Version Description
- Sanitization of form HTML to fix vulnerability issues.
- Fixed the issue of the user sync button still enabled even after all users are synched.
Download this release
Release Info
Developer | amarsib |
Plugin | SendinBlue Subscribe Form And WP SMTP |
Version | 3.1.34 |
Comparing to | |
See all releases |
Code changes from version 3.1.33 to 3.1.34
- inc/SendinblueApiClient.php +1 -1
- inc/sib-form-preview.php +1 -1
- js/admin.js +1 -0
- page/page-form.php +2 -1
- page/page-home.php +5 -2
- readme.txt +5 -1
- sendinblue.php +98 -1
inc/SendinblueApiClient.php
CHANGED
@@ -14,7 +14,7 @@ class SendinblueApiClient
|
|
14 |
const RESPONSE_CODE_CREATED = 201;
|
15 |
const RESPONSE_CODE_ACCEPTED = 202;
|
16 |
const RESPONSE_CODE_UNAUTHORIZED = 401;
|
17 |
-
const PLUGIN_VERSION = '3.1.
|
18 |
const USER_AGENT = 'sendinblue_plugins/wordpress';
|
19 |
|
20 |
private $apiKey;
|
14 |
const RESPONSE_CODE_CREATED = 201;
|
15 |
const RESPONSE_CODE_ACCEPTED = 202;
|
16 |
const RESPONSE_CODE_UNAUTHORIZED = 401;
|
17 |
+
const PLUGIN_VERSION = '3.1.34';
|
18 |
const USER_AGENT = 'sendinblue_plugins/wordpress';
|
19 |
|
20 |
private $apiKey;
|
inc/sib-form-preview.php
CHANGED
@@ -54,7 +54,7 @@ wp_head();
|
|
54 |
$html = stripslashes_deep($formData['html']);
|
55 |
$css = stripslashes_deep($formData['css']);
|
56 |
// phpcs:ignore
|
57 |
-
echo $html;
|
58 |
?>
|
59 |
</div>
|
60 |
<style>
|
54 |
$html = stripslashes_deep($formData['html']);
|
55 |
$css = stripslashes_deep($formData['css']);
|
56 |
// phpcs:ignore
|
57 |
+
echo wp_kses($html, SIB_Manager::wordpress_allowed_attributes());
|
58 |
?>
|
59 |
</div>
|
60 |
<style>
|
js/admin.js
CHANGED
@@ -936,6 +936,7 @@ $jQ(document).ready(function(){
|
|
936 |
$jQ('#sync-failure').show().html(respond.message);
|
937 |
} else {
|
938 |
// success to sync wp users
|
|
|
939 |
$jQ('.sib-sync-modal').modal('toggle');
|
940 |
$jQ('#sib-message-body').html(respond.message);
|
941 |
$jQ('#sib-message-box').show();
|
936 |
$jQ('#sync-failure').show().html(respond.message);
|
937 |
} else {
|
938 |
// success to sync wp users
|
939 |
+
location.reload();
|
940 |
$jQ('.sib-sync-modal').modal('toggle');
|
941 |
$jQ('#sib-message-body').html(respond.message);
|
942 |
$jQ('#sib-message-box').show();
|
page/page-form.php
CHANGED
@@ -879,7 +879,8 @@ For your information, you cannot select a template with the tag [DOUBLEOPTIN].',
|
|
879 |
$formID = isset( $_POST['sib_form_id'] ) ? sanitize_text_field( $_POST['sib_form_id'] ) : '';
|
880 |
$form_name = isset( $_POST['sib_form_name'] ) ? sanitize_text_field( $_POST['sib_form_name'] ) : '';
|
881 |
// phpcs:disable
|
882 |
-
$form_html = isset( $_POST['sib_form_html'] ) ? $_POST['sib_form_html'] : '';
|
|
|
883 |
$list_ids = isset( $_POST['list_id'] ) ? maybe_serialize( $_POST['list_id'] ) : '';
|
884 |
// phpcs:enable
|
885 |
$dependTheme = isset( $_POST['sib_css_type'] ) ? sanitize_text_field( $_POST['sib_css_type'] ) : '';
|
879 |
