Changeset 533904
- Timestamp:
- 04/20/2012 09:35:40 AM (13 years ago)
- Location:
- newsletter-manager/trunk
- Files:
-
- 4 added
- 30 edited
-
XYZ Newsletter Manager - User Guide.odt (added)
-
XYZ Newsletter Manager - User Guide.pdf (modified) (previous)
-
admin/about.php (modified) (1 diff)
-
admin/add_emails.php (modified) (2 diffs)
-
admin/attachment_delete.php (modified) (1 diff)
-
admin/campaign_delete.php (modified) (1 diff)
-
admin/campaign_status.php (modified) (1 diff)
-
admin/create_campaign.php (modified) (14 diffs)
-
admin/edit_campaign.php (modified) (17 diffs)
-
admin/edit_email.php (modified) (8 diffs)
-
admin/email_activate.php (modified) (2 diffs)
-
admin/email_campaigns.php (modified) (2 diffs)
-
admin/email_delete.php (modified) (2 diffs)
-
admin/email_unsubscribe.php (modified) (2 diffs)
-
admin/footer.php (added)
-
admin/import_export.php (modified) (10 diffs)
-
admin/install.php (modified) (1 diff)
-
admin/menu.php (modified) (8 diffs)
-
admin/newsletter_manager_settings.php (modified) (19 diffs)
-
admin/preview.php (modified) (2 diffs)
-
admin/restart.php (modified) (1 diff)
-
admin/search_emails.php (added)
-
admin/send_mail.php (modified) (1 diff)
-
admin/test_mail.php (modified) (3 diffs)
-
admin/tinymce_filters.php (added)
-
confirmation.php (modified) (3 diffs)
-
download.php (modified) (1 diff)
-
newsletter-manager.php (modified) (1 diff)
-
readme.txt (modified) (3 diffs)
-
shortcodes/htmlcode.php (modified) (1 diff)
-
subscription.php (modified) (2 diffs)
-
unsubscription.php (modified) (1 diff)
-
widget.php (modified) (1 diff)
-
xyz-functions.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
newsletter-manager/trunk/admin/about.php
r530634 r533904 87 87 <div style="clear: both;"></div> 88 88 89 <style>90 91 .xyz_feedback{92 background: #CEEAF7; /* Old browsers */93 border: 1px solid #64cfe8;94 width: 98%;95 padding-left: 10px;96 }97 98 .xyz_feedback ul{99 font-weight: bold;100 }101 102 </style>103 104 <div class="xyz_feedback">105 <h2>Feedback</h2>106 107 Your feedback and suggestions are our sources for betterment of this plugin. You can provide your feedback using any of the options below.108 <p></p>109 <ul style="float: left;">110 111 <li><a target="_blank" href="http://xyzscripts.com/donate/1">Donate a dollar</a></li>112 <li><a target="_blank" href="http://wordpress.org/extend/plugins/newsletter-manager/">Rate our plugin on wordpress</a></li>113 <li><a target="_blank" href="http://xyzscripts.com/support/">Send your suggestions</a></li>114 </ul>115 <ul style="float: left;padding-left: 30px">116 <li><a target="_blank" href="http://facebook.com/xyzscripts" class="xyz_fbook">Like us on facebook</a></li>117 <li><a target="_blank" href="http://twitter.com/xyzscripts" class="xyz_twitt">Follow us on twitter</a></li>118 <li><a target="_blank" href="https://plus.google.com/101215320403235276710/" class="xyz_gplus">+1 us on Google+</a></li>119 120 </ul>121 <p style="clear: both;"></p>122 123 </div>124 125 126 <h2>More</h2>127 128 <div>129 Did you like Newsletter Manager ? Want more features and options ? Learn more about <a target="_blank" href="http://xyzscripts.com/advertising/xyz-email-manager/details">XYZ Email Manager</a>, the standalone version of this plugin. Subscribe to our newsletter below and get <b><blink>10 USD off</blink></b> for XYZ Email Manager.130 </div>131 132 <p></p>133 134 <div>135 136 <script language="javascript">137 function check_email(emailString)138 {139 var mailPattern = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;140 var matchArray = emailString.match(mailPattern);141 if (emailString.length == 0)142 return false;143 144 if (matchArray == null) {145 return false;146 }else{147 return true;148 }149 }150 151 152 function verify_lists(form)153 {154 155 var total=0;156 var checkBox=form['chk[]'];157 158 if(checkBox.length){159 160 for(var i=0;i<checkBox.length;i++){161 checkBox[i].checked?total++:null;162 }163 }else{164 165 checkBox.checked?total++:null;166 167 }168 if(total>0){169 return true;170 }else{171 return false;172 }173 174 }175 176 function verify_fields()177 {178 179 if(check_email(document.email_subscription.email.value) == false){180 alert("Please check whether the email is correct.");181 document.email_subscription.email.select();182 return false;183 }else if(verify_lists(document.email_subscription)==false){184 alert("Select atleast one list.");185 }186 else{187 document.email_subscription.submit();188 }189 190 }191 </script>192 193 <form action=http://xyzscripts.com/newsletter/index.php?page=list/subscribe method="post" name="email_subscription" id="email_subscription" >194 <input type="hidden" name="fieldNameIds" value="1,">195 <input type="hidden" name="redirActive" value="http://xyzscripts.com/subscription/pending/XYZEM">196 <input type="hidden" name="redirPending" value="http://xyzscripts.com/subscription/active/XYZEM">197 <input type="hidden" name="mode" value="1">198 <table border="0" style=" width: 100%; border: 1px solid #FFFFFF; color: black;">199 <tr>200 <td colspan="3">201 <span style="font-size:14px;"><b>Field marked <font style="color:#FF0000">*</font> are mandatory </b></span>202 </td>203 </tr>204 205 <tr><td colspan="3"> </td></tr>206 207 <tr>208 <td id="align" width="150p">Name</td>209 <td id="align" > : </td>210 <td id="align">211 <input style="border: 1px solid #3fafe3; margin-right:10px;" type="text" name="field1" ></td>212 </tr>213 <tr >214 <td >Email Address</td><td > : </td>215 <td >216 <input style="border: 1px solid #3fafe3;" name="email"217 type="text" /><span style="color:#FF0000">*</span>218 </td>219 </tr>220 221 <tr><td colspan="3" > </td></tr>222 223 <input type="hidden" name="listName" value="1,3,">224 225 <tr>226 <td> </td><td> </td>227 <td >228 <input type="submit" value="subscribe" name="Submit" onclick="javascript: if(!verify_fields()) return false; " />229 </td>230 <td> </td>231 </tr>232 <tr>233 <td colspan="3" > </td>234 </tr>235 </table>236 </form>237 </div>238 239 89 240 90 -
newsletter-manager/trunk/admin/add_emails.php
r527436 r533904 78 78 </td> 79 79 <td> 80 <textarea name="xyz_em_emails" type="text" id="xyz_em_emails"><?php if($xyz_em_dss !="") echo $xyz_em_dss; ?></textarea>80 <textarea name="xyz_em_emails" id="xyz_em_emails"></textarea> 81 81 </td> 82 82 </tr> … … 92 92 <td colspan="2" id="bottomBorderNone"> 93 93 94 <b>Note :</b> You can input any unformatted text here. Only valid email address f romats will be extracted from your input.94 <b>Note :</b> You can input any unformatted text here. Only valid email address formats will be extracted from your input. 95 95 96 96 </td></tr> -
newsletter-manager/trunk/admin/attachment_delete.php
