Merge pull request #140 from Beee4life/feature/1.15.1

Feature/1.15.1
Beee4life · Oct 25, 2024 · 72b9884 · 72b9884
2 parents afa3d19 + a60da0b
commit 72b9884
Show file tree

Hide file tree

Showing 18 changed files with 334 additions and 275 deletions.
diff --git a/ACF_City_Selector.php b/ACF_City_Selector.php
@@ -3,7 +3,7 @@
     Plugin Name:    ACF City Selector
     Plugin URI:     https://acf-city-selector.com
     Description:    An extension for ACF which allows you to select a city based on country and province/state.
-    Version:        1.15.0
+    Version:        1.15.1
     Tested up to:   6.6.1
     Requires PHP:   7.0
     Author:         Beee
@@ -38,7 +38,7 @@ public function __construct() {
                 $this->settings = [
                     'db_version' => '1.0',
                     'url'        => plugin_dir_url( __FILE__ ),
-                    'version'    => '1.15.0',
+                    'version'    => '1.15.1',
                 ];
 
                 if ( ! class_exists( 'ACFCS_WEBSITE_URL' ) ) {
@@ -155,7 +155,9 @@ public function acfcs_check_table() {
             public static function acfcs_check_uploads_folder() {
                 $target_folder = acfcs_upload_folder( '/' );
                 if ( ! file_exists( $target_folder ) ) {
-                    mkdir( $target_folder, 0755 );
+                    WP_Filesystem();
+                    global $wp_filesystem;
+                    $wp_filesystem->mkdir( $target_folder, 0755 );
                 }
             }
 
@@ -334,6 +336,7 @@ public function acfcs_change_plugin_order() {
                 $active_plugins = get_option( 'active_plugins' );
                 $acfcs_key      = array_search( 'acf-city-selector/ACF_City_Selector.php', $active_plugins );
                 $acf_key        = array_search( 'advanced-custom-fields-pro/acf.php', $active_plugins );
+
                 if ( false !== $acf_key && false !== $acfcs_key ) {
                     if ( $acfcs_key < $acf_key ) {
                         $this->acfcs_move_array_element( $active_plugins, $acfcs_key, $acf_key );

diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ Welcome to the City Selector plugin, which is an extension for [Advanced Custom
 <a name="version"></a>
 ### Version
 
-1.15.0 - 25.10.24
+1.15.1 - 26.10.24
 
 <a name="description"></a>
 ### Description
@@ -228,6 +228,10 @@ I got the idea for this plugin through [Fabrizio Sabato](https://github.com/fab0
 <a name="changelog"></a>
 ### Changelog
 
+1.15.1
+* use wp_filesystem for csv files
+* sanitize/escape more
+
 1.15.0
 * set menu slug for (hidden) admin pages to prevent empty admin page title
 * fix vulnerability in file upload

diff --git a/admin/acf-city-selector-v4.php b/admin/acf-city-selector-v4.php
@@ -307,7 +307,7 @@ function load_value( $value, $post_id, $field ) {
                 if ( strlen( $country_code ) == 2 && false != $state_code ) {
                     global $wpdb;
                     $table                  = $wpdb->prefix . 'cities';
-                    $row                    = $wpdb->get_row( $wpdb->prepare( "SELECT country, state_name FROM $table WHERE country_code= %s AND state_code= %s", $country_code, $state_code ) );
+                    $row                    = $wpdb->get_row( $wpdb->prepare( "SELECT country, state_name FROM %i WHERE country_code= %s AND state_code= %s", $table, $country_code, $state_code ) );
                     $value[ 'stateCode' ]   = $state_code;
                     $value[ 'stateName' ]   = ( isset( $row->state_name ) ) ? $row->state_name : false;
                     $value[ 'countryName' ] = ( isset( $row->country ) ) ? $row->country : false;

