Version Description
- Additional field sanitization
Download this release
Release Info
| Developer | codepeople |
| Plugin |  Contact Form Email |
| Version | 1.3.25 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.24 to 1.3.25
- README.txt +5 -2
- cp-admin-int-list.inc.php +1 -1
- cp-admin-int-report.inc.php +1 -1
- cp-admin-int.inc.php +1 -1
- cp-main-class.inc.php +1 -1
- cp-publish-wizzard.inc.php +1 -1
- form-to-email.php +1 -1
README.txt
CHANGED
|
@@ -456,6 +456,9 @@ When you click a field already added into the contact form builder area, you can
|
|
| 456 |
|
| 457 |
== Changelog ==
|
| 458 |
|
|
|
|
|
|
|
|
|
|
| 459 |
= 1.3.24 =
|
| 460 |
* Interface improvement
|
| 461 |
|
|
@@ -1126,5 +1129,5 @@ When you click a field already added into the contact form builder area, you can
|
|
| 1126 |
|
| 1127 |
== Upgrade Notice ==
|
| 1128 |
|
| 1129 |
-
= 1.3.
|
| 1130 |
-
*
|
| 456 |
|
| 457 |
== Changelog ==
|
| 458 |
|
| 459 |
+
= 1.3.25 =
|
| 460 |
+
* Additional field sanitization
|
| 461 |
+
|
| 462 |
= 1.3.24 =
|
| 463 |
* Interface improvement
|
| 464 |
|
| 1129 |
|
| 1130 |
== Upgrade Notice ==
|
| 1131 |
|
| 1132 |
+
= 1.3.25 =
|
| 1133 |
+
* Additional field sanitization
|
cp-admin-int-list.inc.php
CHANGED
|
@@ -33,7 +33,7 @@ if (isset($_GET['a']) && $_GET['a'] == '1')
|
|
| 33 |
$this->add_field_verify($wpdb->prefix.$this->table_items, "cv_enable_captchaintelligent", "VARCHAR(10)");
|
| 34 |
|
| 35 |
$wpdb->insert( $wpdb->prefix.$this->table_items, array(
|
| 36 |
-
'form_name' => stripcslashes($_GET["name"]),
|
| 37 |
|
| 38 |
'form_structure' => $this->get_option('form_structure', CP_CFEMAIL_DEFAULT_form_structure),
|
| 39 |
|
| 33 |
$this->add_field_verify($wpdb->prefix.$this->table_items, "cv_enable_captchaintelligent", "VARCHAR(10)");
|
| 34 |
|
| 35 |
$wpdb->insert( $wpdb->prefix.$this->table_items, array(
|
| 36 |
+
'form_name' => stripcslashes(sanitize_text_field($_GET["name"])),
|
| 37 |
|
| 38 |
'form_structure' => $this->get_option('form_structure', CP_CFEMAIL_DEFAULT_form_structure),
|
| 39 |
|
cp-admin-int-report.inc.php
CHANGED
|
@@ -115,7 +115,7 @@ else
|
|
| 115 |
<?php
|
| 116 |
$myrows = $wpdb->get_results( "SELECT * FROM ".$wpdb->prefix.$this->table_items );
|
| 117 |
foreach ($myrows as $item)
|
| 118 |
-
echo '<option value="'.$item->id.'"'.(intval($item->id)==intval($this->item)?" selected":"").'>'
|
| 119 |
?>
|
| 120 |
</select></nobr>
|
| 121 |
<nobr>
|
| 115 |
<?php
|
| 116 |
$myrows = $wpdb->get_results( "SELECT * FROM ".$wpdb->prefix.$this->table_items );
|
| 117 |
foreach ($myrows as $item)
|
| 118 |
+
echo '<option value="'.$item->id.'"'.(intval($item->id)==intval($this->item)?" selected":"").'>'.esc_html($item->form_name).'</option>';
|
| 119 |
?>
|
| 120 |
</select></nobr>
|
| 121 |
<nobr>
|
cp-admin-int.inc.php
CHANGED
|
@@ -38,7 +38,7 @@ if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST[$this->prefix.'_post_
|
|
| 38 |
|
| 39 |
</script>
|
| 40 |
<div class="wrap">
|
| 41 |
-
