Advanced Contact form 7 DB - Version 1.8.3

Version Description

  • We have upgraded with Security patch.
  • Compatible with latest version wordpress 5.8.2
Download this release

Release Info

Developer vsourz1td
Plugin Icon 128x128 Advanced Contact form 7 DB
Version 1.8.3
Comparing to
See all releases

Code changes from version 1.8.2 to 1.8.3

Files changed (8) hide show
  1. README.txt +7 -3
  2. admin/class-advanced-cf7-db-admin.php +164 -29
  3. admin/js/advanced-cf7-db-admin.js +149 -103
  4. admin/partials/contact_form_listing.php +4 -1
  5. admin/partials/import_cf7_entry.class.php +11 -1
  6. advanced-cf7-db.php +2 -2
  7. includes/class-advanced-cf7-db.php +2 -2
  8. includes/vsz-cf7-db-function.php +1 -0
README.txt CHANGED
@@ -1,9 +1,9 @@
1
  === Advanced Contact form 7 DB ===
2
  Contributors: vsourz1td
3
- Tags: contact form 7 db, advanced cf7 db, contact form 7 database, contact form db, contact form 7, save form data, save contact form, save cf7, database, cf7db, save-contact-form, Save-Forms-Data, import-cf7, export-contact-data, view-cf7-entry
4
  Requires at least: 4.0
5
- Tested up to: 5.7.2
6
- Stable tag: 1.8.2
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -191,6 +191,10 @@ return $contact_form_ids;
191
 
192
 
193
  == Changelog ==
 
 
 
 
194
  = 1.8.2 =
195
  * Fixed save file related issue.
196
  * Compatible with latest version wordpress 5.7.2
1
  === Advanced Contact form 7 DB ===
2
  Contributors: vsourz1td
3
+ Tags: contact form 7 db, contact form db, advanced cf7 db, contact form 7 database, contact form db, contact form 7, save form data, save contact form, save cf7, database, cf7db, save-contact-form, Save-Forms-Data, import-cf7, export-contact-data, view-cf7-entry
4
  Requires at least: 4.0
5
+ Tested up to: 5.8.2
6
+ Stable tag: 1.8.3
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
191
 
192
 
193
  == Changelog ==
194
+ = 1.8.3 =
195
+ * We have upgraded with Security patch.
196
+ * Compatible with latest version wordpress 5.8.2
197
+
198
  = 1.8.2 =
199
  * Fixed save file related issue.
200
  * Compatible with latest version wordpress 5.7.2
admin/class-advanced-cf7-db-admin.php CHANGED
@@ -370,12 +370,12 @@ class Advanced_Cf7_Db_Admin {
370
  /**
371
  * Display edit link with each entry in table
372
  */
373
- function vsz_cf7_admin_after_body_edit_field_func($form_id, $row_id){
374
  //Define thickbox popup function
375
  add_thickbox();
376
  $row_id = (int)$row_id;
377
  ?><td>
378
- <a data-rid="<?php echo $row_id; ?>" href="#TB_inline?width=600&height=550&inlineId=cf7d-modal-edit-value" id="cf7d-edit-form" class="thickbox cf7d-edit-value" name="Edit Information">
379
  <i class="fa fa-pencil-square-o" title="Edit" aria-hidden="true" style="font-size:20px;"></i>
380
  </a>
381
  </td><?php
@@ -725,6 +725,16 @@ class Advanced_Cf7_Db_Admin {
725
  // This nonce is not valid.
726
  return;
727
  }
 
 
 
 
 
 
 
 
 
 
728
  $arr_field_type = '';
729
 
730
  //Get field type information here
@@ -808,7 +818,15 @@ class Advanced_Cf7_Db_Admin {
808
  $del_id = implode(',', array_map('intval',$_POST['del_id']));
809
  //Get Form ID
810
  $fid = intval(sanitize_text_field($_POST['fid']));
811
-
 
 
 
 
 
 
 
 
812
  // Checking for file type
813
  $arr_field_type_info = vsz_field_type_info($fid);
814
 
@@ -888,6 +906,7 @@ class Advanced_Cf7_Db_Admin {
888
  * @param $_POST
889
  * rid = recordid
890
  * fid = CF7 formid
 
891
  */
892
  public function vsz_cf7_edit_form_ajax(){
893
 
@@ -895,11 +914,22 @@ class Advanced_Cf7_Db_Admin {
895
  //Check entry id set or not in current request
896
  $rid = ((isset($_POST['rid']) && !empty($_POST['rid'])) ? intval(sanitize_text_field($_POST['rid'])) : '');
897
  $fid = ((isset($_POST['fid']) && !empty($_POST['fid'])) ? intval(sanitize_text_field($_POST['fid'])) : '');
 
 
898
 
899
  if( empty( $rid ) || empty( $fid ) ){
900
  echo json_encode('@@You do not have access to edit the data.');
901
  exit;
902
  }
 
 
 
 
 
 
 
 
 
903
 
904
  // Checking for the capability
905
  $edit_cap = 'cf7_db_form_edit_'.$fid;
@@ -1074,35 +1104,65 @@ class Advanced_Cf7_Db_Admin {
1074
  // Function to upload file from edit file popup
1075
  function vsz_acf7_db_edit_scr_file_upload(){
1076
 
1077
- // Verify the current user can upload files
1078
- if ( !current_user_can('upload_files') ){
1079
- print 'Not_accessed_to_upload_file';
1080
- wp_die(__('You do not have permission to upload files.'));
1081
- }
1082
- if(isset($_FILES) && is_array($_FILES) && empty($_FILES)){
1083
- print 'Not_accessed_to_upload_file';
1084
  exit;
1085
  }
 
1086
  if(!isset($_POST["fid"]) || empty($_POST["fid"])){
1087
- print 'error';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1088
  exit;
1089
  }
 
