Contact Form Submissions - Version 1.7.3

Version Description

  • Security fix
Download this release

Release Info

Developer jasongreen
Plugin Icon 128x128 Contact Form Submissions
Version 1.7.3
Comparing to
See all releases

Code changes from version 1.7.2 to 1.7.3

Files changed (4) hide show
  1. Admin.php +8 -7
  2. Submissions.php +1 -1
  3. contact-form-submissions.php +1 -1
  4. readme.txt +5 -2
Admin.php CHANGED
@@ -84,7 +84,7 @@ class WPCF7SAdmin
84
  <?php foreach ($forms as $post) {
85
  ?>
86
  <?php $selected = ($post->ID == filter_var($_GET['wpcf7_contact_form'], FILTER_SANITIZE_NUMBER_INT)) ? 'selected' : ''; ?>
87
- <option value="<?php echo $post->ID; ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option>
88
  <?php
89
  } ?>
90
  </select>
@@ -190,7 +190,7 @@ class WPCF7SAdmin
190
  ?>
191
  <strong>
192
  <a class="row-title" href="<?php echo get_edit_post_link($post_id); ?>">
193
- <?php echo $nested . htmlspecialchars(get_post_meta($post_id, 'sender', true)); ?>
194
  </a>
195
  </strong>
196
  <?php
@@ -226,14 +226,14 @@ class WPCF7SAdmin
226
  */
227
  public function mail_meta_box($post)
228
  {
229
- $form_id = get_post_meta($post->ID, 'form_id', true);
230
  $sender = esc_html(get_post_meta($post->ID, 'sender', true));
231
  $sender_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $sender);
232
  $recipient = esc_html(get_post_meta($post->ID, 'recipient', true));
233
  $recipient_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $recipient);
234
  $subject = esc_html(get_post_meta($post->ID, 'subject', true));
235
 
236
- $body = apply_filters('the_content', esc_html($post->post_content));
237
 
238
  $additional_headers = esc_html(get_post_meta($post->ID, 'additional_headers', true)); ?>
239
  <table class="form-table contact-form-submission">
@@ -281,12 +281,13 @@ class WPCF7SAdmin
281
  <table class="form-table contact-form-submission">
282
  <tbody>
283
  <?php foreach ($values as $key => $value) {
 
284
  // check if the value is serialized and unserialize it
285
  $posted_field = is_serialized($value[0]) ? implode(', ', unserialize($value[0])) : $value[0];
286
  $posted_field = esc_html($posted_field);
287
  ?>
288
  <tr>
289
- <th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $key), 'contact-form-submissions'); ?></th>
290
  <td><?php echo $posted_field; ?></td>
291
  </tr>
292
  <?php
@@ -344,7 +345,7 @@ class WPCF7SAdmin
344
 
345
  <div id="misc-publishing-actions">
346
  <div class="misc-pub-section curtime misc-pub-curtime">
347
- <span id="timestamp"><?php _e('Submitted', 'contact-form-submissions'); ?> : <strong><?php echo $date; ?></strong></span>
348
  </div>
349
  </div>
350
  <div class="clear"></div>
@@ -367,7 +368,7 @@ class WPCF7SAdmin
367
  $posted = array_intersect_key(
368
  $post_meta,
369
  array_flip(array_filter(array_keys($post_meta), function ($key) {
370
- return preg_match('/^wpcf7s_posted-/', $key);
371
  }))
372
  );
373
 
84
  <?php foreach ($forms as $post) {
85
  ?>
86
  <?php $selected = ($post->ID == filter_var($_GET['wpcf7_contact_form'], FILTER_SANITIZE_NUMBER_INT)) ? 'selected' : ''; ?>
87
+ <option value="<?php echo esc_attr($post->ID); ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option>
88
  <?php
89
  } ?>
90
  </select>
190
  ?>
191
  <strong>
192
  <a class="row-title" href="<?php echo get_edit_post_link($post_id); ?>">
193
+ <?php echo $nested . esc_html(htmlspecialchars(get_post_meta($post_id, 'sender', true))); ?>
194
  </a>
195
  </strong>
196
  <?php
226
  */
227
  public function mail_meta_box($post)
228
  {
229
+ $form_id = esc_html(get_post_meta($post->ID, 'form_id', true));
230
  $sender = esc_html(get_post_meta($post->ID, 'sender', true));
231
  $sender_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $sender);
232
  $recipient = esc_html(get_post_meta($post->ID, 'recipient', true));
233
  $recipient_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $recipient);
234
  $subject = esc_html(get_post_meta($post->ID, 'subject', true));
235
 
