Version Description
- Fix: Add responsive styling for the .frm_four_col class when grids are disabled
- Fix: Fix number field HTML5 min, max, and step. This code was still in the pro form builder
- Fix: More escaping for translated strings, and whitelist false positives for code security tools
- Fix: When form builder is loaded with ajax, prevent errors when the default value is an array
- Fix: Add a nonce check when updating settings for a form
- Removed: Get rid of the start tour. We will add this back in a less annoying way.
Download this release
Release Info
Developer | sswells |
Plugin | Formidable Forms – Form Builder for WordPress |
Version | 3.01.03 |
Comparing to | |
See all releases |
Code changes from version 3.01.02 to 3.01.03
- classes/controllers/FrmAddonsController.php +1 -1
- classes/controllers/FrmAppController.php +3 -40
- classes/controllers/FrmEntriesController.php +5 -5
- classes/controllers/FrmFieldsController.php +14 -7
- classes/controllers/FrmFormActionsController.php +5 -0
- classes/controllers/FrmFormsController.php +11 -11
- classes/controllers/FrmSettingsController.php +1 -1
- classes/helpers/FrmAppHelper.php +3 -3
- classes/helpers/FrmCSVExportHelper.php +1 -1
- classes/helpers/FrmEntriesListHelper.php +2 -2
- classes/helpers/FrmFieldsHelper.php +5 -5
- classes/helpers/FrmFormsHelper.php +8 -4
- classes/helpers/FrmListHelper.php +23 -23
- classes/helpers/FrmStylesHelper.php +1 -1
- classes/helpers/FrmXMLHelper.php +5 -5
- classes/models/FrmAddon.php +1 -1
- classes/models/FrmCreateFile.php +1 -1
- classes/models/FrmDb.php +4 -4
- classes/models/FrmEDD_SL_Plugin_Updater.php +8 -7
- classes/models/FrmEntry.php +3 -3
- classes/models/FrmEntryMeta.php +5 -5
- classes/models/FrmEntryValidate.php +1 -1
- classes/models/FrmField.php +1 -1
- classes/models/FrmForm.php +4 -4
- classes/models/FrmMigrate.php +8 -8
- classes/models/FrmNotification.php +1 -1
- classes/models/FrmPointers.php +4 -325
- classes/models/fields/FrmFieldCaptcha.php +2 -2
- classes/models/fields/FrmFieldDefault.php +2 -2
- classes/models/fields/FrmFieldNumber.php +7 -0
- classes/models/fields/FrmFieldTextarea.php +5 -4
- classes/models/fields/FrmFieldType.php +40 -2
- classes/models/fields/FrmFieldUserID.php +1 -1
- classes/views/frm-entries/_sidebar-shared-pub.php +1 -1
- classes/views/frm-entries/direct.php +1 -1
- classes/views/frm-entries/errors.php +1 -1
- classes/views/frm-entries/form.php +4 -4
- classes/views/frm-entries/new.php +2 -2
- classes/views/frm-entries/no_entries.php +4 -4
- classes/views/frm-entries/show.php +1 -1
- classes/views/frm-entries/sidebar-shared.php +5 -5
- classes/views/frm-fields/back-end/ajax-field-placeholder.php +1 -1
- classes/views/frm-fields/back-end/dropdown-field.php +2 -2
- classes/views/frm-fields/back-end/field-captcha.php +1 -1
- classes/views/frm-fields/back-end/html-content.php +1 -1
- classes/views/frm-fields/front-end/checkbox-field.php +2 -2
- classes/views/frm-fields/front-end/dropdown-field.php +1 -1
- classes/views/frm-fields/front-end/radio-field.php +2 -2
- classes/views/frm-fields/input.php +2 -2
- classes/views/frm-fields/radio.php +1 -1
- classes/views/frm-fields/show-build.php +1 -1
- classes/views/frm-fields/single-option.php +3 -1
- classes/views/frm-form-actions/_action_inside.php +4 -2
- classes/views/frm-form-actions/_email_settings.php +1 -1
- classes/views/frm-forms/add_field.php +10 -4
- classes/views/frm-forms/add_field_links.php +2 -2
- classes/views/frm-forms/form.php +1 -1
- classes/views/frm-forms/mb_html_tab.php +1 -1
- classes/views/frm-forms/settings.php +10 -7
- classes/views/frm-settings/form.php +2 -2
- classes/views/shared/errors.php +3 -3
- classes/views/shared/mb_adv_info.php +3 -3
- classes/views/styles/custom_css.php +1 -1
- classes/views/styles/show.php +1 -1
- classes/views/xml/forms_xml.php +12 -12
- classes/views/xml/posts_xml.php +8 -8
- classes/widgets/FrmShowForm.php +4 -4
- css/_single_theme.css.php +16 -16
- css/custom_theme.css.php +2 -2
- css/frm_old_grids.css +10 -0
- formidable.php +5 -1
- languages/formidable.pot +645 -767
- readme.txt +29 -21
classes/controllers/FrmAddonsController.php
CHANGED
@@ -24,7 +24,7 @@ class FrmAddonsController {
|
|
24 |
public static function license_settings() {
|
25 |
$plugins = apply_filters( 'frm_installed_addons', array() );
|
26 |
if ( empty( $plugins ) ) {
|
27 |
-
|
28 |
return;
|
29 |
}
|
30 |
|
24 |
public static function license_settings() {
|
25 |
$plugins = apply_filters( 'frm_installed_addons', array() );
|
26 |
if ( empty( $plugins ) ) {
|
27 |
+
esc_html_e( 'There are no plugins on your site that require a license', 'formidable' );
|
28 |
return;
|
29 |
}
|
30 |
|
classes/controllers/FrmAppController.php
CHANGED
@@ -147,7 +147,7 @@ class FrmAppController {
|
|
147 |
?>
|
148 |
<div class="error" class="frm_previous_install">
|
149 |
<?php
|
150 |
-
echo apply_filters( 'frm_pro_update_msg',
|
151 |
sprintf(
|
152 |
esc_html__( 'This site has been previously authorized to run Formidable Forms. %1$sInstall Formidable Pro%2$s or %3$sdeauthorize%4$s this site to continue running the free version and remove this message.', 'formidable' ),
|
153 |
'<br/><a href="' . esc_url( $inst_install_url ) . '" target="_blank">', '</a>',
|
@@ -175,8 +175,8 @@ class FrmAppController {
|
|
175 |
$tip = FrmTipsHelper::get_banner_tip();
|
176 |
?>
|
177 |
<div class="update-nag frm-update-to-pro">
|
178 |
-
<?php echo FrmAppHelper::kses( $tip['tip'] ); ?>
|
179 |
-
<span><?php echo FrmAppHelper::kses( $tip['call'] ); ?></span>
|
180 |
<a href="<?php echo esc_url( FrmAppHelper::make_affiliate_url( 'https://formidableforms.com?banner=1&tip=' . absint( $tip['num'] ) ) ); ?>" class="button">Upgrade to Pro</a>
|
181 |
</div>
|
182 |
<?php
|
@@ -246,47 +246,10 @@ class FrmAppController {
|
|
246 |
$action = FrmAppHelper::simple_get( 'action', 'sanitize_title' );
|
247 |
if ( ! FrmAppHelper::doing_ajax() || $action == 'frm_import_choices' ) {
|
248 |
// don't continue during ajax calls
|
249 |
-
self::load_tour();
|
250 |
self::admin_js();
|
251 |
}
|
252 |
}
|
253 |
|
254 |
-
/**
|
255 |
-
* See if we should start our tour.
|
256 |
-
* @since 2.0.20
|
257 |
-
*/
|
258 |
-
private static function load_tour() {
|
259 |
-
$restart_tour = filter_input( INPUT_GET, 'frm_restart_tour' );
|
260 |
-
if ( $restart_tour ) {
|
261 |
-
delete_user_meta( get_current_user_id(), 'frm_ignore_tour' );
|
262 |
-
}
|
263 |
-
self::ignore_tour();
|
264 |
-
|
265 |
-
if ( ! self::has_ignored_tour() ) {
|
266 |
-
add_action( 'admin_enqueue_scripts', array( 'FrmPointers', 'get_instance' ) );
|
267 |
-
}
|
268 |
-
}
|
269 |
-
|
270 |
-
/**
|
271 |
-
* Returns the value of the ignore tour.
|
272 |
-
*
|
273 |
-
* @return bool
|
274 |
-
*/
|
275 |
-
private static function has_ignored_tour() {
|
276 |
-
$user_meta = get_user_meta( get_current_user_id(), 'frm_ignore_tour' );
|
277 |
-
|
278 |
-
return ! empty( $user_meta );
|
279 |
-
}
|
280 |
-
|
281 |
-
/**
|
282 |
-
* Listener for the ignore tour GET value. If this one is set, just set the user meta to true.
|
283 |
-
*/
|
284 |
-
private static function ignore_tour() {
|
285 |
-
if ( filter_input( INPUT_GET, 'frm_ignore_tour' ) && wp_verify_nonce( filter_input( INPUT_GET, 'nonce' ), 'frm-ignore-tour' ) ) {
|
286 |
-
update_user_meta( get_current_user_id(), 'frm_ignore_tour', true );
|
287 |
-
}
|
288 |
-
}
|
289 |
-
|
290 |
public static function admin_js() {
|
291 |
$version = FrmAppHelper::plugin_version();
|
292 |
FrmAppHelper::load_admin_wide_js( false );
|
147 |
?>
|
148 |
<div class="error" class="frm_previous_install">
|
149 |
<?php
|
150 |
+
echo apply_filters( 'frm_pro_update_msg', // WPCS: XSS ok.
|
151 |
sprintf(
|
152 |
esc_html__( 'This site has been previously authorized to run Formidable Forms. %1$sInstall Formidable Pro%2$s or %3$sdeauthorize%4$s this site to continue running the free version and remove this message.', 'formidable' ),
|
153 |
'<br/><a href="' . esc_url( $inst_install_url ) . '" target="_blank">', '</a>',
|
175 |
$tip = FrmTipsHelper::get_banner_tip();
|
176 |
?>
|
177 |
<div class="update-nag frm-update-to-pro">
|
178 |
+
<?php echo FrmAppHelper::kses( $tip['tip'] ); // WPCS: XSS ok. ?>
|
179 |
+
<span><?php echo FrmAppHelper::kses( $tip['call'] ); // WPCS: XSS ok. ?></span>
|
180 |
<a href="<?php echo esc_url( FrmAppHelper::make_affiliate_url( 'https://formidableforms.com?banner=1&tip=' . absint( $tip['num'] ) ) ); ?>" class="button">Upgrade to Pro</a>
|
181 |
</div>
|
182 |
<?php
|
246 |
$action = FrmAppHelper::simple_get( 'action', 'sanitize_title' );
|
247 |
if ( ! FrmAppHelper::doing_ajax() || $action == 'frm_import_choices' ) {
|
248 |
// don't continue during ajax calls
|
|
|
249 |
self::admin_js();
|
250 |
}
|
251 |
}
|
252 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
253 |
public static function admin_js() {
|
254 |
$version = FrmAppHelper::plugin_version();
|
255 |
FrmAppHelper::load_admin_wide_js( false );
|
classes/controllers/FrmEntriesController.php
CHANGED
@@ -396,7 +396,7 @@ class FrmEntriesController {
|
|
396 |
if ( $pagenum > $total_pages && $total_pages > 0 ) {
|
397 |
$url = add_query_arg( 'paged', $total_pages );
|
398 |
if ( headers_sent() ) {
|
399 |
-
echo FrmAppHelper::js_redirect( $url );
|
400 |
} else {
|
401 |
wp_redirect( esc_url_raw( $url ) );
|
402 |
}
|
@@ -433,7 +433,7 @@ class FrmEntriesController {
|
|
433 |
$entry = FrmEntry::getOne( $id, true );
|
434 |
if ( ! $entry ) {
|
435 |
echo '<div id="form_show_entry_page" class="wrap">' .
|
436 |
-
|
437 |
'</div>';
|
438 |
return;
|
439 |
}
|
@@ -470,7 +470,7 @@ class FrmEntriesController {
|
|
470 |
public static function destroy_all() {
|
471 |
if ( ! current_user_can( 'frm_delete_entries' ) ) {
|
472 |
$frm_settings = FrmAppHelper::get_settings();
|
473 |
-
wp_die( $frm_settings->admin_permission );
|
474 |
}
|
475 |
|
476 |
$params = FrmForm::get_admin_params();
|
@@ -520,8 +520,8 @@ class FrmEntriesController {
|
|
520 |
$entry_query .= $form_query;
|
521 |
}
|
522 |
|
523 |
-
$wpdb->query( $meta_query );
|
524 |
-
return $wpdb->query( $entry_query );
|
525 |
}
|
526 |
|
527 |
/**
|
396 |
if ( $pagenum > $total_pages && $total_pages > 0 ) {
|
397 |
$url = add_query_arg( 'paged', $total_pages );
|
398 |
if ( headers_sent() ) {
|
399 |
+
echo FrmAppHelper::js_redirect( $url ); // WPCS: XSS ok.
|
400 |
} else {
|
401 |
wp_redirect( esc_url_raw( $url ) );
|
402 |
}
|
433 |
$entry = FrmEntry::getOne( $id, true );
|
434 |
if ( ! $entry ) {
|
435 |
echo '<div id="form_show_entry_page" class="wrap">' .
|
436 |
+
esc_html__( 'You are trying to view an entry that does not exist.', 'formidable' ) .
|
437 |
'</div>';
|
438 |
return;
|
439 |
}
|
470 |
public static function destroy_all() {
|
471 |
if ( ! current_user_can( 'frm_delete_entries' ) ) {
|
472 |
$frm_settings = FrmAppHelper::get_settings();
|
473 |
+
wp_die( esc_html( $frm_settings->admin_permission ) );
|
474 |
}
|
475 |
|
476 |
$params = FrmForm::get_admin_params();
|
520 |
$entry_query .= $form_query;
|
521 |
}
|
522 |
|
523 |
+
$wpdb->query( $meta_query ); // WPCS: unprepared SQL ok.
|
524 |
+
return $wpdb->query( $entry_query ); // WPCS: unprepared SQL ok.
|
525 |
}
|
526 |
|
527 |
/**
|
classes/controllers/FrmFieldsController.php
CHANGED
@@ -33,6 +33,7 @@ class FrmFieldsController {
|
|
33 |
}
|
34 |
$field->field_options = json_decode( json_encode( $field->field_options ), true );
|
35 |
$field->options = json_decode( json_encode( $field->options ), true );
|
|
|
36 |
|
37 |
ob_start();
|
38 |
self::load_single_field( $field, $values );
|
@@ -71,11 +72,6 @@ class FrmFieldsController {
|
|
71 |
* @return array|bool
|
72 |
*/
|
73 |
public static function include_new_field( $field_type, $form_id ) {
|
74 |
-
$values = array();
|
75 |
-
if ( FrmAppHelper::pro_is_installed() ) {
|
76 |
-
$values['post_type'] = FrmProFormsHelper::post_type( $form_id );
|
77 |
-
}
|
78 |
-
|
79 |
$field_values = FrmFieldsHelper::setup_new_vars( $field_type, $form_id );
|
80 |
$field_values = apply_filters( 'frm_before_field_created', $field_values );
|
81 |
|
@@ -86,6 +82,17 @@ class FrmFieldsController {
|
|
86 |
}
|
87 |
|
88 |
$field = self::get_field_array_from_id( $field_id );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
89 |
self::load_single_field( $field, $values, $form_id );
|
90 |
|
91 |
return $field;
|
@@ -121,7 +128,7 @@ class FrmFieldsController {
|
|
121 |
|
122 |
do_action( 'frm_after_update_field_' . $field, compact( 'id', 'value' ) );
|
123 |
|
124 |
-
echo stripslashes( wp_kses_post( $value ) );
|
125 |
wp_die();
|
126 |
}
|
127 |
|
@@ -505,7 +512,7 @@ class FrmFieldsController {
|
|
505 |
$add_html = ' ' . implode( ' ', $add_html ) . ' ';
|
506 |
|
507 |
if ( $echo ) {
|
508 |
-
echo $add_html;
|
509 |
}
|
510 |
|
511 |
return $add_html;
|
33 |
}
|
34 |
$field->field_options = json_decode( json_encode( $field->field_options ), true );
|
35 |
$field->options = json_decode( json_encode( $field->options ), true );
|
36 |
+
$field->default_value = json_decode( json_encode( $field->default_value ), true );
|
37 |
|
38 |
ob_start();
|
39 |
self::load_single_field( $field, $values );
|
72 |
* @return array|bool
|
73 |
*/
|
74 |
public static function include_new_field( $field_type, $form_id ) {
|
|
|
|
|
|
|
|
|
|
|
75 |
$field_values = FrmFieldsHelper::setup_new_vars( $field_type, $form_id );
|
76 |
$field_values = apply_filters( 'frm_before_field_created', $field_values );
|
77 |
|
82 |
}
|
83 |
|
84 |
$field = self::get_field_array_from_id( $field_id );
|
85 |
+
|
86 |
+
$values = array();
|
87 |
+
if ( FrmAppHelper::pro_is_installed() ) {
|
88 |
+
$values['post_type'] = FrmProFormsHelper::post_type( $form_id );
|
89 |
+
|
90 |
+
$parent_form_id = FrmDb::get_var( 'frm_forms', array( 'id' => $form_id ), 'parent_form_id' );
|
91 |
+
if ( $parent_form_id ) {
|
92 |
+
$field['parent_form_id'] = $parent_form_id;
|
93 |
+
}
|
94 |
+
}
|
95 |
+
|
96 |
self::load_single_field( $field, $values, $form_id );
|
97 |
|
98 |
return $field;
|
128 |
|
129 |
do_action( 'frm_after_update_field_' . $field, compact( 'id', 'value' ) );
|
130 |
|
131 |
+
echo stripslashes( wp_kses_post( $value ) ); // WPCS: XSS ok.