1090
  if(!isset($_POST["rid"]) || empty($_POST["rid"])){
1091
- print 'error';
 
1092
  exit;
1093
  }
1094
  if(!isset($_POST["field"]) || empty($_POST["field"])){
1095
- print 'error';
 
1096
  exit;
1097
  }
1098
  $fileInfo = wp_check_filetype(basename($_FILES['image']['name']));
1099
- if (empty($fileInfo['ext'])) {
1100
- print 'Invalid_file_type._File_type_not_defined.';
 
1101
  exit;
1102
  }
1103
 
1104
  global $wpdb;
1105
- $fid = (int)sanitize_text_field($_POST["fid"]);
1106
  $rid = (int)sanitize_text_field($_POST["rid"]);
1107
  $field = sanitize_text_field($_POST["field"]);
1108
 
@@ -1112,9 +1172,12 @@ class Advanced_Cf7_Db_Admin {
1112
  wp_mkdir_p($temp_dir_upload);
1113
 
1114
  if(is_array($_FILES) && !empty($_FILES)){
 
 
1115
  $maxsize = 8000000;
1116
  if(($_FILES['image']['size'] >= $maxsize) || empty($_FILES['image']['size'])) {
1117
- echo 'invalid_size';
 
1118
  exit;
1119
  }
1120
  $filename = sanitize_text_field($_FILES["image"]["name"]);
@@ -1124,7 +1187,8 @@ class Advanced_Cf7_Db_Admin {
1124
  $validExtArray = array( 'jpg','jpeg','png','gif','pdf','doc','docx','ppt','pptx','odt','avi','ogg','m4a','mov','mp3','mp4','mpg','wav','wmv');
1125
  $ext = end((explode(".", $filename)));
1126
  if(!in_array($ext,$validExtArray)){
1127
- echo 'invalid_type';
 
1128
  exit;
1129
  }
1130
 
@@ -1136,12 +1200,15 @@ class Advanced_Cf7_Db_Admin {
1136
 
1137
  $res = $wpdb->update(VSZ_CF7_DATA_ENTRY_TABLE_NAME, array("value" => $file_url), array("data_id" => $rid, "cf7_id" => $fid, "name" => $field));
1138
  if($res !== false){
 
1139
  echo "$newfilename~~@@~~&&~~$file_url";
1140
  wp_die();
 
1141
  }
1142
  else{
1143
- echo "n";
1144
- wp_die();
 
1145
  }
1146
  }
1147
  }
@@ -1154,24 +1221,57 @@ class Advanced_Cf7_Db_Admin {
1154
  */
1155
  function vsz_acf7_db_edit_scr_file_delete(){
1156
 
 
 
 
 
 
 
1157
  if(!isset($_POST["fid"]) || empty($_POST["fid"])){
1158
- print 'error';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1159
  exit;
1160
  }
 
1161
  if(!isset($_POST["rid"]) || empty($_POST["rid"])){
1162
- print 'error';
 
1163
  exit;
1164
  }
1165
  if(!isset($_POST["field"]) || empty($_POST["field"])){
1166
- print 'error';
 
1167
  exit;
1168
  }
1169
  if(!isset($_POST["val"]) || empty($_POST["val"])){
1170
- print 'error';
 
1171
  exit;
1172
  }
1173
 
1174
- $fid = (int)sanitize_text_field($_POST["fid"]);
1175
  $rid = (int)sanitize_text_field($_POST["rid"]);
1176
  $field = sanitize_text_field($_POST["field"]);
1177
  $val = sanitize_text_field($_POST["val"]);
@@ -1198,7 +1298,20 @@ class Advanced_Cf7_Db_Admin {
1198
  * Generate CSV file here
1199
  */
1200
  function vsz_cf7_export_to_csv($fid, $ids_export = ''){
1201
- global $wpdb;
 
 
 
 
 
 
 
 
 
 
 
 
 
1202
 
1203
  $fid = intval($fid);
1204
  if( empty( $fid ) ){
@@ -1241,6 +1354,18 @@ function vsz_cf7_export_to_csv($fid, $ids_export = ''){
1241
  function vsz_cf7_export_to_excel($fid, $ids_export){
1242
 
1243
  global $wpdb;
 
 
 
 
 
 
 
 
 
 
 
 
1244
 
1245
  $fid = intval($fid);
1246
  if( empty( $fid ) ){
@@ -1294,9 +1419,6 @@ function vsz_cf7_export_to_excel($fid, $ids_export){
1294
  $col++;
1295
 
1296
  }
1297
- /* echo '<pre>';
1298
- var_dump($data_sorted);
1299
- exit; */
1300
  //Consider new row for each entry here
1301
  $row++;
1302
  }
@@ -1316,7 +1438,20 @@ function vsz_cf7_export_to_excel($fid, $ids_export){
1316
  }
1317
  //Generate pdf file here
1318
  function vsz_cf7_export_to_pdf($fid, $ids_export){
 
1319
  global $wpdb;
 
 
 
 
 
 
 
 
 
 
 
 
1320
  $fid = intval($fid);
1321
  if( empty( $fid ) ){
1322
  return 'You do not have the permission to export the data';
370
  /**
371
  * Display edit link with each entry in table
372
  */
373
+ function vsz_cf7_admin_after_body_edit_field_func($form_id, $row_id,$getDatanonce){
374
  //Define thickbox popup function
375
  add_thickbox();
376
  $row_id = (int)$row_id;
377
  ?><td>
378
+ <a data-rid="<?php echo $row_id; ?>" data-nonce="<?php print $getDatanonce;?>" href="#TB_inline?width=600&height=550&inlineId=cf7d-modal-edit-value" id="cf7d-edit-form" class="thickbox cf7d-edit-value" name="Edit Information">
379
  <i class="fa fa-pencil-square-o" title="Edit" aria-hidden="true" style="font-size:20px;"></i>
380
  </a>
381
  </td><?php
725
  // This nonce is not valid.
726
  return;
727
  }
728
+
729
+ //added in 1.8.3
730
+ // Checking for the capability
731
+ $edit_cap = 'cf7_db_form_edit_'.$fid;
732
+ if(!cf7_check_capability( $edit_cap ) ){
733
+ //Current user does not have edit access
734
+ return;
735
+ }
736
+
737
+
738
  $arr_field_type = '';
739
 
