Version Description
- Cross Site Scripting Security Fix
- Code Optimized
- Few Bugs Fixed
Download this release
Release Info
| Developer | contact-banker |
| Plugin |  Contact Bank: WordPress Form Builder for Contact Forms |
| Version | 2.1.24 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.23 to 2.1.24
- contact-bank.php +2 -2
- lib/contact_bank_email-class.php +6 -6
- lib/contact_bank_email_management.php +3 -3
- lib/contact_bank_frontend-class.php +4 -4
- lib/contact_bank_layout_settings-class.php +5 -6
- lib/contact_bank_show_form_control_data-class.php +4 -4
- lib/contact_frontend_data_class.php +2 -2
- lib/contact_view-class.php +27 -27
- readme.txt +8 -2
- views/add_contact_email.php +1 -1
- views/contact_bank_form_preview.php +1 -1
- views/contact_bank_layout_settings.php +1 -1
- views/contact_view.php +1 -1
- views/header.php +1 -1
contact-bank.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: Contact Bank Lite Edition
|
|
| 4 |
Plugin URI: http://tech-banker.com
|
| 5 |
Description: Build Complex, Powerful Contact Forms in Just Seconds. No Programming Knowledge Required! Yeah, It's Really That Easy.
|
| 6 |
Author: Tech Banker
|
| 7 |
-
Version: 2.1.
|
| 8 |
Author URI: http://tech-banker.com
|
| 9 |
License: GPLv3 or later
|
| 10 |
*/
|
|
@@ -638,7 +638,7 @@ if(!function_exists("frontend_plugin_css_styles_contact_bank"))
|
|
| 638 |
}
|
| 639 |
if(isset($_REQUEST["action"]))
|
| 640 |
{
|
| 641 |
-
switch($_REQUEST["action"])
|
| 642 |
{
|
| 643 |
case "add_contact_form_library":
|
| 644 |
|
| 4 |
Plugin URI: http://tech-banker.com
|
| 5 |
Description: Build Complex, Powerful Contact Forms in Just Seconds. No Programming Knowledge Required! Yeah, It's Really That Easy.
|
| 6 |
Author: Tech Banker
|
| 7 |
+
Version: 2.1.24
|
| 8 |
Author URI: http://tech-banker.com
|
| 9 |
License: GPLv3 or later
|
| 10 |
*/
|
| 638 |
}
|
| 639 |
if(isset($_REQUEST["action"]))
|
| 640 |
{
|
| 641 |
+
switch(esc_attr($_REQUEST["action"]))
|
| 642 |
{
|
| 643 |
case "add_contact_form_library":
|
| 644 |
|
lib/contact_bank_email-class.php
CHANGED
|
@@ -20,10 +20,10 @@ else
|
|
| 20 |
{
|
| 21 |
if(isset($_REQUEST["param"]))
|
| 22 |
{
|
| 23 |
-
switch($_REQUEST["param"])
|
| 24 |
{
|
| 25 |
case "email_settings":
|
| 26 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 27 |
$email_settings = $wpdb->get_results
|
| 28 |
(
|
| 29 |
$wpdb->prepare
|
|
@@ -104,9 +104,9 @@ else
|
|
| 104 |
|
| 105 |
break;
|
| 106 |
case "insert_email_controls":
|
| 107 |
-
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) :
|
| 108 |
-
$email_id = isset($_REQUEST["email_id"]) ? intval($_REQUEST["email_id"]) :
|
| 109 |
-
parse_str(base64_decode($_REQUEST["data"]),$email_settings_data);
|
| 110 |
$uxDescription_email = esc_html($email_settings_data["uxEmailTemplate_hidden"]);
|
| 111 |
$email_name = esc_html($email_settings_data["ux_txt_name"]);
|
| 112 |
$send_to = intval($email_settings_data["ux_rdl_send_to"]);
|
|
@@ -147,7 +147,7 @@ else
|
|
| 147 |
|
| 148 |
break;
|
| 149 |
case "delete_email_settings":
