Version Description
- Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
- Akismet: Sets ISO 8601 date/time format for the
comment_date_gmt
parameter.
Download this release
Release Info
Developer | takayukister |
Plugin | Contact Form 7 |
Version | 5.3.2 |
Comparing to | |
See all releases |
Code changes from version 5.3.1 to 5.3.2
- includes/formatting.php +2 -0
- modules/akismet.php +8 -1
- readme.txt +6 -1
- wp-contact-form-7.php +2 -2
includes/formatting.php
CHANGED
@@ -339,6 +339,8 @@ function wpcf7_is_email_in_site_domain( $email ) {
|
|
339 |
|
340 |
function wpcf7_antiscript_file_name( $filename ) {
|
341 |
$filename = wp_basename( $filename );
|
|
|
|
|
342 |
$parts = explode( '.', $filename );
|
343 |
|
344 |
if ( count( $parts ) < 2 ) {
|
339 |
|
340 |
function wpcf7_antiscript_file_name( $filename ) {
|
341 |
$filename = wp_basename( $filename );
|
342 |
+
$filename = preg_replace( '/[\pC\pZ]+/i', '', $filename );
|
343 |
+
|
344 |
$parts = explode( '.', $filename );
|
345 |
|
346 |
if ( count( $parts ) < 2 ) {
|
modules/akismet.php
CHANGED
@@ -33,7 +33,14 @@ function wpcf7_akismet( $spam, $submission ) {
|
|
33 |
$c['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
|
34 |
$c['referrer'] = $_SERVER['HTTP_REFERER'];
|
35 |
$c['comment_type'] = 'contact-form';
|
36 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
|
38 |
if ( $permalink = get_permalink() ) {
|
39 |
$c['permalink'] = $permalink;
|
33 |
$c['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
|
34 |
$c['referrer'] = $_SERVER['HTTP_REFERER'];
|
35 |
$c['comment_type'] = 'contact-form';
|
36 |
+
|
37 |
+
$datetime = date_create_immutable(
|
38 |
+
'@' . $submission->get_meta( 'timestamp' )
|
39 |
+
);
|
40 |
+
|
41 |
+
if ( $datetime ) {
|
42 |
+
$c['comment_date_gmt'] = $datetime->format( DATE_ATOM );
|
43 |
+
}
|
44 |
|
45 |
if ( $permalink = get_permalink() ) {
|
46 |
$c['permalink'] = $permalink;
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://contactform7.com/donate/
|
|
4 |
Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual
|
5 |
Requires at least: 5.4
|
6 |
Tested up to: 5.6
|
7 |
-
Stable tag: 5.3.
|
8 |
License: GPLv2 or later
|
9 |
License URI: https://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -75,6 +75,11 @@ Do you have questions or issues with Contact Form 7? Use these support channels
|
|
75 |
|
76 |
For more information, see [Releases](https://contactform7.com/category/releases/).
|
77 |
|
|
|
|
|
|
|
|
|
|
|
78 |
= 5.3.1 =
|
79 |
|
80 |
* Flamingo: Passes the `last_contacted` parameter based on the submission timestamp.
|
4 |
Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual
|
5 |
Requires at least: 5.4
|
6 |
Tested up to: 5.6
|
7 |
+
Stable tag: 5.3.2
|
8 |
License: GPLv2 or later
|
9 |
License URI: https://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
75 |
|
76 |
For more information, see [Releases](https://contactform7.com/category/releases/).
|
77 |
|
78 |
+
= 5.3.2 =
|
79 |
+
|
80 |
+
* Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
|
81 |
+
* Akismet: Sets ISO 8601 date/time format for the `comment_date_gmt` parameter.
|
82 |
+
|
83 |
= 5.3.1 =
|
84 |
|
85 |
* Flamingo: Passes the `last_contacted` parameter based on the submission timestamp.
|
wp-contact-form-7.php
CHANGED
@@ -7,10 +7,10 @@ Author: Takayuki Miyoshi
|
|
7 |
Author URI: https://ideasilo.wordpress.com/
|
8 |
Text Domain: contact-form-7
|
9 |
Domain Path: /languages/
|
10 |
-
Version: 5.3.
|
11 |
*/
|
12 |
|
13 |
-
define( 'WPCF7_VERSION', '5.3.
|
14 |
|
15 |
define( 'WPCF7_REQUIRED_WP_VERSION', '5.4' );
|
16 |
|
7 |
Author URI: https://ideasilo.wordpress.com/
|
8 |
Text Domain: contact-form-7
|
9 |
Domain Path: /languages/
|
10 |
+
Version: 5.3.2
|
11 |
*/
|
12 |
|
13 |
+
define( 'WPCF7_VERSION', '5.3.2' );
|
14 |
|
15 |
define( 'WPCF7_REQUIRED_WP_VERSION', '5.4' );
|
16 |
|