Changeset 690038 for wp-funeral-press
- Timestamp:
- 04/01/2013 01:39:44 PM (12 years ago)
- Location:
- wp-funeral-press/trunk
- Files:
-
- 8 edited
-
admin/_notes/dwsync.xml (modified) (1 diff)
-
admin/obits.php (modified) (1 diff)
-
css/smoothness/_notes/dwsync.xml (modified) (1 diff)
-
css/smoothness/images/_notes/dwsync.xml (modified) (1 diff)
-
index.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
-
user/_notes/dwsync.xml (modified) (1 diff)
-
user/obits.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-funeral-press/trunk/admin/_notes/dwsync.xml
r685664 r690038 12 12 <file name="settings.php" server="dlg360.com//public_html/wp-content/" local="130063703814054668" remote="130069864200000000" Dst="1" /> 13 13 <file name="settings.php" server="dlg360.com//public_html/new4/wp-content/" local="130084329581948488" remote="130084329600000000" Dst="2" /> 14 <file name="obits.php" server="dlg360.com//public_html/new4/wp-content/" local="1300 83707129336235" remote="130083706800000000" Dst="2" />14 <file name="obits.php" server="dlg360.com//public_html/new4/wp-content/" local="130092971103695302" remote="130092970800000000" Dst="2" /> 15 15 <file name="guestbook.php" server="dlg360.com//public_html/new4/wp-content/" local="130081950126381414" remote="130081950000000000" Dst="2" /> 16 16 <file name="guestbook.php" server="dlg360.com//public_html/new5/wp-content/" local="130063759150129711" remote="130063770600000000" Dst="1" /> -
wp-funeral-press/trunk/admin/obits.php
r683833 r690038 39 39 40 40 41 $query = "SELECT * FROM " . $wpdb->prefix . "wpfh_posts WHERE oid = ".$ id." order by date desc";41 $query = "SELECT * FROM " . $wpdb->prefix . "wpfh_posts WHERE oid = ".$wpdb->escape($id)." order by date desc"; 42 42 $pagination = new Pagination(); 43 43 if (isset($_GET['pagenum'])){ $page = (int) $_GET['pagenum'];}else{ $page = 1; } -
wp-funeral-press/trunk/css/smoothness/_notes/dwsync.xml
r683833 r690038 11 11 <file name="jquery-ui-1.9.0.custom.css" server="dlg360.com//public_html/wp-content/" local="129945228709120830" remote="130069864200000000" Dst="1" /> 12 12 <file name="jquery-ui-1.9.0.custom.min.css" server="dlg360.com//public_html/wp-content/" local="129945228709430848" remote="130069864200000000" Dst="1" /> 13 <file name="jquery-ui-1.9.0.custom.css" server="dlg360.com//public_html/new4/wp-content/" local="130081020186941920" remote="130081020000000000" Dst="2" /> 13 <file name="jquery-ui-1.9.0.custom.css" server="dlg360.com//public_html/new4/wp-content/" local="130081026263219464" remote="130092963600000000" Dst="2" /> 14 <file name="jquery-ui-1.9.0.custom.min.css" server="dlg360.com//public_html/new4/wp-content/" local="129945228709430848" remote="130092963600000000" Dst="2" /> 14 15 </dwsync> -
wp-funeral-press/trunk/css/smoothness/images/_notes/dwsync.xml
r681240 r690038 66 66 <file name="ui-icons_454545_256x240.png" server="dlg360.com//public_html/wp-content/" local="129945228710640917" remote="130069864200000000" Dst="1" /> 67 67 <file name="ui-icons_cd0a0a_256x240.png" server="dlg360.com//public_html/wp-content/" local="129945228711110944" remote="130069864200000000" Dst="1" /> 68 <file name="ui-bg_flat_0_aaaaaa_40x100.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710560913" remote="130092963600000000" Dst="2" /> 69 <file name="ui-bg_glass_65_ffffff_1x400.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228709770868" remote="130092963600000000" Dst="2" /> 70 <file name="ui-bg_glass_75_dadada_1x400.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710470908" remote="130092963600000000" Dst="2" /> 71 <file name="ui-bg_glass_75_e6e6e6_1x400.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710080885" remote="130092963600000000" Dst="2" /> 72 <file name="ui-bg_glass_95_fef1ec_1x400.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710150889" remote="130092963600000000" Dst="2" /> 73 <file name="ui-bg_glass_55_fbf9ee_1x400.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710380902" remote="130092963600000000" Dst="2" /> 74 <file name="ui-bg_highlight-soft_75_cccccc_1x100.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710240894" remote="130092963600000000" Dst="2" /> 75 <file name="ui-bg_flat_75_ffffff_40x100.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228709860873" remote="130092963600000000" Dst="2" /> 76 <file name="ui-icons_222222_256x240.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710800926" remote="130092963600000000" Dst="2" /> 77 <file name="ui-icons_2e83ff_256x240.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228711200949" remote="130092963600000000" Dst="2" /> 78 <file name="ui-icons_888888_256x240.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228711010938" remote="130092963600000000" Dst="2" /> 79 <file name="ui-icons_cd0a0a_256x240.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228711110944" remote="130092963600000000" Dst="2" /> 80 <file name="ui-icons_454545_256x240.png" server="dlg360.com//public_html/new4/wp-content/" local="129945228710640917" remote="130092963600000000" Dst="2" /> 68 81 </dwsync> -
