Merge pull request #420 from ahmedkaludi/1.9.30

1.9.30
ahmedkaludi · Oct 15, 2024 · 1eedea4 · 1eedea4
2 parents 04cda8c + e842153
commit 1eedea4
Show file tree

Hide file tree

Showing 21 changed files with 278 additions and 143 deletions.
diff --git a/admin/class-adsforwp-admin-analytics.php b/admin/class-adsforwp-admin-analytics.php
@@ -300,11 +300,12 @@ public function adsforwp_insert_ad_impression_amp() {
 		if ( ! isset( $_GET['adsforwp_front_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_front_nonce'], 'adsforwp_ajax_check_front_nonce' ) ) {
 			return;
 		}
 
-			$ad_id       = sanitize_text_field( $_GET['event'] );
+			$ad_id       = isset( $_GET['event'] ) ? sanitize_text_field( wp_unslash( $_GET['event'] ) ) : '';
 			$device_name = 'amp';
 
 		if ( $ad_id ) {
@@ -324,13 +325,18 @@ public function adsforwp_insert_ad_impression() {
 		if ( ! isset( $_POST['adsforwp_front_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_POST['adsforwp_front_nonce'], 'adsforwp_ajax_check_front_nonce' ) ) {
 			return;
 		}
 
-			$ad_ids = array_map( 'sanitize_text_field', $_POST['ad_ids'] );
+			$ad_ids 		=	array();
+			if ( ! empty( $_POST['ad_ids'] ) ) {
+				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
+				$ad_ids 	= 	array_map( 'sanitize_text_field', $_POST['ad_ids'] );		
+			} 
 
-			$device_name = sanitize_text_field( $_POST['device_name'] );
+			$device_name = isset( $_POST['device_name'] ) ? sanitize_text_field( wp_unslash( $_POST['device_name'] ) ) : '';
 
 		if ( $ad_ids && ! $this->is_admin_user() ) {
 
@@ -366,12 +372,13 @@ public function adsforwp_insert_ad_clicks() {
 		if ( ! isset( $_POST['adsforwp_front_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_POST['adsforwp_front_nonce'], 'adsforwp_ajax_check_front_nonce' ) ) {
 			return;
 		}
 
-			$device_name = sanitize_text_field( $_POST['device_name'] );
-			$ad_id       = sanitize_text_field( $_POST['ad_id'] );
+			$device_name = isset( $_POST['device_name'] ) ? sanitize_text_field( wp_unslash( $_POST['device_name'] ) ) : '';
+			$ad_id       = isset( $_POST['ad_id'] ) ? sanitize_text_field( wp_unslash( $_POST['ad_id'] ) ) : '';
 		if ( $ad_id && ! $this->is_admin_user() ) {
 			$this->adsforwp_insert_clicks( $ad_id, $device_name );
 		}
@@ -388,11 +395,12 @@ public function adsforwp_insert_ad_clicks_amp() {
 		if ( ! isset( $_GET['adsforwp_front_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_front_nonce'], 'adsforwp_ajax_check_front_nonce' ) ) {
 			return;
 		}
 
-			$ad_id       = sanitize_text_field( $_GET['event'] );
+			$ad_id       = isset( $_GET['event'] ) ? sanitize_text_field( wp_unslash( $_GET['event'] ) ) : '';
 			$device_name = 'amp';
 
