Forminator Payment, Quiz and Contact Form Plugin

Version Description

Security Fix: Patch authenticated stored XSS

Release Info

Developer	alerzhus
Plugin	Forminator Payment, Quiz and Contact Form Plugin
Version	1.11.3
Comparing to
See all releases

Code changes from version 1.11.2 to 1.11.3

Files changed (29) hide show

forminator.php +2 -2
languages/forminator.pot +16 -16
library/abstracts/abstract-class-field.php +12 -12
library/fields/address.php +1 -1
library/fields/calculation.php +3 -3
library/fields/currency.php +9 -9
library/fields/custom.php +4 -4
library/fields/date.php +9 -12
library/fields/email.php +3 -3
library/fields/gdprcheckbox.php +2 -2
library/fields/hidden.php +2 -2
library/fields/html.php +1 -1
library/fields/multivalue.php +4 -4
library/fields/name.php +13 -13
library/fields/number.php +5 -5
library/fields/paypal.php +5 -5
library/fields/phone.php +13 -8
library/fields/postdata.php +4 -4
library/fields/radio.php +4 -4
library/fields/section.php +2 -2
library/fields/select.php +29 -29
library/fields/stripe.php +4 -4
library/fields/text.php +3 -3
library/fields/textarea.php +3 -3
library/fields/time.php +3 -3
library/fields/upload.php +2 -2
library/fields/website.php +3 -4
library/modules/custom-forms/front/front-render.php +1 -1
readme.txt +6 -2

forminator.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/**
3	* Plugin Name: Forminator
4	- * Version: 1.11.2
5	* Plugin URI: https://premium.wpmudev.org/project/forminator/
6	* Description: Capture user information (as detailed as you like), engage users with interactive polls that show real-time results and graphs, “no wrong answer” Facebook-style quizzes and knowledge tests.
7	* Author: WPMU DEV
	@@ -34,7 +34,7 @@ if ( ! defined( 'ABSPATH' ) ) {
34	}
35
36	if ( ! defined( 'FORMINATOR_VERSION' ) ) {
37	- define( 'FORMINATOR_VERSION', '1.11.2' );
38	}
39
40	if ( ! defined( 'FORMINATOR_SUI_VERSION' ) ) {


1	<?php
2	/**
3	* Plugin Name: Forminator
4	+ * Version: 1.11.3
5	* Plugin URI: https://premium.wpmudev.org/project/forminator/
6	* Description: Capture user information (as detailed as you like), engage users with interactive polls that show real-time results and graphs, “no wrong answer” Facebook-style quizzes and knowledge tests.
7	* Author: WPMU DEV

34	}
35
36	if ( ! defined( 'FORMINATOR_VERSION' ) ) {
37	+ define( 'FORMINATOR_VERSION', '1.11.3' );
38	}
39
40	if ( ! defined( 'FORMINATOR_SUI_VERSION' ) ) {

languages/forminator.pot CHANGED Viewed

	@@ -2,9 +2,9 @@
2	# This file is distributed under the same license as the Forminator package.
3	msgid ""
4	msgstr ""
5	- "Project-Id-Version: Forminator 1.11.2\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/forminator\n"
7	- "POT-Creation-Date: 2020-02-06 11:30:50+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=utf-8\n"
10	"Content-Transfer-Encoding: 8bit\n"
	@@ -11490,24 +11490,24 @@ msgstr ""
11490	msgid "E.g. 01"
11491	msgstr ""
11492
11493	- #: library/fields/date.php:~~924~~
11494	msgid "This field is required."
11495	msgstr ""
11496
11497	- #: library/fields/date.php:~~944~~
11498	msgid "Not valid date"
11499	msgstr ""
11500
11501	- #: library/fields/date.php:~~1003~~
11502	msgid "This field is required. Please enter a valid date"
11503	msgstr ""
11504
11505	- #: library/fields/date.php:~~1041~~
11506	msgid "Please enter a valid date"
11507	msgstr ""
11508
11509	- #: library/fields/date.php:~~1057~~ library/fields/date.php:~~1065~~
11510	- #: library/fields/date.php:~~1073~~
11511	msgid "Please enter a valid year"
11512	msgstr ""
11513
	@@ -11652,27 +11652,27 @@ msgstr ""
11652	msgid "Please make sure the number has an international format."
11653	msgstr ""
11654
11655	- #: library/fields/phone.php:~~319~~ library/fields/phone.php:~~405~~
11656	msgid "This field is required. Please input a phone number"
11657	msgstr ""
11658
11659	- #: library/fields/phone.php:~~344~~
11660	msgid "Please input a valid phone number"
11661	msgstr ""
11662
11663	- #: library/fields/phone.php:~~354~~ library/fields/phone.php:~~442~~
11664	msgid "You exceeded the allowed amount of numbers. Please check again"
11665	msgstr ""
11666
11667	- #: library/fields/phone.php:~~364~~
11668	msgid "Please input a valid international phone number"
11669	msgstr ""
11670
11671	- #: library/fields/phone.php:~~376~~ library/fields/phone.php:~~475~~
11672	msgid "Please enter a valid phone number."
11673	msgstr ""
11674
11675	- #: library/fields/phone.php:~~462~~
11676	msgid "Invalid phone number. %s"
11677	msgstr ""
11678
	@@ -11814,11 +11814,11 @@ msgstr ""
11814	msgid "E.g. http://www.example.com"
11815	msgstr ""
11816
11817	- #: library/fields/website.php:~~222~~ library/fields/website.php:~~279~~
11818	msgid "This field is required. Please input a valid URL"
11819	msgstr ""
11820
11821	- #: library/fields/website.php:~~242~~
11822	msgid "Please enter a valid Website URL (e.g. https://premium.wpmudev.org/)."
11823	msgstr ""
11824


2	# This file is distributed under the same license as the Forminator package.
3	msgid ""
4	msgstr ""
5	+ "Project-Id-Version: Forminator 1.11.3\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/forminator\n"
7	+ "POT-Creation-Date: 2020-02-27 23:54:20+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=utf-8\n"
10	"Content-Transfer-Encoding: 8bit\n"

11490	msgid "E.g. 01"
11491	msgstr ""
11492
11493	+ #: library/fields/date.php:921
11494	msgid "This field is required."
11495	msgstr ""
11496
11497	+ #: library/fields/date.php:941
11498	msgid "Not valid date"
11499	msgstr ""
11500
11501	+ #: library/fields/date.php:1000
11502	msgid "This field is required. Please enter a valid date"
11503	msgstr ""
11504
11505	+ #: library/fields/date.php:1038
11506	msgid "Please enter a valid date"
11507	msgstr ""
11508
11509	+ #: library/fields/date.php:1054 library/fields/date.php:1062
11510	+ #: library/fields/date.php:1070
11511	msgid "Please enter a valid year"
11512	msgstr ""
11513

11652	msgid "Please make sure the number has an international format."
11653	msgstr ""
11654
11655	+ #: library/fields/phone.php:323 library/fields/phone.php:410
11656	msgid "This field is required. Please input a phone number"
11657	msgstr ""
11658
11659	+ #: library/fields/phone.php:348
11660	msgid "Please input a valid phone number"
11661	msgstr ""
11662
11663	+ #: library/fields/phone.php:358 library/fields/phone.php:447
11664	msgid "You exceeded the allowed amount of numbers. Please check again"
11665	msgstr ""
11666
11667	+ #: library/fields/phone.php:368
11668	msgid "Please input a valid international phone number"
11669	msgstr ""
11670
11671	+ #: library/fields/phone.php:380 library/fields/phone.php:480
11672	msgid "Please enter a valid phone number."
11673	msgstr ""
11674
11675	+ #: library/fields/phone.php:467
11676	msgid "Invalid phone number. %s"
11677	msgstr ""
11678

