Advanced Contact form 7 DB - Version 1.8.8

Version Description

  • We have upgraded with Security patches
Download this release

Release Info

Developer vsourz1td
Plugin Icon 128x128 Advanced Contact form 7 DB
Version 1.8.8
Comparing to
See all releases

Code changes from version 1.8.7 to 1.8.8

Files changed (10) hide show
  1. README.txt +5 -2
  2. admin/class-advanced-cf7-db-admin.php +9 -33
  3. admin/js/advanced-cf7-db-admin.js +14 -14
  4. admin/partials/contact_form_listing.php +18 -71
  5. admin/partials/import_cf7_csv.php +2 -2
  6. admin/partials/import_cf7_entry.class.php +3 -1
  7. advanced-cf7-db.php +2 -2
  8. includes/class-advanced-cf7-db.php +1 -1
  9. includes/vsz-cf7-db-function.php +40 -34
  10. public/partials/vsz_acf7_db_shortcode_display_front.php +3 -9
README.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: vsourz1td
3
  Tags: contact form 7 db, contact form db, advanced cf7 db, contact form 7 database, contact form db, contact form 7, save form data, save contact form, save cf7, database, cf7db, save-contact-form, Save-Forms-Data, import-cf7, export-contact-data, view-cf7-entry
4
  Requires at least: 4.0
5
- Tested up to: 5.9
6
- Stable tag: 1.8.7
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -192,6 +192,9 @@ return $contact_form_ids;
192
 
193
  == Changelog ==
194
 
 
 
 
195
  = 1.8.7 =
196
  * We have upgraded with Security patches
197
 
2
  Contributors: vsourz1td
3
  Tags: contact form 7 db, contact form db, advanced cf7 db, contact form 7 database, contact form db, contact form 7, save form data, save contact form, save cf7, database, cf7db, save-contact-form, Save-Forms-Data, import-cf7, export-contact-data, view-cf7-entry
4
  Requires at least: 4.0
5
+ Tested up to: 6.0
6
+ Stable tag: 1.8.8
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
192
 
193
  == Changelog ==
194
 
195
+ = 1.8.8 =
196
+ * We have upgraded with Security patches
197
+
198
  = 1.8.7 =
199
  * We have upgraded with Security patches
200
 
admin/class-advanced-cf7-db-admin.php CHANGED
@@ -98,7 +98,7 @@ class Advanced_Cf7_Db_Admin {
98
  * class.
99
  */
100
 
101
- wp_register_script( 'advanced_cf7_db_admin_js', plugin_dir_url( __FILE__ ) . 'js/advanced-cf7-db-admin.js', array( 'jquery' ), $this->version, false );
102
  wp_register_script( 'datepicker_min_js', plugin_dir_url( __FILE__ ) . 'js/jquery.datetimepicker.js', array( 'jquery' ), $this->version, false );
103
 
104
  }
@@ -583,7 +583,7 @@ class Advanced_Cf7_Db_Admin {
583
  //Define nonce value which is validate on save time
584
  $nonce = wp_create_nonce( 'vsz-cf7-edit-nonce-'.$form_id );
585
  //Get not editable fields list
586
- $not_editable_field = apply_filters('vsz_cf7_not_editable_fields',array());
587
  //Setup edit form design here
588
  ?><div class="cf7d-modal" id="cf7d-modal-edit-value" style="display:none;">
589
  <form action="" class="cf7d-modal-form loading" id="cf7d-modal-form-edit-value" method="POST">
@@ -811,7 +811,7 @@ class Advanced_Cf7_Db_Admin {
811
  //Define option field type array
812
  $arr_option_type = array('checkbox','radio','select');
813
  //Get non editable fields information
814
- $not_editable_field = apply_filters('vsz_cf7_not_editable_fields',array());
815
  //Get entry related fields information
816
  $arr_exist_keys = get_entry_related_fields_info($fid,$rid);
817
 
@@ -1009,7 +1009,7 @@ class Advanced_Cf7_Db_Admin {
1009
  $return = array();
1010
  //Set all fields name in array
1011
  foreach ($rows as $k => $v) {
1012
- $return[$v->name] = html_entity_decode(stripslashes($v->value));
1013
  }
1014
  //All fields encode in JSON format and return in AJAX request
1015
  exit(json_encode($return));
@@ -1554,11 +1554,7 @@ function create_export_query($fid,$ids_export,$cf7d_entry_order_by){
1554
  if(isset($_POST['search_cf7_value']) && !empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && empty($_POST['start_date']) && empty($_POST['end_date'])){
1555
 
1556
  $search = sanitize_text_field($_POST['search_cf7_value']);
1557
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME.
1558
- "` WHERE `cf7_id` = ".$fid." AND data_id IN(SELECT * FROM (SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."`
1559
- WHERE 1 = 1 AND `cf7_id` = ".$fid." ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : "").' '.
1560
- ((!empty($ids_export)) ? " AND data_id IN(".$ids_export.")" : '').
1561
- " GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
1562
  }
1563
  //Check date wise filter active or not
1564
  else if(isset($_POST['search_cf7_value']) && empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && !empty($_POST['start_date']) && !empty($_POST['end_date']) && $s_date !== false && $e_date !== false){
@@ -1571,13 +1567,7 @@ function create_export_query($fid,$ids_export,$cf7d_entry_order_by){
1571
 
1572
  $search_date_query = "AND `name` = 'submit_time' AND value between '".$start_date."' and '".$end_date." 23:59:59'";
1573
 
