Contact Form 7 Database Addon – CFDB7 - Version 1.2.6.2

Version Description

Fixed xss issues

Download this release

Release Info

Developer arshidkv12
Plugin Icon 128x128 Contact Form 7 Database Addon – CFDB7
Version 1.2.6.2
Comparing to
See all releases

Code changes from version 1.2.5.8 to 1.2.6.2

Files changed (4) hide show
  1. contact-form-cfdb-7.php +5 -3
  2. inc/admin-form-details.php +1 -0
  3. inc/admin-subpage.php +4 -1
  4. readme.txt +14 -5
contact-form-cfdb-7.php CHANGED
@@ -7,7 +7,7 @@ Author: Arshid
7
  Author URI: http://ciphercoin.com/
8
  Text Domain: contact-form-cfdb7
9
  Domain Path: /languages/
10
- Version: 1.2.5.8
11
  */
12
 
13
  function cfdb7_create_table(){
@@ -135,8 +135,9 @@ function cfdb7_before_send_mail( $form_tag ) {
135
  foreach ($_FILES as $file_key => $file) {
136
  array_push($uploaded_files, $file_key);
137
  }
138
-
139
  foreach ($files as $file_key => $file) {
 
 
140
  copy($file, $cfdb7_dirname.'/'.$time_now.'-'.$file_key.'-'.basename($file));
141
  }
142
 
@@ -160,7 +161,8 @@ function cfdb7_before_send_mail( $form_tag ) {
160
  $form_data[$key] = $tmpD;
161
  }
162
  if ( in_array($key, $uploaded_files ) ) {
163
- $file_name = isset( $files[ $key ] ) ? $time_now.'-'.$key.'-'.basename( $files[ $key ]) : '';
 
164
  $form_data[$key.'cfdb7_file'] = $file_name;
165
  }
166
  }
7
  Author URI: http://ciphercoin.com/
8
  Text Domain: contact-form-cfdb7
9
  Domain Path: /languages/
10
+ Version: 1.2.6.2
11
  */
12
 
13
  function cfdb7_create_table(){
135
  foreach ($_FILES as $file_key => $file) {
136
  array_push($uploaded_files, $file_key);
137
  }
 
138
  foreach ($files as $file_key => $file) {
139
+ $file = is_array( $file ) ? reset( $file ) : $file;
140
+ if( empty($file) ) continue;
141
  copy($file, $cfdb7_dirname.'/'.$time_now.'-'.$file_key.'-'.basename($file));
142
  }
143
 
161
  $form_data[$key] = $tmpD;
162
  }
163
  if ( in_array($key, $uploaded_files ) ) {
164
+ $file = is_array( $files[ $key ] ) ? reset( $files[ $key ] ) : $files[ $key ];
165
+ $file_name = empty( $file ) ? '' : $time_now.'-'.$key.'-'.basename( $file );
166
  $form_data[$key.'cfdb7_file'] = $file_name;
167
  }
168
  }
inc/admin-form-details.php CHANGED
@@ -49,6 +49,7 @@ class CFDB7_Form_Details
49
  foreach ($form_data as $key => $data):
50
 
51
  $matches = array();
 
52
 
53
  if ( $key == 'cfdb7_status' ) continue;
54
  if( $rm_underscore ) preg_match('/^_.*$/m', $key, $matches);
49
  foreach ($form_data as $key => $data):
50
 
51
  $matches = array();
52
+ $key = esc_html( $key );
53
 
54
  if ( $key == 'cfdb7_status' ) continue;
55
  if( $rm_underscore ) preg_match('/^_.*$/m', $key, $matches);
inc/admin-subpage.php CHANGED
@@ -138,8 +138,10 @@ class CFDB7_List_Table extends WP_List_Table
138
  foreach ($first_row as $key => $value) {
139
 
140
  $matches = array();
 
141
 
142
  if ( $key == 'cfdb7_status' ) continue;
 
143
  if( $rm_underscore ) preg_match('/^_.*$/m', $key, $matches);
144
  if( ! empty($matches[0]) ) continue;
145
 
@@ -293,7 +295,7 @@ class CFDB7_List_Table extends WP_List_Table
293
  $table_name = $cfdb->prefix.'db7_forms';
294
  $action = $this->current_action();
295
 
296
- if ( isset( $_POST['_wpnonce'] ) && ! empty( $_POST['_wpnonce'] ) ) {
297
 
298
  $nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
299
  $nonce_action = 'bulk-' . $this->_args['plural'];
@@ -321,6 +323,7 @@ class CFDB7_List_Table extends WP_List_Table
321
  foreach ($result_values as $key => $result) {
322
 
323
  if ( ( strpos($key, 'cfdb7_file') !== false ) &&
 
324
  file_exists($cfdb7_dirname.'/'.$result) ) {
325
 
326
  unlink($cfdb7_dirname.'/'.$result);
138
  foreach ($first_row as $key => $value) {
139
 
