Version Description
Fixed: Security issue
Download this release
Release Info
| Developer | webdorado |
| Plugin |  Form Maker by WD – user-friendly drag & drop Form Builder plugin |
| Version | 1.7.57 |
| Comparing to | |
| See all releases | |
Code changes from version 1.7.56 to 1.7.57
- admin/controllers/FMControllerBlocked_ips_fm.php +1 -1
- admin/controllers/FMControllerFormMakerEditCSS.php +1 -1
- admin/controllers/FMControllerFormMakerSQLMapping.php +2 -2
- admin/controllers/FMControllerManage_fm.php +29 -28
- admin/controllers/FMControllerSelect_data_from_db.php +4 -4
- admin/controllers/FMControllerSubmissions_fm.php +14 -11
- admin/controllers/FMControllerThemes_fm.php +3 -3
- admin/models/FMModelBlocked_ips_fm.php +5 -2
- admin/models/FMModelGenerete_csv.php +1 -1
- admin/models/FMModelGenerete_xml.php +1 -1
- admin/models/FMModelManage_fm.php +13 -10
- admin/models/FMModelSubmissions_fm.php +2 -2
- admin/models/FMModelThemes_fm.php +5 -2
- form-maker.php +22 -9
- frontend/views/FMViewForm_maker.php +3 -4
- readme.txt +4 -1
admin/controllers/FMControllerBlocked_ips_fm.php
CHANGED
|
@@ -20,7 +20,7 @@ class FMControllerBlocked_ips_fm {
|
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = WDW_FM_Library::get('task');
|
| 23 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 24 |
$message = WDW_FM_Library::get('message');
|
| 25 |
echo WDW_FM_Library::message_id($message);
|
| 26 |
if (method_exists($this, $task)) {
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = WDW_FM_Library::get('task');
|
| 23 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 24 |
$message = WDW_FM_Library::get('message');
|
| 25 |
echo WDW_FM_Library::message_id($message);
|
| 26 |
if (method_exists($this, $task)) {
|
admin/controllers/FMControllerFormMakerEditCSS.php
CHANGED
|
@@ -20,7 +20,7 @@ class FMControllerFormMakerEditCSS {
|
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = ((isset($_POST['task'])) ? esc_html($_POST['task']) : '');
|
| 23 |
-
$id = ((isset($_POST['current_id'])) ? esc_html($_POST['current_id']) : 0);
|
| 24 |
if (method_exists($this, $task)) {
|
| 25 |
$this->$task($id);
|
| 26 |
}
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = ((isset($_POST['task'])) ? esc_html($_POST['task']) : '');
|
| 23 |
+
$id = ((isset($_POST['current_id'])) ? (int)esc_html($_POST['current_id']) : 0);
|
| 24 |
if (method_exists($this, $task)) {
|
| 25 |
$this->$task($id);
|
| 26 |
}
|
admin/controllers/FMControllerFormMakerSQLMapping.php
CHANGED
|
@@ -59,7 +59,7 @@ class FMControllerFormMakerSQLMapping {
|
|
| 59 |
|
| 60 |
require_once WD_FM_DIR . "/admin/views/FMViewFormMakerSQLMapping.php";
|
| 61 |
$view = new FMViewFormMakerSQLMapping($model);
|
| 62 |
-
$view->db_tables($form_id);
|
| 63 |
}
|
| 64 |
|
| 65 |
public function db_table_struct($form_id) {
|
|
@@ -68,7 +68,7 @@ class FMControllerFormMakerSQLMapping {
|
|
| 68 |
|
| 69 |
require_once WD_FM_DIR . "/admin/views/FMViewFormMakerSQLMapping.php";
|
| 70 |
$view = new FMViewFormMakerSQLMapping($model);
|
| 71 |
-
$view->db_table_struct($form_id);
|
| 72 |
}
|
| 73 |
|
| 74 |
public function save_query() {
|
| 59 |
|
| 60 |
require_once WD_FM_DIR . "/admin/views/FMViewFormMakerSQLMapping.php";
|
| 61 |
$view = new FMViewFormMakerSQLMapping($model);
|
| 62 |
+
$view->db_tables((int)$form_id);
|
| 63 |
}
|
| 64 |
|
| 65 |
public function db_table_struct($form_id) {
|
| 68 |
|
| 69 |
require_once WD_FM_DIR . "/admin/views/FMViewFormMakerSQLMapping.php";
|
| 70 |
$view = new FMViewFormMakerSQLMapping($model);
|
| 71 |
+
$view->db_table_struct((int)$form_id);
|
| 72 |
}
|
| 73 |
|
| 74 |
public function save_query() {
|
admin/controllers/FMControllerManage_fm.php
CHANGED
|
@@ -20,7 +20,7 @@ class FMControllerManage_fm {
|
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = WDW_FM_Library::get('task');
|
| 23 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 24 |
$message = WDW_FM_Library::get('message');
|
| 25 |
echo WDW_FM_Library::message_id($message);
|
| 26 |
if (method_exists($this, $task)) {
|
|
@@ -39,8 +39,8 @@ public function undo()
|
|
| 39 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 40 |
|
| 41 |
global $wpdb;
|
| 42 |
-
$backup_id = WDW_FM_Library::get('backup_id');
|
| 43 |
-
$id = WDW_FM_Library::get('id');
|
| 44 |
|
| 45 |
$query = "SELECT backup_id FROM ".$wpdb->prefix."formmaker_backup WHERE backup_id < $backup_id AND id = $id ORDER BY backup_id DESC LIMIT 0 , 1 ";
|
| 46 |
$backup_id = $wpdb->get_var($query);
|
|
@@ -56,8 +56,8 @@ public function redo()
|
|
| 56 |
|
| 57 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 58 |
global $wpdb;
|
| 59 |
-
$backup_id = WDW_FM_Library::get('backup_id');
|
| 60 |
-
$id = WDW_FM_Library::get('id');
|
| 61 |
|
| 62 |
$query = "SELECT backup_id FROM ".$wpdb->prefix."formmaker_backup WHERE backup_id > $backup_id AND id = $id ORDER BY backup_id ASC LIMIT 0 , 1 ";
|
| 63 |
$backup_id = $wpdb->get_var($query);
|
|
@@ -96,7 +96,7 @@ public function redo()
|
|
| 96 |
|
| 97 |
global $wpdb;
|
| 98 |
$query = "SELECT backup_id FROM ".$wpdb->prefix."formmaker_backup WHERE cur=1 and id=".$id;
|
| 99 |
-
$backup_id = $wpdb->get_var($query);
|
| 100 |
|
| 101 |
if(!$backup_id)
|
| 102 |
{
|
|
@@ -120,7 +120,7 @@ public function redo()
|
|
| 120 |
|
| 121 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 122 |
$view = new FMViewManage_fm($model);
|
| 123 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 124 |
$view->edit_old($id);
|
| 125 |
}
|
| 126 |
|
|
@@ -134,7 +134,7 @@ public function redo()
|
|
| 134 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 135 |
$view = new FMViewManage_fm($model);
|
| 136 |
global $wpdb;
|
| 137 |
-
$id = WDW_FM_Library::get('current_id', $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker"));
|
| 138 |
$view->form_options_old($id);
|
| 139 |
}
|
| 140 |
|
|
@@ -142,7 +142,7 @@ public function redo()
|
|
| 142 |
$message = $this->save_db_options_old();
|
| 143 |
// $this->edit_old();
|
| 144 |
$page = WDW_FM_Library::get('page');
|
| 145 |
-
$current_id = WDW_FM_Library::get('current_id', 0);
|
| 146 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit_old', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 147 |
}
|
| 148 |
|
|
@@ -156,7 +156,7 @@ public function redo()
|
|
| 156 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 157 |
// $view->form_options_old($id);
|
| 158 |
$page = WDW_FM_Library::get('page');
|
| 159 |
-
$current_id = WDW_FM_Library::get('current_id', 0);
|
| 160 |
$fieldset_id = WDW_FM_Library::get('fieldset_id', 'general');
|
| 161 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'form_options_old', 'current_id' => $current_id, 'message' => $message, 'fieldset_id' => $fieldset_id), admin_url('admin.php')));
|
| 162 |
}
|
|
@@ -175,9 +175,9 @@ function before_reset() {
|
|
| 175 |
|
| 176 |
}";
|
| 177 |
global $wpdb;
|
| 178 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 179 |
$mail = (isset($_POST['mail']) ? esc_html(stripslashes($_POST['mail'])) : '');
|
| 180 |
-
$theme = (isset($_POST['theme']) ? esc_html(stripslashes($_POST['theme'])) : 1);
|
| 181 |
$javascript = (isset($_POST['javascript']) ? stripslashes($_POST['javascript']) : $javascript);
|
| 182 |
$script1 = (isset($_POST['script1']) ? esc_html(stripslashes($_POST['script1'])) : '');
|
| 183 |
$script2 = (isset($_POST['script2']) ? esc_html(stripslashes($_POST['script2'])) : '');
|
|
@@ -248,7 +248,7 @@ function before_reset() {
|
|
| 248 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 249 |
$view = new FMViewManage_fm($model);
|
| 250 |
global $wpdb;
|
| 251 |
-
$id = WDW_FM_Library::get('current_id', $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker"));
|
| 252 |
$view->form_layout($id);
|
| 253 |
}
|
| 254 |
|
|
@@ -256,7 +256,7 @@ function before_reset() {
|
|
| 256 |
$message = $this->save_db_layout();
|
| 257 |
// $this->edit();
|
| 258 |
$page = WDW_FM_Library::get('page');
|
| 259 |
-
$current_id = WDW_FM_Library::get('current_id', 0);
|
| 260 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 261 |
}
|
| 262 |
|
|