r526902 r533904 3 3 $_POST = stripslashes_deep($_POST); 4 4 $_GET = stripslashes_deep($_GET); 5 $xyz_em_attachId = $_GET['id'];6 $xyz_em_campId = $_GET['campId'];5 $xyz_em_attachId = intval($_GET['id']); 6 $xyz_em_campId = intval($_GET['campId']); 7 7 if($xyz_em_attachId=="" || !is_numeric($xyz_em_attachId)){ 8 8 header("Location:".admin_url('admin.php?page=newsletter-manager-emailcampaigns')); -
newsletter-manager/trunk/admin/campaign_delete.php
r526902 r533904 3 3 $_POST = stripslashes_deep($_POST); 4 4 $_GET = stripslashes_deep($_GET); 5 $xyz_em_campId = $_GET['id'];6 $xyz_em_pageno = $_GET['pageno'];5 $xyz_em_campId = intval($_GET['id']); 6 $xyz_em_pageno = intval($_GET['pageno']); 7 7 8 8 if($xyz_em_campId=="" || !is_numeric($xyz_em_campId)){ -
newsletter-manager/trunk/admin/campaign_status.php
r526902 r533904 3 3 $_POST = stripslashes_deep($_POST); 4 4 $_GET = stripslashes_deep($_GET); 5 $xyz_em_campId = $_GET['id'];6 $xyz_em_campStatus = $_GET['status'];7 $xyz_em_pageno = $_GET['pageno'];5 $xyz_em_campId = intval($_GET['id']); 6 $xyz_em_campStatus = intval($_GET['status']); 7 $xyz_em_pageno = intval($_GET['pageno']); 8 8 9 9 if($xyz_em_campId=="" || !is_numeric($xyz_em_campId)){ -
newsletter-manager/trunk/admin/create_campaign.php
r530634 r533904 1 1 <?php 2 3 require( dirname( __FILE__ ) . '/tinymce_filters.php' ); 4 2 5 // Load the options 3 6 global $wpdb; 4 $_POST = stripslashes_deep($_POST);5 7 $_GET = stripslashes_deep($_GET); 6 8 require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 7 if(isset($_POST['xyz_em_campName'])){ 9 if($_POST){ 10 $_POST = stripslashes_deep($_POST); 11 $_POST = xyz_trim_deep($_POST); 12 8 13 // echo '<pre>'; 9 14 // print_r($_POST); … … 40 45 $xyz_em_campSubject = $_POST['xyz_em_campSubject']; 41 46 $xyz_em_altBody = $_POST['xyz_em_altBody']; 42 $xyz_em_batchSize = $_POST['xyz_em_batchSize'];47 $xyz_em_batchSize = abs(intval($_POST['xyz_em_batchSize'])); 43 48 $xyz_em_senderName = $_POST['xyz_em_senderName']; 44 $xyz_em_redirectAfterLink = $_POST['xyz_em_redirectAfterLink'];49 $xyz_em_redirectAfterLink = strip_tags($_POST['xyz_em_redirectAfterLink']); 45 50 $xyz_em_senderEmail = $_POST['xyz_em_senderEmail']; 46 47 $xyz_em_xyz_em_altBody = $_POST['xyz_em_uploadFile_'];48 51 49 52 … … 84 87 } 85 88 86 if ( (is_numeric($xyz_em_batchSize)) && ((int)$xyz_em_batchSize == $xyz_em_batchSize && (int)$xyz_em_batchSize > 0) && (!is_float($xyz_em_batchSize))){89 if ( $xyz_em_batchSize > 0){ 87 90 88 91 if($xyz_em_defaultEditor == 2){ … … 230 233 <h2>Create Campaign</h2> 231 234 <form method="post" enctype="multipart/form-data"> 232 <table class="widefat" style="width:9 9%;">235 <table class="widefat" style="width:98%;"> 233 236 234 237 <tr valign="top"> … … 238 241 <td><input id="input" name="xyz_em_campName" type="text" 239 242 id="xyz_em_campName" 240 value="<?php if($_POST['xyz_em_campName'] !="") echo $_POST['xyz_em_campName']; ?>" />243 value="<?php if($_POST['xyz_em_campName'] !="") echo esc_html($_POST['xyz_em_campName']); ?>" /> 241 244 </td> 242 245 </tr> … … 308 311 <td><input id="input" name="xyz_em_campSubject" type="text" 309 312 id="xyz_em_campSubject" 310 value="<?php if($_POST['xyz_em_campSubject'] !="") echo $_POST['xyz_em_campSubject']; ?>" />313 value="<?php if($_POST['xyz_em_campSubject'] !="") echo esc_html($_POST['xyz_em_campSubject']); ?>" /> 311 314 </td> 312 315 </tr> … … 322 325 323 326 ?> 324 <textarea class="areaSize" name="xyz_em_body"><?php if($_POST['xyz_em_body'] !="") echo $_POST['xyz_em_body']; ?></textarea>327 <textarea class="areaSize" name="xyz_em_body"><?php if($_POST['xyz_em_body'] !="") echo esc_textarea($_POST['xyz_em_body']); ?></textarea> 325 328 <?php 326 329 … … 343 346 <div id="plainText"> 344 347 345 <textarea class="areaSize" name="xyz_em_bodyPlain"><?php if($_POST['xyz_em_bodyPlain'] !="") echo $_POST['xyz_em_bodyPlain']; ?></textarea>348 <textarea class="areaSize" name="xyz_em_bodyPlain"><?php if($_POST['xyz_em_bodyPlain'] !="") echo esc_textarea($_POST['xyz_em_bodyPlain']); ?></textarea> 346 349 347 350 </div> … … 366 369 <td ><textarea id="textarea" 367 370 name="xyz_em_altBody"> 368 <?php //if($_POST['xyz_em_altBody'] !="") echo $_POST['xyz_em_altBody']; ?>371 <?php //if($_POST['xyz_em_altBody'] !="") echo esc_textarea($_POST['xyz_em_altBody']); ?> 369 372 </textarea> <br /> <br /> 370 373 <div class="campCreateDiv5"> … … 383 386 <td><input id="input" name="xyz_em_batchSize" type="text" 384 387 id="xyz_em_batchSize" 385 value="<?php if($_POST['xyz_em_batchSize'] !="") echo $_POST['xyz_em_batchSize']; ?>" />388 value="<?php if($_POST['xyz_em_batchSize'] !="") echo abs(intval($_POST['xyz_em_batchSize'])); ?>" /> 386 389 </td> 387 390 </tr> … … 391 394 <td><input id="input" name="xyz_em_senderName" type="text" 392 395 id="xyz_em_senderName" 393 value="<?php if($_POST['xyz_em_senderName'] !="") echo $_POST['xyz_em_senderName'];else print(get_option('xyz_em_dsn')); ?>" />396 value="<?php if($_POST['xyz_em_senderName'] !="") echo esc_html($_POST['xyz_em_senderName']);else print(esc_html(get_option('xyz_em_dsn'))); ?>" /> 394 397 </td> 395 398 </tr> … … 400 403 <td><input id="input" name="xyz_em_redirectAfterLink" type="text" 401 404 id="xyz_em_redirectAfterLink" 402 value="<?php if($_POST['xyz_em_redirectAfterLink'] !="") echo $_POST['xyz_em_redirectAfterLink']; else echo get_option('xyz_em_redirectAfterLink');?>" />405 value="<?php if($_POST['xyz_em_redirectAfterLink'] !="") echo strip_tags($_POST['xyz_em_redirectAfterLink']); else echo get_option('xyz_em_redirectAfterLink');?>" /> 403 406 </td> 404 407 </tr> … … 408 411 <td><input id="input" name="xyz_em_senderEmail" type="text" 409 412 id="xyz_em_senderEmail" 410 value="<?php if($_POST['xyz_em_senderEmail'] !="") echo $_POST['xyz_em_senderEmail'];else print(get_option('xyz_em_dse')); ?>" />413 value="<?php if($_POST['xyz_em_senderEmail'] !="") echo esc_html($_POST['xyz_em_senderEmail']);else print(esc_html(get_option('xyz_em_dse'))); ?>" /> 411 414 </td> 412 415 </tr> … … 418 421 419 422 <tr valign="top"> 420 <td scope="row"><label for="xyz_em_senderEmail">Attachment <?php echo $i;?>423 <td scope="row"><label >Attachment <?php echo $i;?> 421 424 </label> 422 425 </td> -
newsletter-manager/trunk/admin/edit_campaign.php