 		if ( $ad_id ) {

diff --git a/admin/class-adsforwp-admin-common-functions.php b/admin/class-adsforwp-admin-common-functions.php
@@ -30,6 +30,7 @@ public function adsforwp_export_all_settings() {
 		if ( ! isset( $_GET['_wpnonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['_wpnonce'], '_wpnonce' ) ) {
 			return;
 		}
@@ -301,6 +302,7 @@ public function adsforwp_import_all_advanced_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -536,6 +538,7 @@ public function adsforwp_migrate_ampforwp_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -718,6 +721,7 @@ public function adsforwp_migrate_advanced_auto_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -774,6 +778,7 @@ public function adsforwp_migrate_advanced_amp_ads_incontent() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -886,6 +891,7 @@ public function adsforwp_migrate_advanced_amp_ads_after_feature() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -967,6 +973,7 @@ public function adsforwp_migrate_advanced_amp_ads_inloop() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -1048,6 +1055,7 @@ public function adsforwp_migrate_advanced_amp_ads_standard() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -1149,6 +1157,7 @@ public function adsforwp_import_all_amp_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -1176,6 +1185,7 @@ public function adsforwp_import_all_advanced_amp_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -1214,6 +1224,7 @@ public function adsforwp_import_all_ad_inserter_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -1321,6 +1332,7 @@ public function adsforwp_import_all_quick_adsense_ads() {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
@@ -1595,6 +1607,7 @@ public function adsforwp_import_all_advanced_groups( $advads_groups ) {
 		if ( ! isset( $_GET['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_GET['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}

diff --git a/admin/class-adsforwp-admin-settings.php b/admin/class-adsforwp-admin-settings.php
@@ -261,7 +261,8 @@ public function adsforwp_handle_file_upload( $option ) {
 			return $option;
 		}
 
-		$fileInfo = wp_check_filetype( basename( $_FILES['adsforwp_import_backup']['name'] ) );
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		$fileInfo = isset( $_FILES['adsforwp_import_backup']['name'] ) ? wp_check_filetype( basename( $_FILES['adsforwp_import_backup']['name'] ) ) : array();
 
 		if ( ! empty( $fileInfo['ext'] ) && $fileInfo['ext'] == 'json' ) {
 
@@ -328,15 +329,15 @@ public function adsforwp_format_error( $error ) {
 	 */
 	public function adsforwp_get_error_messages() {
 		$messages = array(
-			'invalid_variable'     => __( 'Unrecognized variable' ),
-			'invalid_record'       => __( 'Invalid record' ),
-			'invalid_account_type' => __( 'Third field should be RESELLER or DIRECT' ),
+			'invalid_variable'     => esc_html__( 'Unrecognized variable', 'ads-for-wp' ),
+			'invalid_record'       => esc_html__( 'Invalid record', 'ads-for-wp'),
+			'invalid_account_type' => esc_html__( 'Third field should be RESELLER or DIRECT', 'ads-for-wp' ),
 			/* translators: %s: Subdomain */
-			'invalid_subdomain'    => __( '%s does not appear to be a valid subdomain' ),
+			'invalid_subdomain'    => esc_html__( '%s does not appear to be a valid subdomain', 'ads-for-wp' ),
 			/* translators: %s: Exchange domain */
-			'invalid_exchange'     => __( '%s does not appear to be a valid exchange domain' ),
+			'invalid_exchange'     => esc_html__( '%s does not appear to be a valid exchange domain', 'ads-for-wp' ),
 			/* translators: %s: Alphanumeric TAG-ID */
-			'invalid_tagid'        => __( '%s does not appear to be a valid TAG-ID' ),
+			'invalid_tagid'        => esc_html__( '%s does not appear to be a valid TAG-ID', 'ads-for-wp' ),
 		);
 