@@ -268,14 +268,14 @@ function before_reset() {
|
|
| 268 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 269 |
$view = new FMViewManage_fm($model);
|
| 270 |
$page = WDW_FM_Library::get('page');
|
| 271 |
-
$current_id = WDW_FM_Library::get('current_id', 0);
|
| 272 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'form_layout', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 273 |
// $view->form_layout($id);
|
| 274 |
}
|
| 275 |
|
| 276 |
public function save_db_layout() {
|
| 277 |
global $wpdb;
|
| 278 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 279 |
$custom_front = (isset($_POST['custom_front']) ? stripslashes($_POST['custom_front']) : '');
|
| 280 |
$autogen_layout = (isset($_POST['autogen_layout']) ? 1 : 0);
|
| 281 |
$save = $wpdb->update($wpdb->prefix . 'formmaker', array(
|
|
@@ -301,7 +301,7 @@ function before_reset() {
|
|
| 301 |
$view = new FMViewManage_fm($model);
|
| 302 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 303 |
global $wpdb;
|
| 304 |
-
$id = WDW_FM_Library::get('current_id', $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker"));
|
| 305 |
$view->form_options($id);
|
| 306 |
}
|
| 307 |
|
|
@@ -309,7 +309,7 @@ function before_reset() {
|
|
| 309 |
$message = $this->save_db_options();
|
| 310 |
// $this->edit();
|
| 311 |
$page = WDW_FM_Library::get('page');
|
| 312 |
-
$current_id = WDW_FM_Library::get('current_id', 0);
|
| 313 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 314 |
}
|
| 315 |
|
|
@@ -323,7 +323,7 @@ function before_reset() {
|
|
| 323 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 324 |
// $view->form_options($id);
|
| 325 |
$page = WDW_FM_Library::get('page');
|
| 326 |
-
$current_id = WDW_FM_Library::get('current_id', 0);
|
| 327 |
$fieldset_id = WDW_FM_Library::get('fieldset_id', 'general');
|
| 328 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'form_options', 'current_id' => $current_id, 'message' => $message, 'fieldset_id' => $fieldset_id), admin_url('admin.php')));
|
| 329 |
}
|
|
@@ -332,6 +332,7 @@ function before_reset() {
|
|
| 332 |
global $wpdb;
|
| 333 |
$cid = ((isset($_POST['cid']) && $_POST['cid'] != '') ? $_POST['cid'] : NULL);
|
| 334 |
if (count($cid)) {
|
|
|
|
| 335 |
$cids = implode(',', $cid);
|
| 336 |
$query = 'DELETE FROM ' . $wpdb->prefix . 'formmaker_query WHERE id IN ( ' . $cids . ' )';
|
| 337 |
if ($wpdb->query($query)) {
|
|
@@ -366,10 +367,10 @@ function before_reset() {
|
|
| 366 |
}";
|
| 367 |
global $wpdb;
|
| 368 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 369 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 370 |
$published = (isset($_POST['published']) ? esc_html(stripslashes($_POST['published'])) : 1);
|
| 371 |
$savedb = (isset($_POST['savedb']) ? esc_html(stripslashes($_POST['savedb'])) : 1);
|
| 372 |
-
$theme = ((isset($_POST['theme']) && (esc_html($_POST['theme']) != 0)) ? esc_html(stripslashes($_POST['theme'])) : $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker_themes"));
|
| 373 |
$requiredmark = (isset($_POST['requiredmark']) ? esc_html(stripslashes($_POST['requiredmark'])) : '*');
|
| 374 |
$sendemail = (isset($_POST['sendemail']) ? esc_html(stripslashes($_POST['sendemail'])) : 1);
|
| 375 |
$mail = (isset($_POST['mail']) ? esc_html(stripslashes($_POST['mail'])) : '');
|
|
@@ -520,7 +521,7 @@ function before_reset() {
|
|
| 520 |
$message = $this->save_db_old();
|
| 521 |
// $this->edit_old();
|
| 522 |
$id = (int) $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker");
|
| 523 |
-
$current_id = WDW_FM_Library::get('current_id', $id);
|
| 524 |
$page = WDW_FM_Library::get('page');
|
| 525 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit_old', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 526 |
}
|
|
@@ -528,7 +529,7 @@ function before_reset() {
|
|
| 528 |
public function save_db_old() {
|
| 529 |
global $wpdb;
|
| 530 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 531 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 532 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 533 |
$form = (isset($_POST['form']) ? stripslashes($_POST['form']) : '');
|
| 534 |
$form_front = (isset($_POST['form_front']) ? stripslashes($_POST['form_front']) : '');
|
|
@@ -567,7 +568,7 @@ function before_reset() {
|
|
| 567 |
public function save_db_as_copy_old() {
|
| 568 |
global $wpdb;
|
| 569 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 570 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 571 |
$row = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id="%d"', $id));
|
| 572 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 573 |
$form = (isset($_POST['form']) ? stripslashes($_POST['form']) : '');
|
|
@@ -707,7 +708,7 @@ function before_reset() {
|
|
| 707 |
// $this->edit();
|
| 708 |
global $wpdb;
|
| 709 |
$id = (int) $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker");
|
| 710 |
-
$current_id = WDW_FM_Library::get('current_id', $id);
|
| 711 |
$page = WDW_FM_Library::get('page');
|
| 712 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 713 |
}
|
|
@@ -723,7 +724,7 @@ function before_submit() {
|
|
| 723 |
// before form reset
|
| 724 |
function before_reset() {
|
| 725 |
}";
|
| 726 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 727 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 728 |
$form_front = (isset($_POST['form_front']) ? stripslashes($_POST['form_front']) : '');
|
| 729 |
$sortable = (isset($_POST['sortable']) ? 1 : 0);
|
|
@@ -877,7 +878,7 @@ function before_reset() {
|
|
| 877 |
));
|
| 878 |
}
|
| 879 |
|
| 880 |
-
$backup_id = (isset($_POST['backup_id']) ? esc_html(stripslashes($_POST['backup_id'])) : '');
|
| 881 |
|
| 882 |
if($backup_id)
|
| 883 |
{
|
|
@@ -1057,7 +1058,7 @@ function before_reset() {
|
|
| 1057 |
public function save_db_as_copy() {
|
| 1058 |
global $wpdb;
|
| 1059 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 1060 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 1061 |
$row = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id="%d"', $id));
|
| 1062 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 1063 |
$form_front = (isset($_POST['form_front']) ? stripslashes($_POST['form_front']) : '');
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = WDW_FM_Library::get('task');
|
| 23 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 24 |
$message = WDW_FM_Library::get('message');
|
| 25 |
echo WDW_FM_Library::message_id($message);
|
| 26 |
if (method_exists($this, $task)) {
|
| 39 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 40 |
|
| 41 |
global $wpdb;
|
| 42 |
+
$backup_id = (int)WDW_FM_Library::get('backup_id');
|
| 43 |
+
$id = (int)WDW_FM_Library::get('id');
|
| 44 |
|
| 45 |
$query = "SELECT backup_id FROM ".$wpdb->prefix."formmaker_backup WHERE backup_id < $backup_id AND id = $id ORDER BY backup_id DESC LIMIT 0 , 1 ";
|
| 46 |
$backup_id = $wpdb->get_var($query);
|
| 56 |
|
| 57 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 58 |
global $wpdb;
|
| 59 |
+
$backup_id = (int)WDW_FM_Library::get('backup_id');
|
| 60 |
+
$id = (int)WDW_FM_Library::get('id');
|
| 61 |
|
| 62 |
$query = "SELECT backup_id FROM ".$wpdb->prefix."formmaker_backup WHERE backup_id > $backup_id AND id = $id ORDER BY backup_id ASC LIMIT 0 , 1 ";
|
| 63 |
$backup_id = $wpdb->get_var($query);
|
| 96 |
|
| 97 |
global $wpdb;
|
| 98 |
$query = "SELECT backup_id FROM ".$wpdb->prefix."formmaker_backup WHERE cur=1 and id=".$id;
|
| 99 |
+
$backup_id = (int)$wpdb->get_var($query);
|
| 100 |
|
| 101 |
if(!$backup_id)
|
| 102 |
{
|
| 120 |
|
| 121 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 122 |
$view = new FMViewManage_fm($model);
|
| 123 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 124 |
$view->edit_old($id);
|
| 125 |
}
|
| 126 |
|
| 134 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 135 |
$view = new FMViewManage_fm($model);
|
| 136 |
global $wpdb;
|
| 137 |
+
$id = (int)WDW_FM_Library::get('current_id', $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker"));
|
| 138 |
$view->form_options_old($id);
|
| 139 |
}
|
| 140 |
|
| 142 |
$message = $this->save_db_options_old();
