Form Maker by WD – user-friendly drag &amp; drop Form Builder

Version Description

Fixed: Vulnerabilities reported by Neven Biruski from DefenseCode (using the tool ThunderScan). Fixed: "The loopback request to your site failed" error.

Download this release

Release Info

Developer	webdorado
Plugin	Form Maker by WD – user-friendly drag & drop Form Builder plugin
Version	1.12.26
Comparing to
See all releases

Code changes from version 1.12.25 to 1.12.26

Files changed (13) hide show

admin/models/FMSelectDataFromDb.php +13 -13
admin/models/FMSqlMapping.php +14 -14
admin/views/FMCaptcha.php +1 -4
admin/views/FMMathCaptcha.php +1 -3
admin/views/Pricing_fm.php +1 -1
admin/views/Themes_fm.php +2 -2
admin/views/view.php +1 -1
form-maker.php +6 -9
framework/WDW_FM_Library.php +10 -1
frontend/models/form_maker.php +6 -2
frontend/views/form_maker.php +7 -9
readme.txt +7 -2
wd/includes/overview.php +1 -1

admin/models/FMSelectDataFromDb.php CHANGED Viewed

	@@ -32,10 +32,10 @@ class FMModelSelect_data_from_db {
32	}
33	else {
34	if ( $con_type == 'remote' ) {
35	- $username = ~~isset~~(~~$_POST[~~'username']) ~~? $_POST[~~'~~username~~'~~] : ''~~;
36	- $password = ~~isset~~(~~$_POST[~~'password']) ~~? $_POST[~~'~~password~~'~~] : ''~~;
37	- $database = ~~isset~~(~~$_POST[~~'database']) ~~? $_POST[~~'~~database~~'~~] : ''~~;
38	- $host = ~~isset~~(~~$_POST[~~'host']) ~~? $_POST[~~'~~host~~'~~] : ''~~;
39	$wpdb_temp = new wpdb($username, $password, $database, $host);
40	$query = "SHOW TABLES";
41	$tables = $wpdb_temp->get_col($query);
	@@ -80,18 +80,18 @@ class FMModelSelect_data_from_db {
80	*/
81	function get_table_struct() {
82	global $wpdb;
83	- $name = ~~isset~~(~~$_POST[~~'name']) ~~? $_POST['name'] :~~ NULL;
84	if ( !$name ) {
85	return array();
86	}
87	- $con_method = ~~$_POST[~~'con_method'];
88	- $con_type = ~~$_POST[~~'con_type'];
89	- $query = "SHOW COLUMNS FROM " . $name;
90	if ( $con_type == 'remote' ) {
91	- $username = ~~isset~~(~~$_POST[~~'username']) ~~? $_POST[~~'~~username~~'~~] : ''~~;
92	- $password = ~~isset~~(~~$_POST[~~'password']) ~~? $_POST[~~'~~password~~'~~] : ''~~;
93	- $database = ~~isset~~(~~$_POST[~~'database']) ~~? $_POST[~~'~~database~~'~~] : ''~~;
94	- $host = ~~isset~~(~~$_POST[~~'host']) ~~? $_POST[~~'~~host~~'~~] : ''~~;
95	$wpdb_temp = new wpdb($username, $password, $database, $host);
96	$table_struct = $wpdb_temp->get_results($query);
97	}
	@@ -120,7 +120,7 @@ class FMModelSelect_data_from_db {
120	if ( !$name ) {
121	return array();
122	}
123	- $query = "SHOW COLUMNS FROM " . $name;
124	if ( $con_type == 'remote' ) {
125	$wpdb_temp = new wpdb($username, $password, $database, $host);
126	$table_struct = $wpdb_temp->get_results($query);


32	}
33	else {
34	if ( $con_type == 'remote' ) {
35	+ $username = WDW_FM_Library::get('username', '');
36	+ $password = WDW_FM_Library::get('password', '');
37	+ $database = WDW_FM_Library::get('database', '');
38	+ $host = WDW_FM_Library::get('host', '');
39	$wpdb_temp = new wpdb($username, $password, $database, $host);
40	$query = "SHOW TABLES";
41	$tables = $wpdb_temp->get_col($query);

80	*/
81	function get_table_struct() {
82	global $wpdb;
83	+ $name = WDW_FM_Library::get('name', NULL);
84	if ( !$name ) {
85	return array();
86	}
87	+ $con_method = WDW_FM_Library::get('con_method', NULL);
88	+ $con_type = WDW_FM_Library::get('con_type', NULL);
89	+ $query = 'SHOW COLUMNS FROM `' . $name . '`';
90	if ( $con_type == 'remote' ) {
91	+ $username = WDW_FM_Library::get('username', '');
92	+ $password = WDW_FM_Library::get('password', '');
93	+ $database = WDW_FM_Library::get('database', '');
94	+ $host = WDW_FM_Library::get('host', '');
95	$wpdb_temp = new wpdb($username, $password, $database, $host);
96	$table_struct = $wpdb_temp->get_results($query);
97	}

