WordPress Landing Pages - Version 2.2.7

Version Description

[security fix] Adding additional sanitation requirements.

Release Info

Developer	adbox
Plugin	WordPress Landing Pages
Version	2.2.7
Comparing to
See all releases

Code changes from version 2.2.6 to 2.2.7

Files changed (22) hide show

assets/images/image.php +43 -33
classes/class.acf-integration.php +2 -2
classes/class.cloning.php +1 -1
classes/class.landing-pages.php +4 -4
classes/class.metaboxes.php +6 -6
classes/class.settings.php +28 -19
classes/class.variations.php +5 -5
landing-pages.php +2 -2
readme.txt +5 -2
shared/classes/class.form.php +3 -3
shared/classes/class.inbound-api.api-key-generation.php +1 -1
shared/classes/class.inbound-customizer.php +4 -4
shared/classes/class.lead-storage.php +0 -2
shared/classes/class.licensing.php +32 -14
shared/classes/class.master-license.php +2 -1
shared/classes/class.menus.adminbar.php +17 -1
shared/classes/class.promote.php +1 -1
shared/classes/class.template-utils.php +3 -3
shared/functions/legacy.php +3 -3
shared/shortcodes/inbound-shortcodes.php +1 -1
shared/shortcodes/popup.php +1 -3
shared/shortcodes/shortcodes/forms.php +1 -1

assets/images/image.php CHANGED Viewed

@@ -4,60 +4,70 @@
             // Dynamically Create a clear png for css background opacities
             header("Content-type: image/png");
-            -
            $hex_value = $_GET['hex'];
             if (isset($_GET['trans'])) {
-            -
                $trans_value = $_GET['trans'];
-            -
            }
-            -
            else {
                 $trans_value = 50;
+            }
             if (!function_exists('_inbound_HexToRGB')) {
                 // Convert Hex to RGB Value
                 function _inbound_HexToRGB($hex) {
-            -
                        $hex = preg_replace("/#/", "", $hex);
-            -
                        $color = array();
-            -
-            -
                        if(strlen($hex) == 3) {
-            -
                            $color['r'] = hexdec(substr($hex, 0, 1) . $r);
-            -
                            $color['g'] = hexdec(substr($hex, 1, 1) . $g);
-            -
                            $color['b'] = hexdec(substr($hex, 2, 1) . $b);
-            -
                        }
-            -
                        else if(strlen($hex) == 6) {
-            -
                            $color['r'] = hexdec(substr($hex, 0, 2));
-            -
                            $color['g'] = hexdec(substr($hex, 2, 2));
-            -
                            $color['b'] = hexdec(substr($hex, 4, 2));
-            -
                        }
-            -
                        return $color;
+                }
+            }
             $RBG_array = _inbound_HexToRGB($hex_value);
-            -
            if(isset($RBG_array)) {
-            -
            $red = (isset($RBG_array['r'])) ? $RBG_array['r'] : '0';
-            -
            $green = (isset($RBG_array['g'])) ? $RBG_array['g'] : '0';
-            -
            $blue = (isset($RBG_array['b'])) ? $RBG_array['b'] : '0';
-            -
            // Set the image
-            -
            $img = imagecreatetruecolor(10,10); // 10 x 10 px
-            -
            imagesavealpha($img, true);
-            -
            // Fill the image with transparent color
-            -
            $color = imagecolorallocatealpha($img,$red,$green,$blue,$trans_value);
-            -
            imagefill($img, 0, 0, $color);
-            -
            // Return the image
-            -
            imagepng($img);
-            -
            // Destroy image
-            -
            imagedestroy($img);
+            }
             // usage in html: <image src="path-to-file/image.php?hex=HEXCOLOR">
             // Make sure to add in the HEX GET Parameters with ?hex= and ?trans= for transparency
             // example: <image src="path-to-file/image.php?hex=ffffff"> will call white transparent png
-            -
            ?>


4	// Dynamically Create a clear png for css background opacities
5	header("Content-type: image/png");
6
7	+ $hex_value = inbound_sanitize_this($_GET['hex']);
8
9	if (isset($_GET['trans'])) {
10	+ $trans_value = intval($_GET['trans']);
11	+ } else {

12	$trans_value = 50;
13	}
14
15	if (!function_exists('_inbound_HexToRGB')) {
16	// Convert Hex to RGB Value
17	function _inbound_HexToRGB($hex) {
18	+ $hex = preg_replace("/#/", "", $hex);
19	+ $color = array();











20
21	+ if (strlen($hex) == 3) {
22	+ $color['r'] = hexdec(substr($hex, 0, 1) . $r);
23	+ $color['g'] = hexdec(substr($hex, 1, 1) . $g);
24	+ $color['b'] = hexdec(substr($hex, 2, 1) . $b);
25	+ } else if (strlen($hex) == 6) {
26	+ $color['r'] = hexdec(substr($hex, 0, 2));
27	+ $color['g'] = hexdec(substr($hex, 2, 2));
28	+ $color['b'] = hexdec(substr($hex, 4, 2));
29	+ }
30	+
31	+ return $color;
32
33	}
34	}
35
36	$RBG_array = _inbound_HexToRGB($hex_value);
37
38	+ if (isset($RBG_array)) {
39	+ $red = (isset($RBG_array['r'])) ? $RBG_array['r'] : '0';
40	+ $green = (isset($RBG_array['g'])) ? $RBG_array['g'] : '0';
41	+ $blue = (isset($RBG_array['b'])) ? $RBG_array['b'] : '0';
42	+
43	+ // Set the image
44	+ $img = imagecreatetruecolor(10, 10); // 10 x 10 px
45	+ imagesavealpha($img, true);
46
47	+ // Fill the image with transparent color
48	+ $color = imagecolorallocatealpha($img, $red, $green, $blue, $trans_value);
49	+ imagefill($img, 0, 0, $color);
50
51	+ // Return the image
52	+ imagepng($img);