$formID = isset( $_POST['sib_form_id'] ) ? sanitize_text_field( $_POST['sib_form_id'] ) : '';
|
880 |
$form_name = isset( $_POST['sib_form_name'] ) ? sanitize_text_field( $_POST['sib_form_name'] ) : '';
|
881 |
// phpcs:disable
|
882 |
+
$form_html = isset( $_POST['sib_form_html'] ) ? wp_kses($_POST['sib_form_html'], SIB_Manager::wordpress_allowed_attributes()) : '';
|
883 |
+
|
884 |
$list_ids = isset( $_POST['list_id'] ) ? maybe_serialize( $_POST['list_id'] ) : '';
|
885 |
// phpcs:enable
|
886 |
$dependTheme = isset( $_POST['sib_css_type'] ) ? sanitize_text_field( $_POST['sib_css_type'] ) : '';
|
page/page-home.php
CHANGED
@@ -188,7 +188,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
188 |
$currentUsers = count_users();
|
189 |
$isSynced = get_option( 'sib_sync_users', '0' );
|
190 |
$isEnableSync = '0';
|
191 |
-
if ( $isSynced != $currentUsers ) {
|
192 |
$isEnableSync = '1';
|
193 |
/* translators: %s: total users */
|
194 |
$desc = sprintf( esc_attr__( 'You have %s existing users. Do you want to add them to Sendinblue?', 'mailin' ), $currentUsers['total_users'] );
|
@@ -237,7 +237,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
237 |
<?php echo esc_attr( $desc ); ?><br>
|
238 |
</p>
|
239 |
<div class="col-md-4">
|
240 |
-
<a <?php echo '1' === $isEnableSync ? '' : 'disabled'; ?>
|
241 |
</div>
|
242 |
|
243 |
</div>
|
@@ -724,6 +724,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
724 |
// create body data like csv.
|
725 |
// NAME;SURNAME;EMAIL\nName1;Surname1;example1@example.net\nName2;Surname2;example2@example.net.
|
726 |
$contentData = '';
|
|
|
727 |
foreach ( $roles as $role ) {
|
728 |
$users = get_users(
|
729 |
array(
|
@@ -733,6 +734,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
733 |
if ( empty( $users ) ) {
|
734 |
continue;
|
735 |
}
|
|
|
736 |
foreach ( $users as $user ) {
|
737 |
$userId = $user->ID;
|
738 |
$user_info = get_userdata( $userId );
|
@@ -760,6 +762,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
760 |
|
761 |
$usersData .= $contentData;
|
762 |
$result = SIB_API_Manager::sync_users( $usersData, $listIDs );
|
|
|
763 |
wp_send_json( $result );
|
764 |
}
|
765 |
|
188 |
$currentUsers = count_users();
|
189 |
$isSynced = get_option( 'sib_sync_users', '0' );
|
190 |
$isEnableSync = '0';
|
191 |
+
if ( $isSynced != $currentUsers['total_users'] ) {
|
192 |
$isEnableSync = '1';
|
193 |
/* translators: %s: total users */
|
194 |
$desc = sprintf( esc_attr__( 'You have %s existing users. Do you want to add them to Sendinblue?', 'mailin' ), $currentUsers['total_users'] );
|
237 |
<?php echo esc_attr( $desc ); ?><br>
|
238 |
</p>
|
239 |
<div class="col-md-4">
|
240 |
+
<a <?php echo '1' === $isEnableSync ? 'id="sib-sync-btn"' : 'disabled href="javascript:void(0)"'; ?> class="btn btn-primary" style="margin-top: 28px; " name="<?php echo esc_attr__( 'Users Synchronisation', 'mailin' ); ?>" href="#"><?php esc_attr_e( 'Sync my users', 'mailin' ); ?></a>
|
241 |
</div>
|
242 |
|
243 |
</div>
|
724 |
// create body data like csv.