<h1><?php _e('Edit','cfte'); ?> - <?php echo $this->get_option('form_name','Contact Form'); ?> - <?php echo $this->plugin_name; ?></h1>
|
| 42 |
|
| 43 |
|
| 44 |
<form method="post" action="" name="cpformconf">
|
| 38 |
|
| 39 |
</script>
|
| 40 |
<div class="wrap">
|
| 41 |
+
<h1><?php _e('Edit','cfte'); ?> - <?php echo esc_html($this->get_option('form_name','Contact Form')); ?> - <?php echo $this->plugin_name; ?></h1>
|
| 42 |
|
| 43 |
|
| 44 |
<form method="post" action="" name="cpformconf">
|
cp-main-class.inc.php
CHANGED
|
@@ -618,7 +618,7 @@ class CP_ContactFormToEmail extends CP_CFTEMAIL_BaseClass {
|
|
| 618 |
if ($action == "wizard" && current_user_can('manage_options') && wp_verify_nonce( $_POST['anonce'], 'cpappb_actions_pwizard'))
|
| 619 |
{
|
| 620 |
$shortcode = '['.$this->shorttag.' id="'.$this->item .'"]';
|
| 621 |
-
$this->postURL = $this->publish_on($_POST["whereto"], @$_POST["publishpage"], @$_POST["publishpost"], $shortcode, $_POST["posttitle"]);
|
| 622 |
return;
|
| 623 |
}
|
| 624 |
|
| 618 |
if ($action == "wizard" && current_user_can('manage_options') && wp_verify_nonce( $_POST['anonce'], 'cpappb_actions_pwizard'))
|
| 619 |
{
|
| 620 |
$shortcode = '['.$this->shorttag.' id="'.$this->item .'"]';
|
| 621 |
+
$this->postURL = $this->publish_on(sanitize_text_field($_POST["whereto"]), sanitize_text_field(@$_POST["publishpage"]), sanitize_text_field(@$_POST["publishpost"]), $shortcode, sanitize_text_field($_POST["posttitle"]));
|
| 622 |
return;
|
| 623 |
}
|
| 624 |
|
cp-publish-wizzard.inc.php
CHANGED
|
@@ -80,7 +80,7 @@ if ($this->get_param('cp_contactformtoemail_do_action_loaded') == 'wizard') {
|
|
| 80 |
<?php
|
| 81 |
$myrows = $wpdb->get_results( "SELECT * FROM ". $wpdb->prefix.$this->table_items);
|
| 82 |
foreach ($myrows as $item)
|
| 83 |
-
echo '<option value="'.$item->id.'"'.($item->id==$this->item?' selected':'').'>'
|
| 84 |
?>
|
| 85 |
</select>
|
| 86 |
</td>
|
| 80 |
<?php
|
| 81 |
$myrows = $wpdb->get_results( "SELECT * FROM ". $wpdb->prefix.$this->table_items);
|
| 82 |
foreach ($myrows as $item)
|
| 83 |
+
echo '<option value="'.$item->id.'"'.($item->id==$this->item?' selected':'').'>'.esc_html($item->form_name).'</option>';
|
| 84 |
?>
|
| 85 |
</select>
|
| 86 |
</td>
|
form-to-email.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Contact Form Email
|
| 4 |
Plugin URI: https://form2email.dwbooster.com/download
|
| 5 |
Description: Contact form that sends the data to email and also to a database list and CSV file.
|
| 6 |
-
Version: 1.3.
|
| 7 |
Author: CodePeople
|
| 8 |
Author URI: https://form2email.dwbooster.com
|
| 9 |
Text Domain: contact-form-to-email
|
| 3 |
Plugin Name: Contact Form Email
|
| 4 |
Plugin URI: https://form2email.dwbooster.com/download
|
| 5 |
Description: Contact form that sends the data to email and also to a database list and CSV file.
|
| 6 |
+
Version: 1.3.25
|
| 7 |
Author: CodePeople
|
| 8 |
Author URI: https://form2email.dwbooster.com
|
| 9 |
Text Domain: contact-form-to-email
|