|
132 |
wp_die();
|
133 |
}
|
134 |
|
512 |
$add_html = ' ' . implode( ' ', $add_html ) . ' ';
|
513 |
|
514 |
if ( $echo ) {
|
515 |
+
echo $add_html; // WPCS: XSS ok.
|
516 |
}
|
517 |
|
518 |
return $add_html;
|
classes/controllers/FrmFormActionsController.php
CHANGED
@@ -201,6 +201,11 @@ class FrmFormActionsController {
|
|
201 |
}
|
202 |
|
203 |
public static function update_settings( $form_id ) {
|
|
|
|
|
|
|
|
|
|
|
204 |
global $wpdb;
|
205 |
|
206 |
$registered_actions = self::$registered_actions->actions;
|
201 |
}
|
202 |
|
203 |
public static function update_settings( $form_id ) {
|
204 |
+
$process_form = FrmAppHelper::get_post_param( 'process_form', '', 'sanitize_text_field' );
|
205 |
+
if ( ! wp_verify_nonce( $process_form, 'process_form_nonce' ) ) {
|
206 |
+
wp_die( esc_html__( 'You do not have permission to do that', 'formidable' ) );
|
207 |
+
}
|
208 |
+
|
209 |
global $wpdb;
|
210 |
|
211 |
$registered_actions = self::$registered_actions->actions;
|
classes/controllers/FrmFormsController.php
CHANGED
@@ -136,7 +136,7 @@ class FrmFormsController {
|
|
136 |
} else {
|
137 |
FrmForm::update( $id, $values, true );
|
138 |
$url = admin_url( 'admin.php?page=formidable&frm_action=settings&id=' . $id );
|
139 |
-
die( FrmAppHelper::js_redirect( $url ) );
|
140 |
}
|
141 |
}
|
142 |
|
@@ -198,7 +198,7 @@ class FrmFormsController {
|
|
198 |
FrmForm::update( $id, $values );
|
199 |
$message = __( 'Form was Successfully Updated', 'formidable' );
|
200 |
if ( defined( 'DOING_AJAX' ) ) {
|
201 |
-
wp_die( $message );
|
202 |
}
|
203 |
return self::get_edit_vars( $id, array(), $message );
|
204 |
}
|
@@ -253,7 +253,7 @@ class FrmFormsController {
|
|
253 |
* @since 3.0
|
254 |
*/
|
255 |
public static function show_page_preview() {
|
256 |
-
echo self::page_preview();
|
257 |
}
|
258 |
|
259 |
public static function preview() {
|
@@ -676,11 +676,11 @@ class FrmFormsController {
|
|
676 |
|
677 |
$form = FrmForm::getOne( $id );
|
678 |
if ( ! $form ) {
|
679 |
-
wp_die(
|
680 |
}
|
681 |
|
682 |
if ( $form->parent_form_id ) {
|
683 |
-
wp_die( sprintf(
|
684 |
}
|
685 |
|
686 |
$frm_field_selection = FrmField::field_selection();
|
@@ -708,7 +708,7 @@ class FrmFormsController {
|
|
708 |
$all_templates = FrmForm::getAll( array( 'is_template' => 1 ), 'name' );
|
709 |
|
710 |
if ( $form->default_template ) {
|
711 |
-
wp_die(
|
712 |
} elseif ( defined( 'DOING_AJAX' ) ) {
|
713 |
wp_die();
|
714 |
} else if ( $create_link ) {
|
@@ -729,7 +729,7 @@ class FrmFormsController {
|
|
729 |
$values = FrmAppHelper::setup_edit_vars( $form, 'forms', $fields, true );
|
730 |
|
731 |
if ( isset( $values['default_template'] ) && $values['default_template'] ) {
|
732 |
-
wp_die(
|
733 |
}
|
734 |
|
735 |
self::clean_submit_html( $values );
|
@@ -851,7 +851,7 @@ class FrmFormsController {
|
|
851 |
FrmAppHelper::permission_check( 'frm_view_forms' );
|
852 |
check_ajax_referer( 'frm_ajax', 'nonce' );
|
853 |
|
854 |
-
echo FrmEntriesController::show_entry_shortcode( array(
|
855 |
'form_id' => FrmAppHelper::get_post_param( 'form_id', '', 'absint' ),
|
856 |
'default_email' => true,
|
857 |
'plain_text' => FrmAppHelper::get_post_param( 'plain_text', '', 'absint' ),
|
@@ -933,7 +933,7 @@ class FrmFormsController {
|
|
933 |
}
|
934 |
|
935 |
if ( isset( $message ) && ! empty( $message ) ) {
|
936 |
-
echo '<div id="message" class="updated frm_updated_message">' . FrmAppHelper::kses( $message, array( 'a' ) ) . '</div>';
|
937 |
}
|
938 |
|
939 |
return $errors;
|
@@ -1383,7 +1383,7 @@ class FrmFormsController {
|
|
1383 |
$old_post = $post;
|
1384 |
$post = $page;
|
1385 |
$content = apply_filters( 'frm_content', $page->post_content, $args['form'], $args['entry_id'] );
|
1386 |
-
echo apply_filters( 'the_content', $content );
|
1387 |
$post = $old_post;
|
1388 |
}
|
1389 |
}
|
@@ -1422,7 +1422,7 @@ class FrmFormsController {
|
|
1422 |
} else {
|
1423 |
add_filter( 'frm_use_wpautop', '__return_true' );
|
1424 |
|
1425 |
-
echo $redirect_msg;
|
1426 |
echo "<script type='text/javascript'>window.onload = function(){setTimeout(window.location='" . esc_url_raw( $success_url ) . "', 8000);}</script>";
|
1427 |
}
|
1428 |
}
|
136 |
} else {
|
137 |
FrmForm::update( $id, $values, true );
|
138 |
$url = admin_url( 'admin.php?page=formidable&frm_action=settings&id=' . $id );
|
139 |
+
die( FrmAppHelper::js_redirect( $url ) ); // WPCS: XSS ok.
|
140 |
}
|
141 |
}
|
142 |
|
198 |
FrmForm::update( $id, $values );
|
199 |
$message = __( 'Form was Successfully Updated', 'formidable' );
|
200 |
if ( defined( 'DOING_AJAX' ) ) {
|
201 |
+
wp_die( esc_html( $message ) );
|
202 |
}
|
203 |
return self::get_edit_vars( $id, array(), $message );
|
204 |
}
|
253 |
* @since 3.0
|
254 |
*/
|
255 |
public static function show_page_preview() {
|
256 |
+
echo self::page_preview(); // WPCS: XSS ok.
|
257 |
}
|
258 |
|
259 |
public static function preview() {
|
676 |
|
677 |
$form = FrmForm::getOne( $id );
|
678 |
if ( ! $form ) {
|
679 |
+
wp_die( esc_html__( 'You are trying to edit a form that does not exist.', 'formidable' ) );
|
680 |
}
|
681 |
|
682 |
if ( $form->parent_form_id ) {
|
683 |
+
wp_die( sprintf( esc_html__( 'You are trying to edit a child form. Please edit from %1$shere%2$s', 'formidable' ), '<a href="' . esc_url( admin_url( 'admin.php?page=formidable&frm_action=edit&id=' . $form->parent_form_id ) ) . '">', '</a>' ) );
|
684 |
}
|
685 |
|
686 |
$frm_field_selection = FrmField::field_selection();
|
708 |
$all_templates = FrmForm::getAll( array( 'is_template' => 1 ), 'name' );
|
709 |
|
710 |
if ( $form->default_template ) {
|
711 |
+
wp_die( esc_html__( 'That template cannot be edited', 'formidable' ) );
|
712 |
} elseif ( defined( 'DOING_AJAX' ) ) {
|
713 |
wp_die();
|
714 |
} else if ( $create_link ) {
|
729 |
$values = FrmAppHelper::setup_edit_vars( $form, 'forms', $fields, true );
|
730 |
|
731 |
if ( isset( $values['default_template'] ) && $values['default_template'] ) {
|
732 |
+
wp_die( esc_html__( 'That template cannot be edited', 'formidable' ) );
|
733 |
}
|
734 |
|
735 |
self::clean_submit_html( $values );
|
851 |
FrmAppHelper::permission_check( 'frm_view_forms' );
|
852 |
check_ajax_referer( 'frm_ajax', 'nonce' );
|
853 |
|
854 |
+
echo FrmEntriesController::show_entry_shortcode( array( // WPCS: XSS ok.
|
855 |
'form_id' => FrmAppHelper::get_post_param( 'form_id', '', 'absint' ),
|
856 |
'default_email' => true,
|
857 |
'plain_text' => FrmAppHelper::get_post_param( 'plain_text', '', 'absint' ),
|
933 |
}
|
934 |
|
935 |
if ( isset( $message ) && ! empty( $message ) ) {
|
936 |
+
echo '<div id="message" class="updated frm_updated_message">' . FrmAppHelper::kses( $message, array( 'a' ) ) . '</div>'; // WPCS: XSS ok.
|
937 |
}
|
938 |
|
939 |
return $errors;
|
1383 |
$old_post = $post;
|
1384 |
$post = $page;
|
1385 |
$content = apply_filters( 'frm_content', $page->post_content, $args['form'], $args['entry_id'] );
|
1386 |
+
echo apply_filters( 'the_content', $content ); // WPCS: XSS ok.
|
1387 |
$post = $old_post;
|
1388 |
}
|
1389 |
}
|
1422 |
} else {
|
1423 |
add_filter( 'frm_use_wpautop', '__return_true' );
|
1424 |
|
1425 |
+
echo $redirect_msg; // WPCS: XSS ok.
|
1426 |
echo "<script type='text/javascript'>window.onload = function(){setTimeout(window.location='" . esc_url_raw( $success_url ) . "', 8000);}</script>";
|
1427 |
}
|
1428 |
}
|
classes/controllers/FrmSettingsController.php
CHANGED
@@ -72,7 +72,7 @@ class FrmSettingsController {
|
|
72 |
|
73 |
$process_form = FrmAppHelper::get_post_param( 'process_form', '', 'sanitize_text_field' );
|
74 |
if ( ! wp_verify_nonce( $process_form, 'process_form_nonce' ) ) {
|
75 |
-
|
76 |
}
|
77 |
|
78 |
$errors = array();
|
72 |
|
73 |
$process_form = FrmAppHelper::get_post_param( 'process_form', '', 'sanitize_text_field' );
|
74 |
if ( ! wp_verify_nonce( $process_form, 'process_form_nonce' ) ) {
|
75 |
+
wp_die( esc_html( $frm_settings->admin_permission ) );
|
76 |
}
|
77 |
|
78 |
$errors = array();
|
classes/helpers/FrmAppHelper.php
CHANGED
@@ -11,7 +11,7 @@ class FrmAppHelper {
|
|
11 |
/**
|
12 |
* @since 2.0
|
13 |
*/
|
14 |
-
public static $plug_version = '3.01.
|
15 |
|
16 |
/**
|
17 |
* @since 1.07.02
|
@@ -774,7 +774,7 @@ class FrmAppHelper {
|
|
774 |
if ( 'hide' == $show_message ) {
|
775 |
$permission_error = '';
|
776 |
}
|
777 |
-
wp_die( $permission_error );
|
778 |
}
|
779 |
}
|
780 |
|
@@ -1680,7 +1680,7 @@ class FrmAppHelper {
|
|
1680 |
|
1681 |
$wp_list_table = _get_list_table( 'WP_Plugins_List_Table' );
|
1682 |
echo '<tr class="plugin-update-tr active"><th colspan="' . absint( $wp_list_table->get_column_count() ) . '" class="check-column plugin-update colspanchange"><div class="update-message">' .
|
1683 |
-
|
1684 |
'</div></td></tr>';
|
1685 |
}
|
1686 |
|
11 |
/**
|
12 |
* @since 2.0
|
13 |
*/
|
14 |
+
public static $plug_version = '3.01.03';
|
15 |
|
16 |
/**
|
17 |
* @since 1.07.02
|
774 |
if ( 'hide' == $show_message ) {
|
775 |
$permission_error = '';
|
776 |
}
|
777 |
+
wp_die( esc_html( $permission_error ) );
|
778 |
}
|
779 |
}
|
780 |
|
1680 |
|
1681 |
$wp_list_table = _get_list_table( 'WP_Plugins_List_Table' );
|
1682 |
echo '<tr class="plugin-update-tr active"><th colspan="' . absint( $wp_list_table->get_column_count() ) . '" class="check-column plugin-update colspanchange"><div class="update-message">' .
|
1683 |
+
esc_html__( 'You are running an outdated version of Formidable. This plugin may not work correctly if you do not update Formidable.', 'formidable' ) .
|
1684 |
'</div></td></tr>';
|
1685 |
}
|
1686 |
|
classes/helpers/FrmCSVExportHelper.php
CHANGED
@@ -269,7 +269,7 @@ class FrmCSVExportHelper {
|
|
269 |
$val = str_replace( array( "\r\n", "\r", "\n" ), self::$line_break, $val );
|
270 |
}
|
271 |
|
272 |
-
echo $sep . '"' . $val . '"';
|
273 |
$sep = self::$column_separator;
|
274 |
|
275 |
unset( $k, $row );
|
269 |
$val = str_replace( array( "\r\n", "\r", "\n" ), self::$line_break, $val );
|
270 |
}
|
271 |
|
272 |
+
echo $sep . '"' . $val . '"'; // WPCS: XSS ok.
|
273 |
$sep = self::$column_separator;
|
274 |
|
275 |
unset( $k, $row );
|
classes/helpers/FrmEntriesListHelper.php
CHANGED
@@ -98,7 +98,7 @@ class FrmEntriesListHelper extends FrmListHelper {
|
|
98 |
$form_id = FrmAppHelper::simple_get( 'form', 'absint' );
|
99 |
if ( $which == 'top' && empty( $form_id ) ) {
|
100 |
echo '<div class="alignleft actions">';
|
101 |
-
echo FrmFormsHelper::forms_dropdown( 'form', $form_id, array( 'blank' => __( 'View all forms', 'formidable' ) ) );
|
102 |
submit_button( __( 'Filter' ), 'filter_action', '', false, array( 'id' => 'post-query-submit' ) );
|
103 |
echo '</div>';
|
104 |
}
|
@@ -209,7 +209,7 @@ class FrmEntriesListHelper extends FrmListHelper {
|
|
209 |
$val = '<abbr title="' . esc_attr( FrmAppHelper::get_formatted_time( $item->{$col_name}, '', 'g:i:s A' ) ) . '">' . $date . '</abbr>';
|
210 |
break;
|
211 |
case 'is_draft':
|
212 |
-
$val = empty( $item->is_draft ) ?
|
213 |
break;
|
214 |
case 'form_id':
|
215 |
$val = FrmFormsHelper::edit_form_link( $item->form_id );
|
98 |
$form_id = FrmAppHelper::simple_get( 'form', 'absint' );
|
99 |
if ( $which == 'top' && empty( $form_id ) ) {
|
100 |
echo '<div class="alignleft actions">';
|
101 |
+
echo FrmFormsHelper::forms_dropdown( 'form', $form_id, array( 'blank' => __( 'View all forms', 'formidable' ) ) ); // WPCS: XSS ok.
