Contact Form Builder – a plugin for creating contact and feedback forms - Version 1.0.69

Version Description

  • Fixed: CSRF issue.
  • Fixed: Captcha.
Download this release

Release Info

Developer webdorado
Plugin Icon 128x128 Contact Form Builder – a plugin for creating contact and feedback forms
Version 1.0.69
Comparing to
See all releases

Code changes from version 1.0.68 to 1.0.69

Files changed (6) hide show
  1. admin/models/CFMModelManage_cfm.php +3 -1
  2. admin/views/CFMViewManage_cfm.php +7 -6
  3. contact-form-builder.php +12 -7
  4. frontend/views/CFMViewForm_maker.php +3 -2
  5. js/contactformmaker.js +3 -3
  6. readme.txt +6 -2
admin/models/CFMModelManage_cfm.php CHANGED
@@ -13,7 +13,9 @@ class CFMModelManage_cfm {
13
  ////////////////////////////////////////////////////////////////////////////////////////
14
  // Constructor & Destructor //
15
  ////////////////////////////////////////////////////////////////////////////////////////
 
16
  public function __construct() {
 
17
  }
18
  ////////////////////////////////////////////////////////////////////////////////////////
19
  // Public Methods //
@@ -599,7 +601,7 @@ class CFMModelManage_cfm {
599
  }
600
  }
601
  $param['w_field_label_pos'] = ($param['w_field_label_pos'] == "left" ? "table-cell" : "block");
602
- $rep .= '<div id="wdform_field'.$id.'" type="type_captcha" class="wdform_field" style="display: table-cell;"><div align="left" id="'.$id.'_label_sectionform_id_temp" class="'.$param['w_class'].'" style="display:'.$param['w_field_label_pos'].'; width: '.$param['w_field_label_size'].'px; vertical-align:top;"><span id="'.$id.'_element_labelform_id_temp" class="label" style="vertical-align: top;">'.$label.'</span></div><div align="left" id="'.$id.'_element_sectionform_id_temp" class="'.$param['w_class'].'" style="display: '.$param['w_field_label_pos'].';"><input type="hidden" value="type_captcha" name="'.$id.'_typeform_id_temp" id="'.$id.'_typeform_id_temp"><div style="display: table;"><div style="display: table-row;"><div valign="middle" style="display: table-cell;"><img type="captcha" digit="'.$param['w_digit'].'" src="' . add_query_arg(array('action' => 'ContactFormmakerwdcaptcha', 'digit' => $param['w_digit'], 'i' => 'form_id_temp'), admin_url('admin-ajax.php')) . 'digit='.$param['w_digit'].'" id="_wd_captchaform_id_temp" class="captcha_img" onclick="captcha_refresh(&quot;_wd_captcha&quot;,&quot;form_id_temp&quot;)" '.$param['attributes'].'></div><div valign="middle" style="display: table-cell;"><div class="captcha_refresh" id="_element_refreshform_id_temp" onclick="captcha_refresh(&quot;_wd_captcha&quot;,&quot;form_id_temp&quot;)" '.$param['attributes'].'></div></div></div><div style="display: table-row;"><div style="display: table-cell;"><input type="text" class="captcha_input" id="_wd_captcha_inputform_id_temp" name="captcha_input" style="width: '.($param['w_digit']*10+15).'px;" '.$param['attributes'].' disabled></div></div></div></div></div>';
603
  break;
604
  }
605
  case 'type_recaptcha': {
13
  ////////////////////////////////////////////////////////////////////////////////////////
14
  // Constructor & Destructor //
15
  ////////////////////////////////////////////////////////////////////////////////////////
16
+ private $cfm_nonce = null;
17
  public function __construct() {
18
+ $this->cfm_nonce = wp_create_nonce('cfm_ajax_nonce');
19
  }
20
  ////////////////////////////////////////////////////////////////////////////////////////
21
  // Public Methods //
601
  }
602
  }
603
  $param['w_field_label_pos'] = ($param['w_field_label_pos'] == "left" ? "table-cell" : "block");
604
+ $rep .= '<div id="wdform_field'.$id.'" type="type_captcha" class="wdform_field" style="display: table-cell;"><div align="left" id="'.$id.'_label_sectionform_id_temp" class="'.$param['w_class'].'" style="display:'.$param['w_field_label_pos'].'; width: '.$param['w_field_label_size'].'px; vertical-align:top;"><span id="'.$id.'_element_labelform_id_temp" class="label" style="vertical-align: top;">'.$label.'</span></div><div align="left" id="'.$id.'_element_sectionform_id_temp" class="'.$param['w_class'].'" style="display: '.$param['w_field_label_pos'].';"><input type="hidden" value="type_captcha" name="'.$id.'_typeform_id_temp" id="'.$id.'_typeform_id_temp"><div style="display: table;"><div style="display: table-row;"><div valign="middle" style="display: table-cell;"><img type="captcha" digit="'.$param['w_digit'].'" src="' . add_query_arg(array('action' => 'ContactFormmakerwdcaptcha', 'nonce'=>$this->cfm_nonce, 'digit' => $param['w_digit'], 'i' => 'form_id_temp'), admin_url('admin-ajax.php')) . 'digit='.$param['w_digit'].'" id="_wd_captchaform_id_temp" class="captcha_img" onclick="captcha_refresh(&quot;_wd_captcha&quot;,&quot;form_id_temp&quot;)" '.$param['attributes'].'></div><div valign="middle" style="display: table-cell;"><div class="captcha_refresh" id="_element_refreshform_id_temp" onclick="captcha_refresh(&quot;_wd_captcha&quot;,&quot;form_id_temp&quot;)" '.$param['attributes'].'></div></div></div><div style="display: table-row;"><div style="display: table-cell;"><input type="text" class="captcha_input" id="_wd_captcha_inputform_id_temp" name="captcha_input" style="width: '.($param['w_digit']*10+15).'px;" '.$param['attributes'].' disabled></div></div></div></div></div>';
605
  break;
606
  }
607
  case 'type_recaptcha': {
admin/views/CFMViewManage_cfm.php CHANGED
@@ -11,11 +11,12 @@ class CFMViewManage_cfm {
11
  // Variables //
12
  ////////////////////////////////////////////////////////////////////////////////////////
13
  private $model;
14
-
15
  ////////////////////////////////////////////////////////////////////////////////////////
16
  // Constructor & Destructor //
17
  ////////////////////////////////////////////////////////////////////////////////////////
18
  public function __construct($model) {
 