|
| 143 |
// $this->edit_old();
|
| 144 |
$page = WDW_FM_Library::get('page');
|
| 145 |
+
$current_id = (int)WDW_FM_Library::get('current_id', 0);
|
| 146 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit_old', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 147 |
}
|
| 148 |
|
| 156 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 157 |
// $view->form_options_old($id);
|
| 158 |
$page = WDW_FM_Library::get('page');
|
| 159 |
+
$current_id = (int)WDW_FM_Library::get('current_id', 0);
|
| 160 |
$fieldset_id = WDW_FM_Library::get('fieldset_id', 'general');
|
| 161 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'form_options_old', 'current_id' => $current_id, 'message' => $message, 'fieldset_id' => $fieldset_id), admin_url('admin.php')));
|
| 162 |
}
|
| 175 |
|
| 176 |
}";
|
| 177 |
global $wpdb;
|
| 178 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 179 |
$mail = (isset($_POST['mail']) ? esc_html(stripslashes($_POST['mail'])) : '');
|
| 180 |
+
$theme = (isset($_POST['theme']) ? (int)esc_html(stripslashes($_POST['theme'])) : 1);
|
| 181 |
$javascript = (isset($_POST['javascript']) ? stripslashes($_POST['javascript']) : $javascript);
|
| 182 |
$script1 = (isset($_POST['script1']) ? esc_html(stripslashes($_POST['script1'])) : '');
|
| 183 |
$script2 = (isset($_POST['script2']) ? esc_html(stripslashes($_POST['script2'])) : '');
|
| 248 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 249 |
$view = new FMViewManage_fm($model);
|
| 250 |
global $wpdb;
|
| 251 |
+
$id = (int)WDW_FM_Library::get('current_id', $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker"));
|
| 252 |
$view->form_layout($id);
|
| 253 |
}
|
| 254 |
|
| 256 |
$message = $this->save_db_layout();
|
| 257 |
// $this->edit();
|
| 258 |
$page = WDW_FM_Library::get('page');
|
| 259 |
+
$current_id = (int)WDW_FM_Library::get('current_id', 0);
|
| 260 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 261 |
}
|
| 262 |
|
| 268 |
require_once WD_FM_DIR . "/admin/views/FMViewManage_fm.php";
|
| 269 |
$view = new FMViewManage_fm($model);
|
| 270 |
$page = WDW_FM_Library::get('page');
|
| 271 |
+
$current_id = (int)WDW_FM_Library::get('current_id', 0);
|
| 272 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'form_layout', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 273 |
// $view->form_layout($id);
|
| 274 |
}
|
| 275 |
|
| 276 |
public function save_db_layout() {
|
| 277 |
global $wpdb;
|
| 278 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 279 |
$custom_front = (isset($_POST['custom_front']) ? stripslashes($_POST['custom_front']) : '');
|
| 280 |
$autogen_layout = (isset($_POST['autogen_layout']) ? 1 : 0);
|
| 281 |
$save = $wpdb->update($wpdb->prefix . 'formmaker', array(
|
| 301 |
$view = new FMViewManage_fm($model);
|
| 302 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 303 |
global $wpdb;
|
| 304 |
+
$id = (int)WDW_FM_Library::get('current_id', $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker"));
|
| 305 |
$view->form_options($id);
|
| 306 |
}
|
| 307 |
|
| 309 |
$message = $this->save_db_options();
|
| 310 |
// $this->edit();
|
| 311 |
$page = WDW_FM_Library::get('page');
|
| 312 |
+
$current_id = (int)WDW_FM_Library::get('current_id', 0);
|
| 313 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 314 |
}
|
| 315 |
|
| 323 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 324 |
// $view->form_options($id);
|
| 325 |
$page = WDW_FM_Library::get('page');
|
| 326 |
+
$current_id =(int) WDW_FM_Library::get('current_id', 0);
|
| 327 |
$fieldset_id = WDW_FM_Library::get('fieldset_id', 'general');
|
| 328 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'form_options', 'current_id' => $current_id, 'message' => $message, 'fieldset_id' => $fieldset_id), admin_url('admin.php')));
|
| 329 |
}
|
| 332 |
global $wpdb;
|
| 333 |
$cid = ((isset($_POST['cid']) && $_POST['cid'] != '') ? $_POST['cid'] : NULL);
|
| 334 |
if (count($cid)) {
|
| 335 |
+
array_walk($cid, create_function('&$value', '$value = (int)$value;'));
|
| 336 |
$cids = implode(',', $cid);
|
| 337 |
$query = 'DELETE FROM ' . $wpdb->prefix . 'formmaker_query WHERE id IN ( ' . $cids . ' )';
|
| 338 |
if ($wpdb->query($query)) {
|
| 367 |
}";
|
| 368 |
global $wpdb;
|
| 369 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 370 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 371 |
$published = (isset($_POST['published']) ? esc_html(stripslashes($_POST['published'])) : 1);
|
| 372 |
$savedb = (isset($_POST['savedb']) ? esc_html(stripslashes($_POST['savedb'])) : 1);
|
| 373 |
+
$theme = ((isset($_POST['theme']) && (esc_html($_POST['theme']) != 0)) ? (int)esc_html(stripslashes($_POST['theme'])) : $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker_themes"));
|
| 374 |
$requiredmark = (isset($_POST['requiredmark']) ? esc_html(stripslashes($_POST['requiredmark'])) : '*');
|
| 375 |
$sendemail = (isset($_POST['sendemail']) ? esc_html(stripslashes($_POST['sendemail'])) : 1);
|
| 376 |
$mail = (isset($_POST['mail']) ? esc_html(stripslashes($_POST['mail'])) : '');
|
| 521 |
$message = $this->save_db_old();
|
| 522 |
// $this->edit_old();
|
| 523 |
$id = (int) $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker");
|
| 524 |
+
$current_id =(int) WDW_FM_Library::get('current_id', $id);
|
| 525 |
$page = WDW_FM_Library::get('page');
|
| 526 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit_old', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 527 |
}
|
| 529 |
public function save_db_old() {
|
| 530 |
global $wpdb;
|
| 531 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 532 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 533 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 534 |
$form = (isset($_POST['form']) ? stripslashes($_POST['form']) : '');
|
| 535 |
$form_front = (isset($_POST['form_front']) ? stripslashes($_POST['form_front']) : '');
|
| 568 |
public function save_db_as_copy_old() {
|
| 569 |
global $wpdb;
|
| 570 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 571 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 572 |
$row = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id="%d"', $id));
|
| 573 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 574 |
$form = (isset($_POST['form']) ? stripslashes($_POST['form']) : '');
|
| 708 |
// $this->edit();
|
| 709 |
global $wpdb;
|
| 710 |
$id = (int) $wpdb->get_var("SELECT MAX(id) FROM " . $wpdb->prefix . "formmaker");
|
| 711 |
+
$current_id = (int)WDW_FM_Library::get('current_id', $id);
|
| 712 |
$page = WDW_FM_Library::get('page');
|
| 713 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 714 |
}
|
| 724 |
// before form reset
|
| 725 |
function before_reset() {
|
| 726 |
}";
|
| 727 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 728 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 729 |
$form_front = (isset($_POST['form_front']) ? stripslashes($_POST['form_front']) : '');
|
| 730 |
$sortable = (isset($_POST['sortable']) ? 1 : 0);
|
| 878 |
));
|
| 879 |
}
|
| 880 |
|
| 881 |
+
$backup_id = (isset($_POST['backup_id']) ? (int)esc_html(stripslashes($_POST['backup_id'])) : '');
|
| 882 |
|
| 883 |
if($backup_id)
|
| 884 |
{
|
| 1058 |
public function save_db_as_copy() {
|
| 1059 |
global $wpdb;
|
| 1060 |
// $id = (isset($_POST['current_id']) ? (int) esc_html(stripslashes($_POST['current_id'])) : 0);
|
| 1061 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 1062 |
$row = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'formmaker WHERE id="%d"', $id));
|
| 1063 |
$title = (isset($_POST['title']) ? esc_html(stripslashes($_POST['title'])) : '');
|
| 1064 |
$form_front = (isset($_POST['form_front']) ? stripslashes($_POST['form_front']) : '');
|
admin/controllers/FMControllerSelect_data_from_db.php
CHANGED
|
@@ -20,8 +20,8 @@ class FMControllerSelect_data_from_db {
|
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = ((isset($_GET['task'])) ? esc_html($_GET['task']) : 0);
|
| 23 |
-
$id = ((isset($_GET['id'])) ? esc_html($_GET['id']) : 0);
|
| 24 |
-
$form_id = ((isset($_GET['form_id'])) ? esc_html($_GET['form_id']) : 0);