|
| 150 |
-
$email_id = intval($_REQUEST["email_id"]);
|
| 151 |
$wpdb->query
|
| 152 |
(
|
| 153 |
$wpdb->prepare
|
| 20 |
{
|
| 21 |
if(isset($_REQUEST["param"]))
|
| 22 |
{
|
| 23 |
+
switch(esc_attr($_REQUEST["param"]))
|
| 24 |
{
|
| 25 |
case "email_settings":
|
| 26 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 27 |
$email_settings = $wpdb->get_results
|
| 28 |
(
|
| 29 |
$wpdb->prepare
|
| 104 |
|
| 105 |
break;
|
| 106 |
case "insert_email_controls":
|
| 107 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 108 |
+
$email_id = isset($_REQUEST["email_id"]) ? intval($_REQUEST["email_id"]) : 0;
|
| 109 |
+
parse_str(isset($_REQUEST["data"]) ? base64_decode($_REQUEST["data"]) : "",$email_settings_data);
|
| 110 |
$uxDescription_email = esc_html($email_settings_data["uxEmailTemplate_hidden"]);
|
| 111 |
$email_name = esc_html($email_settings_data["ux_txt_name"]);
|
| 112 |
$send_to = intval($email_settings_data["ux_rdl_send_to"]);
|
| 147 |
|
| 148 |
break;
|
| 149 |
case "delete_email_settings":
|
| 150 |
+
$email_id = isset($_REQUEST["email_id"]) ? intval($_REQUEST["email_id"]) : 0;
|
| 151 |
$wpdb->query
|
| 152 |
(
|
| 153 |
$wpdb->prepare
|
lib/contact_bank_email_management.php
CHANGED
|
@@ -2,10 +2,10 @@
|
|
| 2 |
global $wpdb;
|
| 3 |
if(isset($_REQUEST["param"]))
|
| 4 |
{
|
| 5 |
-
if($_REQUEST["param"] == "email_management")
|
| 6 |
{
|
| 7 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 8 |
-
$form_submit_id = intval($_REQUEST["submit_id"]);
|
| 9 |
$file_uploaded_path_admin = "";
|
| 10 |
$email_content = $wpdb->get_results
|
| 11 |
(
|
| 2 |
global $wpdb;
|
| 3 |
if(isset($_REQUEST["param"]))
|
| 4 |
{
|
| 5 |
+
if(esc_attr($_REQUEST["param"]) == "email_management")
|
| 6 |
{
|
| 7 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 8 |
+
$form_submit_id = isset($_REQUEST["submit_id"]) ? intval($_REQUEST["submit_id"]) : 0;
|
| 9 |
$file_uploaded_path_admin = "";
|
| 10 |
$email_content = $wpdb->get_results
|
| 11 |
(
|
lib/contact_bank_frontend-class.php
CHANGED
|
@@ -2,11 +2,11 @@
|
|
| 2 |
global $wpdb;
|
| 3 |
if(isset($_REQUEST["param"]))
|
| 4 |
{
|
| 5 |
-
if($_REQUEST["param"] == "frontend_submit_controls")
|
| 6 |
{
|
| 7 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 8 |
-
$rand = intval($_REQUEST["rand"]);
|
| 9 |
-
parse_str(base64_decode($_REQUEST["data"]),$frontend_form_submit_data);
|
| 10 |
|
| 11 |
$fields = $wpdb->get_results
|
| 12 |
(
|
| 2 |
global $wpdb;
|
| 3 |
if(isset($_REQUEST["param"]))
|
| 4 |
{
|
| 5 |
+
if(esc_attr($_REQUEST["param"]) == "frontend_submit_controls")
|
| 6 |
{
|
| 7 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 8 |
+
$rand = isset($_REQUEST["rand"]) ? intval($_REQUEST["rand"]) : 0;
|
| 9 |
+
parse_str(isset($_REQUEST["data"]) ? base64_decode($_REQUEST["data"]) : "",$frontend_form_submit_data);
|
| 10 |
|
| 11 |
$fields = $wpdb->get_results
|
| 12 |
(
|
lib/contact_bank_layout_settings-class.php
CHANGED
|
@@ -11,7 +11,7 @@
|
|
| 11 |
case "author":
|
| 12 |
$cb_user_role_permission = "publish_posts";
