/** * Performs a full escape * * @uses wd_mysql_escape_mimic() * @param $string * @return array|mixed */ protected function escape($string) { global $wpdb; // recursively go through if it is an array if (is_array($string)) { foreach ($string as $k => $v) { $string[$k] = $this->escape($v); } return $string; } if (is_float($string)) { return $string; } // Escape support for WP < 4.0 if (method_exists($wpdb, 'esc_like')) { return esc_sql($wpdb->esc_like($string)); } return esc_sql(wd_mysql_escape_mimic($string)); }
/** * Performs a full escape * * @uses wd_mysql_escape_mimic() * @param $string * @return array|mixed */ protected function escape($string) { global $wpdb; // recursively go through if it is an array if (is_array($string)) { foreach ($string as $k => $v) { $string[$k] = $this->escape($v); } return $string; } if (is_float($string)) { return $string; } // Escape for 4.0 >= if (method_exists($wpdb, 'esc_like')) { return $wpdb->esc_like($string); } // Escape support for WP < 4.0 if (function_exists('like_escape')) { return like_escape($string); } // Okay, what? Not one function is present, use the one we have return wd_mysql_escape_mimic($string); }
<?php include ASP_PATH . "backend/tabs/instance/advanced_options.php"; ?> </fieldset> </div> </div> <input type="hidden" name="sett_tabid" id="sett_tabid" value="1" /> </form> </div> <?php $output = ob_get_clean(); ?> <?php if (isset($_POST['submit_' . $search['id']])) { $params = wpdreams_parse_params($_POST); //print_r($params); $data = wd_mysql_escape_mimic(json_encode($params)); //print_r($_POST); $search['id'] = (int) $search['id']; // secure the parameter $wpdb->query("\n UPDATE " . $_prefix . "ajaxsearchpro\n SET data = '" . $data . "'\n WHERE id = " . $search['id'] . "\n "); $style = $params; $id = $search['id']; asp_register_wpml_translations($params); asp_generate_the_css(); echo "<div class='successMsg'>Search settings saved!</div>"; } echo $output; ?> </div>
if (response == 1) { $this.parent().fadeOut(); } }); } }); <?php $items1 = ""; foreach ($top20 as $item) { $items1 .= "['" . wd_mysql_escape_mimic($item['keyword']) . "', " . $item['num'] . "],"; rtrim($items1, ","); } $items2 = ""; foreach ($last20 as $item) { $items2 .= "['" . wd_mysql_escape_mimic($item['keyword']) . "', " . $item['num'] . "],"; rtrim($items2, ","); } ?> var line1 = [<?php echo $items1; ?> ]; var line2 = [<?php echo $items2; ?> ]; var plot1 = $.jqplot('top20', [line1], { title: 'Top 20 Search Phrases', series: [ {renderer: $.jqplot.BarRenderer}
<?php } ?> <div class="wpdreams-box"> <form name="add-slider" action="" method="POST"> <fieldset> <legend>Create a new search instance</legend> <?php $new_slider = new wpdreamsText("addsearch", "Search form name:", "", array(array("func" => "wd_isEmpty", "op" => "eq", "val" => false)), "Please enter a valid form name!"); ?> <input name="submit" type="submit" value="Add"/> <?php if (isset($_POST['addsearch']) && !$new_slider->getError()) { $_search_default = get_option('asp_defaults'); $wpdb->query("INSERT INTO " . $_prefix . "ajaxsearchpro\n (name, data) VALUES\n ('" . esc_sql($_POST['addsearch']) . "', '" . wd_mysql_escape_mimic(json_encode($_search_default)) . "')"); $id = $wpdb->insert_id; asp_generate_the_css(); echo "<div class='successMsg'>Search Form Successfuly added!</div>"; } if (isset($_POST['instance_new_name']) && isset($_POST['instance_id'])) { if ($_POST['instance_new_name'] != '' && strlen($_POST['instance_new_name']) > 0) { $wpdb->query($wpdb->prepare("UPDATE " . $_prefix . "ajaxsearchpro SET name = '%s' WHERE id = %d", $_POST['instance_new_name'], $_POST['instance_id'])); echo "<div class='infoMsg'>Form name changed!</div>"; } else { echo "<div class='errorMsg'>Failure. Form name must be at least 1 character long</div>"; } } if (isset($_POST['instance_copy_id'])) { if ($_POST['instance_copy_id'] != '') { $wpdb->query($wpdb->prepare("INSERT INTO " . $_prefix . "ajaxsearchpro( name, data ) SELECT CONCAT(name, ' duplicate'), data FROM " . $_prefix . "ajaxsearchpro WHERE id=%d;", $_POST['instance_copy_id']));