SendinBlue Subscribe Form And WP SMTP

Version Description

Bug and Security fix

Release Info

Developer	neeraj_slit
Plugin	SendinBlue Subscribe Form And WP SMTP
Version	2.9.18
Comparing to
See all releases

Code changes from version 2.9.17 to 2.9.18

Files changed (6) hide show

model/model-contacts.php +43 -34
model/model-forms.php +19 -13
model/model-lang.php +34 -9
model/model-users.php +26 -38
readme.txt +3 -0
sendinblue.php +1 -1

model/model-contacts.php CHANGED Viewed

	@@ -58,8 +58,8 @@ class SIB_Model_Contact {
58	*/
59	public static function get_data( $id ) {
60	global $wpdb;
61	- $query = 'select * from ' . self::TABLE_NAME . ' where id=' . $id ~~. '~~;';
62	- $results = $wpdb->get_results( $query, ARRAY_A );
63
64	if ( is_array( $results ) ) {
65	return $results[0];
	@@ -73,8 +73,8 @@ class SIB_Model_Contact {
73	*/
74	public static function get_data_by_code( $code ) {
75	global $wpdb;
76	- $query = 'select * from ' . self::TABLE_NAME . ' where code like "' . $code ~~. '"~~;';
77	- $results = $wpdb->get_results( $query, ARRAY_A );
78
79	if ( is_array( $results ) && count( $results ) > 0 ) {
80	return $results[0];
	@@ -88,8 +88,8 @@ class SIB_Model_Contact {
88	*/
89	public static function get_data_by_email( $email ) {
90	global $wpdb;
91	- $query = 'select * from ' . self::TABLE_NAME . ' where email like "' . $email ~~. '"~~;';
92	- $results = $wpdb->get_results( $query, ARRAY_A );
93
94	if ( is_array( $results ) && count( $results ) > 0 ) {
95	return $results[0];
	@@ -106,11 +106,17 @@ class SIB_Model_Contact {
106	return false;
107	}
108
109	- $query = ~~'INSERT INTO ' . self::TABLE_NAME . ' ';~~
110	- ~~$query~~ .= '(email,info,code,is_activate,extra) ';
111	- ~~$query .= "VALUES~~ (~~'{$data['email']}','{$data['info']}','{$data['code']}','{$data['is_activate']}','{$data['extra']}');";~~
112	-
113	- ~~$wpdb->query~~( $~~query~~ );






114
115	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' );
116
	@@ -121,10 +127,8 @@ class SIB_Model_Contact {
121	public static function is_exist_same_email( $email, $id = '' ) {
122	global $wpdb;
123
124	- $query = 'select * from ' . self::TABLE_NAME . ' ';
125	- $~~query~~ .= ~~"where email like '" .~~ $~~email~~ ~~. "'~~ ;";
126	-
127	- $results = $wpdb->get_results( $query, ARRAY_A );
128
129	if ( is_array( $results ) && (count( $results ) > 0) ) {
130	if ( $id == '' ) {
	@@ -146,9 +150,7 @@ class SIB_Model_Contact {
146	public static function remove_record( $id ) {
147	global $wpdb;
148
149	- $query = 'delete from ' . self::TABLE_NAME . ' ';
150	- $query .= 'where id=' . $id . ';';
151	-
152	$wpdb->query( $query );
153	}
154
	@@ -157,10 +159,15 @@ class SIB_Model_Contact {
157	global $wpdb;
158
159	$limit = ($pagenum - 1) * $per_page;
160	- $query = ~~'SELECT * FROM ' . self::TABLE_NAME . ' ';~~
161	- ~~$query~~ .= ~~'ORDER~~ BY ' . ~~$orderby~~ . ' ' . ~~$order~~ . ' ';
162	- ~~$query .= 'LIMIT ' . $limit . ',' . $per_page . ';';~~
163	-





