Version Description
This is a security and maintenance release and we strongly encourage you to update to it immediately.
Download this release
Release Info
Developer | arshidkv12 |
Plugin | Contact Form 7 Database Addon – CFDB7 |
Version | 1.2.5.8 |
Comparing to | |
See all releases |
Code changes from version 1.2.5.4 to 1.2.5.8
- contact-form-cfdb-7.php +23 -16
- inc/admin-form-details.php +6 -7
- inc/admin-mainpage.php +3 -3
- inc/admin-subpage.php +24 -25
- inc/export-csv.php +17 -1
- readme.txt +7 -4
contact-form-cfdb-7.php
CHANGED
@@ -7,7 +7,7 @@ Author: Arshid
|
|
7 |
Author URI: http://ciphercoin.com/
|
8 |
Text Domain: contact-form-cfdb7
|
9 |
Domain Path: /languages/
|
10 |
-
Version: 1.2.5.
|
11 |
*/
|
12 |
|
13 |
function cfdb7_create_table(){
|
@@ -108,19 +108,29 @@ function cfdb7_before_send_mail( $form_tag ) {
|
|
108 |
$cfdb7_dirname = $upload_dir['basedir'].'/cfdb7_uploads';
|
109 |
$time_now = time();
|
110 |
|
111 |
-
$
|
|
|
|
|
|
|
112 |
|
113 |
-
if ( $
|
114 |
|
115 |
-
$
|
116 |
-
'_wpcf7_is_ajax_call','cfdb7_name', '_wpcf7_container_post','_wpcf7cf_hidden_group_fields',
|
117 |
-
'_wpcf7cf_hidden_groups', '_wpcf7cf_visible_groups', '_wpcf7cf_options','g-recaptcha-response');
|
118 |
|
119 |
-
$
|
120 |
-
|
121 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
122 |
|
123 |
-
$rm_underscore = apply_filters('cfdb7_remove_underscore_data', true);
|
124 |
|
125 |
foreach ($_FILES as $file_key => $file) {
|
126 |
array_push($uploaded_files, $file_key);
|
@@ -135,18 +145,15 @@ function cfdb7_before_send_mail( $form_tag ) {
|
|
135 |
$form_data['cfdb7_status'] = 'unread';
|
136 |
foreach ($data as $key => $d) {
|
137 |
|
138 |
-
$
|
139 |
-
if( $rm_underscore ) preg_match('/^_.*$/m', $key, $matches);
|
140 |
|
141 |
-
if ( !in_array($key, $
|
142 |
|
143 |
$tmpD = $d;
|
144 |
|
145 |
if ( ! is_array($d) ){
|
146 |
-
|
147 |
$bl = array('\"',"\'",'/','\\','"',"'");
|
148 |
$wl = array('"',''','/', '\','"',''');
|
149 |
-
|
150 |
$tmpD = str_replace($bl, $wl, $tmpD );
|
151 |
}
|
152 |
|
@@ -202,7 +209,7 @@ function cfdb7_init(){
|
|
202 |
|
203 |
do_action( 'cfdb7_admin_init' );
|
204 |
|
205 |
-
$csv = new
|
206 |
if( isset($_REQUEST['csv']) && ( $_REQUEST['csv'] == true ) && isset( $_REQUEST['nonce'] ) ) {
|
207 |
|
208 |
$nonce = filter_input( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING );
|
7 |
Author URI: http://ciphercoin.com/
|
8 |
Text Domain: contact-form-cfdb7
|
9 |
Domain Path: /languages/
|
10 |
+
Version: 1.2.5.8
|
11 |
*/
|
12 |
|
13 |
function cfdb7_create_table(){
|
108 |
$cfdb7_dirname = $upload_dir['basedir'].'/cfdb7_uploads';
|
109 |
$time_now = time();
|
110 |
|
111 |
+
$submission = WPCF7_Submission::get_instance();
