Form Maker by WD – user-friendly drag & drop Form Builder plugin - Version 1.13.40

Version Description

  • Fixed: Security issue.
Download this release

Release Info

Developer 10web
Plugin Icon 128x128 Form Maker by WD – user-friendly drag & drop Form Builder plugin
Version 1.13.40
Comparing to
See all releases

Code changes from version 1.13.39 to 1.13.40

Files changed (6) hide show
  1. admin/views/view.php +1 -1
  2. form-maker.php +3 -3
  3. frontend/controllers/form_maker.php +17 -1
  4. frontend/models/form_maker.php +37 -32
  5. frontend/models/verify_email.php +1 -1
  6. readme.txt +5 -2
admin/views/view.php CHANGED
@@ -157,7 +157,7 @@ class FMAdminView {
157
  * @return string
158
  */
159
  protected function search() {
160
- $search = WDW_FM_Library(self::PLUGIN)->get('s', '');
161
  ob_start();
162
  ?>
163
  <p class="search-box">
157
  * @return string
158
  */
159
  protected function search() {
160
+ $search = WDW_FM_Library(self::PLUGIN)->get('s', '', 'esc_html');
161
  ob_start();
162
  ?>
163
  <p class="search-box">
form-maker.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Form Maker
4
  * Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
5
  * Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
6
- * Version: 1.13.39
7
  * Author: 10Web Form Builder Team
8
  * Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
9
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
@@ -98,8 +98,8 @@ final class WDFM {
98
  $this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
99
  $this->front_urls = $this->get_front_urls();
100
  $this->main_file = plugin_basename(__FILE__);
101
- $this->plugin_version = '1.13.39';
102
- $this->db_version = '2.13.39';
103
  $this->menu_postfix = ($this->is_free == 2 ? '_fmc' : '_fm');
104
  $this->plugin_postfix = ($this->is_free == 2 ? '_fmc' : '');
105
  $this->menu_slug = 'manage' . $this->menu_postfix;
3
  * Plugin Name: Form Maker
4
  * Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
5
  * Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
6
+ * Version: 1.13.40
7
  * Author: 10Web Form Builder Team
8
  * Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
9
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
98
  $this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
99
  $this->front_urls = $this->get_front_urls();
100
  $this->main_file = plugin_basename(__FILE__);
101
+ $this->plugin_version = '1.13.40';
102
+ $this->db_version = '2.13.40';
103
  $this->menu_postfix = ($this->is_free == 2 ? '_fmc' : '_fm');
104
  $this->plugin_postfix = ($this->is_free == 2 ? '_fmc' : '');
105
  $this->menu_slug = 'manage' . $this->menu_postfix;
frontend/controllers/form_maker.php CHANGED
@@ -218,7 +218,23 @@ class FMControllerForm_maker {
218
  $inputs = WDW_FM_Library::get('inputs');
219
  $json = array();
220
  if ( !empty($form_id) && !empty($inputs) ) {
221
- $row = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id="%d"' . (!WDFMInstance(self::PLUGIN)->is_free ? '' : ' AND id' . (WDFMInstance(self::PLUGIN)->is_free == 1 ? ' NOT ' : ' ') . 'IN (' . (get_option( 'contact_form_forms', '' ) != '' ? get_option( 'contact_form_forms' ) : 0) . ')'), $form_id ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
222
  $id1s = array();
223
  $types = array();
224
  $labels = array();
218
  $inputs = WDW_FM_Library::get('inputs');
219
  $json = array();
220
  if ( !empty($form_id) && !empty($inputs) ) {
221
+ $prepare = array();
222
+ $prepare[] = $form_id;
223
+ $where_in_prepare = '%d';
224
+ if ( WDFMInstance(self::PLUGIN)->is_free ) {
225
+ $contact_form_forms = get_option( 'contact_form_forms', '' ) != '' ? get_option( 'contact_form_forms' ) : 0;
226
+ $contact_form_forms_arr = explode(',', $contact_form_forms);
227
+ if ( !empty($contact_form_forms_arr) ) {
228
+ $in_prepare = '';
229
+ foreach ( $contact_form_forms_arr as $val ) {
230
+ $in_prepare .= '%d,';
231
+ array_push($prepare, $val);
232
+ }
233
+ $where_in_prepare = rtrim($in_prepare, ',');
234
+ }
235
+ }
236
+ $query = 'SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id = %d ' . (!WDFMInstance(self::PLUGIN)->is_free ? '' : 'AND id' . (WDFMInstance(self::PLUGIN)->is_free == 1 ? ' NOT ' : ' ') . 'IN (' . $where_in_prepare . ')');
237
+ $row = $wpdb->get_row( $wpdb->prepare( $query , $prepare ) );
238
  $id1s = array();
239
  $types = array();
240
  $labels = array();
frontend/models/form_maker.php CHANGED
@@ -47,7 +47,7 @@ class FMModelForm_maker {
47
  if ( $theme_id == '' ) {
48
  $theme_id = $row->theme;
49
  }
50
- $form_theme = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_themes WHERE id="%d"', $theme_id ) );
51
  if ( !$form_theme ) {
52
  $form_theme = $wpdb->get_row( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_themes' );
53
  if ( !$form_theme ) {
@@ -90,8 +90,7 @@ class FMModelForm_maker {
90
  }
91
  }
92
  if ( intval($row->submissions_limit) != 0 ) {
93
- $query = "SELECT count(DISTINCT group_id) FROM " . $wpdb->prefix . "formmaker_submits WHERE form_id=" . (int) $row->id . "";
94
- $submission_count = $wpdb->get_var($query);
95
  } else {
96
  $submission_count = 0;
97
  }
@@ -1372,6 +1371,7 @@ class FMModelForm_maker {
1372
  */
1373
  public function select_data_from_db_for_labels( $db_info = '', $label_column = '', $table = '', $where = '', $order_by = '' ) {
1374
  global $wpdb;
 
