From 028c0ee595e5e279cb976a77335f14819505fe96 Mon Sep 17 00:00:00 2001
From: James Welbes <james.welbes@gmail.com>
Date: Fri, 7 Apr 2023 10:35:59 -0500
Subject: [PATCH 1/4] made upgrade notice only show on rcp pages

---
 restrictcontent.php | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/restrictcontent.php b/restrictcontent.php
index c71901f..301fabc 100644
--- a/restrictcontent.php
+++ b/restrictcontent.php
@@ -943,15 +943,22 @@ function rc_deactivate_plugin()
 
 add_action('admin_init', 'rc_deactivate_plugin');
 
-function restrict_content_3_update_notification()
-{
-    if (! get_option('dismissed-restrict-content-upgrade-notice', false) ) {
+function restrict_content_3_update_notification() {
+    global $pagenow;
+
+    // Check if the current page is an admin.php page
+    if ($pagenow !== 'admin.php') {
+        return;
+    }
+
+    // Check if the current screen is one of the Restrict Content screens
+    if (isset($_GET['page']) && strpos($_GET['page'], 'rcp-') === 0 && !get_option('dismissed-restrict-content-upgrade-notice', false)) {
         ?>
         <div class="notice restrict-content-upgrade-notice notice-info is-dismissible">
             <p>
         <?php
         printf(
-            __('Thinking about upgrading? Check out our pro-only features. <a target="_blank" href="%s">Why Go Pro →</a>', 'LION'),
+            __('Thinking about upgrading to Restrict Content Pro? Check out our pro-only features. <a target="_blank" href="%s">Why Go Pro →</a>', 'LION'),
             'https://restrictcontentpro.com/why-go-pro/?utm_source=restrictcontent&utm_medium=plugin&utm_campaign=rc3_release&utm_content=dashboard-notice'
         );
         ?>
@@ -960,6 +967,9 @@ function restrict_content_3_update_notification()
         <?php
     }
 }
+add_action('admin_notices', 'restrict_content_3_update_notification');
+
+
 function restrict_content_bfcm_notice()
 {
     if (! get_option('dismissed-restrict-content-bfcm-notice', false) ) {
@@ -988,6 +998,6 @@ function restrict_content_bfcm_notice()
     }
 }
 
-add_action('admin_notices', 'restrict_content_3_update_notification');
+
 add_action('admin_notices', 'restrict_content_bfcm_notice');
 

From 5b15eaefad47ac0d46b0710e3e9e7869ab5edb56 Mon Sep 17 00:00:00 2001
From: James Welbes <james.welbes@gmail.com>
Date: Fri, 7 Apr 2023 10:50:18 -0500
Subject: [PATCH 2/4] include plugins page

---
 restrictcontent.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/restrictcontent.php b/restrictcontent.php
index 301fabc..a988008 100644
--- a/restrictcontent.php
+++ b/restrictcontent.php
@@ -946,13 +946,13 @@ function rc_deactivate_plugin()
 function restrict_content_3_update_notification() {
     global $pagenow;
 
-    // Check if the current page is an admin.php page
-    if ($pagenow !== 'admin.php') {
+    // Check if the current page is an admin.php or plugins.php page
+    if ($pagenow !== 'admin.php' && $pagenow !== 'plugins.php') {
         return;
     }
 
-    // Check if the current screen is one of the Restrict Content screens
-    if (isset($_GET['page']) && strpos($_GET['page'], 'rcp-') === 0 && !get_option('dismissed-restrict-content-upgrade-notice', false)) {
+    // Check if the current screen is one of the Restrict Content screens or the plugins page
+    if (($pagenow === 'plugins.php' || (isset($_GET['page']) && strpos($_GET['page'], 'rcp-') === 0)) && !get_option('dismissed-restrict-content-upgrade-notice', false)) {
         ?>
         <div class="notice restrict-content-upgrade-notice notice-info is-dismissible">
             <p>

From 939abb7a7d94c349f67fc2032db8066041587370 Mon Sep 17 00:00:00 2001
From: James Welbes <james.welbes@gmail.com>
Date: Fri, 7 Apr 2023 10:58:10 -0500
Subject: [PATCH 3/4] sanitize GET variable

---
 restrictcontent.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/restrictcontent.php b/restrictcontent.php
index a988008..6579712 100644
--- a/restrictcontent.php
+++ b/restrictcontent.php
@@ -951,8 +951,11 @@ function restrict_content_3_update_notification() {
         return;
     }
 
+    // Sanitize the 'page' query parameter
+    $page = isset($_GET['page']) ? sanitize_key($_GET['page']) : '';
+
     // Check if the current screen is one of the Restrict Content screens or the plugins page
-    if (($pagenow === 'plugins.php' || (isset($_GET['page']) && strpos($_GET['page'], 'rcp-') === 0)) && !get_option('dismissed-restrict-content-upgrade-notice', false)) {
+    if (($pagenow === 'plugins.php' || (strpos($page, 'rcp-') === 0)) && !get_option('dismissed-restrict-content-upgrade-notice', false)) {
         ?>
         <div class="notice restrict-content-upgrade-notice notice-info is-dismissible">
             <p>

From 41d2d45f80a4f5acc514e41f1a45a91f6efefb0c Mon Sep 17 00:00:00 2001
From: James Welbes <james.welbes@gmail.com>
Date: Fri, 7 Apr 2023 11:14:14 -0500
Subject: [PATCH 4/4] more thorough method of sanitizing GET

---
 restrictcontent.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/restrictcontent.php b/restrictcontent.php
index 6579712..ce73780 100644
--- a/restrictcontent.php
+++ b/restrictcontent.php
@@ -951,8 +951,8 @@ function restrict_content_3_update_notification() {
         return;
     }
 
-    // Sanitize the 'page' query parameter
-    $page = isset($_GET['page']) ? sanitize_key($_GET['page']) : '';
+     // Sanitize the 'page' query parameter
+     $page = isset($_GET['page']) ? sanitize_text_field( wp_unslash( $_GET['page'] ) ) : '';
 
     // Check if the current screen is one of the Restrict Content screens or the plugins page
     if (($pagenow === 'plugins.php' || (strpos($page, 'rcp-') === 0)) && !get_option('dismissed-restrict-content-upgrade-notice', false)) {