|
112 |
+
$contact_form = $submission->get_contact_form();
|
113 |
+
$tags_names = array();
|
114 |
+
$strict_keys = apply_filters('cfdb7_strict_keys', false);
|
115 |
|
116 |
+
if ( $submission ) {
|
117 |
|
118 |
+
$allowed_tags = array();
|
|
|
|
|
119 |
|
120 |
+
if( $strict_keys ){
|
121 |
+
$tags = $contact_form->scan_form_tags();
|
122 |
+
foreach( $tags as $tag ){
|
123 |
+
if( ! empty($tag->name) ) $tags_names[] = $tag->name;
|
124 |
+
}
|
125 |
+
$allowed_tags = $tags_names;
|
126 |
+
}
|
127 |
+
|
128 |
+
$not_allowed_tags = apply_filters( 'cfdb7_not_allowed_tags', array( 'g-recaptcha-response' ) );
|
129 |
+
$allowed_tags = apply_filters( 'cfdb7_allowed_tags', $allowed_tags );
|
130 |
+
$data = $submission->get_posted_data();
|
131 |
+
$files = $submission->uploaded_files();
|
132 |
+
$uploaded_files = array();
|
133 |
|
|
|
134 |
|
135 |
foreach ($_FILES as $file_key => $file) {
|
136 |
array_push($uploaded_files, $file_key);
|
145 |
$form_data['cfdb7_status'] = 'unread';
|
146 |
foreach ($data as $key => $d) {
|
147 |
|
148 |
+
if( $strict_keys && !in_array($key, $allowed_tags) ) continue;
|
|
|
149 |
|
150 |
+
if ( !in_array($key, $not_allowed_tags ) && !in_array($key, $uploaded_files ) ) {
|
151 |
|
152 |
$tmpD = $d;
|
153 |
|
154 |
if ( ! is_array($d) ){
|
|
|
155 |
$bl = array('\"',"\'",'/','\\','"',"'");
|
156 |
$wl = array('"',''','/', '\','"',''');
|
|
|
157 |
$tmpD = str_replace($bl, $wl, $tmpD );
|
158 |
}
|
159 |
|
209 |
|
210 |
do_action( 'cfdb7_admin_init' );
|
211 |
|
212 |
+
$csv = new CFDB7_Export_CSV();
|
213 |
if( isset($_REQUEST['csv']) && ( $_REQUEST['csv'] == true ) && isset( $_REQUEST['nonce'] ) ) {
|
214 |
|
215 |
$nonce = filter_input( INPUT_GET, 'nonce', FILTER_SANITIZE_STRING );
|
inc/admin-form-details.php
CHANGED
@@ -5,7 +5,7 @@ if (!defined( 'ABSPATH')) exit;
|
|
5 |
/**
|
6 |
*
|
7 |
*/
|
8 |
-
class
|
9 |
{
|
10 |
private $form_id;
|
11 |
private $form_post_id;
|
@@ -13,10 +13,10 @@ class CFdb7_Form_Details
|
|
13 |
|
14 |
public function __construct()
|
15 |
{
|
16 |
-
|
17 |
-
|
18 |
|
19 |
-
|
20 |
}
|
21 |
|
22 |
public function form_details_page(){
|
@@ -28,10 +28,9 @@ class CFdb7_Form_Details
|
|
28 |
$rm_underscore = apply_filters('cfdb7_remove_underscore_data', true);
|
29 |
|
30 |
|
31 |
-
if ( is_numeric($this->form_post_id) && is_numeric($this->form_id) ) {
|
32 |
|
33 |
-
|
34 |
-
|
35 |
|
36 |
if ( empty($results) ) {
|
37 |
wp_die( $message = 'Not valid contact form' );
|
5 |
/**
|
6 |
*
|
7 |
*/
|
8 |
+
class CFDB7_Form_Details
|
9 |
{
|
10 |
private $form_id;
|
11 |
private $form_post_id;
|
13 |
|
14 |
public function __construct()
|
15 |
{
|
16 |
+
$this->form_post_id = isset( $_GET['fid'] ) ? (int) $_GET['fid'] : 0;