|
| 25 |
$field_id = ((isset($_GET['field_id'])) ? esc_html($_GET['field_id']) : 0);
|
| 26 |
//var_dump($form_id);
|
| 27 |
$field_type = ((isset($_GET['field_type'])) ? esc_html($_GET['field_type']) : 0);
|
|
@@ -48,7 +48,7 @@ class FMControllerSelect_data_from_db {
|
|
| 48 |
|
| 49 |
require_once WD_FM_DIR . "/admin/views/FMViewSelect_data_from_db.php";
|
| 50 |
$view = new FMViewSelect_data_from_db($model);
|
| 51 |
-
$view->db_tables($form_id,$field_type);
|
| 52 |
}
|
| 53 |
public function db_table_struct_select($form_id,$field_type) {
|
| 54 |
require_once WD_FM_DIR . "/admin/models/FMModelSelect_data_from_db.php";
|
|
@@ -56,7 +56,7 @@ class FMControllerSelect_data_from_db {
|
|
| 56 |
|
| 57 |
require_once WD_FM_DIR . "/admin/views/FMViewSelect_data_from_db.php";
|
| 58 |
$view = new FMViewSelect_data_from_db($model);
|
| 59 |
-
$view->db_table_struct_select($form_id,$field_type);
|
| 60 |
}
|
| 61 |
|
| 62 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = ((isset($_GET['task'])) ? esc_html($_GET['task']) : 0);
|
| 23 |
+
$id = ((isset($_GET['id'])) ? (int)esc_html($_GET['id']) : 0);
|
| 24 |
+
$form_id = ((isset($_GET['form_id'])) ? (int)esc_html($_GET['form_id']) : 0);
|
| 25 |
$field_id = ((isset($_GET['field_id'])) ? esc_html($_GET['field_id']) : 0);
|
| 26 |
//var_dump($form_id);
|
| 27 |
$field_type = ((isset($_GET['field_type'])) ? esc_html($_GET['field_type']) : 0);
|
| 48 |
|
| 49 |
require_once WD_FM_DIR . "/admin/views/FMViewSelect_data_from_db.php";
|
| 50 |
$view = new FMViewSelect_data_from_db($model);
|
| 51 |
+
$view->db_tables((int)$form_id,$field_type);
|
| 52 |
}
|
| 53 |
public function db_table_struct_select($form_id,$field_type) {
|
| 54 |
require_once WD_FM_DIR . "/admin/models/FMModelSelect_data_from_db.php";
|
| 56 |
|
| 57 |
require_once WD_FM_DIR . "/admin/views/FMViewSelect_data_from_db.php";
|
| 58 |
$view = new FMViewSelect_data_from_db($model);
|
| 59 |
+
$view->db_table_struct_select((int)$form_id,$field_type);
|
| 60 |
}
|
| 61 |
|
| 62 |
////////////////////////////////////////////////////////////////////////////////////////
|
admin/controllers/FMControllerSubmissions_fm.php
CHANGED
|
@@ -20,8 +20,8 @@ class FMControllerSubmissions_fm {
|
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = ((isset($_POST['task'])) ? esc_html($_POST['task']) : '');
|
| 23 |
-
$id = ((isset($_POST['current_id'])) ? esc_html($_POST['current_id']) : 0);
|
| 24 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 25 |
if (method_exists($this, $task)) {
|
| 26 |
if($task != 'show_stats')
|
| 27 |
check_admin_referer('nonce_fm', 'nonce_fm');
|
|
@@ -35,7 +35,7 @@ class FMControllerSubmissions_fm {
|
|
| 35 |
}
|
| 36 |
|
| 37 |
public function display($form_id) {
|
| 38 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 39 |
require_once WD_FM_DIR . "/admin/models/FMModelSubmissions_fm.php";
|
| 40 |
$model = new FMModelSubmissions_fm();
|
| 41 |
|
|
@@ -45,7 +45,7 @@ class FMControllerSubmissions_fm {
|
|
| 45 |
}
|
| 46 |
|
| 47 |
public function show_stats() {
|
| 48 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 49 |
require_once WD_FM_DIR . "/admin/models/FMModelSubmissions_fm.php";
|
| 50 |
$model = new FMModelSubmissions_fm();
|
| 51 |
|
|
@@ -63,7 +63,7 @@ class FMControllerSubmissions_fm {
|
|
| 63 |
$view = new FMViewSubmissions_fm($model);
|
| 64 |
$id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? (int) $_POST['current_id'] : 0);
|
| 65 |
|
| 66 |
-
$form_id = $wpdb->get_var("SELECT form_id FROM " . $wpdb->prefix . "formmaker_submits WHERE group_id='" . $id . "'");
|
| 67 |
$form = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id='" . $form_id . "'");
|
| 68 |
|
| 69 |
if (isset($form->form)) {
|
|
@@ -82,7 +82,7 @@ class FMControllerSubmissions_fm {
|
|
| 82 |
}
|
| 83 |
|
| 84 |
public function save() {
|
| 85 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 86 |
$this->save_db();
|
| 87 |
$this->display($form_id);
|
| 88 |
}
|
|
@@ -98,7 +98,7 @@ class FMControllerSubmissions_fm {
|
|
| 98 |
$group_id = $id;
|
| 99 |
$date = esc_html($_POST['date']);
|
| 100 |
$ip = esc_html($_POST['ip']);
|
| 101 |
-
$form_id = $wpdb->get_var("SELECT form_id FROM " . $wpdb->prefix . "formmaker_submits WHERE group_id='" . $id . "'");
|
| 102 |
$form = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id='" . $form_id . "'");
|
| 103 |
$label_id = array();
|
| 104 |
$label_order_original = array();
|
|
@@ -668,7 +668,7 @@ class FMControllerSubmissions_fm {
|
|
| 668 |
|
| 669 |
public function delete($id) {
|
| 670 |
global $wpdb;
|
| 671 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 672 |
$query = $wpdb->prepare('DELETE FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id="%d"', $id);
|
| 673 |
// $elements_col = $wpdb->get_col($wpdb->prepare('SELECT element_value FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id="%d"', $id));
|
| 674 |
if ($wpdb->query($query)) {
|
|
@@ -692,9 +692,10 @@ class FMControllerSubmissions_fm {
|
|
| 692 |
|
| 693 |
public function delete_all() {
|
| 694 |
global $wpdb;
|
| 695 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 696 |
$cid = ((isset($_POST['post']) && $_POST['post'] != '') ? $_POST['post'] : NULL);
|
| 697 |
if (count($cid)) {
|
|
|
|
| 698 |
$cids = implode(',', $cid);
|
| 699 |
$query = 'DELETE FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( ' . $cids . ' )';
|
| 700 |
// $elements_col = $wpdb->get_col('SELECT element_value FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( ' . $cids . ' )');
|
|
@@ -724,9 +725,10 @@ class FMControllerSubmissions_fm {
|
|
| 724 |
public function block_ip() {
|
| 725 |
global $wpdb;
|
| 726 |
$flag = FALSE;
|
| 727 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 728 |
$cid = ((isset($_POST['post']) && $_POST['post'] != '') ? $_POST['post'] : NULL);
|
| 729 |
if (count($cid)) {
|
|
|
|
| 730 |
$cids = implode(',', $cid);
|
| 731 |
$query = 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( '. $cids .' )';
|
| 732 |
$rows = $wpdb->get_results($query);
|
|
@@ -754,9 +756,10 @@ class FMControllerSubmissions_fm {
|
|
| 754 |
public function unblock_ip() {
|
| 755 |
global $wpdb;
|
| 756 |
$flag = FALSE;
|
| 757 |
-
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? esc_html($_POST['form_id']) : 0);
|
| 758 |
$cid = ((isset($_POST['post']) && $_POST['post'] != '') ? $_POST['post'] : NULL);
|
| 759 |
if (count($cid)) {
|
|
|
|
| 760 |
$cids = implode(',', $cid);
|
| 761 |
$query = 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( '. $cids .' )';
|
| 762 |
$rows = $wpdb->get_results($query);
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = ((isset($_POST['task'])) ? esc_html($_POST['task']) : '');
|
| 23 |
+
$id = ((isset($_POST['current_id'])) ? (int)esc_html($_POST['current_id']) : 0);
|
| 24 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 25 |
if (method_exists($this, $task)) {
|
| 26 |
if($task != 'show_stats')
|
| 27 |
check_admin_referer('nonce_fm', 'nonce_fm');
|
| 35 |
}
|
| 36 |
|
| 37 |
public function display($form_id) {
|
| 38 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 39 |
require_once WD_FM_DIR . "/admin/models/FMModelSubmissions_fm.php";
|
| 40 |
$model = new FMModelSubmissions_fm();
|
| 41 |
|
| 45 |
}
|
| 46 |
|
| 47 |
public function show_stats() {
|
| 48 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 49 |
require_once WD_FM_DIR . "/admin/models/FMModelSubmissions_fm.php";
|
| 50 |
$model = new FMModelSubmissions_fm();
|
| 51 |
|
| 63 |
$view = new FMViewSubmissions_fm($model);
|
| 64 |
$id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? (int) $_POST['current_id'] : 0);
|
| 65 |
|
| 66 |
+
$form_id = (int)$wpdb->get_var("SELECT form_id FROM " . $wpdb->prefix . "formmaker_submits WHERE group_id='" . $id . "'");
|
| 67 |
$form = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id='" . $form_id . "'");
|
| 68 |
|
| 69 |
if (isset($form->form)) {
|
| 82 |
}
|
| 83 |
|
| 84 |
public function save() {
|
| 85 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 86 |
$this->save_db();
|
| 87 |
$this->display($form_id);
