SendinBlue Subscribe Form And WP SMTP - Version 3.1.40

Version Description

  • Security fixes related to data sanitization and output escaping.
  • Fixed the issue, where the Sync My Users button stays active after synching all users.
  • Removed type hinting to keep supporting PHP 5.6
Download this release

Release Info

Developer shubham773
Plugin Icon 128x128 SendinBlue Subscribe Form And WP SMTP
Version 3.1.40
Comparing to
See all releases

Code changes from version 3.1.39 to 3.1.40

Files changed (8) hide show
  1. css/admin.css +5 -0
  2. inc/SendinblueApiClient.php +1 -1
  3. inc/sendinblue.php +9 -7
  4. inc/sib-api-manager.php +1 -1
  5. page/page-form.php +2 -2
  6. page/page-home.php +5 -4
  7. readme.txt +6 -1
  8. sendinblue.php +4 -4
css/admin.css CHANGED
@@ -321,3 +321,8 @@ label[for="sib-statistics-date"] {
321
  .invisible {
322
  visibility: hidden;
323
  }
 
 
 
 
 
321
  .invisible {
322
  visibility: hidden;
323
  }
324
+
325
+ .not-allowed {
326
+ cursor: not-allowed !important;
327
+ pointer-events: auto !important;
328
+ }
inc/SendinblueApiClient.php CHANGED
@@ -14,7 +14,7 @@ class SendinblueApiClient
14
  const RESPONSE_CODE_CREATED = 201;
15
  const RESPONSE_CODE_ACCEPTED = 202;
16
  const RESPONSE_CODE_UNAUTHORIZED = 401;
17
- const PLUGIN_VERSION = '3.1.39';
18
  const USER_AGENT = 'sendinblue_plugins/wordpress';
19
 
20
  private $apiKey;
14
  const RESPONSE_CODE_CREATED = 201;
15
  const RESPONSE_CODE_ACCEPTED = 202;
16
  const RESPONSE_CODE_UNAUTHORIZED = 401;
17
+ const PLUGIN_VERSION = '3.1.40';
18
  const USER_AGENT = 'sendinblue_plugins/wordpress';
19
 
20
  private $apiKey;
inc/sendinblue.php CHANGED
@@ -59,11 +59,13 @@ class Sendinblue
59
  * @param int $expiry_time
60
  * @return void
61
  */
62
- private function set_email_cookie(string $email)
63
  {
64
- $expiry_time = self::get_default_cookie_expiry();
65
- $domain = self::get_app_domain();
66
- setcookie("email_id", sanitize_email($email), $expiry_time, "/", $domain, is_ssl());
 
 
67
  }
68
 
69
  public function identify($data)
@@ -131,16 +133,16 @@ class Sendinblue
131
  }
132
  //referrer
133
  if (!array_key_exists('referrer', $data) && array_key_exists('HTTP_REFERER', $_SERVER)) {
134
- $data['referrer'] = $_SERVER['HTTP_REFERER'];
135
  }
136
  //pathname
137
  if (!array_key_exists('pathname', $data)) {
138
- $data['pathname'] = $_SERVER['REQUEST_URI'];
139
  }
140
 
141
  //name
142
  if (!array_key_exists('name', $data)) {
143
- $data['name'] = $_SERVER['REQUEST_URI'];
144
  }
145
 
146
  //store email cookie
59
  * @param int $expiry_time
60
  * @return void
61
  */
62
+ private function set_email_cookie($email)
63
  {
64
+ if (is_string($email)) {
65
+ $expiry_time = self::get_default_cookie_expiry();
66
+ $domain = self::get_app_domain();
67
+ setcookie("email_id", sanitize_email($email), $expiry_time, "/", $domain, is_ssl());
68
+ }
69
  }
70
 
71
  public function identify($data)
133
  }
134
  //referrer
135
  if (!array_key_exists('referrer', $data) && array_key_exists('HTTP_REFERER', $_SERVER)) {
136
+ $data['referrer'] = sanitize_text_field( wp_unslash( $_SERVER['HTTP_REFERER'] ) );
137
  }
138
  //pathname
139
  if (!array_key_exists('pathname', $data)) {
140
+ $data['pathname'] = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) );
141
  }
142
 