53
54	+ // Destroy image
55	+ imagedestroy($img);
56
57	+ }
58	+
59	+ if (!function_exists('inbound_sanitize_this')) {
60	+ function inbound_sanitize_this($color) {
61	+ if ( '' === $color ) {
62	+ return '';
63	+ }
64
65	+ // 3 or 6 hex digits, or the empty string.
66	+ if ( preg_match('\|^#([A-Fa-f0-9]{3}){1,2}$\|', $color ) ) {
67	+ return $color;
68	+ }
69	+ }
70	}
71	// usage in html: <image src="path-to-file/image.php?hex=HEXCOLOR">
72	// Make sure to add in the HEX GET Parameters with ?hex= and ?trans= for transparency
73	// example: <image src="path-to-file/image.php?hex=ffffff"> will call white transparent png

classes/class.acf-integration.php CHANGED Viewed

	@@ -127,7 +127,7 @@ if (!class_exists('Landing_Pages_ACF')) {
127	if ( $fields ) {
128
129	$settings = Landing_Pages_Meta::get_settings( $landing_page_id );
130	- $variation_id = (isset($_REQUEST['lp-variation-id'])) ? $_REQUEST['lp-variation-id'] : '0';
131
132	if (!isset($settings['variations'])) {
133	$settings['variations'] = array();
	@@ -629,7 +629,7 @@ if (!class_exists('Landing_Pages_ACF')) {
629	if ( ! isset( $_POST['tab_index'] ) \|\| ! is_numeric( $_POST['tab_index'] ) ) {
630	return;
631	}
632	- $tab_index = $_POST['tab_index'];
633	$post_id = $_POST['post_id'];
634	$transient_value = array(
635	'tab_index' => $tab_index,


127	if ( $fields ) {
128
129	$settings = Landing_Pages_Meta::get_settings( $landing_page_id );
130	+ $variation_id = (isset($_REQUEST['lp-variation-id'])) ? intval($_REQUEST['lp-variation-id']) : '0';
131
132	if (!isset($settings['variations'])) {
133	$settings['variations'] = array();

629	if ( ! isset( $_POST['tab_index'] ) \|\| ! is_numeric( $_POST['tab_index'] ) ) {
630	return;
631	}
632	+ $tab_index = sanitize_text_field($_POST['tab_index']);
633	$post_id = $_POST['post_id'];
634	$transient_value = array(
635	'tab_index' => $tab_index,

classes/class.cloning.php CHANGED Viewed

	@@ -64,7 +64,7 @@ class Landing_Pages_Cloning {
64	public static function clone_landing_page($status = 'pending') {
65
66	/* Get the original post */
67	- $id = (isset($_GET['post']) ? $_GET['post'] : $_POST['post']);
68	$post = get_post($id);
69
70	/* Copy the post and insert it */


64	public static function clone_landing_page($status = 'pending') {
65
66	/* Get the original post */
67	+ $id = (isset($_GET['post']) ? intval($_GET['post']) : intval($_POST['post']) );
68	$post = get_post($id);
69
70	/* Copy the post and insert it */

classes/class.landing-pages.php CHANGED Viewed

	@@ -426,9 +426,9 @@ function lp_content_area($post = null, $content = null, $return = false) {
426	}
427
428	if (!isset($post) && isset($_REQUEST['post'])) {
429	- $post = get_post($_REQUEST['post']);
430	} else if (!isset($post) && isset($_REQUEST['lp_id'])) {
431	- $post = get_post($_REQUEST['lp_id']);
432	}
433
434
	@@ -649,8 +649,8 @@ function lp_ab_testing_get_current_variation_id() {
649	}
650	/echo $_REQUEST['lp-variation-id']; /
651	if (isset($_REQUEST['lp-variation-id'])) {
652	- $_SESSION['lp_ab_test_open_variation'] = $_REQUEST['lp-variation-id'];
653	- $current_variation_id = $_REQUEST['lp-variation-id'];
654	/echo "setting session $current_variation_id"; /
655	}
656


426	}
427
428	if (!isset($post) && isset($_REQUEST['post'])) {
429	+ $post = get_post(intval($_REQUEST['post']));
430	} else if (!isset($post) && isset($_REQUEST['lp_id'])) {
431	+ $post = get_post(intval($_REQUEST['lp_id']));
432	}
433
434

649	}
650	/echo $_REQUEST['lp-variation-id']; /
651	if (isset($_REQUEST['lp-variation-id'])) {
652	+ $_SESSION['lp_ab_test_open_variation'] = intval($_REQUEST['lp-variation-id']);
653	+ $current_variation_id = intval($_REQUEST['lp-variation-id']);
654	/echo "setting session $current_variation_id"; /
655	}
656

classes/class.metaboxes.php CHANGED Viewed

	@@ -218,18 +218,18 @@ class Landing_Pages_Metaboxes {
218
219	/check for delete command /
220	if (isset($_GET['ab-action']) && $_GET['ab-action'] == 'delete-variation') {
221	- Landing_Pages_Variations::delete_variation( $post->ID , $_REQUEST['action-variation-id'] );
222	}
223
224	/check for pause command /
225	if (isset($_GET['ab-action']) && $_GET['ab-action'] == 'pause-variation') {
226	- Landing_Pages_Variations::pause_variation( $post->ID , $_REQUEST['action-variation-id'] );
227
228	}
229
230	/check for pause command /
231	if (isset($_GET['ab-action']) && $_GET['ab-action'] == 'play-variation') {
232	- Landing_Pages_Variations::play_variation( $post->ID , $_REQUEST['action-variation-id'] );
233	}
234
235	self::$is_new = (isset($_GET['new-variation'])) ? 1 : 0;
	@@ -1144,9 +1144,9 @@ href='?post=<?php echo $post->ID; ?>&action=edit&action-variation-id=<?php echo
1144	public static function ajax_get_template_metabox_html() {
1145	global $wpdb;
1146
1147	- $current_template = $_POST['selected_template'];
1148
1149	- $post_id = $_POST['post_id'];
1150	$post = get_post($post_id);
1151
1152	$args['args']['key'] = $current_template;
	@@ -1173,7 +1173,7 @@ href='?post=<?php echo $post->ID; ?>&action=edit&action-variation-id=<?php echo
1173	}
1174
1175	$variations = Landing_Pages_Variations::get_variations( $landing_page_id );
1176	- $variation_id = (isset($_REQUEST['lp-variation-id'])) ? $_REQUEST['lp-variation-id'] : '0';
1177	$_SESSION['lp_ab_test_open_variation'] = $variation_id;
1178	if (!in_array( $variation_id , $variations) ) {
1179	$variations[] = $variation_id;


