Version Description
- Fixed: XSS vulnerability.
Download this release
Release Info
| Developer | 10web |
| Plugin |  Form Maker by WD – user-friendly drag & drop Form Builder plugin |
| Version | 1.14.12 |
| Comparing to | |
| See all releases | |
Code changes from version 1.14.11 to 1.14.12
- admin/controllers/Manage_fm.php +5 -1
- form-maker.php +3 -3
- framework/WDW_FM_Library.php +40 -0
- readme.txt +4 -1
admin/controllers/Manage_fm.php
CHANGED
|
@@ -840,7 +840,11 @@ class FMControllerManage_fm extends FMAdminController {
|
|
| 840 |
$submissions_limit = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit', 0));
|
| 841 |
$submissions_limit_text = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit_text', ''));
|
| 842 |
$save_uploads = stripslashes(WDW_FM_Library(self::PLUGIN)->get('save_uploads', ''));
|
| 843 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 844 |
$url = WDW_FM_Library(self::PLUGIN)->get('url', '');
|
| 845 |
$tax = WDW_FM_Library(self::PLUGIN)->get('tax', 0);
|
| 846 |
$paypal_email = WDW_FM_Library(self::PLUGIN)->get('paypal_email', '', 'esc_attr');
|
| 840 |
$submissions_limit = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit', 0));
|
| 841 |
$submissions_limit_text = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit_text', ''));
|
| 842 |
$save_uploads = stripslashes(WDW_FM_Library(self::PLUGIN)->get('save_uploads', ''));
|
| 843 |
+
|
| 844 |
+
$allowed_html_tags = WDW_FM_Library(self::PLUGIN)->allowed_html_tags();
|
| 845 |
+
$submit_text = html_entity_decode(WDW_FM_Library(self::PLUGIN)->get('submit_text', '', FALSE));
|
| 846 |
+
$submit_text = htmlentities(wp_kses($submit_text, $allowed_html_tags));
|
| 847 |
+
|
| 848 |
$url = WDW_FM_Library(self::PLUGIN)->get('url', '');
|
| 849 |
$tax = WDW_FM_Library(self::PLUGIN)->get('tax', 0);
|
| 850 |
$paypal_email = WDW_FM_Library(self::PLUGIN)->get('paypal_email', '', 'esc_attr');
|
form-maker.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Form Maker
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
|
| 5 |
* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
|
| 6 |
-
* Version: 1.14.
|
| 7 |
* Author: 10Web Form Builder Team
|
| 8 |
* Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -103,8 +103,8 @@ final class WDFM {
|
|
| 103 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
| 104 |
$this->front_urls = $this->get_front_urls();
|
| 105 |
$this->main_file = plugin_basename(__FILE__);
|
| 106 |
-
$this->plugin_version = '1.14.
|
| 107 |
-
$this->db_version = '2.14.
