Version Description
- Security fixes related to data sanitization and output escaping.
- Fixed the issue, where the Sync My Users button stays active after synching all users.
- Removed type hinting to keep supporting PHP 5.6
Download this release
Release Info
Developer | shubham773 |
Plugin | SendinBlue Subscribe Form And WP SMTP |
Version | 3.1.40 |
Comparing to | |
See all releases |
Code changes from version 3.1.39 to 3.1.40
- css/admin.css +5 -0
- inc/SendinblueApiClient.php +1 -1
- inc/sendinblue.php +9 -7
- inc/sib-api-manager.php +1 -1
- page/page-form.php +2 -2
- page/page-home.php +5 -4
- readme.txt +6 -1
- sendinblue.php +4 -4
css/admin.css
CHANGED
@@ -321,3 +321,8 @@ label[for="sib-statistics-date"] {
|
|
321 |
.invisible {
|
322 |
visibility: hidden;
|
323 |
}
|
|
|
|
|
|
|
|
|
|
321 |
.invisible {
|
322 |
visibility: hidden;
|
323 |
}
|
324 |
+
|
325 |
+
.not-allowed {
|
326 |
+
cursor: not-allowed !important;
|
327 |
+
pointer-events: auto !important;
|
328 |
+
}
|
inc/SendinblueApiClient.php
CHANGED
@@ -14,7 +14,7 @@ class SendinblueApiClient
|
|
14 |
const RESPONSE_CODE_CREATED = 201;
|
15 |
const RESPONSE_CODE_ACCEPTED = 202;
|
16 |
const RESPONSE_CODE_UNAUTHORIZED = 401;
|
17 |
-
const PLUGIN_VERSION = '3.1.
|
18 |
const USER_AGENT = 'sendinblue_plugins/wordpress';
|
19 |
|
20 |
private $apiKey;
|
14 |
const RESPONSE_CODE_CREATED = 201;
|
15 |
const RESPONSE_CODE_ACCEPTED = 202;
|
16 |
const RESPONSE_CODE_UNAUTHORIZED = 401;
|
17 |
+
const PLUGIN_VERSION = '3.1.40';
|
18 |
const USER_AGENT = 'sendinblue_plugins/wordpress';
|
19 |
|
20 |
private $apiKey;
|
inc/sendinblue.php
CHANGED
@@ -59,11 +59,13 @@ class Sendinblue
|
|
59 |
* @param int $expiry_time
|
60 |
* @return void
|
61 |
*/
|
62 |
-
private function set_email_cookie(
|
63 |
{
|
64 |
-
|
65 |
-
|
66 |
-
|
|
|
|
|
67 |
}
|
68 |
|
69 |
public function identify($data)
|
@@ -131,16 +133,16 @@ class Sendinblue
|
|
131 |
}
|
132 |
//referrer
|
133 |
if (!array_key_exists('referrer', $data) && array_key_exists('HTTP_REFERER', $_SERVER)) {
|
134 |
-
$data['referrer'] = $_SERVER['HTTP_REFERER'];
|
135 |
}
|
136 |
//pathname
|
137 |
if (!array_key_exists('pathname', $data)) {
|
138 |
-
$data['pathname'] = $_SERVER['REQUEST_URI'];
|
139 |
}
|
140 |
|
141 |
//name
|
142 |
if (!array_key_exists('name', $data)) {
|
143 |
-
$data['name'] = $_SERVER['REQUEST_URI'];
|
144 |
}
|
145 |
|
146 |
//store email cookie
|
59 |
* @param int $expiry_time
|
60 |
* @return void
|
61 |
*/
|
62 |
+
private function set_email_cookie($email)
|
63 |
{
|
64 |
+
if (is_string($email)) {
|
65 |
+
$expiry_time = self::get_default_cookie_expiry();
|
66 |
+
$domain = self::get_app_domain();
|
67 |
+
setcookie("email_id", sanitize_email($email), $expiry_time, "/", $domain, is_ssl());
|
68 |
+
}
|
69 |
}
|
70 |
|
71 |
public function identify($data)
|
133 |
}
|
134 |
//referrer
|
135 |
if (!array_key_exists('referrer', $data) && array_key_exists('HTTP_REFERER', $_SERVER)) {
|
136 |
+
$data['referrer'] = sanitize_text_field( wp_unslash( $_SERVER['HTTP_REFERER'] ) );
|
137 |
}
|
138 |
//pathname
|
139 |
if (!array_key_exists('pathname', $data)) {
|
140 |
+
$data['pathname'] = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
141 |
}
|
142 |
|
143 |
//name
|
144 |
if (!array_key_exists('name', $data)) {
|
145 |
+
$data['name'] = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
146 |
}
|
147 |
|
148 |
//store email cookie
|
inc/sib-api-manager.php