1574
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
1575
- SELECT * FROM (
1576
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query.' '. ((!empty($ids_export)) ? " AND data_id IN(".$ids_export.")" : '')."
1577
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)."
1578
- )
1579
- temp_table)
1580
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
1581
  }
1582
  //Check search and date wise filter active or not
1583
  else if(isset($_POST['search_cf7_value']) && !empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && !empty($_POST['start_date']) && !empty($_POST['end_date']) && $s_date !== false && $e_date !== false){
@@ -1590,8 +1580,7 @@ function create_export_query($fid,$ids_export,$cf7d_entry_order_by){
1590
  //Get end date information
1591
  $end_date = date_format($e_date,"Y-m-d").' 23:59:59';
1592
 
1593
- $date_query = "SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." AND `name` = 'submit_time' AND
1594
- value between '".$start_date."' and '".$end_date."' GROUP BY `data_id` ORDER BY `data_id` DESC";
1595
 
1596
  //print $date_query;
1597
  $rs_date = $wpdb->get_results($date_query);
@@ -1611,26 +1600,13 @@ function create_export_query($fid,$ids_export,$cf7d_entry_order_by){
1611
  $data_ids = rtrim($data_ids,',');
1612
  }
1613
  $search_date_query = "";
1614
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
1615
- SELECT * FROM (
1616
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query." ".((!empty($search)) ? "
1617
- AND `value` LIKE '%%".$search."%%'" : ""). " AND data_id IN (".$data_ids.")
1618
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)."
1619
- )
1620
- temp_table)
1621
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
1622
 
1623
  }
1624
  //Not active any filter on listing screen
1625
  else{
1626
 
1627
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
1628
- SELECT * FROM (
1629
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid.' '. ((!empty($ids_export)) ? " AND data_id IN(".$ids_export.")" : '')."
1630
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)."
1631
- )
1632
- temp_table)
1633
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
1634
  }
1635
 
1636
  //Execuste query
98
  * class.
99
  */
100
 
101
+ wp_register_script( 'advanced_cf7_db_admin_js', plugin_dir_url( __FILE__ ) . 'js/advanced-cf7-db-admin.js', array( 'jquery' ), time(), false );//$this->version
102
  wp_register_script( 'datepicker_min_js', plugin_dir_url( __FILE__ ) . 'js/jquery.datetimepicker.js', array( 'jquery' ), $this->version, false );
103
 
104
  }
583
  //Define nonce value which is validate on save time
584
  $nonce = wp_create_nonce( 'vsz-cf7-edit-nonce-'.$form_id );
585
  //Get not editable fields list
586
+ $not_editable_field = (array) apply_filters('vsz_cf7_not_editable_fields',array());
587
  //Setup edit form design here
588
  ?><div class="cf7d-modal" id="cf7d-modal-edit-value" style="display:none;">
589
  <form action="" class="cf7d-modal-form loading" id="cf7d-modal-form-edit-value" method="POST">
811
  //Define option field type array
812
  $arr_option_type = array('checkbox','radio','select');
813
  //Get non editable fields information
814
+ $not_editable_field = (array) apply_filters('vsz_cf7_not_editable_fields',array());
815
  //Get entry related fields information
816
  $arr_exist_keys = get_entry_related_fields_info($fid,$rid);
817
 
1009
  $return = array();
1010
  //Set all fields name in array
1011
  foreach ($rows as $k => $v) {
1012
+ $return[$v->name] = stripslashes($v->value);
1013
  }
1014
  //All fields encode in JSON format and return in AJAX request
1015
  exit(json_encode($return));
1554
  if(isset($_POST['search_cf7_value']) && !empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && empty($_POST['start_date']) && empty($_POST['end_date'])){
1555
 
1556
  $search = sanitize_text_field($_POST['search_cf7_value']);
1557
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(SELECT * FROM (SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : "").' '.((!empty($ids_export)) ? " AND data_id IN(".$ids_export.")" : ''). " GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
1558
  }
1559
  //Check date wise filter active or not
1560
  else if(isset($_POST['search_cf7_value']) && empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && !empty($_POST['start_date']) && !empty($_POST['end_date']) && $s_date !== false && $e_date !== false){
1567
 
1568
  $search_date_query = "AND `name` = 'submit_time' AND value between '".$start_date."' and '".$end_date." 23:59:59'";
1569
 
1570
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query.' '. ((!empty($ids_export)) ? " AND data_id IN(".$ids_export.")" : '')." GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
 
 
1571
  }
1572
  //Check search and date wise filter active or not
1573
  else if(isset($_POST['search_cf7_value']) && !empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && !empty($_POST['start_date']) && !empty($_POST['end_date']) && $s_date !== false && $e_date !== false){
1580
  //Get end date information
1581
  $end_date = date_format($e_date,"Y-m-d").' 23:59:59';
1582
 
1583
+ $date_query = $wpdb->prepare("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." AND `name` = 'submit_time' AND value between '".$start_date."' and '".$end_date."' GROUP BY `data_id` ORDER BY `data_id` DESC");
 
1584
 
1585
  //print $date_query;
1586
  $rs_date = $wpdb->get_results($date_query);
1600
  $data_ids = rtrim($data_ids,',');
1601
  }
1602
  $search_date_query = "";
1603
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query." ".((!empty($search)) ? " AND `value` LIKE '%%".$search."%%'" : ""). " AND data_id IN (".$data_ids.") GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by).") temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
 
 
 
1604
 
1605
  }
1606
  //Not active any filter on listing screen
1607
  else{
1608
 
1609
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid.' '. ((!empty($ids_export)) ? " AND data_id IN(".$ids_export.")" : '')." GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
 
