) ? wp_kses_post( $save_results['message'] ) : ''; ?></strong></p></div>
<div class="updated bws-notice inline"
<?php
if ( empty( $save_results['notice'] ) ) {
- echo 'style="display:none"';}
+ echo 'style="display:none"';
+ }
?>
- ><p><strong><?php echo esc_html( $save_results['notice'] ); ?></strong></p></div>
+ ><p><strong><?php echo ! empty( $save_results['notice'] ) ? wp_kses_post( $save_results['notice'] ) : ''; ?></strong></p></div>
<div class="error inline"
<?php
if ( empty( $save_results['error'] ) ) {
- echo 'style="display:none"';}
+ echo 'style="display:none"';
+ }
?>
- ><p><strong><?php echo esc_html( $save_results['error'] ); ?></strong></p></div>
+ ><p><strong><?php echo ! empty( $save_results['error'] ) ? wp_kses_post( $save_results['error'] ) : ''; ?></strong></p></div>
<?php
}
@@ -458,7 +466,6 @@
*
* @access public
* @param ab
- * @return array The Action results
* @abstract
*/
public function save_options() {
@@ -500,12 +507,12 @@
foreach ( array( 'css', 'php', 'js' ) as $extension ) {
$file = 'bws-custom-code.' . $extension;
$real_file = $folder . '/' . $file;
-
+
if ( $wp_filesystem->exists( $real_file ) ) {
update_recently_edited( $real_file );
- $this->custom_code_args[ "content_{$extension}" ] = $wp_filesystem->get_contents( $real_file );//file_get_contents( $real_file );
+ $this->custom_code_args[ "content_{$extension}" ] = $wp_filesystem->get_contents( $real_file );
if ( ( $this->is_multisite && isset( $bstwbsftwppdtplgns_options['custom_code'][ $this->custom_code_args['blog_id'] ][ $file ] ) ) ||
- ( ! $this->is_multisite && isset( $bstwbsftwppdtplgns_options['custom_code'][ $file ] ) ) ) {
+ ( ! $this->is_multisite && isset( $bstwbsftwppdtplgns_options['custom_code'][ $file ] ) ) ) {
$this->custom_code_args[ "is_{$extension}_active" ] = true;
}
if ( is_writeable( $real_file ) ) {
@@ -571,7 +578,8 @@
<strong><?php echo esc_html( $name ); ?></strong>
<?php
if ( ! $this->custom_code_args[ "{$extension}_writeable" ] ) {
- echo '(' . esc_html__( 'Browsing', 'bestwebsoft' ) . ')';}
+ echo '(' . esc_html__( 'Browsing', 'bestwebsoft' ) . ')';
+ }
?>
</big>
</p>
@@ -580,21 +588,22 @@
<input type="checkbox" value="1"
<?php
if ( $this->custom_code_args[ "is_{$extension}_active" ] ) {
- echo 'checked';}
+ echo 'checked';
+ }
?>
/>
<?php printf( esc_html__( 'Activate custom %s code.', 'bestwebsoft' ), esc_html( $name ) ); ?>
</label>
</p>
<textarea cols="70" rows="25" id="bws_newcontent_<?php echo esc_attr( $extension ); ?>" disabled="disabled"><?php
- if ( isset( $this->custom_code_args[ "content_{$extension}" ] ) ) {
- echo esc_html( stripslashes_deep( $this->custom_code_args[ "content_{$extension}" ] ) ); }
- ?></textarea>
+ if ( isset( $this->custom_code_args[ "content_{$extension}" ] ) ) {
+ echo esc_html( stripslashes_deep( $this->custom_code_args[ "content_{$extension}" ] ) ); }
+ ?></textarea>
<p class="bws_info">
- <?php echo esc_html( $extension_data['description'] ); ?>
+ <?php echo wp_kses_post( $extension_data['description'] ); ?>
<br>
<a href="<?php echo esc_url( $extension_data['learn_more_link'] ); ?>" target="_blank">
- <?php printf( esc_html__( 'Learn more about %s', 'bestwebsoft' ), esc_html__( $name ) ); ?>
+ <?php printf( esc_html__( 'Learn more about %s', 'bestwebsoft' ), esc_html( $name ) ); ?>
</a>
</p>
<?php
@@ -603,7 +612,7 @@
</div>
</div>
<div class="bws_pro_version_tooltip">
- <a class="bws_button" href="<?php echo esc_url( $this->plugins_info['PluginURI'] ); ?>?k=<?php echo esc_attr( $this->link_key ); ?>&pn=<?php echo esc_attr( $this->link_pn ); ?>&v=<?php echo esc_attr( $this->plugins_info['Version'] ); ?>&wp_v=<?php echo esc_attr( $wp_version ); ?>" target="_blank" title="<?php echo $this->plugins_info["Name"]; ?>">Upgrade to Pro</a>