11814	msgid "E.g. http://www.example.com"
11815	msgstr ""
11816
11817	+ #: library/fields/website.php:221 library/fields/website.php:278
11818	msgid "This field is required. Please input a valid URL"
11819	msgstr ""
11820
11821	+ #: library/fields/website.php:241
11822	msgid "Please enter a valid Website URL (e.g. https://premium.wpmudev.org/)."
11823	msgstr ""
11824

library/abstracts/abstract-class-field.php CHANGED Viewed

	@@ -234,7 +234,7 @@ abstract class Forminator_Field {
234	$html .= sprintf(
235	'<span class="forminator-description" aria-describedby="%s">%s</span>',
236	$get_id,
237	- $description
238	);
239
240	}
	@@ -282,7 +282,7 @@ abstract class Forminator_Field {
282	$html .= sprintf(
283	'<label for="%s" class="forminator-label">%s %s</label>',
284	$get_id,
285	- $label,
286	forminator_get_required_icon()
287	);
288
	@@ -291,7 +291,7 @@ abstract class Forminator_Field {
291	$html .= sprintf(
292	'<label for="%s" class="forminator-label">%s</label>',
293	$get_id,
294	- $label
295	);
296
297	}
	@@ -313,7 +313,7 @@ abstract class Forminator_Field {
313	}
314
315	if ( ! empty( $description ) \|\| '' !== $description ) {
316	- $html .= self::get_description( $description, $get_id );
317	}
318
319	return apply_filters( 'forminator_field_create_input', $html, $attr, $label, $description );
	@@ -354,7 +354,7 @@ abstract class Forminator_Field {
354	$html .= sprintf(
355	'<label for="%s" class="forminator-label">%s %s</label>',
356	$attr['id'],
357	- $label,
358	forminator_get_required_icon()
359	);
360
	@@ -363,7 +363,7 @@ abstract class Forminator_Field {
363	$html .= sprintf(
364	'<label for="%s" class="forminator-label">%s</label>',
365	$attr['id'],
366	- $label
367	);
368
369	}
	@@ -406,13 +406,13 @@ abstract class Forminator_Field {
406	if ( $required ) {
407
408	$html .= '<div class="forminator-field--label">';
409	- $html .= sprintf( '<label id="forminator-label-%s" class="forminator-label">%s %s</label>', $attr['id'], $label, forminator_get_required_icon() );
410	$html .= '</div>';
411
412	} else {
413
414	$html .= '<div class="forminator-field--label">';
415	- $html .= sprintf( '<label id="forminator-label-%s" class="forminator-label">%s</label>', $attr['id'], $label );
416	$html .= '</div>';
417
418	}
	@@ -504,7 +504,7 @@ abstract class Forminator_Field {
504	$html .= sprintf(
505	'<label for="%s" class="forminator-label">%s %s</label>',
506	$get_id,
507	- $label,
508	forminator_get_required_icon()
509	);
510
	@@ -513,7 +513,7 @@ abstract class Forminator_Field {
513	$html .= sprintf(
514	'<label for="%s" class="forminator-label">%s</label>',
515	$get_id,
516	- $label
517	);
518
519	}
	@@ -594,7 +594,7 @@ abstract class Forminator_Field {
594	if ( ( $option['value'] == $selected_value ) \|\| ( isset( $option['selected'] ) && $option['selected'] ) ) { // WPCS: loose comparison ok : possible compare '1' and 1.
595	$selected = 'selected="selected"';
596	}
597	- $html .= sprintf( '<option value="%s" %s>%s</option>', $option['value'], $selected, $option['label'] );
598	}
599
600	}
	@@ -1549,7 +1549,7 @@ abstract class Forminator_Field {
1549	// We have pre-fill parameter, use its value or $value
1550	$value = $this->get_prefill( $field, $default, $prefix );
1551
1552	- $attributes['value'] = $value;
1553	}
1554
1555	return $attributes;


234	$html .= sprintf(
235	'<span class="forminator-description" aria-describedby="%s">%s</span>',
236	$get_id,
237	+ esc_html( $description )
238	);
239
240	}

282	$html .= sprintf(
283	'<label for="%s" class="forminator-label">%s %s</label>',
284	$get_id,
285	+ esc_html( $label ),
286	forminator_get_required_icon()
287	);
288

291	$html .= sprintf(
292	'<label for="%s" class="forminator-label">%s</label>',
293	$get_id,
294	+ esc_html( $label )
295	);
296
297	}

313	}
314
315	if ( ! empty( $description ) \|\| '' !== $description ) {
316	+ $html .= self::get_description( esc_html( $description ), $get_id );
317	}
318
319	return apply_filters( 'forminator_field_create_input', $html, $attr, $label, $description );

354	$html .= sprintf(
355	'<label for="%s" class="forminator-label">%s %s</label>',
356	$attr['id'],
357	+ esc_html( $label ),
358	forminator_get_required_icon()
359	);
360

363	$html .= sprintf(
364	'<label for="%s" class="forminator-label">%s</label>',
365	$attr['id'],
366	+ esc_html( $label )
367	);
368
369	}

406	if ( $required ) {
407
408	$html .= '<div class="forminator-field--label">';
409	+ $html .= sprintf( '<label id="forminator-label-%s" class="forminator-label">%s %s</label>', $attr['id'], esc_html( $label ), forminator_get_required_icon() );
410	$html .= '</div>';
411
412	} else {
413
414	$html .= '<div class="forminator-field--label">';
415	+ $html .= sprintf( '<label id="forminator-label-%s" class="forminator-label">%s</label>', $attr['id'], esc_html( $label ) );
416	$html .= '</div>';
417
418	}

504	$html .= sprintf(
505	'<label for="%s" class="forminator-label">%s %s</label>',
506	$get_id,
507	+ esc_html( $label ),
508	forminator_get_required_icon()
509	);
510

513	$html .= sprintf(
514	'<label for="%s" class="forminator-label">%s</label>',
515	$get_id,
516	+ esc_html( $label )
517	);
518
519	}

594	if ( ( $option['value'] == $selected_value ) \|\| ( isset( $option['selected'] ) && $option['selected'] ) ) { // WPCS: loose comparison ok : possible compare '1' and 1.
595	$selected = 'selected="selected"';
596	}
597	+ $html .= sprintf( '<option value="%s" %s>%s</option>', esc_html( $option['value'] ), $selected, esc_html( $option['label'] ) );
598	}
599
600	}

1549	// We have pre-fill parameter, use its value or $value
1550	$value = $this->get_prefill( $field, $default, $prefix );
1551
1552	+ $attributes['value'] = esc_html( $value );
1553	}
1554
1555	return $attributes;

library/fields/address.php CHANGED Viewed

	@@ -507,7 +507,7 @@ class Forminator_Address extends Forminator_Field {
507	$html .= sprintf(
508	'<label for="%s" class="forminator-label">%s %s</label>',
509	$get_id,
510	- $label,
511	$required ? forminator_get_required_icon() : ''
512	);
513	}


507	$html .= sprintf(
508	'<label for="%s" class="forminator-label">%s %s</label>',
509	$get_id,
510	+ esc_html( $label ),
511	$required ? forminator_get_required_icon() : ''
512	);
513	}

library/fields/calculation.php CHANGED Viewed

	@@ -104,9 +104,9 @@ class Forminator_Calculation extends Forminator_Field {
104	$id = $id . '-field';
105	$required = self::get_property( 'required', $field, false );
106	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
107	- $value = self::get_post_data( $name, self::get_property( 'default_value', $field ) );
108	- $label = self::get_property( 'field_label', $field, '' );
109	- $description = self::get_property( 'description', $field, '' );
110	$design = $this->get_form_style( $settings );
111	$formula = self::get_property( 'formula', $field, '', 'str' );
112	$is_hidden = self::get_property( 'hidden', $field, false, 'bool' );