120	if ( !$name ) {
121	return array();
122	}
123	+ $query = 'SHOW COLUMNS FROM `' . $name . '`';
124	if ( $con_type == 'remote' ) {
125	$wpdb_temp = new wpdb($username, $password, $database, $host);
126	$table_struct = $wpdb_temp->get_results($query);

admin/models/FMSqlMapping.php CHANGED Viewed

	@@ -39,17 +39,17 @@ class FMModelFormMakerSQLMapping {
39	*/
40	function get_tables() {
41	global $wpdb;
42	- $con_type = ~~$_POST[~~'con_type'];
43	if ( $con_type == 'local' ) {
44	$query = "SHOW TABLES";
45	$tables = $wpdb->get_col($query);
46	}
47	else {
48	if ( $con_type == 'remote' ) {
49	- $username = ~~isset~~(~~$_POST[~~'username']) ~~? $_POST[~~'~~username~~'~~] : ''~~;
50	- $password = ~~isset~~(~~$_POST[~~'password']) ~~? $_POST[~~'~~password~~'~~] : ''~~;
51	- $database = ~~isset~~(~~$_POST[~~'database']) ~~? $_POST[~~'~~database~~'~~] : ''~~;
52	- $host = ~~isset~~(~~$_POST[~~'host']) ~~? $_POST[~~'~~host~~'~~] : ''~~;
53	$wpdb_temp = new wpdb($username, $password, $database, $host);
54	$query = "SHOW TABLES";
55	$tables = $wpdb_temp->get_col($query);
	@@ -78,18 +78,18 @@ class FMModelFormMakerSQLMapping {
78
79	function get_table_struct() {
80	global $wpdb;
81	- $name = ~~isset~~(~~$_POST[~~'name']) ~~? $_POST['name'] :~~ NULL;
82	if ( !$name ) {
83	return array();
84	}
85	- $con_method = ~~$_POST[~~'con_method'];
86	- $con_type = ~~$_POST[~~'con_type'];
87	- $query = "SHOW COLUMNS FROM " . $name;
88	if ( $con_type == 'remote' ) {
89	- $username = ~~isset~~(~~$_POST[~~'username']) ~~? $_POST[~~'~~username~~'~~] : ''~~;
90	- $password = ~~isset~~(~~$_POST[~~'password']) ~~? $_POST[~~'~~password~~'~~] : ''~~;
91	- $database = ~~isset~~(~~$_POST[~~'database']) ~~? $_POST[~~'~~database~~'~~] : ''~~;
92	- $host = ~~isset~~(~~$_POST[~~'host']) ~~? $_POST[~~'~~host~~'~~] : ''~~;
93	$wpdb_temp = new wpdb($username, $password, $database, $host);
94	$table_struct = $wpdb_temp->get_results($query);
95	}
	@@ -105,7 +105,7 @@ class FMModelFormMakerSQLMapping {
105	if ( !$name ) {
106	return array();
107	}
108	- $query = "SHOW COLUMNS FROM " . $name;
109	if ( $con_type == 'remote' ) {
110	$wpdb_temp = new wpdb($username, $password, $database, $host);
111	$table_struct = $wpdb_temp->get_results($query);


39	*/
40	function get_tables() {
41	global $wpdb;
42	+ $con_type = WDW_FM_Library::get('con_type', NULL);
43	if ( $con_type == 'local' ) {
44	$query = "SHOW TABLES";
45	$tables = $wpdb->get_col($query);
46	}
47	else {
48	if ( $con_type == 'remote' ) {
49	+ $username = WDW_FM_Library::get('username', '');
50	+ $password = WDW_FM_Library::get('password', '');
51	+ $database = WDW_FM_Library::get('database', '');
52	+ $host = WDW_FM_Library::get('host', '');
53	$wpdb_temp = new wpdb($username, $password, $database, $host);
54	$query = "SHOW TABLES";
55	$tables = $wpdb_temp->get_col($query);

78
79	function get_table_struct() {
80	global $wpdb;
81	+ $name = WDW_FM_Library::get('name', NULL);
82	if ( !$name ) {
83	return array();
84	}
85	+ $con_method = WDW_FM_Library::get('con_method', NULL);
86	+ $con_type = WDW_FM_Library::get('con_type', NULL);
87	+ $query = 'SHOW COLUMNS FROM `' . $name . '`';
88	if ( $con_type == 'remote' ) {
89	+ $username = WDW_FM_Library::get('username', '');
90	+ $password = WDW_FM_Library::get('password', '');
91	+ $database = WDW_FM_Library::get('database', '');
92	+ $host = WDW_FM_Library::get('host', '');
93	$wpdb_temp = new wpdb($username, $password, $database, $host);
94	$table_struct = $wpdb_temp->get_results($query);
95	}