wp-funeral-press/trunk/index.php
r685664 r690038 5 5 Description: An Obituary Plugin For Funeral Homes and Cemeteries 6 6 Author: Anthony Brown 7 Version: 1.1. 67 Version: 1.1.7 8 8 Author URI: http://www.wpfuneralpress.com 9 9 */ … … 12 12 13 13 global $wpfh_version; 14 $wpfh_version = "1.1. 6";14 $wpfh_version = "1.1.7"; 15 15 16 16 //includes … … 88 88 89 89 wp_enqueue_style( 'wpfh-tabs' ); 90 wp_register_style( 'jqueryui-smoothness-fp',plugins_url('/css/smoothness/jquery-ui-1.9.0.custom.css', __FILE__) ); 91 wp_enqueue_style( 'jqueryui-smoothness-fp' ); 90 92 } 91 93 -
wp-funeral-press/trunk/readme.txt
r685664 r690038 5 5 Requires at least: 2.0.2 6 6 Tested up to: 3.5.1 7 Stable tag: 1.1. 67 Stable tag: 1.1.7 8 8 9 9 FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries. … … 272 272 * Restuctured some of the menus for new filters and hooks 273 273 * If you are using premium please update both premium and free versions to avoid any errors. 274 275 = 1.1.7 = 276 277 * Fixed XSS Issues brough up by wordpress -
wp-funeral-press/trunk/user/_notes/dwsync.xml
r684385 r690038 13 13 <file name="shortcodes.php" server="dlg360.com//public_html/new2/wp-content/" local="130057732055889490" remote="130057732800000000" Dst="1" /> 14 14 <file name="widgets.php" server="dlg360.com//public_html/new2/wp-content/" local="130057732653103649" remote="130057732800000000" Dst="1" /> 15 <file name="obits.php" server="dlg360.com//public_html/new4/wp-content/" local="1300 81948666417909" remote="130081948800000000" Dst="2" />15 <file name="obits.php" server="dlg360.com//public_html/new4/wp-content/" local="130092963052774815" remote="130092963000000000" Dst="2" /> 16 16 <file name="obits.php" server="dlg360.com//public_html/new5/wp-content/" local="130063721703467884" remote="130063770600000000" Dst="1" /> 17 17 <file name="shortcodes.php" server="dlg360.com//public_html/new5/wp-content/" local="130057732055889490" remote="130063770600000000" Dst="1" /> -
wp-funeral-press/trunk/user/obits.php
r684385 r690038 182 182 183 183 if($_POST['first_name'] != ""){ 184 $search .=' AND first_name like "%'. $_POST['first_name'].'%" ';184 $search .=' AND first_name like "%'. $wpdb->escape($_POST['first_name']).'%" '; 185 185 } 186 186 if($_POST['last_name'] != ""){ 187 $search .=' AND last_name like "%'. $_POST['last_name'].'%" ';187 $search .=' AND last_name like "%'. $wpdb->escape($_POST['last_name']).'%" '; 188 188 } 189 189 if($_POST['date'] != ""){ 190 $picked_date = strtotime( $_POST['date']);191 192 193 194 195 $search .=' AND YEAR(death_date) = YEAR("'. $_POST['date'].'") AND MONTH(death_date) = MONTH("'.$_POST['date'].'") ';190 $picked_date = strtotime( $wpdb->escape($_POST['date'])); 191 192 193 194 195 $search .=' AND YEAR(death_date) = YEAR("'. $wpdb->escape($_POST['date']).'") AND MONTH(death_date) = MONTH("'. $wpdb->escape($_POST['date']).'") '; 196 196 } 197 197 } … … 383 383 case"guestbook": 384 384 $insert['type'] = 'guestbook'; 385 $insert['content'] = $_POST['message'];385 $insert['content'] = sanitize_text_field( $_POST['message']); 386 386 break; 387 387 … … 391 391 if($_FILES['photo']['name'] != ""){ 392 392 $photo = wp_upload_bits($_FILES['photo']["name"], null, file_get_contents($_FILES['photo']["tmp_name"])); 393 $photo['desc'] = $_POST['photo-message'];393 $photo['desc'] = sanitize_text_field($_POST['photo-message']); 394 394 $insert['content'] = serialize($photo); 395 395 } … … 399 399 case"youtube": 400 400 $insert['type'] = 'youtube'; 401 $youtube['url'] = $_POST['youtube'];402 $youtube['desc'] = $_POST['youtube-message'];401 $youtube['url'] = sanitize_text_field($_POST['youtube']); 402 $youtube['desc'] = sanitize_text_field($_POST['youtube-message']); 403 403 $insert['content'] = serialize($youtube); 404 404 break; … … 406 406 407 407 if($_POST['guest-name'] != ''){ 408 $insert['name'] = $_POST['guest-name'];409 $insert['email'] = $_POST['guest-email'];408 $insert['name'] = sanitize_text_field($_POST['guest-name']); 409 $insert['email'] = sanitize_email($_POST['guest-email']); 410 410 $insert['uid'] = 0; 411 411 }else{ 412 412 $insert['uid'] = $current_user->ID; 413 413 } 414 $insert['oid'] = $_GET['id'];414 $insert['oid'] = intval( $_GET['id']); 415 415 416 416 $insert['date'] = time(); 417 417 $insert['approved'] = 0; 418 $insert['anonymous'] = $_POST['anonymous'];418 $insert['anonymous'] = intval($_POST['anonymous']); 419 419 420 420 $wpdb->insert("" . $wpdb->prefix . "wpfh_posts", $insert);
Note: See TracChangeset
for help on using the changeset viewer.