19
  $this->model = $model;
20
  }
21
 
@@ -113,7 +114,7 @@ class CFMViewManage_cfm {
113
  <input type="text" value='&#60;?php wd_contact_form_builder(<?php echo $row_data->id; ?>); ?&#62;' onclick="spider_select_value(this)" readonly="readonly" style="padding-left: 1px; padding-right: 1px;"/>
114
  </td>
115
  <td class="table_medium_col">
116
- <button class="fm-icon preview-icon" title="<?php echo __("Form Preview", "contact_form_maker"); ?>" onclick="tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'form_id' => $row_data->id, 'test_theme' => $row_data->theme, 'width' => '1000', 'height' => '500', 'TB_iframe' => '1'), admin_url('admin-ajax.php')); ?>'); return false;">
117
  <span></span>
118
  </button>
119
  </td>
@@ -178,7 +179,7 @@ class CFMViewManage_cfm {
178
  form_view_count = 1;
179
  form_view_max = 1;
180
  function set_preview() {
181
- jQuery("#preview_form").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&test_theme=" + jQuery('#theme').val() + "&width=1000&height=500&TB_iframe=1'); return false;");
182
  jQuery("#edit_css").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerEditCSS', 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&id=" + jQuery('#theme').val() + "&width=800&height=500&TB_iframe=1'); return false;");
183
  }
184
  function submitbutton() {
@@ -469,7 +470,7 @@ class CFMViewManage_cfm {
469
  }
470
  ?>
471
  </select>
472
- <button id="preview_form" class="fm-button preview-button small" title="<?php echo __("Form Preview", "contact_form_maker"); ?>" onclick="tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'form_id' => $row->id, 'test_theme' => $row->theme, 'width' => '1000', 'height' => '500', 'TB_iframe' => '1'), admin_url('admin-ajax.php')); ?>'); return false;">
473
  <span></span>
474
  <?php echo __("Preview", "contact_form_maker"); ?>
475
  </button>
@@ -897,7 +898,7 @@ class CFMViewManage_cfm {
897
  gen = "<?php echo $row->counter; ?>";
898
  form_view_max = 20;
899
  function set_preview() {
900
- jQuery("#preview_form").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&test_theme=" + jQuery('#theme').val() + "&width=1000&height=500&TB_iframe=1'); return false;");
901
  jQuery("#edit_css").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerEditCSS', 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&id=" + jQuery('#theme').val() + "&width=800&height=500&TB_iframe=1'); return false;");
902
  }
903
 
