Add sanitization

gateways/paypal/settings.php

@@ -3,16 +3,16 @@
 function event_espresso_paypal_payment_settings() {
 	global $active_gateways;
 	if (isset($_POST['update_paypal'])) {
-		$paypal_settings['paypal_id'] = $_POST['paypal_id'];
+		$paypal_settings['paypal_id'] = sanitize_email($_POST['paypal_id']);
 		$paypal_settings['tax_override'] = empty($_POST['tax_override']) ? false : true;
 		$paypal_settings['shipping_override'] = empty($_POST['shipping_override']) ? false : true;
-		$paypal_settings['image_url'] = $_POST['image_url'];
-		$paypal_settings['currency_format'] = $_POST['currency_format'];
+		$paypal_settings['image_url'] = esc_url_raw($_POST['image_url']);
+		$paypal_settings['currency_format'] = ee_sanitize_value($_POST['currency_format']);
 		$paypal_settings['use_sandbox'] = empty($_POST['use_sandbox']) ? false : true;
-		$paypal_settings['bypass_payment_page'] = $_POST['bypass_payment_page'];
+		$paypal_settings['bypass_payment_page'] = isset($_POST['bypass_payment_page']) && $_POST['bypass_payment_page'] === 'Y' ? 'Y' : 'N';
 		$paypal_settings['force_ssl_return'] = empty($_POST['force_ssl_return']) ? false : true;
-		$paypal_settings['no_shipping'] = $_POST['no_shipping'];
-		$paypal_settings['button_url'] = $_POST['button_url'];
+		$paypal_settings['no_shipping'] = (int)$_POST['no_shipping'];
+		$paypal_settings['button_url'] = esc_url_raw($_POST['button_url']);
 		update_option('event_espresso_paypal_settings', $paypal_settings);
 		echo '<div id="message" class="updated fade"><p><strong>' . __('PayPal settings saved.', 'event_espresso') . '</strong></p></div>';
 	}

includes/admin-files/coupon-management/add_discount.php

@@ -8,7 +8,14 @@ function add_discount_to_db(){
 			if (!function_exists('espresso_member_data'))
 				$current_user->ID = 1;
 
-			$sql=array('coupon_code'=>$_REQUEST['coupon_code'], 'coupon_code_price'=>$_REQUEST['coupon_code_price'],'coupon_code_description'=>$_REQUEST['coupon_code_description'], 'use_percentage'=>$_REQUEST['use_percentage'],'apply_to_all'=>$_REQUEST['apply_to_all'], 'wp_user'=>$current_user->ID); 
+			$sql=array(
+				'coupon_code'=>sanitize_text_field($_REQUEST['coupon_code']),
+				'coupon_code_price'=>abs($_REQUEST['coupon_code_price']),
+		 		'coupon_code_description'=>sanitize_text_field($_REQUEST['coupon_code_description']),
+				'use_percentage'=>$_REQUEST['use_percentage'] === 'Y' ? 'Y' : 'N',
+		 		'apply_to_all'=>intval($_REQUEST['apply_to_all']),
+				'wp_user'=>$current_user->ID
+			); 
 
 			$sql_data = array('%s','%s','%s','%s','%d', '%d');
 

includes/admin-files/coupon-management/delete_discount.php

@@ -3,24 +3,17 @@ function delete_event_discount(){
 	global $wpdb;
 	if(isset($_REQUEST['delete_discount'])){
 		if (is_array($_POST['checkbox'])){
-			while(list($key,$value)=each($_POST['checkbox'])):
-				$del_id=$key;
+			foreach($_POST['checkbox'] as $key => $value) {
 				//Delete discount data
-				$sql = "DELETE FROM ".EVENTS_DISCOUNT_CODES_TABLE." WHERE id='" . $del_id . "'";
-				$wpdb->query($sql);
-
-				$sql = "DELETE FROM ".EVENTS_DISCOUNT_REL_TABLE." WHERE discount_id='" . $del_id . "'";
-				$wpdb->query($sql);
-			endwhile;	
+				$wpdb->delete(EVENTS_DISCOUNT_CODES_TABLE, array('id' => $key), array('%d'));
+				$wpdb->delete(EVENTS_DISCOUNT_REL_TABLE, array('discount_id' => $key),array('%d'));
+			}
 		}
 	}
-	if(isset($_REQUEST['action']) && $_REQUEST['action']== 'delete_discount'){
+	if(isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_discount'){
 		//Delete discount data
-		$sql = "DELETE FROM ".EVENTS_DISCOUNT_CODES_TABLE." WHERE id='" . $_REQUEST['discount_id'] . "'";
-		$wpdb->query($sql);
-
-		$sql = "DELETE FROM ".EVENTS_DISCOUNT_REL_TABLE." WHERE discount_id='" . $_REQUEST['discount_id'] . "'";
-		$wpdb->query($sql);
+		$wpdb->delete(EVENTS_DISCOUNT_CODES_TABLE, array('id' => $_REQUEST['discount_id']), array('%d'));
+		$wpdb->delete(EVENTS_DISCOUNT_REL_TABLE, array('discount_id' => $_REQUEST['discount_id']), array('%d'));
 	}
 	?>
 	<div id="message" class="updated fade">