236
+ $body = wp_kses_post(apply_filters('the_content', esc_html($post->post_content)));
237
 
238
  $additional_headers = esc_html(get_post_meta($post->ID, 'additional_headers', true)); ?>
239
  <table class="form-table contact-form-submission">
281
  <table class="form-table contact-form-submission">
282
  <tbody>
283
  <?php foreach ($values as $key => $value) {
284
+ $label = wp_kses_post($key);
285
  // check if the value is serialized and unserialize it
286
  $posted_field = is_serialized($value[0]) ? implode(', ', unserialize($value[0])) : $value[0];
287
  $posted_field = esc_html($posted_field);
288
  ?>
289
  <tr>
290
+ <th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $label), 'contact-form-submissions'); ?></th>
291
  <td><?php echo $posted_field; ?></td>
292
  </tr>
293
  <?php
345
 
346
  <div id="misc-publishing-actions">
347
  <div class="misc-pub-section curtime misc-pub-curtime">
348
+ <span id="timestamp"><?php _e('Submitted', 'contact-form-submissions'); ?> : <strong><?php echo esc_html($date); ?></strong></span>
349
  </div>
350
  </div>
351
  <div class="clear"></div>
368
  $posted = array_intersect_key(
369
  $post_meta,
370
  array_flip(array_filter(array_keys($post_meta), function ($key) {
371
+ return esc_html(preg_match('/^wpcf7s_posted-/', $key));
372
  }))
373
  );
374
 
Submissions.php CHANGED
@@ -170,7 +170,7 @@ class WPCF7Submissions
170
  if (!empty($additional_fields)) {
171
  foreach ($additional_fields as $name => $value) {
172
  if (!empty($value)) {
173
- add_post_meta($post_id, 'wpcf7s_posted-' . $name, wp_kses_post($value));
174
  }
175
  }
176
  }
170
  if (!empty($additional_fields)) {
171
  foreach ($additional_fields as $name => $value) {
172
  if (!empty($value)) {
173
+ add_post_meta($post_id, 'wpcf7s_posted-' . $name, $value);
174
  }
175
  }
176
  }
contact-form-submissions.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  Plugin Name: Contact Form Submissions
4
  Description: Never miss an enquiry again! Save all Contact Form 7 submissions in your database.
5
- Version: 1.7.2
6
  Author: Jason Green
7
  License: GPLv3
8
  Domain Path: /languages
2
  /*
3
  Plugin Name: Contact Form Submissions
4
  Description: Never miss an enquiry again! Save all Contact Form 7 submissions in your database.
5
+ Version: 1.7.3
6
  Author: Jason Green
7
  License: GPLv3
8
  Domain Path: /languages
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: jasongreen
3
  Tags: contact form 7, save contact form, submissions, contact form db, cf7, wpcf7, contact form storage, contact form seven, contact form 7 db, export contact form
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SNHXWSXSPYATE
5
  Requires at least: 3.0.1
6
- Tested up to: 5.7
7
- Stable tag: 1.7.2
8
  Requires PHP: 5.6
9
  License: GPLv3
10
 
@@ -43,6 +43,9 @@ None yet
43
 
44
  == Changelog ==
45
 
 
 
 
46
  = 1.7.2 =
47
  * Security fix
48
 
3
  Tags: contact form 7, save contact form, submissions, contact form db, cf7, wpcf7, contact form storage, contact form seven, contact form 7 db, export contact form
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SNHXWSXSPYATE
5
  Requires at least: 3.0.1
6
+ Tested up to: 5.9
7
+ Stable tag: 1.7.3
8
  Requires PHP: 5.6
9
  License: GPLv3
10
 
43
 
44
  == Changelog ==
45
 
46
+ = 1.7.3 =
47
+ * Security fix
48
+
49
  = 1.7.2 =
50
  * Security fix
51