@@ -1010,7 +1011,7 @@ class CFMViewManage_cfm {
1010
  }
1011
  ?>
1012
  </select>
1013
- <button id="preview_form" class="fm-button preview-button small" title="<?php echo __("Form Preview", "contact_form_maker"); ?>" onclick="tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'form_id' => $row->id, 'test_theme' => $row->theme, 'width' => '1000', 'height' => '500', 'TB_iframe' => '1'), admin_url('admin-ajax.php')); ?>'); return false;">
1014
  <span></span>
1015
  <?php echo __("Preview", "contact_form_maker"); ?>
1016
  </button>
11
  // Variables //
12
  ////////////////////////////////////////////////////////////////////////////////////////
13
  private $model;
14
+ private $cfm_nonce = null;
15
  ////////////////////////////////////////////////////////////////////////////////////////
16
  // Constructor & Destructor //
17
  ////////////////////////////////////////////////////////////////////////////////////////
18
  public function __construct($model) {
19
+ $this->cfm_nonce = wp_create_nonce('cfm_ajax_nonce');
20
  $this->model = $model;
21
  }
22
 
114
  <input type="text" value='&#60;?php wd_contact_form_builder(<?php echo $row_data->id; ?>); ?&#62;' onclick="spider_select_value(this)" readonly="readonly" style="padding-left: 1px; padding-right: 1px;"/>
115
  </td>
116
  <td class="table_medium_col">
117
+ <button class="fm-icon preview-icon" title="<?php echo __("Form Preview", "contact_form_maker"); ?>" onclick="tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'nonce'=>$this->cfm_nonce, 'form_id' => $row_data->id, 'test_theme' => $row_data->theme, 'width' => '1000', 'height' => '500', 'TB_iframe' => '1'), admin_url('admin-ajax.php')); ?>'); return false;">
118
  <span></span>
119
  </button>
120
  </td>
179
  form_view_count = 1;
180
  form_view_max = 1;
181
  function set_preview() {
182
+ jQuery("#preview_form").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'nonce'=>$this->cfm_nonce, 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&test_theme=" + jQuery('#theme').val() + "&width=1000&height=500&TB_iframe=1'); return false;");
183
  jQuery("#edit_css").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerEditCSS', 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&id=" + jQuery('#theme').val() + "&width=800&height=500&TB_iframe=1'); return false;");
184
  }
185
  function submitbutton() {
470
  }
471
  ?>
472
  </select>
473
+ <button id="preview_form" class="fm-button preview-button small" title="<?php echo __("Form Preview", "contact_form_maker"); ?>" onclick="tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'nonce'=>$this->cfm_nonce, 'form_id' => $row->id, 'test_theme' => $row->theme, 'width' => '1000', 'height' => '500', 'TB_iframe' => '1'), admin_url('admin-ajax.php')); ?>'); return false;">
474
  <span></span>
475
  <?php echo __("Preview", "contact_form_maker"); ?>
476
  </button>
898
  gen = "<?php echo $row->counter; ?>";
899
  form_view_max = 20;
900
  function set_preview() {
901
+ jQuery("#preview_form").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'nonce'=>$this->cfm_nonce, 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&test_theme=" + jQuery('#theme').val() + "&width=1000&height=500&TB_iframe=1'); return false;");
902
  jQuery("#edit_css").attr("onclick", "tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerEditCSS', 'form_id' => $row->id), admin_url('admin-ajax.php')); ?>&id=" + jQuery('#theme').val() + "&width=800&height=500&TB_iframe=1'); return false;");
903
  }
904
 