 
1610
  }
1611
 
1612
  //Execuste query
admin/js/advanced-cf7-db-admin.js CHANGED
@@ -385,7 +385,7 @@ function add_remove_file(index,filename){
385
  var rid = jQuery(this).closest('form').find("input[name='rid']").val();
386
  var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
387
  var field = index;
388
-
389
  var fd = new FormData();
390
  fd.append( "fid", fid);
391
  fd.append( "rid", rid);
@@ -407,7 +407,7 @@ function add_remove_file(index,filename){
407
  success: function(data) {
408
  //add in 1.8.3
409
  if(data.includes('@~@')){
410
-
411
  var arrRes = data.split('@~@');
412
  if(arrRes[0] == 'error'){
413
  document.getElementById('overlayLoader').style.display = "none";
@@ -455,17 +455,17 @@ function add_remove_file(index,filename){
455
  document.getElementById('overlayLoader').style.display = "block";
456
  },
457
  success: function(data) {
458
-
459
  //add in 1.8.3
460
  if(data.includes('@~@')){
461
-
462
  var arrRes = data.split('@~@');
463
  if(arrRes[0] == 'error'){
464
  document.getElementById('overlayLoader').style.display = "none";
465
  alert(arrRes[1]);
466
  }
467
  else if(arrRes[0] == 'success'){
468
-
469
  //get uploaded file information here
470
  dataArr = arrRes[1].split("~~@@~~&&~~");
471
 
@@ -483,14 +483,14 @@ function add_remove_file(index,filename){
483
  // Calling function which will handle the removal and new upload of the files
484
  add_remove_file(index,filename);
485
  document.getElementById('overlayLoader').style.display = "none";
486
-
487
  }
488
  }
489
  else{
490
  document.getElementById('overlayLoader').style.display = "none";
491
  alert("Sorry file was not uploaded, please try again later.");
492
  }
493
-
494
  },
495
  error: function(data) {
496
  console.log(data);
@@ -502,8 +502,8 @@ function add_remove_file(index,filename){
502
  }
503
  });
504
  }
505
-
506
-
507
  },
508
  error: function(data) {
509
  console.log(data);
@@ -538,7 +538,7 @@ function add_remove_file(index,filename){
538
  //added in 1.8.3
539
  var rid = jQuery(this).closest('form').find("input[name='rid']").val();
540
  var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
541
-
542
 
543
  fd.append( "image", jQuery(thisdata)[0].files[0]);
544
  fd.append( "action", "acf7_db_edit_scr_file_upload");
@@ -559,17 +559,17 @@ function add_remove_file(index,filename){
559
  },
560
 
561
  success: function(data) {
562
-
563
  //add in 1.8.3
564
  if(data.includes('@~@')){
565
-
566
  var arrRes = data.split('@~@');
567
  if(arrRes[0] == 'error'){
568
  document.getElementById('overlayLoader').style.display = "none";
569
  alert(arrRes[1]);
570
  }
571
  else if(arrRes[0] == 'success'){
572
-
573
  //get uploaded file information here
574
  dataArr = arrRes[1].split("~~@@~~&&~~");
575
 
@@ -587,7 +587,7 @@ function add_remove_file(index,filename){
587
  // Calling function which will handle the removal and new upload of the files
588
  add_remove_file(index,filename);
589
  document.getElementById('overlayLoader').style.display = "none";
590
-
591
  }
592
  }
593
  else{
385
  var rid = jQuery(this).closest('form').find("input[name='rid']").val();
386
  var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
387
  var field = index;
388
+
389
  var fd = new FormData();
390
  fd.append( "fid", fid);
391
  fd.append( "rid", rid);
407
  success: function(data) {
408
  //add in 1.8.3
409
  if(data.includes('@~@')){
410
+
411
  var arrRes = data.split('@~@');
412
  if(arrRes[0] == 'error'){
413
  document.getElementById('overlayLoader').style.display = "none";
455
  document.getElementById('overlayLoader').style.display = "block";
456
  },
457
  success: function(data) {
458
+
459
  //add in 1.8.3
460
  if(data.includes('@~@')){
461
+
462
  var arrRes = data.split('@~@');
463
  if(arrRes[0] == 'error'){
464
  document.getElementById('overlayLoader').style.display = "none";
465
  alert(arrRes[1]);
466
  }
467
  else if(arrRes[0] == 'success'){
468
+
469
  //get uploaded file information here
470
  dataArr = arrRes[1].split("~~@@~~&&~~");
471
 
483
  // Calling function which will handle the removal and new upload of the files
484
  add_remove_file(index,filename);
485
  document.getElementById('overlayLoader').style.display = "none";
486
+
487
  }
488
  }
489
  else{
490
  document.getElementById('overlayLoader').style.display = "none";
491
  alert("Sorry file was not uploaded, please try again later.");
492
  }
493
+
494
  },
495
  error: function(data) {
496
  console.log(data);
502
  }
503
  });
504
  }
505
+
506
+
507
  },
508
  error: function(data) {
509
  console.log(data);
538
  //added in 1.8.3
539
  var rid = jQuery(this).closest('form').find("input[name='rid']").val();
540
  var editNonce = jQuery("input[name='vsz_cf7_edit_nonce']").val();
541
+
542
 
543
  fd.append( "image", jQuery(thisdata)[0].files[0]);
544
  fd.append( "action", "acf7_db_edit_scr_file_upload");
559
  },
560
 