164	$results = $wpdb->get_results( $query, ARRAY_A );
165	self::$found_count = self::get_count_element();
166
	@@ -175,9 +182,7 @@ class SIB_Model_Contact {
175	/** get all records of table */
176	public static function get_all_records() {
177	global $wpdb;
178	-
179	$query = 'select * from ' . self::TABLE_NAME . ' order by email asc;';
180	-
181	$results = $wpdb->get_results( $query, ARRAY_A );
182
183	if ( ! is_array( $results ) ) {
	@@ -192,11 +197,7 @@ class SIB_Model_Contact {
192	public static function get_count_element() {
193	global $wpdb;
194
195	- $~~query~~ = 'Select count(*) from ' . self::TABLE_NAME . ';';
196	-
197	- $count = $wpdb->get_var( $query );
198	-
199	- return $count;
200	}
201
202	/** update record */
	@@ -207,13 +208,21 @@ class SIB_Model_Contact {
207	return false;
208	}
209
210	- $query = ~~'update ' . self::TABLE_NAME . ' ';~~
211	- ~~$query~~ .= "set email=~~'{$data['email']}'~~,info=~~'{$data['info']}'~~,code=~~'{$data['code']}'~~,is_activate=~~'{$data['is_activate']}'~~,extra=~~'{$data['extra']}'~~ ";
212	- ~~$query .= 'where id=' . $id . ';';~~








213
214	- $wpdb->query( $query );
215
216	return true;
217	}
218
219	- }


58	*/
59	public static function get_data( $id ) {
60	global $wpdb;
61	+ $query = $wpdb->prepare('select * from ' . self::TABLE_NAME . ' where id= %d ', array(esc_sql($id)));
62	+ $results = $wpdb->get_results($query, ARRAY_A);
63
64	if ( is_array( $results ) ) {
65	return $results[0];

73	*/
74	public static function get_data_by_code( $code ) {
75	global $wpdb;
76	+ $query = $wpdb->prepare('select * from ' . self::TABLE_NAME . ' where code like %s', array(esc_sql($code)));
77	+ $results = $wpdb->get_results($query, ARRAY_A);
78
79	if ( is_array( $results ) && count( $results ) > 0 ) {
80	return $results[0];

88	*/
89	public static function get_data_by_email( $email ) {
90	global $wpdb;
91	+ $query = $wpdb->prepare('select * from ' . self::TABLE_NAME . ' where email like %s', array(esc_sql($email)));
92	+ $results = $wpdb->get_results($query, ARRAY_A);
93
94	if ( is_array( $results ) && count( $results ) > 0 ) {
95	return $results[0];

106	return false;
107	}
108
109	+ $query = $wpdb->prepare(
110	+ 'INSERT INTO ' . self::TABLE_NAME . ' (email,info,code,is_activate,extra) VALUES (%s, %s, %s, %d, %s);',
111	+ array(
112	+ esc_sql($data['email']),
113	+ esc_sql($data['info']),
114	+ esc_sql($data['code']),
115	+ esc_sql($data['is_activate']),
116	+ esc_sql($data['extra'])
117	+ )
118	+ );
119	+ $wpdb->query( $query );
120
121	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' );
122

127	public static function is_exist_same_email( $email, $id = '' ) {
128	global $wpdb;
129
130	+ $query = $wpdb->prepare('select * from ' . self::TABLE_NAME . ' where email like %s ', array(esc_sql($email)));
131	+ $results = $wpdb->get_results($query, ARRAY_A);


132
133	if ( is_array( $results ) && (count( $results ) > 0) ) {
134	if ( $id == '' ) {

150	public static function remove_record( $id ) {
151	global $wpdb;
152
153	+ $query = $wpdb->prepare('delete from ' . self::TABLE_NAME . ' where id= %d ', array(esc_sql($id)));


154	$wpdb->query( $query );
155	}
156

159	global $wpdb;
160
161	$limit = ($pagenum - 1) * $per_page;
162	+ $query = $wpdb->prepare(
163	+ 'SELECT * FROM ' . self::TABLE_NAME . ' ORDER BY %s %s LIMIT %d, %d;',
164	+ array(
165	+ esc_sql($orderby),
166	+ esc_sql($order),
167	+ esc_sql($limit),
168	+ esc_sql($per_page)
169	+ )
170	+ );
171	$results = $wpdb->get_results( $query, ARRAY_A );
172	self::$found_count = self::get_count_element();
173

182	/** get all records of table */
183	public static function get_all_records() {
184	global $wpdb;

185	$query = 'select * from ' . self::TABLE_NAME . ' order by email asc;';