104	$id = $id . '-field';
105	$required = self::get_property( 'required', $field, false );
106	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
107	+ $value = esc_html( self::get_post_data( $name, self::get_property( 'default_value', $field ) ) );
108	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
109	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
110	$design = $this->get_form_style( $settings );
111	$formula = self::get_property( 'formula', $field, '', 'str' );
112	$is_hidden = self::get_property( 'hidden', $field, false, 'bool' );

library/fields/currency.php CHANGED Viewed

	@@ -154,12 +154,12 @@ class Forminator_Currency extends Forminator_Field {
154	$id = 'forminator-field-' . $id;
155	$required = self::get_property( 'required', $field, false );
156	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
157	- $value = self::get_post_data( $name, self::get_property( 'default_value', $field ) );
158	- $label = self::get_property( 'field_label', $field, '' );
159	- $description = self::get_property( 'description', $field, '' );
160	$design = $this->get_form_style( $settings );
161	- $min = self::get_property( 'limit_min', $field, false );
162	- $max = self::get_property( 'limit_max', $field, false );
163	$currency = self::get_property( 'currency', $field, 'USD' );
164	$precision = self::get_property( 'precision', $field, 2 );
165	$step = $this->create_step_string( $precision );
	@@ -223,8 +223,8 @@ class Forminator_Currency extends Forminator_Field {
223	public function get_validation_rules() {
224	$field = $this->field;
225	$id = self::get_property( 'element_id', $field );
226	- $min = self::get_property( 'limit_min', $field, false );
227	- $max = self::get_property( 'limit_max', $field, false );
228
229	$rules = '"' . $this->get_id( $field ) . '": {';
230
	@@ -254,8 +254,8 @@ class Forminator_Currency extends Forminator_Field {
254	*/
255	public function get_validation_messages() {
256	$field = $this->field;
257	- $min = self::get_property( 'limit_min', $field, false );
258	- $max = self::get_property( 'limit_max', $field, false );
259
260	$messages = '"' . $this->get_id( $field ) . '": {' . "\n";
261


154	$id = 'forminator-field-' . $id;
155	$required = self::get_property( 'required', $field, false );
156	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
157	+ $value = esc_html( self::get_post_data( $name, self::get_property( 'default_value', $field ) ) );
158	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
159	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
160	$design = $this->get_form_style( $settings );
161	+ $min = esc_html( self::get_property( 'limit_min', $field, false ) );
162	+ $max = esc_html( self::get_property( 'limit_max', $field, false ) );
163	$currency = self::get_property( 'currency', $field, 'USD' );
164	$precision = self::get_property( 'precision', $field, 2 );
165	$step = $this->create_step_string( $precision );

223	public function get_validation_rules() {
224	$field = $this->field;
225	$id = self::get_property( 'element_id', $field );
226	+ $min = esc_html( self::get_property( 'limit_min', $field, false ) );
227	+ $max = esc_html( self::get_property( 'limit_max', $field, false ) );
228
229	$rules = '"' . $this->get_id( $field ) . '": {';
230

254	*/
255	public function get_validation_messages() {
256	$field = $this->field;
257	+ $min = esc_html( self::get_property( 'limit_min', $field, false ) );
258	+ $max = esc_html( self::get_property( 'limit_max', $field, false ) );
259
260	$messages = '"' . $this->get_id( $field ) . '": {' . "\n";
261

library/fields/custom.php CHANGED Viewed

	@@ -185,12 +185,12 @@ class Forminator_Custom extends Forminator_Field {
185	$id = self::get_property( 'element_id', $field );
186	$name = $id;
187	$field_type = self::get_property( 'field_type', $field );
188	- $placeholder = self::get_property( 'placeholder', $field );
189	- $description = self::get_property( 'description', $field );
190	- $label = self::get_property( 'field_label', $field );
191	$id = $id . '-field';
192	$html = '';
193	- $default_value = self::get_property( 'default_value', $field );
194	$post_value = self::get_post_data( $name, false );
195
196	switch ( $field_type ) {


185	$id = self::get_property( 'element_id', $field );
186	$name = $id;
187	$field_type = self::get_property( 'field_type', $field );
188	+ $placeholder = esc_html( self::get_property( 'placeholder', $field ) );
189	+ $description = esc_html( self::get_property( 'description', $field ) );
190	+ $label = esc_html( self::get_property( 'field_label', $field ) );
191	$id = $id . '-field';
192	$html = '';
193	+ $default_value = esc_html( self::get_property( 'default_value', $field ) );
194	$post_value = self::get_post_data( $name, false );
195
196	switch ( $field_type ) {

library/fields/date.php CHANGED Viewed

	@@ -126,7 +126,7 @@ class Forminator_Date extends Forminator_Field {
126	$type = trim( self::get_property( 'field_type', $field ) );
127	$has_icon = self::get_property( 'icon', $field, false, 'bool' );
128	$has_icon = filter_var( $has_icon, FILTER_VALIDATE_BOOLEAN );
129	- $date_format = self::get_property( 'date_format', $field, 'm/d/Y' );
130	if( false !== strpos( $date_format, '-' ) ) {
131	$sep = '-';
132	} elseif ( false !== strpos( $date_format, '.' ) ) {
	@@ -136,8 +136,8 @@ class Forminator_Date extends Forminator_Field {
136	}
137	$formats = explode( $sep, $date_format );
138
139	- $min_year = self::get_property( 'min_year', $field, 1920 );
140	- $max_year = self::get_property( 'max_year', $field, 2120 );
141
142	$prefill = false;
143	$is_prefil_valid = false;
	@@ -188,7 +188,7 @@ class Forminator_Date extends Forminator_Field {
188	}
189
190	$default_value = '';
191	- $default_date = self::get_property( 'default_date', $field, false );
192
193	if ( 'today' === $default_date ) {
194	$datepicker_format = $this->normalize_date_format( $date_format );
	@@ -196,7 +196,7 @@ class Forminator_Date extends Forminator_Field {
196	}
197
198	if ( 'custom' === $default_date ) {
199	- $default_date_value = self::get_property( 'date', $field, '' );
200	$default_value = $default_date_value;
201	}
202
	@@ -258,18 +258,15 @@ class Forminator_Date extends Forminator_Field {
258
259	// Mark day, month and year required markup as false
260	$required = false;
261	-
262	}
263
264	- $default_date = self::get_property( 'default_date', $field, false );
265	- $default_date_value = self::get_property( 'date', $field, '' );
266
267	if ( $is_prefil_valid ) {
268	$default_value = $prefill;
269	}
270
271	-
272	-
273	if ( $is_prefil_valid ) {
274	$day = $parsed_date['day'];
275	$month = $parsed_date['month'];
	@@ -475,7 +472,7 @@ class Forminator_Date extends Forminator_Field {
475	$html .= sprintf(
476	'<label for="%s" class="forminator-label">%s %s</label>',
477	'forminator-field-' . $id,
478	- $label,
479	forminator_get_required_icon()
480	);
481
	@@ -484,7 +481,7 @@ class Forminator_Date extends Forminator_Field {
484	$html .= sprintf(
485	'<label for="%s" class="forminator-label">%s</label>',
486	'forminator-field-' . $id,
487	- $label
488	);
489
490	}


126	$type = trim( self::get_property( 'field_type', $field ) );
127	$has_icon = self::get_property( 'icon', $field, false, 'bool' );
128	$has_icon = filter_var( $has_icon, FILTER_VALIDATE_BOOLEAN );
129	+ $date_format = esc_html( self::get_property( 'date_format', $field, 'm/d/Y' ) );
130	if( false !== strpos( $date_format, '-' ) ) {
131	$sep = '-';
132	} elseif ( false !== strpos( $date_format, '.' ) ) {

136	}
137	$formats = explode( $sep, $date_format );
138
139	+ $min_year = esc_html( self::get_property( 'min_year', $field, 1920 ) );
140	+ $max_year = esc_html( self::get_property( 'max_year', $field, 2120 ) );
141
142	$prefill = false;
143	$is_prefil_valid = false;

188	}
189
190	$default_value = '';
191	+ $default_date = esc_html( self::get_property( 'default_date', $field, false ) );
192
193	if ( 'today' === $default_date ) {
194	$datepicker_format = $this->normalize_date_format( $date_format );

196	}
197
198	if ( 'custom' === $default_date ) {
199	+ $default_date_value = esc_html( self::get_property( 'date', $field, '' ) );
200	$default_value = $default_date_value;
201	}
202