includes/admin-files/coupon-management/edit_discount.php

@@ -4,17 +4,18 @@ function edit_event_discount(){
 
 	global $wpdb;
 
-	$discount_id = $_REQUEST['discount_id'];
-	 $event_discounts = $wpdb->get_results("SELECT * FROM " . EVENTS_DISCOUNT_CODES_TABLE . " WHERE id = " . $discount_id);
+	$discount_id = intval($_REQUEST['discount_id']);
+	$sql = $wpdb->prepare("SELECT * FROM " . EVENTS_DISCOUNT_CODES_TABLE . " WHERE id = %d", $discount_id);
+	$event_discounts = $wpdb->get_results( $sql );
 
-			foreach ($event_discounts as $event_discount){
-				$discount_id = $event_discount->id;
-				$coupon_code = $event_discount->coupon_code;
-				$coupon_code_price = $event_discount->coupon_code_price;
-				$coupon_code_description = $event_discount->coupon_code_description;
-				$use_percentage = $event_discount->use_percentage;
-				$apply_to_all = $event_discount->apply_to_all;
-			}
+	foreach ($event_discounts as $event_discount){
+		$discount_id = $event_discount->id;
+		$coupon_code = $event_discount->coupon_code;
+		$coupon_code_price = $event_discount->coupon_code_price;
+		$coupon_code_description = $event_discount->coupon_code_description;
+		$use_percentage = $event_discount->use_percentage;
+		$apply_to_all = $event_discount->apply_to_all;
+	}
 ?>
 <!--Add event display-->
 

includes/admin-files/coupon-management/update_discount.php

@@ -3,9 +3,15 @@ function update_event_discount() {
 	global $wpdb, $current_user;
 	$wpdb->show_errors();
 
-	$sql=array('coupon_code'=>$_REQUEST['coupon_code'],'coupon_code_price'=>$_REQUEST['coupon_code_price'], 'coupon_code_description'=>$_REQUEST['coupon_code_description'], 'use_percentage'=>$_REQUEST['use_percentage'],'apply_to_all'=>intval($_REQUEST['apply_to_all'])); 
+	$sql=array(
+		'coupon_code'=>sanitize_text_field($_REQUEST['coupon_code']),
+		'coupon_code_price'=>abs($_REQUEST['coupon_code_price']),
+		'coupon_code_description'=>sanitize_text_field($_REQUEST['coupon_code_description']),
+		'use_percentage'=>$_REQUEST['use_percentage'] === 'Y' ? 'Y' : 'N',
+		'apply_to_all'=>intval($_REQUEST['apply_to_all'])
+	);
 
-	$update_id = array('id'=> $_REQUEST['discount_id']);
+	$update_id = array('id'=> intval($_REQUEST['discount_id']));
 
 	$sql_data = array('%s','%s','%s','%s','%d');
 

includes/admin-files/coupon-management/use_coupon_code.php

@@ -45,7 +45,7 @@ function event_espresso_coupon_payment_page( $event_id = FALSE, $event_cost = 0.
 //		echo '<h4>$coupon_code : ' . $coupon_code . '  <br /><span style="font-size:10px;font-weight:normal;">' . __FILE__ . '<br />line no: ' . __LINE__ . '</span></h4>';			
 
 		if ( ! $use_coupon_code ) {
-			$use_coupon_code = isset( $_POST['use_coupon'][$event_id] ) ? $_POST['use_coupon'][$event_id] : 'N';			
+			$use_coupon_code = isset( $_POST['use_coupon'][$event_id] ) ? ee_sanitize_value($_POST['use_coupon'][$event_id]) : 'N';			
 		}
 //		echo '<h4>$use_coupon_code : ' . $use_coupon_code . '  <br /><span style="font-size:10px;font-weight:normal;">' . __FILE__ . '<br />line no: ' . __LINE__ . '</span></h4>';
 