|
| 88 |
}
|
| 98 |
$group_id = $id;
|
| 99 |
$date = esc_html($_POST['date']);
|
| 100 |
$ip = esc_html($_POST['ip']);
|
| 101 |
+
$form_id = (int)$wpdb->get_var("SELECT form_id FROM " . $wpdb->prefix . "formmaker_submits WHERE group_id='" . $id . "'");
|
| 102 |
$form = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id='" . $form_id . "'");
|
| 103 |
$label_id = array();
|
| 104 |
$label_order_original = array();
|
| 668 |
|
| 669 |
public function delete($id) {
|
| 670 |
global $wpdb;
|
| 671 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 672 |
$query = $wpdb->prepare('DELETE FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id="%d"', $id);
|
| 673 |
// $elements_col = $wpdb->get_col($wpdb->prepare('SELECT element_value FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id="%d"', $id));
|
| 674 |
if ($wpdb->query($query)) {
|
| 692 |
|
| 693 |
public function delete_all() {
|
| 694 |
global $wpdb;
|
| 695 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 696 |
$cid = ((isset($_POST['post']) && $_POST['post'] != '') ? $_POST['post'] : NULL);
|
| 697 |
if (count($cid)) {
|
| 698 |
+
array_walk($cid, create_function('&$value', '$value = (int)$value;'));
|
| 699 |
$cids = implode(',', $cid);
|
| 700 |
$query = 'DELETE FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( ' . $cids . ' )';
|
| 701 |
// $elements_col = $wpdb->get_col('SELECT element_value FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( ' . $cids . ' )');
|
| 725 |
public function block_ip() {
|
| 726 |
global $wpdb;
|
| 727 |
$flag = FALSE;
|
| 728 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 729 |
$cid = ((isset($_POST['post']) && $_POST['post'] != '') ? $_POST['post'] : NULL);
|
| 730 |
if (count($cid)) {
|
| 731 |
+
array_walk($cid, create_function('&$value', '$value = (int)$value;'));
|
| 732 |
$cids = implode(',', $cid);
|
| 733 |
$query = 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( '. $cids .' )';
|
| 734 |
$rows = $wpdb->get_results($query);
|
| 756 |
public function unblock_ip() {
|
| 757 |
global $wpdb;
|
| 758 |
$flag = FALSE;
|
| 759 |
+
$form_id = ((isset($_POST['form_id']) && esc_html($_POST['form_id']) != '') ? (int)esc_html($_POST['form_id']) : 0);
|
| 760 |
$cid = ((isset($_POST['post']) && $_POST['post'] != '') ? $_POST['post'] : NULL);
|
| 761 |
if (count($cid)) {
|
| 762 |
+
array_walk($cid, create_function('&$value', '$value = (int)$value;'));
|
| 763 |
$cids = implode(',', $cid);
|
| 764 |
$query = 'SELECT * FROM ' . $wpdb->prefix . 'formmaker_submits WHERE group_id IN ( '. $cids .' )';
|
| 765 |
$rows = $wpdb->get_results($query);
|
admin/controllers/FMControllerThemes_fm.php
CHANGED
|
@@ -20,7 +20,7 @@ class FMControllerThemes_fm {
|
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = WDW_FM_Library::get('task');
|
| 23 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 24 |
$message = WDW_FM_Library::get('message');
|
| 25 |
echo WDW_FM_Library::message_id($message);
|
| 26 |
if (method_exists($this, $task)) {
|
|
@@ -57,7 +57,7 @@ class FMControllerThemes_fm {
|
|
| 57 |
require_once WD_FM_DIR . "/admin/views/FMViewThemes_fm.php";
|
| 58 |
$view = new FMViewThemes_fm($model);
|
| 59 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 60 |
-
$id = WDW_FM_Library::get('current_id', 0);
|
| 61 |
$view->edit($id, FALSE);
|
| 62 |
}
|
| 63 |
|
|
@@ -75,7 +75,7 @@ class FMControllerThemes_fm {
|
|
| 75 |
|
| 76 |
// }
|
| 77 |
$id = (int) $wpdb->get_var('SELECT MAX(`id`) FROM ' . $wpdb->prefix . 'formmaker_themes');
|
| 78 |
-
$current_id = WDW_FM_Library::get('current_id', $id);
|
| 79 |
$page = WDW_FM_Library::get('page');
|
| 80 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 81 |
// $this->edit();
|
| 20 |
////////////////////////////////////////////////////////////////////////////////////////
|
| 21 |
public function execute() {
|
| 22 |
$task = WDW_FM_Library::get('task');
|
| 23 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 24 |
$message = WDW_FM_Library::get('message');
|
| 25 |
echo WDW_FM_Library::message_id($message);
|
| 26 |
if (method_exists($this, $task)) {
|
| 57 |
require_once WD_FM_DIR . "/admin/views/FMViewThemes_fm.php";
|
| 58 |
$view = new FMViewThemes_fm($model);
|
| 59 |
// $id = ((isset($_POST['current_id']) && esc_html($_POST['current_id']) != '') ? esc_html($_POST['current_id']) : 0);
|
| 60 |
+
$id = (int)WDW_FM_Library::get('current_id', 0);
|
| 61 |
$view->edit($id, FALSE);
|
| 62 |
}
|
| 63 |
|
| 75 |
|
| 76 |
// }
|
| 77 |
$id = (int) $wpdb->get_var('SELECT MAX(`id`) FROM ' . $wpdb->prefix . 'formmaker_themes');
|
| 78 |
+
$current_id = (int)WDW_FM_Library::get('current_id', $id);
|
| 79 |
$page = WDW_FM_Library::get('page');
|
| 80 |
WDW_FM_Library::spider_redirect(add_query_arg(array('page' => $page, 'task' => 'edit', 'current_id' => $current_id, 'message' => $message), admin_url('admin.php')));
|
| 81 |
// $this->edit();
|
admin/models/FMModelBlocked_ips_fm.php
CHANGED
|
@@ -21,8 +21,11 @@ class FMModelBlocked_ips_fm {
|
|
| 21 |
public function get_rows_data() {
|
| 22 |
global $wpdb;
|
| 23 |
$where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE `ip` LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
| 24 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html($_POST['asc_or_desc']) : '
|
| 25 |
-
|
|
|
|
|
|
|
|
|
|
| 26 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
| 27 |
$limit = ((int) $_POST['page_number'] - 1) * 20;
|
| 28 |
}
|
| 21 |
public function get_rows_data() {
|
| 22 |
global $wpdb;
|
| 23 |
$where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE `ip` LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
| 24 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && ($_POST['asc_or_desc'] == 'asc' || $_POST['asc_or_desc'] == 'desc')) ? esc_html($_POST['asc_or_desc']) : 'asc');
|
| 25 |
+
$order_by = ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'id');
|
| 26 |
+
$order_by_array = array('id', 'ip');
|
| 27 |
+
$order_by = in_array($order_by, $order_by_array) ? $order_by : 'id';
|
| 28 |
+
$order_by = ' ORDER BY `' . $order_by . '` ' . $asc_or_desc;
|
| 29 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
| 30 |
$limit = ((int) $_POST['page_number'] - 1) * 20;
|
| 31 |
}
|
admin/models/FMModelGenerete_csv.php
CHANGED
|
@@ -23,7 +23,7 @@ class FMModelGenerete_csv {
|
|
| 23 |
$is_paypal_info = FALSE;
|
| 24 |
global $wpdb;
|
| 25 |
$params = array();
|
| 26 |
-
$form_id = $_REQUEST['form_id'];
|
| 27 |
$paypal_info_fields = array('currency', 'ord_last_modified', 'status', 'full_name', 'fax', 'mobile_phone', 'email', 'phone', 'address', 'paypal_info', 'ipn', 'tax', 'shipping');
|
| 28 |
|
| 29 |
$paypal_info_labels = array( 'Currency', 'Last modified', 'Status', 'Full Name', 'Fax', 'Mobile phone', 'Email', 'Phone', 'Address', 'Paypal info', 'IPN', 'Tax', 'Shipping');
|
| 23 |
$is_paypal_info = FALSE;
|
| 24 |
global $wpdb;
|
| 25 |
$params = array();
|
| 26 |
+
$form_id = (int)$_REQUEST['form_id'];
|
| 27 |
$paypal_info_fields = array('currency', 'ord_last_modified', 'status', 'full_name', 'fax', 'mobile_phone', 'email', 'phone', 'address', 'paypal_info', 'ipn', 'tax', 'shipping');
|
| 28 |
|
| 29 |
$paypal_info_labels = array( 'Currency', 'Last modified', 'Status', 'Full Name', 'Fax', 'Mobile phone', 'Email', 'Phone', 'Address', 'Paypal info', 'IPN', 'Tax', 'Shipping');
|
admin/models/FMModelGenerete_xml.php
CHANGED
|
@@ -23,7 +23,7 @@ class FMModelGenerete_xml {
|
|
| 23 |
$is_paypal_info = FALSE;
|
| 24 |
global $wpdb;
|
| 25 |
$params = array();
|
| 26 |
-
$form_id = $_REQUEST['form_id'];
|
| 27 |
$paypal_info_fields = array('ip', 'ord_date', 'ord_last_modified', 'status', 'full_name', 'fax', 'mobile_phone', 'email', 'phone', 'address', 'paypal_info', 'without_paypal_info', 'ipn', 'checkout_method', 'tax', 'shipping', 'shipping_type', 'read');
|
| 28 |
$paypal_info_labels = array( 'Currency', 'Last modified', 'Status', 'Full Name', 'Fax', 'Mobile phone', 'Email', 'Phone', 'Address', 'Paypal info', 'IPN', 'Tax', 'Shipping');
|
| 29 |
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "formmaker_submits where form_id= %d ORDER BY date ASC", $form_id);