740
  //Get field type information here
818
  $del_id = implode(',', array_map('intval',$_POST['del_id']));
819
  //Get Form ID
820
  $fid = intval(sanitize_text_field($_POST['fid']));
821
+
822
+ //added in 1.8.3
823
+ // Checking for the capability
824
+ $edit_cap = 'cf7_db_form_edit_'.$fid;
825
+ if(!cf7_check_capability( $edit_cap ) ){
826
+ //Current user does not have edit access
827
+ wp_die(__('You do not have permission to delete files.'));
828
+ }
829
+
830
  // Checking for file type
831
  $arr_field_type_info = vsz_field_type_info($fid);
832
 
906
  * @param $_POST
907
  * rid = recordid
908
  * fid = CF7 formid
909
+ * getEntryNonce = nonce value
910
  */
911
  public function vsz_cf7_edit_form_ajax(){
912
 
914
  //Check entry id set or not in current request
915
  $rid = ((isset($_POST['rid']) && !empty($_POST['rid'])) ? intval(sanitize_text_field($_POST['rid'])) : '');
916
  $fid = ((isset($_POST['fid']) && !empty($_POST['fid'])) ? intval(sanitize_text_field($_POST['fid'])) : '');
917
+ //added in 1.8.3
918
+ $getEntryNonce = ((isset($_POST['getEntryNonce']) && !empty($_POST['getEntryNonce'])) ? sanitize_text_field($_POST['getEntryNonce']) : '');
919
 
920
  if( empty( $rid ) || empty( $fid ) ){
921
  echo json_encode('@@You do not have access to edit the data.');
922
  exit;
923
  }
924
+
925
+ //added in 1.8.3
926
+ //verify nonce value here
927
+ if(!wp_verify_nonce($getEntryNonce, 'vsz-cf7-get-entry-nonce-'.$fid)) {
928
+ echo json_encode('@@You do not have access to edit the data.');
929
+ exit;
930
+ }
931
+
932
+
933
 
934
  // Checking for the capability
935
  $edit_cap = 'cf7_db_form_edit_'.$fid;
1104
  // Function to upload file from edit file popup
1105
  function vsz_acf7_db_edit_scr_file_upload(){
1106
 
1107
+ //added in 1.8.3
1108
+ // check nonce
1109
+ if(!isset($_POST['vsz_cf7_edit_nonce']) || empty($_POST['vsz_cf7_edit_nonce'])){
1110
+ print 'error@~@';
1111
+ wp_die(__('Something may be wrong, please try again later.'));
 
 
1112
  exit;
1113
  }
1114
+
1115
  if(!isset($_POST["fid"]) || empty($_POST["fid"])){
1116
+ print 'error@~@';
1117
+ wp_die(__('Something may be wrong, please try again later.'));
1118
+ exit;
1119
+ }
1120
+
1121
+ $fid = (int)sanitize_text_field($_POST["fid"]);
1122
+
1123
+ //Verify nonce value
1124
+ $nonce = sanitize_text_field($_POST['vsz_cf7_edit_nonce']);
1125
+ if(!wp_verify_nonce( $nonce, 'vsz-cf7-edit-nonce-'.$fid)){
1126
+ print 'error@~@';
1127
+ wp_die(__('Something may be wrong, please try again later.'));
1128
+ exit;
1129
+ }
1130
+
1131
+ // Verify the current user can upload or delete files
1132
+ //added in 1.8.3
1133
+ // Checking for the capability
1134
+ $edit_cap = 'cf7_db_form_edit_'.$fid;
1135
+ if(!cf7_check_capability( $edit_cap ) ){
1136
+ //Current user does not have edit access
1137
+ print 'error@~@';
1138
+ wp_die(__('You do not have permission to upload files.'));
1139
+ exit;
1140
+ }
1141
+
1142
+ if(isset($_FILES) && is_array($_FILES) && empty($_FILES)){
1143
+ print 'error@~@';
1144
+ wp_die(__('Something may be wrong, please try again later.'));
1145
  exit;
1146
  }
1147
+
1148
  if(!isset($_POST["rid"]) || empty($_POST["rid"])){
1149
+ print 'error@~@';
1150
+ wp_die(__('Something may be wrong, please try again later.'));
1151
  exit;
1152
  }
1153
  if(!isset($_POST["field"]) || empty($_POST["field"])){
1154
+ print 'error@~@';
1155
+ wp_die(__('Something may be wrong, please try again later.'));
1156
  exit;
1157
  }
1158
  $fileInfo = wp_check_filetype(basename($_FILES['image']['name']));
1159
+ if(empty($fileInfo['ext'])){
1160
+ print 'error@~@';
1161
+ wp_die(__('Kindly upload valid file type.'));
1162
  exit;
1163
  }
1164
 
1165
  global $wpdb;
 
1166
  $rid = (int)sanitize_text_field($_POST["rid"]);
1167
  $field = sanitize_text_field($_POST["field"]);
1168
 