includes/admin-files/staff-management/add_staff_to_db.php

@@ -4,17 +4,17 @@ function add_staff_to_db(){
 	$wpdb->show_errors();
 	if ( $_REQUEST['action'] == 'add' ){
 		//print_r($_REQUEST);
-		$staff_meta['phone'] = $_REQUEST['phone'];
-		$staff_meta['twitter'] = $_REQUEST['twitter'];
-		$staff_meta['image'] = $_REQUEST['image'];
-		$staff_meta['website'] = $_REQUEST['website'];
+		$staff_meta['phone'] = sanitize_text_field($_REQUEST['phone']);
+		$staff_meta['twitter'] = sanitize_text_field($_REQUEST['twitter']);
+		$staff_meta['image'] = esc_url_raw($_REQUEST['image']);
+		$staff_meta['website'] = esc_url_raw($_REQUEST['website']);
 		$staff_meta['description'] = wp_kses_post( $_REQUEST['description'] );
 
-		$staff_meta['organization'] = esc_html($_REQUEST['organization']);
-		$staff_meta['title'] = esc_html($_REQUEST['title']);
-		$staff_meta['industry'] = esc_html($_REQUEST['industry']);
-		$staff_meta['city'] = esc_html($_REQUEST['city']);
-		$staff_meta['country'] = esc_html($_REQUEST['country']);
+		$staff_meta['organization'] = sanitize_text_field($_REQUEST['organization']);
+		$staff_meta['title'] = sanitize_text_field($_REQUEST['title']);
+		$staff_meta['industry'] = sanitize_text_field($_REQUEST['industry']);
+		$staff_meta['city'] = sanitize_text_field($_REQUEST['city']);
+		$staff_meta['country'] = sanitize_text_field($_REQUEST['country']);
 
 		$meta = serialize($staff_meta);
 
@@ -23,7 +23,7 @@ function add_staff_to_db(){
 		if (!function_exists('espresso_member_data'))
 			$current_user->ID = 1;
 
-		$sql=array('identifier'=>$identifier, 'role'=>$_REQUEST['role'], 'name'=>$_REQUEST['name'],'email'=>$_REQUEST['email'],'wp_user'=>$current_user->ID,'meta'=>$meta); 
+		$sql=array('identifier'=>$identifier, 'role'=>sanitize_text_field($_REQUEST['role']), 'name'=>sanitize_text_field($_REQUEST['name']),'email'=>sanitize_text_field($_REQUEST['email']),'wp_user'=>$current_user->ID,'meta'=>$meta); 
 
 		$sql_data = array('%s', '%s', '%s','%s','%d','%s');
 

includes/admin-files/staff-management/update_staff.php

@@ -3,24 +3,24 @@ function update_event_staff(){
 	global $wpdb;
 	$wpdb->show_errors();
 	//print_r($_REQUEST);
-	$staff_meta['phone'] = $_REQUEST['phone'];
-	$staff_meta['twitter'] = $_REQUEST['twitter'];
-	$staff_meta['image'] = $_REQUEST['image'];
-	$staff_meta['website'] = $_REQUEST['website'];
+	$staff_meta['phone'] = sanitize_text_field($_REQUEST['phone']);
+	$staff_meta['twitter'] = sanitize_text_field($_REQUEST['twitter']);
+	$staff_meta['image'] = esc_url_raw($_REQUEST['image']);
+	$staff_meta['website'] = esc_url_raw($_REQUEST['website']);
 	$staff_meta['description'] = wp_kses_post( $_REQUEST['description'] );
 
-	$staff_meta['organization'] = esc_html($_REQUEST['organization']);
-	$staff_meta['title'] = esc_html($_REQUEST['title']);
-	$staff_meta['industry'] = esc_html($_REQUEST['industry']);
-	$staff_meta['city'] = esc_html($_REQUEST['city']);
-	$staff_meta['country'] = esc_html($_REQUEST['country']);
+	$staff_meta['organization'] = sanitize_text_field($_REQUEST['organization']);
+	$staff_meta['title'] = sanitize_text_field($_REQUEST['title']);
+	$staff_meta['industry'] = sanitize_text_field($_REQUEST['industry']);
+	$staff_meta['city'] = sanitize_text_field($_REQUEST['city']);
+	$staff_meta['country'] = sanitize_text_field($_REQUEST['country']);
 
     $meta = serialize($staff_meta);
 