|
| 23 |
$is_paypal_info = FALSE;
|
| 24 |
global $wpdb;
|
| 25 |
$params = array();
|
| 26 |
+
$form_id = (int)$_REQUEST['form_id'];
|
| 27 |
$paypal_info_fields = array('ip', 'ord_date', 'ord_last_modified', 'status', 'full_name', 'fax', 'mobile_phone', 'email', 'phone', 'address', 'paypal_info', 'without_paypal_info', 'ipn', 'checkout_method', 'tax', 'shipping', 'shipping_type', 'read');
|
| 28 |
$paypal_info_labels = array( 'Currency', 'Last modified', 'Status', 'Full Name', 'Fax', 'Mobile phone', 'Email', 'Phone', 'Address', 'Paypal info', 'IPN', 'Tax', 'Shipping');
|
| 29 |
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "formmaker_submits where form_id= %d ORDER BY date ASC", $form_id);
|
admin/models/FMModelManage_fm.php
CHANGED
|
@@ -22,8 +22,11 @@ class FMModelManage_fm {
|
|
| 22 |
global $wpdb;
|
| 23 |
$where = 'WHERE `id` NOT IN (' . (get_option('contact_form_forms', '') != '' ? get_option('contact_form_forms') : 0) . ')';
|
| 24 |
$where .= ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? ' AND title LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
| 25 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html($_POST['asc_or_desc']) : 'asc');
|
| 26 |
-
$order_by =
|
|
|
|
|
|
|
|
|
|
| 27 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
| 28 |
$limit = ((int) $_POST['page_number'] - 1) * 20;
|
| 29 |
}
|
|
@@ -529,7 +532,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 529 |
continue;
|
| 530 |
|
| 531 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==(int)$param['w_rowcol']*$i+$l)
|
| 532 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$l+$i).'" idi="'.((int)$param['w_rowcol']*$l+$i).'" style="display: table-cell;"><input type="checkbox" value="
|
| 533 |
else
|
| 534 |
{
|
| 535 |
$where = '';
|
|
@@ -549,7 +552,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 549 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 550 |
}
|
| 551 |
|
| 552 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$l+$i).'" idi="'.((int)$param['w_rowcol']*$l+$i).'" style="display: table-cell;"><input type="checkbox" value="'.$
|
| 553 |
}
|
| 554 |
}
|
| 555 |
|
|
@@ -569,7 +572,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 569 |
for($l=0; $l<$param['w_rowcol']; $l++)
|
| 570 |
{
|
| 571 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==(int)$param['w_rowcol']*$i+$l)
|
| 572 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="
|
| 573 |
else
|
| 574 |
{
|
| 575 |
$where = '' ;
|
|
@@ -589,7 +592,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 589 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 590 |
}
|
| 591 |
|
| 592 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="'.$
|
| 593 |
'.$where.' '.$order_by.' '.$db_info.'>'.$param['w_choices'][(int)$param['w_rowcol']*$i+$l].'</label></div>';
|
| 594 |
}
|
| 595 |
}
|
|
@@ -597,7 +600,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 597 |
for($l=0; $l<count($param['w_choices']); $l++)
|
| 598 |
{
|
| 599 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==(int)$param['w_rowcol']*$i+$l)
|
| 600 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="
|
| 601 |
else
|
| 602 |
{
|
| 603 |
$where = '' ;
|
|
@@ -617,7 +620,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 617 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 618 |
}
|
| 619 |
|
| 620 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="'.$
|
| 621 |
}
|
| 622 |
}
|
| 623 |
|
|
@@ -632,7 +635,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 632 |
{
|
| 633 |
$l = count($param['w_choices']) - count($param['w_choices'])%$param['w_rowcol'] + $k;
|
| 634 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==$l)
|
| 635 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.$l.'" idi="'.$l.'" style="display: table-cell;"><input type="checkbox" value="
|
| 636 |
else
|
| 637 |
{
|
| 638 |
$where = '' ;
|
|
@@ -651,7 +654,7 @@ ngdom</option><option value="United States">United States</option><option value=
|
|
| 651 |
$order_by = "order_by='".$w_choices_params[0]."'";
|
| 652 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 653 |
}
|
| 654 |
-
$rep.='<div valign="top" id="'.$id.'_td_little'.$l.'" idi="'.$l.'" style="display: table-cell;"><input type="checkbox" value="'.$
|
| 655 |
}
|
| 656 |
}
|
| 657 |
|
| 22 |
global $wpdb;
|
| 23 |
$where = 'WHERE `id` NOT IN (' . (get_option('contact_form_forms', '') != '' ? get_option('contact_form_forms') : 0) . ')';
|
| 24 |
$where .= ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? ' AND title LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
| 25 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && ($_POST['asc_or_desc'] == 'asc' || $_POST['asc_or_desc'] == 'desc')) ? esc_html($_POST['asc_or_desc']) : 'asc');
|
| 26 |
+
$order_by = ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'id');
|
| 27 |
+
$order_by_array = array('id', 'title', 'mail');
|
| 28 |
+
$order_by = in_array($order_by, $order_by_array) ? $order_by : 'id';
|
| 29 |
+
$order_by = ' ORDER BY `' . $order_by . '` ' . $asc_or_desc;
|
| 30 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
| 31 |
$limit = ((int) $_POST['page_number'] - 1) * 20;
|
| 32 |
}
|
| 532 |
continue;
|
| 533 |
|
| 534 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==(int)$param['w_rowcol']*$i+$l)
|
| 535 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$l+$i).'" idi="'.((int)$param['w_rowcol']*$l+$i).'" style="display: table-cell;"><input type="checkbox" value="" id="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$l+$i).'" name="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$l+$i).'" other="1" onclick="if(set_checked("'.$id.'","'.((int)$param['w_rowcol']*$l+$i).'","form_id_temp")) show_other_input("'.$id.'","form_id_temp");" '.$param['w_choices_checked'][(int)$param['w_rowcol']*$l+$i].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled /><label id="'.$id.'_label_element'.((int)$param['w_rowcol']*$l+$i).'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$l+$i).'">'.$param['w_choices'][(int)$param['w_rowcol']*$l+$i].'</label></div>';
|
| 536 |
else
|
| 537 |
{
|
| 538 |
$where = '';
|
| 552 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 553 |
}
|
| 554 |
|
| 555 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$l+$i).'" idi="'.((int)$param['w_rowcol']*$l+$i).'" style="display: table-cell;"><input type="checkbox" value="'.$choise_value.'" id="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$l+$i).'" name="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$l+$i).'" onclick="set_checked("'.$id.'","'.((int)$param['w_rowcol']*$l+$i).'","form_id_temp")" '.$param['w_choices_checked'][(int)$param['w_rowcol']*$l+$i].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled/><label id="'.$id.'_label_element'.((int)$param['w_rowcol']*$l+$i).'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$l+$i).'" '.$where.' '.$order_by.' '.$db_info.'>'.$param['w_choices'][(int)$param['w_rowcol']*$l+$i].'</label></div>';
|
| 556 |
}
|
| 557 |
}
|
| 558 |
|
| 572 |
for($l=0; $l<$param['w_rowcol']; $l++)
|
| 573 |
{
|
| 574 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==(int)$param['w_rowcol']*$i+$l)
|
| 575 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="" id="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" name="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" other="1" onclick="if(set_checked("'.$id.'","'.((int)$param['w_rowcol']*$i+$l).'","form_id_temp")) show_other_input("'.$id.'","form_id_temp");" '.$param['w_choices_checked'][(int)$param['w_rowcol']*$i+$l].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled /><label id="'.$id.'_label_element'.((int)$param['w_rowcol']*$i+$l).'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'">'.$param['w_choices'][(int)$param['w_rowcol']*$i+$l].'</label></div>';
|
| 576 |
else
|
| 577 |
{
|
| 578 |
$where = '' ;
|
| 592 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 593 |
}
|
| 594 |
|
