summaryrefslogtreecommitdiff
path: root/Postman/Postman-Email-Log/PostmanEmailLogController.php
diff options
context:
space:
mode:
Diffstat (limited to 'Postman/Postman-Email-Log/PostmanEmailLogController.php')
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogController.php20
1 files changed, 10 insertions, 10 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php
index 2df2377..49f226b 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogController.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php
@@ -91,7 +91,7 @@ class PostmanEmailLogController {
$to = $meta_values ['original_to'] [0];
}
- $success = wp_mail( $to, $meta_values ['original_subject'] [0], maybe_unserialize( $meta_values ['original_message'] [0] ), $meta_values ['original_headers'] [0] );
+ $success = wp_mail( $to, $meta_values ['original_subject'] [0], $meta_values ['original_message'] [0], $meta_values ['original_headers'] [0] );
// Postman API: retrieve the result of sending this message from Postman
$result = apply_filters( 'postman_wp_mail_result', null );
@@ -158,21 +158,21 @@ class PostmanEmailLogController {
if ( PostmanUtils::isAdmin() && isset( $_REQUEST ['email_log_entry'] ) ) {
$this->logger->trace( 'handling bulk action' );
if ( wp_verify_nonce( $_REQUEST ['_wpnonce'], 'bulk-email_log_entries' ) ) {
- $this->logger->trace( sprintf( 'nonce "%s" passed validation', $_REQUEST ['_wpnonce'] ) );
+ $this->logger->trace( sprintf( 'nonce "%s" passed validation', sanitize_text_field($_REQUEST ['_wpnonce']) ) );
if ( isset( $_REQUEST ['action'] ) && ($_REQUEST ['action'] == 'bulk_delete' || $_REQUEST ['action2'] == 'bulk_delete') ) {
$this->logger->trace( sprintf( 'handling bulk delete' ) );
$purger = new PostmanEmailLogPurger();
- $postids = $_REQUEST ['email_log_entry'];
+ $postids = array_map( 'absint', $_REQUEST ['email_log_entry'] );
foreach ( $postids as $postid ) {
$purger->verifyLogItemExistsAndRemove( $postid );
}
$mh = new PostmanMessageHandler();
$mh->addMessage( __( 'Mail Log Entries were deleted.', 'post-smtp' ) );
} else {
- $this->logger->warn( sprintf( 'action "%s" not recognized', $_REQUEST ['action'] ) );
+ $this->logger->warn( sprintf( 'action "%s" not recognized', sanitize_text_field($_REQUEST ['action']) ) );
}
} else {
- $this->logger->warn( sprintf( 'nonce "%s" failed validation', $_REQUEST ['_wpnonce'] ) );
+ $this->logger->warn( sprintf( 'nonce "%s" failed validation', sanitize_text_field($_REQUEST ['_wpnonce']) ) );
}
$this->redirectToLogPage();
}
@@ -184,15 +184,15 @@ class PostmanEmailLogController {
// only do this for administrators
if ( PostmanUtils::isAdmin() ) {
$this->logger->trace( 'handling delete item' );
- $postid = $_REQUEST ['email'];
+ $postid = absint($_REQUEST ['email']);
if ( wp_verify_nonce( $_REQUEST ['_wpnonce'], 'delete_email_log_item_' . $postid ) ) {
- $this->logger->trace( sprintf( 'nonce "%s" passed validation', $_REQUEST ['_wpnonce'] ) );
+ $this->logger->trace( sprintf( 'nonce "%s" passed validation', sanitize_text_field($_REQUEST ['_wpnonce']) ) );
$purger = new PostmanEmailLogPurger();
$purger->verifyLogItemExistsAndRemove( $postid );
$mh = new PostmanMessageHandler();
$mh->addMessage( __( 'Mail Log Entry was deleted.', 'post-smtp' ) );
} else {
- $this->logger->warn( sprintf( 'nonce "%s" failed validation', $_REQUEST ['_wpnonce'] ) );
+ $this->logger->warn( sprintf( 'nonce "%s" failed validation', sanitize_text_field($_REQUEST ['_wpnonce']) ) );
}
$this->redirectToLogPage();
}
@@ -267,7 +267,7 @@ class PostmanEmailLogController {
// only do this for administrators
if ( PostmanUtils::isAdmin() ) {
$this->logger->trace( 'handling view transcript item' );
- $postid = $_REQUEST ['email'];
+ $postid = absint($_REQUEST ['email']);
$post = get_post( $postid );
$meta_values = PostmanLogFields::get_instance()->get( $postid );
// https://css-tricks.com/examples/hrs/
@@ -360,7 +360,7 @@ class PostmanEmailLogController {
/* Translators where (%s) is the name of the plugin */
echo sprintf( __( '%s Email Log', 'post-smtp' ), __( 'Post SMTP', 'post-smtp' ) )?></h2>
- <?php include_once POST_PATH . '/Postman/extra/donation.php'; ?>
+ <?php include_once POST_SMTP_PATH . '/Postman/extra/donation.php'; ?>
<div
style="background: #ECECEC; border: 1px solid #CCC; padding: 0 10px; margin-top: 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 15:45:20 +0000