|
102 |
submit_button( __( 'Filter' ), 'filter_action', '', false, array( 'id' => 'post-query-submit' ) );
|
103 |
echo '</div>';
|
104 |
}
|
209 |
$val = '<abbr title="' . esc_attr( FrmAppHelper::get_formatted_time( $item->{$col_name}, '', 'g:i:s A' ) ) . '">' . $date . '</abbr>';
|
210 |
break;
|
211 |
case 'is_draft':
|
212 |
+
$val = empty( $item->is_draft ) ? esc_html__( 'No' ) : esc_html__( 'Yes' );
|
213 |
break;
|
214 |
case 'form_id':
|
215 |
$val = FrmFormsHelper::edit_form_link( $item->form_id );
|
classes/helpers/FrmFieldsHelper.php
CHANGED
@@ -475,10 +475,10 @@ class FrmFieldsHelper {
|
|
475 |
return '';
|
476 |
}
|
477 |
|
478 |
-
|
479 |
-
|
480 |
-
'<a href="' . esc_url( admin_url( 'edit-tags.php?taxonomy=' . $tax->name ) ) . '" target="_blank">' . ( empty( $tax->labels->name ) ?
|
481 |
-
|
482 |
unset( $tax );
|
483 |
|
484 |
return $link;
|
@@ -1094,7 +1094,7 @@ class FrmFieldsHelper {
|
|
1094 |
|
1095 |
?><label for="<?php echo esc_attr( $other_id ) ?>" class="frm_screen_reader frm_hidden"><?php
|
1096 |
echo esc_html( $label );
|
1097 |
-
?></label><input type="text" id="<?php echo esc_attr( $other_id ) ?>" class="<?php echo
|
1098 |
echo ( $args['read_only'] ? ' readonly="readonly" disabled="disabled"' : '' );
|
1099 |
?> name="<?php echo esc_attr( $args['name'] ) ?>" value="<?php echo esc_attr( $args['value'] ); ?>" /><?php
|
1100 |
}
|
475 |
return '';
|
476 |
}
|
477 |
|
478 |
+
$link = sprintf(
|
479 |
+
esc_html__( 'Please add options from the WordPress "%1$s" page', 'formidable' ),
|
480 |
+
'<a href="' . esc_url( admin_url( 'edit-tags.php?taxonomy=' . $tax->name ) ) . '" target="_blank">' . ( empty( $tax->labels->name ) ? esc_html__( 'Categories' ) : $tax->labels->name ) . '</a>'
|
481 |
+
);
|
482 |
unset( $tax );
|
483 |
|
484 |
return $link;
|
1094 |
|
1095 |
?><label for="<?php echo esc_attr( $other_id ) ?>" class="frm_screen_reader frm_hidden"><?php
|
1096 |
echo esc_html( $label );
|
1097 |
+
?></label><input type="text" id="<?php echo esc_attr( $other_id ) ?>" class="<?php echo esc_attr( implode( ' ', $classes ) ) ?>" <?php
|
1098 |
echo ( $args['read_only'] ? ' readonly="readonly" disabled="disabled"' : '' );
|
1099 |
?> name="<?php echo esc_attr( $args['name'] ) ?>" value="<?php echo esc_attr( $args['value'] ); ?>" /><?php
|
1100 |
}
|
classes/helpers/FrmFormsHelper.php
CHANGED
@@ -46,7 +46,7 @@ class FrmFormsHelper {
|
|
46 |
self::add_html_attr( $args['class'], 'class', $add_html );
|
47 |
|
48 |
?>
|
49 |
-
<select name="<?php echo esc_attr( $field_name ); ?>" id="<?php echo esc_attr( $args['field_id'] ) ?>" <?php echo implode( ' ', $add_html ); ?>>
|
50 |
<?php if ( $args['blank'] ) { ?>
|
51 |
<option value=""><?php echo ( $args['blank'] == 1 ) ? ' ' : '- ' . esc_attr( $args['blank'] ) . ' -'; ?></option>
|
52 |
<?php } ?>
|
@@ -336,7 +336,7 @@ BEFORE_HTML;
|
|
336 |
public static function get_custom_submit( $html, $form, $submit, $form_action, $values ) {
|
337 |
$button = self::replace_shortcodes( $html, $form, $submit, $form_action, $values );
|
338 |
if ( ! strpos( $button, '[button_action]' ) ) {
|
339 |
-
echo $button;
|
340 |
return;
|
341 |
}
|
342 |
|
@@ -353,9 +353,9 @@ BEFORE_HTML;
|
|
353 |
}
|
354 |
}
|
355 |
|
356 |
-
echo $button_parts[0];
|
357 |
do_action( 'frm_submit_button_action', $form, $form_action );
|
358 |
-
echo $button_parts[1];
|
359 |
}
|
360 |
|
361 |
/**
|
@@ -561,6 +561,10 @@ BEFORE_HTML;
|
|
561 |
* @return bool
|
562 |
*/
|
563 |
private static function form_has_top_labels( $form ) {
|
|
|
|
|
|
|
|
|
564 |
$fields = $form['fields'];
|
565 |
if ( count( $fields ) <= 0 ) {
|
566 |
return false;
|
46 |
self::add_html_attr( $args['class'], 'class', $add_html );
|
47 |
|
48 |
?>
|
49 |
+
<select name="<?php echo esc_attr( $field_name ); ?>" id="<?php echo esc_attr( $args['field_id'] ) ?>" <?php echo wp_strip_all_tags( implode( ' ', $add_html ) ); // WPCS: XSS ok. ?>>
|
50 |
<?php if ( $args['blank'] ) { ?>
|
51 |
<option value=""><?php echo ( $args['blank'] == 1 ) ? ' ' : '- ' . esc_attr( $args['blank'] ) . ' -'; ?></option>
|
52 |
<?php } ?>
|
336 |
public static function get_custom_submit( $html, $form, $submit, $form_action, $values ) {
|
337 |
$button = self::replace_shortcodes( $html, $form, $submit, $form_action, $values );
|
338 |
if ( ! strpos( $button, '[button_action]' ) ) {
|
339 |
+
echo $button; // WPCS: XSS ok.
|
340 |
return;
|
341 |
}
|
342 |
|
353 |
}
|
354 |
}
|
355 |
|
356 |
+
echo $button_parts[0]; // WPCS: XSS ok.
|
357 |
do_action( 'frm_submit_button_action', $form, $form_action );
|
358 |
+
echo $button_parts[1]; // WPCS: XSS ok.
|
359 |
}
|
360 |
|
361 |
/**
|
561 |
* @return bool
|
562 |
*/
|
563 |
private static function form_has_top_labels( $form ) {
|
564 |
+
if ( ! isset( $form['fields'] ) ) {
|
565 |
+
return false;
|
566 |
+
}
|
567 |
+
|
568 |
$fields = $form['fields'];
|
569 |
if ( count( $fields ) <= 0 ) {
|
570 |
return false;
|
classes/helpers/FrmListHelper.php
CHANGED
@@ -133,7 +133,7 @@ class FrmListHelper {
|
|
133 |
|
134 |
public function display_rows() {
|
135 |
foreach ( $this->items as $item ) {
|
136 |
-
echo "\n\t", $this->single_row( $item );
|
137 |
}
|
138 |
}
|
139 |
|
@@ -228,7 +228,7 @@ class FrmListHelper {
|
|
228 |
* @access public
|
229 |
*/
|
230 |
public function no_items() {
|
231 |
-
|
232 |
}
|
233 |
|
234 |
/**
|
@@ -304,9 +304,9 @@ class FrmListHelper {
|
|
304 |
|
305 |
echo "<ul class='subsubsub'>\n";
|
306 |
foreach ( $views as $class => $view ) {
|
307 |
-
$views[ $class ] = "\t<li class='$class'
|
308 |
}
|
309 |
-
echo implode( " |</li>\n", $views ) . "</li>\n";
|
310 |
echo '</ul>';
|
311 |
}
|
312 |
|
@@ -367,7 +367,7 @@ class FrmListHelper {
|
|
367 |
foreach ( $this->_actions as $name => $title ) {
|
368 |
$class = 'edit' == $name ? ' class="hide-if-no-js"' : '';
|
369 |
|
370 |
-
echo "\t<option value='" . esc_attr( $name ) . "'$class
|
371 |
}
|
372 |
|
373 |
echo "</select>\n";
|
@@ -460,10 +460,10 @@ class FrmListHelper {
|
|
460 |
}
|
461 |
|
462 |
printf(
|
463 |
-
|
464 |
esc_url( add_query_arg( 'mode', $mode ) ),
|
465 |
-
implode( ' ', $classes ),
|
466 |
-
$title
|
467 |
);
|
468 |
}
|
469 |
?>
|
@@ -597,7 +597,7 @@ class FrmListHelper {
|
|
597 |
if ( ! empty( $infinite_scroll ) ) {
|
598 |
$pagination_links_class = ' hide-if-js';
|
599 |
}
|
600 |
-
$output .= "\n<span class='$pagination_links_class'>
|
601 |
|
602 |
if ( $total_pages ) {
|
603 |
$page_class = $total_pages < 2 ? ' one-page' : '';
|
@@ -606,7 +606,7 @@ class FrmListHelper {
|
|
606 |
}
|
607 |
$this->_pagination = "<div class='tablenav-pages" . esc_attr( $page_class ) . "'>$output</div>";
|
608 |
|
609 |
-
echo $this->_pagination;
|
610 |
}
|
611 |
|
612 |
private function disabled_pages( $total_pages ) {
|
@@ -887,7 +887,7 @@ class FrmListHelper {
|
|
887 |
$class[] = $desc_first ? 'asc' : 'desc';
|
888 |
}
|
889 |
|
890 |
-
$column_display_name = '<a href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
|
891 |
}
|
892 |
|
893 |
$tag = ( 'cb' === $column_key ) ? 'td' : 'th';
|
@@ -895,10 +895,10 @@ class FrmListHelper {
|
|
895 |
$id = $with_id ? "id='" . esc_attr( $column_key ) . "'" : '';
|
896 |
|
897 |
if ( ! empty( $class ) ) {
|
898 |
-
$class = "class='" . join( ' ', $class ) . "'";
|
899 |
}
|
900 |
|
901 |
-
echo "<$tag $scope $id $class>$column_display_name</$tag>";
|
902 |
}
|
903 |
}
|
904 |
|
@@ -920,7 +920,7 @@ class FrmListHelper {
|
|
920 |
</tr>
|
921 |
</thead>
|
922 |
|
923 |
-
<tbody id="the-list"<?php echo ( $singular ? " data-wp-lists='list:" . esc_attr( $singular ) . "'" : '' ); ?>>
|
924 |
<?php $this->display_rows_or_placeholder(); ?>
|
925 |
</tbody>
|
926 |
|
@@ -1037,14 +1037,14 @@ class FrmListHelper {
|
|
1037 |
|
1038 |
// Comments column uses HTML in the display name with screen reader text.
|
1039 |
// Instead of using esc_attr(), we strip tags to get closer to a user-friendly string.
|
1040 |
-
$data = 'data-colname="' .
|
1041 |
|
1042 |
-
$attributes =
|
1043 |
|
1044 |
if ( 'cb' == $column_name ) {
|
1045 |
echo '<th scope="row" class="check-column"></th>';
|
1046 |
} elseif ( method_exists( $this, '_column_' . $column_name ) ) {
|
1047 |
-
echo call_user_func(
|
1048 |
array( $this, '_column_' . $column_name ),
|
1049 |
$item,
|
1050 |
$classes,
|
@@ -1052,13 +1052,13 @@ class FrmListHelper {
|
|
1052 |
$primary
|
1053 |
);
|
1054 |
} elseif ( method_exists( $this, 'column_' . $column_name ) ) {
|
1055 |
-
echo "<td $attributes>";
|
1056 |
-
echo call_user_func( array( $this, 'column_' . $column_name ), $item );
|
1057 |
-
echo $this->handle_row_actions( $item, $column_name, $primary );
|
1058 |
echo '</td>';
|
1059 |
} else {
|
1060 |
-
echo "<td $attributes>";
|
1061 |
-
echo $this->handle_row_actions( $item, $column_name, $primary );
|
1062 |
echo '</td>';
|
1063 |
}
|
1064 |
}
|
@@ -1076,7 +1076,7 @@ class FrmListHelper {
|
|
1076 |
* @return string The row actions output. In this case, an empty string.
|
1077 |
*/
|
1078 |
protected function handle_row_actions( $item, $column_name, $primary ) {
|
1079 |
-
return $column_name == $primary ? '<button type="button" class="toggle-row"><span class="screen-reader-text">' .
|
1080 |
}
|
1081 |
|
1082 |
/**
|
133 |
|
134 |
public function display_rows() {
|
135 |
foreach ( $this->items as $item ) {
|
136 |
+
echo "\n\t", $this->single_row( $item ); // WPCS: XSS ok.
|
137 |
}
|
138 |
}
|
139 |
|
228 |
* @access public
|
229 |
*/
|
230 |
public function no_items() {
|
231 |
+
esc_html_e( 'No items found.' );
|
232 |
}
|
233 |
|
234 |
/**
|
304 |
|
305 |
echo "<ul class='subsubsub'>\n";
|
306 |
foreach ( $views as $class => $view ) {
|
307 |
+
$views[ $class ] = "\t" . '<li class="' . esc_attr( $class ) . '">' . $view;
|
308 |
}
|
309 |
+
echo implode( " |</li>\n", $views ) . "</li>\n"; // WPCS: XSS ok.
|
310 |
echo '</ul>';
|
311 |
}
|
312 |
|
367 |
foreach ( $this->_actions as $name => $title ) {
|
368 |
$class = 'edit' == $name ? ' class="hide-if-no-js"' : '';
|
369 |
|
370 |
+
echo "\t<option value='" . esc_attr( $name ) . "'$class>" . esc_html( $title ) . "</option>\n"; // WPCS: XSS ok.
|
371 |
}
|
372 |
|
373 |
echo "</select>\n";
|
460 |
}
|
461 |
|
462 |
printf(
|
463 |
+
'<a href="%s" class="%s" id="view-switch-' . esc_attr( $mode ) . '"><span class="screen-reader-text">%s</span></a>' . "\n",
|
464 |
esc_url( add_query_arg( 'mode', $mode ) ),
|
465 |
+
esc_attr( implode( ' ', $classes ) ),
|
466 |
+
esc_html( $title )
|
467 |
);
|
468 |
}
|
469 |
?>
|
597 |
if ( ! empty( $infinite_scroll ) ) {
|
598 |
$pagination_links_class = ' hide-if-js';
|
599 |
}
|
600 |
+
$output .= "\n" . '<span class="' . esc_attr( $pagination_links_class ) . '">' . join( "\n", $page_links ) . '</span>';
|
601 |
|
602 |
if ( $total_pages ) {
|
603 |
$page_class = $total_pages < 2 ? ' one-page' : '';
|
606 |
}
|
607 |
$this->_pagination = "<div class='tablenav-pages" . esc_attr( $page_class ) . "'>$output</div>";
|
608 |
|
609 |
+
echo $this->_pagination; // WPCS: XSS ok.
|
610 |
}
|
611 |
|
612 |
private function disabled_pages( $total_pages ) {
|
887 |
$class[] = $desc_first ? 'asc' : 'desc';
|
888 |
}
|
889 |
|
890 |
+
$column_display_name = '<a href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . esc_html( $column_display_name ) . '</span><span class="sorting-indicator"></span></a>';
|
891 |
}
|
892 |
|
893 |
$tag = ( 'cb' === $column_key ) ? 'td' : 'th';
|
895 |
$id = $with_id ? "id='" . esc_attr( $column_key ) . "'" : '';
|
896 |
|
897 |
if ( ! empty( $class ) ) {
|
898 |
+
$class = "class='" . esc_attr( join( ' ', $class ) ) . "'";
|
899 |
}
|
900 |
|
901 |
+
echo "<$tag $scope $id $class>$column_display_name</$tag>"; // WPCS: XSS ok.
|
902 |
}
|
903 |
}
|
904 |
|
920 |
</tr>
|
921 |
</thead>
|
922 |
|
923 |
+
<tbody id="the-list"<?php echo ( $singular ? " data-wp-lists='list:" . esc_attr( $singular ) . "'" : '' ); // WPCS: XSS ok. ?>>
|
924 |
<?php $this->display_rows_or_placeholder(); ?>
|
925 |
</tbody>
|
926 |
|
1037 |
|
1038 |
// Comments column uses HTML in the display name with screen reader text.
|
1039 |
// Instead of using esc_attr(), we strip tags to get closer to a user-friendly string.