|
17 |
+
$this->form_id = isset( $_GET['ufid'] ) ? (int) $_GET['ufid'] : 0;
|
18 |
|
19 |
+
$this->form_details_page();
|
20 |
}
|
21 |
|
22 |
public function form_details_page(){
|
28 |
$rm_underscore = apply_filters('cfdb7_remove_underscore_data', true);
|
29 |
|
30 |
|
|
|
31 |
|
32 |
+
$results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_post_id = $this->form_post_id AND form_id = $this->form_id LIMIT 1", OBJECT );
|
33 |
+
|
34 |
|
35 |
if ( empty($results) ) {
|
36 |
wp_die( $message = 'Not valid contact form' );
|
inc/admin-mainpage.php
CHANGED
@@ -8,7 +8,7 @@ if (!defined( 'ABSPATH')) exit;
|
|
8 |
/**
|
9 |
* Cfdb7_Wp_List_Table class will create the page to load the table
|
10 |
*/
|
11 |
-
class
|
12 |
{
|
13 |
/**
|
14 |
* Constructor will create the menu item
|
@@ -51,13 +51,13 @@ class Cfdb7_Wp_Main_Page
|
|
51 |
|
52 |
if ( !empty($fid) && empty($_GET['ufid']) ) {
|
53 |
|
54 |
-
new
|
55 |
return;
|
56 |
}
|
57 |
|
58 |
if( !empty($ufid) && !empty($fid) ){
|
59 |
|
60 |
-
new
|
61 |
return;
|
62 |
}
|
63 |
|
8 |
/**
|
9 |
* Cfdb7_Wp_List_Table class will create the page to load the table
|
10 |
*/
|
11 |
+
class CFDB7_Wp_Main_Page
|
12 |
{
|
13 |
/**
|
14 |
* Constructor will create the menu item
|
51 |
|
52 |
if ( !empty($fid) && empty($_GET['ufid']) ) {
|
53 |
|
54 |
+
new CFDB7_Wp_Sub_Page();
|
55 |
return;
|
56 |
}
|
57 |
|
58 |
if( !empty($ufid) && !empty($fid) ){
|
59 |
|
60 |
+
new CFDB7_Form_Details();
|
61 |
return;
|
62 |
}
|
63 |
|
inc/admin-subpage.php
CHANGED
@@ -9,7 +9,7 @@ if (!defined( 'ABSPATH')) exit;
|
|
9 |
/**
|
10 |
* Cfdb7_Wp_List_Table class will create the page to load the table
|
11 |
*/
|
12 |
-
class
|
13 |
{
|
14 |
private $form_post_id;
|
15 |
|
@@ -218,20 +218,23 @@ class CFDB7_List_Table extends WP_List_Table
|
|
218 |
$form_post_id = $this->form_post_id;
|
219 |
|
220 |
$orderby = isset($_GET['orderby']) ? 'form_date' : 'form_id';
|
221 |
-
$order = isset($_GET['order'])
|
222 |
-
$order = esc_sql($order);
|
223 |
|
224 |
if ( ! empty($search) ) {
|
225 |
|
226 |
-
$results = $cfdb->get_results( "SELECT * FROM $table_name
|
227 |
-
|
228 |
-
|
229 |
-
|
|
|
|
|
230 |
}else{
|
231 |
|
232 |
-
$results = $cfdb->get_results( "SELECT * FROM $table_name
|
233 |
-
|
234 |
-
|
|
|
|
|
235 |
}
|
236 |
|
237 |
foreach ( $results as $result ) {
|
@@ -301,9 +304,10 @@ class CFDB7_List_Table extends WP_List_Table
|
|
301 |
}
|
302 |
}
|
303 |
|
304 |
-
|
|
|
305 |
|
306 |
-
|
307 |
|
308 |
foreach ($form_ids as $form_id):
|
309 |
|
@@ -316,11 +320,11 @@ class CFDB7_List_Table extends WP_List_Table
|
|
316 |
|
317 |
foreach ($result_values as $key => $result) {
|
318 |
|
319 |
-
|
320 |
file_exists($cfdb7_dirname.'/'.$result) ) {