1375
  $where = html_entity_decode($where, ENT_QUOTES);
1376
  $query = "SELECT `" . $label_column . "` FROM " . $table . $where . " ORDER BY " . $order_by;
1377
  $db_info = trim($db_info, '[]');
@@ -1469,7 +1469,7 @@ class FMModelForm_maker {
1469
  $ip = $_SERVER['REMOTE_ADDR'];
1470
  $adminemail = get_option('admin_email');
1471
  $current_page_url = WDW_FM_Library(self::PLUGIN)->get_current_page_url();
1472
- $form = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id= %d", $id ) );
1473
 
1474
  $form->gdpr_checkbox = 0;
1475
  $form->gdpr_checkbox_text = __('I consent collecting this data and processing it according to {{privacy_policy}} of this website.', WDFMInstance(self::PLUGIN)->prefix);
@@ -1748,9 +1748,9 @@ class FMModelForm_maker {
1748
  include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
1749
  }
1750
  if ( defined( 'WD_FM_DBOX_INT' ) && is_plugin_active( constant( 'WD_FM_DBOX_INT' ) ) ) {
1751
- $enable = $wpdb->get_var( "SELECT enable FROM " . $wpdb->prefix . "formmaker_dbox_int WHERE form_id=" . $form->id );
1752
  if ( $enable == 1 ) {
1753
- $selectable_upload = $wpdb->get_var( "SELECT selectable_upload FROM " . $wpdb->prefix . "formmaker_dbox_int WHERE form_id=" . $form->id );
1754
  if ( (int)$selectable_upload == 1 ) {
1755
  $temp_dir_dbox = explode( '\\', $fileTemp );
1756
  $temp_dir_dbox = implode( '%%', $temp_dir_dbox );
@@ -1778,10 +1778,10 @@ class FMModelForm_maker {
1778
  $check_both++;
1779
  }
1780
  if ( defined( 'WD_FM_GDRIVE_INT' ) && is_plugin_active( constant( 'WD_FM_GDRIVE_INT' ) ) ) {
1781
- $enable = $wpdb->get_var( "SELECT enable FROM " . $wpdb->prefix . "formmaker_gdrive_int WHERE form_id=" . $form->id );
1782
  if ( $enable == 1 ) {
1783
- $selectable_upload = $wpdb->get_var( "SELECT selectable_upload FROM " . $wpdb->prefix . "formmaker_gdrive_int WHERE form_id=" . $form->id );
1784
- if ( (int)$selectable_upload == 1 ) {
1785
  $temp_dir_dbox = explode( '\\', $fileTemp );
1786
  $temp_dir_dbox = implode( '%%', $temp_dir_dbox );
1787
  $value .= 'wdCloudAddon' . $temp_dir_dbox . '*@@url@@*' . $fileName . '*@@url@@*' . $files[ 'type' ][ $file_key ];
@@ -2394,20 +2394,22 @@ class FMModelForm_maker {
2394
  $total2 = round( $total, 2 );
2395
 