1011
  }
1012
  ?>
1013
  </select>
1014
+ <button id="preview_form" class="fm-button preview-button small" title="<?php echo __("Form Preview", "contact_form_maker"); ?>" onclick="tb_show('', '<?php echo add_query_arg(array('action' => 'ContactFormMakerPreview', 'nonce'=>$this->cfm_nonce, 'form_id' => $row->id, 'test_theme' => $row->theme, 'width' => '1000', 'height' => '500', 'TB_iframe' => '1'), admin_url('admin-ajax.php')); ?>'); return false;">
1015
  <span></span>
1016
  <?php echo __("Preview", "contact_form_maker"); ?>
1017
  </button>
contact-form-builder.php CHANGED
@@ -3,14 +3,14 @@
3
  * Plugin Name: Contact Form Builder
4
  * Plugin URI: https://web-dorado.com/products/wordpress-contact-form-builder.html
5
  * Description: Contact Form Builder is an advanced plugin to add contact forms into your website. It comes along with multiple default templates which can be customized.
6
- * Version: 1.0.68
7
  * Author: WebDorado
8
  * Author URI: https://web-dorado.com/wordpress-plugins-bundle.html
9
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
10
  */
11
  define('WD_CFM_DIR', WP_PLUGIN_DIR . "/" . plugin_basename(dirname(__FILE__)));
12
  define('WD_CFM_URL', plugins_url(plugin_basename(dirname(__FILE__))));
13
- define('WD_CFM_VERSION', '1.0.68');
14
  define('WD_CFM_PREFIX', 'cfm');
15
  define('WD_CFM_NICENAME', __( 'Contact Form Builder', WD_CFM_PREFIX ));
16
 
@@ -73,13 +73,16 @@ add_action('wp_ajax_ContactFormmakerwdcaptcha', 'contact_form_maker_ajax'); // G
73
  add_action('wp_ajax_nopriv_ContactFormmakerwdcaptcha', 'contact_form_maker_ajax'); // Generete captcha image and save it code in session for all users.
74
 
75
  function contact_form_maker_ajax() {
 
 
 
 
 
76
  $allowed_pages = array(
77
  'CFMShortcode',
78
  'ContactFormMakerPreview',
79
- 'wp_ajax_ContactFormmakerwdcaptcha',
80
- 'wp_ajax_nopriv_ContactFormmakerwdcaptcha',
81
  );
82
- require_once(WD_CFM_DIR . '/framework/WDW_CFM_Library.php');
83
  $page = WDW_CFM_Library::get('action');
84
  if ( !empty($page) && in_array($page, $allowed_pages) ) {
85
  if ($page != 'ContactFormmakerwdcaptcha') {
@@ -116,7 +119,7 @@ function contact_form_maker_register($plugin_array) {
116
  function contact_form_maker_admin_ajax() {
117
  ?>
118
  <script>
119
- var contact_form_maker_admin_ajax = '<?php echo add_query_arg(array('action' => 'CFMShortcode'), admin_url('admin-ajax.php')); ?>';
120
  var contact_form_maker_plugin_url = '<?php echo WD_CFM_URL; ?>';
121
  var contact_form_maker_admin_url = '<?php echo admin_url('admin.php'); ?>';
122
  </script>
@@ -280,7 +283,9 @@ function contact_form_maker_manage_scripts() {
280
  wp_enqueue_script('contact_form_maker_xml', WD_CFM_URL . '/js/layout/xml.js', array(), '1.0.0');
281
  wp_enqueue_script('contact_form_maker_php', WD_CFM_URL . '/js/layout/php.js', array(), '1.0.0');
282
  wp_enqueue_script('contact_form_maker_htmlmixed', WD_CFM_URL . '/js/layout/htmlmixed.js', array(), '1.0.0');
283
-
 
