Merge pull request #90 from Codeinwp/development

selul · web-flow · commit 1ac585ffd47a · 2016-08-19T20:45:34.000+03:00
Fixed potential XSS security bug
Added support for charts in the media library
Removed pointer for the pro version
Added option to show legend on the left side
diff --git a/classes/Visualizer/Module/Admin.php b/classes/Visualizer/Module/Admin.php
@@ -58,76 +58,10 @@ public function __construct( Visualizer_Plugin $plugin ) {
 		$this->_addAction( 'admin_footer', 'renderTempaltes' );
 		$this->_addAction( 'admin_enqueue_scripts', 'enqueueLibraryScripts' );
 		$this->_addAction( 'admin_menu', 'registerAdminMenu' );
-        // Added by Ash/Upwork for feedback
-		$this->_addAction( 'admin_init', 'visualizerInitFeedback' );
-        // Added by Ash/Upwork for feedback
 
 		$this->_addFilter( 'media_view_strings', 'setupMediaViewStrings' );
 		$this->_addFilter( 'plugin_action_links', 'getPluginActionLinks', 10, 2 );
 		$this->_addFilter( 'plugin_row_meta', 'getPluginMetaLinks', 10, 2 );
-		$this->_addFilter( 'visualizer_admin_pointers', 'visualizerAdminPointers', 10, 2 );
-        // Added by Ash/Upwork for feedback
-		$this->_addFilter( 'visualizer_feedback_enqueue', 'visualizerFeedbackEnqueue', 10, 2 );
-		$this->_addFilter( 'visualizer_feedback', 'visualizerFeedback', 10, 2 );
-		$this->_addFilter( 'visualizer_feedback_config', 'visualizerFeedbackConfig', 10, 2 );
-		$this->_addFilter( 'visualizer_feedback_action', 'visualizerFeedbackAction', 10, 2 );
-        // Added by Ash/Upwork for feedback
-	}
-
-    // Added by Ash/Upwork for feedback
-    function visualizerFeedbackConfig(){
-        return array(
-            "title" => "TITLE",
-            "description" => "Message that will ask the user for review",
-            "yes_btn_txt" => "Text to show on yes btn ",
-            "no_btn_txt"  => "txt to show on no btn",
-            "yes_btn_link" => "link to redirect when click on the yes btn", 
-        );
-    }
-
-    function visualizerFeedbackAction(){
-        return array("type"=>"splash","action"=>array("type"=>"click","target"=>".add-new-h2"));
-    }
-
-    function visualizerFeedback(){
-        return true;
-    }
-
-    function visualizerInitFeedback(){
-        $file   = trailingslashit(VISUALIZER_ABSPATH) . "feedback/PluginFeedbackTI.php";
-        if (file_exists($file)) {
-            include_once $file;
-            new PluginFeedbackTI(Visualizer_Plugin::NAME, 1, Visualizer_Plugin::VERSION, "visualizer_feedback", "visualizer_feedback_config", "visualizer_feedback_action", "visualizer_feedback_enqueue");
-        }
-    }
-
-    function visualizerFeedbackEnqueue(){
-        wp_register_script("ti-feedback-func", VISUALIZER_ABSURL . 'js/feedback-func.js');
-        wp_enqueue_script("ti-feedback-func");
-    }
-    // Added by Ash/Upwork for feedback
-
-	/**
-	 * Returns wp pointers for visualizer
-	 *
-	 * @since 1.5
-	 *
-	 * @static
-	 * @access private
-	 * @return array The associated array of pointer
-	 */
-	function visualizerAdminPointers( $p ) {
-		$p['visualizer'] = array(
-			'target' => '#menu-media',
-			'options' => array(
-				'content' => sprintf( '<h3> %s </h3> <p> %s </p>',
-					__( 'Visualizer New Features ' , Visualizer_Plugin::NAME),
-					__( 'Right now the Visualizer Charts and Graphics plugin integrates a live editor and a new importing option for your charts. ',Visualizer_Plugin::NAME)
-				),
-				'position' => array( 'edge' => 'top', 'align' => 'middle' )
-			)
-		);
-		return $p;
 	}
 