+ <a class="bws_button" href="<?php echo esc_url( $this->plugins_info['PluginURI'] ); ?>?k=<?php echo esc_attr( $this->link_key ); ?>&pn=<?php echo esc_attr( $this->link_pn ); ?>&v=<?php echo esc_attr( $this->plugins_info['Version'] ); ?>&wp_v=<?php echo esc_attr( $wp_version ); ?>" target="_blank" title="<?php echo esc_html( $this->plugins_info['Name'] ); ?>">Upgrade to Pro</a>
<div class="clear"></div>
</div>
</div>
@@ -611,7 +620,7 @@
} else {
?>
<div class="bws_pro_version_tooltip">
- <a class="bws_button" href="<?php echo esc_url( $this->plugins_info['PluginURI'] ); ?>?k=<?php echo esc_attr( $this->link_key ); ?>&pn=<?php echo esc_attr( $this->link_pn ); ?>&v=<?php echo esc_attr( $this->plugins_info['Version'] ); ?>&wp_v=<?php echo esc_attr( $wp_version ); ?>" target="_blank" title="<?php echo $this->plugins_info["Name"]; ?>">Upgrade to Pro</a>
+ <a class="bws_button" href="<?php echo esc_url( $this->plugins_info['PluginURI'] ); ?>?k=<?php echo esc_attr( $this->link_key ); ?>&pn=<?php echo esc_attr( $this->link_pn ); ?>&v=<?php echo esc_attr( $this->plugins_info['Version'] ); ?>&wp_v=<?php echo esc_attr( $wp_version ); ?>" target="_blank" title="<?php echo esc_html( $this->plugins_info['Name'] ); ?>">Upgrade to Pro</a>
<div class="clear"></div>
</div>
<?php
@@ -659,7 +668,8 @@
<input <?php echo esc_attr( wp_kses_data( $this->change_permission_attr ) ); ?> name="bws_hide_premium_options_submit" type="checkbox" value="1"
<?php
if ( ! $this->hide_pro_tabs ) {
- echo 'checked="checked "';}
+ echo 'checked="checked "';
+ }
?>
/>
<span class="bws_info"><?php esc_html_e( 'Enable to display plugin Pro options.', 'bestwebsoft' ); ?></span>
@@ -674,7 +684,8 @@
<input <?php echo esc_attr( wp_kses_data( $this->change_permission_attr ) ); ?> name="bws_track_usage" type="checkbox" value="1"
<?php
if ( ! empty( $bstwbsftwppdtplgns_options['track_usage']['products'][ $this->plugin_basename ] ) ) {
- echo 'checked="checked "';}
+ echo 'checked="checked "';
+ }
?>
/>
<span class="bws_info"><?php esc_html_e( 'Enable to allow tracking plugin usage anonymously in order to make it better.', 'bestwebsoft' ); ?></span>
@@ -878,7 +889,8 @@
</table>
<?php
} else {
- $attr = $license_key = '';
+ $attr = '';
+ $license_key = '';
if ( isset( $bstwbsftwppdtplgns_options['go_pro'][ $this->bws_license_plugin ]['count'] ) &&
'5' < $bstwbsftwppdtplgns_options['go_pro'][ $this->bws_license_plugin ]['count'] &&
$bstwbsftwppdtplgns_options['go_pro'][ $this->bws_license_plugin ]['time'] > ( time() - ( 24 * 60 * 60 ) ) ) {
@@ -896,7 +908,7 @@
<input <?php echo wp_kses_data( $attr ); ?> type="text" name="bws_license_key_<?php echo esc_attr( ( ! empty( $single_license['pro_slug'] ) ) ? $single_license['pro_slug'] : $single_license['slug'] ); ?>" value="<?php echo esc_attr( $license_key ); ?>" />
<input <?php echo wp_kses_data( $attr ); ?> type="hidden" name="bws_license_plugin_<?php echo esc_attr( ( ! empty( $single_license['pro_slug'] ) ) ? $single_license['pro_slug'] : $single_license['slug'] ); ?>" value="<?php echo esc_attr( ( ! empty( $single_license['pro_slug'] ) ) ? $single_license['pro_slug'] : $single_license['slug'] ); ?>" />
<input <?php echo wp_kses_data( $attr ); ?> type="submit" class="button button-secondary" name="bws_license_submit" value="<?php esc_html_e( 'Activate', 'bestwebsoft' ); ?>" />
- <input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'bws_license_key_nonce' ); ?>" />
+ <input type="hidden" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( 'bws_license_key_nonce' ) ); ?>" />