186	$results = $wpdb->get_results( $query, ARRAY_A );
187
188	if ( ! is_array( $results ) ) {

197	public static function get_count_element() {
198	global $wpdb;
199
200	+ return $wpdb->get_var( 'Select count(*) from ' . self::TABLE_NAME . ';' );




201	}
202
203	/** update record */

208	return false;
209	}
210
211	+ $query = $wpdb->prepare(
212	+ 'update ' . self::TABLE_NAME . ' set email= %s, info= %s, code= %s, is_activate= %d, extra= %s where id= %d;',
213	+ array(
214	+ esc_sql($data['email']),
215	+ esc_sql($data['info']),
216	+ esc_sql($data['code']),
217	+ esc_sql($data['is_activate']),
218	+ esc_sql($data['extra']),
219	+ esc_sql($id)
220	+ )
221	+ );
222
223	+ $wpdb->query($query);
224
225	return true;
226	}
227
228	+ }

model/model-forms.php CHANGED Viewed

	@@ -150,7 +150,7 @@ if ( ! class_exists( 'SIB_Forms' ) ) {
150	'attributes' => 'email,NAME',
151	);
152	} else {
153	- $query = '~~select~~ * from ' . $wpdb->prefix . self::TABLE_NAME . ' where id=' . $frmID ~~. '~~;';
154	$results = $wpdb->get_row( $query, ARRAY_A ); // db call ok; no-cache ok.
155	}
156
	@@ -210,11 +210,13 @@ if ( ! class_exists( 'SIB_Forms' ) ) {
210	$current_date = date( 'Y-m-d' );
211
212	global $wpdb;
213	- $query = 'INSERT INTO ' . $wpdb->prefix . self::TABLE_NAME . ' ';
214	- $query .= '(~~title~~,~~html~~,~~css~~,~~dependTheme~~,~~listID~~,~~templateID~~,~~confirmID~~,~~isOpt~~,~~isDopt~~,~~redirectInEmail~~,~~redirectInForm~~,~~successMsg~~,~~errorMsg~~,~~existMsg~~,~~invalidMsg~~,~~requiredMsg~~,~~attributes~~,~~date~~,~~gCaptcha~~,~~gCaptcha_secret~~,~~gCaptcha_site~~,~~termAccept~~,~~termsURL~~) ';
215	- ~~$query .= "VALUES ('{$formData['title']}','{$formData['html']}','{$formData['css']}','{$formData['dependTheme']}','{$formData['listID']}',~~
216	- '{$~~formData['templateID']}'~~,'{$formData['~~confirmID~~']~~}','{$~~formData['~~isOpt~~']~~}','{$~~formData['~~isDopt~~']~~}','{$~~formData['~~redirectInEmail~~']~~}','{$~~formData['~~redirectInForm~~']}',
217	- '{$formData['~~successMsg~~']~~}','{$~~formData['~~errorMsg~~']~~}','{$~~formData['~~existMsg~~']~~}','{$~~formData['~~invalidMsg~~']~~}','{$~~formData['~~requiredMsg~~']~~}','{$~~formData['~~attributes~~']}',~~'{$current_date}','{$formData['gcaptcha']}','{$formData['gcaptcha_secret']}' ,'{$formData['gcaptcha_site']}','{$formData['termAccept']}','{$formData['termsURL']}')";~~


218	$wpdb->query( $query ); // db call ok; no-cache ok.
219	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' ); // db call ok; no-cache ok.
220	return $index;
	@@ -233,12 +235,16 @@ if ( ! class_exists( 'SIB_Forms' ) ) {
233	$current_date = date( 'Y-m-d' );
234
235	global $wpdb;
236	- ~~$query = 'update ' . $wpdb->prefix . self::TABLE_NAME . ' ';~~
237	- $query .= ~~"set~~ ~~title=~~'{$~~formData['title']}',html='{$formData['html']}',css='{$formData['css']}',dependTheme='{$formData['dependTheme']}',listID='{$formData['listID']}',~~
238	- ~~isOpt~~=~~'{$formData['isOpt']}'~~,~~isDopt~~=~~'{$formData['isDopt']}'~~,templateID=~~'{$formData['templateID']}'~~,confirmID=~~'{$formData['confirmID']}'~~,
239	- ~~redirectInEmail='{~~$~~formData[~~'~~redirectInEmail']}',redirectInForm~~='~~{$formData['redirectInForm']}',~~
240	- successMsg='{$formData['successMsg']}',errorMsg='{$formData['errorMsg']}',existMsg='{$formData['existMsg']}',invalidMsg='{$formData['invalidMsg']}',requiredMsg='{$formData['requiredMsg']}',date='{$current_date}',attributes='{$formData['attributes']}',gCaptcha='{$formData['gcaptcha']}',gCaptcha_secret='{$formData['gcaptcha_secret']}' ,gCaptcha_site='{$formData['gcaptcha_site']}' ,termAccept='{$formData['termAccept']}',termsURL='{$formData['termsURL']}'";
241	- $query ~~.= 'where id~~=' . $~~formID~~ . ';';




