kharissulistiyo
/ my-plugin-build-with-risbl-admin.php
Created
February 5, 2025 01:11
Adding fields:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Risbl_Admin_Field object | |
| $field = Risbl_Admin_Field(); | |
| // Add input field | |
| echo $field->input([ | |
| 'id' => 'subscriber', | |
| 'label' => __('Subscriber', 'risbl-default-page-after-user-login'), | |
| 'description' => sprintf(__('URL to open after login for %s user role.', 'risbl-default-page-after-user-login'), 'Subscriber'), |
kharissulistiyo
/ my-plugin-build-with-risbl-admin.php
Last active
February 10, 2025 04:08
Configure plugin menu, features administration screen, and pages. Appears in https://admin.risbl.com/2025/02/04/about-risbl-admin/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Risbl Admin object | |
| $setting_page = Risbl_Admin(); | |
| // Config and display plugin menu and setting screen | |
| $setting_page->config([ | |
| 'parent_admin' => 'index.php', | |
| 'parent_admin_slug' => 'index.php', | |
| 'page_title' => __('Login Redirect', 'risbl-default-page-after-user-login'), |
kharissulistiyo
/ patch-code-sample-csv-injection-vulnerability.php
Created
November 29, 2024 10:25
Patch PHP CSV Injection vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| const FORMULAS_START_CHARACTERS = [ '=', '-', '+', '@', "\t", "\r" ]; | |
| public function write( $data, $columns ) { | |
| $is_test_mode_off = ! defined( 'AAL_TESTMODE' ) || ( defined( 'AAL_TESTMODE' ) && ! AAL_TESTMODE ); | |
| if ( $is_test_mode_off ) { | |
| header( 'Content-type: text/csv' ); | |
| header( 'Content-Disposition: attachment; filename="activity-log-export.csv"' ); |
kharissulistiyo
/ bad-code-sample-csv-injection-vulnerability.php
Created
November 29, 2024 10:23
Bad PHP code sample: CSV Injection vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| public function write( $data, $columns ) { | |
| $is_test_mode_off = ! defined( 'AAL_TESTMODE' ) || ( defined( 'AAL_TESTMODE' ) && ! AAL_TESTMODE ); | |
| if ( $is_test_mode_off ) { | |
| header( 'Content-type: text/csv' ); | |
| header( 'Content-Disposition: attachment; filename="activity-log-export.csv"' ); | |
| } |
kharissulistiyo
/ patch-code-sample-local-file-inclusion-vulnerability.php
Created
November 29, 2024 04:51
Patch PHP Local File Inclusion vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $style = isset( $settings['pricing_table_style'] ) ? $settings['pricing_table_style'] : 'style-1'; | |
| if (!in_array($style, array('style-1', 'style-2', 'style-3', 'style-4'))) { | |
| $style = 'style-1'; | |
| } | |
| ?> | |
| <div <?php echo $element->get_render_attribute_string( 'pricing_attr' ) ?>> | |
| <div <?php echo $element->get_render_attribute_string( 'inner_attr' ) ?>> | |
| <?php ube_get_template( "elements/pricing-table/{$style}.php", array( |
kharissulistiyo
/ bad-code-sample-local-file-inclusion.php
Created
November 29, 2024 04:50
Bad PHP code sample: Local File Inclusion vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $style = isset( $settings['pricing_table_style'] ) ? $settings['pricing_table_style'] : 'style-1'; | |
| ?> | |
| <div <?php echo $element->get_render_attribute_string( 'pricing_attr' ) ?>> | |
| <div <?php echo $element->get_render_attribute_string( 'inner_attr' ) ?>> | |
| <?php ube_get_template( "elements/pricing-table/{$style}.php", array( | |
| 'element' => $element, | |
| 'settings' => $settings, | |
| ) ); ?> |
kharissulistiyo
/ patch-code-sample-arbitrary-file-download.php
Created
November 28, 2024 13:00
Patch PHP Arbitrary File Download vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| public function file_download() { | |
| if ( !is_admin() || !is_user_logged_in() ) | |
| return; | |
| if ( isset($_GET['page']) && isset($_GET['download']) ) { | |
| if ( $_GET['page'] !== $this->menu_base ) | |
| return; |
kharissulistiyo
/ bad-code-sample-arbitrary-file-download.php
Created
November 28, 2024 12:58
Bad PHP code sample: Arbitrary File Download vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| public function file_download() { | |
| if ( !is_admin() || !is_user_logged_in() ) | |
| return; | |
| if ( isset($_GET['page']) && isset($_GET['download']) ) { | |
| if ( $_GET['page'] !== $this->menu_base ) | |
| return; |
kharissulistiyo
/ patch-code-sample-path-traversal.php
Created
November 27, 2024 23:58
Patch PHP Path Traversal vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $allowed_subpage = array('dashboard', 'profile', 'settings'); | |
| if ( Input::has( 'sub_page' ) ) { | |
| $sub_page = Input::get( 'sub_page' ); | |
| if ( in_array( $sub_page, $allowed, true ) ) { | |
| include_once tutor()->path . "views/pages/{$sub_page}.php"; | |
| return; | |
| } |
kharissulistiyo
/ bad-code-sample-path-traversal-vulnerability.php
Created
November 27, 2024 23:57
Bad PHP code sample: Path Traversal vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if ( Input::has( 'sub_page' ) ) { | |
| $sub_page = Input::get( 'sub_page' ); | |
| include_once tutor()->path . "views/pages/{$sub_page}.php"; | |
| return; | |
| } |
NewerOlder