218
219	/check for delete command /
220	if (isset($_GET['ab-action']) && $_GET['ab-action'] == 'delete-variation') {
221	+ Landing_Pages_Variations::delete_variation( $post->ID , intval($_REQUEST['action-variation-id']) );
222	}
223
224	/check for pause command /
225	if (isset($_GET['ab-action']) && $_GET['ab-action'] == 'pause-variation') {
226	+ Landing_Pages_Variations::pause_variation( $post->ID , intval($_REQUEST['action-variation-id']) );
227
228	}
229
230	/check for pause command /
231	if (isset($_GET['ab-action']) && $_GET['ab-action'] == 'play-variation') {
232	+ Landing_Pages_Variations::play_variation( $post->ID , intval($_REQUEST['action-variation-id']) );
233	}
234
235	self::$is_new = (isset($_GET['new-variation'])) ? 1 : 0;

1144	public static function ajax_get_template_metabox_html() {
1145	global $wpdb;
1146
1147	+ $current_template = sanitize_text_field($_POST['selected_template']);
1148
1149	+ $post_id = intval($_POST['post_id']);
1150	$post = get_post($post_id);
1151
1152	$args['args']['key'] = $current_template;

1173	}
1174
1175	$variations = Landing_Pages_Variations::get_variations( $landing_page_id );
1176	+ $variation_id = (isset($_REQUEST['lp-variation-id'])) ? intval($_REQUEST['lp-variation-id']) : '0';
1177	$_SESSION['lp_ab_test_open_variation'] = $variation_id;
1178	if (!in_array( $variation_id , $variations) ) {
1179	$variations[] = $variation_id;

classes/class.settings.php CHANGED Viewed

	@@ -77,27 +77,33 @@ class Landing_Pages_Settings {
77	);
78
79
80	- if (~~!defined('INBOUND_PRO_PATH')) {~~




81	/* Setup License Keys Tab */
82	- $lp_global_settings['lp-license-keys']['label'] = __( 'License Keys' , 'landing-pages');
83	- $lp_global_settings['lp-license-keys']['settings'][] = array(
84	- 'id' => 'extensions-license-keys-header',
85	- 'description' => __( "Head to http://www.inboundnow.com/ to retrieve your license key for this template." , 'landing-pages'),
86	- 'type' => 'header',
87	- 'default' => '<h3 class="lp_global_settings_header">'. __( 'Extension Licensing' , 'landing-pages') .'</h3>'
88	);
89	}
90
91	- /* ~~Setup~~ ~~Extensions~~ ~~Tab */~~
92	- ~~$lp_global_settings['lp-extensions']['label']~~ = ~~__( '~~Extensions' , ~~'landing-pages');~~
93	- $lp_global_settings['lp-extensions']['~~settings~~'] = ~~array~~(
94	- array(
95	- ~~'id' => 'lp-ext-header',~~
96	- '~~type~~' => 'header',
97	- '~~default~~' => '',
98	- '~~options~~' => ~~null~~
99	- )
100	- );


101
102	/* Setup Debug Tab */
103	$lp_global_settings['lp-debug']['label'] = __( 'Debug' , 'landing-pages');
	@@ -534,11 +540,14 @@ class Landing_Pages_Settings {
534	$wp_rewrite->flush_rules();
535	}
536	if ($field['type']=='inboundnow-license-key') {



537	/* error_log(print_r($field, true)); */
538	$slug = (isset($field['remote_download_slug'])) ? $field['remote_download_slug'] : $field['slug'];
539	$api_params = array(
540	'edd_action' => 'inbound_check_license',
541	- 'license' => $_POST['inboundnow_master_license_key'],
542	'item_name' => $slug
543	);
544	/* error_log(print_r($api_params, true)); */
	@@ -560,7 +569,7 @@ class Landing_Pages_Settings {
560	update_option('lp_license_status-' . $field['slug'], $license_data->license);
561	} else {
562	if (isset($_POST[$field['id']])) {
563	- update_option($field['id'], $_POST[$field['id']]);
564	}
565	}
566


77	);
78
79
80	+ if (
81	+ !defined('INBOUND_ACCESS_LEVEL')
82	+ \|\|
83	+ ( defined('INBOUND_ACCESS_LEVEL') && INBOUND_ACCESS_LEVEL < 1 )
84	+ ) {
85	/* Setup License Keys Tab */
86	+ $lp_global_settings['lp-license-keys']['label'] = __('License Keys', 'landing-pages');
87	+ $lp_global_settings['lp-license-keys']['settings'][] = array(
88	+ 'id' => 'extensions-license-keys-header',
89	+ 'description' => __("Head to http://www.inboundnow.com/ to retrieve your license key for this template.", 'landing-pages'),
90	+ 'type' => 'header',
91	+ 'default' => '<h3 class="lp_global_settings_header">' . __('Extension Licensing', 'landing-pages') . '</h3>'
92	);
93	}
94
95	+ if (!defined('INBOUND_ACCESS_LEVEL') ) {
96	+ /* Setup Extensions Tab */
97	+ $lp_global_settings['lp-extensions']['label'] = __( 'Extensions' , 'landing-pages');
98	+ $lp_global_settings['lp-extensions']['settings'] = array(
99	+ array(
100	+ 'id' => 'lp-ext-header',
101	+ 'type' => 'header',
102	+ 'default' => '',
103	+ 'options' => null
104	+ )
105	+ );
106	+ }
107
108	/* Setup Debug Tab */
109	$lp_global_settings['lp-debug']['label'] = __( 'Debug' , 'landing-pages');

