Fixed a supposed issue on the logs page that 1. I was unable to repro…

…duce and 2. would definitely only be possible if you were an admin user anyway, so I'm not really sure why it was reported.
aaron13100 · Jan 31, 2024 · bc606c5 · bc606c5
1 parent 499fb4d
commit bc606c5
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 7 deletions.
diff --git a/404-solution.php b/404-solution.php
@@ -7,7 +7,7 @@
 	Author:      Aaron J
 	Author URI:  https://www.ajexperience.com/404-solution/
 
-	Version: 2.35.6
+	Version: 2.35.8
 
 	License:     GPL2
 	License URI: https://www.gnu.org/licenses/gpl-2.0.html

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog #
 
+## Version 2.35.8 (January 31, 2024) ##
+* Update: Fixed a supposed issue on the logs page that 1. I was unable to reproduce and 2. would definitely only be possible if you were an admin user anyway, so I'm not really sure why it was reported.
+
 ## Version 2.35.7 (November 10, 2023) ##
 * FIX: Avoid an Undefined array key for SERVER_NAME for some people.
 

diff --git a/README.md b/README.md
@@ -88,6 +88,9 @@ Please try this website for studying Japanese flashcards.
 
 ## Changelog ##
 
+## Version 2.35.8 (January 31, 2024) ##
+* Update: Fixed a supposed issue on the logs page that 1. I was unable to reproduce and 2. would definitely only be possible if you were an admin user anyway, so I'm not really sure why it was reported.
+
 ## Version 2.35.7 (November 10, 2023) ##
 * FIX: Avoid an Undefined array key for SERVER_NAME for some people.
 

diff --git a/includes/DataAccess.php b/includes/DataAccess.php
@@ -1173,15 +1173,18 @@ function getLogsIDandURLLike($specificURL, $limitResults) {
      */
     function getLogRecords($tableOptions) {
     	$f = ABJ_404_Solution_Functions::getInstance();
+    	$abj404logic = ABJ_404_Solution_PluginLogic::getInstance();
 
     	$logsid_included = '';
         $logsid = '';
         if ($tableOptions['logsid'] != 0) {
             $logsid_included = 'specific logs id included. */';
-            $logsid = esc_sql($tableOptions['logsid']);
+            $logsid = esc_sql($abj404logic->sanitizeForSQL($tableOptions['logsid']));
         }
-        $orderby = esc_sql(sanitize_text_field($tableOptions['orderby']));
-        $order = esc_sql(sanitize_text_field($tableOptions['order']));
+        $orderby = esc_sql(sanitize_text_field(
+            $abj404logic->sanitizeForSQL($tableOptions['orderby'])));
+        $order = esc_sql(sanitize_text_field(
+            $abj404logic->sanitizeForSQL($tableOptions['order'])));
         $start = ( absint(sanitize_text_field($tableOptions['paged']) - 1)) * absint(sanitize_text_field($tableOptions['perpage']));
         $perpage = absint(sanitize_text_field($tableOptions['perpage']));
 

diff --git a/includes/Loader.php b/includes/Loader.php
@@ -10,7 +10,7 @@
 define('ABJ404_SOLUTION_BASENAME', function_exists('plugin_basename') ? plugin_basename(ABJ404_FILE) : 
 	basename(dirname(ABJ404_FILE)) . '/' . basename(ABJ404_FILE));
 
-define( 'ABJ404_VERSION', '2.35.6' );
+define( 'ABJ404_VERSION', '2.35.8' );
 define( 'URL_TRACKING_SUFFIX', '?utm_source=404SolutionPlugin&utm_medium=WordPress');
 define( 'ABJ404_HOME_URL', 'https://www.ajexperience.com/404-solution/' . URL_TRACKING_SUFFIX);
 define( 'ABJ404_FC_URL', 'https://www.ajexperience.com/' . URL_TRACKING_SUFFIX);

diff --git a/includes/PluginLogic.php b/includes/PluginLogic.php
@@ -1683,6 +1683,20 @@ function sanitizePostData($postData, $restoreNewlines = false) {
         return $newData;
     }
 
+    /** Remove non a-zA-Z0-9 or _ characters. 
+     * @param string $str
+     * @return string
+     */
+    function sanitizeForSQL($str) {
+        if ($str == null || $str == '') {
+            return $str;
+        }
+        $re = '/[^\w_]/';
+
+        $result = preg_replace($re, '', $str);
+        return $result;
+    }
+
     /** 
      * @return string
      */

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "404-solution",
-  "version": "2.35.6",
+  "version": "2.35.8",
   "description": "The 404 Solution Plugin.",
   "main": "Gulpfile.js",
   "dependencies": {

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Website: https://www.ajexperience.com/404-solution/
 Tags: 404, page not found, redirect, 301, 302, permanent redirect, temporary redirect, error, permalink redirect, permalink
 Requires at least: 3.9
 Tested up to: 6.4
-Stable tag: 2.35.6
+Stable tag: 2.35.8
 
 Automatically redirect page not found errors (404s) when the slug matches (for permalink changes), when a very similar name match is found, or always to a default page.
 
@@ -88,6 +88,9 @@ Please try this website for studying flashcards.
 
 == Changelog ==
 
+= Version 2.35.8 (January 31, 2024) =
+* Update: Fixed a supposed issue on the logs page that 1. I was unable to reproduce and 2. would definitely only be possible if you were an admin user anyway, so I'm not really sure why it was reported.
+
 = Version 2.35.7 (November 10, 2023) =
 * FIX: Avoid an Undefined array key for SERVER_NAME for some people.