105	if ( !$name ) {
106	return array();
107	}
108	+ $query = 'SHOW COLUMNS FROM `' . $name . '`';
109	if ( $con_type == 'remote' ) {
110	$wpdb_temp = new wpdb($username, $password, $database, $host);
111	$table_struct = $wpdb_temp->get_results($query);

admin/views/FMCaptcha.php CHANGED Viewed

	@@ -38,10 +38,7 @@ class FMViewFormmakerwdcaptcha {
38
39	$l = rand($cap_length_min, $cap_length_max);
40	$code = code_generic($l, $cap_digital, $cap_latin_char);
41	- if (~~session_id(~~) ~~== '' \|\| (function_exists('session_status') && (session_status() == PHP_SESSION_NONE))) {~~
42	- @session_start();
43	- }
44	-
45	$_SESSION[$i . '_wd_captcha_code'] = md5($code);
46	$canvas = imagecreatetruecolor($cap_width, $cap_height);
47	$c = imagecolorallocate($canvas, rand(150, 255), rand(150, 255), rand(150, 255));


38
39	$l = rand($cap_length_min, $cap_length_max);
40	$code = code_generic($l, $cap_digital, $cap_latin_char);
41	+ WDW_FM_Library::start_session();



42	$_SESSION[$i . '_wd_captcha_code'] = md5($code);
43	$canvas = imagecreatetruecolor($cap_width, $cap_height);
44	$c = imagecolorallocate($canvas, rand(150, 255), rand(150, 255), rand(150, 255));

admin/views/FMMathCaptcha.php CHANGED Viewed

	@@ -20,9 +20,7 @@ class FMViewFormmakerwdmathcaptcha {
20	$cap_height = 26;
21	$cap_quality = 100;
22	$code = $this->code_generic($operations_count, $operations);
23	- if ( ~~session_id(~~) ~~== '' \|\| (function_exists('session_status') && (session_status() == PHP_SESSION_NONE)) ) {~~
24	- @session_start();
25	- }
26	$_SESSION[$i . '_wd_arithmetic_captcha_code'] = md5($code[1]);
27	$canvas = imagecreatetruecolor($cap_width, $cap_height);
28	$c = imagecolorallocate($canvas, rand(150, 255), rand(150, 255), rand(150, 255));


20	$cap_height = 26;
21	$cap_quality = 100;
22	$code = $this->code_generic($operations_count, $operations);
23	+ WDW_FM_Library::start_session();


24	$_SESSION[$i . '_wd_arithmetic_captcha_code'] = md5($code[1]);
25	$canvas = imagecreatetruecolor($cap_width, $cap_height);
26	$c = imagecolorallocate($canvas, rand(150, 255), rand(150, 255), rand(150, 255));

admin/views/Pricing_fm.php CHANGED Viewed

	@@ -165,7 +165,7 @@ class FMViewPricing_fm extends FMAdminView {
165	</div>
166	<div class="fm-prices-more">
167	<div>
168	- <?php _e('Learn more about Form Maker plugin.', WDFM()->prefix); ?> <a href="https://web-dorado.com/~~products~~/~~wordpress-form~~.~~html~~" target="_blank"><?php _e('Learn More', WDFM()->prefix); ?></a>
169	</div>
170	</div>
171	</div>


165	</div>
166	<div class="fm-prices-more">
167	<div>
168	+ <?php _e('Learn more about Form Maker plugin.', WDFM()->prefix); ?> <a href="https://web-dorado.com/files/fromFormMaker.php" target="_blank"><?php _e('Learn More', WDFM()->prefix); ?></a>
169	</div>
170	</div>
171	</div>

admin/views/Themes_fm.php CHANGED Viewed

	@@ -189,8 +189,8 @@ class FMViewThemes_fm extends FMAdminView {
189	$tabs = $params['tabs'];
190	$all_params = $params['all_params'];
191
192	- $active_tab = ~~isset~~(~~$_REQUEST["~~active_tab~~"])~~ ~~&& $_REQUEST["active_tab"] ? $_REQUEST["active_tab"] :~~ ($row->version == 1 ? 'custom_css' : 'global');
193	- $pagination = ~~isset~~(~~$_REQUEST["~~pagination~~"])~~ ~~? $_REQUEST["pagination"] :~~ 'none';
194	?>
195	<div ng-app="ThemeParams" class="fm-table">
196	<div ng-controller="FMTheme">


189	$tabs = $params['tabs'];
190	$all_params = $params['all_params'];
191
192	+ $active_tab = WDW_FM_Library::get('active_tab', ($row->version == 1 ? 'custom_css' : 'global'));
193	+ $pagination = WDW_FM_Library::get('pagination', 'none');
194	?>
195	<div ng-app="ThemeParams" class="fm-table">
196	<div ng-controller="FMTheme">

admin/views/view.php CHANGED Viewed

	@@ -6,7 +6,7 @@ defined('ABSPATH') \|\| die('Access Denied');
6	*/
7	class FMAdminView {
8
9	- private $premium_link = 'https://web-dorado.com/~~products~~/~~wordpress-form~~.~~html~~';
10
11	/**
12	* Generate form.