r530634 r533904 1 1 <?php 2 3 require( dirname( __FILE__ ) . '/tinymce_filters.php' ); 4 2 5 // Load the options 3 6 global $wpdb; 4 $_POST = stripslashes_deep($_POST);5 7 $_GET = stripslashes_deep($_GET); 6 8 //require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 7 if(isset($_POST['xyz_em_campName'])){ 9 if($_POST){ 10 $_POST = stripslashes_deep($_POST); 11 $_POST = xyz_trim_deep($_POST); 8 12 // echo '<pre>'; 9 13 // print_r($_POST); 10 14 // die; 11 15 12 $xyz_em_pagenum = $_POST['pageno'];16 $xyz_em_pagenum = abs(intval($_POST['pageno'])); 13 17 14 $_POST = stripslashes_deep($_POST); 15 $xyz_em_campId = $_POST['campId']; 18 $xyz_em_campId = intval($_POST['campId']); 16 19 17 20 $xyz_em_defaultEditor = $_POST['xyz_em_defaultEditor']; … … 46 49 $xyz_em_campSubject = $_POST['xyz_em_campSubject']; 47 50 $xyz_em_altBody = $_POST['xyz_em_altBody']; 48 $xyz_em_batchSize = $_POST['xyz_em_batchSize'];51 $xyz_em_batchSize = abs(intval($_POST['xyz_em_batchSize'])); 49 52 $xyz_em_senderName = $_POST['xyz_em_senderName']; 50 $xyz_em_redirectAfterLink = $_POST['xyz_em_redirectAfterLink'];53 $xyz_em_redirectAfterLink = strip_tags($_POST['xyz_em_redirectAfterLink']); 51 54 $xyz_em_senderEmail = $_POST['xyz_em_senderEmail']; 52 53 $xyz_em_xyz_em_altBody = $_POST['xyz_em_uploadFile_'];54 55 55 56 … … 90 91 } 91 92 92 if ( (is_numeric($xyz_em_batchSize)) && ((int)$xyz_em_batchSize == $xyz_em_batchSize && (int)$xyz_em_batchSize > 0) && (!is_float($xyz_em_batchSize))){93 if ($xyz_em_batchSize > 0){ 93 94 94 95 if($xyz_em_defaultEditor == 2){ … … 262 263 <?php 263 264 264 $xyz_em_campId = $_GET['id'];265 $xyz_em_campId = intval($_GET['id']); 265 266 266 267 if($_GET['pageno'] != ""){ 267 $xyz_em_pageno = $_GET['pageno'];268 $xyz_em_pageno = abs(intval($_GET['pageno'])); 268 269 }else{ 269 270 $xyz_em_pageno= 1; … … 300 301 <td><input id="input" name="xyz_em_campName" type="text" 301 302 id="xyz_em_campName" 302 value="<?php if(isset($_POST['xyz_em_campName']) && $_POST['xyz_em_campName'] !=""){ echo $_POST['xyz_em_campName'];}else{ echo esc_html($details->name); }?>" />303 value="<?php if(isset($_POST['xyz_em_campName'])){ echo esc_html($_POST['xyz_em_campName']);}else{ echo esc_html($details->name); }?>" /> 303 304 </td> 304 305 </tr> … … 368 369 </td> 369 370 <td><input id="input" name="xyz_em_campSubject" type="text" 370 id="xyz_em_campSubject" value="<?php if(isset($_POST['xyz_em_campSubject']) && $_POST['xyz_em_campSubject'] != ""){echo $_POST['xyz_em_campSubject'];}else{ echo $details->subject;} ?>" />371 id="xyz_em_campSubject" value="<?php if(isset($_POST['xyz_em_campSubject'])){echo esc_html($_POST['xyz_em_campSubject']);}else{ echo esc_html($details->subject);} ?>" /> 371 372 </td> 372 373 </tr> … … 384 385 <textarea class="areaSize" name="xyz_em_body"><?php 385 386 386 if(isset($_POST['xyz_em_body']) && $_POST['xyz_em_body']!= ""){387 echo $_POST['xyz_em_body'];387 if(isset($_POST['xyz_em_body'])){ 388 echo esc_textarea($_POST['xyz_em_body']); 388 389 }else{ 389 echo $details->body;390 echo esc_textarea($details->body); 390 391 } 391 392 ?></textarea> … … 394 395 }else if(get_option('xyz_em_defaultEditor') == "HTML Editor"){ 395 396 396 if( $xyz_em_body !=""){397 if(isset($_POST['xyz_em_body'])){ 397 398 the_editor($_POST['xyz_em_body'],'xyz_em_body'); 398 399 }else{ … … 407 408 408 409 <textarea class="areaSize" name="xyz_em_bodyPlain"><?php 409 if(isset($_POST['xyz_em_bodyPlain']) && $_POST['xyz_em_bodyPlain']!= ""){410 echo $_POST['xyz_em_bodyPlain'];410 if(isset($_POST['xyz_em_bodyPlain'])){ 411 echo esc_textarea($_POST['xyz_em_bodyPlain']); 411 412 }else{ 412 echo $details->body;413 echo esc_textarea($details->body); 413 414 } 414 415 ?></textarea> … … 437 438 <?php 438 439 439 // if( $_POST['xyz_em_altBody'] != ""){440 // echo $_POST['xyz_em_altBody'];440 // if(isset($_POST['xyz_em_altBody']){ 441 // echo esc_html($_POST['xyz_em_altBody']); 441 442 // }else{ 442 // echo $details->alt_body;443 // echo esc_html($details->alt_body); 443 444 // } 444 445 ?> … … 460 461 <td><input id="input" name="xyz_em_batchSize" type="text" 461 462 id="xyz_em_batchSize" 462 value="<?php if(isset($_POST['xyz_em_batchSize']) && $_POST['xyz_em_batchSize'] !="") echo $_POST['xyz_em_batchSize'];else echo $details->batch_size; ?>" />463 value="<?php if(isset($_POST['xyz_em_batchSize']) ) echo abs(intval($_POST['xyz_em_batchSize']));else echo $details->batch_size; ?>" /> 463 464 </td> 464 465 </tr> … … 468 469 <td><input id="input" name="xyz_em_senderName" type="text" 469 470 id="xyz_em_senderName" 470 value="<?php if(isset($_POST['xyz_em_senderName']) && $_POST['xyz_em_senderName'] !="") echo $_POST['xyz_em_senderName'];else echo esc_html($details->sender_name); ?>" />471 value="<?php if(isset($_POST['xyz_em_senderName']) ) echo esc_html($_POST['xyz_em_senderName']);else echo esc_html($details->sender_name); ?>" /> 471 472 </td> 472 473 </tr> … … 477 478 <td><input id="input" name="xyz_em_redirectAfterLink" type="text" 478 479 id="xyz_em_redirectAfterLink" 479 value="<?php if(isset($_POST['xyz_em_redirectAfterLink']) && $_POST['xyz_em_redirectAfterLink'] !="") echo $_POST['xyz_em_redirectAfterLink'];else echo esc_html($details->unsubscription_link); ?>" />480 value="<?php if(isset($_POST['xyz_em_redirectAfterLink']) ) echo striptags($_POST['xyz_em_redirectAfterLink']);else echo ($details->unsubscription_link); ?>" /> 480 481 </td> 481 482 </tr> … … 485 486 <td><input id="input" name="xyz_em_senderEmail" type="text" 486 487 id="xyz_em_senderEmail" 487 value="<?php if(isset($_POST['xyz_em_senderEmail']) && $_POST['xyz_em_senderEmail'] !="") echo $_POST['xyz_em_senderEmail'];else echo $details->sender_email; ?>" />488 value="<?php if(isset($_POST['xyz_em_senderEmail'])) echo esc_html($_POST['xyz_em_senderEmail']);else echo esc_html($details->sender_email); ?>" /> 488 489 </td> 489 490 </tr> … … 547 548 ?> 548 549 <tr> 549 <td scope="row" style="width:350px;"><label for="xyz_em_senderEmail">Attachment <?php echo $i;?>550 <td scope="row" style="width:350px;"><label >Attachment <?php echo $i;?> 550 551 </label> 551 552 </td> … … 570 571 <td id="bottomBorderNone" scope="row"><a 571 572 href='javascript:history.back(-1);'>Go back </a> 572 </td> 573 </tr> 574 <input type="hidden" name="campId" 575 value="<?php echo $details->id; ?>"> 576 <input type="hidden" name="pageno" 577 value="<?php echo $xyz_em_pageno; ?>"> 573 <input type="hidden" name="campId" value="<?php echo $details->id; ?>"> 574 <input type="hidden" name="pageno" value="<?php echo $xyz_em_pageno; ?>"> 575 </td> 576 </tr> 578 577 </table> 579 578 </form> … … 608 607 609 608 jQuery("#xyz_em_defaultEditor").change(function(){ 610 editor_change() 609 editor_change(); 611 610 }); 612 611 613 editor_change() 612 editor_change(); 614 613 615 614 }); -
newsletter-manager/trunk/admin/edit_email.php
