Version Description
- Security fixes, Input data sanitization during user sync, and cookies creation.
Download this release
Release Info
| Developer | amarsib |
| Plugin |  SendinBlue Subscribe Form And WP SMTP |
| Version | 3.1.35 |
| Comparing to | |
| See all releases | |
Code changes from version 3.1.34 to 3.1.35
- inc/SendinblueApiClient.php +1 -1
- inc/sendinblue.php +15 -10
- page/page-home.php +1 -1
- readme.txt +4 -1
- sendinblue.php +1 -1
inc/SendinblueApiClient.php
CHANGED
|
@@ -14,7 +14,7 @@ class SendinblueApiClient
|
|
| 14 |
const RESPONSE_CODE_CREATED = 201;
|
| 15 |
const RESPONSE_CODE_ACCEPTED = 202;
|
| 16 |
const RESPONSE_CODE_UNAUTHORIZED = 401;
|
| 17 |
-
const PLUGIN_VERSION = '3.1.
|
| 18 |
const USER_AGENT = 'sendinblue_plugins/wordpress';
|
| 19 |
|
| 20 |
private $apiKey;
|
| 14 |
const RESPONSE_CODE_CREATED = 201;
|
| 15 |
const RESPONSE_CODE_ACCEPTED = 202;
|
| 16 |
const RESPONSE_CODE_UNAUTHORIZED = 401;
|
| 17 |
+
const PLUGIN_VERSION = '3.1.35';
|
| 18 |
const USER_AGENT = 'sendinblue_plugins/wordpress';
|
| 19 |
|
| 20 |
private $apiKey;
|
inc/sendinblue.php
CHANGED
|
@@ -14,12 +14,13 @@
|
|
| 14 |
$this->api_key = $api_key;
|
| 15 |
//create a session cookie
|
| 16 |
if (!array_key_exists('session_id',$_COOKIE)) {
|
| 17 |
-
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
| 18 |
$parsed = parse_url($url);
|
| 19 |
$host_parts = explode('.', $parsed['host']);
|
| 20 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 21 |
//store email_id cookie
|
| 22 |
-
|
|
|
|
| 23 |
}
|
| 24 |
|
| 25 |
}
|
|
@@ -44,7 +45,7 @@
|
|
| 44 |
if (!array_key_exists('name',$data)) {
|
| 45 |
$data['name'] = "Contact Created";
|
| 46 |
}
|
| 47 |
-
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
| 48 |
if (!array_key_exists('url',$data)) {
|
| 49 |
$data['url'] = $url;
|
| 50 |
}
|
|
@@ -55,14 +56,15 @@
|
|
| 55 |
$host_parts = explode('.', $parsed['host']);
|
| 56 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 57 |
//store email_id cookie
|
| 58 |
-
|
|
|
|
| 59 |
return $this->do_request($data);
|
| 60 |
}
|
| 61 |
|
| 62 |
public function track($data)
|
| 63 |
{
|
| 64 |
$data['sib_type'] = 'track';
|
| 65 |
-
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
| 66 |
if (!array_key_exists('url',$data)) {
|
| 67 |
$data['url'] = $url;
|
| 68 |
}
|
|
@@ -89,13 +91,14 @@
|
|
| 89 |
$host_parts = explode('.', $parsed['host']);
|
| 90 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 91 |
//store email_id cookie
|
| 92 |
-
|
|
|
|
| 93 |
}
|
| 94 |
}
|
| 95 |
public function page($data)
|
| 96 |
{
|
| 97 |
$data['sib_type'] = 'page';
|
| 98 |
-
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
| 99 |
if (!array_key_exists('url',$data)) {
|
| 100 |
$data['url'] = $url;
|
| 101 |
}
|
|
@@ -127,7 +130,8 @@
|
|
| 127 |
$host_parts = explode('.', $parsed['host']);
|
| 128 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 129 |
//store email_id cookie
|
| 130 |
-
|
|
|
|
| 131 |
}
|
| 132 |
}
|
| 133 |
public function trackLink($data)
|
|
@@ -140,7 +144,7 @@
|
|
| 140 |
if (isset($_COOKIE['session_id']) && $_COOKIE['session_id'] != '') {
|
| 141 |
$data['session_id'] = sanitize_text_field( $_COOKIE['session_id'] );
|
| 142 |
}
|
| 143 |
-
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
| 144 |
if (!array_key_exists('url',$data)) {
|
| 145 |
$data['url'] = $url;
|
| 146 |
}
|
|
@@ -151,7 +155,8 @@
|
|
| 151 |
$host_parts = explode('.', $parsed['host']);
|
| 152 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 153 |
//store email_id cookie
|
| 154 |
-
|
|
|
|
| 155 |
}
|
| 156 |
}
|
| 157 |
}
|
| 14 |
$this->api_key = $api_key;
|
| 15 |
//create a session cookie
|
| 16 |
if (!array_key_exists('session_id',$_COOKIE)) {
|
| 17 |
+
$url = esc_url_raw((isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
|
| 18 |
$parsed = parse_url($url);
|
| 19 |
$host_parts = explode('.', $parsed['host']);
|
| 20 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 21 |
//store email_id cookie
|
| 22 |
+
$_COOKIE['session_id'] = md5(uniqid(time()));
|
| 23 |
+
setcookie("session_id", $_COOKIE['session_id'],time() + 86400,"/",$domain);
|
| 24 |
}
|
| 25 |
|
| 26 |
}
|
| 45 |
if (!array_key_exists('name',$data)) {
|
| 46 |
$data['name'] = "Contact Created";
|
| 47 |
}
|
| 48 |
+
$url = esc_url_raw((isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
|
| 49 |
if (!array_key_exists('url',$data)) {
|
| 50 |
$data['url'] = $url;
|
| 51 |
}
|
| 56 |
$host_parts = explode('.', $parsed['host']);
|