6	*/
7	class FMAdminView {
8
9	+ private $premium_link = 'https://web-dorado.com/files/fromFormMaker.php';
10
11	/**
12	* Generate form.

form-maker.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Form Maker
4	* Plugin URI: https://web-dorado.com/products/form-maker-wordpress.html
5	* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
6	- * Version: 1.12.25
7	* Author: WebDorado Form Builder Team
8	* Author URI: https://web-dorado.com/wordpress-plugins-bundle.html
9	* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
	@@ -81,9 +81,6 @@ final class WDFM {
81	require_once(wp_normalize_path($this->plugin_dir . '/admin/views/view.php'));
82	}
83	$this->add_actions();
84	- if (session_id() == '' \|\| (function_exists('session_status') && (session_status() == PHP_SESSION_NONE))) {
85	- @session_start();
86	- }
87	}
88
89	/**
	@@ -94,8 +91,8 @@ final class WDFM {
94	$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
95	$this->front_urls = $this->get_front_urls();
96	$this->main_file = plugin_basename(__FILE__);
97	- $this->plugin_version = '1.12.25';
98	- $this->db_version = '2.12.25';
99	$this->menu_slug = 'manage_fm';
100	$this->prefix = 'form_maker';
101	$this->css_prefix = 'fm_';
	@@ -570,7 +567,7 @@ final class WDFM {
570	"prefix" => "fm" ,
571	"deactivate_class" => 'fm_deactivate_link',
572	"email" => $admin_data->data->user_email,
573	- "plugin_wd_url" => "https://web-dorado.com/~~products~~/~~wordpress-form~~.~~html~~",
574	));
575	}
576	wp_register_style('fm-pricing', $this->plugin_url . '/css/pricing.css', array(), $this->plugin_version);
	@@ -1009,7 +1006,7 @@ final class WDFM {
1009	"titles" => array(
1010	array(
1011	"title" => __("Selecting Options from Database", $this->prefix),
1012	- "url" => "https://web-dorado.com/wordpress-form-maker/~~description-of-form-fields/~~selecting-options-from-database.html",
1013	),
1014	)
1015	),
	@@ -1035,7 +1032,7 @@ final class WDFM {
1035	),
1036	),
1037	"video_youtube_id" => "tN3_c6MhqFk", // e.g. https://www.youtube.com/watch?v=acaexefeP7o youtube id is the acaexefeP7o
1038	- "plugin_wd_url" => "https://web-dorado.com/~~products~~/~~wordpress-form~~.~~html~~",
1039	"plugin_wd_demo_link" => "http://wpdemo.web-dorado.com",
1040	"plugin_wd_addons_link" => "https://web-dorado.com/products/wordpress-form/add-ons.html",
1041	"after_subscribe" => admin_url('admin.php?page=overview' . $this->menu_postfix), // this can be plagin overview page or set up page


3	* Plugin Name: Form Maker
4	* Plugin URI: https://web-dorado.com/products/form-maker-wordpress.html
5	* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
6	+ * Version: 1.12.26
7	* Author: WebDorado Form Builder Team
8	* Author URI: https://web-dorado.com/wordpress-plugins-bundle.html
9	* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html

81	require_once(wp_normalize_path($this->plugin_dir . '/admin/views/view.php'));
82	}
83	$this->add_actions();



84	}
85
86	/**

91	$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
92	$this->front_urls = $this->get_front_urls();
93	$this->main_file = plugin_basename(__FILE__);
94	+ $this->plugin_version = '1.12.26';
95	+ $this->db_version = '2.12.26';
96	$this->menu_slug = 'manage_fm';
97	$this->prefix = 'form_maker';
98	$this->css_prefix = 'fm_';

567	"prefix" => "fm" ,
568	"deactivate_class" => 'fm_deactivate_link',
569	"email" => $admin_data->data->user_email,
570	+ "plugin_wd_url" => "https://web-dorado.com/files/fromFormMaker.php",
571	));
572	}
573	wp_register_style('fm-pricing', $this->plugin_url . '/css/pricing.css', array(), $this->plugin_version);

1006	"titles" => array(
1007	array(
1008	"title" => __("Selecting Options from Database", $this->prefix),
1009	+ "url" => "https://web-dorado.com/wordpress-form-maker/selecting-options-from-database.html",
1010	),
1011	)
1012	),

1032	),
1033	),
1034	"video_youtube_id" => "tN3_c6MhqFk", // e.g. https://www.youtube.com/watch?v=acaexefeP7o youtube id is the acaexefeP7o
1035	+ "plugin_wd_url" => "https://web-dorado.com/files/fromFormMaker.php",
1036	"plugin_wd_demo_link" => "http://wpdemo.web-dorado.com",
1037	"plugin_wd_addons_link" => "https://web-dorado.com/products/wordpress-form/add-ons.html",
1038	"after_subscribe" => admin_url('admin.php?page=overview' . $this->menu_postfix), // this can be plagin overview page or set up page

framework/WDW_FM_Library.php CHANGED Viewed

	@@ -3898,7 +3898,7 @@ class WDW_FM_Library {
3898	$group_id_s = array();
3899	$form_id = (int) $_REQUEST['form_id'];
3900	$limitstart = (int) $_REQUEST['limitstart'];
3901	- $search_labels = ~~isset~~(~~$_REQUEST[~~'search_labels']) ~~? $_REQUEST[~~'~~search_labels~~'~~] : ''~~;
3902	$verified_emails = isset($_REQUEST['verified_emails']) ? json_decode(stripslashes($_REQUEST['verified_emails']), TRUE) : array();
3903	$paypal_info_fields = array(
3904	'currency',
	@@ -5067,6 +5067,15 @@ class WDW_FM_Library {
5067	);
5068	return json_encode($data);
5069	}