|
| 13 |
break;
|
| 14 |
-
|
| 15 |
}
|
| 16 |
if (!current_user_can($cb_user_role_permission))
|
| 17 |
{
|
|
@@ -21,9 +21,9 @@ else
|
|
| 21 |
{
|
| 22 |
if(isset($_REQUEST["param"]))
|
| 23 |
{
|
| 24 |
-
if($_REQUEST["param"] == "fetch_control_values")
|
| 25 |
{
|
| 26 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 27 |
$layout_settings = array();
|
| 28 |
$form_settings_controls = $wpdb->get_results
|
| 29 |
(
|
|
@@ -40,8 +40,7 @@ else
|
|
| 40 |
echo json_encode($layout_settings);
|
| 41 |
die();
|
| 42 |
}
|
| 43 |
-
|
| 44 |
}
|
| 45 |
-
|
| 46 |
}
|
| 47 |
-
|
| 11 |
case "author":
|
| 12 |
$cb_user_role_permission = "publish_posts";
|
| 13 |
break;
|
| 14 |
+
|
| 15 |
}
|
| 16 |
if (!current_user_can($cb_user_role_permission))
|
| 17 |
{
|
| 21 |
{
|
| 22 |
if(isset($_REQUEST["param"]))
|
| 23 |
{
|
| 24 |
+
if(esc_attr($_REQUEST["param"]) == "fetch_control_values")
|
| 25 |
{
|
| 26 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 27 |
$layout_settings = array();
|
| 28 |
$form_settings_controls = $wpdb->get_results
|
| 29 |
(
|
| 40 |
echo json_encode($layout_settings);
|
| 41 |
die();
|
| 42 |
}
|
| 43 |
+
|
| 44 |
}
|
| 45 |
+
|
| 46 |
}
|
|
|
lib/contact_bank_show_form_control_data-class.php
CHANGED
|
@@ -21,11 +21,11 @@ else
|
|
| 21 |
{
|
| 22 |
if(isset($_REQUEST["param"]))
|
| 23 |
{
|
| 24 |
-
if($_REQUEST["param"] == "bind_text_control")
|
| 25 |
{
|
| 26 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 27 |
-
$field_type = intval($_REQUEST["control_type"]);
|
| 28 |
-
$dynamicId = intval($_REQUEST["dynamicId"]);
|
| 29 |
$control_id = $wpdb->get_var
|
| 30 |
(
|
| 31 |
$wpdb->prepare
|
| 21 |
{
|
| 22 |
if(isset($_REQUEST["param"]))
|
| 23 |
{
|
| 24 |
+
if(esc_attr($_REQUEST["param"]) == "bind_text_control")
|
| 25 |
{
|
| 26 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 27 |
+
$field_type = isset($_REQUEST["control_type"]) ? intval($_REQUEST["control_type"]) : 0;
|
| 28 |
+
$dynamicId = isset($_REQUEST["dynamicId"]) ? intval($_REQUEST["dynamicId"]) : 0;
|
| 29 |
$control_id = $wpdb->get_var
|
| 30 |
(
|
| 31 |
$wpdb->prepare
|
lib/contact_frontend_data_class.php
CHANGED
|
@@ -21,9 +21,9 @@ else
|
|
| 21 |
{
|
| 22 |
if(isset($_REQUEST["param"]))
|
| 23 |
{
|
| 24 |
-
if($_REQUEST["param"] == "frontend_form_data")
|
| 25 |
{
|
| 26 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 27 |
$form_data = $wpdb->get_results
|
| 28 |
(
|
| 29 |
$wpdb->prepare
|
| 21 |
{
|
| 22 |
if(isset($_REQUEST["param"]))
|
| 23 |
{
|
| 24 |
+
if(esc_attr($_REQUEST["param"]) == "frontend_form_data")
|
| 25 |
{
|
| 26 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 27 |
$form_data = $wpdb->get_results
|
| 28 |
(
|
| 29 |
$wpdb->prepare
|
lib/contact_view-class.php
CHANGED
|
@@ -20,12 +20,12 @@ else
|
|
| 20 |
{
|
| 21 |
if(isset($_REQUEST["param"]))
|
| 22 |
{
|
| 23 |
-
switch($_REQUEST["param"])
|
| 24 |
{
|
| 25 |
case "add_settings_div":
|
| 26 |
-
$dynamicId = intval($_REQUEST["dynamicId"]);
|
| 27 |
-
$field_type = intval($_REQUEST["field_type"]);
