Merge pull request #446 from WPChill/dev

3.1.14 update

admin/class-strong-testimonials-exporter.php

@@ -37,8 +37,10 @@ public function export_query( $query ) {
 		global $wpdb;
 
 		if ( isset( $this->args['content'] ) && 'wpm-testimonial' === $this->args['content'] ) {
-
-			$attachments = $wpdb->get_results( "SELECT ID, guid, post_parent FROM {$wpdb->posts} WHERE post_type = 'attachment'", OBJECT_K );
+
+			$attachments = $wpdb->get_results( $wpdb->prepare(
+				"SELECT ID, guid, post_parent FROM {$wpdb->posts} WHERE post_type = %s", 'attachment'
+			), OBJECT_K );
 			if ( empty( $attachments ) ) {
 				return $query;
 			}
@@ -48,10 +50,15 @@ public function export_query( $query ) {
 			// get attachments who are post thumbnails
 			$posts = $wpdb->get_col( $query );
 			if ( $posts ) {
-				$ids = $wpdb->get_col( sprintf( "SELECT meta_value FROM {$wpdb->postmeta} WHERE meta_key = '_thumbnail_id' AND post_id IN(%s)", implode( ',', $posts ) ) );
+				$placeholders = implode( ',', array_fill( 0, count( $posts ), '%d' ) );
+				$sql = $wpdb->prepare(
+					"SELECT meta_value FROM {$wpdb->postmeta} WHERE meta_key = %s AND post_id IN($placeholders)",
+					array_merge( array( '_thumbnail_id' ), $posts )
+				);
+				$ids = $wpdb->get_col( $sql );
 			}
-
-			// get atachments who have a post parent.
+	
+			// get attachments who have a post parent.
 			foreach ( $attachments as $id => $att ) {
 				if ( in_array( $att->post_parent, $posts ) ) {
 					$ids[] = $id;
@@ -67,8 +74,9 @@ public function export_query( $query ) {
 				// replace INNER JOIN with LEFT JOIN.
 				$query = str_replace( "SELECT ID FROM {$wpdb->posts} INNER JOIN {$wpdb->term_relationships} ", "SELECT ID FROM {$wpdb->posts} LEFT JOIN {$wpdb->term_relationships} ", $query );
 			}
-			$query .= sprintf( " OR {$wpdb->posts}.ID IN (%s) ", implode( ',', $ids ) );
-
+			$placeholders = implode( ',', array_fill( 0, count( $ids ), '%d' ) );
+			$query .= $wpdb->prepare( " OR {$wpdb->posts}.ID IN ($placeholders) ", $ids );
+
 		}
 		return $query;
 	}

admin/js/st-uninstall.js

@@ -2,19 +2,19 @@ jQuery(document).ready(function ($) {
     var uninstall     = $("a.uninstall-st"),
         formContainer = $('#st-uninstall-form');
 
-    formContainer.on('click', '#delete_all', function () {
-        if ( $('#delete_all').is(':checked') ) {
-            $('#delete_options').prop('checked', true);
-            $('#delete_transients').prop('checked', true);
-            $('#delete_cpt').prop('checked', true);
-            $('#delete_st_tables').prop('checked', true);
-            $('#delete_terms').prop('checked', true);
+    formContainer.on('click', '#st-delete_all', function () {
+        if ( $('#st-delete_all').is(':checked') ) {
+            $('#st-delete_options').prop('checked', true);
+            $('#st-delete_transients').prop('checked', true);
+            $('#st-delete_cpt').prop('checked', true);
+            $('#st-delete_st_tables').prop('checked', true);
+            $('#st-delete_terms').prop('checked', true);
         } else {
-            $('#delete_options').prop('checked', false);
-            $('#delete_transients').prop('checked', false);
-            $('#delete_cpt').prop('checked', false);
-            $('#delete_st_tables').prop('checked', false);
-            $('#delete_terms').prop('checked', false);
+            $('#st-delete_options').prop('checked', false);
+            $('#st-delete_transients').prop('checked', false);
+            $('#st-delete_cpt').prop('checked', false);
+            $('#st-delete_st_tables').prop('checked', false);
+            $('#st-delete_terms').prop('checked', false);
         }
     });
 
@@ -26,11 +26,11 @@ jQuery(document).ready(function ($) {
         formContainer.on('click', '#st-uninstall-submit-form', function (e) {
             formContainer.addClass('toggle-spinner');
             var selectedOptions = {
-                delete_options: ($('#delete_options').is(':checked')) ? 1 : 0,
-                delete_transients: ($('#delete_transients').is(':checked')) ? 1 : 0,
-                delete_cpt: ($('#delete_cpt').is(':checked')) ? 1 : 0,
-                delete_st_tables: ($('#delete_st_tables').is(':checked')) ? 1 : 0,
-                delete_terms : ($('#delete_terms').is(':checked')) ? 1 : 0,
+                delete_options: ($('#st-delete_options').is(':checked')) ? 1 : 0,
+                delete_transients: ($('#st-delete_transients').is(':checked')) ? 1 : 0,
+                delete_cpt: ($('#st-delete_cpt').is(':checked')) ? 1 : 0,
+                delete_st_tables: ($('#st-delete_st_tables').is(':checked')) ? 1 : 0,
+                delete_terms : ($('#st-delete_terms').is(':checked')) ? 1 : 0,
             };
 
             var data = {

admin/uninstall/class-strong-testimonials-uninstall.php

@@ -92,7 +92,7 @@ public function add_uninstall_form() {
                         $after_input  = '</strong>';
                     }
 