2396
  $submition_data = array();
2397
-
2398
  $submition_data['form_id'] = $id;
2399
  $submition_data['element_label'] = 'item_total';
2400
  $submition_data['element_value'] = $form_currency . $total2;
2401
  $submition_data['group_id'] = $group_id;
2402
  $submition_data['date'] = date( 'Y-m-d H:i:s' );
 
2403
  if ( $form->save_ip ) {
2404
  $submition_data['ip'] = $ip;
 
2405
  }
2406
  if ( $form->save_user_id ) {
2407
  $submition_data['user_id_wd'] = $current_user->ID;
 
2408
  }
2409
 
2410
- $save_or_no = $wpdb->insert( $wpdb->prefix . "formmaker_submits", $submition_data );
2411
 
2412
  if ( !$save_or_no ) {
2413
  return array( 'error' => true, 'group_id' => $group_id, 'message' => addslashes( __( 'Database error occurred. Please try again.', WDFMInstance(self::PLUGIN)->prefix ) ) );
@@ -2419,18 +2421,21 @@ class FMModelForm_maker {
2419
  $total = round( $total, 2 );
2420
 
2421
  $submition_data['element_label'] = 'total';
 
2422
  $submition_data['element_value'] = $form_currency . $total;
 
2423
 
2424
- $save_or_no = $wpdb->insert( $wpdb->prefix . "formmaker_submits", $submition_data );
2425
 
2426
  if ( !$save_or_no ) {
2427
  return array( 'error' => true, 'group_id' => $group_id, 'message' => addslashes( __( 'Database error occurred. Please try again.', WDFMInstance(self::PLUGIN)->prefix ) ) );
2428
  }
2429
 
2430
  $submition_data['element_label'] = '0';
 
2431
  $submition_data['element_value'] = 'In progress';
2432
-
2433
- $save_or_no = $wpdb->insert( $wpdb->prefix . "formmaker_submits", $submition_data );
2434
 
2435
  if ( !$save_or_no ) {
2436
  return array( 'error' => true, 'group_id' => $group_id, 'message' => addslashes( __( 'Database error occurred. Please try again.', WDFMInstance(self::PLUGIN)->prefix ) ) );
@@ -2587,7 +2592,7 @@ class FMModelForm_maker {
2587
  $last_id = $wpdb->insert( $wpdb->prefix . 'formmaker_groups', array( 'id' => 'NULL' ) );
2588
  // If somehow maximum group id is greater than autoincrement number.
2589
  if ($last_id && $wpdb->insert_id <= $max_id) {
2590
- $last_id = $wpdb->insert( $wpdb->prefix . 'formmaker_groups', array( 'id' => $max_id + 1 ) );
2591
  }
2592
  if ($last_id) {
2593
  // Get an autoincrement number for group_id.
@@ -2619,11 +2624,11 @@ class FMModelForm_maker {
2619
  */
2620
  public function get_after_submission_text( $form_id = 0, $group_id = 0 ) {
2621
  global $wpdb;
2622
- WDW_FM_Library(self::PLUGIN)->start_session();
2623
 