|
| 28 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 29 |
switch($field_type)
|
| 30 |
{
|
| 31 |
case 1:
|
|
@@ -50,7 +50,7 @@ else
|
|
| 50 |
break;
|
| 51 |
|
| 52 |
case "delete_form":
|
| 53 |
-
$form_id =
|
| 54 |
$control_id = $wpdb->get_results
|
| 55 |
(
|
| 56 |
$wpdb->prepare
|
|
@@ -176,8 +176,8 @@ else
|
|
| 176 |
|
| 177 |
$sql1 = array();
|
| 178 |
$form_settings_data = array();
|
| 179 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 180 |
-
parse_str(base64_decode($_REQUEST["form_settings"]),$form_settings);
|
| 181 |
$form_settings_data["blank_field_message"] = esc_html($form_settings["ux_txt_blank_message"]);
|
| 182 |
$form_settings_data["incorrect_email_message"] = esc_html($form_settings["ux_txt_incorrect_email_message"]);
|
| 183 |
$form_settings_data["success_message"] = esc_html($form_settings["ux_txt_success_message"]);
|
|
@@ -309,8 +309,8 @@ else
|
|
| 309 |
|
| 310 |
case "save_text_control":
|
| 311 |
|
| 312 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 313 |
-
$event = esc_attr($_REQUEST["events"]);
|
| 314 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 315 |
if(isset($_REQUEST["data"]))
|
| 316 |
{
|
|
@@ -319,7 +319,7 @@ else
|
|
| 319 |
}
|
| 320 |
else
|
| 321 |
{
|
| 322 |
-
$dynamic_Id = intval($_REQUEST["ux_hd_textbox_dynamic_id"]);
|
| 323 |
}
|
| 324 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 325 |
$form_settings[$dynamic_Id]["dynamic_id"] = $dynamic_Id;
|
|
@@ -408,8 +408,8 @@ else
|
|
| 408 |
|
| 409 |
case "save_textarea_control":
|
| 410 |
|
| 411 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 412 |
-
$event = esc_attr($_REQUEST["events"]);
|
| 413 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 414 |
if(isset($_REQUEST["data"]))
|
| 415 |
{
|
|
@@ -418,7 +418,7 @@ else
|
|
| 418 |
}
|
| 419 |
else
|
| 420 |
{
|
| 421 |
-
$dynamic_Id = intval($_REQUEST["ux_hd_textbox_dynamic_id"]);
|
| 422 |
}
|
| 423 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 424 |
$form_settings[$dynamic_Id]["dynamic_id"] = $dynamic_Id;
|
|
@@ -506,8 +506,8 @@ else
|
|
| 506 |
|
| 507 |
case "save_email_control":
|
| 508 |
|
| 509 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 510 |
-
$event = esc_attr($_REQUEST["events"]);
|
| 511 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 512 |
if(isset($_REQUEST["data"]))
|
| 513 |
{
|
|
@@ -516,7 +516,7 @@ else
|
|
| 516 |
}
|
| 517 |
else
|
| 518 |
{
|
| 519 |
-
$dynamic_Id = intval($_REQUEST["ux_hd_textbox_dynamic_id"]);
|
| 520 |
}
|
| 521 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 522 |
$form_settings[$dynamic_Id]["dynamic_id"] = $dynamic_Id;
|
|
@@ -599,8 +599,8 @@ else
|
|
| 599 |
|
| 600 |
case "save_drop_down_control":
|
| 601 |
|
| 602 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 603 |
-
$event = esc_attr($_REQUEST["events"]);
|
| 604 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 605 |
if(isset($_REQUEST["data"]))
|
| 606 |
{
|
|
@@ -609,7 +609,7 @@ else
|
|
| 609 |
}
|
| 610 |
else
|
| 611 |
{
|
| 612 |
-