561
  success: function(data) {
562
+
563
  //add in 1.8.3
564
  if(data.includes('@~@')){
565
+
566
  var arrRes = data.split('@~@');
567
  if(arrRes[0] == 'error'){
568
  document.getElementById('overlayLoader').style.display = "none";
569
  alert(arrRes[1]);
570
  }
571
  else if(arrRes[0] == 'success'){
572
+
573
  //get uploaded file information here
574
  dataArr = arrRes[1].split("~~@@~~&&~~");
575
 
587
  // Calling function which will handle the removal and new upload of the files
588
  add_remove_file(index,filename);
589
  document.getElementById('overlayLoader').style.display = "none";
590
+
591
  }
592
  }
593
  else{
admin/partials/contact_form_listing.php CHANGED
@@ -117,7 +117,7 @@ else{
117
  if (!empty($fid) && !empty($fields)){
118
 
119
  //Add filter for ordering in entry
120
- $cf7d_entry_order_by = apply_filters('vsz_cf7_entry_order_by', '`data_id` DESC');
121
  $cf7d_entry_order_by = sanitize_sql_orderby($cf7d_entry_order_by);
122
 
123
  $start_date = '';
@@ -154,15 +154,9 @@ else{
154
  //Check search field value empty or not
155
  if(isset($_POST['search_cf7_value']) && !empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && empty($_POST['start_date']) && empty($_POST['end_date'])){
156
 
157
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
158
- SELECT * FROM (
159
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND
160
- `cf7_id` = ".$fid." ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : ""). "
161
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
162
- )
163
- temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
164
- $arr_total = $wpdb->get_results("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = " . (int)$fid . " ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : "")." GROUP BY `data_id`");
165
 
 
166
  }
167
  //Check search field value empty and date filter active or not
168
  else if(isset($_POST['search_cf7_value']) && empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && !empty($_POST['start_date']) && !empty($_POST['end_date']) && $s_date !== false && $e_date !== false){
@@ -172,26 +166,12 @@ else{
172
 
173
  //Get end date information
174
  $end_date = date_format($e_date,"Y-m-d");
 
175
 
176
- //Setup date parameter value in query
177
- $search_date_query = "AND `name` = 'submit_time' AND value between '".$start_date."' and '".$end_date." 23:59:59'";
178
-
179
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
180
- SELECT * FROM (
181
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query."
182
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
183
- )
184
- temp_table)
185
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
186
 
187
  //Get total entries information
188
- $total_query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
189
- SELECT * FROM (
190
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query."
191
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)."
192
- )
193
- temp_table)
194
- GROUP BY `data_id` ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
195
 
196
  $arr_total = $wpdb->get_results($total_query);
197
  }
@@ -206,9 +186,7 @@ else{
206
  $end_date = date_format($e_date,"Y-m-d").' 23:59:59';
207
 
208
  //Get date filter related entries information
209
- $date_query = "SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."`
210
- WHERE 1 = 1 AND `cf7_id` = ".$fid." AND `name` = 'submit_time' AND value between '".$start_date."' and '".$end_date."'
211
- GROUP BY `data_id` ORDER BY `data_id` DESC";
212
 
213
  $rs_date = $wpdb->get_results($date_query);
214
  //Get all entries and setup a string
@@ -221,45 +199,23 @@ else{
221
  }
222
 
223
  //get all entrise information
224
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
225
- SELECT * FROM (
226
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."`
227
- WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query." ".((!empty($search)) ? "AND
228
- `value` LIKE '%%".$search."%%'" : ""). " AND data_id IN (".$data_ids.")
229
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
230
- )
231
- temp_table)
232
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
233
 
234
  //Get total entries information
235
- $total_query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
236
- SELECT * FROM (
237
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query." ".((!empty($search)) ? "AND
238
- `value` LIKE '%%".$search."%%'" : ""). " AND data_id IN (".$data_ids.")
239
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)."
240
- )
241
- temp_table)
242
- GROUP BY `data_id` ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
243
 
244
  $arr_total = $wpdb->get_results($total_query);
245
 
246
  }
247
  //Call when any filter not active on Listing screen
248
  else{
249
-
250
  if(isset($_GET["orderby"]) && isset($_GET["order"]) && !empty($_GET["orderby"]) && !empty($_GET["order"]) && (strtolower($_GET["order"]) == 'asc' || strtolower($_GET["order"]) == 'desc')){
251
 
252
  $order = esc_sql(sanitize_text_field($_GET['order']));
253
  $orderby = sanitize_sql_orderby($_GET['orderby']);
254
- $qry = "SELECT `data_id` FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND `name` = '".sanitize_sql_orderby($orderby)."' AND data_id IN(
255
- SELECT * FROM (
256
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid."
257
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
258
- )
259
- temp_table)
260
- ORDER BY `value` ".$order."," . sanitize_sql_orderby($cf7d_entry_order_by);
261
  $idVals = $wpdb->get_results ( $qry );
262
-
263
  $id_val = array();
264
  if(!empty($idVals)){
265
  foreach($idVals as $o_id){
@@ -267,28 +223,19 @@ else{
267
  }
268
  }
269
 
270
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
271
- SELECT * FROM (
272
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid."
273
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
274
- )
275
- temp_table)
276
- ORDER BY FIELD(`data_id`, ". implode(',',$id_val) ." )";
277
 
278
  }
279
  else{
280
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
281
- SELECT * FROM (
282
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid."
283
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
284
- )
285
- temp_table)
286
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
287
-
288
  }
289
 
290
  //Get total entries information
291
- $arr_total = $wpdb->get_results("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = " .$fid . " ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : "")." GROUP BY `data_id`");
 