 	/**
@@ -175,7 +109,7 @@ public function enqueueMediaScripts() {
 
 			wp_enqueue_script( 'visualizer-google-jsapi-new',    '//www.gstatic.com/charts/loader.js',                      array( 'media-editor' ),                null,                       true );
 			wp_enqueue_script( 'visualizer-google-jsapi-old',    '//www.google.com/jsapi',                      array( 'visualizer-google-jsapi-new' ),                null,                       true );
-			wp_enqueue_script( 'visualizer-media-model',      VISUALIZER_ABSURL . 'js/media/model.js',      array( 'visualizer-google-jsapi' ),     Visualizer_Plugin::VERSION, true );
+			wp_enqueue_script( 'visualizer-media-model',      VISUALIZER_ABSURL . 'js/media/model.js',      array( 'visualizer-google-jsapi-old' ),     Visualizer_Plugin::VERSION, true );
 			wp_enqueue_script( 'visualizer-media-collection', VISUALIZER_ABSURL . 'js/media/collection.js', array( 'visualizer-media-model' ),      Visualizer_Plugin::VERSION, true );
 			wp_enqueue_script( 'visualizer-media-controller', VISUALIZER_ABSURL . 'js/media/controller.js', array( 'visualizer-media-collection' ), Visualizer_Plugin::VERSION, true );
 			wp_enqueue_script( 'visualizer-media-view',       VISUALIZER_ABSURL . 'js/media/view.js',       array( 'visualizer-media-controller' ), Visualizer_Plugin::VERSION, true );
@@ -258,46 +192,6 @@ public function enqueueLibraryScripts( $suffix ) {
 			wp_enqueue_script( 'google-jsapi-old', '//www.google.com/jsapi', array('google-jsapi-new'), null, true );
 			wp_enqueue_script( 'visualizer-render', VISUALIZER_ABSURL . 'js/render.js', array( 'google-jsapi-old', 'visualizer-library' ), Visualizer_Plugin::VERSION, true );
 		}
-		if ( get_bloginfo( 'version' ) < '3.3' )
-			return;
-
-
-		// Get pointers for this screen
-		$pointers = apply_filters( 'visualizer_admin_pointers', array() );
-
-		if ( ! $pointers || ! is_array( $pointers ) )
-			return;
-
-		// Get dismissed pointers
-		$dismissed = explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) );
-		$valid_pointers =array();
-		// Check pointers and remove dismissed ones.
-		foreach ( $pointers as $pointer_id => $pointer ) {
-
-			// Sanity check
-			if ( in_array( $pointer_id, $dismissed ) || empty( $pointer )  || empty( $pointer_id ) || empty( $pointer['target'] ) || empty( $pointer['options'] ) )
-				continue;
-
-			$pointer['pointer_id'] = $pointer_id;
-
-			// Add the pointer to $valid_pointers array
-			$valid_pointers['pointers'][] =  $pointer;
-		}
-
-		// No valid pointers? Stop here.
-		if ( empty( $valid_pointers ) )
-			return;
-
-		// Add pointers style to queue.
-		wp_enqueue_style( 'wp-pointer' );
-		// Add pointers script to queue. Add custom script.
-		wp_enqueue_script( 'visualizer-pointer', VISUALIZER_ABSURL."js/visualizer-pointer.js", array( 'wp-pointer' ),Visualizer_Plugin::VERSION );
-
-		// Add pointer options to script.
-		wp_localize_script( 'visualizer-pointer', 'visualizer', $valid_pointers );
-
-
-
 	}
 
 	/**
diff --git a/classes/Visualizer/Module/Chart.php b/classes/Visualizer/Module/Chart.php
@@ -132,7 +132,7 @@ public function getCharts() {
 			) )
 		);
 