1172
  wp_mkdir_p($temp_dir_upload);
1173
 
1174
  if(is_array($_FILES) && !empty($_FILES)){
1175
+
1176
+ //verify file size here
1177
  $maxsize = 8000000;
1178
  if(($_FILES['image']['size'] >= $maxsize) || empty($_FILES['image']['size'])) {
1179
+ print 'error@~@';
1180
+ wp_die(__('You can upload maximum 7.60 MB file.'));
1181
  exit;
1182
  }
1183
  $filename = sanitize_text_field($_FILES["image"]["name"]);
1187
  $validExtArray = array( 'jpg','jpeg','png','gif','pdf','doc','docx','ppt','pptx','odt','avi','ogg','m4a','mov','mp3','mp4','mpg','wav','wmv');
1188
  $ext = end((explode(".", $filename)));
1189
  if(!in_array($ext,$validExtArray)){
1190
+ print 'error@~@';
1191
+ wp_die(__('Kindly upload valid file type.'));
1192
  exit;
1193
  }
1194
 
1200
 
1201
  $res = $wpdb->update(VSZ_CF7_DATA_ENTRY_TABLE_NAME, array("value" => $file_url), array("data_id" => $rid, "cf7_id" => $fid, "name" => $field));
1202
  if($res !== false){
1203
+ print 'success@~@';
1204
  echo "$newfilename~~@@~~&&~~$file_url";
1205
  wp_die();
1206
+ exit;
1207
  }
1208
  else{
1209
+ print 'error@~@';
1210
+ wp_die(__('File is not uploaded, kindly try again later.'));
1211
+ exit;
1212
  }
1213
  }
1214
  }
1221
  */
1222
  function vsz_acf7_db_edit_scr_file_delete(){
1223
 
1224
+ if(!isset($_POST["vsz_cf7_edit_nonce"]) || empty($_POST["vsz_cf7_edit_nonce"])){
1225
+ print 'error@~@';
1226
+ wp_die(__('Something may be wrong, please try again later.'));
1227
+ exit;
1228
+ }
1229
+
1230
  if(!isset($_POST["fid"]) || empty($_POST["fid"])){
1231
+ print 'error@~@';
1232
+ wp_die(__('Something may be wrong, please try again later.'));
1233
+ exit;
1234
+ }
1235
+
1236
+ //get current form id here
1237
+ $fid = (int)sanitize_text_field($_POST["fid"]);
1238
+
1239
+ //Verify nonce value
1240
+ ////add in 1.8.3
1241
+ $nonce = sanitize_text_field($_POST['vsz_cf7_edit_nonce']);
1242
+ if(!wp_verify_nonce( $nonce, 'vsz-cf7-edit-nonce-'.$fid)){
1243
+ print 'error@~@';
1244
+ wp_die(__('Something may be wrong, please try again later.'));
1245
+ exit;
1246
+ }
1247
+ // Verify the current user can upload or delete files
1248
+ //added in 1.8.3
1249
+ // Checking for the capability
1250
+ $edit_cap = 'cf7_db_form_edit_'.$fid;
1251
+ if(!cf7_check_capability( $edit_cap ) ){
1252
+ //Current user does not have edit access
1253
+ print 'error@~@';
1254
+ wp_die(__('You do not have permission to delete files.'));
1255
  exit;
1256
  }
1257
+
1258
  if(!isset($_POST["rid"]) || empty($_POST["rid"])){
1259
+ print 'error@~@';
1260
+ wp_die(__('Something may be wrong, please try again later.'));
1261
  exit;
1262
  }
1263
  if(!isset($_POST["field"]) || empty($_POST["field"])){
1264
+ print 'error@~@';
1265
+ wp_die(__('Something may be wrong, please try again later.'));
1266
  exit;
1267
  }
1268
  if(!isset($_POST["val"]) || empty($_POST["val"])){
1269
+ print 'error@~@';
1270
+ wp_die(__('Something may be wrong, please try again later.'));
1271
  exit;
1272
  }
1273
 
1274
+
1275
  $rid = (int)sanitize_text_field($_POST["rid"]);
1276
  $field = sanitize_text_field($_POST["field"]);
1277
  $val = sanitize_text_field($_POST["val"]);
1298
  * Generate CSV file here
1299
  */
1300
  function vsz_cf7_export_to_csv($fid, $ids_export = ''){
1301
+
1302
+ global $wpdb;
1303
+
1304
+ if(!isset($_POST['_wpnonce']) || (isset($_POST['_wpnonce']) && empty($_POST['_wpnonce']))){
1305
+ return 'You do not have the permission to export the data';
1306
+ }
1307
+
1308
+ //Get nonce value
1309
+ $nonce = sanitize_text_field($_POST['_wpnonce']);
1310
+ //Verify nonce value
1311
+ if(!wp_verify_nonce($nonce, 'vsz-cf7-action-nonce')) {
1312
+ return 'You do not have the permission to export the data';
1313
+ }
1314
+
1315
 
1316
  $fid = intval($fid);
1317
  if( empty( $fid ) ){
1354
  function vsz_cf7_export_to_excel($fid, $ids_export){
1355
 
1356
  global $wpdb;
1357
+
1358
+ if(!isset($_POST['_wpnonce']) || (isset($_POST['_wpnonce']) && empty($_POST['_wpnonce']))){
1359
+ return 'You do not have the permission to export the data';
1360
+ }
1361
+
1362
+ //Get nonce value
1363
+ $nonce = sanitize_text_field($_POST['_wpnonce']);
1364
+ //Verify nonce value
1365
+ if(!wp_verify_nonce($nonce, 'vsz-cf7-action-nonce')) {
1366
+ return 'You do not have the permission to export the data';
1367
+ }
1368
+
1369
 
1370
  $fid = intval($fid);
1371
  if( empty( $fid ) ){
1419
  $col++;
1420
 
1421
  }
 
 
 