540	$wp_rewrite->flush_rules();
541	}
542	if ($field['type']=='inboundnow-license-key') {
543	+ if (defined('INBOUND_ACCESS_LEVEL') ) {
544	+ return;
545	+ }
546	/* error_log(print_r($field, true)); */
547	$slug = (isset($field['remote_download_slug'])) ? $field['remote_download_slug'] : $field['slug'];
548	$api_params = array(
549	'edd_action' => 'inbound_check_license',
550	+ 'license' => sanitize_text_field($_POST['inboundnow_master_license_key']),
551	'item_name' => $slug
552	);
553	/* error_log(print_r($api_params, true)); */

569	update_option('lp_license_status-' . $field['slug'], $license_data->license);
570	} else {
571	if (isset($_POST[$field['id']])) {
572	+ update_option($field['id'], sanitize_text_field($_POST[$field['id']]));
573	}
574	}
575

classes/class.variations.php CHANGED Viewed

	@@ -374,8 +374,8 @@ if (!class_exists('Landing_Pages_Variations')) {
374	}
375
376	if (isset($_REQUEST['lp-variation-id'])) {
377	- $_SESSION['lp_ab_test_open_variation'] = $_REQUEST['lp-variation-id'];
378	- $current_variation_id = $_REQUEST['lp-variation-id'];
379	}
380
381	if (isset($_GET['message']) && $_GET['message'] == 1 && isset($_SESSION['lp_ab_test_open_variation'])) {
	@@ -431,7 +431,7 @@ if (!class_exists('Landing_Pages_Variations')) {
431
432	/* listen for clone variation */
433	if (isset($_REQUEST['new-variation']) && isset($_REQUEST['clone'])) {
434	- $variation_id = $_REQUEST['clone'];
435	}
436
437	return $variation_id;
	@@ -648,7 +648,7 @@ if (!class_exists('Landing_Pages_Variations')) {
648
649	/* listen for clone variation */
650	if (isset($_REQUEST['new-variation']) && isset($_REQUEST['clone'])) {
651	- $variation_id = $_REQUEST['clone'];
652	}
653
654	if ( $variation_id > 0 ) {
	@@ -767,7 +767,7 @@ if (!class_exists('Landing_Pages_Variations')) {
767	global $wpdb;
768
769	$landing_page_id = intval($_POST['page_id']);
770	- $vid = $_POST['variation'];
771
772	self::set_impressions_count( $landing_page_id , $vid , 0 );
773	self::set_conversions_count( $landing_page_id , $vid , 0 );


374	}
375
376	if (isset($_REQUEST['lp-variation-id'])) {
377	+ $_SESSION['lp_ab_test_open_variation'] = intval($_REQUEST['lp-variation-id']);
378	+ $current_variation_id = intval($_REQUEST['lp-variation-id']);
379	}
380
381	if (isset($_GET['message']) && $_GET['message'] == 1 && isset($_SESSION['lp_ab_test_open_variation'])) {

431
432	/* listen for clone variation */
433	if (isset($_REQUEST['new-variation']) && isset($_REQUEST['clone'])) {
434	+ $variation_id = intval($_REQUEST['clone']);
435	}
436
437	return $variation_id;

648
649	/* listen for clone variation */
650	if (isset($_REQUEST['new-variation']) && isset($_REQUEST['clone'])) {
651	+ $variation_id = intval($_REQUEST['clone']);
652	}
653
654	if ( $variation_id > 0 ) {

767	global $wpdb;
768
769	$landing_page_id = intval($_POST['page_id']);
770	+ $vid = intval($_POST['variation']);
771
772	self::set_impressions_count( $landing_page_id , $vid , 0 );
773	self::set_conversions_count( $landing_page_id , $vid , 0 );

landing-pages.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Landing Pages
4	Plugin URI: http://www.inboundnow.com/landing-pages/
5	Description: Landing page template framework with variant testing and lead capturing through cooperation with Inbound Now's Leads plugin. This is the stand alone version served through WordPress.org.
6	- Version: 2.2.6
7	Author: Inbound Now
8	Author URI: http://www.inboundnow.com/
9
	@@ -37,7 +37,7 @@ if (!class_exists('Inbound_Landing_Pages_Plugin')) {
37	*/
38	private static function load_constants() {
39
40	- define('LANDINGPAGES_CURRENT_VERSION', '2.2.6' );
41	define('LANDINGPAGES_URLPATH', plugins_url( '/' , __FILE__ ) );
42	define('LANDINGPAGES_PATH', WP_PLUGIN_DIR.'/'.plugin_basename( dirname(__FILE__) ).'/' );
43	define('LANDINGPAGES_PLUGIN_SLUG', plugin_basename( dirname(__FILE__) ) );


3	Plugin Name: Landing Pages
4	Plugin URI: http://www.inboundnow.com/landing-pages/
5	Description: Landing page template framework with variant testing and lead capturing through cooperation with Inbound Now's Leads plugin. This is the stand alone version served through WordPress.org.
6	+ Version: 2.2.7
7	Author: Inbound Now
8	Author URI: http://www.inboundnow.com/
9

37	*/
38	private static function load_constants() {
39
40	+ define('LANDINGPAGES_CURRENT_VERSION', '2.2.7' );
41	define('LANDINGPAGES_URLPATH', plugins_url( '/' , __FILE__ ) );
42	define('LANDINGPAGES_PATH', WP_PLUGIN_DIR.'/'.plugin_basename( dirname(__FILE__) ).'/' );
43	define('LANDINGPAGES_PLUGIN_SLUG', plugin_basename( dirname(__FILE__) ) );

readme.txt CHANGED Viewed

	@@ -7,7 +7,7 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
7	Tags: landing pages, inbound marketing, conversion pages, split testing, a b test, a b testing, a/b test, a/b testing, coming soon page, email list, landing page, list building, maintenance page, squeeze page, inbound now, landing-pages, splash pages, cpa, click tracking, goal tracking, analytics, free landing page templates
8	Requires at least: 3.8
9	Tested up to: 4.5.2
10	- Stable Tag: 2.2.6
11
12	Create landing pages for your WordPress site. Monitor and improve conversion rates, run A/B split tests, customize your own templates and more.
13
	@@ -70,8 +70,11 @@ The plugin is also fully extendable and has a number of actions, filters, and ho
70
71	== Changelog ==
72