 
 
 
292
  }
293
 
294
 
117
  if (!empty($fid) && !empty($fields)){
118
 
119
  //Add filter for ordering in entry
120
+ $cf7d_entry_order_by = (string) apply_filters('vsz_cf7_entry_order_by', '`data_id` DESC');
121
  $cf7d_entry_order_by = sanitize_sql_orderby($cf7d_entry_order_by);
122
 
123
  $start_date = '';
154
  //Check search field value empty or not
155
  if(isset($_POST['search_cf7_value']) && !empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && empty($_POST['start_date']) && empty($_POST['end_date'])){
156
 
157
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = %d AND `value` LIKE '%%".'%s'."%%' GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by), (int)$fid, $search );
 
 
 
 
 
 
 
158
 
159
+ $arr_total = $wpdb->get_results($wpdb->prepare("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = %d AND `value` LIKE '%%".'%s'."%%' GROUP BY `data_id`", (int)$fid, $search ));
160
  }
161
  //Check search field value empty and date filter active or not
162
  else if(isset($_POST['search_cf7_value']) && empty($_POST['search_cf7_value']) && isset($_POST['start_date']) && isset($_POST['end_date']) && !empty($_POST['start_date']) && !empty($_POST['end_date']) && $s_date !== false && $e_date !== false){
166
 
167
  //Get end date information
168
  $end_date = date_format($e_date,"Y-m-d");
169
+ $query_end_date = $end_date." 23:59:59";
170
 
171
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." AND `name` = 'submit_time' AND value between '".'%s'."' and '".'%s'."' GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by), $start_date, $query_end_date);
 
 
 
 
 
 
 
 
 
172
 
173
  //Get total entries information
174
+ $total_query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." AND `name` = 'submit_time' AND value between '".'%s'."' and '".'%s'."' GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." ) temp_table) GROUP BY `data_id` ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by), $start_date, $query_end_date );
 
 
 
 
 
 
175
 
176
  $arr_total = $wpdb->get_results($total_query);
177
  }
186
  $end_date = date_format($e_date,"Y-m-d").' 23:59:59';
187
 
188
  //Get date filter related entries information
189
+ $date_query = $wpdb->prepare("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." AND `name` = 'submit_time' AND value between '".'%s'."' and '".'%s'."' GROUP BY `data_id` ORDER BY `data_id` DESC", $start_date, $end_date);
 
 
190
 
191
  $rs_date = $wpdb->get_results($date_query);
192
  //Get all entries and setup a string
199
  }
200
 
201
  //get all entrise information
202
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query." AND `value` LIKE '%%".'%s'."%%' AND data_id IN (".$data_ids.") GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by), $search);
 
 
 
 
 
 
 
 
203
 
204
  //Get total entries information
205
+ $total_query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." ".$search_date_query." AND `value` LIKE '%%".'%s'."%%' AND data_id IN (".$data_ids.") GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." ) temp_table) GROUP BY `data_id` ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by),$search);
 
 
 
 
 
 
 
206
 
207
  $arr_total = $wpdb->get_results($total_query);
208
 
209
  }
210
  //Call when any filter not active on Listing screen
211
  else{
 
212
  if(isset($_GET["orderby"]) && isset($_GET["order"]) && !empty($_GET["orderby"]) && !empty($_GET["order"]) && (strtolower($_GET["order"]) == 'asc' || strtolower($_GET["order"]) == 'desc')){
213
 
214
  $order = esc_sql(sanitize_text_field($_GET['order']));
215
  $orderby = sanitize_sql_orderby($_GET['orderby']);
216
+ $qry = $wpdb->prepare("SELECT `data_id` FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND `name` = '".sanitize_sql_orderby($orderby)."' AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page." ) temp_table) ORDER BY `value` ".$order."," . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
 
 
217
  $idVals = $wpdb->get_results ( $qry );
218
+
219
  $id_val = array();
220
  if(!empty($idVals)){
221
  foreach($idVals as $o_id){
223
  }
224
  }
225
 
226
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page." ) temp_table) ORDER BY FIELD(`data_id`, ". implode(',',$id_val) ." )");
 
 
 
 
 
 
227
 
228
  }
229
  else{
230
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN( SELECT * FROM ( SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid." GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page." ) temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
 
 
 
231
  }
232
 
233
  //Get total entries information
234
+ if(!empty($search)){
235
+ $arr_total = $wpdb->get_results($wpdb->prepare("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = " .$fid . " AND `value` LIKE '%%".'%s'."%%' GROUP BY `data_id`", $search));
236
+ }else{
237
+ $arr_total = $wpdb->get_results($wpdb->prepare("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = " .$fid . " GROUP BY `data_id`"));
238
+ }
239
  }
240
 