1422
  //Consider new row for each entry here
1423
  $row++;
1424
  }
1438
  }
1439
  //Generate pdf file here
1440
  function vsz_cf7_export_to_pdf($fid, $ids_export){
1441
+
1442
  global $wpdb;
1443
+
1444
+ if(!isset($_POST['_wpnonce']) || (isset($_POST['_wpnonce']) && empty($_POST['_wpnonce']))){
1445
+ return 'You do not have the permission to export the data';
1446
+ }
1447
+
1448
+ //Get nonce value
1449
+ $nonce = sanitize_text_field($_POST['_wpnonce']);
1450
+ //Verify nonce value
1451
+ if(!wp_verify_nonce($nonce, 'vsz-cf7-action-nonce')) {
1452
+ return 'You do not have the permission to export the data';
1453
+ }
1454
+
1455
  $fid = intval($fid);
1456
  if( empty( $fid ) ){
1457
  return 'You do not have the permission to export the data';
admin/js/advanced-cf7-db-admin.js CHANGED
@@ -178,6 +178,8 @@ jQuery(document).ready(function($) {
178
  document.getElementById('overlayLoader').style.display = "block";
179
  var rid = parseInt(jQuery(this).data('rid'));
180
  var fid = parseInt(jQuery('#cf7_id').val());
 
 
181
 
182
  var arr_field_type = jQuery.parseJSON(jQuery('form#cf7d-modal-form-edit-value input[name="arr_field_type"]').val());
183
  var arr_option = ['radio','checkbox','select'];
@@ -218,7 +220,9 @@ jQuery(document).ready(function($) {
218
  type: 'POST',
219
  data: {
220
  'rid': rid,
221
- 'fid': fid
 
 
222
  },
223
  })
224
  .done(function(data) {
@@ -376,15 +380,20 @@ function add_remove_file(index,filename){
376
  if(confirm("Are you sure to remove the file? File will be deleted permanently and could not be retrieved.")){
377
 
378
  var fid = jQuery("input[name='fid']").val();
379
- var rid = jQuery("input[name='rid']").val();
 
 
 
380
  var field = index;
381
-
382
  var fd = new FormData();
383
  fd.append( "fid", fid);
384
  fd.append( "rid", rid);
385
  fd.append( "field", field);
386
  fd.append( "val", filename);
387
  fd.append( "action", "acf7_db_edit_scr_file_delete");
 
 
388
 
389
  jQuery.ajax({
390
  url: ajaxurl,
@@ -396,80 +405,105 @@ function add_remove_file(index,filename){
396
  document.getElementById('overlayLoader').style.display = "block";
397
  },
398
  success: function(data) {
399
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().prepend('<input type="file" name="field['+index+']" class="field-'+index+'-val edit-field-file-val" />');
400
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('a').remove();
401
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<span class="margin_left">Maximum file size allowed : 7.60 MB.</span><span class="margin_left" style="display: block;">It is possible that server has limit less than 7.60 MB, in that case it can terminate the request. It is advisable to keep upload file size as minimum as possible.</span>');
402
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).hide();
403
-
404
- document.getElementById('overlayLoader').style.display = "none";
405
-
406
- jQuery(".field-"+index+"-val").change(function(){
407
- var thisdata = jQuery(this);
408
- var fileName = jQuery(thisdata).val();
409
- var checkvalidate = 1;
410
-
411
- if(fileName != "" && fileName != undefined){
412
- var fd = new FormData();
413
- var fid = jQuery("input[name='fid']").val();
414
- var rid = jQuery("input[name='rid']").val();
415
- var field = index;
416
-
417
- fd.append( "image", jQuery(thisdata)[0].files[0]);
418
- fd.append( "action", "acf7_db_edit_scr_file_upload");
419
- fd.append( "fid", fid);
420
- fd.append( "rid", rid);
421
- fd.append( "field", field);
422
-
423
- jQuery.ajax({
424
- url: ajaxurl,
425
- type: 'POST',
426
- data : fd,
427
- processData: false,
428
- contentType: false,
429
- beforeSend: function() {
430
- document.getElementById('overlayLoader').style.display = "block";
431
- },
432
-
433
- success: function(data) {
434
- if(data == "Not_accessed_to_upload_file"){
435
- alert("You do not have permission to upload files.");
436
- }
437
- else if(data == "invalid_type"){
438
- alert("Invalid file type.");
439
- }
440
- else if(data == "invalid_size"){
441
- alert("Maximum file size allowed is 7.60 MB.");
442
- }
443
- else{
444
- dataArr = data.split("~~@@~~&&~~");
445
-
446
- var filename = dataArr[0];
447
- var el = dataArr[1];
448
-
449
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).attr('value', filename);
450
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).css("border","");
451
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a class="margin_left" href="'+el+'" target="_blank" download >Download</a>');
452
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a value="Change" class="vsz_cf7_db_file_edit" style="margin-left: 10px;" href="javascript:void(0);" >Remove</a>');
453
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).show();
454
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('.field-'+index+'-val').remove();
455
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('span.margin_left').remove();
456
-
457
- // Calling function which will handle the removal and new upload of the files
458
- add_remove_file(index,filename);
459
- }
460
-
461
- document.getElementById('overlayLoader').style.display = "none";
462
- },
463
-
464
- error: function(data) {
465
- console.log(data);
466
- document.getElementById('overlayLoader').style.display = "none";
467
- alert("Sorry file was not uploaded.");
468
- return false;
469
- },
470
- });
471
  }
472
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
473
  },
474
  error: function(data) {
475
  console.log(data);
@@ -499,14 +533,20 @@ function add_remove_file(index,filename){
499
  if(fileName != "" && fileName != undefined){
500
  var fd = new FormData();
501
  var fid = jQuery("input[name='fid']").val();
502
- var rid = jQuery("input[name='rid']").val();
503
  var field = index;
 
 
 
 
 
504
 
505
  fd.append( "image", jQuery(thisdata)[0].files[0]);
506
  fd.append( "action", "acf7_db_edit_scr_file_upload");
507
  fd.append( "fid", fid);
508
  fd.append( "rid", rid);
509
  fd.append( "field", field);
 