5070	}
5071
5072	/*


3898	$group_id_s = array();
3899	$form_id = (int) $_REQUEST['form_id'];
3900	$limitstart = (int) $_REQUEST['limitstart'];
3901	+ $search_labels = WDW_FM_Library::get('search_labels', '');
3902	$verified_emails = isset($_REQUEST['verified_emails']) ? json_decode(stripslashes($_REQUEST['verified_emails']), TRUE) : array();
3903	$paypal_info_fields = array(
3904	'currency',

5067	);
5068	return json_encode($data);
5069	}
5070	+
5071	+ /**
5072	+ * Session start if not started.
5073	+ */
5074	+ public static function start_session() {
5075	+ if (session_id() == '' \|\| (function_exists('session_status') && (session_status() == PHP_SESSION_NONE))) {
5076	+ @session_start();
5077	+ }
5078	+ }
5079	}
5080
5081	/*

frontend/models/form_maker.php CHANGED Viewed

	@@ -1071,6 +1071,7 @@ class FMModelForm_maker {
1071	$id = '';
1072	}
1073	if ( isset( $_POST[ "counter" . $id ] ) ) {

1074	if ( (isset( $_POST[ "save_or_submit" . $id ] ) && $_POST[ "save_or_submit" . $id ] != 'save') ) {
1075	if ( isset( $_POST[ "captcha_input" ] ) ) {
1076	$captcha_input = esc_html( $_POST[ "captcha_input" ] );
	@@ -1311,7 +1312,7 @@ class FMModelForm_maker {
1311	$label_id = array();
1312	$label_label = array();
1313	$label_type = array();
1314	- $disabled_fields = explode( ',', (~~isset( $_REQUEST[ "~~disabled_fields" ~~. $id ]~~ ) ~~? $_REQUEST[ "disabled_fields" . $id ] : ""~~) );
1315	$disabled_fields = array_slice( $disabled_fields, 0, count( $disabled_fields ) - 1 );
1316	$label_all = explode( '#****#', $form->label_order_current );
1317	$label_all = array_slice( $label_all, 0, count( $label_all ) - 1 );
	@@ -2268,6 +2269,7 @@ class FMModelForm_maker {
2268	}
2269	}
2270	if ( $form->mail_verify ) {

2271	unset( $_SESSION[ 'hash' ] );
2272	unset( $_SESSION[ 'gid' ] );
2273	$ip = $_SERVER[ 'REMOTE_ADDR' ];
	@@ -2301,6 +2303,7 @@ class FMModelForm_maker {
2301	}
2302	}
2303	if ( $chgnac ) {

2304	if ( $form->submit_text_type != 4 ) {
2305	$_SESSION[ 'massage_after_submit' . $id ] = addslashes( addslashes( __( 'Nothing was submitted.', WDFM()->prefix ) ) );
2306	}
	@@ -2467,6 +2470,7 @@ class FMModelForm_maker {
2467	*/
2468	public function gen_mail( $group_id, $all_files, $id, $str ) {
2469	global $wpdb;

2470	// checking save uploads option
2471	$upload_dir = wp_upload_dir();
2472	$save_uploads = $wpdb->get_var( "SELECT save_uploads FROM " . $wpdb->prefix . "formmaker WHERE id=" . $id );
	@@ -2528,7 +2532,7 @@ class FMModelForm_maker {
2528	array_push( $label_label, $label_order_each[ 0 ] );
2529	array_push( $label_type, $label_order_each[ 1 ] );
2530	}
2531	- $disabled_fields = explode( ',', ~~isset~~( ~~$_REQUEST[ "~~disabled_fields" ~~. $id ]~~ ) ~~? $_REQUEST[ "disabled_fields" . $id ] : ""~~ );
2532	$disabled_fields = array_slice( $disabled_fields, 0, count( $disabled_fields ) - 1 );
2533	$list = '<table border="1" cellpadding="3" cellspacing="0" style="width:600px;">';
2534	$list_text_mode = '';


1071	$id = '';
1072	}
1073	if ( isset( $_POST[ "counter" . $id ] ) ) {
1074	+ WDW_FM_Library::start_session();
1075	if ( (isset( $_POST[ "save_or_submit" . $id ] ) && $_POST[ "save_or_submit" . $id ] != 'save') ) {
1076	if ( isset( $_POST[ "captcha_input" ] ) ) {
1077	$captcha_input = esc_html( $_POST[ "captcha_input" ] );

1312	$label_id = array();
1313	$label_label = array();
1314	$label_type = array();
1315	+ $disabled_fields = explode( ',', WDW_FM_Library::get('disabled_fields', ''));
1316	$disabled_fields = array_slice( $disabled_fields, 0, count( $disabled_fields ) - 1 );
1317	$label_all = explode( '#****#', $form->label_order_current );
1318	$label_all = array_slice( $label_all, 0, count( $label_all ) - 1 );