|
1040 |
+
$data = 'data-colname="' . esc_attr( $column_display_name ) . '"';
|
1041 |
|
1042 |
+
$attributes = 'class="' . esc_attr( $classes ) . '" ' . $data;
|
1043 |
|
1044 |
if ( 'cb' == $column_name ) {
|
1045 |
echo '<th scope="row" class="check-column"></th>';
|
1046 |
} elseif ( method_exists( $this, '_column_' . $column_name ) ) {
|
1047 |
+
echo call_user_func( // WPCS: XSS ok.
|
1048 |
array( $this, '_column_' . $column_name ),
|
1049 |
$item,
|
1050 |
$classes,
|
1052 |
$primary
|
1053 |
);
|
1054 |
} elseif ( method_exists( $this, 'column_' . $column_name ) ) {
|
1055 |
+
echo "<td $attributes>"; // WPCS: XSS ok.
|
1056 |
+
echo call_user_func( array( $this, 'column_' . $column_name ), $item ); // WPCS: XSS ok.
|
1057 |
+
echo $this->handle_row_actions( $item, $column_name, $primary ); // WPCS: XSS ok.
|
1058 |
echo '</td>';
|
1059 |
} else {
|
1060 |
+
echo "<td $attributes>"; // WPCS: XSS ok.
|
1061 |
+
echo $this->handle_row_actions( $item, $column_name, $primary ); // WPCS: XSS ok.
|
1062 |
echo '</td>';
|
1063 |
}
|
1064 |
}
|
1076 |
* @return string The row actions output. In this case, an empty string.
|
1077 |
*/
|
1078 |
protected function handle_row_actions( $item, $column_name, $primary ) {
|
1079 |
+
return $column_name == $primary ? '<button type="button" class="toggle-row"><span class="screen-reader-text">' . esc_html__( 'Show more details' ) . '</span></button>' : '';
|
1080 |
}
|
1081 |
|
1082 |
/**
|
classes/helpers/FrmStylesHelper.php
CHANGED
@@ -226,7 +226,7 @@ class FrmStylesHelper {
|
|
226 |
<select name="<?php echo esc_attr( $frm_style->get_field_name( $name ) ); ?>" id="frm_<?php echo esc_attr( $name ); ?>" class="frm_icon_font frm_multiselect hide-if-js">
|
227 |
<?php foreach ( $icons as $key => $icon ) { ?>
|
228 |
<option value="<?php echo esc_attr( $key ) ?>" <?php selected( $style->post_content[ $name ], $key ) ?>>
|
229 |
-
<?php echo '' . $icon['+'] . '; ' . $icon['-'] . ';'; ?>
|
230 |
</option>
|
231 |
<?php } ?>
|
232 |
</select>
|
226 |
<select name="<?php echo esc_attr( $frm_style->get_field_name( $name ) ); ?>" id="frm_<?php echo esc_attr( $name ); ?>" class="frm_icon_font frm_multiselect hide-if-js">
|
227 |
<?php foreach ( $icons as $key => $icon ) { ?>
|
228 |
<option value="<?php echo esc_attr( $key ) ?>" <?php selected( $style->post_content[ $name ], $key ) ?>>
|
229 |
+
<?php echo '' . esc_html( $icon['+'] ) . '; ' . esc_html( $icon['-'] ) . ';'; ?>
|
230 |
</option>
|
231 |
<?php } ?>
|
232 |
</select>
|
classes/helpers/FrmXMLHelper.php
CHANGED
@@ -8,17 +8,17 @@ class FrmXMLHelper {
|
|
8 |
public static function get_xml_values( $opt, $padding ) {
|
9 |
if ( is_array( $opt ) ) {
|
10 |
foreach ( $opt as $ok => $ov ) {
|
11 |
-
echo "\n" . $padding;
|
12 |
$tag = ( is_numeric( $ok ) ? 'key:' : '' ) . $ok;
|
13 |
-
echo '<' . $tag . '>';
|
14 |
self::get_xml_values( $ov, $padding . ' ' );
|
15 |
if ( is_array( $ov ) ) {
|
16 |
-
echo "\n" . $padding;
|
17 |
}
|
18 |
-
echo '</' . $tag . '>';
|
19 |
}
|
20 |
} else {
|
21 |
-
echo self::cdata( $opt );
|
22 |
}
|
23 |
}
|
24 |
|
8 |
public static function get_xml_values( $opt, $padding ) {
|
9 |
if ( is_array( $opt ) ) {
|
10 |
foreach ( $opt as $ok => $ov ) {
|
11 |
+
echo "\n" . esc_html( $padding );
|
12 |
$tag = ( is_numeric( $ok ) ? 'key:' : '' ) . $ok;
|
13 |
+
echo '<' . esc_html( $tag ) . '>';
|
14 |
self::get_xml_values( $ov, $padding . ' ' );
|
15 |
if ( is_array( $ov ) ) {
|
16 |
+
echo "\n" . esc_html( $padding );
|
17 |
}
|
18 |
+
echo '</' . esc_html( $tag ) . '>';
|
19 |
}
|
20 |
} else {
|
21 |
+
echo self::cdata( $opt ); // WPCS: XSS ok.
|
22 |
}
|
23 |
}
|
24 |
|
classes/models/FrmAddon.php
CHANGED
@@ -248,7 +248,7 @@ class FrmAddon {
|
|
248 |
}
|
249 |
|
250 |
private function is_license_revoked() {
|
251 |
-
if ( empty( $this->license ) || empty( $this->plugin_slug ) || isset( $_POST['license'] ) ) {
|
252 |
return;
|
253 |
}
|
254 |
|
248 |
}
|
249 |
|
250 |
private function is_license_revoked() {
|
251 |
+
if ( empty( $this->license ) || empty( $this->plugin_slug ) || isset( $_POST['license'] ) ) { // WPCS: CSRF ok.
|
252 |
return;
|
253 |
}
|
254 |
|
classes/models/FrmCreateFile.php
CHANGED
@@ -221,7 +221,7 @@ class FrmCreateFile {
|
|
221 |
|
222 |
private function show_error_message() {
|
223 |
if ( ! empty( $this->error_message ) ) {
|
224 |
-
echo '<div class="message">' . $this->error_message . '</div>';
|
225 |
}
|
226 |
}
|
227 |
}
|
221 |
|
222 |
private function show_error_message() {
|
223 |
if ( ! empty( $this->error_message ) ) {
|
224 |
+
echo '<div class="message">' . esc_html( $this->error_message ) . '</div>';
|
225 |
}
|
226 |
}
|
227 |
}
|
classes/models/FrmDb.php
CHANGED
@@ -405,13 +405,13 @@ class FrmDb {
|
|
405 |
if ( is_array( $where ) || empty( $where ) ) {
|
406 |
self::get_where_clause_and_values( $where );
|
407 |
global $wpdb;
|
408 |
-
$query = $wpdb->prepare( $query . $where['where'] . ' ' . implode( ' ', $args ), $where['values'] );
|
409 |
} else {
|
410 |
/**
|
411 |
* Allow the $where to be prepared before we recieve it here.
|
412 |
* This is a fallback for reverse compatibility, but is not recommended
|
413 |
*/
|
414 |
-
_deprecated_argument( 'where', '2.0',
|
415 |
$query .= $where . ' ' . implode( ' ', $args );
|
416 |
}
|
417 |
|
@@ -543,7 +543,7 @@ class FrmDb {
|
|
543 |
if ( is_array( $where ) ) {
|
544 |
global $wpdb;
|
545 |
self::get_where_clause_and_values( $where, $starts_with );
|
546 |
-
$where = $wpdb->prepare( $where['where'], $where['values'] );
|
547 |
} else {
|
548 |
$where = $starts_with . $where;
|
549 |
}
|
@@ -618,7 +618,7 @@ class FrmDb {
|
|
618 |
$results = get_posts( $query );
|
619 |
} elseif ( 'get_associative_results' == $type ) {
|
620 |
global $wpdb;
|
621 |
-
$results = $wpdb->get_results( $query, OBJECT_K );
|
622 |
} else {
|
623 |
global $wpdb;
|
624 |
$results = $wpdb->{$type}( $query );
|
405 |
if ( is_array( $where ) || empty( $where ) ) {
|
406 |
self::get_where_clause_and_values( $where );
|
407 |
global $wpdb;
|
408 |
+
$query = $wpdb->prepare( $query . $where['where'] . ' ' . implode( ' ', $args ), $where['values'] ); // WPCS: unprepared SQL ok.
|
409 |
} else {
|
410 |
/**
|
411 |
* Allow the $where to be prepared before we recieve it here.
|
412 |
* This is a fallback for reverse compatibility, but is not recommended
|
413 |
*/
|
414 |
+
_deprecated_argument( 'where', '2.0', esc_html__( 'Use the query in an array format so it can be properly prepared.', 'formidable' ) );
|
415 |
$query .= $where . ' ' . implode( ' ', $args );
|
416 |
}
|
417 |
|
543 |
if ( is_array( $where ) ) {
|
544 |
global $wpdb;
|
545 |
self::get_where_clause_and_values( $where, $starts_with );
|
546 |
+
$where = $wpdb->prepare( $where['where'], $where['values'] ); // WPCS: unprepared SQL ok.
|
547 |
} else {
|
548 |
$where = $starts_with . $where;
|
549 |
}
|
618 |
$results = get_posts( $query );
|
619 |
} elseif ( 'get_associative_results' == $type ) {
|
620 |
global $wpdb;
|
621 |
+
$results = $wpdb->get_results( $query, OBJECT_K ); // WPCS: unprepared SQL ok.
|
622 |
} else {
|
623 |
global $wpdb;
|
624 |
$results = $wpdb->{$type}( $query );
|
classes/models/FrmEDD_SL_Plugin_Updater.php
CHANGED
@@ -297,21 +297,22 @@ class FrmEDD_SL_Plugin_Updater {
|
|
297 |
|
298 |
global $frm_edd_plugin_data;
|
299 |
|
300 |
-
if ( empty( $_REQUEST['edd_sl_action'] ) || 'view_plugin_changelog' !== $_REQUEST['edd_sl_action'] ) {
|
301 |
return;
|
302 |
}
|
303 |
|
304 |
-
if ( empty( $_REQUEST['plugin'] ) || empty( $_REQUEST['slug'] ) ) {
|
305 |
return;
|
306 |
}
|
307 |
|
308 |
if ( ! current_user_can( 'update_plugins' ) ) {
|
309 |
-
wp_die(
|
310 |
}
|
311 |
|
312 |
-
$
|
|
|
313 |
$beta = ! empty( $data['beta'] ) ? true : false;
|
314 |
-
$cache_key = md5( 'edd_plugin_' . sanitize_key( $_REQUEST['plugin'] ) . '_' . $beta . '_version_info' );
|
315 |
$version_info = $this->get_cached_version_info( $cache_key );
|
316 |
|
317 |
if ( false === $version_info ) {
|
@@ -320,7 +321,7 @@ class FrmEDD_SL_Plugin_Updater {
|
|
320 |
'edd_action' => 'get_version',
|
321 |
'item_name' => isset( $data['item_name'] ) ? $data['item_name'] : false,
|
322 |
'item_id' => isset( $data['item_id'] ) ? $data['item_id'] : false,
|
323 |
-
'slug' =>
|
324 |
'author' => $data['author'],
|
325 |
'url' => home_url(),
|
326 |
'beta' => $beta,
|
@@ -354,7 +355,7 @@ class FrmEDD_SL_Plugin_Updater {
|
|
354 |
}
|
355 |
|
356 |
if ( ! empty( $version_info ) && isset( $version_info->sections['changelog'] ) ) {
|
357 |
-
echo '<div style="background:#fff;padding:10px;">' . $version_info->sections['changelog'] . '</div>';
|
358 |
}
|
359 |
|
360 |
exit;
|
297 |
|
298 |
global $frm_edd_plugin_data;
|
299 |
|
300 |
+
if ( empty( $_REQUEST['edd_sl_action'] ) || 'view_plugin_changelog' !== $_REQUEST['edd_sl_action'] ) { // WPCS: CSRF ok.
|
301 |
return;
|
302 |
}
|
303 |
|
304 |
+
if ( empty( $_REQUEST['plugin'] ) || empty( $_REQUEST['slug'] ) ) { // WPCS: CSRF ok.
|
305 |
return;
|
306 |
}
|
307 |
|
308 |
if ( ! current_user_can( 'update_plugins' ) ) {
|
309 |
+
wp_die( esc_html__( 'You do not have permission to install plugin updates', 'formidable' ), esc_html__( 'Error', 'formidable' ), array( 'response' => 403 ) );
|
310 |
}
|
311 |
|
312 |
+
$slug = sanitize_text_field( $_REQUEST['slug'] ); // WPCS: CSRF ok.
|
313 |
+
$data = $frm_edd_plugin_data[ $slug ];
|
314 |
$beta = ! empty( $data['beta'] ) ? true : false;
|
315 |
+
$cache_key = md5( 'edd_plugin_' . sanitize_key( $_REQUEST['plugin'] ) . '_' . $beta . '_version_info' ); // WPCS: CSRF ok.
|
316 |
$version_info = $this->get_cached_version_info( $cache_key );
|
317 |
|
318 |
if ( false === $version_info ) {
|
321 |
'edd_action' => 'get_version',
|
322 |
'item_name' => isset( $data['item_name'] ) ? $data['item_name'] : false,
|
323 |
'item_id' => isset( $data['item_id'] ) ? $data['item_id'] : false,
|
324 |
+
'slug' => $slug,
|
325 |
'author' => $data['author'],
|
326 |
'url' => home_url(),
|
327 |
'beta' => $beta,
|
355 |
}
|
356 |
|
357 |
if ( ! empty( $version_info ) && isset( $version_info->sections['changelog'] ) ) {
|
358 |
+
echo '<div style="background:#fff;padding:10px;">' . FrmAppHelper::kses( $version_info->sections['changelog'], 'all' ) . '</div>'; // WPCS: XSS ok.
|
359 |
}
|
360 |
|
361 |
exit;
|
classes/models/FrmEntry.php
CHANGED
@@ -276,7 +276,7 @@ class FrmEntry {
|
|
276 |
|
277 |
$query .= is_numeric( $id ) ? 'it.id=%d' : 'it.item_key=%s';
|
278 |
$query_args = array( $id );
|
279 |
-
$query = $wpdb->prepare( $query, $query_args );
|
280 |
|
281 |
if ( ! $meta ) {
|
282 |
$entry = FrmDb::check_cache( $id . '_nometa', 'frm_entry', $query, 'get_row' );
|
@@ -288,7 +288,7 @@ class FrmEntry {
|
|
288 |
return stripslashes_deep( $entry );
|
289 |
}
|
290 |
|
291 |
-
$entry = $wpdb->get_row( $query );
|
292 |
$entry = self::get_meta( $entry );
|
293 |
|
294 |
return stripslashes_deep( $entry );
|
@@ -381,7 +381,7 @@ class FrmEntry {
|
|
381 |
// prepare the query
|
382 |
$query = 'SELECT ' . $fields . ' FROM ' . $table . FrmDb::prepend_and_or_where( ' WHERE ', $where ) . $order_by . $limit;
|
383 |
|
384 |
-
$entries = $wpdb->get_results( $query, OBJECT_K );
|
385 |
unset( $query );
|
386 |
|
387 |
FrmDb::set_cache( $cache_key, $entries, 'frm_entry' );
|
276 |
|
277 |
$query .= is_numeric( $id ) ? 'it.id=%d' : 'it.item_key=%s';
|
278 |
$query_args = array( $id );
|
279 |
+
$query = $wpdb->prepare( $query, $query_args ); // WPCS: unprepared SQL ok.
|
280 |
|
281 |
if ( ! $meta ) {
|
282 |
$entry = FrmDb::check_cache( $id . '_nometa', 'frm_entry', $query, 'get_row' );
|
288 |
return stripslashes_deep( $entry );
|
289 |
}
|
290 |
|
291 |
+
$entry = $wpdb->get_row( $query ); // WPCS: unprepared SQL ok.
|
292 |
$entry = self::get_meta( $entry );
|
293 |
|
294 |
return stripslashes_deep( $entry );
|
381 |
// prepare the query
|
382 |
$query = 'SELECT ' . $fields . ' FROM ' . $table . FrmDb::prepend_and_or_where( ' WHERE ', $where ) . $order_by . $limit;
|
383 |
|
384 |
+
$entries = $wpdb->get_results( $query, OBJECT_K ); // WPCS: unprepared SQL ok.