 
284
  wp_localize_script('contactformmaker', 'fmc_objectL10n', array(
285
  'fmc_Only_letters' => __('Only letters, numbers, hyphens and underscores are allowed.', 'contact_form_maker'),
286
  'fmc_name_attribute_required' => __('The name of the attribute is required.', 'contact_form_maker'),
3
  * Plugin Name: Contact Form Builder
4
  * Plugin URI: https://web-dorado.com/products/wordpress-contact-form-builder.html
5
  * Description: Contact Form Builder is an advanced plugin to add contact forms into your website. It comes along with multiple default templates which can be customized.
6
+ * Version: 1.0.69
7
  * Author: WebDorado
8
  * Author URI: https://web-dorado.com/wordpress-plugins-bundle.html
9
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
10
  */
11
  define('WD_CFM_DIR', WP_PLUGIN_DIR . "/" . plugin_basename(dirname(__FILE__)));
12
  define('WD_CFM_URL', plugins_url(plugin_basename(dirname(__FILE__))));
13
+ define('WD_CFM_VERSION', '1.0.69');
14
  define('WD_CFM_PREFIX', 'cfm');
15
  define('WD_CFM_NICENAME', __( 'Contact Form Builder', WD_CFM_PREFIX ));
16
 
73
  add_action('wp_ajax_nopriv_ContactFormmakerwdcaptcha', 'contact_form_maker_ajax'); // Generete captcha image and save it code in session for all users.
74
 
75
  function contact_form_maker_ajax() {
76
+ require_once(WD_CFM_DIR . '/framework/WDW_CFM_Library.php');
77
+ $ajax_nonce = WDW_CFM_Library::get('nonce');
78
+ if ( wp_verify_nonce($ajax_nonce , 'cfm_ajax_nonce') == FALSE ) {
79
+ die(-1);
80
+ }
81
  $allowed_pages = array(
82
  'CFMShortcode',
83
  'ContactFormMakerPreview',
84
+ 'ContactFormmakerwdcaptcha',
 
85
  );
 
86
  $page = WDW_CFM_Library::get('action');
87
  if ( !empty($page) && in_array($page, $allowed_pages) ) {
88
  if ($page != 'ContactFormmakerwdcaptcha') {
119
  function contact_form_maker_admin_ajax() {
120
  ?>
121
  <script>
122
+ var contact_form_maker_admin_ajax = '<?php echo add_query_arg(array('action' => 'CFMShortcode', 'nonce'=>wp_create_nonce('cfm_ajax_nonce')), admin_url('admin-ajax.php')); ?>';
123
  var contact_form_maker_plugin_url = '<?php echo WD_CFM_URL; ?>';
124
  var contact_form_maker_admin_url = '<?php echo admin_url('admin.php'); ?>';
125
  </script>
283
  wp_enqueue_script('contact_form_maker_xml', WD_CFM_URL . '/js/layout/xml.js', array(), '1.0.0');
284
  wp_enqueue_script('contact_form_maker_php', WD_CFM_URL . '/js/layout/php.js', array(), '1.0.0');
285
  wp_enqueue_script('contact_form_maker_htmlmixed', WD_CFM_URL . '/js/layout/htmlmixed.js', array(), '1.0.0');
286
+ wp_localize_script("contactformmaker" , "ajax_nonce",array(
287
+ 'nonce'=>wp_create_nonce('cfm_ajax_nonce'),
288
+ ));
289
  wp_localize_script('contactformmaker', 'fmc_objectL10n', array(
290
  'fmc_Only_letters' => __('Only letters, numbers, hyphens and underscores are allowed.', 'contact_form_maker'),
291
  'fmc_name_attribute_required' => __('The name of the attribute is required.', 'contact_form_maker'),
frontend/views/CFMViewForm_maker.php CHANGED
@@ -11,12 +11,13 @@ class CFMViewForm_maker {
11
  // Variables //
12
  ////////////////////////////////////////////////////////////////////////////////////////
13
  private $model;
14
-
15
 
16
  ////////////////////////////////////////////////////////////////////////////////////////
17
  // Constructor & Destructor //
18
  ////////////////////////////////////////////////////////////////////////////////////////
19
  public function __construct($model) {
 
