Version Description
- Added security fix to escape user submitted data
Download this release
Release Info
| Developer | jasongreen |
| Plugin |  Contact Form Submissions |
| Version | 1.5.9 |
| Comparing to | |
| See all releases | |
Code changes from version 1.5.8 to 1.5.9
- Admin.php +14 -7
- Submissions.php +3 -3
- contact-form-submissions.php +1 -1
- readme.txt +4 -1
Admin.php
CHANGED
|
@@ -227,12 +227,15 @@ class WPCF7SAdmin
|
|
| 227 |
public function mail_meta_box($post)
|
| 228 |
{
|
| 229 |
$form_id = get_post_meta($post->ID, 'form_id', true);
|
| 230 |
-
$sender = get_post_meta($post->ID, 'sender', true);
|
| 231 |
$sender_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $sender);
|
| 232 |
-
$recipient = get_post_meta($post->ID, 'recipient', true);
|
| 233 |
$recipient_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $recipient);
|
|
|
|
| 234 |
|
| 235 |
-
$
|
|
|
|
|
|
|
| 236 |
<table class="form-table contact-form-submission">
|
| 237 |
<tbody>
|
| 238 |
<tr>
|
|
@@ -249,17 +252,17 @@ class WPCF7SAdmin
|
|
| 249 |
</tr>
|
| 250 |
<tr>
|
| 251 |
<th scope="row"><?php _e('Subject', 'contact-form-submissions'); ?></th>
|
| 252 |
-
<td><?php echo
|
| 253 |
</tr>
|
| 254 |
<tr>
|
| 255 |
<th scope="row"><?php _e('Body', 'contact-form-submissions'); ?></th>
|
| 256 |
-
<td><?php echo
|
| 257 |
</tr>
|
| 258 |
<?php if (!empty($additional_headers)) {
|
| 259 |
?>
|
| 260 |
<tr>
|
| 261 |
<th scope="row"><?php _e('Additional Headers', 'contact-form-submissions'); ?></th>
|
| 262 |
-
<td><?php echo
|
| 263 |
</tr>
|
| 264 |
<?php
|
| 265 |
} ?>
|
|
@@ -278,10 +281,13 @@ class WPCF7SAdmin
|
|
| 278 |
<table class="form-table contact-form-submission">
|
| 279 |
<tbody>
|
| 280 |
<?php foreach ($values as $key => $value) {
|
|
|
|
|
|
|
|
|
|
| 281 |
?>
|
| 282 |
<tr>
|
| 283 |
<th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $key), 'contact-form-submissions'); ?></th>
|
| 284 |
-
<td><?php echo
|
| 285 |
</tr>
|
| 286 |
<?php
|
| 287 |
} ?>
|
|
@@ -463,6 +469,7 @@ class WPCF7SAdmin
|
|
| 463 |
}
|
| 464 |
}
|
| 465 |
}
|
|
|
|
| 466 |
$values[$key] = mb_convert_encoding(implode(',', $value), 'UTF-16LE');
|
| 467 |
|
| 468 |
// if we havent already stored this column, save it now
|
| 227 |
public function mail_meta_box($post)
|
| 228 |
{
|
| 229 |
$form_id = get_post_meta($post->ID, 'form_id', true);
|
| 230 |
+
$sender = esc_html(get_post_meta($post->ID, 'sender', true));
|
| 231 |
$sender_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $sender);
|
| 232 |
+
$recipient = esc_html(get_post_meta($post->ID, 'recipient', true));
|
| 233 |
$recipient_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $recipient);
|
| 234 |
+
$subject = esc_html(get_post_meta($post->ID, 'subject', true));
|
| 235 |
|
| 236 |
+
$body = apply_filters('the_content', esc_html($post->post_content));
|
| 237 |
+
|
| 238 |
+
$additional_headers = esc_html(get_post_meta($post->ID, 'additional_headers', true)); ?>
|
| 239 |
<table class="form-table contact-form-submission">
|
| 240 |
<tbody>
|
| 241 |
<tr>
|
| 252 |
</tr>
|
| 253 |
<tr>
|
| 254 |
<th scope="row"><?php _e('Subject', 'contact-form-submissions'); ?></th>
|
| 255 |
+
<td><?php echo $subject; ?></td>
|
| 256 |
</tr>
|
| 257 |
<tr>
|
| 258 |
<th scope="row"><?php _e('Body', 'contact-form-submissions'); ?></th>
|
| 259 |
+
<td><?php echo $body; ?></td>
|
| 260 |
</tr>
|
| 261 |
<?php if (!empty($additional_headers)) {
|
| 262 |
?>
|
| 263 |
<tr>
|
| 264 |
<th scope="row"><?php _e('Additional Headers', 'contact-form-submissions'); ?></th>
|
| 265 |
+
<td><?php echo nl2br($additional_headers); ?></td>
|
| 266 |
</tr>
|
| 267 |
<?php
|
| 268 |
} ?>
|
| 281 |
<table class="form-table contact-form-submission">
|
| 282 |
<tbody>
|
| 283 |
<?php foreach ($values as $key => $value) {
|