 
-	$sql=array('name'=>$_REQUEST['name'],'role'=>$_REQUEST['role'],'email'=>$_REQUEST['email'], 'meta'=>$meta); 
+	$sql=array('name'=>sanitize_text_field($_REQUEST['name']),'role'=>sanitize_text_field($_REQUEST['role']),'email'=>sanitize_text_field($_REQUEST['email']), 'meta'=>$meta); 
 
-		$update_id = array('id'=> $_REQUEST['staff_id']);
+		$update_id = array('id'=> (int)$_REQUEST['staff_id']);
 
 		$sql_data = array('%s','%s','%s','%s');
 		$wpdb->update( EVENTS_PERSONNEL_TABLE, $sql, $update_id, $sql_data, array( '%d' ) );

includes/admin-files/venue-management/edit_venue.php

@@ -1,7 +1,7 @@
 <?php
 function edit_event_venue(){
 	global $wpdb; 
-    $id = $_REQUEST['id'];
+    $id = (int)$_REQUEST['id'];
 
     if ( function_exists( 'espresso_user_has_venue_permission' ) ) {
         if ( !espresso_user_has_venue_permission( $id ) ) {

includes/admin-files/venue-management/index.php

@@ -18,7 +18,7 @@ function event_espresso_venue_config_mnu(){
         $venue_deleted = 0;
 		if ( isset( $_POST[ 'checkbox' ] ) && is_array( $_POST['checkbox'] ) ) {
 			while(list($key,$value)=each($_POST['checkbox'])):
-				$del_id=$key;
+				$del_id=(int)$key;
                 $flag = true;
                 if ( function_exists( 'espresso_user_has_venue_permission') ) {
                     $flag = espresso_user_has_venue_permission( $del_id );
@@ -39,7 +39,7 @@ function event_espresso_venue_config_mnu(){
 		}
 		if( isset( $_REQUEST[ 'id' ] ) && 'delete_venue' == $_REQUEST['action'] ){
             $flag = true;
-            $del_id = $_REQUEST['id'];
+            $del_id = (int)$_REQUEST['id'];
             if ( function_exists( 'espresso_user_has_venue_permission') ) {
                 $flag = espresso_user_has_venue_permission( $del_id );
             }

includes/admin-reports/add_new_attendee.php

@@ -33,12 +33,12 @@ function add_new_attendee($event_id){
         wp_print_scripts('reCopy');
 
 	global $wpdb;
-	$sql  = "SELECT * FROM " .EVENTS_DETAIL_TABLE. " WHERE is_active='Y' AND event_status != 'D' AND id = '" . $event_id . "' LIMIT 0,1";
-
+	$sql  = "SELECT * FROM " .EVENTS_DETAIL_TABLE. " ed WHERE ed.is_active='Y' AND ed.event_status != 'D' AND ed.id = %d LIMIT 0,1";
+	
 	//Build the registration page
-	if ($wpdb->get_results($sql)){
-			$events = $wpdb->get_results($sql);
-			//These are the variables that can be used throughout the regsitration page
+	$events = $wpdb->get_results($wpdb->prepare( $sql, $event_id ), OBJECT_K );
+	if ($events){
+			//These are the variables that can be used throughout the registration page
 			foreach ($events as $event){
 					$event_id = $event->id;
 					$event_name = stripslashes($event->event_name);

includes/admin-reports/charts.php

@@ -1,12 +1,12 @@
 <?php
 function espresso_charts() {
     global $wpdb, $org_options,$espresso_premium;
-	$event_id = $_REQUEST['event_id'];
+	$event_id = (int)$_REQUEST['event_id'];
 ?>
 <div class="metabox-holder">
   <div class="postbox">
     <h3>
-      <?php echo espresso_event_list_attendee_title($_REQUEST['event_id']); ?>
+      <?php echo espresso_event_list_attendee_title($event_id); ?>
     </h3>
     <div class="inside">
 <?php 

includes/admin-reports/edit_attendee_record.php

@@ -27,7 +27,7 @@ function edit_attendee_record() {
 	if ($_REQUEST['form_action'] == 'edit_attendee') {
 
 		$id = isset($_REQUEST['id']) ? absint( $_REQUEST['id'] ) : '';
-		$registration_id = isset($_REQUEST['registration_id']) ? ee_sanitize_value( $_REQUEST['registration_id'] ) : '';
+		$registration_id = isset($_REQUEST['registration_id']) ? ee_sanitize_value($_REQUEST['registration_id']) : '';
 		$multi_reg = FALSE;
 