20
  $this->model = $model;
21
  }
22
  ////////////////////////////////////////////////////////////////////////////////////////
@@ -1041,7 +1042,7 @@ class CFMViewForm_maker {
1041
  }
1042
  $param['w_field_label_pos1'] = ($param['w_field_label_pos'] == "left" ? "float: left;" : "");
1043
  $param['w_field_label_pos2'] = ($param['w_field_label_pos'] == "left" ? "" : "display: block;");
1044
- $rep = '<div type="type_captcha" class="wdform-field"><div class="wdform-label-section" style="'.$param['w_field_label_pos1'].' width: '.$param['w_field_label_size'].'px;"><span class="wdform-label">'.$label.'</span></div><div class="wdform-element-section '.$param['w_class'].'" style="'.$param['w_field_label_pos2'].'"><div style="display: table;"><div style="display: table-cell;vertical-align: middle;"><div valign="middle" style="display: table-cell; text-align: center;"><img type="captcha" digit="'.$param['w_digit'].'" src=" ' . add_query_arg(array('action' => 'ContactFormmakerwdcaptcha', 'digit' => $param['w_digit'], 'i' => $form_id), admin_url('admin-ajax.php')) . '" id="wd_captcha'.$form_id.'" class="captcha_img" style="display:none" '.$param['attributes'].'></div><div valign="middle" style="display: table-cell;"><div class="captcha_refresh" id="_element_refresh'.$form_id.'" '.$param['attributes'].'></div></div></div><div style="display: table-cell;vertical-align: middle;"><div style="display: table-cell;"><input type="text" class="captcha_input" id="wd_captcha_input'.$form_id.'" name="captcha_input" style="width: '.($param['w_digit']*10+15).'px;" '.$param['attributes'].'></div></div></div></div></div>';
1045
  $onload_js .= 'jQuery("#wd_captcha'.$form_id.'").click(function() {captcha_refresh("wd_captcha","'.$form_id.'")});';
1046
  $onload_js .= 'jQuery("#_element_refresh'.$form_id.'").click(function() {captcha_refresh("wd_captcha","'.$form_id.'")});';
1047
  $check_js.= '
11
  // Variables //
12
  ////////////////////////////////////////////////////////////////////////////////////////
13
  private $model;
14
+ private $cfm_nonce = null;
15
 
16
  ////////////////////////////////////////////////////////////////////////////////////////
17
  // Constructor & Destructor //
18
  ////////////////////////////////////////////////////////////////////////////////////////
19
  public function __construct($model) {
20
+ $this->cfm_nonce = wp_create_nonce('cfm_ajax_nonce');
21
  $this->model = $model;
22
  }
23
  ////////////////////////////////////////////////////////////////////////////////////////
1042
  }
1043
  $param['w_field_label_pos1'] = ($param['w_field_label_pos'] == "left" ? "float: left;" : "");
1044
  $param['w_field_label_pos2'] = ($param['w_field_label_pos'] == "left" ? "" : "display: block;");
1045
+ $rep = '<div type="type_captcha" class="wdform-field"><div class="wdform-label-section" style="'.$param['w_field_label_pos1'].' width: '.$param['w_field_label_size'].'px;"><span class="wdform-label">'.$label.'</span></div><div class="wdform-element-section '.$param['w_class'].'" style="'.$param['w_field_label_pos2'].'"><div style="display: table;"><div style="display: table-cell;vertical-align: middle;"><div valign="middle" style="display: table-cell; text-align: center;"><img type="captcha" digit="'.$param['w_digit'].'" src=" ' . add_query_arg(array('action' => 'ContactFormmakerwdcaptcha', 'nonce'=>$this->cfm_nonce, 'digit' => $param['w_digit'], 'i' => $form_id), admin_url('admin-ajax.php')) . '" id="wd_captcha'.$form_id.'" class="captcha_img" style="display:none" '.$param['attributes'].'></div><div valign="middle" style="display: table-cell;"><div class="captcha_refresh" id="_element_refresh'.$form_id.'" '.$param['attributes'].'></div></div></div><div style="display: table-cell;vertical-align: middle;"><div style="display: table-cell;"><input type="text" class="captcha_input" id="wd_captcha_input'.$form_id.'" name="captcha_input" style="width: '.($param['w_digit']*10+15).'px;" '.$param['attributes'].'></div></div></div></div></div>';
1046
  $onload_js .= 'jQuery("#wd_captcha'.$form_id.'").click(function() {captcha_refresh("wd_captcha","'.$form_id.'")});';
1047
  $onload_js .= 'jQuery("#_element_refresh'.$form_id.'").click(function() {captcha_refresh("wd_captcha","'.$form_id.'")});';
1048
  $check_js.= '
js/contactformmaker.js CHANGED
@@ -637,13 +637,13 @@ function change_captcha_digit(digit)
637
  {
638
  captcha.setAttribute("digit", digit);
639
 