-		$filter = filter_input( INPUT_GET, 'filter' );
+		$filter = filter_input( INPUT_GET, 'filter', FILTER_SANITIZE_STRING );
 		if ( $filter && in_array( $filter, Visualizer_Plugin::getChartTypes() ) ) {
 			$query_args['meta_query'] = array(
 				array(
diff --git a/classes/Visualizer/Plugin.php b/classes/Visualizer/Plugin.php
@@ -30,7 +30,7 @@
 class Visualizer_Plugin {
 
 	const NAME    = 'visualizer';
-	const VERSION = '1.5.5';
+	const VERSION = '1.6.0';
 
 	// custom post types
 	const CPT_VISUALIZER = 'visualizer';
diff --git a/classes/Visualizer/Render/Library.php b/classes/Visualizer/Render/Library.php
@@ -91,7 +91,6 @@ private function _renderLibrary() {
         if(isset($_GET["filter"]) && strlen($_GET["filter"]) > 0){
             $filterBy   = filter_input( INPUT_GET, "filter", FILTER_SANITIZE_STRING );
         }
-        $action         = $_SERVER["REQUEST_URI"];
         echo '<div id="visualizer-search"><form action="" method="get">
                 <input type="text" name="filter" value="' . $filterBy . '">
                 <input type="hidden" name="page" value="visualizer">
@@ -104,11 +103,11 @@ private function _renderLibrary() {
 				foreach ( $this->types as $type => $label ) {
 					echo '<li class="visualizer-list-item">';
 						if ( $type == $this->type ) {
-							echo '<a class="page-numbers current" href="', add_query_arg( 'vpage', false ), '">';
+							echo '<a class="page-numbers current" href="', esc_url(add_query_arg( 'vpage', false )), '">';
 								echo $label;
 							echo '</a>';
 						} else {
-							echo '<a class="page-numbers" href="', add_query_arg( array( 'type' => $type, 'vpage' => false ) ), '">';
+							echo '<a class="page-numbers" href="', esc_url(add_query_arg( array( 'type' => $type, 'vpage' => false ) )), '">';
 								echo $label;
 							echo '</a>';
 						}
diff --git a/classes/Visualizer/Render/Sidebar.php b/classes/Visualizer/Render/Sidebar.php
@@ -98,6 +98,7 @@ public function __construct( $data = array() ) {
 
 		$this->_legendPositions = array(
 			''       => '',
+			'left'  => esc_html__( 'Left of the chart', Visualizer_Plugin::NAME ),
 			'right'  => esc_html__( 'Right of the chart', Visualizer_Plugin::NAME ),
 			'top'    => esc_html__( 'Above the chart', Visualizer_Plugin::NAME ),
 			'bottom' => esc_html__( 'Below the chart', Visualizer_Plugin::NAME ),
diff --git a/css/media.css b/css/media.css
@@ -1,3 +1,6 @@
+/*
+	Version: 1.5.6
+*/
 #visualizer-library-view {
 	padding: 30px 10px 10px 30px;
 }
diff --git a/index.php b/index.php
@@ -1,9 +1,9 @@
 <?php
 /*
-Plugin Name: Visualizer: Charts and Graphs
-Plugin URI: https://themeisle.com/plugins/visualizer-charts-and-graphs/
+Plugin Name: Visualizer: Charts and Graphs Lite
+Plugin URI: https://themeisle.com/plugins/visualizer-charts-and-graphs-lite/
 Description: A simple, easy to use and quite powerful tool to create, manage and embed interactive charts into your WordPress posts and pages. The plugin uses Google Visualization API to render charts, which supports cross-browser compatibility (adopting VML for older IE versions) and cross-platform portability to iOS and new Android releases.
-Version: 1.5.6
+Version: 1.6.0
 Author: Themeisle
 Author URI: http://themeisle.com
 License: GPL v2.0 or later
@@ -109,9 +109,6 @@ function visualizer_launch() {
 	if ( $doing_ajax ) {
 		// set ajax modules
 		$plugin->setModule( Visualizer_Module_Chart::NAME );
-        // Added by Ash/Upwork for feedback
-        $plugin->setModule( Visualizer_Module_Admin::NAME );
-        // Added by Ash/Upwork for feedback
 	} else {
 		if ( is_admin() ) {
 			// set admin modules
diff --git a/js/feedback-func.js b/js/feedback-func.js
diff --git a/js/render.js b/js/render.js
@@ -53,6 +53,11 @@
 						}
 					}
 				}
+
+                if (settings.series && settings.legend && settings.legend.position == "left")
+                {
+                    settings.targetAxisIndex = 1;
+                }
 				break;
 			case 'geo':
 				if (settings.region != undefined && settings.region.replace(/^\s+|\s+$/g, '') == '') {
@@ -87,6 +92,11 @@
 						}
 					}
 				}
+
+                if (settings.series && settings.legend && settings.legend.position == "left")
+                {
+                    settings.targetAxisIndex = 1;
+                }
 				break;
 			default:
 				return;
diff --git a/js/visualizer-pointer.js b/js/visualizer-pointer.js
diff --git a/readme.txt b/readme.txt
@@ -1,8 +1,8 @@
-=== WordPress Charts and Graphs ===
+=== WordPress Charts and Graphs Lite ===
 Contributors:  codeinwp,marius2012,marius_codeinwp,hardeepasrani,themeisle,Madalin_ThemeIsle
 Tags: chart, charts, charting, graph, graphs, graphing, visualisation, visualise data, visualization, visualize data, HTML5, canvas, pie chart, line chart, bar chart, column chart, gauge chart, area chart, scatter chart, candlestick chart, geo chart, google visualization api
 Requires at least: 3.5
-Tested up to: 4.5.3
+Tested up to: 4.6
 Stable tag: trunk
 License: GPL v2.0 or later
 License URI: http://www.opensource.org/licenses/gpl-license.php
@@ -11,7 +11,7 @@ A simple and quite powerful WordPress chart plugin to create, manage and embed i
 
