Changeset 1136202 for simple-ads-manager
- Timestamp:
- 04/16/2015 01:38:44 PM (10 years ago)
- Location:
- simple-ads-manager/trunk
- Files:
-
- 5 edited
-
readme.txt (modified) (3 diffs)
-
sam-ajax-admin.php (modified) (7 diffs)
-
sam-ajax.php (modified) (3 diffs)
-
sam.class.php (modified) (1 diff)
-
simple-ads-manager.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
simple-ads-manager/trunk/readme.txt
r1120627 r1136202 4 4 Tags: ad, adbrite, adgridwork, adify, admin, adpinion, adroll, ads, adsense, adserver, advertisement, advertising, affiliate, banner, banners, chitika, cj, commercial, commission, crispads, dfp, google, income, junction, link, manager, media, money, plugin, random, referral, revenue, rotator, seo, server, shoppingads, widget, widgetbucks, yahoo, ypn 5 5 Requires at least: 3.9 6 Tested up to: 4. 17 Stable tag: 2. 6.966 Tested up to: 4.2 7 Stable tag: 2.7.97 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 86 86 == Changelog == 87 87 88 = 2.7.97 = 89 * SQL injection fix. 88 90 = 2.6.96 = 89 91 * Potential vulnerability issue was resolved. … … 211 213 == Upgrade Notice == 212 214 213 = 2.6.96 215 = 2.7.97 = 216 SQL injection fix. 217 = 2.6.96 = 214 218 Some issues with errors were resolved. 215 219 = 2.5.94 = -
simple-ads-manager/trunk/sam-ajax-admin.php
r1120627 r1136202 19 19 ini_set('html_errors', 0); 20 20 21 define('SHORTINIT', true); 21 $validUri = ''; 22 $validRequest = false; 23 if($_REQUEST['action'] !== 'load_combo_data') define('SHORTINIT', true); 22 24 23 25 require_once( $root . '/wp-load.php' ); … … 26 28 $letters = 'abcefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 '; 27 29 return substr(str_shuffle($letters), 0, $chars); 30 } 31 32 $action = !empty($_REQUEST['action']) ? 'sam_ajax_' . stripslashes($_REQUEST['action']) : false; 33 if( ! SHORTINIT ) { 34 $validUri = admin_url('admin.php') . '?page=sam-edit'; 35 $validRequest = strpos($_SERVER['HTTP_REFERER'], $validUri); 28 36 } 29 37 … … 49 57 send_nosniff_header(); 50 58 nocache_headers(); 51 52 $action = !empty($_REQUEST['action']) ? 'sam_ajax_' . stripslashes($_REQUEST['action']) : false;53 59 54 60 //A bit of security … … 126 132 127 133 case 'sam_ajax_load_posts': 128 $custs = (isset($_REQUEST['cstr'])) ? $_REQUEST['cstr'] : '';134 $custs = $wpdb->escape((isset($_REQUEST['cstr'])) ? $_REQUEST['cstr'] : ''); 129 135 $sPost = (isset($_REQUEST['sp'])) ? urldecode( $_REQUEST['sp'] ) : 'Post'; 130 136 $sPage = (isset($_REQUEST['spg'])) ? urldecode( $_REQUEST['spg'] ) : 'Page'; … … 187 193 188 194 case 'sam_ajax_load_users': 189 $roleSubscriber = (isset($_REQUEST['subscriber'])) ? urldecode($_REQUEST['subscriber']) : 'Subscriber';190 $roleContributor = (isset($_REQUEST['contributor'])) ? urldecode($_REQUEST['contributor']) : 'Contributor';191 $roleAuthor = (isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : 'Author';192 $roleEditor = (isset($_REQUEST['editor'])) ? urldecode($_REQUEST['editor']) : 'Editor';193 $roleAdministrator = (isset($_REQUEST["admin"])) ? urldecode($_REQUEST["admin"]) : 'Administrator';194 $roleSuperAdmin = (isset($_REQUEST['sadmin'])) ? urldecode($_REQUEST['sadmin']) : 'Super Admin';195 $roleSubscriber = $wpdb->escape((isset($_REQUEST['subscriber'])) ? urldecode($_REQUEST['subscriber']) : 'Subscriber'); 196 $roleContributor = $wpdb->escape((isset($_REQUEST['contributor'])) ? urldecode($_REQUEST['contributor']) : 'Contributor'); 197 $roleAuthor = $wpdb->escape((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : 'Author'); 198 $roleEditor = $wpdb->escape((isset($_REQUEST['editor'])) ? urldecode($_REQUEST['editor']) : 'Editor'); 199 $roleAdministrator = $wpdb->escape((isset($_REQUEST["admin"])) ? urldecode($_REQUEST["admin"]) : 'Administrator'); 200 $roleSuperAdmin = $wpdb->escape((isset($_REQUEST['sadmin'])) ? urldecode($_REQUEST['sadmin']) : 'Super Admin'); 195 201 $sql = "SELECT 196 202 wu.id, … … 224 230 225 231 case 'sam_ajax_load_combo_data': 226 $page = $_GET['page']; 227 $rows = $_GET['rows']; 228 $searchTerm = $_GET['searchTerm']; 229 $offset = ((int)$page - 1) * (int)$rows; 230 231 $sql = "SELECT 232 if($validRequest !