| 284 |
+
// check if the value is serialized and unserialize it
|
| 285 |
+
$posted_field = is_serialized($value[0]) ? implode(', ', unserialize($value[0])) : $value[0];
|
| 286 |
+
$posted_field = esc_html($posted_field);
|
| 287 |
?>
|
| 288 |
<tr>
|
| 289 |
<th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $key), 'contact-form-submissions'); ?></th>
|
| 290 |
+
<td><?php echo $posted_field; ?></td>
|
| 291 |
</tr>
|
| 292 |
<?php
|
| 293 |
} ?>
|
| 469 |
}
|
| 470 |
}
|
| 471 |
}
|
| 472 |
+
$value = sanitize_text_field($value);
|
| 473 |
$values[$key] = mb_convert_encoding(implode(',', $value), 'UTF-16LE');
|
| 474 |
|
| 475 |
// if we havent already stored this column, save it now
|
Submissions.php
CHANGED
|
@@ -76,6 +76,8 @@ class WPCF7Submissions
|
|
| 76 |
{
|
| 77 |
global $wpcf7s_post_id, $wpcf7s_posted_data;
|
| 78 |
|
|
|
|
|
|
|
| 79 |
$contact_form_id = 0;
|
| 80 |
if (method_exists($contact_form, 'id')) {
|
| 81 |
$contact_form_id = $contact_form->id();
|
|
@@ -108,9 +110,7 @@ class WPCF7Submissions
|
|
| 108 |
$headers = trim($components['additional_headers']);
|
| 109 |
|
| 110 |
// get the form file attachements
|
| 111 |
-
|
| 112 |
-
$attachments = $submission->uploaded_files();
|
| 113 |
-
}
|
| 114 |
|
| 115 |
$submission = array(
|
| 116 |
'form_id' => $contact_form_id,
|
| 76 |
{
|
| 77 |
global $wpcf7s_post_id, $wpcf7s_posted_data;
|
| 78 |
|
| 79 |
+
$submission = WPCF7_Submission::get_instance();
|
| 80 |
+
|
| 81 |
$contact_form_id = 0;
|
| 82 |
if (method_exists($contact_form, 'id')) {
|
| 83 |
$contact_form_id = $contact_form->id();
|
| 110 |
$headers = trim($components['additional_headers']);
|
| 111 |
|
| 112 |
// get the form file attachements
|
| 113 |
+
$attachments = $submission->uploaded_files();
|
|
|
|
|
|
|
| 114 |
|
| 115 |
$submission = array(
|
| 116 |
'form_id' => $contact_form_id,
|
contact-form-submissions.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
/*
|
| 3 |
Plugin Name: Contact Form Submissions
|
| 4 |
Description: Never miss an enquiry again! Save all Contact Form 7 submissions in your database.
|
| 5 |
-
Version: 1.5.
|
| 6 |
Author: Jason Green
|
| 7 |
License: GPLv3
|
| 8 |
Domain Path: /languages
|
| 2 |
/*
|
| 3 |
Plugin Name: Contact Form Submissions
|
| 4 |
Description: Never miss an enquiry again! Save all Contact Form 7 submissions in your database.
|
| 5 |
+
Version: 1.5.9
|
| 6 |
Author: Jason Green
|
| 7 |
License: GPLv3
|
| 8 |
Domain Path: /languages
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Tags: contact form 7, save contact form, submissions, contact form db, cf7, wpcf
|
|
| 4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SNHXWSXSPYATE
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Tested up to: 4.8.1
|
| 7 |
-
Stable tag: 1.5.
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
Never miss an enquiry again! Save & Export your Contact Form 7 submissions.
|
|
@@ -42,6 +42,9 @@ None yet
|
|
| 42 |
|
| 43 |
== Changelog ==
|
| 44 |
|
|
|
|
|
|
|
|
|
|
| 45 |
= 1.5.8 =
|
| 46 |
* Disabled saving mail2 by default. Overridable with filter wpcf7s_save_submission_mail2.
|
| 47 |
* Fixed issue where attachments were not being saved.
|
| 4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SNHXWSXSPYATE
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Tested up to: 4.8.1
|
| 7 |
+
Stable tag: 1.5.9
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
Never miss an enquiry again! Save & Export your Contact Form 7 submissions.
|
| 42 |
|
| 43 |
== Changelog ==
|
| 44 |
|
| 45 |
+
= 1.5.9 =
|
| 46 |
+
* Added security fix to escape user submitted data
|
| 47 |
+
|
| 48 |
= 1.5.8 =
|
| 49 |
* Disabled saving mail2 by default. Overridable with filter wpcf7s_save_submission_mail2.
|
| 50 |
* Fixed issue where attachments were not being saved.
|