|
725 |
// NAME;SURNAME;EMAIL\nName1;Surname1;example1@example.net\nName2;Surname2;example2@example.net.
|
726 |
$contentData = '';
|
727 |
+
$usersCount = 0;
|
728 |
foreach ( $roles as $role ) {
|
729 |
$users = get_users(
|
730 |
array(
|
734 |
if ( empty( $users ) ) {
|
735 |
continue;
|
736 |
}
|
737 |
+
$usersCount += count($users);
|
738 |
foreach ( $users as $user ) {
|
739 |
$userId = $user->ID;
|
740 |
$user_info = get_userdata( $userId );
|
762 |
|
763 |
$usersData .= $contentData;
|
764 |
$result = SIB_API_Manager::sync_users( $usersData, $listIDs );
|
765 |
+
update_option('sib_sync_users', $usersCount);
|
766 |
wp_send_json( $result );
|
767 |
}
|
768 |
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: Email Marketing, Newsletter, Sendinblue, Forms, smtp, marketing automation
|
|
4 |
Requires at least: 4.4
|
5 |
Tested up to: 5.9
|
6 |
Requires PHP: 5.6
|
7 |
-
Stable tag: 3.1.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -116,6 +116,10 @@ In order to create a signup form, you need to:
|
|
116 |
|
117 |
== Changelog ==
|
118 |
|
|
|
|
|
|
|
|
|
119 |
= 3.1.33 =
|
120 |
* Enhanced the plugin to be compatible upto Wordpress version 5.9
|
121 |
|
4 |
Requires at least: 4.4
|
5 |
Tested up to: 5.9
|
6 |
Requires PHP: 5.6
|
7 |
+
Stable tag: 3.1.34
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
116 |
|
117 |
== Changelog ==
|
118 |
|
119 |
+
= 3.1.34 =
|
120 |
+
* Sanitization of form HTML to fix vulnerability issues.
|
121 |
+
* Fixed the issue of the user sync button still enabled even after all users are synched.
|
122 |
+
|
123 |
= 3.1.33 =
|
124 |
* Enhanced the plugin to be compatible upto Wordpress version 5.9
|
125 |
|
sendinblue.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
|
4 |
* Plugin URI: https://www.sendinblue.com/?r=wporg
|
5 |
* Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
|
6 |
-
* Version: 3.1.
|
7 |
* Author: Sendinblue
|
8 |
* Author URI: https://www.sendinblue.com/?r=wporg
|
9 |
* License: GPLv2 or later
|
@@ -87,6 +87,89 @@ if ( ! class_exists( 'SIB_Manager' ) ) {
|
|
87 |
/** Installation id option name */
|
88 |
const INSTALLATION_ID = 'sib_installation_id';
|
89 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
90 |
/**
|
91 |
* API key
|
92 |
*
|
@@ -1351,6 +1434,20 @@ if ( ! class_exists( 'SIB_Manager' ) ) {
|
|
1351 |
$current_plugin_path_name = plugin_basename( __FILE__ );
|
1352 |
activate_plugin( $current_plugin_path_name );
|
1353 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1354 |
}
|
1355 |
|
1356 |
add_action( 'sendinblue_init', 'sendinblue_init' );
|
3 |
* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
|
4 |
* Plugin URI: https://www.sendinblue.com/?r=wporg
|
5 |
* Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
|
6 |
+
* Version: 3.1.34
|
7 |
* Author: Sendinblue
|
8 |
* Author URI: https://www.sendinblue.com/?r=wporg
|
9 |
* License: GPLv2 or later
|
87 |
/** Installation id option name */
