Version Description
- Fixed: XSS vulnerability.
Download this release
Release Info
Developer | 10web |
Plugin | Form Maker by WD – user-friendly drag & drop Form Builder plugin |
Version | 1.14.12 |
Comparing to | |
See all releases |
Code changes from version 1.14.11 to 1.14.12
- admin/controllers/Manage_fm.php +5 -1
- form-maker.php +3 -3
- framework/WDW_FM_Library.php +40 -0
- readme.txt +4 -1
admin/controllers/Manage_fm.php
CHANGED
@@ -840,7 +840,11 @@ class FMControllerManage_fm extends FMAdminController {
|
|
840 |
$submissions_limit = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit', 0));
|
841 |
$submissions_limit_text = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit_text', ''));
|
842 |
$save_uploads = stripslashes(WDW_FM_Library(self::PLUGIN)->get('save_uploads', ''));
|
843 |
-
|
|
|
|
|
|
|
|
|
844 |
$url = WDW_FM_Library(self::PLUGIN)->get('url', '');
|
845 |
$tax = WDW_FM_Library(self::PLUGIN)->get('tax', 0);
|
846 |
$paypal_email = WDW_FM_Library(self::PLUGIN)->get('paypal_email', '', 'esc_attr');
|
840 |
$submissions_limit = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit', 0));
|
841 |
$submissions_limit_text = stripslashes(WDW_FM_Library(self::PLUGIN)->get('submissions_limit_text', ''));
|
842 |
$save_uploads = stripslashes(WDW_FM_Library(self::PLUGIN)->get('save_uploads', ''));
|
843 |
+
|
844 |
+
$allowed_html_tags = WDW_FM_Library(self::PLUGIN)->allowed_html_tags();
|
845 |
+
$submit_text = html_entity_decode(WDW_FM_Library(self::PLUGIN)->get('submit_text', '', FALSE));
|
846 |
+
$submit_text = htmlentities(wp_kses($submit_text, $allowed_html_tags));
|
847 |
+
|
848 |
$url = WDW_FM_Library(self::PLUGIN)->get('url', '');
|
849 |
$tax = WDW_FM_Library(self::PLUGIN)->get('tax', 0);
|
850 |
$paypal_email = WDW_FM_Library(self::PLUGIN)->get('paypal_email', '', 'esc_attr');
|
form-maker.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: Form Maker
|
4 |
* Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
|
5 |
* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
|
6 |
-
* Version: 1.14.
|
7 |
* Author: 10Web Form Builder Team
|
8 |
* Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
|
9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
@@ -103,8 +103,8 @@ final class WDFM {
|
|
103 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
104 |
$this->front_urls = $this->get_front_urls();
|
105 |
$this->main_file = plugin_basename(__FILE__);
|
106 |
-
$this->plugin_version = '1.14.
|
107 |
-
$this->db_version = '2.14.
|
108 |
$this->menu_postfix = ($this->is_free == 2 ? '_fmc' : '_fm');
|
109 |
$this->plugin_postfix = ($this->is_free == 2 ? '_fmc' : '');
|
110 |
$this->menu_slug = 'manage' . $this->menu_postfix;
|
3 |
* Plugin Name: Form Maker
|
4 |
* Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
|
5 |
* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
|
6 |
+
* Version: 1.14.12
|
7 |
* Author: 10Web Form Builder Team
|
8 |
* Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
|
9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
103 |
$this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
|
104 |
$this->front_urls = $this->get_front_urls();
|
105 |
$this->main_file = plugin_basename(__FILE__);
|
106 |
+
$this->plugin_version = '1.14.12';
|
107 |
+
$this->db_version = '2.14.12';
|
108 |
$this->menu_postfix = ($this->is_free == 2 ? '_fmc' : '_fm');
|
109 |
$this->plugin_postfix = ($this->is_free == 2 ? '_fmc' : '');
|
110 |
$this->menu_slug = 'manage' . $this->menu_postfix;
|
framework/WDW_FM_Library.php
CHANGED
@@ -6426,4 +6426,44 @@ class WDW_FM_Library {
|
|
6426 |
}
|
6427 |
return $user_email;
|
6428 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6429 |
}
|
6426 |
}
|
6427 |
return $user_email;
|
6428 |
}
|
6429 |
+
|
6430 |
+
/**
|
6431 |
+
* Array of allowed html tags
|
6432 |
+
*
|
6433 |
+
*/
|
6434 |
+
public static function allowed_html_tags() {
|
6435 |
+
$allowed_html = array(
|
6436 |
+
"a" => array(
|
6437 |
+
"href" => TRUE,
|
6438 |
+
"title" => TRUE,
|
6439 |
+
),
|
6440 |
+
"h1" => array(),
|
6441 |
+
"h2" => array(),
|
6442 |
+
"h3" => array(),
|
6443 |
+
"h4" => array(),
|
6444 |
+
"h5" => array(),
|
6445 |
+
"h6" => array(),
|
6446 |
+
"i" => array(),
|
6447 |
+
"em" => array(),
|
6448 |
+
"strong" => array(),
|
6449 |
+
"br" => array(),
|
6450 |
+
"hr" => array(),
|
6451 |
+
"del" => array(
|
6452 |
+
"datetime" => TRUE,
|
6453 |
+
),
|
6454 |
+
"ins" => array(
|
6455 |
+
"datetime" => TRUE,
|
6456 |
+
),
|
6457 |
+
"ul" => array(),
|
6458 |
+
"ol" => array(),
|
6459 |
+
"li" => array(),
|
6460 |
+
"code" => array(),
|
6461 |
+
"div" => array( "class" => TRUE, ),
|
6462 |
+
"img" => array( "class" => TRUE, "src" => TRUE, "alt" => TRUE),
|
6463 |
+
"video" => array( "class" => TRUE, "src" => TRUE, "controls" => TRUE),
|
6464 |
+
"source" => array( "src" => TRUE, "type" => TRUE ),
|
6465 |
+
);
|
6466 |
+
|
6467 |
+
return $allowed_html;
|
6468 |
+
}
|
6469 |
}
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: webdorado,10web,wdsupport,formmakersupport
|
|
3 |
Tags: form, forms, form builder, contact form, feedback, custom form, contact, web contact form, captcha, email, form manager, survey
|
4 |
Requires at least: 4.6
|
5 |
Tested up to: 5.9
|
6 |
-
Stable tag: 1.14.
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
@@ -561,6 +561,9 @@ Where **{{field_id}}** is the ID of the field you wish to prefill. Also, **{{par
|
|
561 |
|
562 |
|
563 |
== Changelog ==
|
|
|
|
|
|
|
564 |
= 1.14.11 =
|
565 |
* Added: Option to not send Email with payment information.
|
566 |
* Improved: Cancel Stripe transaction if an error occurs while submitting a form.
|
3 |
Tags: form, forms, form builder, contact form, feedback, custom form, contact, web contact form, captcha, email, form manager, survey
|
4 |
Requires at least: 4.6
|
5 |
Tested up to: 5.9
|
6 |
+
Stable tag: 1.14.12
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
561 |
|
562 |
|
563 |
== Changelog ==
|
564 |
+
= 1.14.12 =
|
565 |
+
* Fixed: XSS vulnerability.
|
566 |
+
|
567 |
= 1.14.11 =
|
568 |
* Added: Option to not send Email with payment information.
|
569 |
* Improved: Cancel Stripe transaction if an error occurs while submitting a form.
|