242	$wpdb->query( $query ); // db call ok; no-cache ok.
243
244	return true;
	@@ -438,4 +444,4 @@ EOD;
438	}
439
440	}
441	- }


150	'attributes' => 'email,NAME',
151	);
152	} else {
153	+ $query = $wpdb->prepare('SELECT * from ' . $wpdb->prefix . self::TABLE_NAME . ' where id = %d',array(esc_sql($frmID)));
154	$results = $wpdb->get_row( $query, ARRAY_A ); // db call ok; no-cache ok.
155	}
156

210	$current_date = date( 'Y-m-d' );
211
212	global $wpdb;
213	+ $query = 'INSERT INTO ' . $wpdb->prefix . self::TABLE_NAME.' (title,html,css,dependTheme,listID,templateID,confirmID,isOpt,isDopt,redirectInEmail,redirectInForm,successMsg,errorMsg,existMsg,invalidMsg,requiredMsg,attributes,date,gCaptcha,gCaptcha_secret,gCaptcha_site,termAccept,termsURL) VALUES ';
214	+ $query .= ' (%s, %s, %s, %d, %s, %d, %d, %d, %d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %s, %s, %d, %s)';
215	+
216	+ $query = $wpdb->prepare($query,array($formData['title'],$formData['html'],$formData['css'],$formData['dependTheme'],$formData['listID'],
217	+ $formData['templateID'],$formData['confirmID'],$formData['isOpt'],$formData['isDopt'],$formData['redirectInEmail'],$formData['redirectInForm'],
218	+ $formData['successMsg'],$formData['errorMsg'],$formData['existMsg'],$formData['invalidMsg'],$formData['requiredMsg'],$formData['attributes'],$current_date,$formData['gcaptcha'],$formData['gcaptcha_secret'] ,$formData['gcaptcha_site'],$formData['termAccept'],$formData['termsURL']));
219	+
220	$wpdb->query( $query ); // db call ok; no-cache ok.
221	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' ); // db call ok; no-cache ok.
222	return $index;

235	$current_date = date( 'Y-m-d' );
236
237	global $wpdb;
238	+
239	+ $query = 'UPDATE ' . $wpdb->prefix . self::TABLE_NAME ;
240	+ $query .= " set title = %s, html = %s, css = %s, dependTheme = %d, listID = %s, templateID = %d, confirmID = %d, isOpt = %d, isDopt = %d, redirectInEmail = %s, redirectInForm = %s, successMsg = %s, errorMsg = %s, existMsg = %s, invalidMsg = %s, requiredMsg = %s, attributes = %s, date = %s, gCaptcha = %d, gCaptcha_secret = %s, gCaptcha_site = %s, termAccept = %d, termsURL = %s";
241	+ $query .= ' where id= %d';
242	+
243	+ $query = $wpdb->prepare( $query ,array($formData['title'],$formData['html'],$formData['css'],$formData['dependTheme'],$formData['listID'],
244	+ $formData['templateID'],$formData['confirmID'],$formData['isOpt'],$formData['isDopt'],$formData['redirectInEmail'],$formData['redirectInForm'],
245	+ $formData['successMsg'],$formData['errorMsg'],$formData['existMsg'],$formData['invalidMsg'],$formData['requiredMsg'],$formData['attributes'],$current_date,$formData['gcaptcha'],$formData['gcaptcha_secret'] ,$formData['gcaptcha_site'],$formData['termAccept'],$formData['termsURL'], esc_sql($formID)));
246	+
247	+
248	$wpdb->query( $query ); // db call ok; no-cache ok.
249
250	return true;