73	= 2.2.6 =
74	- * Removing Dropcap, Half and Half, Tubelar, & Countdown Lander from the core.
75
76	= 2.2.4 =
77	* Adding custom capabilities to landing-page post type


7	Tags: landing pages, inbound marketing, conversion pages, split testing, a b test, a b testing, a/b test, a/b testing, coming soon page, email list, landing page, list building, maintenance page, squeeze page, inbound now, landing-pages, splash pages, cpa, click tracking, goal tracking, analytics, free landing page templates
8	Requires at least: 3.8
9	Tested up to: 4.5.2
10	+ Stable Tag: 2.2.7
11
12	Create landing pages for your WordPress site. Monitor and improve conversion rates, run A/B split tests, customize your own templates and more.
13

70
71	== Changelog ==
72
73	+ = 2.2.7 =
74	+ * [security fix] Adding additional sanitation requirements.
75	+
76	= 2.2.6 =
77	+ * Removing Dropcap, Half and Half, Tubelar, & Countdown Lander from the core.
78
79	= 2.2.4 =
80	* Adding custom capabilities to landing-page post type

shared/classes/class.form.php CHANGED Viewed

	@@ -49,7 +49,7 @@ if (!class_exists('Inbound_Forms')) {
49
50
51	if (!$id && isset($_GET['post'])) {
52	- $id = $_GET['post'];
53	}
54
55
	@@ -195,7 +195,7 @@ if (!class_exists('Inbound_Forms')) {
195	/* prepare dynamic values if exists */
196	$hidden_param = (isset($matches[3][$i]['dynamic'])) ? $matches[3][$i]['dynamic'] : '';
197	$fill_value = (isset($matches[3][$i]['default'])) ? $matches[3][$i]['default'] : '';
198	- $dynamic_value = (isset($_GET[$hidden_param])) ? $_GET[$hidden_param] : '';
199	$dynamic_value = (!$dynamic_value && isset($_COOKIE[$hidden_param])) ? $_COOKIE[$hidden_param] : $dynamic_value;
200
201	if ($type != 'honeypot') {
	@@ -411,7 +411,7 @@ if (!class_exists('Inbound_Forms')) {
411
412	$hidden_param = (isset($matches[3][$i]['dynamic'])) ? $matches[3][$i]['dynamic'] : '';
413	$fill_value = (isset($matches[3][$i]['default'])) ? $matches[3][$i]['default'] : '';
414	- $dynamic_value = (isset($_GET[$hidden_param])) ? $_GET[$hidden_param] : '';
415
416	$form .= '<input type="range" min="' . $options[0] . '" max="' . $options[1] . '" step="' . $options[2] . '" class="inbound-input inbound-input-range ' . $formatted_label . $input_classes . ' ' . $field_input_class . '" name="' . $field_name . '" ' . $form_placeholder . ' id="' . $field_name . '" value="' . $fill_value . '" ' . $data_mapping_attr . $et_output . ' ' . $req . '/>';
417


49
50
51	if (!$id && isset($_GET['post'])) {
52	+ $id = intval($_GET['post']);
53	}
54
55

195	/* prepare dynamic values if exists */
196	$hidden_param = (isset($matches[3][$i]['dynamic'])) ? $matches[3][$i]['dynamic'] : '';
197	$fill_value = (isset($matches[3][$i]['default'])) ? $matches[3][$i]['default'] : '';
198	+ $dynamic_value = (isset($_GET[$hidden_param])) ? sanitize_text_field($_GET[$hidden_param]) : '';
199	$dynamic_value = (!$dynamic_value && isset($_COOKIE[$hidden_param])) ? $_COOKIE[$hidden_param] : $dynamic_value;
200
201	if ($type != 'honeypot') {

411
412	$hidden_param = (isset($matches[3][$i]['dynamic'])) ? $matches[3][$i]['dynamic'] : '';
413	$fill_value = (isset($matches[3][$i]['default'])) ? $matches[3][$i]['default'] : '';
414	+ $dynamic_value = (isset($_GET[$hidden_param])) ? sanitize_text_field($_GET[$hidden_param]) : '';
415
416	$form .= '<input type="range" min="' . $options[0] . '" max="' . $options[1] . '" step="' . $options[2] . '" class="inbound-input inbound-input-range ' . $formatted_label . $input_classes . ' ' . $field_input_class . '" name="' . $field_name . '" ' . $form_placeholder . ' id="' . $field_name . '" value="' . $fill_value . '" ' . $data_mapping_attr . $et_output . ' ' . $req . '/>';
417

shared/classes/class.inbound-api.api-key-generation.php CHANGED Viewed

	@@ -43,7 +43,7 @@ if (!class_exists('Inbound_API_Keys_Generation')) {
43	/* Get User ID */
44	if( isset( $_REQUEST['user_id'] ) ) {
45
46	- $userdata = get_user_by( 'id', $_REQUEST['user_id'] );
47	if (isset($userdata->ID)) {
48	$user_id = $userdata->ID;
49	} else {


43	/* Get User ID */
44	if( isset( $_REQUEST['user_id'] ) ) {
45
46	+ $userdata = get_user_by( 'id', intval($_REQUEST['user_id']) );
47	if (isset($userdata->ID)) {
48	$user_id = $userdata->ID;
49	} else {

shared/classes/class.inbound-customizer.php CHANGED Viewed

	@@ -164,14 +164,14 @@ class Inbound_Customizer {
164
165	if($post_type === "wp-call-to-action") {
166	$syntax = 'wp-cta-variation-id';
167	- $vid = (isset($_GET['wp-cta-variation-id'])) ? $_GET['wp-cta-variation-id'] : '0';
168	} elseif ($post_type === "landing-page") {
169	$syntax = 'lp-variation-id';
170	- $vid = (isset($_GET['lp-variation-id'])) ? $_GET['lp-variation-id'] : '0';
171	/* Fix email post type */
172	} elseif ($post_type === "email") {
173	$syntax = 'email-variation-id';
174	- $vid = (isset($_GET['wp-cta-variation-id'])) ? $_GET['wp-cta-variation-id'] : '0';
175	} else {
176	$syntax = 'na';
177	$vid = '0';
	@@ -241,7 +241,7 @@ class Inbound_Customizer {
241
242	public static function redirect_after_save($url) {
243
244	- $ref = $_REQUEST['_wp_http_referer'];
245	if( !isset($ref) \|\| !strstr($ref, 'inbound-editor') \|\| strstr($ref, 'inbound-editor=false')) {
246	return $url;
247	}


