Contact Form 7 Database Addon – CFDB7 - Version 1.2.5.8

Version Description

This is a security and maintenance release and we strongly encourage you to update to it immediately.

Download this release

Release Info

Developer arshidkv12
Plugin Icon 128x128 Contact Form 7 Database Addon – CFDB7
Version 1.2.5.8
Comparing to
See all releases

Code changes from version 1.2.5.4 to 1.2.5.8

Files changed (6) hide show
  1. contact-form-cfdb-7.php +23 -16
  2. inc/admin-form-details.php +6 -7
  3. inc/admin-mainpage.php +3 -3
  4. inc/admin-subpage.php +24 -25
  5. inc/export-csv.php +17 -1
  6. readme.txt +7 -4
contact-form-cfdb-7.php CHANGED
@@ -7,7 +7,7 @@ Author: Arshid
7
  Author URI: http://ciphercoin.com/
8
  Text Domain: contact-form-cfdb7
9
  Domain Path: /languages/
10
- Version: 1.2.5.4
11
  */
12
 
13
  function cfdb7_create_table(){
@@ -108,19 +108,29 @@ function cfdb7_before_send_mail( $form_tag ) {
108
  $cfdb7_dirname = $upload_dir['basedir'].'/cfdb7_uploads';
109
  $time_now = time();
110
 
111
- $form = WPCF7_Submission::get_instance();
 
 
 
112
 
113
- if ( $form ) {
114
 
115
- $black_list = array('_wpcf7', '_wpcf7_version', '_wpcf7_locale', '_wpcf7_unit_tag',
116
- '_wpcf7_is_ajax_call','cfdb7_name', '_wpcf7_container_post','_wpcf7cf_hidden_group_fields',
117
- '_wpcf7cf_hidden_groups', '_wpcf7cf_visible_groups', '_wpcf7cf_options','g-recaptcha-response');
118
 
119
- $data = $form->get_posted_data();
120
- $files = $form->uploaded_files();
121
- $uploaded_files = array();
 
 
 
 
 
 
 
 
 
 
122
 
123
- $rm_underscore = apply_filters('cfdb7_remove_underscore_data', true);
124
 
125
  foreach ($_FILES as $file_key => $file) {
126
  array_push($uploaded_files, $file_key);
@@ -135,18 +145,15 @@ function cfdb7_before_send_mail( $form_tag ) {
135
  $form_data['cfdb7_status'] = 'unread';
136
  foreach ($data as $key => $d) {
137
 
138
- $matches = array();
139
- if( $rm_underscore ) preg_match('/^_.*$/m', $key, $matches);
140
 
141
- if ( !in_array($key, $black_list ) && !in_array($key, $uploaded_files ) && empty( $matches[0] ) ) {
142
 
143
  $tmpD = $d;
144
 
145
  if ( ! is_array($d) ){
146
-
147
  $bl = array('\"',"\'",'/','\\','"',"'");
148
  $wl = array('"',''','/', '\','"',''');
149
-
150
  $tmpD = str_replace($bl, $wl, $tmpD );
151
  }
152
 
@@ -202,7 +209,7 @@ function cfdb7_init(){
202
 
203
  do_action( 'cfdb7_admin_init' );
204
 
205
- $csv = new Export_CSV();
206
  if( isset($_REQUEST['csv']) && ( $_REQUEST['csv'] == true ) && isset( $_REQUEST['nonce'] ) ) {
207
 
208
  $nonce = filter_input( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING );
7
  Author URI: http://ciphercoin.com/
8
  Text Domain: contact-form-cfdb7
9
  Domain Path: /languages/
10
+ Version: 1.2.5.8
11
  */
12
 
13
  function cfdb7_create_table(){
108
  $cfdb7_dirname = $upload_dir['basedir'].'/cfdb7_uploads';
109
  $time_now = time();
110
 
111
+ $submission = WPCF7_Submission::get_instance();
112
+ $contact_form = $submission->get_contact_form();
113
+ $tags_names = array();
114
+ $strict_keys = apply_filters('cfdb7_strict_keys', false);
115
 
116
+ if ( $submission ) {
117
 
118
+ $allowed_tags = array();
 