$dynamic_Id = intval($_REQUEST["ux_hd_textbox_dynamic_id"]);
|
| 613 |
}
|
| 614 |
|
| 615 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
|
@@ -698,8 +698,8 @@ else
|
|
| 698 |
|
| 699 |
case "save_check_box_control":
|
| 700 |
|
| 701 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 702 |
-
$event = esc_attr($_REQUEST["events"]);
|
| 703 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 704 |
if(isset($_REQUEST["data"]))
|
| 705 |
{
|
|
@@ -708,7 +708,7 @@ else
|
|
| 708 |
}
|
| 709 |
else
|
| 710 |
{
|
| 711 |
-
$dynamic_Id = intval($_REQUEST["ux_hd_textbox_dynamic_id"]);
|
| 712 |
}
|
| 713 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 714 |
$ddl_options_id = isset($_REQUEST["ddl_options_id"]) ? json_decode(stripcslashes($_REQUEST["ddl_options_id"]),true) : array();
|
|
@@ -796,8 +796,8 @@ else
|
|
| 796 |
|
| 797 |
case "save_multiple_control":
|
| 798 |
|
| 799 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 800 |
-
$event = esc_attr($_REQUEST["events"]);
|
| 801 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 802 |
if(isset($_REQUEST["data"]))
|
| 803 |
{
|
|
@@ -806,7 +806,7 @@ else
|
|
| 806 |
}
|
| 807 |
else
|
| 808 |
{
|
| 809 |
-
$dynamic_Id = intval($_REQUEST["ux_hd_textbox_dynamic_id"]);
|
| 810 |
}
|
| 811 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 812 |
$ddl_options_id = isset($_REQUEST["ddl_options_id"]) ? json_decode(stripcslashes($_REQUEST["ddl_options_id"]),true) : array();
|
|
@@ -898,7 +898,7 @@ else
|
|
| 898 |
|
| 899 |
case "form_fields_sorting_order":
|
| 900 |
|
| 901 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 902 |
$field_dynamic_id = isset($_REQUEST["field_dynamic_id"]) ? json_decode(stripcslashes($_REQUEST["field_dynamic_id"]),true) : array();
|
| 903 |
$sql= "";
|
| 904 |
foreach($field_dynamic_id as $key => $val)
|
|
@@ -918,7 +918,7 @@ else
|
|
| 918 |
|
| 919 |
case "contact_plugin_updates":
|
| 920 |
|
| 921 |
-
$contact_updates = intval($_REQUEST["contact_updates"]);
|
| 922 |
update_option("contact-bank-automatic_update",$contact_updates);
|
| 923 |
|
| 924 |
break;
|
| 20 |
{
|
| 21 |
if(isset($_REQUEST["param"]))
|
| 22 |
{
|
| 23 |
+
switch(esc_attr($_REQUEST["param"]))
|
| 24 |
{
|
| 25 |
case "add_settings_div":
|
| 26 |
+
$dynamicId = isset($_REQUEST["dynamicId"]) ? intval($_REQUEST["dynamicId"]) : 0;
|
| 27 |
+
$field_type = isset($_REQUEST["field_type"]) ? intval($_REQUEST["field_type"]) : 0;
|
| 28 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 29 |
switch($field_type)
|
| 30 |
{
|
| 31 |
case 1:
|
| 50 |
break;
|
| 51 |
|
| 52 |
case "delete_form":
|
| 53 |
+
$form_id = isset($_REQUEST["id"]) ? intval($_REQUEST["id"]) : 0;
|
| 54 |
$control_id = $wpdb->get_results
|
| 55 |
(
|
| 56 |
$wpdb->prepare
|
| 176 |
|
| 177 |
$sql1 = array();
|
| 178 |
$form_settings_data = array();
|
| 179 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 180 |
+
parse_str(isset($_REQUEST["form_settings"]) ? base64_decode($_REQUEST["form_settings"]) : "",$form_settings);
|
| 181 |