444	}
445
446	}
447	+ }

model/model-lang.php CHANGED Viewed

	@@ -52,8 +52,14 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
52	global $wpdb;
53	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
54	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
55	- $~~sql~~ = ~~'SELECT * FROM ' .~~ $wpdb->~~prefix . self::TABLE_NAME . " WHERE pID ='" . $pID . "' AND lang='" . $lang . "'";~~
56	- ~~$results~~ = $wpdb->~~get_row(~~ ~~$sql~~ ); // db ~~call~~ ~~ok;~~ ~~no-cache~~ ~~ok.~~






57	if ( ! empty( $results ) ) {
58	return $results->frmID;
59	} else {
	@@ -75,7 +81,13 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
75	global $wpdb;
76	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
77	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
78	- $sql = ~~'SELECT * FROM ' .~~ $wpdb->~~prefix . self::TABLE_NAME . " WHERE frmID ='" . $frmID . "' AND pID='" . $pID . "'";~~






79	$results = $wpdb->get_row( $sql ); // db call ok; no-cache ok.
80	if ( ! empty( $results ) ) {
81	return $results->lang;
	@@ -98,9 +110,14 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
98	public static function add_form_ID( $frmID, $pid, $lang ) {
99	// insert.
100	global $wpdb;
101	- $query = ~~'INSERT INTO ' .~~ $wpdb->~~prefix . self::TABLE_NAME . ' ';~~
102	- $~~query~~ .= '(frmID,pID,lang) ';
103	- ~~$query .= "VALUES~~ (~~'{$frmID}','{$pid}','{$lang}')";~~





104	$wpdb->query( $query ); // db call ok; no-cache ok.
105	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' ); // db call ok; no-cache ok.
106	return $index;
	@@ -116,7 +133,10 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
116	global $wpdb;
117	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
118	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
119	- $sql = ~~'SELECT * FROM ' .~~ $wpdb->~~prefix . self::TABLE_NAME . " WHERE frmID ='" . $frmID . "'";~~



120	$results = $wpdb->get_row( $sql ); // db call ok; no-cache ok.
121	if ( ! empty( $results ) ) {
122	return true;
	@@ -138,7 +158,10 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
138	global $wpdb;
139	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
140	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
141	- $query_forms = ~~'SELECT * FROM ' .~~ $wpdb->~~prefix . self::TABLE_NAME . " WHERE pID='" . $pID . "'";~~



142	$trans = $wpdb->get_results( $query_forms ); // db call ok; no-cache ok.
143	if ( $trans ) {
144	foreach ( $trans as $tran ) {
	@@ -151,6 +174,8 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
151	'pID' => $pID,
152	)
153	);


154	}
155
156	}
	@@ -166,4 +191,4 @@ if ( ! class_exists( 'SIB_Forms_Lang' ) ) {
166	}
167	}
168	}
169	- }


52	global $wpdb;
53	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
54	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
55	+ $query = $wpdb->prepare(
56	+ 'SELECT * FROM ' . $wpdb->prefix . self::TABLE_NAME . ' WHERE pID = %d AND lang= %s',
57	+ array(
58	+ esc_sql($pID),
59	+ esc_sql($lang)
60	+ )
61	+ );
62	+ $results = $wpdb->get_row( $query ); // db call ok; no-cache ok.
63	if ( ! empty( $results ) ) {
64	return $results->frmID;
65	} else {

81	global $wpdb;
82	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
83	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
84	+ $sql = $wpdb->prepare(
85	+ 'SELECT * FROM ' . $wpdb->prefix . self::TABLE_NAME . ' WHERE frmID = %d AND pID= %d',
86	+ array(
87	+ esc_sql($frmID),
88	+ esc_sql($pID)
89	+ )
90	+ );
91	$results = $wpdb->get_row( $sql ); // db call ok; no-cache ok.
92	if ( ! empty( $results ) ) {
93	return $results->lang;