258
259	// Mark day, month and year required markup as false
260	$required = false;

261	}
262
263	+ $default_date = esc_html( self::get_property( 'default_date', $field, false ) );
264	+ $default_date_value = esc_html( self::get_property( 'date', $field, '' ) );
265
266	if ( $is_prefil_valid ) {
267	$default_value = $prefill;
268	}
269


270	if ( $is_prefil_valid ) {
271	$day = $parsed_date['day'];
272	$month = $parsed_date['month'];

472	$html .= sprintf(
473	'<label for="%s" class="forminator-label">%s %s</label>',
474	'forminator-field-' . $id,
475	+ esc_html( $label ),
476	forminator_get_required_icon()
477	);
478

481	$html .= sprintf(
482	'<label for="%s" class="forminator-label">%s</label>',
483	'forminator-field-' . $id,
484	+ esc_html( $label )
485	);
486
487	}

library/fields/email.php CHANGED Viewed

	@@ -121,9 +121,9 @@ class Forminator_Email extends Forminator_Field {
121	$required = self::get_property( 'required', $field, false );
122	$ariareq = 'false';
123	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
124	- $value = self::get_property( 'value', $field );
125	- $label = self::get_property( 'field_label', $field );
126	- $description = self::get_property( 'description', $field );
127
128	if ( (bool) $required ) {
129	$ariareq = 'true';


121	$required = self::get_property( 'required', $field, false );
122	$ariareq = 'false';
123	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
124	+ $value = esc_html( self::get_property( 'value', $field ) );
125	+ $label = esc_html( self::get_property( 'field_label', $field ) );
126	+ $description = esc_html( self::get_property( 'description', $field ) );
127
128	if ( (bool) $required ) {
129	$ariareq = 'true';

library/fields/gdprcheckbox.php CHANGED Viewed

	@@ -105,9 +105,9 @@ class Forminator_GdprCheckbox extends Forminator_Field {
105	$html = '';
106	$id = self::get_property( 'element_id', $field );
107	$name = $id;
108	- $description = self::get_property( 'gdpr_description', $field );
109	$id = 'forminator-field-' . $id . '-' . uniqid();
110	- $label = self::get_property( 'field_label', $field );
111
112	$html .= '<div class="forminator-field">';
113


105	$html = '';
106	$id = self::get_property( 'element_id', $field );
107	$name = $id;
108	+ $description = esc_html( self::get_property( 'gdpr_description', $field ) );
109	$id = 'forminator-field-' . $id . '-' . uniqid();
110	+ $label = esc_html( self::get_property( 'field_label', $field ) );
111
112	$html .= '<div class="forminator-field">';
113

library/fields/hidden.php CHANGED Viewed

	@@ -104,8 +104,8 @@ class Forminator_Hidden extends Forminator_Field {
104	$id = self::get_property( 'element_id', $field );
105	$name = $id;
106	$required = self::get_property( 'required', $field, false );
107	- $placeholder = self::get_property( 'placeholder', $field );
108	- $value = $this->get_value( $field );
109
110	return sprintf( '<input type="hidden" id="%s" name="%s" value="%s" />', $id, $name, $value );
111	}


104	$id = self::get_property( 'element_id', $field );
105	$name = $id;
106	$required = self::get_property( 'required', $field, false );
107	+ $placeholder = esc_html( self::get_property( 'placeholder', $field ) );
108	+ $value = esc_html( $this->get_value( $field ) );
109
110	return sprintf( '<input type="hidden" id="%s" name="%s" value="%s" />', $id, $name, $value );
111	}

library/fields/html.php CHANGED Viewed

	@@ -97,7 +97,7 @@ class Forminator_Html extends Forminator_Field {
97	public function markup( $field, $settings = array() ) {
98
99	$html = '';
100	- $label = self::get_property( 'field_label', $field );
101	$id = self::get_property( 'element_id', $field );
102	$form_id = false;
103


97	public function markup( $field, $settings = array() ) {
98
99	$html = '';
100	+ $label = esc_html( self::get_property( 'field_label', $field ) );
101	$id = self::get_property( 'element_id', $field );
102	$form_id = false;
103

library/fields/multivalue.php CHANGED Viewed

	@@ -129,8 +129,8 @@ class Forminator_MultiValue extends Forminator_Field {
129	$required = self::get_property( 'required', $field, false );
130	$options = self::get_property( 'options', $field, array() );
131	$value_type = trim( isset( $field['value_type'] ) ? $field['value_type'] : "multiselect" );
132	- $description = self::get_property( 'description', $field, '' );
133	- $label = self::get_property( 'field_label', $field, '' );
134	$class = ( 'horizontal' === self::get_property( 'layout', $field, '' ) ) ? 'forminator-checkbox forminator-checkbox-inline' : 'forminator-checkbox';
135	$design = $this->get_form_style( $settings );
136	$calc_enabled = self::get_property( 'calculations', $field, false, 'bool' );
	@@ -147,7 +147,7 @@ class Forminator_MultiValue extends Forminator_Field {
147
148	foreach ( $options as $option ) {
149
150	- $value = $option['value'] ? $option['value'] : $option['label'];
151	$input_id = $id . '-' . $i . '-' . $uniq_id;
152	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
153	$calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;
	@@ -188,7 +188,7 @@ class Forminator_MultiValue extends Forminator_Field {
188
189	$html .= '<span aria-hidden="true"></span>';
190
191	- $html .= sprintf( '<span>%s</span>', $option['label'] );
192
193	$html .= '</label>';
194


129	$required = self::get_property( 'required', $field, false );
130	$options = self::get_property( 'options', $field, array() );
131	$value_type = trim( isset( $field['value_type'] ) ? $field['value_type'] : "multiselect" );
132	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
133	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
134	$class = ( 'horizontal' === self::get_property( 'layout', $field, '' ) ) ? 'forminator-checkbox forminator-checkbox-inline' : 'forminator-checkbox';
135	$design = $this->get_form_style( $settings );
136	$calc_enabled = self::get_property( 'calculations', $field, false, 'bool' );

147
148	foreach ( $options as $option ) {
149
150	+ $value = $option['value'] ? esc_html( $option['value'] ) : esc_html( $option['label'] );
151	$input_id = $id . '-' . $i . '-' . $uniq_id;
152	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
153	$calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;

188
189	$html .= '<span aria-hidden="true"></span>';
190
191	+ $html .= sprintf( '<span>%s</span>', esc_html( $option['label'] ) );
192
193	$html .= '</label>';
194

library/fields/name.php CHANGED Viewed

	@@ -141,8 +141,8 @@ class Forminator_Name extends Forminator_Field {
141	$id = 'forminator-field-' . $id;
142	$required = self::get_property( 'required', $field, false );
143	$ariareq = 'false';
144	- $label = self::get_property( 'field_label', $field, '' );
145	- $description = self::get_property( 'description', $field, '' );
146	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
147
148	if ( (bool) $required ) {
	@@ -246,8 +246,8 @@ class Forminator_Name extends Forminator_Field {
246	$selected = true;
247	}
248	$options[] = array(
249	- 'value' => $key,
250	- 'label' => $pfx,
251	'selected' => $selected
252	);
253	}
	@@ -258,10 +258,10 @@ class Forminator_Name extends Forminator_Field {
258
259	$html .= self::create_select(
260	$prefix_data,
261	- self::get_property( 'prefix_label', $field ),
262	$options,
263	- self::get_property( 'prefix_placeholder', $field ),
264	- self::get_property( 'prefix_description', $field ),
265	$prefix_required
266	);
267
	@@ -294,8 +294,8 @@ class Forminator_Name extends Forminator_Field {
294
295	$html .= self::create_input(
296	$first_name,
297	- self::get_property( 'fname_label', $field ),
298	- self::get_property( 'fname_description', $field ),
299	$fname_required,
300	$design
301	);
	@@ -376,8 +376,8 @@ class Forminator_Name extends Forminator_Field {
376
377	$html .= self::create_input(
378	$middle_name,
379	- self::get_property( 'mname_label', $field ),
380	- self::get_property( 'mname_description', $field ),
381	$mname_required,
382	$design
383	);
	@@ -411,8 +411,8 @@ class Forminator_Name extends Forminator_Field {
411
412	$html .= self::create_input(
413	$last_name,
414	- self::get_property( 'lname_label', $field ),
415	- self::get_property( 'lname_description', $field ),
416	$lname_required,
417	$design
418	);


