From 08690a29a5d13e6564b929cf3580ffede5c999cc Mon Sep 17 00:00:00 2001 From: Rene Vergara Date: Fri, 23 Jun 2023 09:29:08 -0500 Subject: [PATCH] Remove XSS vulnerabilities --- assets/php/zpmt-stats-page.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/assets/php/zpmt-stats-page.php b/assets/php/zpmt-stats-page.php index 08c94c8..da96779 100644 --- a/assets/php/zpmt-stats-page.php +++ b/assets/php/zpmt-stats-page.php @@ -35,23 +35,23 @@ class zpmt_stats_page { $wpdb->query($sql); if ( ! $this->pmtLstRdy() ) { - // - // Calculate first time pagination paramters - // - $this->_limit = 10; + // + // Calculate first time pagination paramters + // + $this->_limit = 10; $this->_page = 1; $this->_offset = 0; $this->_npages = intdiv($this->_nrows,$this->_limit); if ( $this->_nrows > ($this->_npages*$this->_limit) ) { - $this->_npages++; - } + $this->_npages++; + } - $sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' . - $this->_page . ',' . - $this->_npages . ',' . - $this->_offset . ',' . - $this->_limit .')'; - $wpdb->query($sql); + $sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' . + $this->_page . ',' . + $this->_npages . ',' . + $this->_offset . ',' . + $this->_limit .')'; + $wpdb->query($sql); } else { // Load last state $params = $this->pmtLstParams(); @@ -232,9 +232,9 @@ class zpmt_stats_page { font-weight: 600;">'; } $line++; - print '' . $row->pmt_orderid . ""; + print '' . htmlentities($row->pmt_orderid, ENT_QUOTES) . ""; print "" . $row->pmt_wc_order . ""; - print "" . $row->pmt_wc_custname . ""; + print "" . htmlentities($row->pmt_wc_custname, ENT_QUOTES) . ""; print ''. $row->pmt_accepted . ""; print ''.$row->pmt_confirmed .""; print ''. number_format($row->pmt_amount,2) . "";