110	public static function add_form_ID( $frmID, $pid, $lang ) {
111	// insert.
112	global $wpdb;
113	+ $query = $wpdb->prepare(
114	+ 'INSERT INTO ' . $wpdb->prefix . self::TABLE_NAME . ' (frmID,pID,lang) VALUES (%d, %d, %s)',
115	+ array(
116	+ esc_sql($frmID),
117	+ esc_sql($pid),
118	+ esc_sql($lang)
119	+ )
120	+ );
121	$wpdb->query( $query ); // db call ok; no-cache ok.
122	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' ); // db call ok; no-cache ok.
123	return $index;

133	global $wpdb;
134	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
135	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
136	+ $sql = $wpdb->prepare(
137	+ 'SELECT * FROM ' . $wpdb->prefix . self::TABLE_NAME . ' WHERE frmID = %d',
138	+ array(esc_sql($frmID))
139	+ );
140	$results = $wpdb->get_row( $sql ); // db call ok; no-cache ok.
141	if ( ! empty( $results ) ) {
142	return true;

158	global $wpdb;
159	$query = "SHOW TABLES LIKE '" . $wpdb->prefix . self::TABLE_NAME . "'; ";
160	if ( $wpdb->get_var( $query ) == $wpdb->prefix . self::TABLE_NAME ) {
161	+ $query_forms = $wpdb->prepare(
162	+ 'SELECT * FROM ' . $wpdb->prefix . self::TABLE_NAME . ' WHERE pID= %d',
163	+ array(esc_sql($pID))
164	+ );
165	$trans = $wpdb->get_results( $query_forms ); // db call ok; no-cache ok.
166	if ( $trans ) {
167	foreach ( $trans as $tran ) {

174	'pID' => $pID,
175	)
176	);
177	+
178	+
179	}
180
181	}

191	}
192	}
193	}
194	+ }

model/model-users.php CHANGED Viewed

	@@ -61,7 +61,8 @@ class SIB_Model_Users {
61	*/
62	public static function get_data( $id ) {
63	global $wpdb;
64	- $query = ~~'select~~ * from ' . $wpdb->prefix . self::TABLE_NAME . ' where id=' . $id ~~. '~~;';

65	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
66
67	if ( is_array( $results ) ) {
	@@ -78,8 +79,9 @@ class SIB_Model_Users {
78	* @return array\|bool\|null\|object\|void
79	*/
80	public static function get_data_by_code( $code ) {
81	- global $wpdb;
82	- $query = ~~'select~~ * from ' . $wpdb->prefix . self::TABLE_NAME . ' where code like "~~' .~~ $code ~~. '"~~;';

83	$results = $wpdb->get_row( $query,ARRAY_A ); // db call ok; no-cache ok.
84
85	if ( is_array( $results ) && count( $results ) > 0 ) {
	@@ -98,7 +100,9 @@ class SIB_Model_Users {
98	*/
99	public static function get_data_by_email( $email, $formID ) {
100	global $wpdb;
101	- ~~$query = 'select * from ' . $wpdb->prefix . self::TABLE_NAME . ' where email = "' . $email . '" and frmid = "' . $formID . '";';~~


102	$results = $wpdb->get_row( $query,ARRAY_A ); // db call ok; no-cache ok.
103
104	if ( is_array( $results ) && count( $results ) > 0 ) {
	@@ -117,9 +121,13 @@ class SIB_Model_Users {
117	public static function add_record( $data ) {
118	global $wpdb;
119
120	- $~~query~~ = ~~'INSERT~~ ~~INTO~~ ~~' .~~ $~~wpdb->prefix~~ ~~. self::TABLE_NAME . ' ';~~
121	- $~~query~~ ~~.= '~~(~~email~~,~~code,~~info~~,frmid,listIDs,redirectUrl~~) ';
122	- $~~query .= "VALUES ('{$~~data[~~'email']}','{~~$~~data['code'~~]~~}','{~~$~~data['info']}','{$data['frmid']}','{$data['listIDs']}','{$data['redirectUrl']}'~~);";




123	$wpdb->query( $query ); // db call ok; no-cache ok.
124	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' ); // db call ok; no-cache ok.
125	return $index;
	@@ -135,11 +143,11 @@ class SIB_Model_Users {
135	public static function is_exist_same_email( $email, $id = '' ) {
136	global $wpdb;
137
138	- $query = ~~'select~~ * from ' . $wpdb->prefix . self::TABLE_NAME . ' ';
139	- $query .= "where email like '" . $email . "' ;";
140
141	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
142