 
119
 
120
+ if( $strict_keys ){
121
+ $tags = $contact_form->scan_form_tags();
122
+ foreach( $tags as $tag ){
123
+ if( ! empty($tag->name) ) $tags_names[] = $tag->name;
124
+ }
125
+ $allowed_tags = $tags_names;
126
+ }
127
+
128
+ $not_allowed_tags = apply_filters( 'cfdb7_not_allowed_tags', array( 'g-recaptcha-response' ) );
129
+ $allowed_tags = apply_filters( 'cfdb7_allowed_tags', $allowed_tags );
130
+ $data = $submission->get_posted_data();
131
+ $files = $submission->uploaded_files();
132
+ $uploaded_files = array();
133
 
 
134
 
135
  foreach ($_FILES as $file_key => $file) {
136
  array_push($uploaded_files, $file_key);
145
  $form_data['cfdb7_status'] = 'unread';
146
  foreach ($data as $key => $d) {
147
 
148
+ if( $strict_keys && !in_array($key, $allowed_tags) ) continue;
 
149
 
150
+ if ( !in_array($key, $not_allowed_tags ) && !in_array($key, $uploaded_files ) ) {
151
 
152
  $tmpD = $d;
153
 
154
  if ( ! is_array($d) ){
 
155
  $bl = array('\"',"\'",'/','\\','"',"'");
156
  $wl = array('"',''','/', '\','"',''');
 
157
  $tmpD = str_replace($bl, $wl, $tmpD );
158
  }
159
 
209
 
210
  do_action( 'cfdb7_admin_init' );
211
 
212
+ $csv = new CFDB7_Export_CSV();
213
  if( isset($_REQUEST['csv']) && ( $_REQUEST['csv'] == true ) && isset( $_REQUEST['nonce'] ) ) {
214
 
215
  $nonce = filter_input( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING );
inc/admin-form-details.php CHANGED
@@ -5,7 +5,7 @@ if (!defined( 'ABSPATH')) exit;
5
  /**
6
  *
7
  */
8
- class CFdb7_Form_Details
9
  {
10
  private $form_id;
11
  private $form_post_id;
@@ -13,10 +13,10 @@ class CFdb7_Form_Details
13
 
14
  public function __construct()
15
  {
16
- $this->form_post_id = esc_sql( $_GET['fid'] );
17
- $this->form_id = esc_sql( $_GET['ufid'] );
18
 
19
- $this->form_details_page();
20
  }
21
 
22
  public function form_details_page(){
@@ -28,10 +28,9 @@ class CFdb7_Form_Details
28
  $rm_underscore = apply_filters('cfdb7_remove_underscore_data', true);
29
 
30
 
31
- if ( is_numeric($this->form_post_id) && is_numeric($this->form_id) ) {
32
 
33
- $results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_post_id = $this->form_post_id AND form_id = $this->form_id LIMIT 1", OBJECT );
34
- }
35
 
36
  if ( empty($results) ) {
37
  wp_die( $message = 'Not valid contact form' );
5
  /**
6
  *
7
  */
8
+ class CFDB7_Form_Details
9
  {
10
  private $form_id;
11
  private $form_post_id;
13
 
14
  public function __construct()
15
  {
16
+ $this->form_post_id = isset( $_GET['fid'] ) ? (int) $_GET['fid'] : 0;
17
+ $this->form_id = isset( $_GET['ufid'] ) ? (int) $_GET['ufid'] : 0;
18
 
19
+ $this->form_details_page();
20
  }
21
 
22
  public function form_details_page(){
28
  $rm_underscore = apply_filters('cfdb7_remove_underscore_data', true);
29
 
30
 
 
31
 
32
+ $results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_post_id = $this->form_post_id AND form_id = $this->form_id LIMIT 1", OBJECT );
33
+
34
 
35
  if ( empty($results) ) {
36
  wp_die( $message = 'Not valid contact form' );
inc/admin-mainpage.php CHANGED
@@ -8,7 +8,7 @@ if (!defined( 'ABSPATH')) exit;
8
  /**
9
  * Cfdb7_Wp_List_Table class will create the page to load the table
10
  */
11
- class Cfdb7_Wp_Main_Page
12
  {
13
  /**
14
  * Constructor will create the menu item
@@ -51,13 +51,13 @@ class Cfdb7_Wp_Main_Page
51
 