| 57 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 58 |
//store email_id cookie
|
| 59 |
+
$_COOKIE['email_id'] = sanitize_email($data['email_id']);
|
| 60 |
+
setcookie("email_id",$_COOKIE['email_id'],time() + 86400,"/",$domain);
|
| 61 |
return $this->do_request($data);
|
| 62 |
}
|
| 63 |
|
| 64 |
public function track($data)
|
| 65 |
{
|
| 66 |
$data['sib_type'] = 'track';
|
| 67 |
+
$url = esc_url_raw((isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
|
| 68 |
if (!array_key_exists('url',$data)) {
|
| 69 |
$data['url'] = $url;
|
| 70 |
}
|
| 91 |
$host_parts = explode('.', $parsed['host']);
|
| 92 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 93 |
//store email_id cookie
|
| 94 |
+
$_COOKIE['email_id'] = sanitize_email($obj['email_id']);
|
| 95 |
+
setcookie("email_id",$_COOKIE['email_id'],time() + 86400,"/",$domain);
|
| 96 |
}
|
| 97 |
}
|
| 98 |
public function page($data)
|
| 99 |
{
|
| 100 |
$data['sib_type'] = 'page';
|
| 101 |
+
$url = esc_url_raw((isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
|
| 102 |
if (!array_key_exists('url',$data)) {
|
| 103 |
$data['url'] = $url;
|
| 104 |
}
|
| 130 |
$host_parts = explode('.', $parsed['host']);
|
| 131 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 132 |
//store email_id cookie
|
| 133 |
+
$_COOKIE['email_id'] = sanitize_email($obj['email_id']);
|
| 134 |
+
setcookie("email_id",$_COOKIE['email_id'],time() + 86400,"/",$domain);
|
| 135 |
}
|
| 136 |
}
|
| 137 |
public function trackLink($data)
|
| 144 |
if (isset($_COOKIE['session_id']) && $_COOKIE['session_id'] != '') {
|
| 145 |
$data['session_id'] = sanitize_text_field( $_COOKIE['session_id'] );
|
| 146 |
}
|
| 147 |
+
$url = esc_url_raw((isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
|
| 148 |
if (!array_key_exists('url',$data)) {
|
| 149 |
$data['url'] = $url;
|
| 150 |
}
|
| 155 |
$host_parts = explode('.', $parsed['host']);
|
| 156 |
$domain = implode('.', array_slice($host_parts, count($host_parts)-2));
|
| 157 |
//store email_id cookie
|
| 158 |
+
$_COOKIE['email_id'] = sanitize_email($obj['email_id']);
|
| 159 |
+
setcookie("email_id",$_COOKIE['email_id'],time() + 86400,"/",$domain);
|
| 160 |
}
|
| 161 |
}
|
| 162 |
}
|
page/page-home.php
CHANGED
|
@@ -717,7 +717,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
| 717 |
|
| 718 |
$usersData = 'EMAIL';
|
| 719 |
foreach ( $postData as $attrSibName => $attrWP ) {
|
| 720 |
-
$usersData .= ';' . $attrSibName;
|
| 721 |
}
|
| 722 |
|
| 723 |
// sync users to sendinblue.
|
| 717 |
|
| 718 |
$usersData = 'EMAIL';
|
| 719 |
foreach ( $postData as $attrSibName => $attrWP ) {
|
| 720 |
+
$usersData .= ';' . sanitize_text_field($attrSibName);
|
| 721 |
}
|
| 722 |
|
| 723 |
// sync users to sendinblue.
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Tags: Email Marketing, Newsletter, Sendinblue, Forms, smtp, marketing automation
|
|
| 4 |
Requires at least: 4.4
|
| 5 |
Tested up to: 5.9
|
| 6 |
Requires PHP: 5.6
|
| 7 |
-
Stable tag: 3.1.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -116,6 +116,9 @@ In order to create a signup form, you need to:
|
|
| 116 |
|
| 117 |
== Changelog ==
|
| 118 |
|
|
|
|
|
|
|
|
|
|
| 119 |
= 3.1.34 =
|
| 120 |
* Sanitization of form HTML to fix vulnerability issues.
|
| 121 |
* Fixed the issue of the user sync button still enabled even after all users are synched.
|
| 4 |
Requires at least: 4.4
|
| 5 |
Tested up to: 5.9
|
| 6 |
Requires PHP: 5.6
|
| 7 |
+
Stable tag: 3.1.35
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 116 |
|
| 117 |
== Changelog ==
|
| 118 |
|
| 119 |
+
= 3.1.35 =
|
| 120 |
+
* Security fixes, Input data sanitization during user sync, and cookies creation.
|
| 121 |
+
|
| 122 |
= 3.1.34 =
|
| 123 |
* Sanitization of form HTML to fix vulnerability issues.
|
| 124 |
* Fixed the issue of the user sync button still enabled even after all users are synched.
|
sendinblue.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
|
| 4 |
* Plugin URI: https://www.sendinblue.com/?r=wporg
|
| 5 |
* Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
|
| 6 |
-
* Version: 3.1.
|
| 7 |
* Author: Sendinblue
|
| 8 |
* Author URI: https://www.sendinblue.com/?r=wporg
|
| 9 |
* License: GPLv2 or later
|
| 3 |
* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
|
| 4 |
* Plugin URI: https://www.sendinblue.com/?r=wporg
|
| 5 |
* Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
|
| 6 |
+
* Version: 3.1.35
|
| 7 |
* Author: Sendinblue
|
| 8 |
* Author URI: https://www.sendinblue.com/?r=wporg
|
| 9 |
* License: GPLv2 or later
|