 
510
 
511
  jQuery.ajax({
512
  url: ajaxurl,
@@ -519,36 +559,42 @@ function add_remove_file(index,filename){
519
  },
520
 
521
  success: function(data) {
522
- if(data == "Not_accessed_to_upload_file"){
523
- alert("You do not have permission to upload files.");
524
- }
525
- else if(data == "invalid_type"){
526
- alert("Invalid file type.");
527
- }
528
- else if(data == "invalid_size"){
529
- alert("Maximum file size allowed is 7.60 MB.");
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
530
  }
531
  else{
532
- dataArr = data.split("~~@@~~&&~~");
533
-
534
- var filename = dataArr[0];
535
- var el = dataArr[1];
536
-
537
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).attr('value', filename);
538
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).css("border","");
539
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a class="margin_left" href="'+el+'" target="_blank" download >Download</a>');
540
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a value="Change" class="vsz_cf7_db_file_edit" style="margin-left: 10px;" href="javascript:void(0);" >Remove</a>');
541
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).show();
542
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('.field-'+index+'-val').remove();
543
- jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('span.margin_left').remove();
544
-
545
- // Calling function which will handle the removal and new upload of the files
546
- add_remove_file(index,filename);
547
  }
548
-
549
- document.getElementById('overlayLoader').style.display = "none";
550
  },
551
-
552
  error: function(data) {
553
  console.log(data);
554
  document.getElementById('overlayLoader').style.display = "none";
178
  document.getElementById('overlayLoader').style.display = "block";
179
  var rid = parseInt(jQuery(this).data('rid'));
180
  var fid = parseInt(jQuery('#cf7_id').val());
181
+ //added in 1.8.3
182
+ var getEntryNonce = jQuery(this).data('nonce');
183
 
184
  var arr_field_type = jQuery.parseJSON(jQuery('form#cf7d-modal-form-edit-value input[name="arr_field_type"]').val());
185
  var arr_option = ['radio','checkbox','select'];
220
  type: 'POST',
221
  data: {
222
  'rid': rid,
223
+ 'fid': fid,
224
+ //added in 1.8.3
225
+ 'getEntryNonce': getEntryNonce
226
  },
227
  })
228
  .done(function(data) {
380
  if(confirm("Are you sure to remove the file? File will be deleted permanently and could not be retrieved.")){
381
 
382
  var fid = jQuery("input[name='fid']").val();
383
+ //var rid = jQuery("input[name='rid']").val();
384
+ //added in 1.8.3
385
+ var rid = jQuery(this).closest('form').find("input[name='rid']").val();
386
+ var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
387
  var field = index;
388
+
389
  var fd = new FormData();
390
  fd.append( "fid", fid);
391
  fd.append( "rid", rid);
392
  fd.append( "field", field);
393
  fd.append( "val", filename);
394
  fd.append( "action", "acf7_db_edit_scr_file_delete");
395
+ //added in 1.8.3
396
+ fd.append( "vsz_cf7_edit_nonce", editNonce);
397
 
398
  jQuery.ajax({
399
  url: ajaxurl,
405
  document.getElementById('overlayLoader').style.display = "block";
406
  },
407
  success: function(data) {
408
+ //add in 1.8.3
409
+ if(data.includes('@~@')){
410
+
411
+ var arrRes = data.split('@~@');
412
+ if(arrRes[0] == 'error'){
413
+ document.getElementById('overlayLoader').style.display = "none";
414
+ alert(arrRes[1]);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
415
  }
416
+ }
417
+ else{
418
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().prepend('<input type="file" name="field['+index+']" class="field-'+index+'-val edit-field-file-val" />');
419
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('a').remove();
420
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<span class="margin_left">Maximum file size allowed : 7.60 MB.</span><span class="margin_left" style="display: block;">It is possible that server has limit less than 7.60 MB, in that case it can terminate the request. It is advisable to keep upload file size as minimum as possible.</span>');
421
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).hide();
422
+
423
+ document.getElementById('overlayLoader').style.display = "none";
424
+
425
+ jQuery(".field-"+index+"-val").change(function(){
426
+ var thisdata = jQuery(this);
427
+ var fileName = jQuery(thisdata).val();
428
+ var checkvalidate = 1;
429
+
430
+ if(fileName != "" && fileName != undefined){
431
+ var fd = new FormData();
432
+ var fid = jQuery("input[name='fid']").val();
433
+ //var rid = jQuery("input[name='rid']").val();
434
+ //added in 1.8.3
435
+ var rid = jQuery(this).closest('form').find("input[name='rid']").val();
436
+ var field = index;
437
+ //added in 1.8.3
438
+ var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
439
+
440
+ fd.append( "image", jQuery(thisdata)[0].files[0]);
441
+ fd.append( "action", "acf7_db_edit_scr_file_upload");
442
+ fd.append( "fid", fid);
443
+ fd.append( "rid", rid);
444
+ fd.append( "field", field);
445
+ //added in 1.8.3
446
+ fd.append( "vsz_cf7_edit_nonce", editNonce);
447
+
448
+ jQuery.ajax({
449
+ url: ajaxurl,
450
+ type: 'POST',
451
+ data : fd,
452
+ processData: false,
453
+ contentType: false,
454
+ beforeSend: function() {
455
+ document.getElementById('overlayLoader').style.display = "block";
456
+ },
457
+ success: function(data) {
458
+
459
+ //add in 1.8.3
460
+ if(data.includes('@~@')){
461
+
462
+ var arrRes = data.split('@~@');
463
+ if(arrRes[0] == 'error'){
464
+ document.getElementById('overlayLoader').style.display = "none";
465
+ alert(arrRes[1]);
466
+ }
467
+ else if(arrRes[0] == 'success'){
468
+
469
+ //get uploaded file information here
470
+ dataArr = arrRes[1].split("~~@@~~&&~~");
471
+
472
+ var filename = dataArr[0];
473
+ var el = dataArr[1];
474
+
475
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).attr('value', filename);
476
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).css("border","");
477
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a class="margin_left" href="'+el+'" target="_blank" download >Download</a>');
478
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a value="Change" class="vsz_cf7_db_file_edit" style="margin-left: 10px;" href="javascript:void(0);" >Remove</a>');
479
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).show();
480
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('.field-'+index+'-val').remove();
481
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('span.margin_left').remove();
482
+
483
+ // Calling function which will handle the removal and new upload of the files
484
+ add_remove_file(index,filename);
485
+ document.getElementById('overlayLoader').style.display = "none";
486
+
487
+ }
488
+ }
489
+ else{
490
+ document.getElementById('overlayLoader').style.display = "none";
491
+ alert("Sorry file was not uploaded, please try again later.");
492
+ }
493
+
494
+ },
495
+ error: function(data) {
496
+ console.log(data);
497
+ document.getElementById('overlayLoader').style.display = "none";
498
+ alert("Sorry file was not uploaded.");
499
+ return false;
500
+ },
501
+ });
502
+ }
503
+ });
504
+ }
505
+
506
+
507
  },
508
  error: function(data) {
509
  console.log(data);
533
  if(fileName != "" && fileName != undefined){
534
  var fd = new FormData();
535
  var fid = jQuery("input[name='fid']").val();
 