diff --git a/admin/acf-city-selector-v5.php b/admin/acf-city-selector-v5.php
@@ -246,7 +246,7 @@ function load_value( $value, $post_id, $field ) {
                 if ( strlen( $country_code ) == 2 && false != $state_code ) {
                     global $wpdb;
                     $table                  = $wpdb->prefix . 'cities';
-                    $row                    = $wpdb->get_row( $wpdb->prepare( "SELECT country, state_name FROM $table WHERE country_code = '%s' AND state_code = '%s'", $country_code, $state_code ) );
+                    $row                    = $wpdb->get_row( $wpdb->prepare( "SELECT country, state_name FROM %i WHERE country_code = %s AND state_code = %s", $table, $country_code, $state_code ) );
                     $value[ 'stateCode' ]   = $state_code;
                     $value[ 'stateName' ]   = ( isset( $row->state_name ) ) ? $row->state_name : false;
                     $value[ 'countryName' ] = ( isset( $row->country ) ) ? $row->country : false;

diff --git a/admin/acfcs-countries.php b/admin/acfcs-countries.php
@@ -21,9 +21,10 @@ function acfcs_country_page() {
         if ( is_array( $country_files ) ) {
             foreach( $country_files as $single_file ) {
                 $single_file                   = (array) $single_file;
-                $single_file[ 'country_name' ] = esc_attr__( $single_file[ 'country_name' ], 'acf-city-selector' );
+                $single_file[ 'country_name' ] = acfcs_get_country_name( strtolower( $single_file[ 'country_code' ] ) );
                 $single_files[]                = $single_file;
             }
+
             if ( ! empty( $single_files ) ) {
                 $country_name = array_column( $single_files, 'country_name' );
                 array_multisort( $country_name, SORT_ASC, $single_files );
@@ -32,7 +33,7 @@ function acfcs_country_page() {
         if ( is_array( $country_packs ) ) {
             foreach( $country_packs as $country_package ) {
                 $country_package                   = (array) $country_package;
-                $country_package[ 'country_name' ] = esc_attr__( $country_package[ 'country_name' ], 'acf-city-selector' );
+                $country_package[ 'country_name' ] = acfcs_get_country_name( strtolower( $country_package[ 'package_code' ] ) );
                 $country_packages[]                = $country_package;
             }
         }
@@ -80,9 +81,9 @@ function acfcs_country_page() {
                                         ?>
                                         <tr>
                                             <?php echo sprintf( '<td><img src="%s" alt="" /></td>', esc_url_raw( $flag_folder . $package[ 'country_code' ] . '.png' ) ); ?>
-                                            <?php echo sprintf( '<td>%s</td>', esc_html($package[ 'country_name' ] ) ); ?>
+                                            <?php echo sprintf( '<td>%s</td>', esc_html( acfcs_get_country_name( strtolower( $package[ 'country_code' ] ) ) ) ); ?>
                                             <?php echo sprintf( '<td>%s</td>', esc_html(( ! empty( $package[ 'number_states' ] ) ) ? $package[ 'number_states' ] : 'n/a' ) ); ?>
-                                            <?php echo sprintf( '<td>%s</td>', esc_html($package[ 'number_cities' ] ) ); ?>
+                                            <?php echo sprintf( '<td>%s</td>', esc_html( $package[ 'number_cities' ] ) ); ?>
                                             <?php echo sprintf( '<td>%s</td>', esc_html(( ! empty( $package[ 'price' ] ) ) ? '&euro; ' . $package[ 'price' ] . ',00' : esc_html__( 'FREE', 'acf-city-selector' ) ) ); ?>
                                         </tr>
                                     <?php } ?>
@@ -105,7 +106,7 @@ function acfcs_country_page() {
                                     <tbody>
                                     <?php foreach( $country_packages as $package ) { ?>
                                         <tr>
-                                            <?php echo sprintf( '<td>%s</td>', esc_html__( $package[ 'country_name' ], 'acf-city-selector' ) ); ?>
+                                            <?php echo sprintf( '<td>%s</td>', esc_html( $package[ 'country_name' ] ) ); ?>
 
                                             <td>
                                                 <?php
@@ -148,7 +149,7 @@ function acfcs_country_page() {
                             <?php } ?>
 