|
88 |
const INSTALLATION_ID = 'sib_installation_id';
|
89 |
|
90 |
+
const SIB_ATTRIBUTE = array(
|
91 |
+
'input' => array(
|
92 |
+
'type' => true,
|
93 |
+
'name' => true,
|
94 |
+
'value' => true,
|
95 |
+
'class' => true,
|
96 |
+
'id' => true,
|
97 |
+
'size' => true,
|
98 |
+
'min' => true,
|
99 |
+
'max' => true,
|
100 |
+
'pattern' => true,
|
101 |
+
'title' => true,
|
102 |
+
'placeholder' => true,
|
103 |
+
'required' => true,
|
104 |
+
),
|
105 |
+
'p' => array(
|
106 |
+
'align' => true,
|
107 |
+
'id' => true,
|
108 |
+
'class' => true,
|
109 |
+
'dir' => true,
|
110 |
+
'lang' => true,
|
111 |
+
'style' => true,
|
112 |
+
'xml:lang' => true,
|
113 |
+
),
|
114 |
+
'iframe' => array(
|
115 |
+
'name' => true,
|
116 |
+
'id' => true,
|
117 |
+
'class' => true,
|
118 |
+
'src' => true,
|
119 |
+
'width' => true,
|
120 |
+
'height' => true,
|
121 |
+
'style' => true,
|
122 |
+
'loading' => true,
|
123 |
+
'allow' => true,
|
124 |
+
'allowfullscreen' => true,
|
125 |
+
),
|
126 |
+
'div' => array(
|
127 |
+
'id' => true,
|
128 |
+
'class' => true,
|
129 |
+
'dir' => true,
|
130 |
+
'lang' => true,
|
131 |
+
'style' => true,
|
132 |
+
'xml:lang' => true,
|
133 |
+
'data-require' => true,
|
134 |
+
),
|
135 |
+
'a' => array(
|
136 |
+
'href' => true,
|
137 |
+
'id' => true,
|
138 |
+
'class' => true,
|
139 |
+
'rel' => true,
|
140 |
+
'rev' => true,
|
141 |
+
'name' => true,
|
142 |
+
'target' => true,
|
143 |
+
),
|
144 |
+
'style' => array(),
|
145 |
+
'script' => array(
|
146 |
+
'src' => true,
|
147 |
+
),
|
148 |
+
'link' => array(
|
149 |
+
'rel' => true,
|
150 |
+
'href' => true,
|
151 |
+
'type' => true,
|
152 |
+
),
|
153 |
+
'select' => array(
|
154 |
+
'name' => true,
|
155 |
+
'class' => true,
|
156 |
+
'id' => true,
|
157 |
+
'style' => true,
|
158 |
+
'required' => true,
|
159 |
+
),
|
160 |
+
'option' => array(
|
161 |
+
'value' => true,
|
162 |
+
),
|
163 |
+
'ul' => array(
|
164 |
+
'class' => true,
|
165 |
+
'style' => true,
|
166 |
+
),
|
167 |
+
'center' => array(),
|
168 |
+
'download' => array(
|
169 |
+
'valueless' => 'y',
|
170 |
+
)
|
171 |
+
);
|
172 |
+
|
173 |
/**
|
174 |
* API key
|
175 |
*
|
1434 |
$current_plugin_path_name = plugin_basename( __FILE__ );
|
1435 |
activate_plugin( $current_plugin_path_name );
|
1436 |
}
|
1437 |
+
|
1438 |
+
public static function wordpress_allowed_attributes()
|
1439 |
+
{
|
1440 |
+
global $allowedposttags, $allowedtags, $allowedentitynames;
|
1441 |
+
$attributes = [$allowedposttags, $allowedtags, $allowedentitynames, self::SIB_ATTRIBUTE];
|
1442 |
+
$attributes = call_user_func_array("array_merge", $attributes);
|
1443 |
+
|
1444 |
+
add_filter( 'safe_style_css', function($css_attr) {
|
1445 |
+
array_push($css_attr, 'display');
|
1446 |
+
return $css_attr;
|
1447 |
+
});
|
1448 |
+
|
1449 |
+
return $attributes;
|
1450 |
+
}
|
1451 |
}
|
1452 |
|
1453 |
add_action( 'sendinblue_init', 'sendinblue_init' );
|