$form_settings_data["blank_field_message"] = esc_html($form_settings["ux_txt_blank_message"]);
|
| 182 |
$form_settings_data["incorrect_email_message"] = esc_html($form_settings["ux_txt_incorrect_email_message"]);
|
| 183 |
$form_settings_data["success_message"] = esc_html($form_settings["ux_txt_success_message"]);
|
| 309 |
|
| 310 |
case "save_text_control":
|
| 311 |
|
| 312 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 313 |
+
$event = isset($_REQUEST["events"]) ? esc_attr($_REQUEST["events"]) : "";
|
| 314 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 315 |
if(isset($_REQUEST["data"]))
|
| 316 |
{
|
| 319 |
}
|
| 320 |
else
|
| 321 |
{
|
| 322 |
+
$dynamic_Id = isset($_REQUEST["ux_hd_textbox_dynamic_id"]) ? intval($_REQUEST["ux_hd_textbox_dynamic_id"]) : 0;
|
| 323 |
}
|
| 324 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 325 |
$form_settings[$dynamic_Id]["dynamic_id"] = $dynamic_Id;
|
| 408 |
|
| 409 |
case "save_textarea_control":
|
| 410 |
|
| 411 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 412 |
+
$event = isset($_REQUEST["events"]) ? esc_attr($_REQUEST["events"]) : "";
|
| 413 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 414 |
if(isset($_REQUEST["data"]))
|
| 415 |
{
|
| 418 |
}
|
| 419 |
else
|
| 420 |
{
|
| 421 |
+
$dynamic_Id = isset($_REQUEST["ux_hd_textbox_dynamic_id"]) ? intval($_REQUEST["ux_hd_textbox_dynamic_id"]) : 0;
|
| 422 |
}
|
| 423 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 424 |
$form_settings[$dynamic_Id]["dynamic_id"] = $dynamic_Id;
|
| 506 |
|
| 507 |
case "save_email_control":
|
| 508 |
|
| 509 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 510 |
+
$event = isset($_REQUEST["events"]) ? esc_attr($_REQUEST["events"]) : "";
|
| 511 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 512 |
if(isset($_REQUEST["data"]))
|
| 513 |
{
|
| 516 |
}
|
| 517 |
else
|
| 518 |
{
|
| 519 |
+
$dynamic_Id = isset($_REQUEST["ux_hd_textbox_dynamic_id"]) ? intval($_REQUEST["ux_hd_textbox_dynamic_id"]) : 0;
|
| 520 |
}
|
| 521 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 522 |
$form_settings[$dynamic_Id]["dynamic_id"] = $dynamic_Id;
|
| 599 |
|
| 600 |
case "save_drop_down_control":
|
| 601 |
|
| 602 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 603 |
+
$event = isset($_REQUEST["events"]) ? esc_attr($_REQUEST["events"]) : "";
|
| 604 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 605 |
if(isset($_REQUEST["data"]))
|
| 606 |
{
|
| 609 |
}
|
| 610 |
else
|
| 611 |
{
|
| 612 |
+
$dynamic_Id = isset($_REQUEST["ux_hd_textbox_dynamic_id"]) ? intval($_REQUEST["ux_hd_textbox_dynamic_id"]) : 0;
|
| 613 |
}
|
| 614 |
|
| 615 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 698 |
|
| 699 |
case "save_check_box_control":
|
| 700 |
|
| 701 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 702 |
+
$event = isset($_REQUEST["events"]) ? esc_attr($_REQUEST["events"]) : "";
|
| 703 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 704 |
if(isset($_REQUEST["data"]))
|
| 705 |
{
|
| 708 |
}
|
| 709 |
else
|
| 710 |
{
|