241
 
admin/partials/import_cf7_csv.php CHANGED
@@ -149,8 +149,8 @@ else{
149
  <td><input class="match-key regular-text code" type="text" name="form_match_key[submit_time]" value="Submitted" >
150
  <select class="widefat" id="sheet_date_format" name="sheet_date_format"><?php
151
  //Add filter for customize date option values
152
- $arr_date_format = apply_filters('vsz_cf7_import_date_format', vsz_cf7_import_date_format_callback());
153
- //Get all date format options
154
  echo vsz_cf7_arr_to_option($arr_date_format);
155
  ?></select>
156
  <br><?php esc_html_e('Note:',VSZ_CF7_TEXT_DOMAIN); ?><br/><span><?php esc_html_e('If selected date format isn\'t matched with import sheet entry then consider today date.',VSZ_CF7_TEXT_DOMAIN); ?></span>
149
  <td><input class="match-key regular-text code" type="text" name="form_match_key[submit_time]" value="Submitted" >
150
  <select class="widefat" id="sheet_date_format" name="sheet_date_format"><?php
151
  //Add filter for customize date option values
152
+ $arr_date_format = (array) apply_filters('vsz_cf7_import_date_format', vsz_cf7_import_date_format_callback());
153
+ //Get all date format options
154
  echo vsz_cf7_arr_to_option($arr_date_format);
155
  ?></select>
156
  <br><?php esc_html_e('Note:',VSZ_CF7_TEXT_DOMAIN); ?><br/><span><?php esc_html_e('If selected date format isn\'t matched with import sheet entry then consider today date.',VSZ_CF7_TEXT_DOMAIN); ?></span>
admin/partials/import_cf7_entry.class.php CHANGED
@@ -219,7 +219,9 @@ if(isset($_POST['submit']) && isset($_FILES['importFormList']) && !empty($_FILES
219
  $v = implode("\n", $v);
220
  }
221
  $k = htmlspecialchars($k);
222
- $v = htmlspecialchars($v);
 
 
223
  $wpdb->query($wpdb->prepare('INSERT INTO '.VSZ_CF7_DATA_ENTRY_TABLE_NAME.'(`cf7_id`, `data_id`, `name`, `value`) VALUES (%d,%d,%s,%s)', $fid, $data_id, $k, $v));
224
  }
225
  }//Close foreach
219
  $v = implode("\n", $v);
220
  }
221
  $k = htmlspecialchars($k);
222
+ //It is prevent JS injection
223
+ $v = sanitize_textarea_field($v);
224
+ //$v = htmlspecialchars($v);
225
  $wpdb->query($wpdb->prepare('INSERT INTO '.VSZ_CF7_DATA_ENTRY_TABLE_NAME.'(`cf7_id`, `data_id`, `name`, `value`) VALUES (%d,%d,%s,%s)', $fid, $data_id, $k, $v));
226
  }
227
  }//Close foreach
advanced-cf7-db.php CHANGED
@@ -9,7 +9,7 @@
9
  * Plugin Name: Advanced CF7 DB
10
  * Plugin URI: https://wordpress.org/plugins/advanced-cf7-db/
11
  * Description: Save all contact form 7 submitted data to the database, View, Export, ordering, Change field labels, Import data using CSV very easily.
12
- * Version: 1.8.7
13
  * Author: Vsourz Digital
14
  * Author URI: https://www.vsourz.com
15
  * License: GPL-2.0+
@@ -23,7 +23,7 @@ if ( ! defined( 'WPINC' ) ) {
23
  die;
24
  }
25
  global $vsz_cf7db_current_version;
26
- $vsz_cf7db_current_version = '1.8.7';
27
  /**
28
  * Defining all the table names and setting their prefix here
29
  */
9
  * Plugin Name: Advanced CF7 DB
10
  * Plugin URI: https://wordpress.org/plugins/advanced-cf7-db/
11
  * Description: Save all contact form 7 submitted data to the database, View, Export, ordering, Change field labels, Import data using CSV very easily.
12
+ * Version: 1.8.8
13
  * Author: Vsourz Digital
14
  * Author URI: https://www.vsourz.com
15
  * License: GPL-2.0+
23
  die;
24
  }
25
  global $vsz_cf7db_current_version;
26
+ $vsz_cf7db_current_version = '1.8.8';
27
  /**
28
  * Defining all the table names and setting their prefix here
29
  */
includes/class-advanced-cf7-db.php CHANGED
@@ -69,7 +69,7 @@ class Advanced_Cf7_Db {
69
  public function __construct() {
70
 
71
  $this->plugin_name = 'advanced-cf7-db';
72
- $this->version = '1.8.7';
73
 
74
  $this->load_dependencies();
75
  $this->set_locale();
69
  public function __construct() {
70
 
71
  $this->plugin_name = 'advanced-cf7-db';
72
+ $this->version = '1.8.8';
73
 
74
  $this->load_dependencies();
75
  $this->set_locale();
includes/vsz-cf7-db-function.php CHANGED
@@ -31,7 +31,7 @@ function vsz_cf7_before_send_email($contact_form){
31
  //for database installion
32
  $contact_form = vsz_cf7_add_extra_fields($contact_form);
33
 
34
- $contact_form = apply_filters('vsz_cf7_modify_form_before_insert_data', $contact_form);
35
 
36
  //Type's $contact_form->posted_data is array
37
  // Define filter for customize posted data
@@ -43,7 +43,7 @@ function vsz_cf7_before_send_email($contact_form){
43
  *
44
  */
45
 
46
- $contact_form->posted_data = apply_filters('vsz_cf7_posted_data', $contact_form->posted_data);
47
 
48
  //Insert current form submission time in database
49
  $time = date('Y-m-d H:i:s');
@@ -67,10 +67,13 @@ function vsz_cf7_before_send_email($contact_form){
67
  $v = implode("\n", $v);
68
  }
69
  $k = htmlspecialchars($k);
70
- $v = htmlspecialchars($v);
 
 
71
  $wpdb->query($wpdb->prepare('INSERT INTO '.VSZ_CF7_DATA_ENTRY_TABLE_NAME.'(`cf7_id`, `data_id`, `name`, `value`) VALUES (%d,%d,%s,%s)', $cf7_id, $data_id, $k, $v));
72
  }
73
  }
 
