sha256 7f6092f4ea58b5c5c0dba72ba014b9395bf9608f9aeeb95206e80dc14f0b17e5 /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/repro/vendor/wp-review-slider-pro_v12.6.7.zip --- Plugin header from bundled real product zip --- * @wordpress-plugin * Plugin Name: WP Review Slider Pro (Premium) * Plugin URI: https://wpreviewslider.com/ * Description: Pro Version - Allows you to easily display your Facebook Page, Yelp, Google, Manually Input, and 80+ other site reviews in your Posts, Pages, and Widget areas. * Version: 12.6.7 * Update URI: https://api.freemius.com * Author: LJ Apps * Author URI: http://ljapps.com/ --- Vulnerable notinstring construction in real product source --- 28 if($totaltoget>0){ 29 //this must be load more click 30 $totaltoget = $totaltoget + 1; //testing to see if we need to show the load more btn again. 31 $tablelimit = $totaltoget; 32 //add a not in statement after $sortdir if we are rand search ex: AND book_price NOT IN (100,200) 33 if($notinstring!=''){ 34 //explode implode for safety 35 $tempnotinarray = explode(",",$notinstring); 36 if(is_array($tempnotinarray)){ 37 $notinstring = implode(",",$tempnotinarray); 38 $notinsearchstring = " AND id NOT IN (".$notinstring.") "; 39 } 40 } 41 $tablelimit = $startoffset.",".$totaltoget; 42 --- Real unauthenticated AJAX handler source --- 2360 */ 2361 public function wppro_loadmore_revs_ajax(){ 2362 //ini_set('display_errors',1); 2363 //error_reporting(E_ALL); 2364 2365 global $wpdb; 2366 $table_name = $wpdb->prefix . 'wpfb_post_templates'; 2367 2368 check_ajax_referer('randomnoncestring', 'wpfb_nonce'); 2369 $templateid = intval(sanitize_text_field($_POST['revid'])); 2370 $perrow = intval(sanitize_text_field($_POST['perrow'])); 2371 $nrows = intval(sanitize_text_field($_POST['nrows'])); 2372 $callnum = intval(sanitize_text_field($_POST['callnum'])); 2373 $notinstring = sanitize_text_field($_POST['notinstring']); 2374 $onereview = sanitize_text_field($_POST['onereview']); 2375 $shortcodepageid = sanitize_text_field($_POST['shortcodepageid']); 2376 $shortcodelang = sanitize_text_field($_POST['shortcodelang']); 2377 $shortcodetag = sanitize_text_field($_POST['shortcodetag']); 2378 $cpostid = sanitize_text_field($_POST['cpostid']);