2624
- $userid = '';
2625
- $username = '';
2626
- $useremail = '';
2627
  $current_user = wp_get_current_user();
2628
  if ( $current_user->ID != 0 ) {
2629
  $userid = $current_user->ID;
@@ -2631,17 +2636,17 @@ class FMModelForm_maker {
2631
  $useremail = $current_user->user_email;
2632
  }
2633
 
2634
- $row = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id=%d", $form_id ) );
2635
 
2636
- $all = $_SESSION['form_all_fields' . $form_id];
2637
- $_SESSION['form_all_fields' . $form_id] = '';
2638
- $ip = $_SERVER['REMOTE_ADDR'];
2639
  $adminemail = get_option( 'admin_email' );
2640
  $current_page_url = WDW_FM_Library(self::PLUGIN)->get_current_page_url();
2641
  $formtitle = $row->title;
2642
  $submit_text = $row->submit_text;
2643
 
2644
- $label_type = array();
2645
  $label_order_original = array();
2646
  $label_order_ids = array();
2647
  $submission_array = array();
@@ -2653,12 +2658,12 @@ class FMModelForm_maker {
2653
  array_push( $label_order_ids, $label_id );
2654
  $label_order_each = explode('#**label**#', $label_id_each[1]);
2655
  $label_order_original[$label_id] = $label_order_each[0];
2656
- $label_type[ $label_id ] = $label_order_each[1];
2657
  }
2658
 
2659
- $submissions_row = $wpdb->get_results( $wpdb->prepare( "SELECT `element_label`, `element_value` FROM " . $wpdb->prefix . "formmaker_submits WHERE form_id=%d AND group_id=%d", $form_id, $group_id ) );
2660
- foreach ( $submissions_row as $sub_row ) {
2661
- $submission_array[$sub_row->element_label] = $sub_row->element_value;
2662
  }
2663
 
2664
  foreach ( $label_order_original as $key => $label_each ) {
@@ -2701,7 +2706,7 @@ class FMModelForm_maker {
2701
  */
2702
  public function increment_views_count( $id = 0 ) {
2703
  global $wpdb;
2704
- $views_count = $wpdb->get_var( $wpdb->prepare( "SELECT views FROM " . $wpdb->prefix . "formmaker_views WHERE form_id=%d", $id ) );
2705
  if ( isset( $views_count ) ) {
2706
  $wpdb->update( $wpdb->prefix . "formmaker_views", array(
2707
  'views' => ++$views_count,
@@ -2733,7 +2738,7 @@ class FMModelForm_maker {
2733
  WDW_FM_Library(self::PLUGIN)->start_session();
2734
  // checking save uploads option
2735
  $upload_dir = wp_upload_dir();
2736
- $save_uploads = $wpdb->get_var( "SELECT save_uploads FROM " . $wpdb->prefix . "formmaker WHERE id=" . $id );
2737
  if ( $save_uploads == 0 ) {
2738
  $destination = $upload_dir[ 'basedir' ] . '/tmpAddon';
2739
  if ( !file_exists( $destination ) ) {
@@ -2749,7 +2754,7 @@ class FMModelForm_maker {
2749
  }
2750
  }
2751
 
2752
- $row = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id=%d", $id ) );
2753
  if ( !$row->form_front ) {
2754
  $id = '';
2755
  }
@@ -3435,7 +3440,7 @@ class FMModelForm_maker {
3435
  $send = TRUE;
3436
  }
3437
  else {
3438
- $mail_verification_post_id = (int)$wpdb->get_var( $wpdb->prepare( 'SELECT mail_verification_post_id FROM ' . $wpdb->prefix . 'formmaker WHERE id="%d"', $id ) );
3439
  $verification_link = get_post( $mail_verification_post_id );
3440
 
3441
  // Replace pdf link in email body.
47
  if ( $theme_id == '' ) {
48
  $theme_id = $row->theme;
49
  }
50
+ $form_theme = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_themes WHERE id= %d ', $theme_id ) );
51
  if ( !$form_theme ) {
52
  $form_theme = $wpdb->get_row( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_themes' );
53
  if ( !$form_theme ) {
90
  }
91
  }
92
  if ( intval($row->submissions_limit) != 0 ) {
93
+ $submission_count = $wpdb->get_var( $wpdb->prepare('SELECT count(DISTINCT group_id) FROM ' . $wpdb->prefix . 'formmaker_submits WHERE form_id = %d ', (int) $row->id) );
 