74
  //Add action for customize process after insert value in data base
75
  do_action('vsz_cf7_after_insert_db', $contact_form, $cf7_id, $data_id);
76
  }
@@ -120,38 +123,41 @@ add_filter('vsz_cf7_modify_form_before_insert_data', 'vsz_cf7_modify_form_before
120
  if (!function_exists('vsz_cf7_modify_form_before_insert_in_cf7_vdata_entry')) {
121
  function vsz_cf7_modify_form_before_insert_in_cf7_vdata_entry($cf7){
122
  //if it has at lest 1 file uploaded
123
- if (count($cf7->uploaded_files) > 0) {
124
 
125
- //Get upload dir URL
126
- $upload_dir = wp_upload_dir();
127
- //Create custom upload folder
128
- $cf7d_upload_folder = VSZ_CF7_UPLOAD_FOLDER;
129
- $dir_upload = $upload_dir['basedir'] . '/' . $cf7d_upload_folder;
130
- wp_mkdir_p($dir_upload);
131
- //Get all uploaded files information
132
- foreach ($cf7->uploaded_files as $k => $v) {
133
 
134
 
135
  //to check if CF7 version due to changes $cf7->uploaded_files return value
136
- if(defined('WPCF7_VERSION') && WPCF7_VERSION > '5.3.2'){
137
- $val=$v[0];
138
- }else{
139
- $val=$v;
140
- }
141
- //Get file name
142
- $file_name = basename($val);
143
- //Create unique file name
144
- $file_name = wp_unique_filename($dir_upload, $file_name);
145
- //Setup filoe path
146
- $dst_file = $dir_upload . '/' . $file_name;
147
- //Copy file information in destination variable
148
- if (@copy($val, $dst_file)){
149
- //Setup customize file information in array
150
- $cf7->posted_data[$k] = $upload_dir['baseurl'] . '/' . $cf7d_upload_folder . '/' . $file_name;
151
- }
 
 
 
 
 
152
 
153
- }//Close foreach
154
- }//Close if
155
  return $cf7;
156
  }//Close function
157
  }//Close if for check function exist or not
@@ -214,7 +220,7 @@ function vsz_cf7_sortdata($data){
214
  if(!isset($data_sorted[$v->data_id])){
215
  $data_sorted[$v->data_id] = array();
216
  }
217
- $data_sorted[$v->data_id][$v->name] = apply_filters('cf7d_entry_value', trim(wp_unslash($v->value)), $v->name);
218
  }
219
 
220
  return $data_sorted;
@@ -225,7 +231,7 @@ function vsz_cf7_get_db_fields($fid, $filter = true){
225
 
226
  global $wpdb;
227
  $fid = (int)$fid;
228
- $sql = "SELECT `name` FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE cf7_id = ".$fid." GROUP BY `name`";
229
  $data = $wpdb->get_results($sql);
230
 
231
  //Set each field value in array
@@ -247,7 +253,7 @@ function vsz_cf7_get_db_fields($fid, $filter = true){
247
  //Check if filter is true or not
248
  if ($filter) {
249
  //Get all fields information as per Setting screen
250
- $fields = apply_filters('vsz_cf7_admin_fields', $fields, $fid);
251
  }
252
 
253
  return $fields;
@@ -280,7 +286,7 @@ function get_entry_related_fields_info($fid,$entryId){
280
  $fid = intval($fid);
281
  $entryId = intval($entryId);
282
 
283
- $sql = "SELECT `name` FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND `data_id` = ".$entryId." GROUP BY `name`";
284
  $data = $wpdb->get_results($sql);
285
  if(!empty($data)){
286
  foreach ($data as $k => $v) {
31
  //for database installion
32
  $contact_form = vsz_cf7_add_extra_fields($contact_form);
33
 
34
+ $contact_form = (object) apply_filters('vsz_cf7_modify_form_before_insert_data', $contact_form);
35
 
36
  //Type's $contact_form->posted_data is array
37
  // Define filter for customize posted data
43
  *
44
  */
45
 
46
+ $contact_form->posted_data = (array) apply_filters('vsz_cf7_posted_data', $contact_form->posted_data);
47
 
48
  //Insert current form submission time in database
49
  $time = date('Y-m-d H:i:s');
67
  $v = implode("\n", $v);
68
  }
69
  $k = htmlspecialchars($k);
70
+ //It is prevent JS injection
71
+ $v = sanitize_textarea_field($v);
72
+ //$v = htmlspecialchars($v);
73
  $wpdb->query($wpdb->prepare('INSERT INTO '.VSZ_CF7_DATA_ENTRY_TABLE_NAME.'(`cf7_id`, `data_id`, `name`, `value`) VALUES (%d,%d,%s,%s)', $cf7_id, $data_id, $k, $v));
74
  }
75
  }
76
+ //exit;
77
  //Add action for customize process after insert value in data base
78
  do_action('vsz_cf7_after_insert_db', $contact_form, $cf7_id, $data_id);
79
  }
123
  if (!function_exists('vsz_cf7_modify_form_before_insert_in_cf7_vdata_entry')) {
124
  function vsz_cf7_modify_form_before_insert_in_cf7_vdata_entry($cf7){
125
  //if it has at lest 1 file uploaded
126
+ if (count($cf7->uploaded_files) > 0) {
127
 
128
+ //Get upload dir URL
129
+ $upload_dir = wp_upload_dir();
130
+ //Create custom upload folder
131
+ $cf7d_upload_folder = VSZ_CF7_UPLOAD_FOLDER;
132
+ $dir_upload = $upload_dir['basedir'] . '/' . $cf7d_upload_folder;
133
+ wp_mkdir_p($dir_upload);
134
+ //Get all uploaded files information
135
+ foreach ($cf7->uploaded_files as $k => $v) {
136
 