| 595 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="'.$choise_value.'" id="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" name="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" onclick="set_checked("'.$id.'","'.((int)$param['w_rowcol']*$i+$l).'","form_id_temp")" '.$param['w_choices_checked'][(int)$param['w_rowcol']*$i+$l].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled/><label id="'.$id.'_label_element'.((int)$param['w_rowcol']*$i+$l).'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'"
|
| 596 |
'.$where.' '.$order_by.' '.$db_info.'>'.$param['w_choices'][(int)$param['w_rowcol']*$i+$l].'</label></div>';
|
| 597 |
}
|
| 598 |
}
|
| 600 |
for($l=0; $l<count($param['w_choices']); $l++)
|
| 601 |
{
|
| 602 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==(int)$param['w_rowcol']*$i+$l)
|
| 603 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="" id="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" name="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" other="1" onclick="if(set_checked("'.$id.'","'.((int)$param['w_rowcol']*$i+$l).'","form_id_temp")) show_other_input("'.$id.'","form_id_temp");" '.$param['w_choices_checked'][(int)$param['w_rowcol']*$i+$l].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled/><label id="'.$id.'_label_element'.((int)$param['w_rowcol']*$i+$l).'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'">'.$param['w_choices'][(int)$param['w_rowcol']*$i+$l].'</label></div>';
|
| 604 |
else
|
| 605 |
{
|
| 606 |
$where = '' ;
|
| 620 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 621 |
}
|
| 622 |
|
| 623 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.((int)$param['w_rowcol']*$i+$l).'" idi="'.((int)$param['w_rowcol']*$i+$l).'" style="display: table-cell;"><input type="checkbox" value="'.$choise_value.'" id="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" name="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" onclick="set_checked("'.$id.'","'.((int)$param['w_rowcol']*$i+$l).'","form_id_temp")" '.$param['w_choices_checked'][(int)$param['w_rowcol']*$i+$l].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled/><label id="'.$id.'_label_element'.((int)$param['w_rowcol']*$i+$l).'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.((int)$param['w_rowcol']*$i+$l).'" '.$where.' '.$order_by.' '.$db_info.'>'.$param['w_choices'][(int)$param['w_rowcol']*$i+$l].'</label></div>';
|
| 624 |
}
|
| 625 |
}
|
| 626 |
|
| 635 |
{
|
| 636 |
$l = count($param['w_choices']) - count($param['w_choices'])%$param['w_rowcol'] + $k;
|
| 637 |
if($param['w_allow_other']=="yes" && $param['w_allow_other_num']==$l)
|
| 638 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.$l.'" idi="'.$l.'" style="display: table-cell;"><input type="checkbox" value="" id="'.$id.'_elementform_id_temp'.$l.'" name="'.$id.'_elementform_id_temp'.$l.'" other="1" onclick="if(set_checked("'.$id.'","'.$l.'","form_id_temp")) show_other_input("'.$id.'","form_id_temp");" '.$param['w_choices_checked'][$l].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled/><label id="'.$id.'_label_element'.$l.'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.$l.'">'.$param['w_choices'][$l].'</label></div>';
|
| 639 |
else
|
| 640 |
{
|
| 641 |
$where = '' ;
|
| 654 |
$order_by = "order_by='".$w_choices_params[0]."'";
|
| 655 |
$db_info = "db_info='".$w_choices_params[1]."'";
|
| 656 |
}
|
| 657 |
+
$rep.='<div valign="top" id="'.$id.'_td_little'.$l.'" idi="'.$l.'" style="display: table-cell;"><input type="checkbox" value="'.$choise_value.'" id="'.$id.'_elementform_id_temp'.$l.'" name="'.$id.'_elementform_id_temp'.$l.'" onclick="set_checked("'.$id.'","'.$l.'","form_id_temp")" '.$param['w_choices_checked'][$l].' '.$param['attributes'].' '.($param['w_field_option_pos']=='right' ? 'style="float:left !important;"' : "").' disabled/><label id="'.$id.'_label_element'.$l.'" class="ch-rad-label" for="'.$id.'_elementform_id_temp'.$l.'" '.$where.' '.$order_by.' '.$db_info.'>'.$param['w_choices'][$l].'</label></div>';
|
| 658 |
}
|
| 659 |
}
|
| 660 |
|
admin/models/FMModelSubmissions_fm.php
CHANGED
|
@@ -67,8 +67,8 @@ class FMModelSubmissions_fm {
|
|
| 67 |
$sorted_label_names_original = array();
|
| 68 |
$where_labels = array();
|
| 69 |
$where2 = array();
|
| 70 |
-
$order_by = (isset($_POST['order_by']) ? esc_html(stripslashes($_POST['order_by'])) : 'group_id');
|
| 71 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html(
|
| 72 |
$limit = ((isset($_POST['page_number'])) ? ((int) $_POST['page_number'] - 1) * 20 : 0);
|
| 73 |
$lists['hide_label_list'] = ((isset($_POST['hide_label_list'])) ? esc_html(stripslashes($_POST['hide_label_list'])) : '');
|
| 74 |
$lists['startdate'] = ((isset($_POST['startdate'])) ? esc_html(stripslashes($_POST['startdate'])) : '');
|
| 67 |
$sorted_label_names_original = array();
|
| 68 |
$where_labels = array();
|
| 69 |
$where2 = array();
|
| 70 |
+
$order_by = ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'group_id');
|
| 71 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && ($_POST['asc_or_desc'] == 'asc' || $_POST['asc_or_desc'] == 'desc')) ? esc_html($_POST['asc_or_desc']) : 'asc');
|
| 72 |
$limit = ((isset($_POST['page_number'])) ? ((int) $_POST['page_number'] - 1) * 20 : 0);
|
| 73 |
$lists['hide_label_list'] = ((isset($_POST['hide_label_list'])) ? esc_html(stripslashes($_POST['hide_label_list'])) : '');
|
| 74 |
$lists['startdate'] = ((isset($_POST['startdate'])) ? esc_html(stripslashes($_POST['startdate'])) : '');
|
admin/models/FMModelThemes_fm.php
CHANGED
|
@@ -21,8 +21,11 @@ class FMModelThemes_fm {
|
|
| 21 |
public function get_rows_data() {
|
| 22 |
global $wpdb;
|
| 23 |
$where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE title LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
| 24 |
-
$asc_or_desc = ((isset($_POST['asc_or_desc'])) ? esc_html($_POST['asc_or_desc']) : 'asc');
|
| 25 |
-
|
|
|
|
|
|
|
|
|
|
| 26 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
| 27 |
$limit = ((int) $_POST['page_number'] - 1) * 20;
|
| 28 |
}
|
| 21 |
public function get_rows_data() {
|
| 22 |
global $wpdb;
|
| 23 |
$where = ((isset($_POST['search_value']) && (esc_html($_POST['search_value']) != '')) ? 'WHERE title LIKE "%' . esc_html($_POST['search_value']) . '%"' : '');
|
| 24 |
+
$asc_or_desc = ((isset($_POST['asc_or_desc']) && ($_POST['asc_or_desc'] == 'asc' || $_POST['asc_or_desc'] == 'desc')) ? esc_html($_POST['asc_or_desc']) : 'asc');
|
| 25 |
+
$order_by = ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'id');
|
| 26 |
+
$order_by_array = array('id', 'title', 'default');
|
| 27 |
+
$order_by = in_array($order_by, $order_by_array) ? $order_by : 'id';
|
| 28 |
+
$order_by = ' ORDER BY `' . $order_by . '` ' . $asc_or_desc;
|
| 29 |
if (isset($_POST['page_number']) && $_POST['page_number']) {
|
| 30 |
$limit = ((int) $_POST['page_number'] - 1) * 20;
|
| 31 |
}
|
form-maker.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Form Maker
|
| 4 |
* Plugin URI: http://web-dorado.com/products/form-maker-wordpress.html
|
| 5 |
* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
|
| 6 |
-
* Version: 1.7.
|
| 7 |
* Author: WebDorado
|
| 8 |
* Author URI: http://web-dorado.com/
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -176,12 +176,25 @@ function fm_output_buffer() {
|
|
| 176 |
add_shortcode('Form', 'fm_shortcode');
|
| 177 |
|
| 178 |
function fm_shortcode($attrs) {
|
| 179 |
-
$new_shortcode = '[Form';
|
| 180 |
-
|
| 181 |
-
|
| 182 |
-
|
| 183 |
-
|
| 184 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 185 |
}
|
| 186 |
|
| 187 |
add_shortcode('email_verification', 'fm_email_verification_shortcode');
|
|
@@ -217,7 +230,7 @@ function Form_maker_fornt_end_main($content) {
|
|
| 217 |
}
|
| 218 |
return $content;
|
| 219 |
}
|
| 220 |
-
add_filter('the_content', 'Form_maker_fornt_end_main', 5000);
|
| 221 |
|
| 222 |
// Add the Form Maker button to editor.
|
| 223 |
add_action('wp_ajax_formmakerwindow', 'form_maker_ajax');
|
|
@@ -233,7 +246,7 @@ if (class_exists('WP_Widget')) {
|
|
| 233 |
// Activate plugin.
|
| 234 |
function form_maker_activate() {
|
| 235 |
$version = get_option("wd_form_maker_version");
|
| 236 |
-
$new_version = '1.7.
