WordPress.org
Get WordPress

Plugin Directory

Changeset 2707223


Ignore:
Timestamp:
04/08/2022 10:17:35 PM (3 years ago)
Author:
pluginbazar
Message:

security fixed with $wpdb

Location:
woc-order-alert/trunk
Files:
1 deleted
3 edited

Legend:

Unmodified
Added
Removed

  • woc-order-alert/trunk/includes/class-hooks.php

    r2706677 r2707223  
    107107            global $wpdb;
    108108
    109             $all_orders           = $wpdb->get_results( "SELECT * FROM " . OLISTENER_DATA_TABLE . " WHERE read_status = 'unread'" );
     109            $all_orders           = $wpdb->get_results(
     110                $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}woocommerce_order_listener WHERE read_status = %s", 'unread' )
     111            );
     112            $all_orders           = ! is_array( $all_orders ) ? array() : $all_orders;
    110113            $order_list_items_all = olistener()->get_order_list_items();
    111114            $order_list_items     = olistener()->get_option( 'olistener_order_list_items', array_keys( $order_list_items_all ) );
     
    192195
    193196                $order_total  = sanitize_text_field( olistener()->get_args_option( 'total', '', $json_params ) );
    194                 $all_orders   = $wpdb->get_results( "SELECT * FROM " . OLISTENER_DATA_TABLE . " WHERE `order_id` = $order_id AND `order_total` = $order_total" );
     197                $all_orders   = $wpdb->get_results(
     198                    $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}woocommerce_order_listener WHERE order_id = %d", $order_id )
     199                );
     200                $all_orders   = ! is_array( $all_orders ) ? array() : $all_orders;
    195201                $latest_order = end( $all_orders );
    196202                $order_args   = array(

  • woc-order-alert/trunk/readme.txt

    r2706677 r2707223  
    77    Tested up to: 5.9.3
    88    Tested up to WooCommerce: 6.3.1
    9     Stable tag: 3.2.0
     9    Stable tag: 3.2.2
    1010    License: GPLv2 or later
    1111    License URI: http://www.gnu.org/licenses/gpl-2.0.html

  • woc-order-alert/trunk/woc-order-alert.php

    r2706677 r2707223  
    44    Plugin URI: https://pluginbazar.com/
    55    Description: Play sound as notification instantly on new order in your WooCommerce store
    6     Version: 3.2.1
     6    Version: 3.2.2
    77    Author: Pluginbazar
    88    Author URI: https://pluginbazar.com/
Note: See TracChangeset for help on using the changeset viewer.