|
385 |
unset( $query );
|
386 |
|
387 |
FrmDb::set_cache( $cache_key, $entries, 'frm_entry' );
|
classes/models/FrmEntryMeta.php
CHANGED
@@ -148,8 +148,8 @@ class FrmEntryMeta {
|
|
148 |
);
|
149 |
FrmDb::get_where_clause_and_values( $where );
|
150 |
|
151 |
-
|
152 |
-
|
153 |
self::clear_cache();
|
154 |
}
|
155 |
|
@@ -413,7 +413,7 @@ class FrmEntryMeta {
|
|
413 |
case 'day':
|
414 |
$value = '%' . $value . '%';
|
415 |
}
|
416 |
-
$where .= $wpdb->prepare( ' meta_value ' . $operator . ' %s and', $value );
|
417 |
}
|
418 |
$where .= $wpdb->prepare( ' field_id=%d', $field_id );
|
419 |
$query = 'SELECT DISTINCT item_id FROM ' . $wpdb->prefix . 'frm_item_metas' . FrmDb::prepend_and_or_where( ' WHERE ', $where );
|
@@ -421,10 +421,10 @@ class FrmEntryMeta {
|
|
421 |
if ( $operator == 'LIKE' ) {
|
422 |
$search = '%' . $search . '%';
|
423 |
}
|
424 |
-
$query = $wpdb->prepare( "SELECT DISTINCT item_id FROM {$wpdb->prefix}frm_item_metas WHERE meta_value {$operator} %s and field_id = %d", $search, $field_id );
|
425 |
}
|
426 |
|
427 |
-
$results = $wpdb->get_col( $query, 0 );
|
428 |
FrmDb::set_cache( $cache_key, $results, 'frm_entry' );
|
429 |
|
430 |
return $results;
|
148 |
);
|
149 |
FrmDb::get_where_clause_and_values( $where );
|
150 |
|
151 |
+
// Delete any leftovers
|
152 |
+
$wpdb->query( $wpdb->prepare( 'DELETE FROM ' . $wpdb->prefix . 'frm_item_metas ' . $where['where'], $where['values'] ) ); // WPCS: unprepared SQL ok.
|
153 |
self::clear_cache();
|
154 |
}
|
155 |
|
413 |
case 'day':
|
414 |
$value = '%' . $value . '%';
|
415 |
}
|
416 |
+
$where .= $wpdb->prepare( ' meta_value ' . $operator . ' %s and', $value ); // WPCS: unprepared SQL ok.
|
417 |
}
|
418 |
$where .= $wpdb->prepare( ' field_id=%d', $field_id );
|
419 |
$query = 'SELECT DISTINCT item_id FROM ' . $wpdb->prefix . 'frm_item_metas' . FrmDb::prepend_and_or_where( ' WHERE ', $where );
|
421 |
if ( $operator == 'LIKE' ) {
|
422 |
$search = '%' . $search . '%';
|
423 |
}
|
424 |
+
$query = $wpdb->prepare( "SELECT DISTINCT item_id FROM {$wpdb->prefix}frm_item_metas WHERE meta_value {$operator} %s and field_id = %d", $search, $field_id ); // WPCS: unprepared SQL ok.
|
425 |
}
|
426 |
|
427 |
+
$results = $wpdb->get_col( $query, 0 ); // WPCS: unprepared SQL ok.
|
428 |
FrmDb::set_cache( $cache_key, $results, 'frm_entry' );
|
429 |
|
430 |
return $results;
|
classes/models/FrmEntryValidate.php
CHANGED
@@ -89,7 +89,7 @@ class FrmEntryValidate {
|
|
89 |
|
90 |
if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
|
91 |
$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
|
92 |
-
} else if ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) {
|
93 |
$_POST['item_name'] = $value;
|
94 |
}
|
95 |
|
89 |
|
90 |
if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
|
91 |
$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
|
92 |
+
} else if ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { // WPCS: CSRF ok.
|
93 |
$_POST['item_name'] = $value;
|
94 |
}
|
95 |
|
classes/models/FrmField.php
CHANGED
@@ -373,7 +373,7 @@ class FrmField {
|
|
373 |
global $wpdb;
|
374 |
|
375 |
$where = is_numeric( $id ) ? 'id=%d' : 'field_key=%s';
|
376 |
-
$query = $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'frm_fields WHERE ' . $where, $id );
|
377 |
|
378 |
$results = FrmDb::check_cache( $id, 'frm_field', $query, 'get_row', 0 );
|
379 |
|
373 |
global $wpdb;
|
374 |
|
375 |
$where = is_numeric( $id ) ? 'id=%d' : 'field_key=%s';
|
376 |
+
$query = $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'frm_fields WHERE ' . $where, $id ); // WPCS: unprepared SQL ok.
|
377 |
|
378 |
$results = FrmDb::check_cache( $id, 'frm_field', $query, 'get_row', 0 );
|
379 |
|
classes/models/FrmForm.php
CHANGED
@@ -326,7 +326,7 @@ class FrmForm {
|
|
326 |
FrmDb::get_where_clause_and_values( $where );
|
327 |
array_unshift( $where['values'], $status );
|
328 |
|
329 |
-
$query_results = $wpdb->query( $wpdb->prepare( 'UPDATE ' . $wpdb->prefix . 'frm_forms SET status = %s ' . $where['where'], $where['values'] ) );
|
330 |
} else {
|
331 |
$query_results = $wpdb->update( $wpdb->prefix . 'frm_forms', array( 'status' => $status ), array( 'id' => $id ) );
|
332 |
$wpdb->update( $wpdb->prefix . 'frm_forms', array( 'status' => $status ), array( 'parent_form_id' => $id ) );
|
@@ -580,7 +580,7 @@ class FrmForm {
|
|
580 |
|
581 |
// the query has already been prepared if this is not an array
|
582 |
$query = 'SELECT * FROM ' . $wpdb->prefix . 'frm_forms' . FrmDb::prepend_and_or_where( ' WHERE ', $where ) . FrmDb::esc_order( $order_by ) . FrmDb::esc_limit( $limit );
|
583 |
-
$results = $wpdb->get_results( $query );
|
584 |
}
|
585 |
|
586 |
if ( $results ) {
|
@@ -693,7 +693,7 @@ class FrmForm {
|
|
693 |
return $frm_vars['form_params'][ $form->id ];
|
694 |
}
|
695 |
|
696 |
-
$action_var = isset( $_REQUEST['frm_action'] ) ? 'frm_action' : 'action';
|
697 |
$action = apply_filters( 'frm_show_new_entry_page', FrmAppHelper::get_param( $action_var, 'new', 'get', 'sanitize_title' ), $form );
|
698 |
|
699 |
$default_values = array(
|
@@ -732,7 +732,7 @@ class FrmForm {
|
|
732 |
}
|
733 |
}
|
734 |
|
735 |
-
if ( in_array( $values['action'], array( 'create', 'update' ) ) && ( ! $_POST || ( ! isset( $_POST['action'] ) && ! isset( $_POST['frm_action'] ) ) ) ) {
|
736 |
$values['action'] = 'new';
|
737 |
}
|
738 |
|
326 |
FrmDb::get_where_clause_and_values( $where );
|
327 |
array_unshift( $where['values'], $status );
|
328 |
|
329 |
+
$query_results = $wpdb->query( $wpdb->prepare( 'UPDATE ' . $wpdb->prefix . 'frm_forms SET status = %s ' . $where['where'], $where['values'] ) ); // WPCS: unprepared SQL ok.
|
330 |
} else {
|
331 |
$query_results = $wpdb->update( $wpdb->prefix . 'frm_forms', array( 'status' => $status ), array( 'id' => $id ) );
|
332 |
$wpdb->update( $wpdb->prefix . 'frm_forms', array( 'status' => $status ), array( 'parent_form_id' => $id ) );
|
580 |
|
581 |
// the query has already been prepared if this is not an array
|
582 |
$query = 'SELECT * FROM ' . $wpdb->prefix . 'frm_forms' . FrmDb::prepend_and_or_where( ' WHERE ', $where ) . FrmDb::esc_order( $order_by ) . FrmDb::esc_limit( $limit );
|
583 |
+
$results = $wpdb->get_results( $query ); // WPCS: unprepared SQL ok.
|
584 |
}
|
585 |
|
586 |
if ( $results ) {
|
693 |
return $frm_vars['form_params'][ $form->id ];
|
694 |
}
|
695 |
|
696 |
+
$action_var = isset( $_REQUEST['frm_action'] ) ? 'frm_action' : 'action'; // WPCS: CSRF ok.
|
697 |
$action = apply_filters( 'frm_show_new_entry_page', FrmAppHelper::get_param( $action_var, 'new', 'get', 'sanitize_title' ), $form );
|
698 |
|
699 |
$default_values = array(
|
732 |
}
|
733 |
}
|
734 |
|
735 |
+
if ( in_array( $values['action'], array( 'create', 'update' ) ) && ( ! $_POST || ( ! isset( $_POST['action'] ) && ! isset( $_POST['frm_action'] ) ) ) ) { // WPCS: CSRF ok.
|
736 |
$values['action'] = 'new';
|
737 |
}
|
738 |
|
classes/models/FrmMigrate.php
CHANGED
@@ -165,7 +165,7 @@ class FrmMigrate {
|
|
165 |
dbDelta( $q . $charset_collate . ';' );
|
166 |
} else {
|
167 |
global $wpdb;
|
168 |
-
$wpdb->query( $q . $charset_collate );
|
169 |
}
|
170 |
unset( $q );
|
171 |
}
|
@@ -219,15 +219,15 @@ class FrmMigrate {
|
|
219 |
public function uninstall() {
|
220 |
if ( ! current_user_can( 'administrator' ) ) {
|
221 |
$frm_settings = FrmAppHelper::get_settings();
|
222 |
-
wp_die( $frm_settings->admin_permission );
|
223 |
}
|
224 |
|
225 |
global $wpdb, $wp_roles;
|
226 |
|
227 |
-
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->fields );
|
228 |
-
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->forms );
|
229 |
-
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->entries );
|
230 |
-
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->entry_metas );
|
231 |
|
232 |
delete_option( 'frm_options' );
|
233 |
delete_option( 'frm_db_version' );
|
@@ -381,9 +381,9 @@ class FrmMigrate {
|
|
381 |
*/
|
382 |
private function migrate_to_23() {
|
383 |
global $wpdb;
|
384 |
-
$exists = $wpdb->get_row( 'SHOW COLUMNS FROM ' . $this->forms . ' LIKE "parent_form_id"' );
|
385 |
if ( empty( $exists ) ) {
|
386 |
-
$wpdb->query( 'ALTER TABLE ' . $this->forms . ' ADD parent_form_id int(11) default 0' );
|
387 |
}
|
388 |
}
|
389 |
|
165 |
dbDelta( $q . $charset_collate . ';' );
|
166 |
} else {
|
167 |
global $wpdb;
|
168 |
+
$wpdb->query( $q . $charset_collate ); // WPCS: unprepared SQL ok.
|
169 |
}
|
170 |
unset( $q );
|
171 |
}
|
219 |
public function uninstall() {
|
220 |
if ( ! current_user_can( 'administrator' ) ) {
|
221 |
$frm_settings = FrmAppHelper::get_settings();
|
222 |
+
wp_die( esc_html( $frm_settings->admin_permission ) );
|
223 |
}
|
224 |
|
225 |
global $wpdb, $wp_roles;
|
226 |
|
227 |
+
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->fields ); // WPCS: unprepared SQL ok.
|
228 |
+
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->forms ); // WPCS: unprepared SQL ok.
|
229 |
+
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->entries ); // WPCS: unprepared SQL ok.
|
230 |
+
$wpdb->query( 'DROP TABLE IF EXISTS ' . $this->entry_metas ); // WPCS: unprepared SQL ok.
|
231 |
|
232 |
delete_option( 'frm_options' );
|
233 |
delete_option( 'frm_db_version' );
|
381 |
*/
|
382 |
private function migrate_to_23() {
|
383 |
global $wpdb;
|
384 |
+
$exists = $wpdb->get_row( 'SHOW COLUMNS FROM ' . $this->forms . ' LIKE "parent_form_id"' ); // WPCS: unprepared SQL ok.
|
385 |
if ( empty( $exists ) ) {
|
386 |
+
$wpdb->query( 'ALTER TABLE ' . $this->forms . ' ADD parent_form_id int(11) default 0' ); // WPCS: unprepared SQL ok.
|
387 |
}
|
388 |
}
|
389 |
|
classes/models/FrmNotification.php
CHANGED
@@ -63,7 +63,7 @@ class FrmNotification {
|
|
63 |
$sent_to = array_filter( $sent_to );
|
64 |
|
65 |
$temp = str_replace( '<', '<', $sent_to );
|
66 |
-
echo ' ' . FrmAppHelper::kses( implode( ', ', (array) $temp ) );
|
67 |
}
|
68 |
}
|
69 |
|
63 |
$sent_to = array_filter( $sent_to );
|
64 |
|
65 |
$temp = str_replace( '<', '<', $sent_to );
|
66 |
+
echo ' ' . FrmAppHelper::kses( implode( ', ', (array) $temp ) ); // WPCS: XSS ok.
|
67 |
}
|
68 |
}
|
69 |
|
classes/models/FrmPointers.php
CHANGED
@@ -10,44 +10,14 @@ class FrmPointers {
|
|
10 |
*/
|
11 |
public static $instance;
|
12 |
|
13 |
-
/**
|
14 |
-
* @var array Holds the buttons to be put out
|
15 |
-
*/
|
16 |
-
private $button_array;
|
17 |
-
|
18 |
-
/**
|
19 |
-
* @var array Holds the admin pages we have pointers for and the callback that generates the pointers content
|
20 |
-
*/
|
21 |
-
private $admin_pages = array(
|
22 |
-
'' => 'forms_pointer',
|
23 |
-
'entries' => 'entries_pointer',
|
24 |
-
'styles' => 'styles_pointer',
|
25 |
-
'import' => 'import_pointer',
|
26 |
-
'settings' => 'settings_pointer',
|
27 |
-
'addons' => 'addons_pointer',
|
28 |
-
);
|
29 |
-
|
30 |
-
/**
|
31 |
-
* Class constructor.
|
32 |
-
*/
|
33 |
-
private function __construct() {
|
34 |
-
if ( current_user_can( 'manage_options' ) ) {
|
35 |
-
|
36 |
-
if ( ! get_user_meta( get_current_user_id(), 'frm_ignore_tour' ) ) {
|
37 |
-
wp_enqueue_style( 'wp-pointer' );
|
38 |
-
wp_enqueue_script( 'jquery-ui' );
|
39 |
-
wp_enqueue_script( 'wp-pointer' );
|
40 |
-
add_action( 'admin_print_footer_scripts', array( $this, 'intro_tour' ) );
|
41 |
-
}
|
42 |
-
}
|
43 |
-
}
|
44 |
-
|
45 |
/**
|
46 |
* Get the singleton instance of this class
|
47 |
*
|
48 |
* @return object
|
49 |
*/
|
50 |
public static function get_instance() {
|
|
|
|
|
51 |
if ( ! ( self::$instance instanceof self ) ) {
|
52 |
self::$instance = new self();
|
53 |
}
|
@@ -59,15 +29,7 @@ class FrmPointers {
|
|
59 |
* Load the introduction tour
|
60 |
*/
|
61 |
public function intro_tour() {
|
62 |
-
|
63 |
-
|
64 |
-
$page = preg_replace( '/^(formidable[-]?)/', '', filter_input( INPUT_GET, 'page' ) );
|
65 |
-
|
66 |
-
if ( 'admin.php' === $pagenow && array_key_exists( $page, $this->admin_pages ) ) {
|
67 |
-
$this->do_page_pointer( $page );
|
68 |
-
} else {
|
69 |
-
$this->start_tour_pointer();
|
70 |
-
}
|
71 |
}
|
72 |
|
73 |
/**
|
@@ -77,289 +39,6 @@ class FrmPointers {
|
|
77 |
* @param array $options The options for the pointer.
|
78 |
*/
|
79 |
public function print_scripts( $selector, $options ) {
|
80 |
-
|
81 |
-
$default_button = array(
|
82 |
-
'text' => false,
|
83 |
-
'function' => '',
|
84 |
-
);
|
85 |
-
$button_array_defaults = array(
|
86 |
-
'button2' => $default_button,
|
87 |
-
'button3' => $default_button,
|
88 |
-
);
|
89 |
-
$this->button_array = wp_parse_args( $this->button_array, $button_array_defaults );
|
90 |
-
?>
|
91 |
-
<script type="text/javascript">
|
92 |
-
//<![CDATA[
|
93 |
-
(function ($) {
|
94 |
-
// Don't show the tour on screens with an effective width smaller than 1024px or an effective height smaller than 768px.