                             <?php /* translators: %s link tag, %s github location, %s anchor */ ?>
-                            <?php echo sprintf( '<p>%s</p>', sprintf( esc_attr( "More countries will be added soon. Feel free to %s a country, if it's not available (yet).", 'acf-city-selector' ), sprintf( '<a href="%s" target="_blank" rel="noopener">%s</a>', esc_url( 'https://github.com/Beee4life/acf-city-selector/issues' ), esc_attr__( 'request', 'acf-city-selector' ) ) ) ); ?>
+                            <?php echo sprintf( '<p>%s</p>', sprintf( esc_html__( "More countries will be added soon. Feel free to %s a country, if it's not available (yet).", 'acf-city-selector' ), sprintf( '<a href="%s" target="_blank" rel="noopener">%s</a>', esc_url( 'https://github.com/Beee4life/acf-city-selector/issues' ), esc_attr__( 'request', 'acf-city-selector' ) ) ) ); ?>
 
                             <?php echo sprintf( '<p><a href="%s" target="_blank" rel="noopener" class="button button-primary">%s</a></p>', esc_url( ACFCS_WEBSITE_URL . '/get-countries/' ), esc_html__( 'Get your country now', 'acf-city-selector' ) ); ?>
 

diff --git a/admin/acfcs-info.php b/admin/acfcs-info.php
@@ -9,7 +9,9 @@ function acfcs_info_page() {
         }
 
         ACF_City_Selector::acfcs_show_admin_notices();
-
+
+        WP_Filesystem();
+        global $wp_filesystem;
         $countries    = acfcs_get_countries_info();
         $prepare_json = array();
         ?>
@@ -67,7 +69,7 @@ function acfcs_info_page() {
                                 <tr>
                                     <?php $prepare_json[ 'server_info' ][ 'operating_system' ] = isset( $_SERVER[ 'SERVER_SOFTWARE' ] ) ? sanitize_text_field( wp_unslash( $_SERVER[ 'SERVER_SOFTWARE' ] ) ) : ''; ?>
                                     <td><?php esc_html_e( 'Operating system', 'acf-city-selector' ); ?></td>
-                                    <td><?php echo esc_html( wp_unslash( $_SERVER[ 'SERVER_SOFTWARE' ] ) ); ?></td>
+                                    <td><?php echo esc_html( sanitize_text_field( wp_unslash( $_SERVER[ 'SERVER_SOFTWARE' ] ) ) ); ?></td>
                                 </tr>
                                 <tr>
                                     <?php $prepare_json[ 'server_info' ][ 'phpversion' ] = phpversion(); ?>
@@ -77,22 +79,22 @@ function acfcs_info_page() {
                                 <tr>
                                     <?php $prepare_json[ 'server_info' ][ 'server_ip' ] = isset( $_SERVER[ 'SERVER_ADDR' ] ) ? sanitize_text_field( wp_unslash( $_SERVER[ 'SERVER_ADDR' ] ) ) : ''; ?>
                                     <td><?php esc_html_e( 'Server IP', 'acf-city-selector' ); ?></td>
-                                    <td><?php echo esc_html( wp_unslash(  $_SERVER[ 'SERVER_ADDR' ] ) ); ?></td>
+                                    <td><?php echo esc_html( sanitize_text_field( wp_unslash(  $_SERVER[ 'SERVER_ADDR' ] ) ) ); ?></td>
                                 </tr>
                                 <tr>
                                     <?php $prepare_json[ 'server_info' ][ 'server_port' ] = isset( $_SERVER[ 'SERVER_PORT' ] ) ? sanitize_text_field( wp_unslash( $_SERVER[ 'SERVER_PORT' ] ) ) : ''; ?>
                                     <td><?php esc_html_e( 'Server port', 'acf-city-selector' ); ?></td>
-                                    <td><?php echo esc_html( wp_unslash(  $_SERVER[ 'SERVER_PORT' ] ) ); ?></td>
+                                    <td><?php echo esc_html( sanitize_text_field( wp_unslash(  $_SERVER[ 'SERVER_PORT' ] ) ) ); ?></td>
                                 </tr>
                                 <tr>
                                     <?php $prepare_json[ 'server_info' ][ 'scheme' ] = isset( $_SERVER[ 'REQUEST_SCHEME' ] ) ? sanitize_text_field( wp_unslash( $_SERVER[ 'REQUEST_SCHEME' ] ) ) : ''; ?>
                                     <td><?php esc_html_e( 'Scheme', 'acf-city-selector' ); ?></td>
-                                    <td><?php echo esc_html( wp_unslash(  $_SERVER[ 'REQUEST_SCHEME' ] ) ); ?></td>
+                                    <td><?php echo esc_html( sanitize_text_field( wp_unslash(  $_SERVER[ 'REQUEST_SCHEME' ] ) ) ); ?></td>
                                 </tr>
                                 <tr>
                                     <?php $prepare_json[ 'server_info' ][ 'document_root' ] = isset( $_SERVER[ 'DOCUMENT_ROOT' ] ) ? sanitize_text_field( wp_unslash( $_SERVER[ 'DOCUMENT_ROOT' ] ) ) : ''; ?>
                                     <td><?php esc_html_e( 'Home path', 'acf-city-selector' ); ?></td>
-                                    <td><?php echo esc_html( wp_unslash(  $_SERVER[ 'DOCUMENT_ROOT' ] ) ); ?></td>
+                                    <td><?php echo esc_html( sanitize_text_field( wp_unslash(  $_SERVER[ 'DOCUMENT_ROOT' ] ) ) ); ?></td>
                                 </tr>
                                 </tbody>
                             </table>
@@ -218,7 +220,7 @@ function acfcs_info_page() {
 