141	$id = 'forminator-field-' . $id;
142	$required = self::get_property( 'required', $field, false );
143	$ariareq = 'false';
144	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
145	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
146	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
147
148	if ( (bool) $required ) {

246	$selected = true;
247	}
248	$options[] = array(
249	+ 'value' => esc_html( $key ),
250	+ 'label' => esc_html( $pfx ),
251	'selected' => $selected
252	);
253	}

258
259	$html .= self::create_select(
260	$prefix_data,
261	+ esc_html( self::get_property( 'prefix_label', $field ) ),
262	$options,
263	+ esc_html( self::get_property( 'prefix_placeholder', $field ) ),
264	+ esc_html( self::get_property( 'prefix_description', $field ) ),
265	$prefix_required
266	);
267

294
295	$html .= self::create_input(
296	$first_name,
297	+ esc_html( self::get_property( 'fname_label', $field ) ),
298	+ esc_html( self::get_property( 'fname_description', $field ) ),
299	$fname_required,
300	$design
301	);

376
377	$html .= self::create_input(
378	$middle_name,
379	+ esc_html( self::get_property( 'mname_label', $field ) ),
380	+ esc_html( self::get_property( 'mname_description', $field ) ),
381	$mname_required,
382	$design
383	);

411
412	$html .= self::create_input(
413	$last_name,
414	+ esc_html( self::get_property( 'lname_label', $field ) ),
415	+ esc_html( self::get_property( 'lname_description', $field ) ),
416	$lname_required,
417	$design
418	);

library/fields/number.php CHANGED Viewed

	@@ -132,12 +132,12 @@ class Forminator_Number extends Forminator_Field {
132	$required = self::get_property( 'required', $field, false );
133	$ariareq = 'false';
134	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
135	- $value = self::get_post_data( $name, self::get_property( 'default_value', $field ) );
136	- $label = self::get_property( 'field_label', $field, '' );
137	- $description = self::get_property( 'description', $field, '' );
138	$design = $this->get_form_style( $settings );
139	- $min = self::get_property( 'limit_min', $field, false );
140	- $max = self::get_property( 'limit_max', $field, false );
141
142	if ( (bool) $required ) {
143	$ariareq = 'true';


132	$required = self::get_property( 'required', $field, false );
133	$ariareq = 'false';
134	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
135	+ $value = esc_html( self::get_post_data( $name, self::get_property( 'default_value', $field ) ) );
136	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
137	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
138	$design = $this->get_form_style( $settings );
139	+ $min = esc_html( self::get_property( 'limit_min', $field, false ) );
140	+ $max = esc_html( self::get_property( 'limit_max', $field, false ) );
141
142	if ( (bool) $required ) {
143	$ariareq = 'true';

library/fields/paypal.php CHANGED Viewed

	@@ -106,12 +106,12 @@ class Forminator_PayPal extends Forminator_Field {
106	$amount = self::get_property( 'amount', $field, '0' );
107	$amount_variable = self::get_property( 'variable', $field, '' );
108	$logo = self::get_property( 'logo', $field, '' );
109	- $company_name = self::get_property( 'company_name', $field, '' );
110	- $product_description = self::get_property( 'product_description', $field, '' );
111	$customer_email = self::get_property( 'customer_email', $field, '' );
112	- $checkout_label = self::get_property( 'checkout_label', $field, '' );
113	- $collect_address = self::get_property( 'collect_address', $field, 'none', 'string' );
114	- $verify_zip = self::get_property( 'verify_zip', $field, false, 'bool' );
115	$language = self::get_property( 'language', $field, 'en' );
116
117


106	$amount = self::get_property( 'amount', $field, '0' );
107	$amount_variable = self::get_property( 'variable', $field, '' );
108	$logo = self::get_property( 'logo', $field, '' );
109	+ $company_name = esc_html( self::get_property( 'company_name', $field, '' ) );
110	+ $product_description = esc_html( self::get_property( 'product_description', $field, '' ) );
111	$customer_email = self::get_property( 'customer_email', $field, '' );
112	+ $checkout_label = esc_html( self::get_property( 'checkout_label', $field, '' ) );
113	+ $collect_address = esc_html( self::get_property( 'collect_address', $field, 'none', 'string' ) );
114	+ $verify_zip = esc_html( self::get_property( 'verify_zip', $field, false, 'bool' ) );
115	$language = self::get_property( 'language', $field, 'en' );
116
117

library/fields/phone.php CHANGED Viewed

	@@ -167,12 +167,12 @@ class Forminator_Phone extends Forminator_Field {
167	$ariareq = 'false';
168	$design = $this->get_form_style( $settings );
169	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
170	- $value = self::get_property( 'value', $field );
171	- $phone_format = self::get_property( 'phone_validation_type', $field );
172	$country = self::get_property( 'phone_national_country', $field, false );
173	- $limit = self::get_property( 'limit', $field, 10 );
174	- $label = self::get_property( 'field_label', $field, '' );
175	- $description = self::get_property( 'description', $field, '' );
176	$format_check = self::get_property( 'validation', $field, self::FIELD_PROPERTY_VALUE_NOT_EXIST );
177
178	if ( (bool) $required ) {
	@@ -260,17 +260,19 @@ class Forminator_Phone extends Forminator_Field {
260	* @return string
261	*/
262	public function get_validation_rules() {
263	- $field = $this->field;
264	- $id = self::get_property( 'element_id', $field );
265	$phone_format = self::get_property( 'phone_validation_type', $field );
266	- $limit = self::get_property( 'limit', $field, 10 );
267	$format_check = self::get_property( 'validation', $field, self::FIELD_PROPERTY_VALUE_NOT_EXIST );

268	if ( self::FIELD_PROPERTY_VALUE_NOT_EXIST === $format_check ) {
269	// read old attribute
270	$format_check = self::get_property( 'phone_validation', $field, false, 'bool' );
271	} else {
272	$format_check = forminator_var_type_cast( $format_check, 'bool' );
273	}

274	$rules = '"' . $this->get_id( $field ) . '": {';
275
276	if ( $this->is_required( $field ) ) {
	@@ -305,12 +307,14 @@ class Forminator_Phone extends Forminator_Field {
305	public function get_validation_messages() {
306	$field = $this->field;
307	$format_check = self::get_property( 'validation', $field, self::FIELD_PROPERTY_VALUE_NOT_EXIST );

308	if ( self::FIELD_PROPERTY_VALUE_NOT_EXIST === $format_check ) {
309	// read old attribute
310	$format_check = self::get_property( 'phone_validation', $field, false, 'bool' );
311	} else {
312	$format_check = forminator_var_type_cast( $format_check, 'bool' );
313	}

314	$validation_message = self::get_property( 'validation_message', $field, '' );
315	$phone_format = self::get_property( 'phone_validation_type', $field );
316	$messages = '"' . $this->get_id( $field ) . '": {' . "\n";
	@@ -379,6 +383,7 @@ class Forminator_Phone extends Forminator_Field {
379	$phone_format,
380	$this
381	);

382	$messages .= '"phone": "' . forminator_addcslashes( $phone_message ) . '",' . "\n";
383
384	$messages .= '},' . "\n";


167	$ariareq = 'false';
168	$design = $this->get_form_style( $settings );
169	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
170	+ $value = esc_html( self::get_property( 'value', $field ) );
171	+ $phone_format = esc_html( self::get_property( 'phone_validation_type', $field ) );
172	$country = self::get_property( 'phone_national_country', $field, false );
173	+ $limit = esc_html( self::get_property( 'limit', $field, 10 ) );
174	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
175	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
176	$format_check = self::get_property( 'validation', $field, self::FIELD_PROPERTY_VALUE_NOT_EXIST );
177
178	if ( (bool) $required ) {