-                    echo ' <p class="st-uninstall-options-checkbox" ><input type="checkbox" name="' . esc_attr( $key ) . ' " id="' . esc_attr( $key ) . '" value="' . esc_attr( $key ) . '"> <label for="' . esc_attr( $key ) . '">' . wp_kses_post( $before_input ) . esc_attr( $option['label'] ) . wp_kses_post( $after_input ) . '</label></p><p class="description">' . esc_html( $option['description'] ) . '</p>'; // phpcs:ignore $before_input, $after_input OK
+                    echo ' <p class="st-uninstall-options-checkbox" ><input type="checkbox" name="st-' . esc_attr( $key ) . ' " id="st-' . esc_attr( $key ) . '" value="' . esc_attr( $key ) . '"> <label for="st-' . esc_attr( $key ) . '">' . wp_kses_post( $before_input ) . esc_attr( $option['label'] ) . wp_kses_post( $after_input ) . '</label></p><p class="description">' . esc_html( $option['description'] ) . '</p>'; // phpcs:ignore $before_input, $after_input OK
 
                 }
                 ?>
@@ -186,17 +186,29 @@ public function st_uninstall_plugin() {
         // Delete custom post type
         if ( '1' == $uninstall_option['delete_cpt'] ) {
 
-            $post_types   = apply_filters( 'st_uninstall_post_types', array( 'wpm-testimonial' ) );
-            $testimonials = get_posts( array( 'post_type' => $post_types, 'posts_per_page' => -1, 'fields' => 'ids' ) );
+            $post_types = apply_filters('st_uninstall_post_types', array('wpm-testimonial'));
+            $testimonials = get_posts(array('post_type' => $post_types, 'posts_per_page' => -1, 'fields' => 'ids'));
 
-            if ( is_array( $testimonials ) && !empty( $testimonials ) ) {
+            if (is_array($testimonials) && !empty($testimonials)) {
 
-                $id_in = implode( ',', $testimonials );
+                // Pregătește stringul de placeholderi și array-ul de valori
+                $placeholders = array_fill(0, count($testimonials), '%d');
+                $placeholders_string = implode(',', $placeholders);
 
-                $sql      = $wpdb->prepare( "DELETE FROM  $wpdb->posts WHERE ID IN ( $id_in )" );
-                $sql_meta = $wpdb->prepare( "DELETE FROM  $wpdb->postmeta WHERE post_id IN ( $id_in )" );
-                $wpdb->query( $sql );
-                $wpdb->query( $sql_meta );
+                // Construiește interogările SQL folosind placeholderii și array-ul de valori
+                $sql = $wpdb->prepare(
+                    "DELETE FROM $wpdb->posts WHERE ID IN ($placeholders_string)",
+                    ...$testimonials
+                );
+
+                $sql_meta = $wpdb->prepare(
+                    "DELETE FROM $wpdb->postmeta WHERE post_id IN ($placeholders_string)",
+                    ...$testimonials
+                );
+
+                // Execută interogările
+                $wpdb->query($sql);
+                $wpdb->query($sql_meta);
             }
         }
 

changelog.txt

@@ -1,3 +1,7 @@
+= 3.1.14 - 06.06.2024  -
+- Fixed: Security fix
+- Fixed: Uninstall functionality conflict with other plugins ( [#445](https://github.com/WPChill/strong-testimonials/issues/445) )
+
 = 3.1.13 - 22.04.2024  -
 - Fixed: Security issue
 

package.json

@@ -1,7 +1,7 @@
 {
   "name": "strong-testimonials",
   "author": "WPChill",
-  "version": "3.1.13",
+  "version": "3.1.14",
   "license": "GPL v3",
   "scripts": {
     "build": "webpack",

readme.txt

@@ -4,7 +4,7 @@ Tags: testimonials, testimonial slider, testimonial form, star ratings
 Requires at least: 5.2
 Requires PHP: 5.6
 Tested up to: 6.5
-Stable tag: 3.1.13
+Stable tag: 3.1.14
 License: GPLv3 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -206,6 +206,10 @@ No. If you already have testimonials in another plugin or theme, you will have t
 8. View editor
 
 == Changelog ==
+= 3.1.14 - 06.06.2024  -
+- Fixed: Security fix
+- Fixed: Uninstall functionality conflict with other plugins ( [#445](https://github.com/WPChill/strong-testimonials/issues/445) )
+
 = 3.1.13 - 22.04.2024  -
 - Fixed: Security issue
 

strong-testimonials.php

@@ -5,7 +5,7 @@
  * Description: Collect and display your testimonials or reviews.
  * Author: WPChill
  * Author URI: https://wpchill.com/
- * Version: 3.1.13
+ * Version: 3.1.14
  * Text Domain: strong-testimonials
  * Domain Path: /languages
  * Requires: 4.6 or higher
@@ -45,7 +45,7 @@
 	exit;
 }
 
-define( 'WPMTST_VERSION', '3.1.13' );
+define( 'WPMTST_VERSION', '3.1.14' );
 
 define( 'WPMTST_PLUGIN', plugin_basename( __FILE__ ) ); // strong-testimonials/strong-testimonials.php
 define( 'WPMTST', dirname( WPMTST_PLUGIN ) );           // strong-testimonials