CHANGED
@@ -717,7 +717,7 @@ if ( ! class_exists( 'SIB_API_Manager' ) ) {
|
|
717 |
function unsubscribe() {
|
718 |
$mailin = new SendinblueApiClient();
|
719 |
$code = isset( $_GET['code'] ) ? sanitize_text_field( $_GET['code'] ) : '' ;
|
720 |
-
$list_id = isset( $_GET['li'] ) ? intval(
|
721 |
|
722 |
$email = base64_decode( strtr( $code, '-_', '+/' ) );
|
723 |
$data = array(
|
717 |
function unsubscribe() {
|
718 |
$mailin = new SendinblueApiClient();
|
719 |
$code = isset( $_GET['code'] ) ? sanitize_text_field( $_GET['code'] ) : '' ;
|
720 |
+
$list_id = isset( $_GET['li'] ) ? intval( $_GET['li'] ) : '' ;
|
721 |
|
722 |
$email = base64_decode( strtr( $code, '-_', '+/' ) );
|
723 |
$data = array(
|
page/page-form.php
CHANGED
@@ -885,8 +885,8 @@ For your information, you cannot select a template with the tag [DOUBLEOPTIN].',
|
|
885 |
$list_ids = '';
|
886 |
|
887 |
if (!empty($_POST['list_id']) && is_array($_POST['list_id'])) {
|
888 |
-
$list_ids = array_filter($_POST['list_id'], '
|
889 |
-
$list_ids = maybe_serialize($
|
890 |
}
|
891 |
|
892 |
// phpcs:enable
|
885 |
$list_ids = '';
|
886 |
|
887 |
if (!empty($_POST['list_id']) && is_array($_POST['list_id'])) {
|
888 |
+
$list_ids = array_filter($_POST['list_id'], 'intval');
|
889 |
+
$list_ids = maybe_serialize($list_ids);
|
890 |
}
|
891 |
|
892 |
// phpcs:enable
|
page/page-home.php
CHANGED
@@ -194,10 +194,10 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
194 |
$isEnableSync = '1';
|
195 |
/* translators: %s: total users */
|
196 |
$desc = sprintf( esc_attr__( 'You have %s existing users. Do you want to add them to Sendinblue?', 'mailin' ), $currentUsers['total_users'] );
|
|
|
197 |
} else {
|
198 |
$desc = esc_attr__( 'All your users have been added to a Sendinblue list.','mailin' );
|
199 |
}
|
200 |
-
self::print_sync_popup();
|
201 |
?>
|
202 |
|
203 |
<div id="main-content" class="sib-content">
|
@@ -240,7 +240,7 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
240 |
<?php echo esc_attr( $desc ); ?><br>
|
241 |
</p>
|
242 |
<div class="col-md-5">
|
243 |
-
|
244 |
</div>
|
245 |
</div>
|
246 |
</div>
|
@@ -698,9 +698,10 @@ if ( ! class_exists( 'SIB_Page_Home' ) ) {
|
|
698 |
/** Ajax module for sync wp users to contact list */
|
699 |
public static function ajax_sync_users() {
|
700 |
check_ajax_referer( 'ajax_sib_admin_nonce', 'security' );
|
|
|
701 |
// phpcs:ignore
|
702 |
-
|
703 |
-
|
704 |
if ( ! isset( $postData['sync_role'] ) ) {
|
705 |
wp_send_json(
|
706 |
array(
|
194 |
$isEnableSync = '1';
|
195 |
/* translators: %s: total users */
|
196 |
$desc = sprintf( esc_attr__( 'You have %s existing users. Do you want to add them to Sendinblue?', 'mailin' ), $currentUsers['total_users'] );
|
197 |
+
self::print_sync_popup();
|
198 |
} else {
|
199 |
$desc = esc_attr__( 'All your users have been added to a Sendinblue list.','mailin' );
|
200 |
}
|
|
|
201 |
?>
|
202 |
|
203 |
<div id="main-content" class="sib-content">
|
240 |
<?php echo esc_attr( $desc ); ?><br>
|
241 |
</p>
|
242 |
<div class="col-md-5">
|
243 |
+
<a <?= '1' === $isEnableSync ? 'id="sib-sync-btn" data-bs-toggle="modal" data-bs-target="#syncUsers"' : 'disabled href="javascript:void(0)"'; ?> class="<?= '1' !== $isEnableSync ? 'disabled not-allowed shadow-none' : ''; ?> btn btn-primary" style="margin-top: 28px; " name="<?php echo esc_attr__( 'Users Synchronisation', 'mailin' ); ?>" href="#"><?php esc_attr_e( 'Sync my users', 'mailin' ); ?></a>