52
  if ( !empty($fid) && empty($_GET['ufid']) ) {
53
 
54
- new Cfdb7_Wp_Sub_Page();
55
  return;
56
  }
57
 
58
  if( !empty($ufid) && !empty($fid) ){
59
 
60
- new CFdb7_Form_Details();
61
  return;
62
  }
63
 
8
  /**
9
  * Cfdb7_Wp_List_Table class will create the page to load the table
10
  */
11
+ class CFDB7_Wp_Main_Page
12
  {
13
  /**
14
  * Constructor will create the menu item
51
 
52
  if ( !empty($fid) && empty($_GET['ufid']) ) {
53
 
54
+ new CFDB7_Wp_Sub_Page();
55
  return;
56
  }
57
 
58
  if( !empty($ufid) && !empty($fid) ){
59
 
60
+ new CFDB7_Form_Details();
61
  return;
62
  }
63
 
inc/admin-subpage.php CHANGED
@@ -9,7 +9,7 @@ if (!defined( 'ABSPATH')) exit;
9
  /**
10
  * Cfdb7_Wp_List_Table class will create the page to load the table
11
  */
12
- class Cfdb7_Wp_Sub_Page
13
  {
14
  private $form_post_id;
15
 
@@ -218,20 +218,23 @@ class CFDB7_List_Table extends WP_List_Table
218
  $form_post_id = $this->form_post_id;
219
 
220
  $orderby = isset($_GET['orderby']) ? 'form_date' : 'form_id';
221
- $order = isset($_GET['order']) ? $_GET['order'] : 'desc';
222
- $order = esc_sql($order);
223
 
224
  if ( ! empty($search) ) {
225
 
226
- $results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_value LIKE '%$search%'
227
- AND form_post_id = '$form_post_id'
228
- ORDER BY $orderby $order
229
- LIMIT $start,100", OBJECT );
 
 
230
  }else{
231
 
232
- $results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_post_id = $form_post_id
233
- ORDER BY $orderby $order
234
- LIMIT $start,100", OBJECT );
 
 
235
  }
236
 
237
  foreach ( $results as $result ) {
@@ -301,9 +304,10 @@ class CFDB7_List_Table extends WP_List_Table
301
  }
302
  }
303
 
304
- if( 'delete' === $action ) {
 
305
 
306
- $form_ids = esc_sql( $_POST['contact_form'] );
307
 
308
  foreach ($form_ids as $form_id):
309
 
@@ -316,11 +320,11 @@ class CFDB7_List_Table extends WP_List_Table
316
 
317
  foreach ($result_values as $key => $result) {
318
 
319
- if ( ( strpos($key, 'cfdb7_file') !== false ) &&
320
  file_exists($cfdb7_dirname.'/'.$result) ) {
321
 
322
- unlink($cfdb7_dirname.'/'.$result);
323
- }
324
 
325
  }
326
 
@@ -333,10 +337,10 @@ class CFDB7_List_Table extends WP_List_Table
333
 
334
  }else if( 'read' === $action ){
335
 
336
- $form_ids = esc_sql( $_POST['contact_form'] );
337
 
338
  foreach ($form_ids as $form_id):
339
-
 
340
  $results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_id = '$form_id' LIMIT 1", OBJECT );
341
  $result_value = $results[0]->form_value;
342
  $result_values = unserialize( $result_value );
@@ -350,7 +354,6 @@ class CFDB7_List_Table extends WP_List_Table
350
 
351
  }else if( 'unread' === $action ){
352
 
353
- $form_ids = esc_sql( $_POST['contact_form'] );
354
  foreach ($form_ids as $form_id):
355
 
356
  $form_id = (int) $form_id;
@@ -363,13 +366,9 @@ class CFDB7_List_Table extends WP_List_Table
363
  "UPDATE $table_name SET form_value = '$form_data' WHERE form_id = '$form_id'"
364
  );
365
  endforeach;
366
- }else{
367
-
368
  }
369
 