 == Description ==
  
-<a href="http://themeisle.com/plugins/visualizer-charts-and-graphs/" rel="friend">WordPress Visualizer plugin</a> is a simple, easy to use and quite powerful tool to create, manage and embed interactive charts into your WordPress posts and pages.
+<a href="http://themeisle.com/plugins/visualizer-charts-and-graphs-lite/" rel="friend">WordPress Visualizer plugin</a> is a simple, easy to use and quite powerful tool to create, manage and embed interactive charts into your WordPress posts and pages.
 
 The plugin uses Google Visualization API to add charts, which support cross-browser compatibility (adopting VML for older IE versions) and cross-platform portability to iOS and new Android releases.
 
@@ -70,6 +70,13 @@ Pay attention that to turn your shortcodes into graphs, your theme has to have `
 
 == Changelog ==
 
+= 1.6.0 =
+* Fixed security issue when importing charts
+* Removed pointer for the pro version
+* Fixed charts import from media library
+* Added support to show legend on the left side
+
+
 = 1.5.6 =
 * Added support for 3 more chart types
 * Fixed issue with charts not saving

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,6 @@`
	`1`	`+/*`
	`2`	`+ Version: 1.5.6`
	`3`	`+*/`
`1`	`4`	`#visualizer-library-view {`
`2`	`5`	`padding: 30px 10px 10px 30px;`
`3`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,11 @@`
`53`	`53`	`}`
`54`	`54`	`}`
`55`	`55`	`}`
	`56`	`+`
	`57`	`+ if (settings.series && settings.legend && settings.legend.position == "left")`
	`58`	`+ {`
	`59`	`+ settings.targetAxisIndex = 1;`
	`60`	`+ }`
`56`	`61`	`break;`
`57`	`62`	`case 'geo':`
`58`	`63`	`if (settings.region != undefined && settings.region.replace(/^\s+\|\s+$/g, '') == '') {`
`@@ -87,6 +92,11 @@`
`87`	`92`	`}`
`88`	`93`	`}`
`89`	`94`	`}`
	`95`	`+`
	`96`	`+ if (settings.series && settings.legend && settings.legend.position == "left")`
	`97`	`+ {`
	`98`	`+ settings.targetAxisIndex = 1;`
	`99`	`+ }`
`90`	`100`	`break;`
`91`	`101`	`default:`
`92`	`102`	`return;`