 		return $messages;
@@ -674,10 +675,9 @@ public function adsforwp_import_callback() {
 	}
 	public function adsforwp_ad_blocker_notice_opt_callback() {
 		$settings             = adsforwp_defaultSettings();
-		$notice_type          = esc_attr( $settings['notice_type'] );
+		$notice_type          = isset( $settings['notice_type'] ) ? esc_attr( $settings['notice_type'] ) : '';
 		$notice_title         = esc_attr( $settings['notice_title'] );
 		$notice_description   = esc_html( $settings['notice_description'] );
-		$notice_close_btn     = esc_attr( $settings['notice_close_btn'] );
 		$btn_txt              = esc_attr( $settings['btn_txt'] );
 		$notice_bg_color      = sanitize_hex_color( $settings['notice_bg_color'] );
 		$notice_txt_color     = sanitize_hex_color( $settings['notice_txt_color'] );
@@ -933,7 +933,7 @@ public function adsforwp_ad_fraud_protection_callback() {
 			<a target="_blank" href="https://www.adsforwp.com/pricing/#pricings" style="text-decoration: none;color: white;font-weight: bold;margin-left: 0px;font-size: 13px !important; padding: 7px 9px;letter-spacing: 0.1px;border-radius: 60px;margin-right: 0px; background: linear-gradient(to right,#eb3349,#f45c43);"><?php esc_html_e( 'Upgrade to Premium', 'ads-for-wp' ); ?></a>;
 		<?php } ?>
 
-		<p class="fra-pro-p"><?php echo esc_html__( 'Prevent spam users to click on ads multiple times.' ); ?></p>
+		<p class="fra-pro-p"><?php echo esc_html__( 'Prevent spam users to click on ads multiple times.', 'ads-for-wp' ); ?></p>
 	</fieldset>
 
 		<?php
@@ -1043,7 +1043,7 @@ public function adsforwp_contact_us_form_callback() {
 					<span class="afw-query-error afw_hide"><?php echo esc_html__( 'Message not sent. please check your network connection', 'ads-for-wp' ); ?></span>
 				</li> 
 				<li>
-					<strong><?php echo esc_html__( 'Are you a premium customer ?' ); ?></strong>  
+					<strong><?php echo esc_html__( 'Are you a premium customer ?', 'ads-for-wp' ); ?></strong>  
 					<select id="afw_query_premium_cus" name="afw_query_premium_cus">                       
 						<option value=""><?php echo esc_html__( 'Select', 'ads-for-wp' ); ?></option>
 						<option value="yes"><?php echo esc_html__( 'Yes', 'ads-for-wp' ); ?></option>
@@ -1099,15 +1099,19 @@ function adsforwp_subscribe_newsletter() {
 		if ( ! isset( $_POST['adsforwp_security_nonce'] ) ) {
 			return;
 		}
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason Validating nonce so sanitization not needed
 		if ( ! wp_verify_nonce( $_POST['adsforwp_security_nonce'], 'adsforwp_ajax_check_nonce' ) ) {
 			return;
 		}
 
 		$api_url    = 'http://magazine3.company/wp-json/api/central/email/subscribe';
 		$api_params = array(
-			'name'    => sanitize_text_field( $_POST['name'] ),
-			'email'   => sanitize_email( $_POST['email'] ),
-			'website' => sanitize_text_field( $_POST['website'] ),
+			// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash --Reason Since data is not storing in the database it is not necessary to unslash the data
+			'name'    => isset( $_POST['name'] ) ? sanitize_text_field( $_POST['name'] ) : '',
+			// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash --Reason Since data is not storing in the database it is not necessary to unslash the data
+			'email'   => isset( $_POST['email'] ) ? sanitize_email( $_POST['email'] ) : '',
+			// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash --Reason Since data is not storing in the database it is not necessary to unslash the data
+			'website' => isset( $_POST['website'] ) ? sanitize_text_field( $_POST['website'] ) : '',
 			'type'    => 'adsforwp',
 		);
 		$response   = wp_remote_post(

diff --git a/admin/class-adsforwp-ads-newsletter.php b/admin/class-adsforwp-ads-newsletter.php
@@ -25,7 +25,7 @@ public function adsforwp_add_localize_footer_data( $object, $object_name ) {
 
 				global $current_user;
 			$tour = array();
-                //phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: No form submissions.
+                //phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: No form submissions.
 				$tab = isset( $_GET['tab'] ) ? esc_attr( wp_unslash($_GET['tab']) ) : '';
 
 			if ( ! array_key_exists( $tab, $tour ) ) {