164
165	if($post_type === "wp-call-to-action") {
166	$syntax = 'wp-cta-variation-id';
167	+ $vid = (isset($_GET['wp-cta-variation-id'])) ? intval($_GET['wp-cta-variation-id']) : '0';
168	} elseif ($post_type === "landing-page") {
169	$syntax = 'lp-variation-id';
170	+ $vid = (isset($_GET['lp-variation-id'])) ? intval($_GET['lp-variation-id']) : '0';
171	/* Fix email post type */
172	} elseif ($post_type === "email") {
173	$syntax = 'email-variation-id';
174	+ $vid = (isset($_GET['wp-cta-variation-id'])) ? intval($_GET['wp-cta-variation-id']) : '0';
175	} else {
176	$syntax = 'na';
177	$vid = '0';

241
242	public static function redirect_after_save($url) {
243
244	+ $ref = sanitize_text_field($_REQUEST['_wp_http_referer']);
245	if( !isset($ref) \|\| !strstr($ref, 'inbound-editor') \|\| strstr($ref, 'inbound-editor=false')) {
246	return $url;
247	}

shared/classes/class.lead-storage.php CHANGED Viewed

	@@ -284,8 +284,6 @@ if (!class_exists('LeadStorage')) {
284	Inbound_Options_API::update_option('inbound-pro', 'settings', $inbound_settings);
285	}
286
287	- error_log(print_r($inbound_settings,true));
288	-
289	}
290
291	}


284	Inbound_Options_API::update_option('inbound-pro', 'settings', $inbound_settings);
285	}
286


287	}
288
289	}

shared/classes/class.licensing.php CHANGED Viewed

	@@ -13,8 +13,9 @@
13	if ( ! defined( 'ABSPATH' ) ) { exit; } /* Exit if accessed directly */
14
15
16	- if ( ! defined( 'INBOUNDNOW_STORE_URL' ) )
17	- define('INBOUNDNOW_STORE_URL','http://www.inboundnow.com/');

18
19	if ( ! class_exists( 'Inbound_License' ) )
20	{
	@@ -31,12 +32,13 @@ if ( ! class_exists( 'Inbound_License' ) )
31
32	function __construct( $plugin_file, $plugin_label, $plugin_slug, $plugin_version, $remote_download_slug )
33	{

34	$this->plugin_basename = plugin_basename( $plugin_file );
35	$this->plugin_slug = $plugin_slug;
36	$this->plugin_label = $plugin_label;
37	$this->plugin_version = $plugin_version;
38	$this->remote_download_slug = $remote_download_slug;
39	- $this->master_license_key = get_option('inboundnow_master_license_key', '');
40	$this->remote_api_url = INBOUNDNOW_STORE_URL;
41
42	$this->hooks();
	@@ -45,6 +47,16 @@ if ( ! class_exists( 'Inbound_License' ) )
45
46	private function hooks() {
47










48	/* Add licenses key to global settings array */
49	add_filter( 'lp_define_global_settings', array( $this, 'lp_settings' ), 2 );
50	add_filter( 'wp_cta_define_global_settings', array( $this, 'wp_cta_settings' ), 2 );
	@@ -55,15 +67,12 @@ if ( ! class_exists( 'Inbound_License' ) )
55	$this->save_license_field();
56	}
57
58	- /* render license key settings in license keys tab */
59	- add_action('lp_render_global_settings', array( $this, 'display_license_field' ) );
60	- add_action('wpleads_render_global_settings', array( $this, 'display_license_field' ) );
61	- add_action('wp_cta_render_global_settings', array( $this, 'display_license_field' ) );
62
63	- /* ~~add~~ ~~automatic updates to plugin */~~
64	- ~~/update_option~~('~~_site_transient_update_plugins~~',''); ~~//uncomment to force upload update check /~~
65	- ~~add_filter~~( '~~pre_set_site_transient_update_plugins~~', array( $this, '~~pre_set_site_transient_update_plugins_filter~~' ) );
66	- ~~add_filter( 'plugins_api', array( $this, 'plugins_api_filter' ), 10, 3);~~

67
68	}
69
	@@ -182,11 +191,12 @@ if ( ! class_exists( 'Inbound_License' ) )
182	/* Call the custom API. */
183	$response = wp_remote_get( add_query_arg( $api_params, $this->remote_api_url ), array( 'timeout' => 30, 'sslverify' => false ) );
184
185	- if ( is_wp_error( $response ) )
186	return false;

187
188	$license_data = json_decode( wp_remote_retrieve_body( $response ) );
189	- ~~/print_r($license_data);exit; /~~
190
191	if( $license_data->license == 'active' ) {
192	$newDate = date('Y-m-d', strtotime($license_data->expires));
	@@ -337,7 +347,15 @@ if ( ! class_exists( 'Inbound_License' ) )
337
338	/* Legacy Class Name */
339	if ( !class_exists('INBOUNDNOW_EXTEND') ) {







340
341	- ~~class INBOUNDNOW_EXTEND extends Inbound_License {}~~;

342
343	}


13	if ( ! defined( 'ABSPATH' ) ) { exit; } /* Exit if accessed directly */
14
15
16	+ if ( ! defined( 'INBOUNDNOW_STORE_URL' ) ) {
17	+ define('INBOUNDNOW_STORE_URL', 'http://www.inboundnow.com/');
18	+ }
19
20	if ( ! class_exists( 'Inbound_License' ) )
21	{