143	if ( is_array( $results ) && (count( $results ) > 0) ) {
144	if ( '' === $id ) {
145	return true;
	@@ -164,8 +172,7 @@ class SIB_Model_Users {
164	public static function remove_record( $id ) {
165	global $wpdb;
166
167	- $query = ~~'delete~~ from ' . $wpdb->prefix . self::TABLE_NAME . ' ';
168	- $query .= 'where id=' . $id . ';';
169
170	$wpdb->query( $query ); // db call ok; no-cache ok.
171	}
	@@ -184,8 +191,11 @@ class SIB_Model_Users {
184
185	$limit = ($pagenum - 1) * $per_page;
186	$query = 'SELECT * FROM ' . $wpdb->prefix . self::TABLE_NAME . ' ';
187	- $query .= 'ORDER BY ' . ~~$orderby .~~ ' ~~' . $order . ' '~~;
188	- $query .= 'LIMIT ' ~~. $limit . ',' . $per_page . '~~;';



189
190	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
191	self::$found_count = self::get_count_element();
	@@ -202,8 +212,9 @@ class SIB_Model_Users {
202	public static function get_all_records() {
203	global $wpdb;
204
205	- $query = 'select * from ' . $wpdb->prefix . self::TABLE_NAME . ' order by ~~email~~ ~~asc~~;';
206

207	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
208
209	if ( ! is_array( $results ) ) {
	@@ -225,29 +236,6 @@ class SIB_Model_Users {
225	return $count;
226	}
227
228	- /**
229	- * Update record
230	- *
231	- * @param int $id - id.
232	- * @param array $data - record data.
233	- * @return bool
234	- */
235	- public static function update_element( $id, $data ) {
236	- global $wpdb;
237	-
238	- if ( self::is_exist_same_email( $data['email'], $id ) == true ) {
239	- return false;
240	- }
241	-
242	- $query = 'update ' . $wpdb->prefix . self::TABLE_NAME . ' ';
243	- $query .= "set email='{$data['email']}',info='{$data['info']}',code='{$data['code']}',is_activate='{$data['is_activate']}',extra='{$data['extra']}' ";
244	- $query .= 'where id=' . $id . ';';
245	-
246	- $wpdb->query( $query ); // db call ok; no-cache ok.
247	-
248	- return true;
249	- }
250	-
251	/** Add prefix to the table */
252	public static function add_prefix() {
253	global $wpdb;
	@@ -257,4 +245,4 @@ class SIB_Model_Users {
257	}
258	}
259
260	- }


61	*/
62	public static function get_data( $id ) {
63	global $wpdb;
64	+ $query = $wpdb->prepare("SELECT * from " . $wpdb->prefix . self::TABLE_NAME . " where id = %d",array(esc_sql($id)));
65	+
66	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
67
68	if ( is_array( $results ) ) {

79	* @return array\|bool\|null\|object\|void
80	*/
81	public static function get_data_by_code( $code ) {
82	+ global $wpdb;
83	+ $query = $wpdb->prepare("SELECT * from " . $wpdb->prefix . self::TABLE_NAME . " where code like %s",array(esc_sql($code)));
84	+
85	$results = $wpdb->get_row( $query,ARRAY_A ); // db call ok; no-cache ok.
86
87	if ( is_array( $results ) && count( $results ) > 0 ) {

100	*/
101	public static function get_data_by_email( $email, $formID ) {
102	global $wpdb;
103	+
104	+ $query = $wpdb->prepare("SELECT * from " . $wpdb->prefix . self::TABLE_NAME . " where email = %s and frmid = %d",array(esc_sql($email),esc_sql($formID)));
105	+
106	$results = $wpdb->get_row( $query,ARRAY_A ); // db call ok; no-cache ok.
107
108	if ( is_array( $results ) && count( $results ) > 0 ) {