260	* @return string
261	*/
262	public function get_validation_rules() {
263	+ $field = $this->field;
264	+ $id = self::get_property( 'element_id', $field );
265	$phone_format = self::get_property( 'phone_validation_type', $field );
266	+ $limit = self::get_property( 'limit', $field, 10 );
267	$format_check = self::get_property( 'validation', $field, self::FIELD_PROPERTY_VALUE_NOT_EXIST );
268	+
269	if ( self::FIELD_PROPERTY_VALUE_NOT_EXIST === $format_check ) {
270	// read old attribute
271	$format_check = self::get_property( 'phone_validation', $field, false, 'bool' );
272	} else {
273	$format_check = forminator_var_type_cast( $format_check, 'bool' );
274	}
275	+
276	$rules = '"' . $this->get_id( $field ) . '": {';
277
278	if ( $this->is_required( $field ) ) {

307	public function get_validation_messages() {
308	$field = $this->field;
309	$format_check = self::get_property( 'validation', $field, self::FIELD_PROPERTY_VALUE_NOT_EXIST );
310	+
311	if ( self::FIELD_PROPERTY_VALUE_NOT_EXIST === $format_check ) {
312	// read old attribute
313	$format_check = self::get_property( 'phone_validation', $field, false, 'bool' );
314	} else {
315	$format_check = forminator_var_type_cast( $format_check, 'bool' );
316	}
317	+
318	$validation_message = self::get_property( 'validation_message', $field, '' );
319	$phone_format = self::get_property( 'phone_validation_type', $field );
320	$messages = '"' . $this->get_id( $field ) . '": {' . "\n";

383	$phone_format,
384	$this
385	);
386	+
387	$messages .= '"phone": "' . forminator_addcslashes( $phone_message ) . '",' . "\n";
388
389	$messages .= '},' . "\n";

library/fields/postdata.php CHANGED Viewed

	@@ -347,9 +347,9 @@ class Forminator_Postdata extends Forminator_Field {
347
348	if ( ! empty( $field_enabled ) ) {
349	$cols = 12;
350	- $placeholder = self::get_property( $field_name . '_placeholder', $field );
351	- $label = self::get_property( $field_name . '_label', $field );
352	- $description = self::get_property( $field_name . '_description', $field );
353	$field_markup = array(
354	'type' => $type,
355	'name' => $id . '-' . $input_suffix,
	@@ -407,7 +407,7 @@ class Forminator_Postdata extends Forminator_Field {
407	$description,
408	$required
409	);
410	- }else if ( 'multiselect' === $type ) {
411	if ( $label ) {
412	if ( $required ) {
413	$html .= sprintf(


347
348	if ( ! empty( $field_enabled ) ) {
349	$cols = 12;
350	+ $placeholder = esc_html( self::get_property( $field_name . '_placeholder', $field ) );
351	+ $label = esc_html( self::get_property( $field_name . '_label', $field ) );
352	+ $description = esc_html( self::get_property( $field_name . '_description', $field ) );
353	$field_markup = array(
354	'type' => $type,
355	'name' => $id . '-' . $input_suffix,

407	$description,
408	$required
409	);
410	+ } else if ( 'multiselect' === $type ) {
411	if ( $label ) {
412	if ( $required ) {
413	$html .= sprintf(

library/fields/radio.php CHANGED Viewed

	@@ -128,8 +128,8 @@ class Forminator_Radio extends Forminator_Field {
128	$options = self::get_property( 'options', $field, array() );
129	$value_type = isset( $field['value_type'] ) ? trim( $field['value_type'] ) : 'multiselect';
130	$post_value = self::get_post_data( $name, false );
131	- $description = self::get_property( 'description', $field, '' );
132	- $label = self::get_property( 'field_label', $field, '' );
133	$class = ( 'horizontal' === self::get_property( 'layout', $field, '' ) ) ? 'forminator-radio forminator-radio-inline' : 'forminator-radio';
134	$design = $this->get_form_style( $settings );
135	$calc_enabled = self::get_property( 'calculations', $field, false, 'bool' );
	@@ -153,7 +153,7 @@ class Forminator_Radio extends Forminator_Field {
153	foreach ( $options as $option ) {
154
155	$input_id = $id . '-' . $i . '-' . $uniq_id;
156	- $value = $option['value'] ? $option['value'] : $option['label'];
157	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
158	$selected = ( $value === $post_value \|\| $option_default ) ? 'checked="checked"' : '';
159	$calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;
	@@ -185,7 +185,7 @@ class Forminator_Radio extends Forminator_Field {
185
186	$html .= sprintf(
187	'<span>%s</span>',
188	- $option['label']
189	);
190
191	$html .= '</label>';


128	$options = self::get_property( 'options', $field, array() );
129	$value_type = isset( $field['value_type'] ) ? trim( $field['value_type'] ) : 'multiselect';
130	$post_value = self::get_post_data( $name, false );
131	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
132	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
133	$class = ( 'horizontal' === self::get_property( 'layout', $field, '' ) ) ? 'forminator-radio forminator-radio-inline' : 'forminator-radio';
134	$design = $this->get_form_style( $settings );
135	$calc_enabled = self::get_property( 'calculations', $field, false, 'bool' );

153	foreach ( $options as $option ) {
154
155	$input_id = $id . '-' . $i . '-' . $uniq_id;
156	+ $value = $option['value'] ? esc_html( $option['value'] ) : esc_html( $option['label'] );
157	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
158	$selected = ( $value === $post_value \|\| $option_default ) ? 'checked="checked"' : '';
159	$calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;

185
186	$html .= sprintf(
187	'<span>%s</span>',
188	+ esc_html( $option['label'] )
189	);
190
191	$html .= '</label>';

library/fields/section.php CHANGED Viewed

	@@ -104,8 +104,8 @@ class Forminator_Section extends Forminator_Field {
104	$name = $id;
105	$id = $id . '-field';
106	$required = self::get_property( 'required', $field, false );
107	- $title = self::get_property( 'section_title', $field );
108	- $subtitle = self::get_property( 'section_subtitle', $field );
109	$type = self::get_property( 'section_type', $field );
110	$border = self::get_property( 'section_border', $field, 'none' );
111	$border_width = self::get_property( 'cform-section-border-width', $field, 1 );


104	$name = $id;
105	$id = $id . '-field';
106	$required = self::get_property( 'required', $field, false );
107	+ $title = esc_html( self::get_property( 'section_title', $field ) );
108	+ $subtitle = esc_html( self::get_property( 'section_subtitle', $field ) );
109	$type = self::get_property( 'section_type', $field );
110	$border = self::get_property( 'section_border', $field, 'none' );
111	$border_width = self::get_property( 'cform-section-border-width', $field, 1 );