536
  var field = index;
537
+ //var rid = jQuery("input[name='rid']").val();
538
+ //added in 1.8.3
539
+ var rid = jQuery(this).closest('form').find("input[name='rid']").val();
540
+ var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
541
+
542
 
543
  fd.append( "image", jQuery(thisdata)[0].files[0]);
544
  fd.append( "action", "acf7_db_edit_scr_file_upload");
545
  fd.append( "fid", fid);
546
  fd.append( "rid", rid);
547
  fd.append( "field", field);
548
+ //added in 1.8.3
549
+ fd.append( "vsz_cf7_edit_nonce", editNonce);
550
 
551
  jQuery.ajax({
552
  url: ajaxurl,
559
  },
560
 
561
  success: function(data) {
562
+
563
+ //add in 1.8.3
564
+ if(data.includes('@~@')){
565
+
566
+ var arrRes = data.split('@~@');
567
+ if(arrRes[0] == 'error'){
568
+ document.getElementById('overlayLoader').style.display = "none";
569
+ alert(arrRes[1]);
570
+ }
571
+ else if(arrRes[0] == 'success'){
572
+
573
+ //get uploaded file information here
574
+ dataArr = arrRes[1].split("~~@@~~&&~~");
575
+
576
+ var filename = dataArr[0];
577
+ var el = dataArr[1];
578
+
579
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).attr('value', filename);
580
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).css("border","");
581
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a class="margin_left" href="'+el+'" target="_blank" download >Download</a>');
582
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().append('<a value="Change" class="vsz_cf7_db_file_edit" style="margin-left: 10px;" href="javascript:void(0);" >Remove</a>');
583
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).show();
584
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('.field-'+index+'-val').remove();
585
+ jQuery('form#cf7d-modal-form-edit-value .field-' + index).parent().find('span.margin_left').remove();
586
+
587
+ // Calling function which will handle the removal and new upload of the files
588
+ add_remove_file(index,filename);
589
+ document.getElementById('overlayLoader').style.display = "none";
590
+
591
+ }
592
  }
593
  else{
594
+ document.getElementById('overlayLoader').style.display = "none";
595
+ alert("Sorry file was not uploaded, please try again later.");
 
 
 
 
 
 
 
 
 
 
 
 
 
596
  }
 
 
597
  },
 
598
  error: function(data) {
599
  console.log(data);
600
  document.getElementById('overlayLoader').style.display = "none";
admin/partials/contact_form_listing.php CHANGED
@@ -297,6 +297,9 @@ else{
297
 
298
  //Add filter for customize bulk action values
299
  $entry_actions = apply_filters('vsz_cf7_entry_actions', $entry_actions);
 
 
 
300
 
301
  //Form listing design structure start here
302
  ?><div class="wrap our-class">
@@ -385,7 +388,7 @@ else{
385
  $row_id = $k;
386
  //Display edit entry icon
387
  if($edit == true){
388
- do_action('vsz_cf7_admin_after_body_field', $fid, $row_id);
389
  }
390
  foreach ($fields as $k2 => $v2) {
391
  //Get fields related values
297
 
298
  //Add filter for customize bulk action values
299
  $entry_actions = apply_filters('vsz_cf7_entry_actions', $entry_actions);
300
+
301
+ //define nonce for get entry details
302
+ $getDatanonce = wp_create_nonce( 'vsz-cf7-get-entry-nonce-'.$fid );
303
 
304
  //Form listing design structure start here
305
  ?><div class="wrap our-class">
388
  $row_id = $k;
389
  //Display edit entry icon
390
  if($edit == true){
391
+ do_action('vsz_cf7_admin_after_body_field', $fid, $row_id,$getDatanonce);
392
  }
393
  foreach ($fields as $k2 => $v2) {
394
  //Get fields related values
admin/partials/import_cf7_entry.class.php CHANGED
@@ -9,13 +9,22 @@ if(!is_user_logged_in() || empty($_POST)){
9
  die('Try to do un-authorized access!');
10
  }
11
 
12
-
13
  //Define site global variables
14
  global $wpdb,$vsz_cf7_csv_upload_error;
15
 
16
  // Set Error object for get error during import process
17
  $vsz_cf7_csv_upload_error = new WP_Error;
18
 
 
 
 
 
 
 
 
 
 
 