|
321 |
|
322 |
-
|
323 |
-
|
324 |
|
325 |
}
|
326 |
|
@@ -333,10 +337,10 @@ class CFDB7_List_Table extends WP_List_Table
|
|
333 |
|
334 |
}else if( 'read' === $action ){
|
335 |
|
336 |
-
$form_ids = esc_sql( $_POST['contact_form'] );
|
337 |
|
338 |
foreach ($form_ids as $form_id):
|
339 |
-
|
|
|
340 |
$results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_id = '$form_id' LIMIT 1", OBJECT );
|
341 |
$result_value = $results[0]->form_value;
|
342 |
$result_values = unserialize( $result_value );
|
@@ -350,7 +354,6 @@ class CFDB7_List_Table extends WP_List_Table
|
|
350 |
|
351 |
}else if( 'unread' === $action ){
|
352 |
|
353 |
-
$form_ids = esc_sql( $_POST['contact_form'] );
|
354 |
foreach ($form_ids as $form_id):
|
355 |
|
356 |
$form_id = (int) $form_id;
|
@@ -363,13 +366,9 @@ class CFDB7_List_Table extends WP_List_Table
|
|
363 |
"UPDATE $table_name SET form_value = '$form_data' WHERE form_id = '$form_id'"
|
364 |
);
|
365 |
endforeach;
|
366 |
-
}else{
|
367 |
-
|
368 |
}
|
369 |
|
370 |
|
371 |
-
|
372 |
-
|
373 |
}
|
374 |
/**
|
375 |
* Define what data to show on each column of the table
|
@@ -393,16 +392,16 @@ class CFDB7_List_Table extends WP_List_Table
|
|
393 |
{
|
394 |
// Set defaults
|
395 |
$orderby = 'form_date';
|
396 |
-
$order = '
|
397 |
// If orderby is set, use this as the sort column
|
398 |
if(!empty($_GET['orderby']))
|
399 |
{
|
400 |
-
$orderby = $_GET['orderby'];
|
401 |
}
|
402 |
// If order is set use this as the order
|
403 |
if(!empty($_GET['order']))
|
404 |
{
|
405 |
-
$order = $_GET['order'];
|
406 |
}
|
407 |
$result = strcmp( $a[$orderby], $b[$orderby] );
|
408 |
if($order === 'asc')
|
9 |
/**
|
10 |
* Cfdb7_Wp_List_Table class will create the page to load the table
|
11 |
*/
|
12 |
+
class CFDB7_Wp_Sub_Page
|
13 |
{
|
14 |
private $form_post_id;
|
15 |
|
218 |
$form_post_id = $this->form_post_id;
|
219 |
|
220 |
$orderby = isset($_GET['orderby']) ? 'form_date' : 'form_id';
|
221 |
+
$order = isset($_GET['order']) && $_GET['order'] == 'asc' ? 'ASC' : 'DESC';
|
|
|
222 |
|
223 |
if ( ! empty($search) ) {
|
224 |
|
225 |
+
$results = $cfdb->get_results( "SELECT * FROM $table_name
|
226 |
+
WHERE form_value LIKE '%$search%'
|
227 |
+
AND form_post_id = '$form_post_id'
|
228 |
+
ORDER BY $orderby $order
|
229 |
+
LIMIT $start,100", OBJECT
|
230 |
+
);
|
231 |
}else{
|
232 |
|
233 |
+
$results = $cfdb->get_results( "SELECT * FROM $table_name
|
234 |
+
WHERE form_post_id = $form_post_id
|
235 |
+
ORDER BY $orderby $order
|
236 |
+
LIMIT $start,100", OBJECT
|
237 |
+
);
|
238 |
}
|
239 |
|
240 |
foreach ( $results as $result ) {
|
304 |
}
|
305 |
}
|
306 |
|
307 |
+
$form_ids = isset( $_POST['contact_form'] ) ? $_POST['contact_form'] : array();