library/fields/select.php CHANGED Viewed

	@@ -119,23 +119,23 @@ class Forminator_Select extends Forminator_Field {
119
120	$this->field = $field;
121
122	- $i = 1;
123	- $html = '';
124	- $id = self::get_property( 'element_id', $field );
125	- $name = $id;
126	- $id = $id . '-field';
127	- $required = self::get_property( 'required', $field, false, 'bool' );
128	- $options = self::get_property( 'options', $field, array() );
129	- $post_value = self::get_post_data( $name, false );
130	- $uniq_id = uniqid();
131	- $description = self::get_property( 'description', $field, '' );
132	- $label = self::get_property( 'field_label', $field, '' );
133	- $design = $this->get_form_style( $settings );
134	- $field_type = self::get_property( 'value_type', $field, '' );
135	- $search_status = self::get_property( 'search_status', $field, '' );
136	- $is_limit = self::get_property( 'limit_status', $field, '' );
137	- $placeholder = self::get_property( 'placeholder', $field, '' );
138	- $calc_enabled = self::get_property( 'calculations', $field, false, 'bool' );
139
140	$html .= '<div class="forminator-field">';
141
	@@ -144,14 +144,14 @@ class Forminator_Select extends Forminator_Field {
144	$html .= sprintf(
145	'<label for="%s" class="forminator-label">%s %s</label>',
146	$id . '-field',
147	- $label,
148	forminator_get_required_icon()
149	);
150	} else {
151	$html .= sprintf(
152	'<label for="%s" class="forminator-label">%s</label>',
153	$id . '-field',
154	- $label
155	);
156	}
157	}
	@@ -165,8 +165,8 @@ class Forminator_Select extends Forminator_Field {
165
166	foreach ( $options as $option ) {
167
168	- $value = $option['value'] ? $option['value'] : $option['label'];
169	- $limit = ( isset( $option['limit'] ) && $option['limit'] ) ? $option['limit'] : '';
170	$input_id = $id . '-' . $i . '-' . $uniq_id;
171	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
172	$calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;
	@@ -221,7 +221,7 @@ class Forminator_Select extends Forminator_Field {
221	$selected
222	);
223
224	- $html .= $option['label'];
225
226	$html .= '</label>';
227
	@@ -240,10 +240,10 @@ class Forminator_Select extends Forminator_Field {
240	}
241
242	foreach ( $options as $key => $option ) {
243	- $value = $option['value'] ? $option['value'] : '';
244	- $limit = ( isset( $option['limit'] ) && $option['limit'] ) ? $option['limit'] : '';
245	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
246	- $calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;
247
248	// Check if Pre-fill parameter used
249	if( $this->has_prefill( $field ) ) {
	@@ -279,14 +279,14 @@ class Forminator_Select extends Forminator_Field {
279
280	$options_markup .= sprintf(
281	'<option value="%s" %s data-calculation="%s">%s</option>',
282	- $value,
283	$selected,
284	- $calculation_value,
285	- $option['label']
286	);
287	}
288
289	- $html .= sprintf( '<select class="forminator-select--field %s" id="%s" data-required="%s" name="%s" data-default-value="%s" data-placeholder="%s">', $select_class, $id, $required, $name, $default, $placeholder );
290
291	$html .= $options_markup;
292


119
120	$this->field = $field;
121
122	+ $i = 1;
123	+ $html = '';
124	+ $id = self::get_property( 'element_id', $field );
125	+ $name = $id;
126	+ $id = $id . '-field';
127	+ $required = self::get_property( 'required', $field, false, 'bool' );
128	+ $options = self::get_property( 'options', $field, array() );
129	+ $post_value = self::get_post_data( $name, false );
130	+ $uniq_id = uniqid();
131	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
132	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
133	+ $design = $this->get_form_style( $settings );
134	+ $field_type = self::get_property( 'value_type', $field, '' );
135	+ $search_status = self::get_property( 'search_status', $field, '' );
136	+ $is_limit = self::get_property( 'limit_status', $field, '' );
137	+ $placeholder = esc_html( self::get_property( 'placeholder', $field, '' ) );
138	+ $calc_enabled = self::get_property( 'calculations', $field, false, 'bool' );
139
140	$html .= '<div class="forminator-field">';
141

144	$html .= sprintf(
145	'<label for="%s" class="forminator-label">%s %s</label>',
146	$id . '-field',
147	+ esc_html( $label ),
148	forminator_get_required_icon()
149	);
150	} else {
151	$html .= sprintf(
152	'<label for="%s" class="forminator-label">%s</label>',
153	$id . '-field',
154	+ esc_html( $label )
155	);
156	}
157	}

165
166	foreach ( $options as $option ) {
167
168	+ $value = $option['value'] ? esc_html( strip_tags( $option['value'] ) ) : esc_html( strip_tags( $option['label'] ) );
169	+ $limit = ( isset( $option['limit'] ) && $option['limit'] ) ? esc_html( $option['limit'] ) : '';
170	$input_id = $id . '-' . $i . '-' . $uniq_id;
171	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
172	$calculation_value = $calc_enabled && isset( $option['calculation'] ) ? $option['calculation'] : 0.0;

221	$selected
222	);
223
224	+ $html .= esc_html( strip_tags( $option['label'] ) );
225
226	$html .= '</label>';
227

240	}
241
242	foreach ( $options as $key => $option ) {
243	+ $value = $option['value'] ? esc_html( strip_tags( $option['value'] ) ) : '';
244	+ $limit = ( isset( $option['limit'] ) && $option['limit'] ) ? esc_html( $option['limit'] ) : '';
245	$option_default = isset( $option['default'] ) ? filter_var( $option['default'], FILTER_VALIDATE_BOOLEAN ) : false;
246	+ $calculation_value = $calc_enabled && isset( $option['calculation'] ) ? esc_html( $option['calculation'] ) : 0.0;
247
248	// Check if Pre-fill parameter used
249	if( $this->has_prefill( $field ) ) {

279
280	$options_markup .= sprintf(
281	'<option value="%s" %s data-calculation="%s">%s</option>',
282	+ esc_html( $value ),
283	$selected,
284	+ esc_html( $calculation_value ),
285	+ esc_html( strip_tags( $option['label'] ) )
286	);
287	}
288
289	+ $html .= sprintf( '<select class="forminator-select--field %s" id="%s" data-required="%s" name="%s" data-default-value="%s" data-placeholder="%s">', $select_class, $id, $required, $name, $default, esc_html( $placeholder ) );
290
291	$html .= $options_markup;
292

library/fields/stripe.php CHANGED Viewed

	@@ -129,8 +129,8 @@ class Forminator_Stripe extends Forminator_Field {
129	$this->form_settings = $settings;
130
131	$id = self::get_property( 'element_id', $field );
132	- $description = self::get_property( 'description', $field, '' );
133	- $label = self::get_property( 'field_label', $field, '' );
134	$element_name = $id;
135	$field_id = $id . '-field';
136	$mode = self::get_property( 'mode', $field, 'test' );
	@@ -270,8 +270,8 @@ class Forminator_Stripe extends Forminator_Field {
270	$currency = self::get_property( 'currency', $field, $this->get_default_currency() );
271	$mode = self::get_property( 'mode', $field, 'test' );
272	$metadata = self::get_property( 'options', $field, array() );
273	- $description = self::get_property( 'product_description', $field, '' );
274	- $company = self::get_property( 'company_name', $field, '' );
275
276	if ( mb_strlen( $company ) > 22 ) {
277	$company = mb_substr( $company, 0, 19 ) . '...';


129	$this->form_settings = $settings;
130
131	$id = self::get_property( 'element_id', $field );
132	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
133	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
134	$element_name = $id;
135	$field_id = $id . '-field';
136	$mode = self::get_property( 'mode', $field, 'test' );

270	$currency = self::get_property( 'currency', $field, $this->get_default_currency() );
271	$mode = self::get_property( 'mode', $field, 'test' );
272	$metadata = self::get_property( 'options', $field, array() );
273	+ $description = esc_html( self::get_property( 'product_description', $field, '' ) );
274	+ $company = esc_html( self::get_property( 'company_name', $field, '' ) );
275
276	if ( mb_strlen( $company ) > 22 ) {
277	$company = mb_substr( $company, 0, 19 ) . '...';

library/fields/text.php CHANGED Viewed

	@@ -126,12 +126,12 @@ class Forminator_Text extends Forminator_Field {
126	$id = 'forminator-field-' . $id;
127	$required = self::get_property( 'required', $field, false );
128	$ariareq = 'false';
129	- $default = self::get_property( 'default', $field, false );
130	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
131	$field_type = trim( self::get_property( 'input_type', $field ) );
132	$design = $this->get_form_style( $settings );
133	- $label = self::get_property( 'field_label', $field, '' );
134	- $description = self::get_property( 'description', $field, '' );
135	$limit = self::get_property( 'limit', $field, 0, 'num' );
136	$limit_type = self::get_property( 'limit_type', $field, '', 'str' );
137