94
  } else {
95
  $submission_count = 0;
96
  }
1371
  */
1372
  public function select_data_from_db_for_labels( $db_info = '', $label_column = '', $table = '', $where = '', $order_by = '' ) {
1373
  global $wpdb;
1374
+ $prepareArgs = array();
1375
  $where = html_entity_decode($where, ENT_QUOTES);
1376
  $query = "SELECT `" . $label_column . "` FROM " . $table . $where . " ORDER BY " . $order_by;
1377
  $db_info = trim($db_info, '[]');
1469
  $ip = $_SERVER['REMOTE_ADDR'];
1470
  $adminemail = get_option('admin_email');
1471
  $current_page_url = WDW_FM_Library(self::PLUGIN)->get_current_page_url();
1472
+ $form = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id = %d', $id ) );
1473
 
1474
  $form->gdpr_checkbox = 0;
1475
  $form->gdpr_checkbox_text = __('I consent collecting this data and processing it according to {{privacy_policy}} of this website.', WDFMInstance(self::PLUGIN)->prefix);
1748
  include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
1749
  }
1750
  if ( defined( 'WD_FM_DBOX_INT' ) && is_plugin_active( constant( 'WD_FM_DBOX_INT' ) ) ) {
1751
+ $enable = $wpdb->get_var( $wpdb->prepare( 'SELECT enable FROM ' . $wpdb->prefix . 'formmaker_dbox_int WHERE form_id = %d ', $form->id ) );
1752
  if ( $enable == 1 ) {
1753
+ $selectable_upload = $wpdb->get_var( $wpdb->prepare( 'SELECT selectable_upload FROM ' . $wpdb->prefix . 'formmaker_dbox_int WHERE form_id = %d ', $form->id ) );
1754
  if ( (int)$selectable_upload == 1 ) {
1755
  $temp_dir_dbox = explode( '\\', $fileTemp );
1756
  $temp_dir_dbox = implode( '%%', $temp_dir_dbox );
1778
  $check_both++;
1779
  }
1780
  if ( defined( 'WD_FM_GDRIVE_INT' ) && is_plugin_active( constant( 'WD_FM_GDRIVE_INT' ) ) ) {
1781
+ $enable = $wpdb->get_var( $wpdb->prepare( 'SELECT enable FROM ' . $wpdb->prefix . 'formmaker_gdrive_int WHERE form_id = %d ', $form->id ) );
1782
  if ( $enable == 1 ) {
1783
+ $selectable_upload = $wpdb->get_var( $wpdb->prepare( 'SELECT selectable_upload FROM ' . $wpdb->prefix . 'formmaker_gdrive_int WHERE form_id = %d ', $form->id ) );
1784
+ if ( (int) $selectable_upload == 1 ) {
1785
  $temp_dir_dbox = explode( '\\', $fileTemp );
1786
  $temp_dir_dbox = implode( '%%', $temp_dir_dbox );
1787
  $value .= 'wdCloudAddon' . $temp_dir_dbox . '*@@url@@*' . $fileName . '*@@url@@*' . $files[ 'type' ][ $file_key ];
2394
  $total2 = round( $total, 2 );
2395
 
2396
  $submition_data = array();
 
2397
  $submition_data['form_id'] = $id;
2398
  $submition_data['element_label'] = 'item_total';
2399
  $submition_data['element_value'] = $form_currency . $total2;
2400
  $submition_data['group_id'] = $group_id;
2401
  $submition_data['date'] = date( 'Y-m-d H:i:s' );
2402
+ $insert_format = array('%d', '%s', '%s', '%d', '%s');
2403
  if ( $form->save_ip ) {
2404
  $submition_data['ip'] = $ip;
2405
+ $insert_format[] = '%s';
2406
  }
2407
  if ( $form->save_user_id ) {
2408
  $submition_data['user_id_wd'] = $current_user->ID;
2409
+ $insert_format[] = '%d';
2410
  }
2411
 