370
 
371
-
372
-
373
  }
374
  /**
375
  * Define what data to show on each column of the table
@@ -393,16 +392,16 @@ class CFDB7_List_Table extends WP_List_Table
393
  {
394
  // Set defaults
395
  $orderby = 'form_date';
396
- $order = 'asc';
397
  // If orderby is set, use this as the sort column
398
  if(!empty($_GET['orderby']))
399
  {
400
- $orderby = $_GET['orderby'];
401
  }
402
  // If order is set use this as the order
403
  if(!empty($_GET['order']))
404
  {
405
- $order = $_GET['order'];
406
  }
407
  $result = strcmp( $a[$orderby], $b[$orderby] );
408
  if($order === 'asc')
9
  /**
10
  * Cfdb7_Wp_List_Table class will create the page to load the table
11
  */
12
+ class CFDB7_Wp_Sub_Page
13
  {
14
  private $form_post_id;
15
 
218
  $form_post_id = $this->form_post_id;
219
 
220
  $orderby = isset($_GET['orderby']) ? 'form_date' : 'form_id';
221
+ $order = isset($_GET['order']) && $_GET['order'] == 'asc' ? 'ASC' : 'DESC';
 
222
 
223
  if ( ! empty($search) ) {
224
 
225
+ $results = $cfdb->get_results( "SELECT * FROM $table_name
226
+ WHERE form_value LIKE '%$search%'
227
+ AND form_post_id = '$form_post_id'
228
+ ORDER BY $orderby $order
229
+ LIMIT $start,100", OBJECT
230
+ );
231
  }else{
232
 
233
+ $results = $cfdb->get_results( "SELECT * FROM $table_name
234
+ WHERE form_post_id = $form_post_id
235
+ ORDER BY $orderby $order
236
+ LIMIT $start,100", OBJECT
237
+ );
238
  }
239
 
240
  foreach ( $results as $result ) {
304
  }
305
  }
306
 
307
+ $form_ids = isset( $_POST['contact_form'] ) ? $_POST['contact_form'] : array();
308
+
309
 
310
+ if( 'delete' === $action ) {
311
 
312
  foreach ($form_ids as $form_id):
313
 
320
 
321
  foreach ($result_values as $key => $result) {
322
 
323
+ if ( ( strpos($key, 'cfdb7_file') !== false ) &&
324
  file_exists($cfdb7_dirname.'/'.$result) ) {
325
 
326
+ unlink($cfdb7_dirname.'/'.$result);
327
+ }
328
 
329
  }
330
 
337
 
338
  }else if( 'read' === $action ){
339
 
 
340
 
341
  foreach ($form_ids as $form_id):
342
+
343
+ $form_id = (int) $form_id;
344
  $results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_id = '$form_id' LIMIT 1", OBJECT );
345
  $result_value = $results[0]->form_value;
346
  $result_values = unserialize( $result_value );
354
 
355
  }else if( 'unread' === $action ){
356
 
 
357
  foreach ($form_ids as $form_id):
358
 
359
  $form_id = (int) $form_id;
366
  "UPDATE $table_name SET form_value = '$form_data' WHERE form_id = '$form_id'"
367
  );
368
  endforeach;
 
 
369
  }
370
 
371
 
 
 
372
  }
373
  /**
374
  * Define what data to show on each column of the table
392
  {
393
  // Set defaults
394
  $orderby = 'form_date';
395
+ $order = 'ASC';
396
  // If orderby is set, use this as the sort column
397
  if(!empty($_GET['orderby']))
398
  {
399
+ $orderby = $_GET['orderby'] === 'form_id' ? 'form_id' : 'form_date';
400
  }
401
  // If order is set use this as the order
402
  if(!empty($_GET['order']))
403
  {
404
+ $order = $_GET['order'] === 'asc' ? 'ASC' : 'DESC';
405
  }
406
  $result = strcmp( $a[$orderby], $b[$orderby] );
407
  if($order === 'asc')
inc/export-csv.php CHANGED
@@ -5,7 +5,7 @@
5
 