2269	}
2270	}
2271	if ( $form->mail_verify ) {
2272	+ WDW_FM_Library::start_session();
2273	unset( $_SESSION[ 'hash' ] );
2274	unset( $_SESSION[ 'gid' ] );
2275	$ip = $_SERVER[ 'REMOTE_ADDR' ];

2303	}
2304	}
2305	if ( $chgnac ) {
2306	+ WDW_FM_Library::start_session();
2307	if ( $form->submit_text_type != 4 ) {
2308	$_SESSION[ 'massage_after_submit' . $id ] = addslashes( addslashes( __( 'Nothing was submitted.', WDFM()->prefix ) ) );
2309	}

2470	*/
2471	public function gen_mail( $group_id, $all_files, $id, $str ) {
2472	global $wpdb;
2473	+ WDW_FM_Library::start_session();
2474	// checking save uploads option
2475	$upload_dir = wp_upload_dir();
2476	$save_uploads = $wpdb->get_var( "SELECT save_uploads FROM " . $wpdb->prefix . "formmaker WHERE id=" . $id );

2532	array_push( $label_label, $label_order_each[ 0 ] );
2533	array_push( $label_type, $label_order_each[ 1 ] );
2534	}
2535	+ $disabled_fields = explode( ',', WDW_FM_Library::get('disabled_fields', '') );
2536	$disabled_fields = array_slice( $disabled_fields, 0, count( $disabled_fields ) - 1 );
2537	$list = '<table border="1" cellpadding="3" cellspacing="0" style="width:600px;">';
2538	$list_text_mode = '';

frontend/views/form_maker.php CHANGED Viewed

	@@ -67,6 +67,7 @@ class FMViewForm_maker {
67	$form_maker_front_end .= '<form name="form' . $form_id . '" action="' . $current_url . '" method="post" id="form' . $form_id . '" class="fm-form form' . $form_id . ' ' . $header_pos . '" enctype="multipart/form-data">';
68	// Form messages.
69	$fm_hide_form_after_submit = 0;

70	if ( isset($_SESSION['form_submit_type' . $form_id]) ) {
71	$type_and_id = $_SESSION['form_submit_type' . $form_id];
72	$type_and_id = explode(',', $type_and_id);
	@@ -1166,7 +1167,7 @@ class FMViewForm_maker {
1166
1167	// Generate field.
1168	$rep = $this->wdform_field($type, $param, $row, $html);
1169	-
1170	if ( isset($_SESSION['message_captcha']) && $_SESSION['message_captcha'] != "" ) {
1171	$rep .= '<div class="fm-not-filled message_captcha">' . $_SESSION['message_captcha'] . '</div>';
1172	unset($_SESSION['message_captcha']);
	@@ -1233,7 +1234,7 @@ class FMViewForm_maker {
1233
1234	// Generate field.
1235	$rep = $this->wdform_field($type, $param, $row, $html);
1236	-
1237	if ( isset($_SESSION['message_captcha']) && $_SESSION['message_captcha'] != "" ) {
1238	$rep .= '<div class="fm-not-filled message_captcha">' . $_SESSION['message_captcha'] . '</div>';
1239	unset($_SESSION['message_captcha']);
	@@ -1292,7 +1293,7 @@ class FMViewForm_maker {
1292
1293	// Generate field.
1294	$rep = $this->wdform_field($type, $param, $row, $html);
1295	-
1296	if ( isset($_SESSION['message_captcha']) && $_SESSION['message_captcha'] != "" ) {
1297	$rep .= '<div class="fm-not-filled message_captcha">' . $_SESSION['message_captcha'] . '</div>';
1298	unset($_SESSION['message_captcha']);
	@@ -1677,6 +1678,7 @@ class FMViewForm_maker {
1677	$hide_duration = $form->topbar_hide_duration;
1678	$hide_mobile = wp_is_mobile() && $form->hide_mobile ? FALSE : TRUE;
1679	if ($display_on_this && $hide_mobile) {

1680	if (isset($_SESSION['fm_hide_form_after_submit' . $id]) && $_SESSION['fm_hide_form_after_submit' . $id] == 1) {
1681	if ($error == 'success') {
1682	if ($message) {
	@@ -1730,6 +1732,7 @@ class FMViewForm_maker {
1730	$hide_mobile = wp_is_mobile() && $form->hide_mobile ? FALSE : TRUE;
1731	$left_right_class = $form->scrollbox_position ? 'float-right' : 'float-left';
1732	if ($display_on_this && $hide_mobile) {

1733	if (isset($_SESSION['fm_hide_form_after_submit' . $id]) && $_SESSION['fm_hide_form_after_submit' . $id] == 1) {
1734	if ($error == 'success') {
1735	if ($message) {
	@@ -1810,6 +1813,7 @@ class FMViewForm_maker {
1810	$hide_mobile_class = wp_is_mobile() ? 'fm_mobile_full' : '';
1811
1812	if ($display_on_this && $hide_mobile) {