140
  $matches = array();
141
+ $key = esc_html( $key );
142
 
143
  if ( $key == 'cfdb7_status' ) continue;
144
+
145
  if( $rm_underscore ) preg_match('/^_.*$/m', $key, $matches);
146
  if( ! empty($matches[0]) ) continue;
147
 
295
  $table_name = $cfdb->prefix.'db7_forms';
296
  $action = $this->current_action();
297
 
298
+ if ( !empty( $action ) ) {
299
 
300
  $nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
301
  $nonce_action = 'bulk-' . $this->_args['plural'];
323
  foreach ($result_values as $key => $result) {
324
 
325
  if ( ( strpos($key, 'cfdb7_file') !== false ) &&
326
+ ! empty( $result ) &&
327
  file_exists($cfdb7_dirname.'/'.$result) ) {
328
 
329
  unlink($cfdb7_dirname.'/'.$result);
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: arshidkv12
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=H5F3Z6S3MNTXA&lc=IN&item_name=wp%2dlogin%2dlimit&amount=5%2e00&currency_code=USD&button_subtype=services&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHosted
4
  Tags: cf7, contact form 7, contact form 7 db, contact form db, contact form seven, contact form storage, export contact form, save contact form, wpcf7
5
  Requires at least: 4.8
6
- Tested up to: 5.6
7
- Stable tag: 1.2.5.8
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  Requires PHP: 5.6
@@ -28,6 +28,9 @@ By simply installing the plugin, it will automatically begin to capture form sub
28
  * Display all created contact form 7 form list.
29
  * Export CF7 DB (CF7 Database - cf7db) data in CSV file
30
 
 
 
 
31
  = Pro Addons =
32
  * [CFDB7 DB Switcher](https://ciphercoin.com/downloads/cfdb7-database-switcher/)
33
  Connect CFDB7 to an external database or another DB
@@ -46,7 +49,6 @@ Easy to export contact forms from database to PDF file
46
  Support : [http://www.ciphercoin.com/contact/](https://www.ciphercoin.com/contact/)
47
  Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7-database-cfdb7-add-ons/)
48
 
49
- [CFDB7 vs flamingo](https://wpdebuglog.com/forums/topic/cfdb7-vs-flamingo/)
50
 
51
  == Installation ==
52
 
@@ -60,6 +62,15 @@ Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7
60
 
61
  == Changelog ==
62
 
 
 
 
 
 
 
 
 
 
63
  = 1.2.5.8 =
64
  This is a security and maintenance release and we strongly encourage you to update to it immediately.
65
 
@@ -76,8 +87,6 @@ Meaningfull headings
76
  = 1.2.4.11 =
77
  UTF-8 CSV Export Fixed
78
 
79
- = 1.2.4.10 =
80
- Solved upload file issue
81
 
82
 
83
  = 1.0.0 =
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=H5F3Z6S3MNTXA&lc=IN&item_name=wp%2dlogin%2dlimit&amount=5%2e00&currency_code=USD&button_subtype=services&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHosted
4
  Tags: cf7, contact form 7, contact form 7 db, contact form db, contact form seven, contact form storage, export contact form, save contact form, wpcf7
5
  Requires at least: 4.8
6
+ Tested up to: 5.8
7
+ Stable tag: 1.2.6.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  Requires PHP: 5.6
28
  * Display all created contact form 7 form list.
29
  * Export CF7 DB (CF7 Database - cf7db) data in CSV file
30
 
31
+ = Android/iOS App =
32
+ * [Download APP](https://github.com/arshidkv12/cfdb7-connector/blob/main/readme.md)
33
+
34
  = Pro Addons =
35
  * [CFDB7 DB Switcher](https://ciphercoin.com/downloads/cfdb7-database-switcher/)
36
  Connect CFDB7 to an external database or another DB
49
  Support : [http://www.ciphercoin.com/contact/](https://www.ciphercoin.com/contact/)
50
  Extensions : [Contact form 7 more Add-ons](https://ciphercoin.com/contact-form-7-database-cfdb7-add-ons/)
51
 
 
52
 
53
  == Installation ==
54
 
62
 
63
  == Changelog ==
64
 
65
+ = 1.2.6.2 =
66
+ Fixed xss issues
67
+
68
+ = 1.2.6.1 =
69
+ Fixed nonce issue
70
+
71
+ = 1.2.5.9 =
72
+ Fixed upload issue
73
+
74
  = 1.2.5.8 =
75
  This is a security and maintenance release and we strongly encourage you to update to it immediately.
76
 
87
  = 1.2.4.11 =
88
  UTF-8 CSV Export Fixed
89
 
 
 
90
 
91
 
92
  = 1.0.0 =