|
| 237 |
if (!$version) {
|
| 238 |
add_option("wd_form_maker_version", $new_version, '', 'no');
|
| 239 |
global $wpdb;
|
| 3 |
* Plugin Name: Form Maker
|
| 4 |
* Plugin URI: http://web-dorado.com/products/form-maker-wordpress.html
|
| 5 |
* Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
|
| 6 |
+
* Version: 1.7.57
|
| 7 |
* Author: WebDorado
|
| 8 |
* Author URI: http://web-dorado.com/
|
| 9 |
* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
|
| 176 |
add_shortcode('Form', 'fm_shortcode');
|
| 177 |
|
| 178 |
function fm_shortcode($attrs) {
|
| 179 |
+
/* $new_shortcode = '[Form';
|
| 180 |
+
foreach ($attrs as $key=>$value) {
|
| 181 |
+
$new_shortcode .= ' ' . $key . '="' . $value . '"';
|
| 182 |
+
}
|
| 183 |
+
$new_shortcode .= ']';
|
| 184 |
+
return $new_shortcode;
|
| 185 |
+
*/
|
| 186 |
+
ob_start();
|
| 187 |
+
FM_front_end_main($attrs);
|
| 188 |
+
return str_replace(array("\r\n", "\n", "\r"), '', ob_get_clean());
|
| 189 |
+
}
|
| 190 |
+
|
| 191 |
+
function FM_front_end_main($params) {
|
| 192 |
+
if(!isset($params['type'])){
|
| 193 |
+
$form_id = isset($params['id']) ? (int)$params['id'] : '';
|
| 194 |
+
if($form_id)
|
| 195 |
+
wd_form_maker($form_id);
|
| 196 |
+
}
|
| 197 |
+
return;
|
| 198 |
}
|
| 199 |
|
| 200 |
add_shortcode('email_verification', 'fm_email_verification_shortcode');
|
| 230 |
}
|
| 231 |
return $content;
|
| 232 |
}
|
| 233 |
+
//add_filter('the_content', 'Form_maker_fornt_end_main', 5000);
|
| 234 |
|
| 235 |
// Add the Form Maker button to editor.
|
| 236 |
add_action('wp_ajax_formmakerwindow', 'form_maker_ajax');
|
| 246 |
// Activate plugin.
|
| 247 |
function form_maker_activate() {
|
| 248 |
$version = get_option("wd_form_maker_version");
|
| 249 |
+
$new_version = '1.7.57';
|
| 250 |
if (!$version) {
|
| 251 |
add_option("wd_form_maker_version", $new_version, '', 'no');
|
| 252 |
global $wpdb;
|
frontend/views/FMViewForm_maker.php
CHANGED
|
@@ -111,7 +111,7 @@ class FMViewForm_maker {
|
|
| 111 |
$form_theme = implode('{', $body_or_classes_implode);
|
| 112 |
$form_maker_front_end .= '<style>' . str_replace('[SITE_ROOT]', WD_FM_URL, $form_theme) . '</style>';
|
| 113 |
wp_print_scripts('main' . (($old == false || ($old == true && $row->form=='')) ? '_div' : '') . '_front_end', WD_FM_URL . '/js/main' . (($old == false || ($old == true && $row->form=='')) ? '_div' : '') . '_front_end.js?ver='. get_option("wd_form_maker_version"));
|
| 114 |
-
|
| 115 |
$form_currency = '$';
|
| 116 |
$check_js = '';
|
| 117 |
$onload_js = '';
|
|
@@ -2357,7 +2357,7 @@ class FMViewForm_maker {
|
|
| 2357 |
}
|
| 2358 |
';
|
| 2359 |
}
|
| 2360 |
-
|
| 2361 |
break;
|
| 2362 |
}
|
| 2363 |
|
|
@@ -2662,7 +2662,6 @@ class FMViewForm_maker {
|
|
| 2662 |
$param['w_field_label_pos1'] = ($param['w_field_label_pos']=="left" ? "float: left;" : "");
|
| 2663 |
$param['w_field_label_pos2'] = ($param['w_field_label_pos']=="left" ? "" : "display:block;");
|
| 2664 |
|
| 2665 |
-
//<div id="wd_recaptcha'.$form_id.'" '.$param['attributes'].'>'.$secure_server.'</div>
|
| 2666 |
$publickey=($row->public_key ? $row->public_key : '0');
|
| 2667 |
$error = null;
|
| 2668 |
require_once(WD_FM_DIR . '/recaptchalib.php');
|
|
@@ -4182,7 +4181,7 @@ class FMViewForm_maker {
|
|
| 4182 |
}
|
| 4183 |
generate_page_nav(first_form_view<?php echo $id ?>, '<?php echo $id ?>', form_view_count<?php echo $id ?>, form_view_max<?php echo $id ?>);
|
| 4184 |
}
|
| 4185 |
-
|
| 4186 |
});
|
| 4187 |
function check_required<?php echo $form_id ?>(but_type) {
|
| 4188 |
if (but_type == 'reset') {
|
| 111 |
$form_theme = implode('{', $body_or_classes_implode);
|
| 112 |
$form_maker_front_end .= '<style>' . str_replace('[SITE_ROOT]', WD_FM_URL, $form_theme) . '</style>';
|
| 113 |
wp_print_scripts('main' . (($old == false || ($old == true && $row->form=='')) ? '_div' : '') . '_front_end', WD_FM_URL . '/js/main' . (($old == false || ($old == true && $row->form=='')) ? '_div' : '') . '_front_end.js?ver='. get_option("wd_form_maker_version"));
|
| 114 |
+
|
| 115 |
$form_currency = '$';
|
| 116 |
$check_js = '';
|
| 117 |
$onload_js = '';
|
| 2357 |
}
|
| 2358 |
';
|
| 2359 |
}
|
| 2360 |
+
|
| 2361 |
break;
|
| 2362 |
}
|
| 2363 |
|
| 2662 |
$param['w_field_label_pos1'] = ($param['w_field_label_pos']=="left" ? "float: left;" : "");
|
| 2663 |
$param['w_field_label_pos2'] = ($param['w_field_label_pos']=="left" ? "" : "display:block;");
|
| 2664 |
|
|
|
|
| 2665 |
$publickey=($row->public_key ? $row->public_key : '0');
|
| 2666 |
$error = null;
|
| 2667 |
require_once(WD_FM_DIR . '/recaptchalib.php');
|
| 4181 |
}
|
| 4182 |
generate_page_nav(first_form_view<?php echo $id ?>, '<?php echo $id ?>', form_view_count<?php echo $id ?>, form_view_max<?php echo $id ?>);
|
| 4183 |
}
|
| 4184 |
+
|
| 4185 |
});
|
| 4186 |
function check_required<?php echo $form_id ?>(but_type) {
|
| 4187 |
if (but_type == 'reset') {
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: http://web-dorado.com/products/wordpress-form.html
|
|
| 4 |
Tags: form, forms, form builder, form maker, form manager, form plugin, form with recaptcha, forms plugin, multiple forms, paypal form, survey form, feedback form, feedback forms, contact form,contact form plugin, contact form builder, form creator, email form, secure form, web form, form to email, contact forms, custom forms, form widget, captcha form, wordpress contact form ,recaptcha contact form, form creation, contact form with auto reply, widget contact form, builder, feedback, contacts form plugin , custom contact form, contact us form, formular, formulario, admin, captcha, contact, database, email, javascript, jquery, page, plugin, survey, widget, custom form, forms creator, input, validation, send copy, form with captcha
|
| 5 |
Requires at least: 3.4
|
| 6 |
Tested up to: 4.2
|
| 7 |
-
Stable tag: 1.7.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -279,6 +279,9 @@ The Form Maker (Pro version) has simple PayPal integration. This allows the user
|
|
| 279 |
|
| 280 |
== Changelog ==
|
| 281 |
|
|
|
|
|
|
|
|
|
|
| 282 |
= 1.7.56 =
|
| 283 |
New: ReCaptcha version 2.0
|
| 284 |
New: Arithmetic Captcha
|
| 4 |
Tags: form, forms, form builder, form maker, form manager, form plugin, form with recaptcha, forms plugin, multiple forms, paypal form, survey form, feedback form, feedback forms, contact form,contact form plugin, contact form builder, form creator, email form, secure form, web form, form to email, contact forms, custom forms, form widget, captcha form, wordpress contact form ,recaptcha contact form, form creation, contact form with auto reply, widget contact form, builder, feedback, contacts form plugin , custom contact form, contact us form, formular, formulario, admin, captcha, contact, database, email, javascript, jquery, page, plugin, survey, widget, custom form, forms creator, input, validation, send copy, form with captcha
|
| 5 |
Requires at least: 3.4
|
| 6 |
Tested up to: 4.2
|
| 7 |
+
Stable tag: 1.7.57
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 279 |
|
| 280 |
== Changelog ==
|
| 281 |
|
| 282 |
+
= 1.7.57 =
|
| 283 |
+
Fixed: Security issue
|
| 284 |
+
|
| 285 |
= 1.7.56 =
|
| 286 |
New: ReCaptcha version 2.0
|
| 287 |
New: Arithmetic Captcha
|