|
95 |
-
if (jQuery(window).width() < 1024 || jQuery(window).availWidth < 1024) {
|
96 |
-
return;
|
97 |
-
}
|
98 |
-
|
99 |
-
var frm_pointer_options = <?php echo json_encode( $options ); ?>, setup;
|
100 |
-
|
101 |
-
frm_pointer_options = $.extend(frm_pointer_options, {
|
102 |
-
buttons: function (event, t) {
|
103 |
-
var button = jQuery('<a href="<?php echo esc_url( $this->get_ignore_url() ); ?>" id="pointer-close" style="margin:0 5px;" class="button-secondary">' + '<?php esc_html_e( 'Close', 'formidable' ) ?>' + '</a>');
|
104 |
-
button.bind('click.pointer', function () {
|
105 |
-
t.element.pointer('close');
|
106 |
-
});
|
107 |
-
return button;
|
108 |
-
},
|
109 |
-
close: function () {
|
110 |
-
}
|
111 |
-
});
|
112 |
-
|
113 |
-
setup = function () {
|
114 |
-
$('<?php echo esc_attr( $selector ); ?>').pointer(frm_pointer_options).pointer('open');
|
115 |
-
var lastOpenedPointer = jQuery( '.wp-pointer').slice( -1 );
|
116 |
-
<?php
|
117 |
-
$this->button2();
|
118 |
-
$this->button3();
|
119 |
-
?>
|
120 |
-
};
|
121 |
-
|
122 |
-
if (frm_pointer_options.position && frm_pointer_options.position.defer_loading)
|
123 |
-
$(window).bind('load.wp-pointers', setup);
|
124 |
-
else
|
125 |
-
$(document).ready(setup);
|
126 |
-
})(jQuery);
|
127 |
-
//]]>
|
128 |
-
</script>
|
129 |
-
<?php
|
130 |
-
}
|
131 |
-
|
132 |
-
/**
|
133 |
-
* Render button 2, if needed
|
134 |
-
*/
|
135 |
-
private function button2() {
|
136 |
-
if ( $this->button_array['button2']['text'] ) {
|
137 |
-
?>
|
138 |
-
lastOpenedPointer.find( '#pointer-close' ).after('<a id="pointer-primary" class="button-primary">' +
|
139 |
-
'<?php echo esc_attr( $this->button_array['button2']['text'] ); ?>' + '</a>');
|
140 |
-
lastOpenedPointer.find('#pointer-primary').click(function () {
|
141 |
-
<?php echo $this->button_array['button2']['function']; ?>
|
142 |
-
});
|
143 |
-
<?php
|
144 |
-
}
|
145 |
-
}
|
146 |
-
|
147 |
-
/**
|
148 |
-
* Render button 3, if needed. This is the previous button in most cases
|
149 |
-
*/
|
150 |
-
private function button3() {
|
151 |
-
if ( $this->button_array['button3']['text'] ) {
|
152 |
-
?>
|
153 |
-
lastOpenedPointer.find('#pointer-primary').after('<a id="pointer-ternary" style="float: left;" class="button-secondary">' +
|
154 |
-
'<?php echo esc_attr( $this->button_array['button3']['text'] ); ?>' + '</a>');
|
155 |
-
lastOpenedPointer.find('#pointer-ternary').click(function () {
|
156 |
-
<?php echo $this->button_array['button3']['function']; ?>
|
157 |
-
});
|
158 |
-
<?php
|
159 |
-
}
|
160 |
-
}
|
161 |
-
|
162 |
-
/**
|
163 |
-
* Show a pointer that starts the tour
|
164 |
-
*/
|
165 |
-
private function start_tour_pointer() {
|
166 |
-
$selector = 'li.toplevel_page_formidable';
|
167 |
-
|
168 |
-
$content = '<h3>' . __( 'Congratulations!', 'formidable' ) . '</h3>'
|
169 |
-
. '<p>' . $this->opening_line() . ' ' . __( 'Click “Start Tour” to view a quick introduction of this plugin’s core functionality.', 'formidable' ) . '</p>';
|
170 |
-
$opt_arr = array(
|
171 |
-
'content' => $content,
|
172 |
-
'position' => array(
|
173 |
-
'edge' => 'top',
|
174 |
-
'align' => 'center',
|
175 |
-
),
|
176 |
-
);
|
177 |
-
|
178 |
-
$this->button_array['button2']['text'] = __( 'Start Tour', 'formidable' );
|
179 |
-
$this->button_array['button2']['function'] = sprintf( 'document.location="%s";', admin_url( 'admin.php?page=formidable' ) );
|
180 |
-
|
181 |
-
$this->print_scripts( $selector, $opt_arr );
|
182 |
-
}
|
183 |
-
|
184 |
-
private function opening_line() {
|
185 |
-
$opening = __( 'You’ve just installed a new form builder plugin!', 'formidable' );
|
186 |
-
return $opening;
|
187 |
-
}
|
188 |
-
|
189 |
-
/**
|
190 |
-
* Shows a pointer on the proper pages
|
191 |
-
*
|
192 |
-
* @param string $page Admin page key.
|
193 |
-
*/
|
194 |
-
private function do_page_pointer( $page ) {
|
195 |
-
$pointer = call_user_func( array( $this, $this->admin_pages[ $page ] ) );
|
196 |
-
|
197 |
-
$opt_arr = array(
|
198 |
-
'content' => $pointer['content'],
|
199 |
-
'position' => array(
|
200 |
-
'edge' => 'top',
|
201 |
-
'align' => ( is_rtl() ) ? 'right' : 'left',
|
202 |
-
),
|
203 |
-
'pointerWidth' => 450,
|
204 |
-
);
|
205 |
-
|
206 |
-
$selector = 'h2';
|
207 |
-
if ( isset( $pointer['selector'] ) ) {
|
208 |
-
$selector = $pointer['selector'];
|
209 |
-
}
|
210 |
-
|
211 |
-
if ( isset( $pointer['position'] ) ) {
|
212 |
-
$opt_arr['position'] = $pointer['position'];
|
213 |
-
}
|
214 |
-
|
215 |
-
if ( isset( $pointer['next_page'] ) ) {
|
216 |
-
if ( ! empty( $pointer['next_page'] ) ) {
|
217 |
-
$pointer['next_page'] = '-' . $pointer['next_page'];
|
218 |
-
}
|
219 |
-
$this->button_array['button2'] = array(
|
220 |
-
'text' => __( 'Next', 'formidable' ),
|
221 |
-
'function' => 'window.location="' . esc_url_raw( admin_url( 'admin.php?page=formidable' . $pointer['next_page'] ) ) . '";',
|
222 |
-
);
|
223 |
-
}
|
224 |
-
if ( isset( $pointer['prev_page'] ) ) {
|
225 |
-
if ( ! empty( $pointer['prev_page'] ) ) {
|
226 |
-
$pointer['prev_page'] = '-' . $pointer['prev_page'];
|
227 |
-
}
|
228 |
-
$this->button_array['button3'] = array(
|
229 |
-
'text' => __( 'Previous', 'formidable' ),
|
230 |
-
'function' => 'window.location="' . esc_url_raw( admin_url( 'admin.php?page=formidable' . $pointer['prev_page'] ) ) . '";',
|
231 |
-
);
|
232 |
-
}
|
233 |
-
$this->print_scripts( $selector, $opt_arr );
|
234 |
-
}
|
235 |
-
|
236 |
-
/**
|
237 |
-
* Returns the content of the Forms listing page pointer
|
238 |
-
*
|
239 |
-
* @return array
|
240 |
-
*/
|
241 |
-
private function forms_pointer() {
|
242 |
-
global $current_user;
|
243 |
-
|
244 |
-
return array(
|
245 |
-
'content' => '<h3>' . __( 'Forms', 'formidable' ) . '</h3>'
|
246 |
-
. '<p>' . __( 'All your forms will be listed on this page. Create your first form by clicking on the "Add New" button.', 'formidable' ) . '</p>'
|
247 |
-
. '<p><strong>' . __( 'Subscribe to our Newsletter', 'formidable' ) . '</strong><br/>'
|
248 |
-
. sprintf( __( 'If you would like to hear about new features and updates for %1$s, subscribe to our newsletter:', 'formidable' ), 'Formidable' ) . '</p>'
|
249 |
-
. '<form target="_blank" action="//formidablepro.us1.list-manage.com/subscribe/post?u=a4a913790ffb892daacc6f271&id=7e7df15967" method="post" selector="newsletter-form" accept-charset="' . esc_attr( get_bloginfo( 'charset' ) ) . '">'
|
250 |
-
. '<p>'
|
251 |
-
. '<input style="margin: 5px; color:#666" name="EMAIL" value="' . esc_attr( $current_user->user_email ) . '" selector="newsletter-email" placeholder="' . esc_attr__( 'Email', 'formidable' ) . '"/>'
|
252 |
-
. '<input type="hidden" name="group[4505]" value="4" />'
|
253 |
-
. '<button type="submit" class="button-primary">' . esc_html__( 'Subscribe', 'formidable' ) . '</button>'
|
254 |
-
. '</p>'
|
255 |
-
. '</form>',
|
256 |
-
'next_page' => 'entries',
|
257 |
-
);
|
258 |
-
}
|
259 |
-
|
260 |
-
/**
|
261 |
-
* Returns the content of the Entries listing page pointer
|
262 |
-
*
|
263 |
-
* @return array
|
264 |
-
*/
|
265 |
-
private function entries_pointer() {
|
266 |
-
return array(
|
267 |
-
'content' => '<h3>' . __( 'Entries', 'formidable' ) . '</h3>'
|
268 |
-
. '<p>' . __( 'Each time one of your forms is submitted, an entry is created. You will find every form submission listed here so you will always have a backup if an email fails.', 'formidable' ) . '</p>',
|
269 |
-
'prev_page' => '',
|
270 |
-
'next_page' => 'styles',
|
271 |
-
'selector' => '.wp-list-table',
|
272 |
-
'position' => array(
|
273 |
-
'edge' => 'bottom',
|
274 |
-
'align' => 'center',
|
275 |
-
),
|
276 |
-
);
|
277 |
-
}
|
278 |
-
|
279 |
-
/**
|
280 |
-
* Returns the content of the Styles page pointer
|
281 |
-
*
|
282 |
-
* @return array
|
283 |
-
*/
|
284 |
-
private function styles_pointer() {
|
285 |
-
return array(
|
286 |
-
'content' => '<h3>' . __( 'Styles', 'formidable' ) . '</h3>'
|
287 |
-
. '<p>' . __( 'Want to make changes to the way your forms look? Make all the changes you would like right here, and watch the sample form change before your eyes.', 'formidable' ) . '</p>',
|
288 |
-
'prev_page' => 'entries',
|
289 |
-
'next_page' => 'import',
|
290 |
-
'selector' => '.general-style',
|
291 |
-
'position' => array(
|
292 |
-
'edge' => 'left',
|
293 |
-
'align' => 'right',
|
294 |
-
),
|
295 |
-
);
|
296 |
-
}
|
297 |
-
|
298 |
-
/**
|
299 |
-
* Returns the content of the Import/Export page pointer
|
300 |
-
*
|
301 |
-
* @return array
|
302 |
-
*/
|
303 |
-
private function import_pointer() {
|
304 |
-
return array(
|
305 |
-
'content' => '<h3>' . __( 'Import/Export', 'formidable' ) . '</h3>'
|
306 |
-
. '<p>' . __( 'Import and export forms and styles when copying from one site to another or sharing with someone else. Your entries can be exported to a CSV as well. The Premium version also includes the option to import entries to your site from a CSV.', 'formidable' ) . '</p>',
|
307 |
-
'prev_page' => 'styles',
|
308 |
-
'next_page' => 'settings',
|
309 |
-
'selector' => '.inside.with_frm_style',
|
310 |
-
'position' => array(
|
311 |
-
'edge' => 'bottom',
|
312 |
-
'align' => 'top',
|
313 |
-
),
|
314 |
-
);
|
315 |
-
}
|
316 |
-
|
317 |
-
/**
|
318 |
-
* Returns the content of the advanced page pointer
|
319 |
-
*
|
320 |
-
* @return array
|
321 |
-
*/
|
322 |
-
private function settings_pointer() {
|
323 |
-
return array(
|
324 |
-
'content' => '<h3>' . __( 'Global Settings', 'formidable' ) . '</h3>'
|
325 |
-
. '<p><strong>' . __( 'General', 'formidable' ) . '</strong><br/>'
|
326 |
-
. __( 'Turn stylesheets and scripts off, set which user roles have access to change and create forms, setup your reCaptcha, and set default messages for new forms and fields.', 'formidable' )
|
327 |
-
. '<p><strong>' . __( 'Plugin Licenses', 'formidable' ) . '</strong><br/>'
|
328 |
-
. sprintf( __( 'Once you’ve purchased %1$s or any addons, you’ll have to enter a license key to get access to all of their powerful features. A Plugin Licenses tab will appear here for you to enter your license key.', 'formidable' ), 'Formidable Pro' )
|
329 |
-
. '</p>',
|
330 |
-
'prev_page' => 'import',
|
331 |
-
'next_page' => 'addons',
|
332 |
-
);
|
333 |
-
}
|
334 |
-
|
335 |
-
/**
|
336 |
-
* Returns the content of the extensions and licenses page pointer
|
337 |
-
*
|
338 |
-
* @return array
|
339 |
-
*/
|
340 |
-
private function addons_pointer() {
|
341 |
-
return array(
|
342 |
-
'content' => '<h3>' . __( 'Addons', 'formidable' ) . '</h3>'
|
343 |
-
. '<p>' . sprintf( __( 'The powerful functions of %1$s can be extended with %2$spremium plugins%3$s. You can read all about the Formidable Premium Plugins %2$shere%3$s.', 'formidable' ), 'Formidable', '<a target="_blank" href="' . esc_url( FrmAppHelper::make_affiliate_url( 'https://formidableforms.com/' ) ) . '">', '</a>' )
|
344 |
-
. '</p>'
|
345 |
-
. '<p><strong>' . __( 'Like this plugin?', 'formidable' ) . '</strong><br/>' . sprintf( __( 'So, we’ve come to the end of the tour. If you like the plugin, please %1$srate it 5 stars on WordPress.org%2$s!', 'formidable' ), '<a target="_blank" href="https://wordpress.org/plugins/formidable/">', '</a>' ) . '</p>'
|
346 |
-
. '<p>' . sprintf( __( 'Thank you for using our plugin and good luck with your forms!<br/><br/>Best,<br/>Team Formidable - %1$sformidableforms.com%2$s', 'formidable' ), '<a target="_blank" href="' . esc_url( FrmAppHelper::make_affiliate_url( 'https://formidableforms.com/' ) ) . '">', '</a>' ) . '</p>',
|
347 |
-
'prev_page' => 'settings',
|
348 |
-
);
|
349 |
-
}
|
350 |
-
|
351 |
-
/**
|
352 |
-
* Extending the current page URL with two params to be able to ignore the tour.
|
353 |
-
*
|
354 |
-
* @return mixed
|
355 |
-
*/
|
356 |
-
private function get_ignore_url() {
|
357 |
-
$arr_params = array(
|
358 |
-
'frm_restart_tour' => false,
|
359 |
-
'frm_ignore_tour' => '1',
|
360 |
-
'nonce' => wp_create_nonce( 'frm-ignore-tour' ),
|
361 |
-
);
|
362 |
-
|
363 |
-
return add_query_arg( $arr_params );
|
364 |
}
|
365 |
}
|
10 |
*/
|
11 |
public static $instance;
|
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
/**
|
14 |
* Get the singleton instance of this class
|
15 |
*
|
16 |
* @return object
|
17 |
*/
|
18 |
public static function get_instance() {
|
19 |
+
_deprecated_function( __FUNCTION__, '3.01.03' );
|
20 |
+
|
21 |
if ( ! ( self::$instance instanceof self ) ) {
|
22 |
self::$instance = new self();
|
23 |
}
|
29 |
* Load the introduction tour
|
30 |
*/
|
31 |
public function intro_tour() {
|
32 |
+
_deprecated_function( __FUNCTION__, '3.01.03' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
33 |
}
|
34 |
|
35 |
/**
|
39 |
* @param array $options The options for the pointer.