143
  //name
144
  if (!array_key_exists('name', $data)) {
145
+ $data['name'] = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) );
146
  }
147
 
148
  //store email cookie
inc/sib-api-manager.php CHANGED
@@ -717,7 +717,7 @@ if ( ! class_exists( 'SIB_API_Manager' ) ) {
717
  function unsubscribe() {
718
  $mailin = new SendinblueApiClient();
719
  $code = isset( $_GET['code'] ) ? sanitize_text_field( $_GET['code'] ) : '' ;
720
- $list_id = isset( $_GET['li'] ) ? intval( esc_attr( $_GET['li'] ) ) : '' ;
721
 
722
  $email = base64_decode( strtr( $code, '-_', '+/' ) );
723
  $data = array(
717
  function unsubscribe() {
718
  $mailin = new SendinblueApiClient();
719
  $code = isset( $_GET['code'] ) ? sanitize_text_field( $_GET['code'] ) : '' ;
720
+ $list_id = isset( $_GET['li'] ) ? intval( $_GET['li'] ) : '' ;
721
 
722
  $email = base64_decode( strtr( $code, '-_', '+/' ) );
723
  $data = array(
page/page-form.php CHANGED
@@ -885,8 +885,8 @@ For your information, you cannot select a template with the tag [DOUBLEOPTIN].',
885
  $list_ids = '';
886
 
887
  if (!empty($_POST['list_id']) && is_array($_POST['list_id'])) {
888
- $list_ids = array_filter($_POST['list_id'], 'is_int');
889
- $list_ids = maybe_serialize($_POST['list_id']);
890
  }
891
 
892
  // phpcs:enable
885
  $list_ids = '';
886
 
887
  if (!empty($_POST['list_id']) && is_array($_POST['list_id'])) {
888
+ $list_ids = array_filter($_POST['list_id'], 'intval');
889
+ $list_ids = maybe_serialize($list_ids);
890
  }
891
 
892
  // phpcs:enable
page/page-home.php CHANGED
@@ -194,10 +194,10 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
194
  $isEnableSync = '1';
195
  /* translators: %s: total users */
196
  $desc = sprintf( esc_attr__( 'You have %s existing users. Do you want to add them to Sendinblue?', 'mailin' ), $currentUsers['total_users'] );
 
197
  } else {
198
  $desc = esc_attr__( 'All your users have been added to a Sendinblue list.','mailin' );
199
  }
200
- self::print_sync_popup();
201
  ?>
202
 
203
  <div id="main-content" class="sib-content">
@@ -240,7 +240,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
240
  <?php echo esc_attr( $desc ); ?><br>
241
  </p>
242
  <div class="col-md-5">
243
- <a data-bs-toggle="modal" data-bs-target="#syncUsers" <?php echo '1' === $isEnableSync ? 'id="sib-sync-btn"' : 'disabled href="javascript:void(0)"'; ?> class="btn btn-primary" style="margin-top: 28px; " name="<?php echo esc_attr__( 'Users Synchronisation', 'mailin' ); ?>" href="#"><?php esc_attr_e( 'Sync my users', 'mailin' ); ?></a>
244
  </div>
245
  </div>
246
  </div>
@@ -698,9 +698,10 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
698
  /** Ajax module for sync wp users to contact list */
699
  public static function ajax_sync_users() {
700
  check_ajax_referer( 'ajax_sib_admin_nonce', 'security' );
 
701
  // phpcs:ignore
702
- //Data is being senitized/escaped while accessing
703
- $postData = isset( $_POST['data'] ) ? $_POST['data'] : array();
704
  if ( ! isset( $postData['sync_role'] ) ) {
705
  wp_send_json(
706
  array(
194
  $isEnableSync = '1';
195
  /* translators: %s: total users */
196
  $desc = sprintf( esc_attr__( 'You have %s existing users. Do you want to add them to Sendinblue?', 'mailin' ), $currentUsers['total_users'] );
197
+ self::print_sync_popup();
198
  } else {
199
  $desc = esc_attr__( 'All your users have been added to a Sendinblue list.','mailin' );
200
  }
 