<div class="bws_info">
<?php printf( esc_html__( 'Enter your license key to activate %s and get premium plugin features.', 'bestwebsoft' ), '<a href="' . esc_url( $this->bws_plugin_link ) . '" target="_blank" title="' . esc_html( $pro_plugin_name ) . '">' . esc_html( $pro_plugin_name ) . '</a>' ); ?>
</div>
@@ -958,10 +970,12 @@
global $wp_version, $bstwbsftwppdtplgns_options, $wp_filesystem;
/*$empty_field_error - added to avoid error when 1 field is empty while another field contains license key*/
- $error = $message = $empty_field_error = '';
+ $error = '';
+ $message = '';
+ $empty_field_error = '';
if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'bws_license_key_nonce' ) ) {
- die( __( 'Security check', 'bestwebsoft' ) );
+ die( esc_html__( 'Security check', 'bestwebsoft' ) );
} else {
foreach ( $this->licenses as $single_license ) {
@@ -1078,6 +1092,7 @@
/* Go Pro */
} else {
$slug = ! empty( $single_license['pro_slug'] ) ? 'bws_license_plugin_' . $single_license['pro_slug'] : 'bws_license_plugin_' . $single_license['slug'];
+
$bws_license_plugin = isset( $_POST[ $slug ] ) ? sanitize_text_field( wp_unslash( $_POST[ $slug ] ) ) : '';
if ( isset( $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] ) && $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['time'] > ( time() - ( 24 * 60 * 60 ) ) ) {
$bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] = $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] + 1;
@@ -1154,7 +1169,7 @@
}
/* add 'track_usage' for Pro version */
if ( ! empty( $bstwbsftwppdtplgns_options['track_usage'][ ( ! empty( $single_license['pro_basename'] ) ) ? $single_license['pro_basename'] : $single_license['basename'] ] ) &&
- empty( $bstwbsftwppdtplgns_options['track_usage'][ $bws_license_plugin ] ) ) {
+ empty( $bstwbsftwppdtplgns_options['track_usage'][ $bws_license_plugin ] ) ) {
$bstwbsftwppdtplgns_options['track_usage'][ $bws_license_plugin ] = $bstwbsftwppdtplgns_options['track_usage'][ ( ! empty( $single_license['pro_basename'] ) ) ? $single_license['pro_basename'] : $single_license['basename'] ];
}
@@ -1181,8 +1196,7 @@
* Display help phrase
*
* @access public
- * @param void
- * @return html The Action results
+ * @echo html The Action results
*/
public function help_phrase() {
/*pls */
@@ -1229,7 +1243,7 @@
$this->default_options['display_settings_notice']
);
/**
- * filter - Change default_options array OR process custom functions
+ * Filter - Change default_options array OR process custom functions
*/
$this->options = apply_filters( __CLASS__ . '_additional_restore_options', $this->default_options );
if ( $this->is_network_options ) {
@@ -1369,18 +1383,18 @@
}
}
-/**
- * Called after the user has submitted his reason for deactivating the plugin.
- *
- * @since 2.1.3
- */
if ( ! function_exists( 'bws_submit_request_feature_action' ) ) {
+ /**
+ * Called after the user has submitted his reason for deactivating the plugin.
+ *
+ * @since 2.1.3
+ */
function bws_submit_request_feature_action() {
global $bstwbsftwppdtplgns_options, $wp_version, $bstwbsftwppdtplgns_active_plugins, $current_user;
if ( isset( $_REQUEST['bws_ajax_nonce'] ) ) {
- wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['bws_ajax_nonce'] ) ), 'bws_ajax_nonce' );
+ check_ajax_referer( 'bws_ajax_nonce', sanitize_text_field( wp_unslash( $_REQUEST['bws_ajax_nonce'] ) ) );
$basename = isset( $_REQUEST['plugin'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['plugin'] ) ) : '';
$info = isset( $_REQUEST['info'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['info'] ) ) : '';