2412
+ $save_or_no = $wpdb->insert( $wpdb->prefix . "formmaker_submits", $submition_data, $insert_format );
2413
 
2414
  if ( !$save_or_no ) {
2415
  return array( 'error' => true, 'group_id' => $group_id, 'message' => addslashes( __( 'Database error occurred. Please try again.', WDFMInstance(self::PLUGIN)->prefix ) ) );
2421
  $total = round( $total, 2 );
2422
 
2423
  $submition_data['element_label'] = 'total';
2424
+ $insert_format[] = '%s';
2425
  $submition_data['element_value'] = $form_currency . $total;
2426
+ $insert_format[] = '%s';
2427
 
2428
+ $save_or_no = $wpdb->insert( $wpdb->prefix . "formmaker_submits", $submition_data, $insert_format );
2429
 
2430
  if ( !$save_or_no ) {
2431
  return array( 'error' => true, 'group_id' => $group_id, 'message' => addslashes( __( 'Database error occurred. Please try again.', WDFMInstance(self::PLUGIN)->prefix ) ) );
2432
  }
2433
 
2434
  $submition_data['element_label'] = '0';
2435
+ $insert_format[] = '%d';
2436
  $submition_data['element_value'] = 'In progress';
2437
+ $insert_format[] = '%s';
2438
+ $save_or_no = $wpdb->insert( $wpdb->prefix . "formmaker_submits", $submition_data, $insert_format );
2439
 
2440
  if ( !$save_or_no ) {
2441
  return array( 'error' => true, 'group_id' => $group_id, 'message' => addslashes( __( 'Database error occurred. Please try again.', WDFMInstance(self::PLUGIN)->prefix ) ) );
2592
  $last_id = $wpdb->insert( $wpdb->prefix . 'formmaker_groups', array( 'id' => 'NULL' ) );
2593
  // If somehow maximum group id is greater than autoincrement number.
2594
  if ($last_id && $wpdb->insert_id <= $max_id) {
2595
+ $last_id = $wpdb->insert( $wpdb->prefix . 'formmaker_groups', array( 'id' => $max_id + 1 ), array('%d') );
2596
  }
2597
  if ($last_id) {
2598
  // Get an autoincrement number for group_id.
2624
  */
2625
  public function get_after_submission_text( $form_id = 0, $group_id = 0 ) {
2626
  global $wpdb;
2627
+ WDW_FM_Library(self::PLUGIN)->start_session();
2628
 
2629
+ $userid = '';
2630
+ $username = '';
2631
+ $useremail = '';
2632
  $current_user = wp_get_current_user();
2633
  if ( $current_user->ID != 0 ) {
2634
  $userid = $current_user->ID;
2636
  $useremail = $current_user->user_email;
2637
  }
2638
 
2639
+ $row = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id = %d ', $form_id ) );
2640
 
2641
+ $all = $_SESSION['form_all_fields' . $form_id];
2642
+ $_SESSION['form_all_fields' . $form_id] = '';
2643
+ $ip = $_SERVER['REMOTE_ADDR'];
2644
  $adminemail = get_option( 'admin_email' );
2645
  $current_page_url = WDW_FM_Library(self::PLUGIN)->get_current_page_url();
2646
  $formtitle = $row->title;
2647
  $submit_text = $row->submit_text;
2648
 
2649
+ $label_type = array();
2650
  $label_order_original = array();
2651
  $label_order_ids = array();
2652
  $submission_array = array();
2658
  array_push( $label_order_ids, $label_id );
2659
  $label_order_each = explode('#**label**#', $label_id_each[1]);
2660
  $label_order_original[$label_id] = $label_order_each[0];
2661
+ $label_type[ $label_id ] = $label_order_each[1];
2662
  }
2663
 