| 711 |
+
$dynamic_Id = isset($_REQUEST["ux_hd_textbox_dynamic_id"]) ? intval($_REQUEST["ux_hd_textbox_dynamic_id"]) : 0;
|
| 712 |
}
|
| 713 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 714 |
$ddl_options_id = isset($_REQUEST["ddl_options_id"]) ? json_decode(stripcslashes($_REQUEST["ddl_options_id"]),true) : array();
|
| 796 |
|
| 797 |
case "save_multiple_control":
|
| 798 |
|
| 799 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 800 |
+
$event = isset($_REQUEST["events"]) ? esc_attr($_REQUEST["events"]) : "";
|
| 801 |
$controlId = isset($_REQUEST["controlId"]) ? intval($_REQUEST["controlId"]) : 0;
|
| 802 |
if(isset($_REQUEST["data"]))
|
| 803 |
{
|
| 806 |
}
|
| 807 |
else
|
| 808 |
{
|
| 809 |
+
$dynamic_Id = isset($_REQUEST["ux_hd_textbox_dynamic_id"]) ? intval($_REQUEST["ux_hd_textbox_dynamic_id"]) : 0;
|
| 810 |
}
|
| 811 |
$form_settings = isset($_REQUEST["form_settings"]) ? json_decode(stripcslashes($_REQUEST["form_settings"]),true) : array();
|
| 812 |
$ddl_options_id = isset($_REQUEST["ddl_options_id"]) ? json_decode(stripcslashes($_REQUEST["ddl_options_id"]),true) : array();
|
| 898 |
|
| 899 |
case "form_fields_sorting_order":
|
| 900 |
|
| 901 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 902 |
$field_dynamic_id = isset($_REQUEST["field_dynamic_id"]) ? json_decode(stripcslashes($_REQUEST["field_dynamic_id"]),true) : array();
|
| 903 |
$sql= "";
|
| 904 |
foreach($field_dynamic_id as $key => $val)
|
| 918 |
|
| 919 |
case "contact_plugin_updates":
|
| 920 |
|
| 921 |
+
$contact_updates = isset($_REQUEST["contact_updates"]) ? intval($_REQUEST["contact_updates"]) : 0;
|
| 922 |
update_option("contact-bank-automatic_update",$contact_updates);
|
| 923 |
|
| 924 |
break;
|
readme.txt
CHANGED
|
@@ -1,9 +1,9 @@
|
|
| 1 |
=== Contact Bank - Contact Forms Builder ===
|
| 2 |
Contributors: contact-banker, Gallery-Bank
|
| 3 |
-
Tags:
|
| 4 |
Requires at least: 3.1
|
| 5 |
Tested up to: 4.5.3
|
| 6 |
-
Stable tag: 2.1.
|
| 7 |
License: GPLv3 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 9 |
|
|
@@ -549,6 +549,12 @@ In order to set Shortcode for a Form, you need to follow these steps :
|
|
| 549 |
|
| 550 |
== Changelog ==
|
| 551 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 552 |
= 2.1.23 =
|
| 553 |
|
| 554 |
* Cross Site Scripting Security Fix
|
| 1 |
=== Contact Bank - Contact Forms Builder ===
|
| 2 |
Contributors: contact-banker, Gallery-Bank
|
| 3 |
+
Tags: advanced form, best contact form plugin, contact form builder, contact manager, contact us form, custom form, feedback form, web form, contact us, contact bank, contact form, forms
|
| 4 |
Requires at least: 3.1
|
| 5 |
Tested up to: 4.5.3
|
| 6 |
+
Stable tag: 2.1.24
|
| 7 |
License: GPLv3 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 9 |
|
| 549 |
|
| 550 |
== Changelog ==
|
| 551 |
|
| 552 |
+
= 2.1.24 =
|
| 553 |
+
|
| 554 |
+
* Cross Site Scripting Security Fix
|
| 555 |
+
* Code Optimized
|
| 556 |
+
* Few Bugs Fixed
|
| 557 |
+
|
| 558 |
= 2.1.23 =
|
| 559 |
|
| 560 |