32
33	function __construct( $plugin_file, $plugin_label, $plugin_slug, $plugin_version, $remote_download_slug )
34	{
35	+
36	$this->plugin_basename = plugin_basename( $plugin_file );
37	$this->plugin_slug = $plugin_slug;
38	$this->plugin_label = $plugin_label;
39	$this->plugin_version = $plugin_version;
40	$this->remote_download_slug = $remote_download_slug;
41	+ $this->master_license_key = (defined('INBOUND_ACCESS_LEVEL')) ? Inbound_API_Wrapper::get_api_key() : get_option('inboundnow_master_license_key', '');
42	$this->remote_api_url = INBOUNDNOW_STORE_URL;
43
44	$this->hooks();

47
48	private function hooks() {
49
50	+ /* add automatic updates to plugin */
51	+ /update_option('_site_transient_update_plugins',''); //uncomment to force upload update check /
52	+ add_filter( 'pre_set_site_transient_update_plugins', array( $this, 'pre_set_site_transient_update_plugins_filter' ) );
53	+ add_filter( 'plugins_api', array( $this, 'plugins_api_filter' ), 10, 3);
54	+
55	+ /* render license key settings in license keys tab */
56	+ if (defined('INBOUND_ACCESS_LEVEL') ) {
57	+ return;
58	+ }
59	+
60	/* Add licenses key to global settings array */
61	add_filter( 'lp_define_global_settings', array( $this, 'lp_settings' ), 2 );
62	add_filter( 'wp_cta_define_global_settings', array( $this, 'wp_cta_settings' ), 2 );

67	$this->save_license_field();
68	}
69




70
71	+ add_action('lp_render_global_settings', array($this, 'display_license_field'));
72	+ add_action('wpleads_render_global_settings', array($this, 'display_license_field'));
73	+ add_action('wp_cta_render_global_settings', array($this, 'display_license_field'));
74	+
75	+
76
77	}
78

191	/* Call the custom API. */
192	$response = wp_remote_get( add_query_arg( $api_params, $this->remote_api_url ), array( 'timeout' => 30, 'sslverify' => false ) );
193
194	+ if ( is_wp_error( $response ) ) {
195	return false;
196	+ }
197
198	$license_data = json_decode( wp_remote_retrieve_body( $response ) );
199	+
200
201	if( $license_data->license == 'active' ) {
202	$newDate = date('Y-m-d', strtotime($license_data->expires));

347
348	/* Legacy Class Name */
349	if ( !class_exists('INBOUNDNOW_EXTEND') ) {
350	+ if (
351	+ !defined('INBOUND_ACCESS_LEVEL')
352	+ \|\|
353	+ ( defined('INBOUND_ACCESS_LEVEL') && INBOUND_ACCESS_LEVEL < 1 )
354	+ ) {
355	+ class INBOUNDNOW_EXTEND extends Inbound_License {
356	+ }
357
358	+ ;
359	+ }
360
361	}

shared/classes/class.master-license.php CHANGED Viewed

	@@ -1,7 +1,8 @@
1	<?php
2
3	- if (!function_exists('inboundnow_add_master_license'))
4	{

5	/* Add Master License Key Setting*/
6	add_filter('lp_define_global_settings', 'inboundnow_add_master_license', 1, 1);
7	add_filter('wpleads_define_global_settings', 'inboundnow_add_master_license', 1, 1);


1	<?php
2
3	+ if (!function_exists('inboundnow_add_master_license') && !defined('INBOUND_ACCESS_LEVEL') )
4	{
5	+
6	/* Add Master License Key Setting*/
7	add_filter('lp_define_global_settings', 'inboundnow_add_master_license', 1, 1);
8	add_filter('wpleads_define_global_settings', 'inboundnow_add_master_license', 1, 1);

shared/classes/class.menus.adminbar.php CHANGED Viewed

@@ -502,11 +502,27 @@ if (!class_exists('Inbound_Menus_Adminbar')) {
             			/* 1 - Global Settings */
             			$menu_items[ $settings_key ] = array(
             				'parent' => self::$inboundnow_menu_key,
-            -
            				'title'  => __( 'Global Settings', 'inbound-pro' ),
             				'href'   => "",
             				'meta'   => array( 'target' => '', 'title' => _x( 'Manage Settings', 'inbound-pro' ) )
             			);
             			/* 1.1 - Call to Action Settings */
             			if (self::$load_callstoaction) {
             				$menu_items['inbound-ctasettings'] = array(


502	/* 1 - Global Settings */
503	$menu_items[ $settings_key ] = array(
504	'parent' => self::$inboundnow_menu_key,
505	+ 'title' => __( 'Settings', 'inbound-pro' ),
506	'href' => "",
507	'meta' => array( 'target' => '', 'title' => _x( 'Manage Settings', 'inbound-pro' ) )
508	);
509
510	+ /* 1.1 - Call to Action Settings */
511	+ if (defined('INBOUND_PRO_PATH')) {
512	+ $menu_items['inbound-now-settings'] = array(
513	+ 'parent' => $settings_key,
514	+ 'title' => __( 'Inbound Pro Settings', 'inbound-pro' ),
515	+ 'href' => admin_url( 'admin.php?page=inbound-pro' ),
516	+ 'meta' => array( 'target' => '', 'title' => __( 'Inbound Pro Settings', 'inbound-pro' ) )
517	+ );
518	+ $menu_items['inbound-now-extension-settings'] = array(
519	+ 'parent' => $settings_key,
520	+ 'title' => __( 'Extension Settings', 'inbound-pro' ),
521	+ 'href' => admin_url( 'admin.php?tab=inbound-pro-settings&page=inbound-pro' ),
522	+ 'meta' => array( 'target' => '', 'title' => __( 'Extension Settings', 'inbound-pro' ) )
523	+ );
524	+ }
525	+
526	/* 1.1 - Call to Action Settings */
527	if (self::$load_callstoaction) {
528	$menu_items['inbound-ctasettings'] = array(

shared/classes/class.promote.php CHANGED Viewed

	@@ -229,7 +229,7 @@ class Inbound_Promote {
229	}
230
231	public static function dismiss_notice() {
232	- update_user_meta($_REQUEST['user_id'], 'inbound_notification_' . $_REQUEST['notification_id'] , 'viewed' ) ;
233	exit;
234	}
235