== false) { 233 $page = $_GET['page']; 234 $rows = $_GET['rows']; 235 $searchTerm = $_GET['searchTerm']; 236 $searchTerm = $wpdb->escape($searchTerm); 237 $offset = ((int)$page - 1) * (int)$rows; 238 239 $sql = "SELECT 232 240 wu.id, 233 241 wu.display_name AS title, … … 239 247 ORDER BY wu.id 240 248 LIMIT $offset, $rows;"; 241 $users = $wpdb->get_results($sql, ARRAY_A); 242 243 $sql = "SELECT COUNT(*) FROM $uTable wu WHERE wu.user_nicename LIKE '{$searchTerm}%';"; 244 $rTotal = $wpdb->get_var($sql); 245 $total = ceil((int)$rTotal/(int)$rows); 246 247 $out = array( 248 'page' => $page, 249 'records' => count($users), 250 'rows' => $users, 251 'total' => $total, 252 'offset' => $offset 253 ); 249 $users = $wpdb->get_results($sql, ARRAY_A); 250 251 $sql = "SELECT COUNT(*) FROM $uTable wu WHERE wu.user_nicename LIKE '{$searchTerm}%';"; 252 $rTotal = $wpdb->get_var($sql); 253 $total = ceil((int)$rTotal/(int)$rows); 254 255 $out = array( 256 'page' => $page, 257 'records' => count($users), 258 'rows' => $users, 259 'total' => $total, 260 'offset' => $offset 261 ); 262 } 263 else 264 $out = array( 265 'page' => 0, 266 'records' => 0, 267 'rows' => 0, 268 'total' => 0, 269 'offset' => 0 270 ); 254 271 255 272 break; -
simple-ads-manager/trunk/sam-ajax.php
r997526 r1136202 49 49 $allowed_actions = array( 50 50 'sam_ajax_sam_click', 51 'sam_ajax_sam_hit',52 51 'sam_ajax_sam_hits', 53 52 'sam_ajax_sam_maintenance' … … 82 81 break; 83 82 84 case 'sam_ajax_sam_hit':85 if(isset($_POST['id']) && isset($_POST['pid'])) {86 $id = $_POST['id'];87 $pid = $_POST['pid'];88 $cid = ($id == 0) ? $pid : $id;89 $result = 0;90 //if($id > 0) $sql = "UPDATE $aTable sa SET sa.ad_hits = sa.ad_hits + 1, sa.ad_weight_hits = sa.ad_weight_hits + 1 WHERE sa.id = %d;";91 /*if($id > 0) $sql = "UPDATE $aTable sa SET sa.ad_hits = sa.ad_hits + 1 WHERE sa.id = %d;";92 elseif($id == 0) $sql = "UPDATE $pTable sp SET sp.patch_hits = sp.patch_hits + 1 WHERE sp.id = %d;";93 else $sql = '';*/94 $sql = "INSERT INTO $sTable (id, pid, event_time, event_type) VALUES (%d, %d, NOW(), 0);";95 if(!empty($sql)) $result = $wpdb->query($wpdb->prepare($sql, $id, $pid));96 if($result === 1) echo json_encode(array('success' => true, 'id' => $id, 'pid' => $pid));97 else echo json_encode(array(98 'success' => false,99 'id' => $id,100 'pid' => $pid,101 'cid' => $cid,102 'result' => $result,103 'sql' => $wpdb->prepare($sql, $cid)104 ));105 }106 else echo json_encode(array('success' => false));107 break;108 109 83 case 'sam_ajax_sam_hits': 110 84 if(isset($_POST['hits']) && is_array($_POST['hits'])) { … … 113 87 $remoteAddr = $_SERVER['REMOTE_ADDR']; 114 88 foreach($hits as $hit) { 115 $values .= ((empty($values)) ? '' : ', ') . "({$hit[1]}, {$hit[0]}, NOW(), 0, \"{$remoteAddr}\")"; 89 if(is_numeric($hit[0]) && is_numeric($hit[1])) { 90 $values .= ((empty($values)) ? '' : ', ') . "({$hit[1]}, {$hit[0]}, NOW(), 0, \"{$remoteAddr}\")"; 91 } 116 92 } 93 //$values = $wpdb->escape($values); 117 94 $sql = "INSERT INTO $sTable (id, pid, event_time, event_type, remote_addr) VALUES {$values};"; 118 95 $result = $wpdb->query($sql); 119 if($result > 0) echo json_encode(array('success' => true , 'sql' => $sql, 'addr' => $_SERVER['REMOTE_ADDR']));96 if($result > 0) echo json_encode(array('success' => true)); 120 97 else echo json_encode(array( 121 98 'success' => false, 122 'result' => $result,99 /*'result' => $result, 123 100 'sql' => $sql, 124 101 'hits' => $hits, 125 'values' => $values 102 'values' => $values*/ 126 103 )); 127 104 } -
simple-ads-manager/trunk/sam.class.php
r1120627 r1136202 75 75 76 76 public function __construct() { 77 define('SAM_VERSION', '2. 6.96');77 define('SAM_VERSION', '2.7.97'); 78 78 define('SAM_DB_VERSION', '2.8'); 79 79 define('SAM_PATH', dirname( __FILE__ )); -
simple-ads-manager/trunk/simple-ads-manager.php
r1120627 r1136202 4 4 Plugin URI: http://www.simplelib.com/archives/wordpress-plugin-simple-ads-manager/ 5 5 Description: "Simple Ads Manager" is easy to use plugin providing a flexible logic of displaying advertisements. Visit <a href="http://www.simplelib.com/">SimpleLib blog</a> for more details. 6 Version: 2. 6.966 Version: 2.7.97 7 7 Author: minimus 8 8 Author URI: http://blogcoding.ru
Note: See TracChangeset
for help on using the changeset viewer.