Contact Form 7 - Version 5.3.2

Version Description

  • Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
  • Akismet: Sets ISO 8601 date/time format for the comment_date_gmt parameter.
Download this release

Release Info

Developer takayukister
Plugin Icon 128x128 Contact Form 7
Version 5.3.2
Comparing to
See all releases

Code changes from version 5.3.1 to 5.3.2

Files changed (4) hide show
  1. includes/formatting.php +2 -0
  2. modules/akismet.php +8 -1
  3. readme.txt +6 -1
  4. wp-contact-form-7.php +2 -2
includes/formatting.php CHANGED
@@ -339,6 +339,8 @@ function wpcf7_is_email_in_site_domain( $email ) {
339
 
340
  function wpcf7_antiscript_file_name( $filename ) {
341
  $filename = wp_basename( $filename );
 
 
342
  $parts = explode( '.', $filename );
343
 
344
  if ( count( $parts ) < 2 ) {
339
 
340
  function wpcf7_antiscript_file_name( $filename ) {
341
  $filename = wp_basename( $filename );
342
+ $filename = preg_replace( '/[\pC\pZ]+/i', '', $filename );
343
+
344
  $parts = explode( '.', $filename );
345
 
346
  if ( count( $parts ) < 2 ) {
modules/akismet.php CHANGED
@@ -33,7 +33,14 @@ function wpcf7_akismet( $spam, $submission ) {
33
  $c['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
34
  $c['referrer'] = $_SERVER['HTTP_REFERER'];
35
  $c['comment_type'] = 'contact-form';
36
- $c['comment_date_gmt'] = $submission->get_meta( 'timestamp' );
 
 
 
 
 
 
 
37
 
38
  if ( $permalink = get_permalink() ) {
39
  $c['permalink'] = $permalink;
33
  $c['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
34
  $c['referrer'] = $_SERVER['HTTP_REFERER'];
35
  $c['comment_type'] = 'contact-form';
36
+
37
+ $datetime = date_create_immutable(
38
+ '@' . $submission->get_meta( 'timestamp' )
39
+ );
40
+
41
+ if ( $datetime ) {
42
+ $c['comment_date_gmt'] = $datetime->format( DATE_ATOM );
43
+ }
44
 
45
  if ( $permalink = get_permalink() ) {
46
  $c['permalink'] = $permalink;
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://contactform7.com/donate/
4
  Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual
5
  Requires at least: 5.4
6
  Tested up to: 5.6
7
- Stable tag: 5.3.1
8
  License: GPLv2 or later
9
  License URI: https://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -75,6 +75,11 @@ Do you have questions or issues with Contact Form 7? Use these support channels
75
 
76
  For more information, see [Releases](https://contactform7.com/category/releases/).
77
 
 
 
 
 
 
78
  = 5.3.1 =
79
 
80
  * Flamingo: Passes the `last_contacted` parameter based on the submission timestamp.
4
  Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual
5
  Requires at least: 5.4
6
  Tested up to: 5.6
7
+ Stable tag: 5.3.2
8
  License: GPLv2 or later
9
  License URI: https://www.gnu.org/licenses/gpl-2.0.html
10
 
75
 
76
  For more information, see [Releases](https://contactform7.com/category/releases/).
77
 
78
+ = 5.3.2 =
79
+
80
+ * Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
81
+ * Akismet: Sets ISO 8601 date/time format for the `comment_date_gmt` parameter.
82
+
83
  = 5.3.1 =
84
 
85
  * Flamingo: Passes the `last_contacted` parameter based on the submission timestamp.
wp-contact-form-7.php CHANGED
@@ -7,10 +7,10 @@ Author: Takayuki Miyoshi
7
  Author URI: https://ideasilo.wordpress.com/
8
  Text Domain: contact-form-7
9
  Domain Path: /languages/
10
- Version: 5.3.1
11
  */
12
 
13
- define( 'WPCF7_VERSION', '5.3.1' );
14
 
15
  define( 'WPCF7_REQUIRED_WP_VERSION', '5.4' );
16
 
7
  Author URI: https://ideasilo.wordpress.com/
8
  Text Domain: contact-form-7
9
  Domain Path: /languages/
10
+ Version: 5.3.2
11
  */
12
 
13
+ define( 'WPCF7_VERSION', '5.3.2' );
14
 
15
  define( 'WPCF7_REQUIRED_WP_VERSION', '5.4' );
16