137
 
138
  //to check if CF7 version due to changes $cf7->uploaded_files return value
139
+ if(defined('WPCF7_VERSION') && WPCF7_VERSION > '5.3.2'){
140
+ $val=$v[0];
141
+ }else{
142
+ $val=$v;
143
+ }
144
+
145
+ if(!empty($val)){
146
+ //Get file name
147
+ $file_name = basename($val);
148
+ //Create unique file name
149
+ $file_name = wp_unique_filename($dir_upload, $file_name);
150
+ //Setup filoe path
151
+ $dst_file = $dir_upload . '/' . $file_name;
152
+ //Copy file information in destination variable
153
+ if (@copy($val, $dst_file)){
154
+ //Setup customize file information in array
155
+ $cf7->posted_data[$k] = $upload_dir['baseurl'] . '/' . $cf7d_upload_folder . '/' . $file_name;
156
+ }
157
+ }
158
+ }//Close foreach
159
+ }//Close if
160
 
 
 
161
  return $cf7;
162
  }//Close function
163
  }//Close if for check function exist or not
220
  if(!isset($data_sorted[$v->data_id])){
221
  $data_sorted[$v->data_id] = array();
222
  }
223
+ $data_sorted[$v->data_id][$v->name] = (string) apply_filters('cf7d_entry_value', trim(wp_unslash($v->value)), $v->name);
224
  }
225
 
226
  return $data_sorted;
231
 
232
  global $wpdb;
233
  $fid = (int)$fid;
234
+ $sql = $wpdb->prepare("SELECT `name` FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE cf7_id = %d GROUP BY `name`", $fid);
235
  $data = $wpdb->get_results($sql);
236
 
237
  //Set each field value in array
253
  //Check if filter is true or not
254
  if ($filter) {
255
  //Get all fields information as per Setting screen
256
+ $fields = (array) apply_filters('vsz_cf7_admin_fields', $fields, $fid);
257
  }
258
 
259
  return $fields;
286
  $fid = intval($fid);
287
  $entryId = intval($entryId);
288
 
289
+ $sql = $wpdb->prepare("SELECT `name` FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = %d AND `data_id` = %d GROUP BY `name`", $fid, $entryId);
290
  $data = $wpdb->get_results($sql);
291
  if(!empty($data)){
292
  foreach ($data as $k => $v) {
public/partials/vsz_acf7_db_shortcode_display_front.php CHANGED
@@ -157,7 +157,7 @@ if(!empty($formArr)){
157
  //Check contact form id set or not
158
  if (!empty($fid) && !empty($fields)){
159
  //Add filter for ordering in entry
160
- $cf7d_entry_order_by = apply_filters('vsz_cf7_entry_order_by', '`data_id` DESC');
161
  $cf7d_entry_order_by = sanitize_sql_orderby($cf7d_entry_order_by);
162
 
163
  $items_per_page = (int)apply_filters('vsz_cf7_entry_per_page', (!empty($posts_per_page) ? $posts_per_page : 20));
@@ -186,16 +186,10 @@ if(!empty($formArr)){
186
  // Make sure that $fid will contain integer value only.
187
  $fid = (int) $fid;
188
 
189
- $query = "SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(
190
- SELECT * FROM (
191
- SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid. ((!empty($search)) ? " AND `value` LIKE '%%".$search."%%'" : "") . ((!empty($search_date_query)) ? $search_date_query : "") ."
192
- GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page."
193
- )
194
- temp_table)
195
- ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by);
196
 
197
  //Get total entries information
198
- $arr_total = $wpdb->get_results("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = " .$fid . " ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : "")." GROUP BY `data_id`");
199
 
200
  //Execute query here
201
  $data = $wpdb->get_results($query);
157
  //Check contact form id set or not
158
  if (!empty($fid) && !empty($fields)){
159
  //Add filter for ordering in entry
160
+ $cf7d_entry_order_by = (string) apply_filters('vsz_cf7_entry_order_by', '`data_id` DESC');
161
  $cf7d_entry_order_by = sanitize_sql_orderby($cf7d_entry_order_by);
162
 
163
  $items_per_page = (int)apply_filters('vsz_cf7_entry_per_page', (!empty($posts_per_page) ? $posts_per_page : 20));
186
  // Make sure that $fid will contain integer value only.
187
  $fid = (int) $fid;
188
 
189
+ $query = $wpdb->prepare("SELECT * FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = ".$fid." AND data_id IN(SELECT * FROM (SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE 1 = 1 AND `cf7_id` = ".$fid. ((!empty($search)) ? " AND `value` LIKE '%%".$search."%%'" : "") . ((!empty($search_date_query)) ? $search_date_query : "") ."GROUP BY `data_id` ORDER BY ".sanitize_sql_orderby($cf7d_entry_order_by)." LIMIT ".$offset.",".$items_per_page.") temp_table) ORDER BY " . sanitize_sql_orderby($cf7d_entry_order_by));
 
 
 
 
 
 
190
 
191
  //Get total entries information
192
+ $arr_total = $wpdb->get_results($wpdb->prepare("SELECT data_id FROM `".VSZ_CF7_DATA_ENTRY_TABLE_NAME."` WHERE `cf7_id` = " .$fid . " ".((!empty($search)) ? "AND `value` LIKE '%%".$search."%%'" : "")." GROUP BY `data_id`"));
193
 
194
  //Execute query here
195
  $data = $wpdb->get_results($query);