|
40 |
*/
|
41 |
public function print_scripts( $selector, $options ) {
|
42 |
+
_deprecated_function( __FUNCTION__, '3.01.03' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
}
|
44 |
}
|
classes/models/fields/FrmFieldCaptcha.php
CHANGED
@@ -168,7 +168,7 @@ class FrmFieldCaptcha extends FrmFieldType {
|
|
168 |
}
|
169 |
|
170 |
protected function should_validate() {
|
171 |
-
$is_hidden_field = apply_filters( 'frm_is_field_hidden', false, $this->field, stripslashes_deep( $_POST ) );
|
172 |
if ( FrmAppHelper::is_admin() || $is_hidden_field ) {
|
173 |
return false;
|
174 |
}
|
@@ -186,7 +186,7 @@ class FrmFieldCaptcha extends FrmFieldType {
|
|
186 |
$arg_array = array(
|
187 |
'body' => array(
|
188 |
'secret' => $frm_settings->privkey,
|
189 |
-
'response' => $_POST['g-recaptcha-response'],
|
190 |
'remoteip' => FrmAppHelper::get_ip_address(),
|
191 |
),
|
192 |
);
|
168 |
}
|
169 |
|
170 |
protected function should_validate() {
|
171 |
+
$is_hidden_field = apply_filters( 'frm_is_field_hidden', false, $this->field, stripslashes_deep( $_POST ) ); // WPCS: CSRF ok.
|
172 |
if ( FrmAppHelper::is_admin() || $is_hidden_field ) {
|
173 |
return false;
|
174 |
}
|
186 |
$arg_array = array(
|
187 |
'body' => array(
|
188 |
'secret' => $frm_settings->privkey,
|
189 |
+
'response' => $_POST['g-recaptcha-response'], // WPCS: CSRF ok.
|
190 |
'remoteip' => FrmAppHelper::get_ip_address(),
|
191 |
),
|
192 |
);
|
classes/models/fields/FrmFieldDefault.php
CHANGED
@@ -31,9 +31,9 @@ class FrmFieldDefault extends FrmFieldType {
|
|
31 |
ob_end_clean();
|
32 |
|
33 |
if ( empty( $input_html ) ) {
|
34 |
-
echo $this->builder_text_field( $name );
|
35 |
} else {
|
36 |
-
echo $input_html;
|
37 |
}
|
38 |
}
|
39 |
|
31 |
ob_end_clean();
|
32 |
|
33 |
if ( empty( $input_html ) ) {
|
34 |
+
echo $this->builder_text_field( $name ); // WPCS: XSS ok.
|
35 |
} else {
|
36 |
+
echo $input_html; // WPCS: XSS ok.
|
37 |
}
|
38 |
}
|
39 |
|
classes/models/fields/FrmFieldNumber.php
CHANGED
@@ -36,6 +36,13 @@ class FrmFieldNumber extends FrmFieldType {
|
|
36 |
);
|
37 |
}
|
38 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
public function validate( $args ) {
|
40 |
$errors = array();
|
41 |
|
36 |
);
|
37 |
}
|
38 |
|
39 |
+
/**
|
40 |
+
* @since 3.01.03
|
41 |
+
*/
|
42 |
+
protected function add_extra_html_atts( $args, &$input_html ) {
|
43 |
+
$this->add_min_max( $args, $input_html );
|
44 |
+
}
|
45 |
+
|
46 |
public function validate( $args ) {
|
47 |
$errors = array();
|
48 |
|
classes/models/fields/FrmFieldTextarea.php
CHANGED
@@ -34,11 +34,12 @@ class FrmFieldTextarea extends FrmFieldType {
|
|
34 |
$max = FrmField::get_option( $this->field, 'max' );
|
35 |
$default_value = FrmAppHelper::esc_textarea( force_balance_tags( $this->get_field_column( 'default_value' ) ) );
|
36 |
|
37 |
-
echo '<textarea name="' . esc_attr( $this->html_name( $name ) ) . '" ' .
|
38 |
-
$size_html
|
|
|
39 |
'id="' . esc_attr( $this->html_id() ) . '" class="dyn_default_value">' .
|
40 |
-
$default_value .
|
41 |
-
'</textarea>';
|
42 |
}
|
43 |
|
44 |
protected function prepare_display_value( $value, $atts ) {
|
34 |
$max = FrmField::get_option( $this->field, 'max' );
|
35 |
$default_value = FrmAppHelper::esc_textarea( force_balance_tags( $this->get_field_column( 'default_value' ) ) );
|
36 |
|
37 |
+
echo '<textarea name="' . esc_attr( $this->html_name( $name ) ) . '" ' . // WPCS: XSS ok.
|
38 |
+
$size_html // WPCS: XSS ok.
|
39 |
+
. ' rows="' . esc_attr( $max ) . '" ' .
|
40 |
'id="' . esc_attr( $this->html_id() ) . '" class="dyn_default_value">' .
|
41 |
+
$default_value // WPCS: XSS ok.
|
42 |
+
. '</textarea>';
|
43 |
}
|
44 |
|
45 |
protected function prepare_display_value( $value, $atts ) {
|
classes/models/fields/FrmFieldType.php
CHANGED
@@ -177,7 +177,7 @@ DEFAULT_HTML;
|
|
177 |
if ( ! empty( $include_file ) ) {
|
178 |
$this->include_on_form_builder( $name, $field );
|
179 |
} elseif ( $this->has_input ) {
|
180 |
-
echo $this->builder_text_field( $name );
|
181 |
}
|
182 |
}
|
183 |
|
@@ -402,7 +402,7 @@ DEFAULT_HTML;
|
|
402 |
*/
|
403 |
public function show_field( $args ) {
|
404 |
if ( apply_filters( 'frm_show_normal_field_type', $this->normal_field, $this->type ) ) {
|
405 |
-
echo $this->prepare_field_html( $args );
|
406 |
} else {
|
407 |
do_action( 'frm_show_other_field_type', $this->field, $args['form'], array( 'action' => $args['form_action'] ) );
|
408 |
}
|
@@ -523,6 +523,7 @@ DEFAULT_HTML;
|
|
523 |
$field_type = $this->html5_input_type();
|
524 |
$input_html = $this->get_field_input_html_hook( $this->field );
|
525 |
$this->add_aria_description( $args, $input_html );
|
|
|
526 |
|
527 |
return '<input type="' . esc_attr( $field_type ) . '" id="' . esc_attr( $args['html_id'] ) . '" name="' . esc_attr( $args['field_name'] ) . '" value="' . esc_attr( $this->field['value'] ) . '" ' . $input_html . '/>';
|
528 |
}
|
@@ -532,6 +533,43 @@ DEFAULT_HTML;
|
|
532 |
return $frm_settings->use_html ? $this->type : 'text';
|
533 |
}
|
534 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
535 |
protected function maybe_include_hidden_values( $args ) {
|
536 |
$hidden = '';
|
537 |
$is_read_only = FrmField::is_read_only( $this->field ) && ! FrmAppHelper::is_admin();
|
177 |
if ( ! empty( $include_file ) ) {
|
178 |
$this->include_on_form_builder( $name, $field );
|
179 |
} elseif ( $this->has_input ) {
|
180 |
+
echo $this->builder_text_field( $name ); // WPCS: XSS ok.
|
181 |
}
|
182 |
}
|
183 |
|
402 |
*/
|
403 |
public function show_field( $args ) {
|
404 |
if ( apply_filters( 'frm_show_normal_field_type', $this->normal_field, $this->type ) ) {
|
405 |
+
echo $this->prepare_field_html( $args ); // WPCS: XSS ok.
|
406 |
} else {
|
407 |
do_action( 'frm_show_other_field_type', $this->field, $args['form'], array( 'action' => $args['form_action'] ) );
|
408 |
}
|
523 |
$field_type = $this->html5_input_type();
|
524 |
$input_html = $this->get_field_input_html_hook( $this->field );
|
525 |
$this->add_aria_description( $args, $input_html );
|
526 |
+
$this->add_extra_html_atts( $args, $input_html );
|
527 |
|
528 |
return '<input type="' . esc_attr( $field_type ) . '" id="' . esc_attr( $args['html_id'] ) . '" name="' . esc_attr( $args['field_name'] ) . '" value="' . esc_attr( $this->field['value'] ) . '" ' . $input_html . '/>';
|
529 |
}
|
533 |
return $frm_settings->use_html ? $this->type : 'text';
|
534 |
}
|
535 |
|
536 |
+
/**
|
537 |
+
* Add paramters to an input value as an alterntative to
|
538 |
+
* using the frm_field_input_html hook
|
539 |
+
*
|
540 |
+
* @since 3.01.03
|
541 |
+
*/
|
542 |
+
protected function add_extra_html_atts( $args, &$input_html ) {
|
543 |
+
// override from other fields
|
544 |
+
}
|
545 |
+
|
546 |
+
/**
|
547 |
+
* @since 3.01.03
|
548 |
+
*/
|
549 |
+
protected function add_min_max( $args, &$input_html ) {
|
550 |
+
$frm_settings = FrmAppHelper::get_settings();
|
551 |
+
if ( ! $frm_settings->use_html ) {
|
552 |
+
return;
|
553 |
+
}
|
554 |
+
|
555 |
+
$min = FrmField::get_option( $this->field, 'minnum' );
|
556 |
+
if ( ! is_numeric( $min ) ) {
|
557 |
+
$min = 0;
|
558 |
+
}
|
559 |
+
|
560 |
+
$max = FrmField::get_option( $this->field, 'maxnum' );
|
561 |
+
if ( ! is_numeric( $max ) ) {
|
562 |
+
$max = 9999999;
|
563 |
+
}
|
564 |
+
|
565 |
+
$step = FrmField::get_option( $this->field, 'step' );
|
566 |
+
if ( ! is_numeric( $step ) && $step !== 'any' ) {
|
567 |
+
$step = 1;
|
568 |
+
}
|
569 |
+
|
570 |
+
$input_html .= ' min="' . esc_attr( $min ) . '" max="' . esc_attr( $max ) . '" step="' . esc_attr( $step ) . '"';
|
571 |
+
}
|
572 |
+
|
573 |
protected function maybe_include_hidden_values( $args ) {
|
574 |
$hidden = '';
|
575 |
$is_read_only = FrmField::is_read_only( $this->field ) && ! FrmAppHelper::is_admin();
|
classes/models/fields/FrmFieldUserID.php
CHANGED
@@ -41,7 +41,7 @@ class FrmFieldUserID extends FrmFieldType {
|
|
41 |
|
42 |
$user_ID = get_current_user_id();
|
43 |
$user_ID = ( $user_ID ? $user_ID : '' );
|
44 |
-
$posted_value = ( FrmAppHelper::is_admin() && $_POST && isset( $_POST['item_meta'][ $this->field['id'] ] ) );
|
45 |
$updating = ( isset( $args['action'] ) && $args['action'] == 'update' );
|
46 |
$value = ( is_numeric( $this->field['value'] ) || $posted_value || $updating ) ? $this->field['value'] : $user_ID;
|
47 |
|
41 |
|
42 |
$user_ID = get_current_user_id();
|
43 |
$user_ID = ( $user_ID ? $user_ID : '' );
|
44 |
+
$posted_value = ( FrmAppHelper::is_admin() && $_POST && isset( $_POST['item_meta'][ $this->field['id'] ] ) ); // WPCS: CSRF ok.
|
45 |
$updating = ( isset( $args['action'] ) && $args['action'] == 'update' );
|
46 |
$value = ( is_numeric( $this->field['value'] ) || $posted_value || $updating ) ? $this->field['value'] : $user_ID;
|
47 |
|
classes/views/frm-entries/_sidebar-shared-pub.php
CHANGED
@@ -7,7 +7,7 @@ if ( ! isset( $entry ) ) {
|
|
7 |
<span id="timestamp">
|
8 |
<?php
|
9 |
$date_format = __( 'M j, Y @ G:i' );
|
10 |
-
printf( esc_html__( 'Published on: %1$s' ), '<b>' . FrmAppHelper::get_localized_date( $date_format, $entry->created_at ) . '</b>' );
|
11 |
?>
|
12 |
</span>
|
13 |
</div>
|
7 |
<span id="timestamp">
|
8 |
<?php
|
9 |
$date_format = __( 'M j, Y @ G:i' );
|
10 |
+
printf( esc_html__( 'Published on: %1$s' ), '<b>' . esc_html( FrmAppHelper::get_localized_date( $date_format, $entry->created_at ) ) . '</b>' );
|
11 |
?>
|
12 |
</span>
|
13 |
</div>
|
classes/views/frm-entries/direct.php
CHANGED
@@ -7,7 +7,7 @@
|
|
7 |
<?php wp_head(); ?>
|
8 |
</head>
|
9 |
<body class="frm_preview_page">
|
10 |
-
<?php echo FrmFormsController::show_form( $form->id, '', true, true ); ?>
|
11 |
<?php wp_footer(); ?>
|
12 |
</body>
|
13 |
</html>
|
7 |
<?php wp_head(); ?>
|
8 |
</head>
|
9 |
<body class="frm_preview_page">
|
10 |
+
<?php echo FrmFormsController::show_form( $form->id, '', true, true ); // WPCS: XSS ok. ?>
|
11 |
<?php wp_footer(); ?>
|
12 |
</body>
|
13 |
</html>
|
classes/views/frm-entries/errors.php
CHANGED
@@ -12,7 +12,7 @@ if ( isset( $message ) && $message != '' ) {
|
|
12 |
FrmFormsHelper::maybe_get_scroll_js( $form->id );
|
13 |
|
14 |
// we need to allow scripts here for javascript in the success message
|
15 |
-
echo $message;
|
16 |
}
|
17 |
}
|
18 |
|
12 |
FrmFormsHelper::maybe_get_scroll_js( $form->id );
|
13 |
|
14 |
// we need to allow scripts here for javascript in the success message
|
15 |
+
echo $message; // WPCS: XSS ok.
|
16 |
}
|
17 |
}
|
18 |
|
classes/views/frm-entries/form.php
CHANGED
@@ -1,6 +1,6 @@
|
|
1 |
<?php
|
2 |
if ( empty( $values ) || ! isset( $values['fields'] ) || empty( $values['fields'] ) ) { ?>
|
3 |
-
<div class="frm_forms <?php echo FrmFormsHelper::get_form_style_class( $form ); ?>" id="frm_form_<?php echo esc_attr( $form->id ); ?>_container">
|
4 |
<div class="frm_error_style"><strong><?php esc_html_e( 'Oops!', 'formidable' ) ?></strong> <?php printf( esc_html__( 'You did not add any fields to your form. %1$sGo back%2$s and add some.', 'formidable' ), '<a href="' . esc_url( admin_url( '?page=formidable&frm_action=edit&id=' . $form->id ) ) . '">', '</a>' ) ?>
|
5 |
</div>
|
6 |
</div>
|
@@ -17,8 +17,8 @@ $frm_hide_fields = FrmAppHelper::get_post_param( 'frm_hide_fields_' . $form->id,
|
|
17 |
?>
|
18 |
<div class="frm_form_fields <?php echo esc_attr( apply_filters( 'frm_form_fields_class', '', $values ) ); ?>">
|
19 |
<fieldset>
|
20 |
-
<?php echo FrmFormsHelper::replace_shortcodes( $values['before_html'], $form, $title, $description ); ?>
|
21 |
-
<div <?php echo wp_strip_all_tags( apply_filters( 'frm_fields_container_class', 'class="frm_fields_container"' ) ); ?>>
|
22 |
<?php do_action( 'frm_after_title', compact( 'form' ) ); ?>
|
23 |
<input type="hidden" name="frm_action" value="<?php echo esc_attr( $form_action ); ?>" />
|
24 |
<input type="hidden" name="form_id" value="<?php echo esc_attr( $form->id ); ?>" />
|
@@ -63,7 +63,7 @@ if ( isset( $frm_vars['collapse_div'] ) && $frm_vars['collapse_div'] ) {
|
|
63 |
unset( $frm_vars['collapse_div'] );
|
64 |
}
|
65 |
|
66 |
-
echo FrmFormsHelper::replace_shortcodes( $values['after_html'], $form );
|
67 |
|
68 |
if ( FrmForm::show_submit( $form ) ) {
|
69 |
|
1 |
<?php
|
2 |
if ( empty( $values ) || ! isset( $values['fields'] ) || empty( $values['fields'] ) ) { ?>
|
3 |
+
<div class="frm_forms <?php echo esc_attr( FrmFormsHelper::get_form_style_class( $form ) ); ?>" id="frm_form_<?php echo esc_attr( $form->id ); ?>_container">
|
4 |
<div class="frm_error_style"><strong><?php esc_html_e( 'Oops!', 'formidable' ) ?></strong> <?php printf( esc_html__( 'You did not add any fields to your form. %1$sGo back%2$s and add some.', 'formidable' ), '<a href="' . esc_url( admin_url( '?page=formidable&frm_action=edit&id=' . $form->id ) ) . '">', '</a>' ) ?>
|
5 |
</div>
|
6 |
</div>
|
17 |
?>
|
18 |
<div class="frm_form_fields <?php echo esc_attr( apply_filters( 'frm_form_fields_class', '', $values ) ); ?>">
|
19 |
<fieldset>
|
20 |
+
<?php echo FrmFormsHelper::replace_shortcodes( $values['before_html'], $form, $title, $description ); // WPCS: XSS ok. ?>
|
21 |
+
<div <?php echo wp_strip_all_tags( apply_filters( 'frm_fields_container_class', 'class="frm_fields_container"' ) ); // WPCS: XSS ok. ?>>
|
22 |
<?php do_action( 'frm_after_title', compact( 'form' ) ); ?>
|
23 |
<input type="hidden" name="frm_action" value="<?php echo esc_attr( $form_action ); ?>" />
|
24 |
<input type="hidden" name="form_id" value="<?php echo esc_attr( $form->id ); ?>" />
|
63 |
unset( $frm_vars['collapse_div'] );
|
64 |
}
|
65 |
|
66 |
+
echo FrmFormsHelper::replace_shortcodes( $values['after_html'], $form ); // WPCS: XSS ok.