r526902 r533904 1 1 <?php 2 $xyz_em_search=''; 2 3 global $wpdb; 3 4 $_GET = stripslashes_deep($_GET); 4 if(isset($_POST['xyz_em_email'])){ 5 if ($_POST['xyz_em_email']!= ""){ 5 if($_POST){ 6 6 7 7 $_POST = stripslashes_deep($_POST); 8 $xyz_em_emailId = $_POST['emailId']; 9 $xyz_em_email = $_POST['xyz_em_email']; 10 $xyz_em_name = $_POST['xyz_em_name']; 8 $_POST = xyz_trim_deep($_POST); 9 10 $xyz_em_emailId = abs(intval($_POST['emailId'])); 11 $xyz_em_email = trim($_POST['xyz_em_email']); 12 $xyz_em_name = trim($_POST['xyz_em_name']); 13 $xyz_em_search = trim($_POST['search']); 14 11 15 12 $xyz_em_pagenum = $_POST['pageno'];16 $xyz_em_pagenum = abs(intval($_POST['pageno'])); 13 17 14 18 if(is_email($xyz_em_email)){ … … 17 21 // print_r($email_count); 18 22 // die; 19 $xyz_em_flag = 0;20 23 if($email_count == 0){ 21 24 22 25 $nameCount = $wpdb->query( 'SELECT * FROM xyz_em_additional_field_value WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 23 24 // echo '<pre>';25 // print_r($nameCount);26 // die;27 28 26 29 27 if($nameCount>0){ … … 31 29 $wpdb->update('xyz_em_additional_field_value',array('field1'=>$xyz_em_name),array('ea_id'=>$xyz_em_emailId)); 32 30 33 //$wpdb->query( 'UPDATE xyz_em_additional_field_value SET field1="'.$xyz_em_name.'" WHERE ea_id="'.$xyz_em_emailId.'" ' ) ;34 $xyz_em_flag = 1;35 31 }else{ 36 32 37 33 $wpdb->insert('xyz_em_additional_field_value', array('ea_id' => $xyz_em_emailId,'field1' => $xyz_em_name),array('%d','%s')); 38 $xyz_em_flag = 1;39 34 } 40 if($xyz_em_flag == 1){41 35 36 if($xyz_em_name=='') 37 $wpdb->query( 'delete FROM xyz_em_additional_field_value WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 38 42 39 $wpdb->update('xyz_em_email_address',array('email'=>$xyz_em_email),array('id'=>$xyz_em_emailId)); 43 //$wpdb->query( 'UPDATE xyz_em_email_address SET email="'.$xyz_em_email.'" WHERE id="'.$xyz_em_emailId.'" ' ) ;44 }45 40 46 41 if($xyz_em_search=='') 47 42 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=1&pagenum='.$xyz_em_pagenum)); 43 else 44 header("Location:".admin_url('admin.php?page=newsletter-manager-searchemails&search='.$xyz_em_search)); 48 45 exit(); 49 46 … … 67 64 } 68 65 69 70 $wpdb->flush(); 71 72 }else{ 73 74 ?> 75 <div class="system_notice_area_style0" id="system_notice_area"> 76 Please enter a valid email. <span id="system_notice_area_dismiss">Dismiss</span> 77 </div> 78 79 <?php 80 81 82 } 66 83 67 } 84 68 85 69 86 $xyz_em_emailId = $_GET['id'];70 $xyz_em_emailId = abs(intval($_GET['id'])); 87 71 88 72 if($_GET['pageno'] != ""){ 89 $xyz_em_pageno = $_GET['pageno'];73 $xyz_em_pageno = abs(intval($_GET['pageno'])); 90 74 }else{ 91 75 $xyz_em_pageno= 1; 92 76 } 93 77 94 if($xyz_em_emailId=="" || !is_numeric($xyz_em_emailId)){ 78 if($_GET['search'] != "") 79 $xyz_em_search = trim($_GET['search']); 80 81 82 if($xyz_em_emailId==0){ 95 83 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses')); 96 84 exit(); 97 85 98 86 } 99 $email Count = $wpdb->query( 'SELECT * FROM xyz_em_email_address WHERE id="'.$xyz_em_emailId.'"' ) ;87 $emailres = $wpdb->get_results( 'SELECT * FROM xyz_em_email_address WHERE id="'.$xyz_em_emailId.'" LIMIT 0,1' ) ; 100 88 101 if( $emailCount==0){89 if(count($emailres)==0){ 102 90 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses')); 103 91 exit(); 104 92 }else{ 105 $emailDetails = $wpdb->get_results( 'SELECT * FROM xyz_em_email_address WHERE id="'.$xyz_em_emailId.'" LIMIT 0,1' ) ;106 93 107 $nameCount = $wpdb->query( 'SELECT * FROM xyz_em_additional_field_value WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 108 if($nameCount>0){ 109 $nameDetails = $wpdb->get_results( 'SELECT * FROM xyz_em_additional_field_value WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 110 } 94 $nameres = $wpdb->get_results( 'SELECT * FROM xyz_em_additional_field_value WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 111 95 112 if($emailDetails){ 113 $emailDetails = $emailDetails[0]; 114 $details = $emailDetails; 96 $emailDetails = $emailres[0]; 115 97 ?> 116 98 <div> … … 124 106 </td> 125 107 <td><input name="xyz_em_email" type="text" id="xyz_em_email" 126 value="<?php if(isset($_POST['xyz_em_email']) && $_POST['xyz_em_email'] != ""){echo $_POST['xyz_em_email'];}else{ echo $details->email; }?>" />108 value="<?php if(isset($_POST['xyz_em_email']) ){echo esc_html($_POST['xyz_em_email']);}else{ echo esc_html($emailDetails->email); }?>" /> 127 109 </td> 128 110 </tr> … … 132 114 <td><input name="xyz_em_name" type="text" id="xyz_em_name" 133 115 value="<?php 134 135 if($nameCount>0){ 136 if($nameDetails){ 137 foreach ($nameDetails as $detailsName){ 138 if(isset($_POST['xyz_em_name']) && $_POST['xyz_em_name'] != ""){ 139 echo $_POST['xyz_em_name']; 116 if(isset($_POST['xyz_em_name']) ){ 117 echo esc_html($_POST['xyz_em_name']); 140 118 }else{ 141 echo esc_html($detailsName->field1); 119 foreach ($nameres as $detailsName){ 120 echo esc_html($detailsName->field1); 121 } 142 122 } 143 }144 }145 }146 147 148 123 ?>" /> 149 124 </td> … … 167 142 <input type="hidden" name="pageno" 168 143 value="<?php echo $xyz_em_pageno; ?>"> 144 <input type="hidden" name="search" 145 value="<?php echo ($xyz_em_search); ?>"> 169 146 </form> 170 147 … … 172 149 <?php 173 150 174 }175 151 } 176 152 -
newsletter-manager/trunk/admin/email_activate.php
r530639 r533904 4 4 $_GET = stripslashes_deep($_GET); 5 5 6 $xyz_em_emailId = $_GET['id']; 7 $xyz_em_pageno = $_GET['pageno']; 6 $xyz_em_emailId = intval($_GET['id']); 7 $xyz_em_pageno = intval($_GET['pageno']); 8 $xyz_em_search = ''; 9 if(isset($_GET['search'])) 10 $xyz_em_search = trim($_GET['search']); 11 8 12 if($xyz_em_emailId=="" || !is_numeric($xyz_em_emailId)){ 9 13 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses')); … … 23 27 24 28 //$wpdb->query( 'UPDATE xyz_em_address_list_mapping SET status="'.$xyz_em_status.'" WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 29 if($xyz_em_search=='') 30 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=5&pagenum='.$xyz_em_pageno)); 31 else 32 header("Location:".admin_url('admin.php?page=newsletter-manager-searchemails&search='.$xyz_em_search)); 25 33 26 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=5&pagenum='.$xyz_em_pageno));27 34 exit(); 28 35 -
newsletter-manager/trunk/admin/email_campaigns.php
r530634 r533904 190 190 </script> 191 191 192 <div >192 <div style="width: 99%"> 193 193 194 194 … … 204 204 ?> 205 205 206 <table class="widefat" >206 <table class="widefat" > 207 207 <thead> 208 208 <tr> -
newsletter-manager/trunk/admin/email_delete.php
r526902 r533904 4 4 $_GET = stripslashes_deep($_GET); 5 5 6 $xyz_em_emailId = $_GET['id']; 7 $xyz_em_pageno = $_GET['pageno']; 6 $xyz_em_search = ''; 7 if(isset($_GET['search'])) 8 $xyz_em_search = trim($_GET['search']); 9 $xyz_em_emailId = absint($_GET['id']); 10 $xyz_em_pageno = absint($_GET['pageno']); 8 11 if($xyz_em_emailId=="" || !is_numeric($xyz_em_emailId)){ 9 12 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses')); … … 23 26 24 27 //$wpdb->query('ANALYZE TABLE xyz_em_email_address'); 28 if($xyz_em_search=='') 29 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=3&pagenum='.$xyz_em_pageno)); 30 else 31 header("Location:".admin_url('admin.php?page=newsletter-manager-searchemails&search='.$xyz_em_search)); 25 32 26 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=3&pagenum='.$xyz_em_pageno));27 33 exit(); 28 34 -
newsletter-manager/trunk/admin/email_unsubscribe.php