640
- captcha.setAttribute("src", url_for_ajax + "?action=ContactFormmakerwdcaptcha&digit="+digit+"&i=form_id_temp");
641
  document.getElementById('_wd_captcha_inputform_id_temp').style.width=(document.getElementById('captcha_digit').value*10+15)+"px";
642
  }
643
  else
644
  {
645
  captcha.setAttribute("digit", "6");
646
- captcha.setAttribute("src", url_for_ajax + "?action=ContactFormmakerwdcaptcha&digit=6"+"&i=form_id_temp");
647
  document.getElementById('_wd_captcha_inputform_id_temp').style.width=(6*10+15)+"px";
648
  }
649
  }
@@ -7566,7 +7566,7 @@ function type_captcha(i,w_field_label, w_field_label_size, w_field_label_pos, w_
7566
  var adding = document.createElement(element);
7567
  adding.setAttribute("type", type);
7568
  adding.setAttribute("digit", w_digit);
7569
- adding.setAttribute("src", url_for_ajax + "?action=ContactFormmakerwdcaptcha&digit="+w_digit+"&i=form_id_temp");
7570
  adding.setAttribute("id", "_wd_captchaform_id_temp");
7571
  adding.setAttribute("class", "captcha_img");
7572
  adding.setAttribute("onClick", "captcha_refresh('_wd_captcha','form_id_temp')");
637
  {
638
  captcha.setAttribute("digit", digit);
639
 
640
+ captcha.setAttribute("src", url_for_ajax + "?action=ContactFormmakerwdcaptcha&nonce="+ajax_nonce.nonce+"&digit="+digit+"&i=form_id_temp");
641
  document.getElementById('_wd_captcha_inputform_id_temp').style.width=(document.getElementById('captcha_digit').value*10+15)+"px";
642
  }
643
  else
644
  {
645
  captcha.setAttribute("digit", "6");
646
+ captcha.setAttribute("src", url_for_ajax + "?action=ContactFormmakerwdcaptcha&nonce="+ajax_nonce.nonce+"&digit=6"+"&i=form_id_temp");
647
  document.getElementById('_wd_captcha_inputform_id_temp').style.width=(6*10+15)+"px";
648
  }
649
  }
7566
  var adding = document.createElement(element);
7567
  adding.setAttribute("type", type);
7568
  adding.setAttribute("digit", w_digit);
7569
+ adding.setAttribute("src", url_for_ajax + "?action=ContactFormmakerwdcaptcha&nonce="+ajax_nonce.nonce+"&digit="+w_digit+"&i=form_id_temp");
7570
  adding.setAttribute("id", "_wd_captchaform_id_temp");
7571
  adding.setAttribute("class", "captcha_img");
7572
  adding.setAttribute("onClick", "captcha_refresh('_wd_captcha','form_id_temp')");
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: webdorado
3
  Tags: contact form, contact forms, contact, feedback, form manager, captcha, custom form, email, form, form builder, forms, survey
4
  Requires at least: 3.4
5
- Tested up to: 5.1
6
- Stable tag: 1.0.68
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -77,6 +77,10 @@ After downloading the ZIP file,
77
 
78
 
79
  == Changelog ==
 
 
 
 
80
  = 1.0.68 =
81
  * Fixed: Security issue.
82
  * Fixed: Issue with Recaptcha.
2
  Contributors: webdorado
3
  Tags: contact form, contact forms, contact, feedback, form manager, captcha, custom form, email, form, form builder, forms, survey
4
  Requires at least: 3.4
5
+ Tested up to: 5.2
6
+ Stable tag: 1.0.69
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
77
 
78
 
79
  == Changelog ==
80
+ = 1.0.69 =
81
+ * Fixed: CSRF issue.
82
+ * Fixed: Captcha.
83
+
84
  = 1.0.68 =
85
  * Fixed: Security issue.
86
  * Fixed: Issue with Recaptcha.