|
308 |
+
|
309 |
|
310 |
+
if( 'delete' === $action ) {
|
311 |
|
312 |
foreach ($form_ids as $form_id):
|
313 |
|
320 |
|
321 |
foreach ($result_values as $key => $result) {
|
322 |
|
323 |
+
if ( ( strpos($key, 'cfdb7_file') !== false ) &&
|
324 |
file_exists($cfdb7_dirname.'/'.$result) ) {
|
325 |
|
326 |
+
unlink($cfdb7_dirname.'/'.$result);
|
327 |
+
}
|
328 |
|
329 |
}
|
330 |
|
337 |
|
338 |
}else if( 'read' === $action ){
|
339 |
|
|
|
340 |
|
341 |
foreach ($form_ids as $form_id):
|
342 |
+
|
343 |
+
$form_id = (int) $form_id;
|
344 |
$results = $cfdb->get_results( "SELECT * FROM $table_name WHERE form_id = '$form_id' LIMIT 1", OBJECT );
|
345 |
$result_value = $results[0]->form_value;
|
346 |
$result_values = unserialize( $result_value );
|
354 |
|
355 |
}else if( 'unread' === $action ){
|
356 |
|
|
|
357 |
foreach ($form_ids as $form_id):
|
358 |
|
359 |
$form_id = (int) $form_id;
|
366 |
"UPDATE $table_name SET form_value = '$form_data' WHERE form_id = '$form_id'"
|
367 |
);
|
368 |
endforeach;
|
|
|
|
|
369 |
}
|
370 |
|
371 |
|
|
|
|
|
372 |
}
|
373 |
/**
|
374 |
* Define what data to show on each column of the table
|
392 |
{
|
393 |
// Set defaults
|
394 |
$orderby = 'form_date';
|
395 |
+
$order = 'ASC';
|
396 |
// If orderby is set, use this as the sort column
|
397 |
if(!empty($_GET['orderby']))
|
398 |
{
|
399 |
+
$orderby = $_GET['orderby'] === 'form_id' ? 'form_id' : 'form_date';
|
400 |
}
|
401 |
// If order is set use this as the order
|
402 |
if(!empty($_GET['order']))
|
403 |
{
|
404 |
+
$order = $_GET['order'] === 'asc' ? 'ASC' : 'DESC';
|
405 |
}
|
406 |
$result = strcmp( $a[$orderby], $b[$orderby] );
|
407 |
if($order === 'asc')
|
inc/export-csv.php
CHANGED
@@ -5,7 +5,7 @@
|
|
5 |
|
6 |
if (!defined( 'ABSPATH')) exit;
|
7 |
|
8 |
-
class
|
9 |
|
10 |
/**
|
11 |
* Download csv file
|
@@ -138,6 +138,7 @@ class Export_CSV{
|
|
138 |
|
139 |
$data[$key][$i] = str_replace( array('"',''','/','\')
|
140 |
, array('"',"'",'/','\\'), $value );
|
|
|
141 |
|
142 |
endforeach;
|
143 |
|
@@ -151,4 +152,19 @@ class Export_CSV{
|
|
151 |
die();
|
152 |
}
|
153 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
154 |
}
|
5 |
|
6 |
if (!defined( 'ABSPATH')) exit;
|
7 |
|
8 |
+
class CFDB7_Export_CSV{
|
9 |
|
10 |
/**
|
11 |
* Download csv file
|
138 |
|
139 |
$data[$key][$i] = str_replace( array('"',''','/','\')
|
140 |
, array('"',"'",'/','\\'), $value );
|
141 |
+
$data[$key][$i] = $this->escape_data( $data[$key][$i]);
|
142 |
|
143 |
endforeach;
|
144 |
|
152 |
die();
|
153 |
}
|
154 |
}
|
155 |
+
|
156 |
+
/**
|
157 |
+
* Escape a string to be used in a CSV context
|
158 |
+
* @param string $data CSV field to escape.
