Remove XSS vulnerabilities

assets/php/zpmt-stats-page.php

@@ -35,23 +35,23 @@ class zpmt_stats_page {
 		$wpdb->query($sql);
 
 		if ( ! $this->pmtLstRdy() ) {
-      	//
-      	// Calculate first time pagination paramters
-      	// 
-		 	$this->_limit = 10;
+			//
+			// Calculate first time pagination paramters
+			// 
+			$this->_limit = 10;
 			$this->_page = 1;
 			$this->_offset = 0;
 			$this->_npages = intdiv($this->_nrows,$this->_limit);
 			if ( $this->_nrows > ($this->_npages*$this->_limit) ) {
-					$this->_npages++;
-				}
+				$this->_npages++;
+			}
 
-	      	$sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' . 
-	      	   $this->_page . ',' .
-	      	   $this->_npages . ',' .
-	      	   $this->_offset . ',' .
-	      	   $this->_limit .')';
-		      $wpdb->query($sql);
+			$sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' . 
+				$this->_page . ',' .
+				$this->_npages . ',' .
+				$this->_offset . ',' .
+				$this->_limit .')';
+			$wpdb->query($sql);
 		} else {
 	      	// Load last state
 	      	$params = $this->pmtLstParams();
@@ -232,9 +232,9 @@ class zpmt_stats_page {
   		  	                font-weight: 600;">';
 				}
 				$line++;             
-				print '<td><a href="https://dev.zgo.cash/invoice/' . $row->pmt_orderid . '" target="_blank">' . $row->pmt_orderid . "</a></td>";
+				print '<td><a href="https://dev.zgo.cash/invoice/' . htmlentities($row->pmt_orderid, ENT_QUOTES) . '" target="_blank">' . htmlentities($row->pmt_orderid, ENT_QUOTES) . "</a></td>";
 				print "<td>" . $row->pmt_wc_order . "</td>";
-				print "<td>" . $row->pmt_wc_custname . "</td>";
+				print "<td>" . htmlentities($row->pmt_wc_custname, ENT_QUOTES) . "</td>";
 				print '<td style="text-align:center;">'. $row->pmt_accepted . "</td>";
 				print '<td style="text-align:center;">'.$row->pmt_confirmed ."</td>";
 				print '<td style="text-align:right;">'. number_format($row->pmt_amount,2) . "</td>";