229	}
230
231	public static function dismiss_notice() {
232	+ update_user_meta( intval($_REQUEST['user_id']), 'inbound_notification_' . sanitize_text_field($_REQUEST['notification_id']) , 'viewed' ) ;
233	exit;
234	}
235

shared/classes/class.template-utils.php CHANGED Viewed

	@@ -43,7 +43,7 @@ class Inbound_Template_Utils {
43	echo self::$activate_msg;
44	exit;
45	}
46	- $keys = (isset($_GET['generate-template-id'])) ? array($_GET['generate-template-id']) : array();
47	//print_r($keys);
48	//exit;
49	//$keys = $_GET['acf_export_keys'];
	@@ -194,8 +194,8 @@ class Inbound_Template_Utils {
194	}
195	echo "<label>Select the ACF options you wish to generate markup for</label>";
196	// render field
197	- $acf_id = (isset($_GET['generate-template-id'])) ? $_GET['generate-template-id'] : false;
198	- $template_name = (isset($_GET['template-name'])) ? $_GET['template-name'] : '';
199	acf_render_field(array(
200	'type' => 'select',
201	'name' => 'generate_template',


43	echo self::$activate_msg;
44	exit;
45	}
46	+ $keys = (isset($_GET['generate-template-id'])) ? array(sanitize_text_field($_GET['generate-template-id'])) : array();
47	//print_r($keys);
48	//exit;
49	//$keys = $_GET['acf_export_keys'];

194	}
195	echo "<label>Select the ACF options you wish to generate markup for</label>";
196	// render field
197	+ $acf_id = (isset($_GET['generate-template-id'])) ? sanitize_text_field($_GET['generate-template-id']) : false;
198	+ $template_name = (isset($_GET['template-name'])) ? sanitize_text_field($_GET['template-name']) : '';
199	acf_render_field(array(
200	'type' => 'select',
201	'name' => 'generate_template',

shared/functions/legacy.php CHANGED Viewed

	@@ -111,11 +111,11 @@ if (!function_exists('wpl_url_to_postid')) {
111	if ( isset( $wp->extra_query_vars[$wpvar] ) ) {
112	$query[$wpvar] = $wp->extra_query_vars[$wpvar];
113	} elseif ( isset( $_POST[$wpvar] ) ){
114	- $query[$wpvar] = $_POST[$wpvar];
115	} elseif ( isset( $_GET[$wpvar] ) ){
116	- $query[$wpvar] = $_GET[$wpvar];
117	} elseif ( isset( $query_vars[$wpvar] ) ){
118	- $query[$wpvar] = $query_vars[$wpvar];
119	}
120
121	if ( !empty( $query[$wpvar] ) ) {


111	if ( isset( $wp->extra_query_vars[$wpvar] ) ) {
112	$query[$wpvar] = $wp->extra_query_vars[$wpvar];
113	} elseif ( isset( $_POST[$wpvar] ) ){
114	+ $query[$wpvar] = sanitize_text_field($_POST[$wpvar]);
115	} elseif ( isset( $_GET[$wpvar] ) ){
116	+ $query[$wpvar] = sanitize_text_field($_GET[$wpvar]);
117	} elseif ( isset( $query_vars[$wpvar] ) ){
118	+ $query[$wpvar] = sanitize_text_field($query_vars[$wpvar]);
119	}
120
121	if ( !empty( $query[$wpvar] ) ) {

shared/shortcodes/inbound-shortcodes.php CHANGED Viewed

	@@ -701,7 +701,7 @@ class Inbound_Shortcodes {
701	<div id="inbound-shortcodes-nopreview"><?php _e('Shortcode has no preview', 'inbound-pro' ); ?></div>
702	<?php else :
703	if ( isset($_REQUEST['post']) && is_int($_REQUEST['post']) ) {
704	- $post_id = ~~html_entity_decode~~( $_REQUEST['post'] );
705	} else {
706	$post_id = 0;
707	}


701	<div id="inbound-shortcodes-nopreview"><?php _e('Shortcode has no preview', 'inbound-pro' ); ?></div>
702	<?php else :
703	if ( isset($_REQUEST['post']) && is_int($_REQUEST['post']) ) {
704	+ $post_id = intval( $_REQUEST['post'] );
705	} else {
706	$post_id = 0;
707	}

shared/shortcodes/popup.php CHANGED Viewed

	@@ -1,6 +1,6 @@
1	<?php
2	include( 'shortcodes-fields.php' );
3	- $popup = trim( $_GET['popup'] );
4
5	$shortcode = new Inbound_Shortcodes_Fields( $popup );
6
	@@ -65,8 +65,6 @@ if( !$shortcode->no_preview ) {
65	</div>
66
67	</div>
68	-
69	</div>
70	-
71	</body>
72	</html>


1	<?php
2	include( 'shortcodes-fields.php' );
3	+ $popup = trim( sanitize_text_field($_GET['popup']) );
4
5	$shortcode = new Inbound_Shortcodes_Fields( $popup );
6

65	</div>
66
67	</div>

68	</div>

69	</body>
70	</html>

shared/shortcodes/shortcodes/forms.php CHANGED Viewed

	@@ -448,7 +448,7 @@ add_action('admin_init', 'inbound_forms_redirect');
448	if (!function_exists('inbound_forms_redirect')) {
449	function inbound_forms_redirect($value){
450	global $pagenow;
451	- $page = (isset($_REQUEST['page']) ? $_REQUEST['page'] : false);
452	if($pagenow=='edit.php' && $page=='inbound-forms-redirect'){
453	wp_redirect(get_admin_url().'edit.php?post_type=inbound-forms');
454	exit;


448	if (!function_exists('inbound_forms_redirect')) {
449	function inbound_forms_redirect($value){
450	global $pagenow;
451	+ $page = (isset($_REQUEST['page']) ? sanitize_text_field($_REQUEST['page']) : false);
452	if($pagenow=='edit.php' && $page=='inbound-forms-redirect'){
453	wp_redirect(get_admin_url().'edit.php?post_type=inbound-forms');
454	exit;