|
159 |
+
* @return string
|
160 |
+
*/
|
161 |
+
public function escape_data( $data ) {
|
162 |
+
$active_content_triggers = array( '=', '+', '-', '@' );
|
163 |
+
|
164 |
+
if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
|
165 |
+
$data = "'" . $data;
|
166 |
+
}
|
167 |
+
|
168 |
+
return $data;
|
169 |
+
}
|
170 |
}
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=H5F3Z6S3
|
|
4 |
Tags: cf7, contact form 7, contact form 7 db, contact form db, contact form seven, contact form storage, export contact form, save contact form, wpcf7
|
5 |
Requires at least: 4.8
|
6 |
Tested up to: 5.6
|
7 |
-
Stable tag: 1.2.5.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
Requires PHP: 5.6
|
@@ -17,8 +17,6 @@ Save and manage Contact Form 7 messages. Never lose important data. It is lightw
|
|
17 |
The "CFDB7" plugin saves contact form 7 submissions to your WordPress database. Export the data to a CSV file.
|
18 |
By simply installing the plugin, it will automatically begin to capture form submissions from contact form 7.
|
19 |
|
20 |
-
[CFDB7 vs flamingo](https://wpdebuglog.com/forums/topic/cfdb7-vs-flamingo/)
|
21 |
-
|
22 |
|
23 |
= Features of CFDB 7 =
|
24 |
|
@@ -48,6 +46,8 @@ Easy to export contact forms from database to PDF file
|
|
48 |
Support : [http://www.ciphercoin.com/contact/](https://www.ciphercoin.com/contact/)
|
49 |
Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7-database-cfdb7-add-ons/)
|
50 |
|
|
|
|
|
51 |
== Installation ==
|
52 |
|
53 |
1. Download and extract plugin files to a wp-content/plugin directory.
|
@@ -60,8 +60,11 @@ Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7
|
|
60 |
|
61 |
== Changelog ==
|
62 |
|
|
|
|
|
|
|
63 |
= 1.2.5.4 =
|
64 |
-
|
65 |
|
66 |
= 1.2.5.3 =
|
67 |
Add index.php in cfdb7_uploads
|
4 |
Tags: cf7, contact form 7, contact form 7 db, contact form db, contact form seven, contact form storage, export contact form, save contact form, wpcf7
|
5 |
Requires at least: 4.8
|
6 |
Tested up to: 5.6
|
7 |
+
Stable tag: 1.2.5.8
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
Requires PHP: 5.6
|
17 |
The "CFDB7" plugin saves contact form 7 submissions to your WordPress database. Export the data to a CSV file.
|
18 |
By simply installing the plugin, it will automatically begin to capture form submissions from contact form 7.
|
19 |
|
|
|
|
|
20 |
|
21 |
= Features of CFDB 7 =
|
22 |
|
46 |
Support : [http://www.ciphercoin.com/contact/](https://www.ciphercoin.com/contact/)
|
47 |
Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7-database-cfdb7-add-ons/)
|
48 |
|
49 |
+
[CFDB7 vs flamingo](https://wpdebuglog.com/forums/topic/cfdb7-vs-flamingo/)
|
50 |
+
|
51 |
== Installation ==
|
52 |
|
53 |
1. Download and extract plugin files to a wp-content/plugin directory.
|
60 |
|
61 |
== Changelog ==
|
62 |
|
63 |
+
= 1.2.5.8 =
|
64 |
+
This is a security and maintenance release and we strongly encourage you to update to it immediately.
|
65 |
+
|
66 |
= 1.2.5.4 =
|
67 |
+
Input sanitization
|
68 |
|
69 |
= 1.2.5.3 =
|
70 |
Add index.php in cfdb7_uploads
|