2664
+ $submissions_row = $wpdb->get_results( $wpdb->prepare( 'SELECT `element_label`, `element_value` FROM ' . $wpdb->prefix . 'formmaker_submits WHERE form_id = %d AND group_id = %d ', array($form_id, $group_id)) );
2665
+ foreach ( $submissions_row as $sub_row ) {
2666
+ $submission_array[$sub_row->element_label] = $sub_row->element_value;
2667
  }
2668
 
2669
  foreach ( $label_order_original as $key => $label_each ) {
2706
  */
2707
  public function increment_views_count( $id = 0 ) {
2708
  global $wpdb;
2709
+ $views_count = $wpdb->get_var( $wpdb->prepare( 'SELECT views FROM ' . $wpdb->prefix . 'formmaker_views WHERE form_id = %d', $id ) );
2710
  if ( isset( $views_count ) ) {
2711
  $wpdb->update( $wpdb->prefix . "formmaker_views", array(
2712
  'views' => ++$views_count,
2738
  WDW_FM_Library(self::PLUGIN)->start_session();
2739
  // checking save uploads option
2740
  $upload_dir = wp_upload_dir();
2741
+ $save_uploads = $wpdb->get_var( $wpdb->prepare('SELECT save_uploads FROM ' . $wpdb->prefix . 'formmaker WHERE id = %d ', $id) );
2742
  if ( $save_uploads == 0 ) {
2743
  $destination = $upload_dir[ 'basedir' ] . '/tmpAddon';
2744
  if ( !file_exists( $destination ) ) {
2754
  }
2755
  }
2756
 
2757
+ $row = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id = %d', $id ) );
2758
  if ( !$row->form_front ) {
2759
  $id = '';
2760
  }
3440
  $send = TRUE;
3441
  }
3442
  else {
3443
+ $mail_verification_post_id = (int)$wpdb->get_var( $wpdb->prepare( 'SELECT mail_verification_post_id FROM ' . $wpdb->prefix . 'formmaker WHERE id = %d ', $id ) );
3444
  $verification_link = get_post( $mail_verification_post_id );
3445
 
3446
  // Replace pdf link in email body.
frontend/models/verify_email.php CHANGED
@@ -55,7 +55,7 @@ class FMModelVerify_email {
55
  'element_label' => 'verifyInfo@' . $recipient,
56
  );
57
 
58
- $updated = $wpdb->update($wpdb->prefix . "formmaker_submits", $data, $where);
59
 
60
  if ( $updated !== FALSE ) {
61
  $message = __('Your email has been successfully verified.', WDFMInstance(self::PLUGIN)->prefix);
55
  'element_label' => 'verifyInfo@' . $recipient,
56
  );
57
 
58
+ $updated = $wpdb->update( $wpdb->prefix . 'formmaker_submits', $data, $where, array('%s','$s'), array('%d','%s') );
59
 
60
  if ( $updated !== FALSE ) {
61
  $message = __('Your email has been successfully verified.', WDFMInstance(self::PLUGIN)->prefix);
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: webdorado,10web,wdsupport,formmakersupport
3
  Tags: form, forms, form builder, contact form, feedback, custom form, contact, web contact form, captcha, email, form manager, survey
4
  Requires at least: 4.6
5
- Tested up to: 5.4
6
- Stable tag: 1.13.39
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -562,6 +562,9 @@ Where **{{field_id}}** is the ID of the field you wish to prefill. Also, **{{par
562
 
563
  == Changelog ==
564
 
 
 
 
565
  = 1.13.39 =
566
  * Fixed: Submissions export.
567
  * Fixed: Captcha with ajax submit.
2
  Contributors: webdorado,10web,wdsupport,formmakersupport
3
  Tags: form, forms, form builder, contact form, feedback, custom form, contact, web contact form, captcha, email, form manager, survey
4
  Requires at least: 4.6
5
+ Tested up to: 5.5
6
+ Stable tag: 1.13.40
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
562
 
563
  == Changelog ==
564
 
565
+ = 1.13.40 =
566
+ * Fixed: Security issue.
567
+
568
  = 1.13.39 =
569
  * Fixed: Submissions export.
570
  * Fixed: Captcha with ajax submit.