r526902 r533904 4 4 $_GET = stripslashes_deep($_GET); 5 5 6 $xyz_em_emailId = $_GET['id']; 7 $xyz_em_pageno = $_GET['pageno']; 6 $xyz_em_emailId = absint($_GET['id']); 7 $xyz_em_pageno = absint($_GET['pageno']); 8 $xyz_em_search = ''; 9 if(isset($_GET['search'])) 10 $xyz_em_search = trim($_GET['search']); 8 11 if($xyz_em_emailId=="" || !is_numeric($xyz_em_emailId)){ 9 12 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses')); … … 23 26 24 27 //$wpdb->query( 'UPDATE xyz_em_address_list_mapping SET status="'.$xyz_em_status.'" WHERE ea_id="'.$xyz_em_emailId.'" ' ) ; 28 if($xyz_em_search=='') 29 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=2&pagenum='.$xyz_em_pageno)); 30 else 31 header("Location:".admin_url('admin.php?page=newsletter-manager-searchemails&search='.$xyz_em_search)); 25 32 26 header("Location:".admin_url('admin.php?page=newsletter-manager-emailaddresses&emailmsg=2&pagenum='.$xyz_em_pageno));27 33 exit(); 28 34 -
newsletter-manager/trunk/admin/import_export.php
r526902 r533904 19 19 20 20 21 $xyz_em_exportbatchSize = $_POST['xyz_em_exportbatchSize']; 22 if ((is_numeric($xyz_em_exportbatchSize)) && ((int)$xyz_em_exportbatchSize == $xyz_em_exportbatchSize && (int)$xyz_em_exportbatchSize > 0) 23 && (!is_float($xyz_em_exportbatchSize)) ){ 21 $xyz_em_exportbatchSize = absint($_POST['xyz_em_exportbatchSize']); 22 if ($xyz_em_exportbatchSize > 0){ 24 23 $execFlag = 1; 25 24 … … 35 34 $nameofForm = $_POST['exportForm']; 36 35 37 $limitFrom = $_POST['limitFrom'];36 $limitFrom = absint($_POST['limitFrom']); 38 37 if($limitFrom == ""){ 39 38 $limitFrom = 0; … … 286 285 name="xyz_em_exportbatchSize" type="text" 287 286 id="xyz_em_exportbatchSize" 288 value="<?php if(isset($_POST['xyz_em_exportbatchSize']) && $_POST['xyz_em_exportbatchSize'] !="") echo $_POST['xyz_em_exportbatchSize'];else echo "1000"; ?>" />287 value="<?php if(isset($_POST['xyz_em_exportbatchSize'])) echo absint($_POST['xyz_em_exportbatchSize']);else echo "1000"; ?>" /> 289 288 </td> 290 289 </tr> … … 342 341 343 342 $xyz_em_emailListId = 1; 344 $xyz_em_number_lines = $_POST['xyz_em_batchSize'];345 346 if ( (is_numeric($xyz_em_number_lines)) && ((int)$xyz_em_number_lines == $xyz_em_number_lines && (int)$xyz_em_number_lines > 0) && (!is_float($xyz_em_number_lines))){343 $xyz_em_number_lines =absint( $_POST['xyz_em_batchSize']); 344 345 if ($xyz_em_number_lines > 0){ 347 346 $xyz_em_separatorChar = $_POST['xyz_em_separator']; 348 347 $xyz_em_enclosingChar = $_POST['xyz_em_enclCharacter']; … … 402 401 $afterPost = 1; 403 402 404 $xyz_em_hiddenLineNumberFrom = $_POST['xyz_em_hiddenLineNumber']; 405 406 if($xyz_em_hiddenLineNumberFrom == 0){ 407 $xyz_em_hiddenLineNumberFrom = 0; 408 } 409 403 $xyz_em_hiddenLineNumberFrom = absint($_POST['xyz_em_hiddenLineNumber']); 410 404 411 405 412 406 $xyz_em_lineCountTo = $xyz_em_hiddenLineNumberFrom + $xyz_em_number_lines; 413 407 414 $xyz_em_totalLines = $_POST['xyz_em_totalLinesNumber'];408 $xyz_em_totalLines = absint($_POST['xyz_em_totalLinesNumber']); 415 409 if($xyz_em_totalLines == 0){ 416 410 $xyz_em_totalLines = count(file($file)); 417 418 }else{419 $xyz_em_totalLines = $_POST['xyz_em_totalLinesNumber'];420 411 } 421 412 … … 447 438 448 439 $lines= fgets($file); 449 450 $string = preg_replace("'$xyz_em_enclosingChar'","",$lines); 451 $fieldArray = explode(",",$string); 440 $lines= str_replace("\r\n", "", $lines); 441 $lines= str_replace("\r", "", $lines); 442 $lines= str_replace("\n", "", $lines); 443 $string = preg_replace("/$xyz_em_enclosingChar/","",$lines); 444 $fieldArray = explode($xyz_em_separatorChar,$string); 452 445 453 446 $errorFlag = 0; … … 585 578 type="hidden" name="xyz_em_totalLinesNumber" 586 579 value="<?php echo $xyz_em_totalLines;?>" /> <input type="hidden" 587 name="xyz_em_separator" value="<?php echo $xyz_em_separatorChar;?>" />580 name="xyz_em_separator" value="<?php echo esc_html($xyz_em_separatorChar);?>" /> 588 581 589 582 <input type="hidden" name="xyz_em_enclCharacter" 590 value='<?php echo "$xyz_em_enclosingChar";?>' /> <input type="hidden"583 value='<?php echo esc_html($xyz_em_enclosingChar);?>' /> <input type="hidden" 591 584 name="xyz_em_hiddenFtellValues" value="<?php echo $ftellValue;?>" /> 592 585 <input type="hidden" name="submited" value="1" /> … … 626 619 ?> 627 620 <div class="system_notice_area_style0" id="system_notice_area"> 628 Number of lines per batch must be a positive whole 629 number. <span id="system_notice_area_dismiss">Dismiss</span> 621 Number of lines per batch must be a positive number. <span id="system_notice_area_dismiss">Dismiss</span> 630 622 </div> 631 623 <?php … … 686 678 <td><input id="input" name="xyz_em_batchSize" type="text" 687 679 id="xyz_em_batchSize" 688 value="<?php if(isset($_GET['batchsize']) && $_GET['batchsize'] !="") echo $_GET['batchsize'];else echo "1000"; ?>" />680 value="<?php if(isset($_GET['batchsize'])) echo absint($_GET['batchsize']);else echo "1000"; ?>" /> 689 681 </td> 690 682 </tr> … … 736 728 $xyz_em_email = $wpdb->get_results('SELECT * FROM xyz_em_email_address WHERE email="'.$email.'" ') ; 737 729 738 $xyz_em_email = $xyz_em_email[0];739 740 741 730 if(count($xyz_em_email) > 0){ 742 $emailLastId = $xyz_em_email->id; 731 732 $xyz_em_email = $xyz_em_email[0]; 733 734 $xyz_em_emailLastid = $xyz_em_email->id; 743 735 }else{ 744 736 -
newsletter-manager/trunk/admin/install.php
r530634 r533904 233 233 234 234 235 236 //Bug fix: 237 $wpdb->query( 'delete from xyz_em_address_list_mapping WHERE ea_id=0' ) ; 238 239 235 240 } 236 241 -
newsletter-manager/trunk/admin/menu.php
r530634 r533904 54 54 add_submenu_page('newsletter-manager-settings', 'Newsletter Manager - Add Emails', 'Add Emails', 'manage_options', 'newsletter-manager-addemails' ,'em_add_emails'); 55 55 56 add_submenu_page('newsletter-manager-settings', 'Newsletter Manager - Search Emails', 'Search Emails', 'manage_options', 'newsletter-manager-searchemails' ,'em_search_emails'); 57 56 58 add_submenu_page('newsletter-manager-settings', 'Newsletter Manager - Email Addresses', 'Email Addresses', 'manage_options', 'newsletter-manager-emailaddresses' ,'em_email_addresses'); 57 59 … … 75 77 function em_settings(){ 76 78 require( dirname( __FILE__ ) . '/newsletter_manager_settings.php' ); 79 require( dirname( __FILE__ ) . '/footer.php' ); 77 80 } 78 81 … … 94 97 require( dirname( __FILE__ ) . '/import_export.php' ); 95 98 } 99 require( dirname( __FILE__ ) . '/footer.php' ); 96 100 } 97 101 … … 101 105 102 106 require( dirname( __FILE__ ) . '/subscription_code.php' ); 107 require( dirname( __FILE__ ) . '/footer.php' ); 103 108 } 104 109 … … 106 111 function em_status(){ 107 112 require( dirname( __FILE__ ) . '/status.php' ); 113 require( dirname( __FILE__ ) . '/footer.php' ); 108 114 } 109 115 110 116 function em_about(){ 111 117 require( dirname( __FILE__ ) . '/about.php' ); 118 require( dirname( __FILE__ ) . '/footer.php' ); 112 119 } 113 120 … … 121 128 function em_add_emails(){ 122 129 require( dirname( __FILE__ ) . '/add_emails.php' ); 123 } 124 130 require( dirname( __FILE__ ) . '/footer.php' ); 131 } 132 133 function em_search_emails(){ 134 require( dirname( __FILE__ ) . '/search_emails.php' ); 135 require( dirname( __FILE__ ) . '/footer.php' ); 136 137 } 125 138 function em_email_addresses(){ 126 139 … … 161 174 162 175 } 176 require( dirname( __FILE__ ) . '/footer.php' ); 163 177 } 164 178 165 179 function em_create_campaign(){ 166 180 require( dirname( __FILE__ ) . '/create_campaign.php' ); 181 require( dirname( __FILE__ ) . '/footer.php' ); 167 182 168 183 } … … 226 241 227 242 243 require( dirname( __FILE__ ) . '/footer.php' ); 228 244 229 245 } -