                         <?php $file_name = acfcs_upload_folder( '/' ) . 'debug.json'; ?>
                         <?php if ( ! file_exists( $file_name ) ) { ?>
-                            <?php file_put_contents( $file_name, '' ); // create empty file ?>
+                            <?php $wp_filesystem->put_contents( $file_name, '' ); // create empty file ?>
                         <?php } ?>
                         <div class="acfcs__section acfcs__section--export">
                             <?php echo sprintf( '<h2>%s</h2>', esc_html__( 'Download JSON', 'acf-city-selector' ) ); ?>
@@ -231,9 +233,9 @@ function acfcs_info_page() {
                             </p>
                             <?php if ( file_exists( $file_name ) ) { ?>
                                 <?php $serialized_json = wp_json_encode( $prepare_json ); // encode json before saving ?>
-                                <?php file_put_contents( $file_name, $serialized_json ); // write to file ?>
+                                <?php $wp_filesystem->put_contents( $file_name, $serialized_json ); // write to file ?>
                                 <p class="json_button">
-                                    <a href="<?php echo esc_url( wp_upload_dir()['baseurl'] . '/acfcs/debug.json' ); ?>" class="button button-primary">
+                                    <a href="<?php echo esc_url( wp_upload_dir()[ 'baseurl' ] . '/acfcs/debug.json' ); ?>" class="button button-primary">
                                         <?php esc_attr_e( 'View JSON file', 'acf-city-selector' ); ?>
                                     </a> <small>(<?php esc_html_e( 'left-click to open, right-click to save', 'acf-city-selector' ); ?>)</small>
                                 </p>

diff --git a/admin/acfcs-preview.php b/admin/acfcs-preview.php
@@ -18,10 +18,10 @@ function acfcs_preview_page() {
                 do_action( 'acfcs_admin_menu' );
 
                 $file_index      = acfcs_check_if_files();
-                $file_name       = ( isset( $_POST[ 'acfcs_file_name' ] ) ) ? wp_unslash( $_POST[ 'acfcs_file_name' ] ) : false;
+                $file_name       = ( isset( $_POST[ 'acfcs_file_name' ] ) ) ? sanitize_text_field( wp_unslash( $_POST[ 'acfcs_file_name' ] ) ) : false;
                 $max_lines       = ( isset( $_POST[ 'acfcs_max_lines' ] ) ) ? (int) $_POST[ 'acfcs_max_lines' ] : false;
                 $max_lines_value = ( false != $max_lines ) ? $max_lines : 100;
-                $delimiter       = ( isset( $_POST[ 'acfcs_delimiter' ] ) ) ? wp_unslash( $_POST[ 'acfcs_delimiter' ] ) : apply_filters( 'acfcs_delimiter', ';' );
+                $delimiter       = ( isset( $_POST[ 'acfcs_delimiter' ] ) ) ? sanitize_text_field( wp_unslash( $_POST[ 'acfcs_delimiter' ] ) ) : apply_filters( 'acfcs_delimiter', ';' );
 
                 // Get imported data
                 if ( $file_name ) {