|
244 |
</div>
|
245 |
</div>
|
246 |
</div>
|
698 |
/** Ajax module for sync wp users to contact list */
|
699 |
public static function ajax_sync_users() {
|
700 |
check_ajax_referer( 'ajax_sib_admin_nonce', 'security' );
|
701 |
+
|
702 |
// phpcs:ignore
|
703 |
+
$postData = isset( $_POST['data'] ) ? $_POST['data'] : array();
|
704 |
+
|
705 |
if ( ! isset( $postData['sync_role'] ) ) {
|
706 |
wp_send_json(
|
707 |
array(
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: Email Marketing, Newsletter, Sendinblue, Forms, smtp, marketing automation
|
|
4 |
Requires at least: 4.4
|
5 |
Tested up to: 5.9
|
6 |
Requires PHP: 5.6
|
7 |
-
Stable tag: 3.1.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -116,6 +116,11 @@ In order to create a signup form, you need to:
|
|
116 |
|
117 |
== Changelog ==
|
118 |
|
|
|
|
|
|
|
|
|
|
|
119 |
= 3.1.39 =
|
120 |
* Added some missing CSS and JS files.
|
121 |
|
4 |
Requires at least: 4.4
|
5 |
Tested up to: 5.9
|
6 |
Requires PHP: 5.6
|
7 |
+
Stable tag: 3.1.40
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
116 |
|
117 |
== Changelog ==
|
118 |
|
119 |
+
= 3.1.40 =
|
120 |
+
* Security fixes related to data sanitization and output escaping.
|
121 |
+
* Fixed the issue, where the “Sync My Users” button stays active after synching all users.
|
122 |
+
* Removed type hinting to keep supporting PHP 5.6
|
123 |
+
|
124 |
= 3.1.39 =
|
125 |
* Added some missing CSS and JS files.
|
126 |
|
sendinblue.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
|
4 |
* Plugin URI: https://www.sendinblue.com/?r=wporg
|
5 |
* Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
|
6 |
-
* Version: 3.1.
|
7 |
* Author: Sendinblue
|
8 |
* Author URI: https://www.sendinblue.com/?r=wporg
|
9 |
* License: GPLv2 or later
|
@@ -665,7 +665,7 @@ if ( ! class_exists( 'SIB_Manager' ) ) {
|
|
665 |
</div>
|
666 |
<?php
|
667 |
// phpcs:ignore
|
668 |
-
echo
|
669 |
?>
|
670 |
</div>
|
671 |
</form>
|
@@ -675,10 +675,10 @@ if ( ! class_exists( 'SIB_Manager' ) ) {
|
|
675 |
if ( ! $formData['dependTheme'] ) {
|
676 |
// Custom css.
|
677 |
$formData['css'] = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, $formData['css'] );
|
678 |
-
echo $formData['css'];
|
679 |
}
|
680 |
$msgCss = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, SIB_Forms::getDefaultMessageCss() );
|
681 |
-
echo $msgCss;
|
682 |
?>
|
683 |
</style>
|
684 |
<?php
|
3 |
* Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
|
4 |
* Plugin URI: https://www.sendinblue.com/?r=wporg
|
5 |
* Description: Manage your contact lists, subscription forms and all email and marketing-related topics from your wp panel, within one single plugin
|
6 |
+
* Version: 3.1.40
|
7 |
* Author: Sendinblue
|
8 |
* Author URI: https://www.sendinblue.com/?r=wporg
|
9 |
* License: GPLv2 or later
|
665 |
</div>
|
666 |
<?php
|
667 |
// phpcs:ignore
|
668 |
+
echo wp_kses($formData['html'], SIB_Manager::wordpress_allowed_attributes());
|
669 |
?>
|
670 |
</div>
|
671 |
</form>
|
675 |
if ( ! $formData['dependTheme'] ) {
|
676 |
// Custom css.
|
677 |
$formData['css'] = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, $formData['css'] );
|
678 |
+
echo esc_html($formData['css']);
|
679 |
}
|
680 |
$msgCss = str_replace( '[form]', 'form#sib_signup_form_' . $frmID, SIB_Forms::getDefaultMessageCss() );
|
681 |
+
echo esc_html($msgCss);
|
682 |
?>
|
683 |
</style>
|
684 |
<?php
|