126	$id = 'forminator-field-' . $id;
127	$required = self::get_property( 'required', $field, false );
128	$ariareq = 'false';
129	+ $default = esc_html( self::get_property( 'default', $field, false ) );
130	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
131	$field_type = trim( self::get_property( 'input_type', $field ) );
132	$design = $this->get_form_style( $settings );
133	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
134	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
135	$limit = self::get_property( 'limit', $field, 0, 'num' );
136	$limit_type = self::get_property( 'limit_type', $field, '', 'str' );
137

library/fields/textarea.php CHANGED Viewed

	@@ -125,11 +125,11 @@ class Forminator_Textarea extends Forminator_Field {
125	$ariaid = $id;
126	$id = 'forminator-field-' . $id;
127	$required = self::get_property( 'required', $field, false, 'bool' );
128	- $default = self::get_property( 'default', $field, false );
129	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
130	$design = $this->get_form_style( $settings );
131	- $label = self::get_property( 'field_label', $field, '' );
132	- $description = self::get_property( 'description', $field, '' );
133	$limit = self::get_property( 'limit', $field, 0, 'num' );
134	$limit_type = self::get_property( 'limit_type', $field, '', 'str' );
135	$editor_type = self::get_property( 'editor-type', $field, false, 'bool' );


125	$ariaid = $id;
126	$id = 'forminator-field-' . $id;
127	$required = self::get_property( 'required', $field, false, 'bool' );
128	+ $default = esc_html( self::get_property( 'default', $field, false ) );
129	$placeholder = $this->sanitize_value( self::get_property( 'placeholder', $field ) );
130	$design = $this->get_form_style( $settings );
131	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
132	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
133	$limit = self::get_property( 'limit', $field, 0, 'num' );
134	$limit_type = self::get_property( 'limit_type', $field, '', 'str' );
135	$editor_type = self::get_property( 'editor-type', $field, false, 'bool' );

library/fields/time.php CHANGED Viewed

	@@ -126,9 +126,9 @@ class Forminator_Time extends Forminator_Field {
126	// backward compatibilty when time doesnt have field_type
127	$field_type = trim( self::get_property( 'field_type', $field, 'input' ) );
128	$type = trim( self::get_property( 'time_type', $field ) );
129	- $field_label = self::get_property( 'field_label', $field );
130	- $description = self::get_property( 'description', $field, '' );
131	- $default_time = self::get_property( 'default_time', $field, '' );
132	$increment_hour = self::get_property( 'increment_hour', $field, 0 );
133	$increment_minute = self::get_property( 'increment_minute', $field, 0 );
134


126	// backward compatibilty when time doesnt have field_type
127	$field_type = trim( self::get_property( 'field_type', $field, 'input' ) );
128	$type = trim( self::get_property( 'time_type', $field ) );
129	+ $field_label = esc_html( self::get_property( 'field_label', $field ) );
130	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
131	+ $default_time = esc_html( self::get_property( 'default_time', $field, '' ) );
132	$increment_hour = self::get_property( 'increment_hour', $field, 0 );
133	$increment_minute = self::get_property( 'increment_minute', $field, 0 );
134

library/fields/upload.php CHANGED Viewed

	@@ -106,8 +106,8 @@ class Forminator_Upload extends Forminator_Field {
106	$name = $id;
107	$required = self::get_property( 'required', $field, false );
108	$design = $this->get_form_style( $settings );
109	- $label = self::get_property( 'field_label', $field, '' );
110	- $description = self::get_property( 'description', $field, '' );
111
112	$html .= '<div class="forminator-field">';
113


106	$name = $id;
107	$required = self::get_property( 'required', $field, false );
108	$design = $this->get_form_style( $settings );
109	+ $label = esc_html( self::get_property( 'field_label', $field, '' ) );
110	+ $description = esc_html( self::get_property( 'description', $field, '' ) );
111
112	$html .= '<div class="forminator-field">';
113

library/fields/website.php CHANGED Viewed

	@@ -117,9 +117,9 @@ class Forminator_Website extends Forminator_Field {
117	$required = $this->get_property( 'required', $field, false );
118	$ariareq = 'false';
119	$placeholder = $this->sanitize_value( $this->get_property( 'placeholder', $field ) );
120	- $value = self::get_post_data( $name, $this->get_property( 'default', $field ) );
121	- $label = $this->get_property( 'field_label', $field, '' );
122	- $description = $this->get_property( 'description', $field, '' );
123	$design = $this->get_form_style( $settings );
124
125	if ( (bool) $required ) {
	@@ -214,7 +214,6 @@ class Forminator_Website extends Forminator_Field {
214	* @return string
215	*/
216	public function get_validation_messages() {
217	-
218	$field = $this->field;
219	$id = $this->get_id( $field );
220	$validation_enabled = self::get_property( 'validation', $field, false, 'bool' );


117	$required = $this->get_property( 'required', $field, false );
118	$ariareq = 'false';
119	$placeholder = $this->sanitize_value( $this->get_property( 'placeholder', $field ) );
120	+ $value = esc_html( self::get_post_data( $name, $this->get_property( 'default', $field ) ) );
121	+ $label = esc_html( $this->get_property( 'field_label', $field, '' ) );
122	+ $description = esc_html( $this->get_property( 'description', $field, '' ) );
123	$design = $this->get_form_style( $settings );
124
125	if ( (bool) $required ) {

214	* @return string
215	*/
216	public function get_validation_messages() {

217	$field = $this->field;
218	$id = $this->get_id( $field );
219	$validation_enabled = self::get_property( 'validation', $field, false, 'bool' );

library/modules/custom-forms/front/front-render.php CHANGED Viewed

	@@ -1590,7 +1590,7 @@ class Forminator_CForm_Front extends Forminator_Render_Form {
1590	$class = '';
1591
1592	if ( isset( $field['custom-class'] ) && ! empty( $field['custom-class'] ) ) {
1593	- $class .= ' ' . $field['custom-class'];
1594	}
1595
1596	return $class;


1590	$class = '';
1591
1592	if ( isset( $field['custom-class'] ) && ! empty( $field['custom-class'] ) ) {
1593	+ $class .= ' ' . esc_html( $field['custom-class'] );
1594	}
1595
1596	return $class;

readme.txt CHANGED Viewed

	@@ -1,13 +1,13 @@
1	=== Forminator Payment, Quiz and Contact Form Plugin ===
2	Plugin Name: Forminator Payment, Quiz and Contact Form Plugin
3	- Version: 1.11.2
4	Author: WPMU DEV
5	Author URI: https://premium.wpmudev.org/
6	Contributors: WPMUDEV
7	Tags: form, contact form, wordpress form plugin, quiz, email, paypal form wordpress, custom forms, form builder, online form, form maker, payment form
8	Requires at least: 4.6
9	Tested up to: 5.3
10	- Stable tag: 1.11.2
11	Requires PHP: 5.2.4
12	License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
13
	@@ -167,6 +167,10 @@ We've put together a simple guide to Forminator contact forms on our blog. https
167
168	== Changelog ==
169




170	= 1.11.2 =
171
172	* Fix: Stripe field not rendering properly when Material design style is used on custom forms.


1	=== Forminator Payment, Quiz and Contact Form Plugin ===
2	Plugin Name: Forminator Payment, Quiz and Contact Form Plugin
3	+ Version: 1.11.3
4	Author: WPMU DEV
5	Author URI: https://premium.wpmudev.org/
6	Contributors: WPMUDEV
7	Tags: form, contact form, wordpress form plugin, quiz, email, paypal form wordpress, custom forms, form builder, online form, form maker, payment form
8	Requires at least: 4.6
9	Tested up to: 5.3
10	+ Stable tag: 1.11.3
11	Requires PHP: 5.2.4
12	License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
13

167
168	== Changelog ==
169
170	+ = 1.11.3 =
171	+
172	+ * Security Fix: Patch authenticated stored XSS
173	+
174	= 1.11.2 =
175
176	* Fix: Stripe field not rendering properly when Material design style is used on custom forms.

Forminator Payment, Quiz and Contact Form Plugin - Version 1.11.3

Version Description

Release Info

Code changes from version 1.11.2 to 1.11.3