newsletter-manager/trunk/admin/newsletter_manager_settings.php
r530634 r533904 1 1 <?php 2 3 require( dirname( __FILE__ ) . '/tinymce_filters.php' ); 4 2 5 global $wpdb; 3 6 // Load the options 4 if( isset($_POST['xyz_em_hesl'])){7 if($_POST){ 5 8 6 9 // echo "hesl:".$_POST['xyz_em_hesl']."<br/>"; … … 8 11 // echo "dsn:".$_POST['xyz_em_dsn']."<br/>"; 9 12 // echo "dsubname:".$_POST['xyz_em_dsubname']."<br/>";die; 10 11 if (($_POST['xyz_em_hesl']!= "") && ($_POST['xyz_em_dse'] != "") && ($_POST['xyz_em_dsn'] != "") && ($_POST['xyz_em_dsubname']!= "")){ 13 $_POST=xyz_trim_deep($_POST); 12 14 $_POST = stripslashes_deep($_POST); 13 $heslValue = $_POST['xyz_em_hesl']; 14 15 if ((is_numeric($heslValue)) && ((int)$heslValue == $heslValue && (int)$heslValue > 0) && (!is_float($heslValue)) ){ 15 16 if (($_POST['xyz_em_hesl']!= "") && ($_POST['xyz_em_dse'] != "") && ($_POST['xyz_em_dsn'] != "") && ($_POST['xyz_em_dsubname']!= "") 17 && ($_POST['xyz_em_afterSubscription']!= "") && ($_POST['xyz_em_emailConfirmation']!= "") && ($_POST['xyz_em_redirectAfterLink']!= "") ){ 18 $xyz_em_hesl = abs(intval($_POST['xyz_em_hesl'])); 19 20 if ( $xyz_em_hesl > 0 ){ 16 21 if(is_email($_POST['xyz_em_dse'])){ 17 22 18 $xyz_em_hesl = abs(intval($_POST['xyz_em_hesl']));19 23 $xyz_em_dss = $_POST['xyz_em_dss']; 20 24 $xyz_em_defaultEditor = $_POST['xyz_em_defaultEditor']; … … 24 28 $xyz_em_enableUnsubNotification = $_POST['xyz_em_enableUnsubNotification']; 25 29 26 $xyz_em_afterSubscription = $_POST['xyz_em_afterSubscription'];27 $xyz_em_emailConfirmation = $_POST['xyz_em_emailConfirmation'];28 $xyz_em_redirectAfterLink = $_POST['xyz_em_redirectAfterLink'];29 30 $xyz_em_limit = $_POST['xyz_em_limit'];30 $xyz_em_afterSubscription = strip_tags($_POST['xyz_em_afterSubscription']); 31 $xyz_em_emailConfirmation = strip_tags($_POST['xyz_em_emailConfirmation']); 32 $xyz_em_redirectAfterLink = strip_tags($_POST['xyz_em_redirectAfterLink']); 33 34 $xyz_em_limit = abs(intval($_POST['xyz_em_limit'])); 31 35 32 36 $xyz_em_widgetName = $_POST['xyz_em_widgetName']; 33 37 34 if ( (is_numeric($xyz_em_limit)) && ((int)$xyz_em_limit == $xyz_em_limit && (int)$xyz_em_limit > 0) && (!is_float($xyz_em_limit))){38 if ( $xyz_em_limit > 0 ){ 35 39 36 40 … … 138 142 </td> 139 143 <td id="bottomBorderNone"><input name="xyz_em_limit" type="text" 140 id="xyz_em_limit" value="<?php if(isset($_POST['xyz_em_limit']) && $_POST['xyz_em_limit'] != ""){echo $_POST['xyz_em_limit'];}else{print(get_option('xyz_em_limit'));} ?>" />144 id="xyz_em_limit" value="<?php if(isset($_POST['xyz_em_limit']) ){echo abs(intval($_POST['xyz_em_limit']));}else{print(get_option('xyz_em_limit'));} ?>" /> 141 145 </td> 142 146 </tr> … … 152 156 </td> 153 157 <td><input name="xyz_em_hesl" type="text" 154 id="xyz_em_hesl" value="<?php if(isset($_POST['xyz_em_hesl']) &&$_POST['xyz_em_hesl'] != ""){echo $_POST['xyz_em_hesl'];}else{ print(esc_html(get_option('xyz_em_hesl'))); }?>" />158 id="xyz_em_hesl" value="<?php if(isset($_POST['xyz_em_hesl']) ){echo abs(intval($_POST['xyz_em_hesl']));}else{ print(get_option('xyz_em_hesl')); }?>" /> 155 159 </td> 156 160 </tr> … … 159 163 </td> 160 164 <td><input name="xyz_em_dse" type="text" id="xyz_em_dse" 161 value="<?php if(isset($_POST['xyz_em_dse']) && $_POST['xyz_em_dse'] != ""){echo $_POST['xyz_em_dse'];}else{print(esc_html(get_option('xyz_em_dse')));} ?>" /></td>165 value="<?php if(isset($_POST['xyz_em_dse']) ){echo esc_html($_POST['xyz_em_dse']);}else{print(esc_html(get_option('xyz_em_dse')));} ?>" /></td> 162 166 </tr> 163 167 <tr valign="top"> … … 165 169 </td> 166 170 <td><input name="xyz_em_dsn" type="text" id="xyz_em_dsn" 167 value="<?php if(isset($_POST['xyz_em_dsn']) && $_POST['xyz_em_dsn'] != ""){echo $_POST['xyz_em_dsn'];}else{print(esc_html(get_option('xyz_em_dsn')));} ?>" /></td>171 value="<?php if(isset($_POST['xyz_em_dsn']) ){echo esc_html($_POST['xyz_em_dsn']);}else{print(esc_html(get_option('xyz_em_dsn')));} ?>" /></td> 168 172 </tr> 169 173 <tr valign="top"> … … 172 176 <td id="bottomBorderNone" ><input name="xyz_em_dsubname" type="text" id="xyz_em_dsubname" 173 177 value="<?php 174 if(isset($_POST['xyz_em_dsubname']) && $_POST['xyz_em_dsubname'] != ""){175 echo $_POST['xyz_em_dsubname'];178 if(isset($_POST['xyz_em_dsubname']) ){ 179 echo esc_html($_POST['xyz_em_dsubname']); 176 180 }else{ 177 181 global $wpdb; … … 196 200 </td> 197 201 <td ><input name="xyz_em_widgetName" type="text" 198 id="xyz_em_widgetName" value="<?php if(isset($_POST['xyz_em_widgetName']) && $_POST['xyz_em_widgetName'] != ""){echo $_POST['xyz_em_widgetName'];}else{ print(esc_html(get_option('xyz_em_widgetName'))); }?>" />202 id="xyz_em_widgetName" value="<?php if(isset($_POST['xyz_em_widgetName'])){echo esc_html($_POST['xyz_em_widgetName']);}else{ echo esc_html(get_option('xyz_em_widgetName')); }?>" /> 199 203 </td> 200 204 </tr> … … 216 220 <td><input id="input" name="xyz_em_afterSubscription" type="text" 217 221 id="xyz_em_afterSubscription" 218 value="<?php if(isset($_POST['xyz_em_afterSubscription']) && $_POST['xyz_em_afterSubscription'] !="") echo $_POST['xyz_em_afterSubscription']; else echo get_option('xyz_em_afterSubscription');//echo esc_html(plugins_url("newsletter-manager/thanks.php"));?>" />222 value="<?php if(isset($_POST['xyz_em_afterSubscription']) ) echo strip_tags($_POST['xyz_em_afterSubscription']); else echo get_option('xyz_em_afterSubscription');//echo esc_html(plugins_url("newsletter-manager/thanks.php"));?>" /> 219 223 </td> 220 224 </tr> … … 224 228 <td ><input id="input" name="xyz_em_emailConfirmation" type="text" 225 229 id="xyz_em_emailConfirmation" 226 value="<?php if(isset($_POST['xyz_em_emailConfirmation']) && $_POST['xyz_em_emailConfirmation'] !="") echo $_POST['xyz_em_emailConfirmation']; else echo get_option('xyz_em_emailConfirmation');//echo esc_html(plugins_url("newsletter-manager/confirm.php"));?>" />230 value="<?php if(isset($_POST['xyz_em_emailConfirmation']) ) echo strip_tags($_POST['xyz_em_emailConfirmation']); else echo get_option('xyz_em_emailConfirmation');//echo esc_html(plugins_url("newsletter-manager/confirm.php"));?