6
  if (!defined( 'ABSPATH')) exit;
7
 
8
- class Export_CSV{
9
 
10
  /**
11
  * Download csv file
@@ -138,6 +138,7 @@ class Export_CSV{
138
 
139
  $data[$key][$i] = str_replace( array('"',''','/','\')
140
  , array('"',"'",'/','\\'), $value );
 
141
 
142
  endforeach;
143
 
@@ -151,4 +152,19 @@ class Export_CSV{
151
  die();
152
  }
153
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
154
  }
5
 
6
  if (!defined( 'ABSPATH')) exit;
7
 
8
+ class CFDB7_Export_CSV{
9
 
10
  /**
11
  * Download csv file
138
 
139
  $data[$key][$i] = str_replace( array('"',''','/','\')
140
  , array('"',"'",'/','\\'), $value );
141
+ $data[$key][$i] = $this->escape_data( $data[$key][$i]);
142
 
143
  endforeach;
144
 
152
  die();
153
  }
154
  }
155
+
156
+ /**
157
+ * Escape a string to be used in a CSV context
158
+ * @param string $data CSV field to escape.
159
+ * @return string
160
+ */
161
+ public function escape_data( $data ) {
162
+ $active_content_triggers = array( '=', '+', '-', '@' );
163
+
164
+ if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
165
+ $data = "'" . $data;
166
+ }
167
+
168
+ return $data;
169
+ }
170
  }
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=H5F3Z6S3
4
  Tags: cf7, contact form 7, contact form 7 db, contact form db, contact form seven, contact form storage, export contact form, save contact form, wpcf7
5
  Requires at least: 4.8
6
  Tested up to: 5.6
7
- Stable tag: 1.2.5.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  Requires PHP: 5.6
@@ -17,8 +17,6 @@ Save and manage Contact Form 7 messages. Never lose important data. It is lightw
17
  The "CFDB7" plugin saves contact form 7 submissions to your WordPress database. Export the data to a CSV file.
18
  By simply installing the plugin, it will automatically begin to capture form submissions from contact form 7.
19
 
20
- [CFDB7 vs flamingo](https://wpdebuglog.com/forums/topic/cfdb7-vs-flamingo/)
21
-
22
 
23
  = Features of CFDB 7 =
24
 
@@ -48,6 +46,8 @@ Easy to export contact forms from database to PDF file
48
  Support : [http://www.ciphercoin.com/contact/](https://www.ciphercoin.com/contact/)
49
  Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7-database-cfdb7-add-ons/)
50
 
 
 
51
  == Installation ==
52
 
53
  1. Download and extract plugin files to a wp-content/plugin directory.
@@ -60,8 +60,11 @@ Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7
60
 
61
  == Changelog ==
62
 
 
 
 
63
  = 1.2.5.4 =
64
- input sanitization
65
 
66
  = 1.2.5.3 =
67
  Add index.php in cfdb7_uploads
4
  Tags: cf7, contact form 7, contact form 7 db, contact form db, contact form seven, contact form storage, export contact form, save contact form, wpcf7
5
  Requires at least: 4.8
6
  Tested up to: 5.6
7
+ Stable tag: 1.2.5.8
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  Requires PHP: 5.6
17
  The "CFDB7" plugin saves contact form 7 submissions to your WordPress database. Export the data to a CSV file.
18
  By simply installing the plugin, it will automatically begin to capture form submissions from contact form 7.
19
 
 
 
20
 
21
  = Features of CFDB 7 =
22
 
46
  Support : [http://www.ciphercoin.com/contact/](https://www.ciphercoin.com/contact/)
47
  Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7-database-cfdb7-add-ons/)
48
 
49
+ [CFDB7 vs flamingo](https://wpdebuglog.com/forums/topic/cfdb7-vs-flamingo/)
50
+
51
  == Installation ==
52
 
53
  1. Download and extract plugin files to a wp-content/plugin directory.
60
 
61
  == Changelog ==
62
 
63
+ = 1.2.5.8 =
64
+ This is a security and maintenance release and we strongly encourage you to update to it immediately.
65
+
66
  = 1.2.5.4 =
67
+ Input sanitization
68
 
69
  = 1.2.5.3 =
70
  Add index.php in cfdb7_uploads