|
67 |
|
68 |
if ( FrmForm::show_submit( $form ) ) {
|
69 |
|
classes/views/frm-entries/new.php
CHANGED
@@ -1,6 +1,6 @@
|
|
1 |
-
<div class="frm_forms <?php echo esc_attr( FrmFormsHelper::get_form_style_class( $values ) ); ?>" id="frm_form_<?php echo esc_attr( $form->id ) ?>_container" <?php echo wp_strip_all_tags( apply_filters( 'frm_form_div_attributes', '', $form ) ); ?>>
|
2 |
<?php if ( ! isset( $include_form_tag ) || $include_form_tag ) { ?>
|
3 |
-
<form enctype="<?php echo esc_attr( apply_filters( 'frm_form_enctype', 'multipart/form-data', $form ) ) ?>" method="post" class="frm-show-form <?php do_action( 'frm_form_classes', $form ) ?>" id="form_<?php echo esc_attr( $form->form_key ) ?>" <?php echo $frm_settings->use_html ? '' : 'action=""'; ?> <?php echo wp_strip_all_tags( apply_filters( 'frm_form_attributes', '', $form ) ); ?>>
|
4 |
<?php } else { ?>
|
5 |
<div id="form_<?php echo esc_attr( $form->form_key ) ?>" class="frm-show-form <?php do_action( 'frm_form_classes', $form ) ?>" >
|
6 |
<?php
|
1 |
+
<div class="frm_forms <?php echo esc_attr( FrmFormsHelper::get_form_style_class( $values ) ); ?>" id="frm_form_<?php echo esc_attr( $form->id ) ?>_container" <?php echo wp_strip_all_tags( apply_filters( 'frm_form_div_attributes', '', $form ) ); // WPCS: XSS ok. ?>>
|
2 |
<?php if ( ! isset( $include_form_tag ) || $include_form_tag ) { ?>
|
3 |
+
<form enctype="<?php echo esc_attr( apply_filters( 'frm_form_enctype', 'multipart/form-data', $form ) ) ?>" method="post" class="frm-show-form <?php do_action( 'frm_form_classes', $form ) ?>" id="form_<?php echo esc_attr( $form->form_key ) ?>" <?php echo $frm_settings->use_html ? '' : 'action=""'; ?> <?php echo wp_strip_all_tags( apply_filters( 'frm_form_attributes', '', $form ) ); // WPCS: XSS ok. ?>>
|
4 |
<?php } else { ?>
|
5 |
<div id="form_<?php echo esc_attr( $form->form_key ) ?>" class="frm-show-form <?php do_action( 'frm_form_classes', $form ) ?>" >
|
6 |
<?php
|
classes/views/frm-entries/no_entries.php
CHANGED
@@ -1,12 +1,12 @@
|
|
1 |
<div class="frmcenter frm_no_entries_form">
|
2 |
<?php if ( $form && isset( $form->options['no_save'] ) && $form->options['no_save'] ) { ?>
|
3 |
<h3><?php esc_html_e( 'This form is not set to save any entries.', 'formidable' ) ?></h3>
|
4 |
-
<p><?php printf(
|
5 |
<?php } elseif ( $form ) { ?>
|
6 |
-
<div class="frm_no_entries_header"><?php printf(
|
7 |
-
<p class="frm_no_entries_text"><?php printf(
|
8 |
<?php } else { ?>
|
9 |
<div class="frm_no_entries_header"><?php esc_html_e( 'You have not created any forms yet.', 'formidable' ); ?></div>
|
10 |
-
<p class="frm_no_entries_text"><?php printf(
|
11 |
<?php } ?>
|
12 |
</div>
|
1 |
<div class="frmcenter frm_no_entries_form">
|
2 |
<?php if ( $form && isset( $form->options['no_save'] ) && $form->options['no_save'] ) { ?>
|
3 |
<h3><?php esc_html_e( 'This form is not set to save any entries.', 'formidable' ) ?></h3>
|
4 |
+
<p><?php printf( esc_html__( 'If you would like to save entries in this form, go to the %1$sform Settings%2$s page %3$s and uncheck the "Do not store any entries submitted from this form" box.', 'formidable' ), '<a href="' . esc_url( admin_url( 'admin.php?page=formidable&frm_action=settings&id=' . $form->id ) ) . '">', '</a>', '</br>' ) ?></p>
|
5 |
<?php } elseif ( $form ) { ?>
|
6 |
+
<div class="frm_no_entries_header"><?php printf( esc_html__( 'No Entries for form: %s', 'formidable' ), esc_html( $form->name ) ); ?></div>
|
7 |
+
<p class="frm_no_entries_text"><?php printf( esc_html__( 'See the %1$sform documentation%2$s for instructions on publishing your form', 'formidable' ), '<a href="https://formidableforms.com/knowledgebase/publish-your-forms/" target="_blank">', '</a>' ); ?></p>
|
8 |
<?php } else { ?>
|
9 |
<div class="frm_no_entries_header"><?php esc_html_e( 'You have not created any forms yet.', 'formidable' ); ?></div>
|
10 |
+
<p class="frm_no_entries_text"><?php printf( esc_html__( 'To view entries, you must first %1$sbuild a form%2$s', 'formidable' ), '<a href="' . esc_url( admin_url( 'admin.php?page=formidable&frm_action=new' ) ) . '">', '</a>' ); ?></p>
|
11 |
<?php } ?>
|
12 |
</div>
|
classes/views/frm-entries/show.php
CHANGED
@@ -49,7 +49,7 @@
|
|
49 |
'embedded_field_id' => $embedded_field_id,
|
50 |
);
|
51 |
$display_value = FrmEntriesHelper::prepare_display_value( $entry, $field, $atts );
|
52 |
-
echo $display_value;
|
53 |
|
54 |
if ( is_email( $display_value ) && ! in_array( $display_value, $to_emails ) ) {
|
55 |
$to_emails[] = $display_value;
|
49 |
'embedded_field_id' => $embedded_field_id,
|
50 |
);
|
51 |
$display_value = FrmEntriesHelper::prepare_display_value( $entry, $field, $atts );
|
52 |
+
echo $display_value; // WPCS: XSS ok.
|
53 |
|
54 |
if ( is_email( $display_value ) && ! in_array( $display_value, $to_emails ) ) {
|
55 |
$to_emails[] = $display_value;
|
classes/views/frm-entries/sidebar-shared.php
CHANGED
@@ -36,21 +36,21 @@
|
|
36 |
<div class="misc-pub-section">
|
37 |
<span class="dashicons dashicons-post-status wp-media-buttons-icon"></span>
|
38 |
<?php esc_html_e( 'Entry Key', 'formidable' ) ?>:
|
39 |
-
<b><?php echo
|
40 |
</div>
|
41 |
|
42 |
<?php if ( FrmAppHelper::pro_is_installed() ) { ?>
|
43 |
<?php if ( $entry->user_id ) { ?>
|
44 |
<div class="misc-pub-section">
|
45 |
<span class="dashicons dashicons-admin-users wp-media-buttons-icon"></span>
|
46 |
-
<?php printf(
|
47 |
</div>
|
48 |
<?php } ?>
|
49 |
|
50 |
<?php if ( $entry->updated_by && $entry->updated_by != $entry->user_id ) { ?>
|
51 |
<div class="misc-pub-section">
|
52 |
<span class="dashicons dashicons-admin-users wp-media-buttons-icon"></span>
|
53 |
-
<?php printf( esc_html__( 'Updated by: %1$s', 'formidable' ), FrmFieldsHelper::get_user_display_name( $entry->updated_by, 'display_name', array( 'link' => true ) ) ); ?>
|
54 |
</div>
|
55 |
<?php } ?>
|
56 |
<?php } ?>
|
@@ -64,7 +64,7 @@
|
|
64 |
<?php if ( ! empty( $entry->ip ) ) { ?>
|
65 |
<div class="misc-pub-section">
|
66 |
<?php esc_html_e( 'IP Address', 'formidable' ) ?>:
|
67 |
-
<b><?php echo
|
68 |
</div>
|
69 |
<?php } ?>
|
70 |
|
@@ -89,7 +89,7 @@
|
|
89 |
}
|
90 |
?>
|
91 |
<div class="misc-pub-section">
|
92 |
-
<b><?php echo
|
93 |
<?php echo wp_kses_post( implode( ', ', (array) $d ) ); ?>
|
94 |
</div>
|
95 |
<?php
|
36 |
<div class="misc-pub-section">
|
37 |
<span class="dashicons dashicons-post-status wp-media-buttons-icon"></span>
|
38 |
<?php esc_html_e( 'Entry Key', 'formidable' ) ?>:
|
39 |
+
<b><?php echo esc_html( $entry->item_key ) ?></b>
|
40 |
</div>
|
41 |
|
42 |
<?php if ( FrmAppHelper::pro_is_installed() ) { ?>
|
43 |
<?php if ( $entry->user_id ) { ?>
|
44 |
<div class="misc-pub-section">
|
45 |
<span class="dashicons dashicons-admin-users wp-media-buttons-icon"></span>
|
46 |
+
<?php printf( esc_html__( 'Created by: %1$s', 'formidable' ), esc_html( FrmFieldsHelper::get_user_display_name( $entry->user_id, 'display_name', array( 'link' => true ) ) ) ); ?>
|
47 |
</div>
|
48 |
<?php } ?>
|
49 |
|
50 |
<?php if ( $entry->updated_by && $entry->updated_by != $entry->user_id ) { ?>
|
51 |
<div class="misc-pub-section">
|
52 |
<span class="dashicons dashicons-admin-users wp-media-buttons-icon"></span>
|
53 |
+
<?php printf( esc_html__( 'Updated by: %1$s', 'formidable' ), esc_html( FrmFieldsHelper::get_user_display_name( $entry->updated_by, 'display_name', array( 'link' => true ) ) ) ); ?>
|
54 |
</div>
|
55 |
<?php } ?>
|
56 |
<?php } ?>
|
64 |
<?php if ( ! empty( $entry->ip ) ) { ?>
|
65 |
<div class="misc-pub-section">
|
66 |
<?php esc_html_e( 'IP Address', 'formidable' ) ?>:
|
67 |
+
<b><?php echo esc_html( $entry->ip ); ?></b>
|
68 |
</div>
|
69 |
<?php } ?>
|
70 |
|
89 |
}
|
90 |
?>
|
91 |
<div class="misc-pub-section">
|
92 |
+
<b><?php echo esc_html( ucfirst( str_replace( '-', ' ', $k ) ) ); ?></b>:
|
93 |
<?php echo wp_kses_post( implode( ', ', (array) $d ) ); ?>
|
94 |
</div>
|
95 |
<?php
|
classes/views/frm-fields/back-end/ajax-field-placeholder.php
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
<li id="frm_field_id_<?php echo esc_attr( $field_object->id ); ?>" class="<?php echo esc_attr( $li_classes ) ?> frm_field_loading" data-fid="<?php echo esc_attr( $field_object->id ) ?>" data-formid="<?php echo esc_attr( 'divider' == $field_object->type ? FrmField::get_option( $field_object, 'form_select' ) : $field_object->form_id ); ?>" data-ftype="<?php echo esc_attr( $display['type'] ) ?>">
|
2 |
<span class="spinner frm_visible_spinner"></span>
|
3 |
-
<span class="frm_hidden_fdata frm_hidden"><?php echo htmlspecialchars( json_encode( $field_object ) ) ?></span>
|
4 |
</li>
|
1 |
<li id="frm_field_id_<?php echo esc_attr( $field_object->id ); ?>" class="<?php echo esc_attr( $li_classes ) ?> frm_field_loading" data-fid="<?php echo esc_attr( $field_object->id ) ?>" data-formid="<?php echo esc_attr( 'divider' == $field_object->type ? FrmField::get_option( $field_object, 'form_select' ) : $field_object->form_id ); ?>" data-ftype="<?php echo esc_attr( $display['type'] ) ?>">
|
2 |
<span class="spinner frm_visible_spinner"></span>
|
3 |
+
<span class="frm_hidden_fdata frm_hidden"><?php echo htmlspecialchars( json_encode( $field_object ) ); // WPCS: XSS ok. ?></span>
|
4 |
</li>
|
classes/views/frm-fields/back-end/dropdown-field.php
CHANGED
@@ -1,7 +1,7 @@
|
|
1 |
<?php
|
2 |
|
3 |
if ( isset( $field['post_field'] ) && 'post_category' === $field['post_field'] && FrmAppHelper::pro_is_installed() ) {
|
4 |
-
echo FrmProPost::get_category_dropdown( $field, array(
|
5 |
'name' => $field_name,
|
6 |
'id' => 'placeholder_id',
|
7 |
'location' => 'form_builder',
|
@@ -16,7 +16,7 @@ if ( isset( $field['post_field'] ) && 'post_category' === $field['post_field'] &
|
|
16 |
$opt = FrmFieldsHelper::get_label_from_array( $opt, $opt_key, $field );
|
17 |
$selected = ( $field['default_value'] === $field_val || FrmFieldsHelper::get_other_val( array( 'opt_key', 'field' ) ) ) ? ' selected="selected"' : '';
|
18 |
?>
|
19 |
-
<option value="<?php echo esc_attr( $field_val ) ?>"<?php echo $selected ?>><?php echo esc_html( $opt ) ?> </option>
|
20 |
<?php } ?>
|
21 |
</select>
|
22 |
<?php } ?>
|
1 |
<?php
|
2 |
|
3 |
if ( isset( $field['post_field'] ) && 'post_category' === $field['post_field'] && FrmAppHelper::pro_is_installed() ) {
|
4 |
+
echo FrmProPost::get_category_dropdown( $field, array( // WPCS: XSS ok.
|
5 |
'name' => $field_name,
|
6 |
'id' => 'placeholder_id',
|
7 |
'location' => 'form_builder',
|
16 |
$opt = FrmFieldsHelper::get_label_from_array( $opt, $opt_key, $field );
|
17 |
$selected = ( $field['default_value'] === $field_val || FrmFieldsHelper::get_other_val( array( 'opt_key', 'field' ) ) ) ? ' selected="selected"' : '';
|
18 |
?>
|
19 |
+
<option value="<?php echo esc_attr( $field_val ) ?>"<?php echo $selected; // WPCS: XSS ok. ?>><?php echo esc_html( $opt ) ?> </option>
|
20 |
<?php } ?>
|
21 |
</select>
|
22 |
<?php } ?>
|
classes/views/frm-fields/back-end/field-captcha.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
$frm_settings = FrmAppHelper::get_settings();
|
3 |
if ( empty( $frm_settings->pubkey ) ) {
|
4 |
?>
|
5 |
-
<div class="howto frm_no_captcha_text"><?php printf(
|
6 |
<?php } ?>
|
7 |
<img src="<?php echo esc_url( FrmAppHelper::plugin_url() . '/images/recaptcha.png' ) ?>" class="recaptcha_placeholder" alt="reCaptcha"/>
|
8 |
<input type="hidden" name="<?php echo esc_attr( $field_name ) ?>" value="1" />
|
2 |
$frm_settings = FrmAppHelper::get_settings();
|
3 |
if ( empty( $frm_settings->pubkey ) ) {
|
4 |
?>
|
5 |
+
<div class="howto frm_no_captcha_text"><?php printf( esc_html__( 'Your captcha will not appear on your form until you %1$sset up%2$s the Site and Secret Keys', 'formidable' ), '<a href="?page=formidable-settings">', '</a>' ); ?></div>
|
6 |
<?php } ?>
|
7 |
<img src="<?php echo esc_url( FrmAppHelper::plugin_url() . '/images/recaptcha.png' ) ?>" class="recaptcha_placeholder" alt="reCaptcha"/>
|
8 |
<input type="hidden" name="<?php echo esc_attr( $field_name ) ?>" value="1" />
|