release: fixes

- Fixed image upload in image dropdown field
- Enhanced security

Author: vytisbulkevicius

composer.lock

@@ -291,19 +291,20 @@ function ppom_admin_save_form_meta() {
 
 	global $wpdb;
 
-	extract( $_REQUEST );
-
 	$send_file_attachment = 'NA';
 	$aviary_api_key       = 'NA';
 	$show_cart_thumb      = 'NA';
 
+	$ppom           = array();
+	$productmeta_id = isset( $_REQUEST['productmeta_id'] ) ? sanitize_text_field( $_REQUEST['productmeta_id'] ) : '';
+
 	if ( is_string( $_REQUEST['ppom'] ) ) {
 		$ppom_encoded = $_REQUEST['ppom'];
 		parse_str( $ppom_encoded, $ppom_decoded);
-		$_REQUEST['ppom'] = $ppom_decoded['ppom'];
+		$ppom = $ppom_decoded['ppom'];
 	}
 
-	$ppom_meta    = ( isset($_REQUEST['ppom_meta']) ? $_REQUEST['ppom_meta'] : isset($_REQUEST['ppom']) ) ? $_REQUEST['ppom'] : '';
+	$ppom_meta    = isset($_REQUEST['ppom_meta']) ? $_REQUEST['ppom_meta'] : $ppom;
 
 	if ( empty( $ppom_meta ) ) {
 		$resp = array(
@@ -331,6 +332,7 @@ function( $pm ) {
 	$aviary_api_key         = isset( $_REQUEST['aviary_api_key'] ) ? sanitize_text_field( $_REQUEST['aviary_api_key'] ) : '';
 	$productmeta_style      = isset( $_REQUEST['productmeta_style'] ) ? sanitize_text_field( $_REQUEST['productmeta_style'] ) : '';
 	$productmeta_js         = isset( $_REQUEST['productmeta_js'] ) ? sanitize_text_field( $_REQUEST['productmeta_js'] ) : '';
+	$product_id             = isset( $_REQUEST['product_id'] ) ? intval( $_REQUEST['product_id'] ) : 0;
 
 	if ( strlen( $productmeta_name ) > 50 ) {
 		$resp = array(
@@ -406,8 +408,8 @@ function( $pm ) {
 	}
 
 
-	if ( isset( $_REQUEST['product_id'] ) && $_REQUEST['product_id'] != '' ) {
-		ppom_attach_fields_to_product( $ppom_id, intval( $_REQUEST['product_id'] ) );
+	if ( ! empty( $product_id ) ) {
+		ppom_attach_fields_to_product( $ppom_id, $product_id );
 		$redirect_to = get_permalink( $product_id );
 	}
 
@@ -438,8 +440,8 @@ function( $pm ) {
 function ppom_admin_update_form_meta() {
 
 
-	$return_page = isset( $_REQUEST['ppom_meta'] ) ? 'ppom-energy' : 'ppom';
-	extract( $_REQUEST );
+	$return_page    = isset( $_REQUEST['ppom_meta'] ) ? 'ppom-energy' : 'ppom';
+	$productmeta_id = isset( $_REQUEST['productmeta_id'] ) ? sanitize_text_field( $_REQUEST['productmeta_id'] ) : '';
 
 	$ppom_args   = array(
 		'page'           => $return_page,
@@ -640,7 +642,7 @@ function ppom_admin_delete_meta() {
 
 	global $wpdb;
 
-	extract( $_REQUEST );
+	$productmeta_id = isset( $_REQUEST['productmeta_id'] ) ? sanitize_text_field( $_REQUEST['productmeta_id'] ) : '';
 
 	$tbl_name = $wpdb->prefix . PPOM_TABLE_META;
 	$ppom_id  = intval( $productmeta_id );

inc/admin.php

@@ -759,6 +759,7 @@ jQuery(function($) {
                     var price_metatype = 'price';
                     var stock_metatype = 'stock';
                     var stock_placeholder = ppom_vars.i18n.stock;
+                    let url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url" value="">';
 
                     // Set name key for imageselect addon
                     if (meta_type == 'imageselect') {
@@ -779,14 +780,13 @@ jQuery(function($) {
                         var condidtion_attr = 'image_options';
                         price_placeholder = ppom_vars.i18n.metaIds;
                         price_metatype = 'meta_id';
+                        url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url" value="">';
                     }
                     else {
                         var class_name = '';
                         var condidtion_attr = '';
                     }
 
-                    let url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url" value="">';
-
                     if (meta.type !== 'image') {
                         img_icon = '<img width="60" src="' + meta.icon + '" style="width: 34px;">';
                         url_field = '';

js/admin/ppom-admin.js

@@ -2915,21 +2915,6 @@ parameters:
 			count: 1
 			path: inc/admin.php
 
-		-
-			message: "#^Variable \\$ppom might not be defined\\.$#"
-			count: 1
-			path: inc/admin.php
-
-		-
-			message: "#^Variable \\$product_id might not be defined\\.$#"
-			count: 1
-			path: inc/admin.php
-
-		-
-			message: "#^Variable \\$productmeta_id might not be defined\\.$#"
-			count: 11
-			path: inc/admin.php
-
 		-
 			message: "#^Constant PPOM_PATH not found\\.$#"
 			count: 1

phpstan-baseline.neon

@@ -18,7 +18,7 @@ Are you a WooCommerce store owner looking to offer personalized products? PPOM (
 
 - Would you like to see PPOM in action before installing it? [VIEW PPOM FIELDS DEMO](https://demo-ppom-lite.vertisite.cloud/)
 - Need any help with setup? [CHECK DOCUMENTATION](https://docs.themeisle.com/collection/1695-product-option-manager)
-- Interested in PPOM PRO? [LEARN MORE ABOUT PPOM PRO](https://themeisle.com/plugins/ppom-pro/upgrade?utm_source=wpadmin&utm_medium=readme&utm_campaign=quick-links)
+- Interested in PPOM PRO? [LEARN MORE ABOUT PPOM PRO](https://themeisle.com/plugins/ppom-pro/upgrade?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quick-links)
 
 ## Why Choose PPOM?
 
@@ -193,7 +193,7 @@ Boost your sales and customer satisfaction by offering tailored product options
 
 ✅ **Enquiry Form**: The "Enquiry Form" add-on simplifies collecting custom customer inquiries directly from your website, helping you address their needs efficiently. Customize where messages go and how you respond to enhance user satisfaction and potentially increase sales.
 
-Interested in PPOM PRO? [Learn more](https://themeisle.com/plugins/ppom-pro/upgrade?utm_source=wpadmin&utm_medium=readme&utm_campaign=interested-pro)
+Interested in PPOM PRO? [Learn more](https://themeisle.com/plugins/ppom-pro/upgrade?utm_source=wordpressorg&utm_medium=readme&utm_campaign=interested-pro)
 
 ## Tailored Flexibility for Every Business Need:
 
@@ -232,7 +232,7 @@ PPOM is an open-source project, and we welcome contributors to be part of our vi
 ###Useful Resources 📌
 
 - Read more about WordPress on our [blog](https://themeisle.com/blog/).
-- Interested in our other plugins? Take a look [here](https://themeisle.com/wordpress-plugins/?utm_source=wpadmin&utm_medium=readme&utm_campaign=PPOM).
+- Interested in our other plugins? Take a look [here](https://themeisle.com/wordpress-plugins/?utm_source=wordpressorg&utm_medium=readme&utm_campaign=PPOM).
 
 == Installation ==
 1. Upload the plugin directory to the `/wp-content/plugins/` directory