>" /> 227 231 </td> 228 232 </tr> … … 253 257 <td ><input id="input" name="xyz_em_redirectAfterLink" type="text" 254 258 id="xyz_em_redirectAfterLink" 255 value="<?php if(isset($_POST['xyz_em_redirectAfterLink']) && $_POST['xyz_em_redirectAfterLink'] !="") echo $_POST['xyz_em_redirectAfterLink']; else echo get_option('xyz_em_redirectAfterLink');//echo esc_html(plugins_url("newsletter-manager/unsubscribe.php"));?>" />259 value="<?php if(isset($_POST['xyz_em_redirectAfterLink']) ) echo strip_tags($_POST['xyz_em_redirectAfterLink']); else echo get_option('xyz_em_redirectAfterLink');//echo esc_html(plugins_url("newsletter-manager/unsubscribe.php"));?>" /> 256 260 </td> 257 261 </tr> … … 305 309 <td><input name="xyz_em_subject3" type="text" 306 310 id="xyz_em_subject3" value="<?php 307 if(isset($_POST['xyz_em_subject3']) && $_POST['xyz_em_subject3'] != ""){echo $_POST['xyz_em_subject3'];}else{echo esc_html($xyz_em_temmplate3->subject);}311 if(isset($_POST['xyz_em_subject3']) ){echo esc_html($_POST['xyz_em_subject3']);}else{echo esc_html($xyz_em_temmplate3->subject);} 308 312 ?>" /> 309 313 </td> … … 322 326 <textarea name="xyz_em_message3" type="text" id="xyz_em_message3" style="width:100%;margin-left:0px;"><?php 323 327 324 if(isset($_POST['xyz_em_message3']) && $_POST['xyz_em_message3'] != ""){echo $_POST['xyz_em_message3'];}else{echo $xyz_em_temmplate3->message;} ?></textarea>328 if(isset($_POST['xyz_em_message3']) ){echo esc_textarea($_POST['xyz_em_message3']);}else{echo esc_textarea( $xyz_em_temmplate3->message);} ?></textarea> 325 329 <?php 326 330 327 331 }elseif(get_option('xyz_em_defaultEditor') == "HTML Editor"){ 328 if(isset($_POST['xyz_em_message3']) && $_POST['xyz_em_message3'] != ""){329 the_editor( $_POST['xyz_em_message3'],'xyz_em_message3');332 if(isset($_POST['xyz_em_message3']) ){ 333 the_editor(($_POST['xyz_em_message3']),'xyz_em_message3'); 330 334 }else{ 331 the_editor( $xyz_em_temmplate3->message,'xyz_em_message3');335 the_editor(($xyz_em_temmplate3->message),'xyz_em_message3'); 332 336 } 333 337 } … … 353 357 354 358 355 if(isset($_POST['xyz_em_subject1']) && $_POST['xyz_em_subject1'] != ""){echo $_POST['xyz_em_subject1'];}else{echo esc_html($xyz_em_temmplate1->subject);}359 if(isset($_POST['xyz_em_subject1']) ){echo esc_html($_POST['xyz_em_subject1']);}else{echo esc_html($xyz_em_temmplate1->subject);} 356 360 357 361 … … 372 376 <textarea name="xyz_em_message1" type="text" id="xyz_em_message1" style="width:100%;margin-left:0px;"><?php 373 377 374 if(isset($_POST['xyz_em_message1']) && $_POST['xyz_em_message1'] != ""){echo $_POST['xyz_em_message1'];}else{echo $xyz_em_temmplate1->message;} ?></textarea>378 if(isset($_POST['xyz_em_message1']) ){echo esc_textarea($_POST['xyz_em_message1']);}else{echo esc_textarea($xyz_em_temmplate1->message);} ?></textarea> 375 379 <?php 376 380 377 381 }elseif(get_option('xyz_em_defaultEditor') == "HTML Editor"){ 378 if(isset($_POST['xyz_em_message1']) && $_POST['xyz_em_message1'] != ""){379 the_editor( $_POST['xyz_em_message1'],'xyz_em_message1');382 if(isset($_POST['xyz_em_message1']) ){ 383 the_editor(($_POST['xyz_em_message1']),'xyz_em_message1'); 380 384 }else{ 381 the_editor( $xyz_em_temmplate1->message,'xyz_em_message1');385 the_editor(($xyz_em_temmplate1->message),'xyz_em_message1'); 382 386 } 383 387 } … … 399 403 id="xyz_em_subject2" value="<?php 400 404 //if($xyz_em_subject2 != ""){echo $xyz_em_subject2;}else{echo esc_html($xyz_em_temmplate2->subject);} 401 if(isset($_POST['xyz_em_subject2']) && $_POST['xyz_em_subject2'] != ""){402 echo $_POST['xyz_em_subject2'];405 if(isset($_POST['xyz_em_subject2']) ){ 406 echo esc_html($_POST['xyz_em_subject2']); 403 407 }else{echo esc_html($xyz_em_temmplate2->subject); 404 408 } … … 419 423 <textarea name="xyz_em_message2" type="text" id="xyz_em_message2" style="width:100%;margin-left:0px;"><?php 420 424 421 if(isset($_POST['xyz_em_message2']) && $_POST['xyz_em_message2'] != ""){echo $_POST['xyz_em_message2'];}else{echo $xyz_em_temmplate2->message;} ?></textarea>425 if(isset($_POST['xyz_em_message2']) ){echo esc_textarea($_POST['xyz_em_message2']);}else{echo esc_textarea($xyz_em_temmplate2->message);} ?></textarea> 422 426 <?php 423 427 424 428 }elseif(get_option('xyz_em_defaultEditor') == "HTML Editor"){ 425 if(isset($_POST['xyz_em_message2']) && $_POST['xyz_em_message2'] != ""){426 the_editor( $_POST['xyz_em_message2'],'xyz_em_message2');429 if(isset($_POST['xyz_em_message2'])){ 430 the_editor(($_POST['xyz_em_message2']),'xyz_em_message2'); 427 431 }else{ 428 the_editor( $xyz_em_temmplate2->message,'xyz_em_message2');432 the_editor(($xyz_em_temmplate2->message),'xyz_em_message2'); 429 433 } 430 434 } … … 446 450 <table class="widefat" style="width:99%;"> 447 451 <tr valign="top"> 448 <td scope="row" class=" settingInput" style="width:30%"><label for="xyz_em_redirectAfterLink">Cron job command</label>452 <td scope="row" class=" settingInput" style="width:30%"><label >Cron job command</label> 449 453 </td> 450 454 <td > wget <?php echo plugins_url().'/newsletter-manager/cron.php'; ?></td> 451 455 </tr> 452 456 <tr valign="top"> 453 <td scope="row" class=" settingInput"><label for="xyz_em_redirectAfterLink">Shortcode to be used in page after subscription</label>457 <td scope="row" class=" settingInput"><label >Shortcode to be used in page after subscription</label> 454 458 </td> 455 459 <td >[xyz_em_thanks]</td> 456 460 </tr> 457 461 <tr valign="top"> 458 <td scope="row" class=" settingInput"><label for="xyz_em_redirectAfterLink">Shortcode to be used in page after email confirmation</label>462 <td scope="row" class=" settingInput"><label >Shortcode to be used in page after email confirmation</label> 459 463 </td> 460 464 <td >[xyz_em_confirm]</td> 461 465 </tr> 462 466 <tr valign="top"> 463 <td scope="row" class=" settingInput" id="bottomBorderNone"><label for="xyz_em_enableUnsubNotification">Shortcode to be used in page after unsubscription</label>467 <td scope="row" class=" settingInput" id="bottomBorderNone"><label >Shortcode to be used in page after unsubscription</label> 464 468 </td> 465 469 <td id="bottomBorderNone">[xyz_em_unsubscribe] </td> -
newsletter-manager/trunk/admin/preview.php
r526902 r533904 1 1 <?php 2 2 require( dirname( __FILE__ ) . '../../../../../wp-load.php' ); 3 if ( !current_user_can('manage_options') ) 4 die; 3 5 global $wpdb; 4 6 $_POST = stripslashes_deep($_POST); 5 7 $_GET = stripslashes_deep($_GET); 6 $xyz_em_campId = $_GET['id'];8 $xyz_em_campId = absint($_GET['id']); 7 9 8 10 $campList = $wpdb->get_results( 'SELECT * FROM xyz_em_email_campaign WHERE id="'.$xyz_em_campId.'"') ; … … 62 64 } 63 65 64 //http://localhost/workspace/wordpress/wp-admin/admin.php?page=newsletter-manager-emailcampaigns&action=preview&id=2 66 ?> -
newsletter-manager/trunk/admin/restart.php