1813	if (isset($_SESSION['fm_hide_form_after_submit' . $id]) && $_SESSION['fm_hide_form_after_submit' . $id] == 1) {
1814	if ($error == 'success') {
1815	if ($message) {
	@@ -2048,8 +2052,6 @@ class FMViewForm_maker {
2048	foreach ( $param['w_choices'] as $key => $choice ) {
2049	$key1 = $key + $total_queries;
2050	if ( isset($param['w_choices_params']) && $param['w_choices_params'][$key] ) {
2051	- $choices_labels = array();
2052	- $choices_values = array();
2053	$w_choices_params = explode('[where_order_by]', $param['w_choices_params'][$key]);
2054	$where = (str_replace(array( '[', ']' ), '', $w_choices_params[0]) ? ' WHERE ' . str_replace(array(
2055	'[',
	@@ -2208,8 +2210,6 @@ class FMViewForm_maker {
2208	foreach ( $param['w_choices'] as $key => $choice ) {
2209	$key1 = $key + $total_queries;
2210	if ( isset($param['w_choices_params']) && $param['w_choices_params'][$key] ) {
2211	- $choices_labels = array();
2212	- $choices_values = array();
2213	$w_choices_params = explode('[where_order_by]', $param['w_choices_params'][$key]);
2214	$where = (str_replace(array( '[', ']' ), '', $w_choices_params[0]) ? ' WHERE ' . str_replace(array('[', ']'), '', $w_choices_params[0]) : '');
2215	$w_choices_params = explode('[db_info]', $w_choices_params[1]);
	@@ -2350,8 +2350,6 @@ class FMViewForm_maker {
2350	$html = '<select class="wd-width-100" id="wdform_' . $id1 . '_element' . $form_id . '" name="wdform_' . $id1 . '_element' . $form_id . '" ' . $param['attributes'] . '>';
2351	foreach ( $param['w_choices'] as $key => $choice ) {
2352	if ( isset($param['w_choices_params']) && $param['w_choices_params'][$key] ) {
2353	- $choices_labels = array();
2354	- $choices_values = array();
2355	$w_choices_params = explode('[where_order_by]', $param['w_choices_params'][$key]);
2356	$where = (str_replace(array( '[', ']' ), '', $w_choices_params[0]) ? ' WHERE ' . str_replace(array('[', ']'), '', $w_choices_params[0]) : '');
2357	$w_choices_params = explode('[db_info]', $w_choices_params[1]);


67	$form_maker_front_end .= '<form name="form' . $form_id . '" action="' . $current_url . '" method="post" id="form' . $form_id . '" class="fm-form form' . $form_id . ' ' . $header_pos . '" enctype="multipart/form-data">';
68	// Form messages.
69	$fm_hide_form_after_submit = 0;
70	+ WDW_FM_Library::start_session();
71	if ( isset($_SESSION['form_submit_type' . $form_id]) ) {
72	$type_and_id = $_SESSION['form_submit_type' . $form_id];
73	$type_and_id = explode(',', $type_and_id);

1167
1168	// Generate field.
1169	$rep = $this->wdform_field($type, $param, $row, $html);
1170	+ WDW_FM_Library::start_session();
1171	if ( isset($_SESSION['message_captcha']) && $_SESSION['message_captcha'] != "" ) {
1172	$rep .= '<div class="fm-not-filled message_captcha">' . $_SESSION['message_captcha'] . '</div>';
1173	unset($_SESSION['message_captcha']);

1234
1235	// Generate field.
1236	$rep = $this->wdform_field($type, $param, $row, $html);
1237	+ WDW_FM_Library::start_session();
1238	if ( isset($_SESSION['message_captcha']) && $_SESSION['message_captcha'] != "" ) {
1239	$rep .= '<div class="fm-not-filled message_captcha">' . $_SESSION['message_captcha'] . '</div>';
1240	unset($_SESSION['message_captcha']);

1293
1294	// Generate field.
1295	$rep = $this->wdform_field($type, $param, $row, $html);
1296	+ WDW_FM_Library::start_session();
1297	if ( isset($_SESSION['message_captcha']) && $_SESSION['message_captcha'] != "" ) {
1298	$rep .= '<div class="fm-not-filled message_captcha">' . $_SESSION['message_captcha'] . '</div>';
1299	unset($_SESSION['message_captcha']);

1678	$hide_duration = $form->topbar_hide_duration;
1679	$hide_mobile = wp_is_mobile() && $form->hide_mobile ? FALSE : TRUE;
1680	if ($display_on_this && $hide_mobile) {
1681	+ WDW_FM_Library::start_session();
1682	if (isset($_SESSION['fm_hide_form_after_submit' . $id]) && $_SESSION['fm_hide_form_after_submit' . $id] == 1) {
1683	if ($error == 'success') {
1684	if ($message) {

1732	$hide_mobile = wp_is_mobile() && $form->hide_mobile ? FALSE : TRUE;
1733	$left_right_class = $form->scrollbox_position ? 'float-right' : 'float-left';
1734	if ($display_on_this && $hide_mobile) {
1735	+ WDW_FM_Library::start_session();
1736	if (isset($_SESSION['fm_hide_form_after_submit' . $id]) && $_SESSION['fm_hide_form_after_submit' . $id] == 1) {
1737	if ($error == 'success') {
1738	if ($message) {