* Cross Site Scripting Security Fix
|
views/add_contact_email.php
CHANGED
|
@@ -19,7 +19,7 @@ if (!current_user_can($cb_user_role_permission))
|
|
| 19 |
}
|
| 20 |
else
|
| 21 |
{
|
| 22 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 23 |
isset($_REQUEST["email_id"]) ? $email_id = intval($_REQUEST["email_id"]) : $email_id = "";
|
| 24 |
|
| 25 |
$fields_email = $wpdb->get_results
|
| 19 |
}
|
| 20 |
else
|
| 21 |
{
|
| 22 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 23 |
isset($_REQUEST["email_id"]) ? $email_id = intval($_REQUEST["email_id"]) : $email_id = "";
|
| 24 |
|
| 25 |
$fields_email = $wpdb->get_results
|
views/contact_bank_form_preview.php
CHANGED
|
@@ -18,7 +18,7 @@ if (!current_user_can($cb_user_role_permission))
|
|
| 18 |
}
|
| 19 |
else
|
| 20 |
{
|
| 21 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 22 |
$control_settings_array = array();
|
| 23 |
$form_settings_array = array();
|
| 24 |
$layout_settings_array = array();
|
| 18 |
}
|
| 19 |
else
|
| 20 |
{
|
| 21 |
+
$form_id = isset($_REQUEST["form_id"]) ?intval($_REQUEST["form_id"]) : 0;
|
| 22 |
$control_settings_array = array();
|
| 23 |
$form_settings_array = array();
|
| 24 |
$layout_settings_array = array();
|
views/contact_bank_layout_settings.php
CHANGED
|
@@ -56,7 +56,7 @@ else
|
|
| 56 |
<?php
|
| 57 |
for($flag=0;$flag<count($forms);$flag++)
|
| 58 |
{
|
| 59 |
-
if(isset($_REQUEST["form_id"]) && $_REQUEST["form_id"] == $forms[$flag]->form_id)
|
| 60 |
{
|
| 61 |
?>
|
| 62 |
<option value="<?php echo $forms[$flag]->form_id ;?>" selected="selected"><?php echo $forms[$flag]->form_name ;?></option>
|
| 56 |
<?php
|
| 57 |
for($flag=0;$flag<count($forms);$flag++)
|
| 58 |
{
|
| 59 |
+
if(isset($_REQUEST["form_id"]) && intval($_REQUEST["form_id"]) == $forms[$flag]->form_id)
|
| 60 |
{
|
| 61 |
?>
|
| 62 |
<option value="<?php echo $forms[$flag]->form_id ;?>" selected="selected"><?php echo $forms[$flag]->form_name ;?></option>
|
views/contact_view.php
CHANGED
|
@@ -19,7 +19,7 @@ if (!current_user_can($cb_user_role_permission))
|
|
| 19 |
else
|
| 20 |
{
|
| 21 |
$form_settings = array();
|
| 22 |
-
$form_id = intval($_REQUEST["form_id"]);
|
| 23 |
$count_forms = $wpdb->get_var
|
| 24 |
(
|
| 25 |
"SELECT count(form_id) FROM ". contact_bank_contact_form()
|
| 19 |
else
|
| 20 |
{
|
| 21 |
$form_settings = array();
|
| 22 |
+
$form_id = isset($_REQUEST["form_id"]) ? intval($_REQUEST["form_id"]) : 0;
|
| 23 |
$count_forms = $wpdb->get_var
|
| 24 |
(
|
| 25 |
"SELECT count(form_id) FROM ". contact_bank_contact_form()
|
views/header.php
CHANGED
|
@@ -157,7 +157,7 @@ switch ($cb_role) {
|
|
| 157 |
<?php
|
| 158 |
break;
|
| 159 |
}
|
| 160 |
-
if($
|
| 161 |
{
|
| 162 |
?>
|
| 163 |
<div class="custom-message green" style="display: block;margin-top:30px">
|
| 157 |
<?php
|
| 158 |
break;
|
| 159 |
}
|
| 160 |
+
if(isset($_GET["page"]) ? esc_attr($_GET["page"]) : "" != "contact_feature_request")
|
| 161 |
{
|
| 162 |
?>
|
| 163 |
<div class="custom-message green" style="display: block;margin-top:30px">
|