19
 
20
  //Verify nonce values
21
  $nonceEntryCheck = sanitize_text_field($_POST['wp_entry_nonce']);
@@ -171,6 +180,7 @@ if(isset($_POST['submit']) && isset($_FILES['importFormList']) && !empty($_FILES
171
  $arr_insert_info['submit_time'] = date_format($sub_date,"Y-m-d H:i:s");
172
  }
173
  }
 
174
  //set default date and time in submit_time parameter
175
  if($date_insert_flag){
176
  $arr_insert_info['submit_time'] = date_i18n('Y-m-d H:i:s', time());
9
  die('Try to do un-authorized access!');
10
  }
11
 
 
12
  //Define site global variables
13
  global $wpdb,$vsz_cf7_csv_upload_error;
14
 
15
  // Set Error object for get error during import process
16
  $vsz_cf7_csv_upload_error = new WP_Error;
17
 
18
+ // Verify the current user can upload or delete files
19
+ ////add in 1.8.3
20
+ if(!current_user_can('upload_files') ){
21
+ // This nonce is not valid.
22
+ $msg = 'You do not have permission to import file.';
23
+ $vsz_cf7_csv_upload_error->add('fill_form_fields','You do not have permission to import file.');
24
+ }
25
+
26
+
27
+
28
 
29
  //Verify nonce values
30
  $nonceEntryCheck = sanitize_text_field($_POST['wp_entry_nonce']);
180
  $arr_insert_info['submit_time'] = date_format($sub_date,"Y-m-d H:i:s");
181
  }
182
  }
183
+
184
  //set default date and time in submit_time parameter
185
  if($date_insert_flag){
186
  $arr_insert_info['submit_time'] = date_i18n('Y-m-d H:i:s', time());
advanced-cf7-db.php CHANGED
@@ -9,7 +9,7 @@
9
  * Plugin Name: Advanced CF7 DB
10
  * Plugin URI: https://wordpress.org/plugins/advanced-cf7-db/
11
  * Description: Save all contact form 7 submitted data to the database, View, Export, ordering, Change field labels, Import data using CSV very easily.
12
- * Version: 1.8.2
13
  * Author: Vsourz Digital
14
  * Author URI: https://www.vsourz.com
15
  * License: GPL-2.0+
@@ -23,7 +23,7 @@ if ( ! defined( 'WPINC' ) ) {
23
  die;
24
  }
25
  global $vsz_cf7db_current_version;
26
- $vsz_cf7db_current_version = '1.8.2';
27
  /**
28
  * Defining all the table names and setting their prefix here
29
  */
9
  * Plugin Name: Advanced CF7 DB
10
  * Plugin URI: https://wordpress.org/plugins/advanced-cf7-db/
11
  * Description: Save all contact form 7 submitted data to the database, View, Export, ordering, Change field labels, Import data using CSV very easily.
12
+ * Version: 1.8.3
13
  * Author: Vsourz Digital
14
  * Author URI: https://www.vsourz.com
15
  * License: GPL-2.0+
23
  die;
24
  }
25
  global $vsz_cf7db_current_version;
26
+ $vsz_cf7db_current_version = '1.8.3';
27
  /**
28
  * Defining all the table names and setting their prefix here
29
  */
includes/class-advanced-cf7-db.php CHANGED
@@ -69,7 +69,7 @@ class Advanced_Cf7_Db {
69
  public function __construct() {
70
 
71
  $this->plugin_name = 'advanced-cf7-db';
72
- $this->version = '1.8.2';
73
 
74
  $this->load_dependencies();
75
  $this->set_locale();
@@ -180,7 +180,7 @@ class Advanced_Cf7_Db {
180
  $this->loader->add_action('vsz_cf7_admin_after_heading_field',$plugin_admin, 'vsz_cf7_admin_after_heading_field_callback', 11, 2);
181
 
182
  //Display edit information link here
183
- $this->loader->add_action('vsz_cf7_admin_after_body_field',$plugin_admin, 'vsz_cf7_admin_after_body_edit_field_func', 21, 2);
184
 
185
  //Display field setting form here
186
  $this->loader->add_action('vsz_cf7_after_admin_form', $plugin_admin,'vsz_cf7_after_admin_setting_form_callback');
69
  public function __construct() {
70
 
71
  $this->plugin_name = 'advanced-cf7-db';
72
+ $this->version = '1.8.3';
73
 
74
  $this->load_dependencies();
75
  $this->set_locale();
180
  $this->loader->add_action('vsz_cf7_admin_after_heading_field',$plugin_admin, 'vsz_cf7_admin_after_heading_field_callback', 11, 2);
181
 
182
  //Display edit information link here
183
+ $this->loader->add_action('vsz_cf7_admin_after_body_field',$plugin_admin, 'vsz_cf7_admin_after_body_edit_field_func', 21, 3);
184
 
185
  //Display field setting form here
186
  $this->loader->add_action('vsz_cf7_after_admin_form', $plugin_admin,'vsz_cf7_after_admin_setting_form_callback');
includes/vsz-cf7-db-function.php CHANGED
@@ -419,6 +419,7 @@ function vsz_display_field_type_value($type,$arr_field_type,$k,$v){
419
  function vsz_cf7_import_date_format_callback(){
420
 
421
  $arr_dates = array('Y-m-d H:i:s P' => date('Y-m-d H:i:s P'),
 
422
  'Y-m-d' => date('Y-m-d'),
423
  'Y/m/d' => date('Y/m/d'),
424
  'jS F, Y' => date('jS F, Y'),
419
  function vsz_cf7_import_date_format_callback(){
420
 
421
  $arr_dates = array('Y-m-d H:i:s P' => date('Y-m-d H:i:s P'),
422
+ 'Y-m-d H:i:s' => date('Y-m-d H:i:s'),
423
  'Y-m-d' => date('Y-m-d'),
424
  'Y/m/d' => date('Y/m/d'),
425
  'jS F, Y' => date('jS F, Y'),