121	public static function add_record( $data ) {
122	global $wpdb;
123
124	+ foreach ($data as $key => $value) {
125	+ if(!in_array($key, array("listIDs","info")))
126	+ $data[$key] = esc_sql($value);
127	+ }
128	+
129	+ $query = $wpdb->prepare('INSERT INTO ' . $wpdb->prefix . self::TABLE_NAME . ' (email,code,info,frmid,listIDs,redirectUrl) VALUES (%s, %s, %s, %d, %s, %s) ',array( $data["email"], $data["code"], $data["info"], $data["frmid"], $data["listIDs"], $data["redirectUrl"] ));
130	+
131	$wpdb->query( $query ); // db call ok; no-cache ok.
132	$index = $wpdb->get_var( 'SELECT LAST_INSERT_ID();' ); // db call ok; no-cache ok.
133	return $index;

143	public static function is_exist_same_email( $email, $id = '' ) {
144	global $wpdb;
145
146	+ $query = $wpdb->prepare("SELECT * from " . $wpdb->prefix . self::TABLE_NAME . " where email like %s",array(esc_sql($email)));

147
148	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
149
150	+
151	if ( is_array( $results ) && (count( $results ) > 0) ) {
152	if ( '' === $id ) {
153	return true;

172	public static function remove_record( $id ) {
173	global $wpdb;
174
175	+ $query = $wpdb->prepare("DELETE from " . $wpdb->prefix . self::TABLE_NAME . " where id = %d",array(esc_sql($id)));

176
177	$wpdb->query( $query ); // db call ok; no-cache ok.
178	}

191
192	$limit = ($pagenum - 1) * $per_page;
193	$query = 'SELECT * FROM ' . $wpdb->prefix . self::TABLE_NAME . ' ';
194	+ $query .= 'ORDER BY %s %s ';
195	+ $query .= 'LIMIT %d,%d';
196	+
197	+ $query = $wpdb->prepare($query,array(esc_sql($orderby), esc_sql($order), esc_sql($limit), esc_sql($per_page)));
198	+
199
200	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
201	self::$found_count = self::get_count_element();

212	public static function get_all_records() {
213	global $wpdb;
214
215	+ $query = 'select * from ' . $wpdb->prefix . self::TABLE_NAME . ' order by %s %s;';
216
217	+ $query = $wpdb->prepare($query,array("email","asc"));
218	$results = $wpdb->get_results( $query, ARRAY_A ); // db call ok; no-cache ok.
219
220	if ( ! is_array( $results ) ) {

236	return $count;
237	}
238























239	/** Add prefix to the table */
240	public static function add_prefix() {
241	global $wpdb;

245	}
246	}
247
248	+ }

readme.txt CHANGED Viewed

	@@ -138,6 +138,9 @@ In order to create a signup form, you need to:
138	2. Integrate the form in a sidebar using a widget from WP panel > Appearance > Widgets. The Sendinblue widget form should appear in your widgets list, you just to have to drag and drop the widget into the sidebar of your choice.
139
140	== Changelog ==



141	= 2.9.17 =
142	* Plugin page css conflict design issue fixed
143	* Multiple V2 Google recaptcha for same page issue fixed


138	2. Integrate the form in a sidebar using a widget from WP panel > Appearance > Widgets. The Sendinblue widget form should appear in your widgets list, you just to have to drag and drop the widget into the sidebar of your choice.
139
140	== Changelog ==
141	+ = 2.9.18 =
142	+ * Bug and Security fix
143	+
144	= 2.9.17 =
145	* Plugin page css conflict design issue fixed
146	* Multiple V2 Google recaptcha for same page issue fixed

sendinblue.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
4	* Plugin URI: https://www.sendinblue.com/?r=wporg
5	* Description: Easily send emails from your WordPress blog using Sendinblue SMTP and easily add a subscribe form to your site
6	- * Version: 2.9.17
7	* Author: Sendinblue
8	* Author URI: https://www.sendinblue.com/?r=wporg
9	* License: GPLv2 or later


3	* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
4	* Plugin URI: https://www.sendinblue.com/?r=wporg
5	* Description: Easily send emails from your WordPress blog using Sendinblue SMTP and easily add a subscribe form to your site
6	+ * Version: 2.9.18
7	* Author: Sendinblue
8	* Author URI: https://www.sendinblue.com/?r=wporg
9	* License: GPLv2 or later

SendinBlue Subscribe Form And WP SMTP - Version 2.9.18

Version Description

Release Info

Code changes from version 2.9.17 to 2.9.18