 		// check for multi reg, additional attendees, and verify reg id for primary attendee
@@ -196,13 +196,13 @@ function edit_attendee_record() {
 			}
 
 			//Update the price_option_type
-			do_action('action_hook_espresso_save_attendee_meta', $id, 'price_option_type', isset($_POST['price_option_type']) && !empty($_POST['price_option_type']) ? ee_sanitize_value($_POST['price_option_type']) : 'DEFAULT');
+			do_action('action_hook_espresso_save_attendee_meta', $id, 'price_option_type', isset($_POST['price_option_type']) && !empty($_POST['price_option_type']) ? sanitize_text_field($_POST['price_option_type']) : 'DEFAULT');
 
 			//Move attendee
 			do_action('action_hook_espresso_attendee_mover_move');
 
-			$event_id = isset($_POST['event_id']) ? $_POST['event_id'] : '';
-			$txn_type = isset($_POST['txn_type']) ? $_POST['txn_type'] : '';
+			$event_id = isset($_POST['event_id']) ? intval($_POST['event_id']) : '';
+			$txn_type = isset($_POST['txn_type']) ? sanitize_text_field($_POST['txn_type']) : '';
 
 			$cols_and_values = array( 
 					'fname'		=> isset($_POST['fname']) ? ee_sanitize_value($_POST['fname']) : '', 
@@ -213,7 +213,7 @@ function edit_attendee_record() {
 					'state'		=> isset($_POST['state']) ? ee_sanitize_value($_POST['state']) : '', 
 					'zip'		=> isset($_POST['zip']) ? ee_sanitize_value($_POST['zip']) : '', 
 					'phone'		=> isset($_POST['phone']) ? ee_sanitize_value($_POST['phone']) : '', 
-					'email'		=> isset($_POST['email']) ? sanitize_email($_POST['email']) : '' 
+					'email'		=> isset($_POST['email']) ? ee_sanitize_value($_POST['email']) : '' 
 			);
 			$cols_and_values_format = array( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' );
 
@@ -347,7 +347,7 @@ function edit_attendee_record() {
 							}
 
 							$post_val = apply_filters( 'filter_hook_espresso_admin_question_response', $post_val, $question );
-							$post_val = ee_sanitize_value( stripslashes( $post_val ));
+							$post_val = sanitize_text_field( stripslashes( $post_val ));
 							break;
 
 						case "MULTIPLE" :
@@ -357,7 +357,7 @@ function edit_attendee_record() {
 								$pval = apply_filters( 'filter_hook_espresso_admin_question_response', trim( $_POST[ $question->question_type . '_' . $question->q_id ][$i] ), $question );
 								$post_val .= $pval . ",";
 							}
-							$post_val = ee_sanitize_value( substr( stripslashes( $post_val ), 0, -1 ));
+							$post_val = sanitize_text_field( substr( stripslashes( $post_val ), 0, -1 ));
 
 							break;
 					}
@@ -414,11 +414,11 @@ function edit_attendee_record() {
 		// are we looking for an additional attendee ?
 		if ( isset( $_REQUEST['attendee_num'] ) && $_REQUEST['attendee_num'] > 1 && isset( $_REQUEST['id'] )) {
 			$SQL .= "WHERE  att.id = %d";
-			$attendees = $wpdb->get_results( $wpdb->prepare( $SQL, ee_sanitize_value( $_REQUEST['id'] ) ));
+			$attendees = $wpdb->get_results( $wpdb->prepare( $SQL, $_REQUEST['id'] ));
 		} else {
 			// check for multi reg & additional attendees by first finding primary attendee
 			$SQL2 = "SELECT primary_registration_id FROM " . EVENTS_MULTI_EVENT_REGISTRATION_ID_GROUP_TABLE . " WHERE registration_id = %s";
-			if ( $primary_registration_id = $wpdb->get_var( $wpdb->prepare( $SQL2, ee_sanitize_value( $_REQUEST['registration_id'] )))) {
+			if ( $primary_registration_id = $wpdb->get_var( $wpdb->prepare( $SQL2, $_REQUEST['registration_id'] ))) {
 				// now find all registrations
 				$SQL3 = "SELECT registration_id FROM " . EVENTS_MULTI_EVENT_REGISTRATION_ID_GROUP_TABLE . " WHERE primary_registration_id = %s";
 				$reg_ids = $wpdb->get_col( $wpdb->prepare( $SQL3, $primary_registration_id ));