Remove XSS vulnerabilities
This commit is contained in:
parent
0dd89a0e7f
commit
08690a29a5
1 changed files with 14 additions and 14 deletions
|
@ -35,23 +35,23 @@ class zpmt_stats_page {
|
||||||
$wpdb->query($sql);
|
$wpdb->query($sql);
|
||||||
|
|
||||||
if ( ! $this->pmtLstRdy() ) {
|
if ( ! $this->pmtLstRdy() ) {
|
||||||
//
|
//
|
||||||
// Calculate first time pagination paramters
|
// Calculate first time pagination paramters
|
||||||
//
|
//
|
||||||
$this->_limit = 10;
|
$this->_limit = 10;
|
||||||
$this->_page = 1;
|
$this->_page = 1;
|
||||||
$this->_offset = 0;
|
$this->_offset = 0;
|
||||||
$this->_npages = intdiv($this->_nrows,$this->_limit);
|
$this->_npages = intdiv($this->_nrows,$this->_limit);
|
||||||
if ( $this->_nrows > ($this->_npages*$this->_limit) ) {
|
if ( $this->_nrows > ($this->_npages*$this->_limit) ) {
|
||||||
$this->_npages++;
|
$this->_npages++;
|
||||||
}
|
}
|
||||||
|
|
||||||
$sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' .
|
$sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' .
|
||||||
$this->_page . ',' .
|
$this->_page . ',' .
|
||||||
$this->_npages . ',' .
|
$this->_npages . ',' .
|
||||||
$this->_offset . ',' .
|
$this->_offset . ',' .
|
||||||
$this->_limit .')';
|
$this->_limit .')';
|
||||||
$wpdb->query($sql);
|
$wpdb->query($sql);
|
||||||
} else {
|
} else {
|
||||||
// Load last state
|
// Load last state
|
||||||
$params = $this->pmtLstParams();
|
$params = $this->pmtLstParams();
|
||||||
|
@ -232,9 +232,9 @@ class zpmt_stats_page {
|
||||||
font-weight: 600;">';
|
font-weight: 600;">';
|
||||||
}
|
}
|
||||||
$line++;
|
$line++;
|
||||||
print '<td><a href="https://dev.zgo.cash/invoice/' . $row->pmt_orderid . '" target="_blank">' . $row->pmt_orderid . "</a></td>";
|
print '<td><a href="https://dev.zgo.cash/invoice/' . htmlentities($row->pmt_orderid, ENT_QUOTES) . '" target="_blank">' . htmlentities($row->pmt_orderid, ENT_QUOTES) . "</a></td>";
|
||||||
print "<td>" . $row->pmt_wc_order . "</td>";
|
print "<td>" . $row->pmt_wc_order . "</td>";
|
||||||
print "<td>" . $row->pmt_wc_custname . "</td>";
|
print "<td>" . htmlentities($row->pmt_wc_custname, ENT_QUOTES) . "</td>";
|
||||||
print '<td style="text-align:center;">'. $row->pmt_accepted . "</td>";
|
print '<td style="text-align:center;">'. $row->pmt_accepted . "</td>";
|
||||||
print '<td style="text-align:center;">'.$row->pmt_confirmed ."</td>";
|
print '<td style="text-align:center;">'.$row->pmt_confirmed ."</td>";
|
||||||
print '<td style="text-align:right;">'. number_format($row->pmt_amount,2) . "</td>";
|
print '<td style="text-align:right;">'. number_format($row->pmt_amount,2) . "</td>";
|
||||||
|
|
Loading…
Reference in a new issue