1813	$hide_mobile_class = wp_is_mobile() ? 'fm_mobile_full' : '';
1814
1815	if ($display_on_this && $hide_mobile) {
1816	+ WDW_FM_Library::start_session();
1817	if (isset($_SESSION['fm_hide_form_after_submit' . $id]) && $_SESSION['fm_hide_form_after_submit' . $id] == 1) {
1818	if ($error == 'success') {
1819	if ($message) {

2052	foreach ( $param['w_choices'] as $key => $choice ) {
2053	$key1 = $key + $total_queries;
2054	if ( isset($param['w_choices_params']) && $param['w_choices_params'][$key] ) {


2055	$w_choices_params = explode('[where_order_by]', $param['w_choices_params'][$key]);
2056	$where = (str_replace(array( '[', ']' ), '', $w_choices_params[0]) ? ' WHERE ' . str_replace(array(
2057	'[',

2210	foreach ( $param['w_choices'] as $key => $choice ) {
2211	$key1 = $key + $total_queries;
2212	if ( isset($param['w_choices_params']) && $param['w_choices_params'][$key] ) {


2213	$w_choices_params = explode('[where_order_by]', $param['w_choices_params'][$key]);
2214	$where = (str_replace(array( '[', ']' ), '', $w_choices_params[0]) ? ' WHERE ' . str_replace(array('[', ']'), '', $w_choices_params[0]) : '');
2215	$w_choices_params = explode('[db_info]', $w_choices_params[1]);

2350	$html = '<select class="wd-width-100" id="wdform_' . $id1 . '_element' . $form_id . '" name="wdform_' . $id1 . '_element' . $form_id . '" ' . $param['attributes'] . '>';
2351	foreach ( $param['w_choices'] as $key => $choice ) {
2352	if ( isset($param['w_choices_params']) && $param['w_choices_params'][$key] ) {


2353	$w_choices_params = explode('[where_order_by]', $param['w_choices_params'][$key]);
2354	$where = (str_replace(array( '[', ']' ), '', $w_choices_params[0]) ? ' WHERE ' . str_replace(array('[', ']'), '', $w_choices_params[0]) : '');
2355	$w_choices_params = explode('[db_info]', $w_choices_params[1]);

readme.txt CHANGED Viewed

	@@ -3,11 +3,11 @@ Contributors: webdorado,10web,wdsupport,formmakersupport
3	Tags: form, form builder, contact form, custom form, feedback, contact, web contact form, captcha, email, form manager, forms, survey
4	Requires at least: 3.4
5	Tested up to: 4.9
6	- Stable tag: 1.12.25
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
10	- Form Maker is a user-friendly form builder plugin that allows to create forms for any purpose, from a simple contact form to a multi page survey
11
12	== Description ==
13
	@@ -445,6 +445,11 @@ Where {{field_id}} is the ID of the field you wish to prefill. Also, **{{par
445
446
447	== Changelog ==





448	= 1.12.25 =
449	* Changed: Updated translations.
450	* Added: Gutenberg integration.


3	Tags: form, form builder, contact form, custom form, feedback, contact, web contact form, captcha, email, form manager, forms, survey
4	Requires at least: 3.4
5	Tested up to: 4.9
6	+ Stable tag: 1.12.26
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
10	+ Form Maker is a user-friendly form builder plugin that allows to create forms for any purpose, from a simple contact form to a multi page survey
11
12	== Description ==
13

445
446
447	== Changelog ==
448	+
449	+ = 1.12.26 =
450	+ Fixed: Vulnerabilities reported by Neven Biruski from DefenseCode (using the tool ThunderScan).
451	+ Fixed: "The loopback request to your site failed" error.
452	+
453	= 1.12.25 =
454	* Changed: Updated translations.
455	* Added: Gutenberg integration.

wd/includes/overview.php CHANGED Viewed

	@@ -86,7 +86,7 @@
86	'title' => 'Form Maker',
87	'text' => __( 'Wordpress form builder plugin', $wd_options->prefix ),
88	'content' => __( 'Form Maker is a modern and advanced tool for creating WordPress forms easily and fast.', $wd_options->prefix ),
89	- 'href' => 'https://web-dorado.com/~~products~~/~~wordpress-form~~.~~html~~'
90	),
91	"photo-gallery" => array(
92	'title' => 'Photo Gallery',


86	'title' => 'Form Maker',
87	'text' => __( 'Wordpress form builder plugin', $wd_options->prefix ),
88	'content' => __( 'Form Maker is a modern and advanced tool for creating WordPress forms easily and fast.', $wd_options->prefix ),
89	+ 'href' => 'https://web-dorado.com/files/fromFormMaker.php'
90	),
91	"photo-gallery" => array(
92	'title' => 'Photo Gallery',

Form Maker by WD – user-friendly drag & drop Form Builder plugin - Version 1.12.26

Version Description

Release Info

Code changes from version 1.12.25 to 1.12.26