diff --git a/inc/mep_functions.php b/inc/mep_functions.php index 8b5559c..20cd301 100755 --- a/inc/mep_functions.php +++ b/inc/mep_functions.php @@ -129,13 +129,6 @@ function mep_get_all_tax_list($current_tax=null){ } - - - - - - - add_action('woocommerce_before_checkout_form', 'mep_displays_cart_products_feature_image'); if (!function_exists('mep_displays_cart_products_feature_image')) { function mep_displays_cart_products_feature_image() { @@ -146,8 +139,6 @@ function mep_get_all_tax_list($current_tax=null){ } - - function mep_get_attendee_info_query($event_id,$order_id){ $pending_status_filter = array( @@ -227,8 +218,7 @@ function mep_email_dynamic_content($email_body, $event_id,$order_id){ $email_body = str_replace("{event_time}", $time, $email_body); $email_body = str_replace("{event_datetime}", $date_time, $email_body); $email_body = str_replace("{ticket_type}", $ticket_type, $email_body); - return $email_body; - + return $email_body; } @@ -350,8 +340,7 @@ function mep_page_create() { wp_insert_post($mep_search_page); } - -} + } } if (!function_exists('mep_city_filter_rewrite_rule')) { @@ -4151,17 +4140,17 @@ function mep_get_event_upcoming_date($event_id){ add_action('wp_ajax_mep_wl_ajax_license_activate', 'mep_wl_ajax_license_activate'); function mep_wl_ajax_license_activate(){ - if ( wp_verify_nonce( $_POST['nonce'], 'mep-ajax-license-activation-nonce' ) ) { + if ( wp_verify_nonce( $_POST['nonce'], 'mep-ajax-license-activation-nonce' ) && current_user_can('edit_posts') ) { - $nonce = sanitize_text_field($_REQUEST['nonce']); - $license = sanitize_text_field($_REQUEST['key']); - $key_option_name = sanitize_text_field($_REQUEST['key_option_name']); - $status_option_name = sanitize_text_field($_REQUEST['status_option_name']); - $expire_option_name = sanitize_text_field($_REQUEST['expire_option_name']); - $order_id_option_name = sanitize_text_field($_REQUEST['order_id_option_name']); - $item_name = sanitize_text_field($_REQUEST['item_name']); - $item_id = sanitize_text_field($_REQUEST['item_id']); - $user_type = isset($_REQUEST['user_type']) ? sanitize_text_field($_REQUEST['user_type']) : 'new'; + $nonce = sanitize_text_field($_POST['nonce']); + $license = sanitize_text_field($_POST['key']); + $key_option_name = sanitize_text_field($_POST['key_option_name']); + $status_option_name = sanitize_text_field($_POST['status_option_name']); + $expire_option_name = sanitize_text_field($_POST['expire_option_name']); + $order_id_option_name = sanitize_text_field($_POST['order_id_option_name']); + $item_name = sanitize_text_field($_POST['item_name']); + $item_id = sanitize_text_field($_POST['item_id']); + $user_type = isset($_POST['user_type']) ? sanitize_text_field($_POST['user_type']) : 'new'; $plugin_user_status_type = $key_option_name.'_type'; @@ -4201,7 +4190,7 @@ function mep_wl_ajax_license_activate(){ } update_option($status_option_name, $license_data->license); }else{ - _e('Something went wrong, Please Contact with support','mep-eventpress'); + _e('Something went wrong, Please Contact with support','mage-eventpress'); } die(); } @@ -4212,20 +4201,20 @@ die(); add_action('wp_ajax_mep_wl_ajax_license_deactivate', 'mep_wl_ajax_license_deactivate'); function mep_wl_ajax_license_deactivate(){ - if ( wp_verify_nonce( $_POST['nonce'], 'mep-ajax-license-deactivation-nonce' ) ) { - $key_option_name = sanitize_text_field($_REQUEST['key_option_name']); - $status_option_name = sanitize_text_field($_REQUEST['status_option_name']); - $expire_option_name = sanitize_text_field($_REQUEST['expire_option_name']); - $order_id_option_name = sanitize_text_field($_REQUEST['order_id_option_name']); - $item_name = sanitize_text_field($_REQUEST['item_name']); - $item_id = sanitize_text_field($_REQUEST['item_id']); + if ( wp_verify_nonce( $_POST['nonce'], 'mep-ajax-license-deactivation-nonce' ) && current_user_can('edit_posts') ) { + $key_option_name = sanitize_text_field($_POST['key_option_name']); + $status_option_name = sanitize_text_field($_POST['status_option_name']); + $expire_option_name = sanitize_text_field($_POST['expire_option_name']); + $order_id_option_name = sanitize_text_field($_POST['order_id_option_name']); + $item_name = sanitize_text_field($_POST['item_name']); + $item_id = sanitize_text_field($_POST['item_id']); update_option($key_option_name, ''); update_option($expire_option_name, ''); update_option($order_id_option_name, ''); update_option($status_option_name, 'invalid'); }else{ - _e('Something went wrong, Please Contact with support','mep-eventpress'); + _e('Something went wrong, Please Contact with support','mage-eventpress'); } die(); } @@ -4368,12 +4357,12 @@ function mep_import_elementor_template( $filepath ) { add_action('wp_ajax_mep_import_ajax_template', 'mep_import_ajax_template'); function mep_import_ajax_template(){ - if ( wp_verify_nonce( $_POST['nonce'], 'mep-ajax-import-template-nonce' ) ) { + if ( wp_verify_nonce( $_POST['nonce'], 'mep-ajax-import-template-nonce' ) && current_user_can('edit_posts') ) { - $file = esc_url($_REQUEST['file']); - $type = sanitize_text_field($_REQUEST['type']); - $editor = sanitize_text_field($_REQUEST['editor']); - $name = sanitize_text_field($_REQUEST['name']); + $file = esc_url($_POST['file']); + $type = sanitize_text_field($_POST['type']); + $editor = sanitize_text_field($_POST['editor']); + $name = sanitize_text_field($_POST['name']); $name_slug = sanitize_title($name); $count_import = get_option('mep_import_template_'.$name_slug) ? get_option('mep_import_template_'.$name_slug) : 0; $increase_count = $count_import +1;