r526902 r533904 5 5 $_GET = stripslashes_deep($_GET); 6 6 7 $xyz_em_campId = $_GET['id'];8 $xyz_em_pageno = $_GET['pageno'];7 $xyz_em_campId = absint($_GET['id']); 8 $xyz_em_pageno = absint($_GET['pageno']); 9 9 10 10 if($xyz_em_campId=="" || !is_numeric($xyz_em_campId)){ -
newsletter-manager/trunk/admin/send_mail.php
r530634 r533904 7 7 8 8 9 $xyz_em_campId = $_GET['id']; 10 $xyz_em_campStatus = $_GET['status']; 11 $xyz_em_pageno = $_GET['pageno']; 9 $xyz_em_campId =absint ($_GET['id']); 10 $xyz_em_pageno = absint($_GET['pageno']); 12 11 13 12 if($xyz_em_campId=="" || !is_numeric($xyz_em_campId)){ -
newsletter-manager/trunk/admin/test_mail.php
r530634 r533904 11 11 $_GET = stripslashes_deep($_GET); 12 12 13 $xyz_em_pageno = $_GET['pageno'];13 $xyz_em_pageno = absint($_GET['pageno']); 14 14 15 15 … … 17 17 if ($_POST['xyz_em_testMailId']!= ""){ 18 18 $xyz_em_testEmail = $_POST['xyz_em_testMailId']; 19 $xyz_em_campId = $_POST['campId']; 20 $xyz_em_campStatus = $_GET['status']; 19 $xyz_em_campId = absint($_POST['campId']); 21 20 if($xyz_em_campId=="" || !is_numeric($xyz_em_campId)){ 22 21 header("Location:".admin_url('admin.php?page=newsletter-manager-emailcampaigns')); … … 129 128 </td> 130 129 <td> 131 <input type="text" name="xyz_em_testMailId" >130 <input type="text" name="xyz_em_testMailId" value="<?php if(isset($_POST['xyz_em_testMailId'])) echo esc_html($_POST['xyz_em_testMailId']); ?>"> 132 131 </td> 133 132 </tr> -
newsletter-manager/trunk/confirmation.php
r530634 r533904 8 8 $_POST = stripslashes_deep($_POST); 9 9 $_GET = stripslashes_deep($_GET); 10 $xyz_em_emailId = $_GET['eId']; 11 $xyz_em_listId = $_GET['lId']; 10 $xyz_em_emailId = absint($_GET['eId']); 11 $xyz_em_listId = absint($_GET['lId']); 12 13 $xyz_em_both = $_GET['both']; 14 15 $xyz_em_email = $wpdb->get_results( 'SELECT * FROM xyz_em_email_address WHERE id="'.$xyz_em_emailId.'" ') ; 16 $xyz_em_email = $xyz_em_email[0]; 17 18 $combine = $xyz_em_emailId.$xyz_em_listId.$xyz_em_email->email; 19 $combineValue = md5($combine); 20 21 12 22 $xyz_em_url = base64_decode($_GET['appurl']); 13 23 if($xyz_em_url=='') 14 24 $xyz_em_url=get_option('xyz_em_emailConfirmation'); 25 26 if($combineValue == $xyz_em_both){ 15 27 16 28 $xyz_em_statusWelcomeFlag = 0; … … 26 38 if(get_option('xyz_em_enableWelcomeEmail') == "True"){ 27 39 if($xyz_em_statusWelcomeFlag == 1){ 28 $xyz_em_email = $wpdb->get_results( 'SELECT * FROM xyz_em_email_address WHERE id="'.$xyz_em_emailId.'" ') ;29 $xyz_em_email = $xyz_em_email[0];30 40 31 41 $xyz_em_template = $wpdb->get_results( 'SELECT * FROM xyz_em_email_template WHERE id="1" ') ; … … 109 119 } 110 120 121 }else{ 122 123 124 if(strpos($xyz_em_url,'?') > 0) 125 header("Location:".$xyz_em_url."&result=failure"); 126 else 127 header("Location:".$xyz_em_url."?result=failure"); 128 exit(); 129 } 130 131 111 132 ?> -
newsletter-manager/trunk/download.php
r526902 r533904 1 1 <?php 2 2 require( dirname( __FILE__ ) . '../../../../wp-load.php' ); 3 4 if ( !current_user_can('manage_options') ) 5 die; 6 3 7 4 8 $listName = $_GET['fileName']; -
newsletter-manager/trunk/newsletter-manager.php
r531878 r533904 4 4 Plugin URI: http://xyzscripts.com/wordpress-plugins/newsletter-manager/ 5 5 Description: Create and send html or plain text email newsletters to your subscribers. The plugin supports unlimited email campaigns, unlimited email addresses, double opt-in anti-spam compliance, hourly email sending limit and much more. Opt-in form is available as HTML code, shortcode as well as standard Wordpress widget. The import/export tool allows to create and restore backup of your subscriber list. 6 Version: 1.0. 16 Version: 1.0.2 7 7 Author: xyzscripts.com 8 8 Author URI: http://xyzscripts.com/ -
newsletter-manager/trunk/readme.txt
r530988 r533904 6 6 Requires at least: 2.8 7 7 Tested up to: 3.3.1 8 Stable tag: 1.0. 18 Stable tag: 1.0.2 9 9 10 10 Create and send html or plain text email newsletters to your subscribers. … … 127 127 == Changelog == 128 128 129 = 1.0.2 = 130 * Option to search emails. 131 * Fix for tinymce <p> and <br> autoremoval. 132 129 133 = 1.0.1 = 130 134 * Fix for utf-8 character issue. … … 136 140 137 141 == Upgrade Notice == 142 143 = 1.0.2 = 144 If you had some issue with <p> and <br> tags in tinymce editor, you must do this update. 138 145 139 146 = 1.0.1 = -
newsletter-manager/trunk/shortcodes/htmlcode.php
r530634 r533904 24 24 <tr> 25 25 <td id="tdTop" colspan="2"> 26 <span style="font-size:14px;"><b><?php echo get_option('xyz_em_widgetName')?></b></span>26 <span style="font-size:14px;"><b><?php echo esc_html(get_option('xyz_em_widgetName'))?></b></span> 27 27 </td> 28 28 </tr> -
newsletter-manager/trunk/subscription.php
r530634 r533904 10 10 $_GET = stripslashes_deep($_GET); 11 11 $_REQUEST = stripslashes_deep($_REQUEST); 12 $_POST = xyz_trim_deep($_POST); 13 $_GET = xyz_trim_deep($_GET); 14 $_REQUEST = xyz_trim_deep($_REQUEST); 12 15 13 16 … … 115 118 $xyz_em_appendUrl = base64_encode($xyz_em_emailConfirmation); 116 119 $listId = 1; 117 $xyz_em_confLink = plugins_url("newsletter-manager/confirmation.php?eId=".$xyz_em_emailLastId."&lId=".$listId."&appurl=".$xyz_em_appendUrl); 120 121 $combine = $xyz_em_emailLastId.$listId.$xyz_em_email; 122 $combineValue = md5($combine); 123 124 $xyz_em_confLink = plugins_url("newsletter-manager/confirmation.php?eId=".$xyz_em_emailLastId."&lId=".$listId."&both=".$combineValue."&appurl=".$xyz_em_appendUrl); 118 125 119 126 $xyz_em_messageToSend = nl2br(str_replace($xyz_em_conf_link,$xyz_em_confLink,$xyz_em_emailTempalteMessage)); -
newsletter-manager/trunk/unsubscription.php
r530634 r533904 8 8 $_POST = stripslashes_deep($_POST); 9 9 $_GET = stripslashes_deep($_GET); 10 $xyz_em_emailId = $_GET['eId'];11 $xyz_em_listId = $_GET['lId'];10 $xyz_em_emailId = absint($_GET['eId']); 11 $xyz_em_listId = absint($_GET['lId']); 12 12 $xyz_em_both = $_GET['both']; 13 $xyz_em_campId = $_GET['campId'];13 $xyz_em_campId = absint($_GET['campId']); 14 14 15 15 $xyz_em_emailDetails = $wpdb->get_results( 'SELECT email FROM xyz_em_email_address WHERE id="'.$xyz_em_emailId.'" ') ; -
newsletter-manager/trunk/widget.php
r530634 r533904 15 15 echo $before_widget; 16 16 echo $before_title; 17 echo get_option('xyz_em_widgetName');17 echo esc_html(get_option('xyz_em_widgetName')); 18 18 echo $after_title; 19 19 ?> -
newsletter-manager/trunk/xyz-functions.php
r530639 r533904 1 1 <?php 2 2 3 4 if(!function_exists('xyz_trim_deep')) 5 { 6 7 function xyz_trim_deep($value) { 8 if ( is_array($value) ) { 9 $value = array_map('xyz_trim_deep', $value); 10 } elseif ( is_object($value) ) { 11 $vars = get_object_vars( $value ); 12 foreach ($vars as $key=>$data) { 13 $value->{$key} = xyz_trim_deep( $data ); 14 } 15 } else { 16 $value = trim($value); 17 } 18 19 return $value; 20 } 21 22 } 3 23 4 24
Note: See TracChangeset
for help on using the changeset viewer.