201
  ?>
202
 
203
  <div id="main-content" class="sib-content">
240
  <?php echo esc_attr( $desc ); ?><br>
241
  </p>
242
  <div class="col-md-5">
243
+ <a <?= '1' === $isEnableSync ? 'id="sib-sync-btn" data-bs-toggle="modal" data-bs-target="#syncUsers"' : 'disabled href="javascript:void(0)"'; ?> class="<?= '1' !== $isEnableSync ? 'disabled not-allowed shadow-none' : ''; ?> btn btn-primary" style="margin-top: 28px; " name="<?php echo esc_attr__( 'Users Synchronisation', 'mailin' ); ?>" href="#"><?php esc_attr_e( 'Sync my users', 'mailin' ); ?></a>
244
  </div>
245
  </div>
246
  </div>
698
  /** Ajax module for sync wp users to contact list */
699
  public static function ajax_sync_users() {
700
  check_ajax_referer( 'ajax_sib_admin_nonce', 'security' );
701
+
702
  // phpcs:ignore
703
+ $postData = isset( $_POST['data'] ) ? $_POST['data'] : array();
704
+
705
  if ( ! isset( $postData['sync_role'] ) ) {
706
  wp_send_json(
707
  array(
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: Email Marketing, Newsletter, Sendinblue, Forms, smtp, marketing automation
4
  Requires at least: 4.4
5
  Tested up to: 5.9
6
  Requires PHP: 5.6
7
- Stable tag: 3.1.39
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -116,6 +116,11 @@ In order to create a signup form, you need to:
116
 
117
  == Changelog ==
118
 
 
 
 
 
 
119
  = 3.1.39 =
120
  * Added some missing CSS and JS files.
121
 
4
  Requires at least: 4.4
5
  Tested up to: 5.9
6
  Requires PHP: 5.6
7
+ Stable tag: 3.1.40
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
116
 
117
  == Changelog ==
118
 
119
+ = 3.1.40 =
120
+ * Security fixes related to data sanitization and output escaping.
121
+ * Fixed the issue, where the “Sync My Users” button stays active after synching all users.
122
+ * Removed type hinting to keep supporting PHP 5.6
123
+
124
  = 3.1.39 =
125
  * Added some missing CSS and JS files.
126
 
sendinblue.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
4
  * Plugin URI: https://www.sendinblue.com/?r=wporg
5
  * Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
6
- * Version: 3.1.39
7
  * Author: Sendinblue
8
  * Author URI: https://www.sendinblue.com/?r=wporg
9
  * License: GPLv2 or later
@@ -665,7 +665,7 @@ if ( ! class_exists( 'SIB_Manager' ) ) {
665
  </div>
666
  <?php
667
  // phpcs:ignore
668
- echo stripcslashes($formData['html']);
669
  ?>
670
  </div>
671
  </form>
@@ -675,10 +675,10 @@ if ( ! class_exists( 'SIB_Manager' ) ) {
675
  if ( ! $formData['dependTheme'] ) {
676
  // Custom css.
677
  $formData['css'] = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, $formData['css'] );
678
- echo $formData['css'];
679
  }
680
  $msgCss = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, SIB_Forms::getDefaultMessageCss() );
681
- echo $msgCss;
682
  ?>
683
  </style>
684
  <?php
3
  * Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
4
  * Plugin URI: https://www.sendinblue.com/?r=wporg
5
  * Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
6
+ * Version: 3.1.40
7
  * Author: Sendinblue
8
  * Author URI: https://www.sendinblue.com/?r=wporg
9
  * License: GPLv2 or later
665
  </div>
666
  <?php
667
  // phpcs:ignore
668
+ echo wp_kses($formData['html'], SIB_Manager::wordpress_allowed_attributes());
669
  ?>
670
  </div>
671
  </form>
675
  if ( ! $formData['dependTheme'] ) {
676
  // Custom css.
677
  $formData['css'] = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, $formData['css'] );
678
+ echo esc_html($formData['css']);
679
  }
680
  $msgCss = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, SIB_Forms::getDefaultMessageCss() );
681
+ echo esc_html($msgCss);
682
  ?>
683
  </style>
684
  <?php