|
| 108 |
$this->menu_postfix = ($this->is_free == 2 ? '_fmc' : '_fm');
|
| 109 |
$this->plugin_postfix = ($this->is_free == 2 ? '_fmc' : '');
|
| 110 |
$this->menu_slug = 'manage' . $this->menu_postfix;
|
| 3 |
* Plugin Name: Form Maker
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
|
| 5 |
* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
|
| 6 |
+
* Version: 1.14.12
|
| 7 |
* Author: 10Web Form Builder Team
|
| 8 |
* Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
| 103 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
| 104 |
$this->front_urls = $this->get_front_urls();
|
| 105 |
$this->main_file = plugin_basename(__FILE__);
|
| 106 |
+
$this->plugin_version = '1.14.12';
|
| 107 |
+
$this->db_version = '2.14.12';
|
| 108 |
$this->menu_postfix = ($this->is_free == 2 ? '_fmc' : '_fm');
|
| 109 |
$this->plugin_postfix = ($this->is_free == 2 ? '_fmc' : '');
|
| 110 |
$this->menu_slug = 'manage' . $this->menu_postfix;
|
framework/WDW_FM_Library.php
CHANGED
|
@@ -6426,4 +6426,44 @@ class WDW_FM_Library {
|
|
| 6426 |
}
|
| 6427 |
return $user_email;
|
| 6428 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6429 |
}
|
| 6426 |
}
|
| 6427 |
return $user_email;
|
| 6428 |
}
|
| 6429 |
+
|
| 6430 |
+
/**
|
| 6431 |
+
* Array of allowed html tags
|
| 6432 |
+
*
|
| 6433 |
+
*/
|
| 6434 |
+
public static function allowed_html_tags() {
|
| 6435 |
+
$allowed_html = array(
|
| 6436 |
+
"a" => array(
|
| 6437 |
+
"href" => TRUE,
|
| 6438 |
+
"title" => TRUE,
|
| 6439 |
+
),
|
| 6440 |
+
"h1" => array(),
|
| 6441 |
+
"h2" => array(),
|
| 6442 |
+
"h3" => array(),
|
| 6443 |
+
"h4" => array(),
|
| 6444 |
+
"h5" => array(),
|
| 6445 |
+
"h6" => array(),
|
| 6446 |
+
"i" => array(),
|
| 6447 |
+
"em" => array(),
|
| 6448 |
+
"strong" => array(),
|
| 6449 |
+
"br" => array(),
|
| 6450 |
+
"hr" => array(),
|
| 6451 |
+
"del" => array(
|
| 6452 |
+
"datetime" => TRUE,
|
| 6453 |
+
),
|
| 6454 |
+
"ins" => array(
|
| 6455 |
+
"datetime" => TRUE,
|
| 6456 |
+
),
|
| 6457 |
+
"ul" => array(),
|
| 6458 |
+
"ol" => array(),
|
| 6459 |
+
"li" => array(),
|
| 6460 |
+
"code" => array(),
|
| 6461 |
+
"div" => array( "class" => TRUE, ),
|
| 6462 |
+
"img" => array( "class" => TRUE, "src" => TRUE, "alt" => TRUE),
|
| 6463 |
+
"video" => array( "class" => TRUE, "src" => TRUE, "controls" => TRUE),
|
| 6464 |
+
"source" => array( "src" => TRUE, "type" => TRUE ),
|
| 6465 |
+
);
|
| 6466 |
+
|
| 6467 |
+
return $allowed_html;
|
| 6468 |
+
}
|
| 6469 |
}
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: webdorado,10web,wdsupport,formmakersupport
|
|
| 3 |
Tags: form, forms, form builder, contact form, feedback, custom form, contact, web contact form, captcha, email, form manager, survey
|
| 4 |
Requires at least: 4.6
|
| 5 |
Tested up to: 5.9
|
| 6 |
-
Stable tag: 1.14.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -561,6 +561,9 @@ Where **{{field_id}}** is the ID of the field you wish to prefill. Also, **{{par
|
|
| 561 |
|
| 562 |
|
| 563 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 564 |
= 1.14.11 =
|
| 565 |
* Added: Option to not send Email with payment information.
|
| 566 |
* Improved: Cancel Stripe transaction if an error occurs while submitting a form.
|
| 3 |
Tags: form, forms, form builder, contact form, feedback, custom form, contact, web contact form, captcha, email, form manager, survey
|
| 4 |
Requires at least: 4.6
|
| 5 |
Tested up to: 5.9
|
| 6 |
+
Stable tag: 1.14.12
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 561 |
|
| 562 |
|
| 563 |
== Changelog ==
|
| 564 |
+
= 1.14.12 =
|
| 565 |
+
* Fixed: XSS vulnerability.
|
| 566 |
+
|
| 567 |
= 1.14.11 =
|
| 568 |
* Added: Option to not send Email with payment information.
|
| 569 |
* Improved: Cancel Stripe transaction if an error occurs while submitting a form.
|
