MW WP Form - Version 1.7.2

Version Description

  • Bug fix : XSS vulnerability fix.
Download this release

Release Info

Developer inc2734
Plugin Icon wp plugin MW WP Form
Version 1.7.2
Comparing to
See all releases

Code changes from version 1.7.1 to 1.7.2

Files changed (10) hide show
  1. form_fields/mw_form_field_checkbox.php +1 -1
  2. form_fields/mw_form_field_datepicker.php +1 -1
  3. form_fields/mw_form_field_hidden.php +1 -1
  4. form_fields/mw_form_field_radio.php +1 -1
  5. form_fields/mw_form_field_select.php +1 -1
  6. form_fields/mw_form_field_tel.php +1 -1
  7. form_fields/mw_form_field_text.php +1 -1
  8. form_fields/mw_form_field_zip.php +1 -1
  9. mw-wp-form.php +2 -2
  10. readme.txt +4 -1
form_fields/mw_form_field_checkbox.php CHANGED
@@ -79,7 +79,7 @@ class mw_form_field_checkbox extends mw_form_field {
79
  protected function confirmPage() {
80
  $children = $this->getChildren( $this->atts['children'] );
81
  $value = $this->Form->getCheckedValue( $this->atts['name'], $children );
82
- $_ret = $value;
83
  $_ret .= $this->Form->hidden( $this->atts['name'] . '[data]', $value );
84
  $_ret .= $this->Form->separator( $this->atts['name'] );
85
  return $_ret;
79
  protected function confirmPage() {
80
  $children = $this->getChildren( $this->atts['children'] );
81
  $value = $this->Form->getCheckedValue( $this->atts['name'], $children );
82
+ $_ret = esc_html( $value );
83
  $_ret .= $this->Form->hidden( $this->atts['name'] . '[data]', $value );
84
  $_ret .= $this->Form->separator( $this->atts['name'] );
85
  return $_ret;
form_fields/mw_form_field_datepicker.php CHANGED
@@ -102,7 +102,7 @@ class mw_form_field_datepicker extends mw_form_field {
102
  */
103
  protected function confirmPage() {
104
  $value = $this->Form->getValue( $this->atts['name'] );
105
- $_ret = $value;
106
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
107
  return $_ret;
108
  }
102
  */
103
  protected function confirmPage() {
104
  $value = $this->Form->getValue( $this->atts['name'] );
105
+ $_ret = esc_html( $value );
106
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
107
  return $_ret;
108
  }
form_fields/mw_form_field_hidden.php CHANGED
@@ -62,7 +62,7 @@ class mw_form_field_hidden extends mw_form_field {
62
  if ( $this->atts['echo'] === 'true' ) {
63
  $echo_value = $this->atts['value'];
64
  }
65
- return $echo_value . $this->Form->hidden( $this->atts['name'], $this->atts['value'] );
66
  }
67
 
68
  /**
62
  if ( $this->atts['echo'] === 'true' ) {
63
  $echo_value = $this->atts['value'];
64
  }
65
+ return esc_html( $echo_value ) . $this->Form->hidden( $this->atts['name'], $this->atts['value'] );
66
  }
67
 
68
  /**
form_fields/mw_form_field_radio.php CHANGED
@@ -78,7 +78,7 @@ class mw_form_field_radio extends mw_form_field {
78
  protected function confirmPage() {
79
  $children = $this->getChildren( $this->atts['children'] );
80
  $value = $this->Form->getRadioValue( $this->atts['name'], $children );
81
- $_ret = $value;
82
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
83
  return $_ret;
84
  }
78
  protected function confirmPage() {
79
  $children = $this->getChildren( $this->atts['children'] );
80
  $value = $this->Form->getRadioValue( $this->atts['name'], $children );
81
+ $_ret = esc_html( $value );
82
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
83
  return $_ret;
84
  }
form_fields/mw_form_field_select.php CHANGED
@@ -78,7 +78,7 @@ class mw_form_field_select extends mw_form_field {
78
  protected function confirmPage() {
79
  $children = $this->getChildren( $this->atts['children'] );
80
  $value = $this->Form->getSelectedValue( $this->atts['name'], $children );
81
- $_ret = $value;
82
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
83
  return $_ret;
84
  }
78
  protected function confirmPage() {
79
  $children = $this->getChildren( $this->atts['children'] );
80
  $value = $this->Form->getSelectedValue( $this->atts['name'], $children );
81
+ $_ret = esc_html( $value );
82
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
83
  return $_ret;
84
  }
form_fields/mw_form_field_tel.php CHANGED
@@ -75,7 +75,7 @@ class mw_form_field_tel extends mw_form_field {
75
  */
76
  protected function confirmPage() {
77
  $value = $this->Form->getTelValue( $this->atts['name'] );
78
- $_ret = $value;
79
  $_ret .= $this->Form->hidden( $this->atts['name'].'[data]', $value );
80
  $_ret .= $this->Form->separator( $this->atts['name'] );
81
  return $_ret;
75
  */
76
  protected function confirmPage() {
77
  $value = $this->Form->getTelValue( $this->atts['name'] );
78
+ $_ret = esc_html( $value );
79
  $_ret .= $this->Form->hidden( $this->atts['name'].'[data]', $value );
80
  $_ret .= $this->Form->separator( $this->atts['name'] );
81
  return $_ret;
form_fields/mw_form_field_text.php CHANGED
@@ -87,7 +87,7 @@ class mw_form_field_text extends mw_form_field {
87
  */
88
  protected function confirmPage() {
89
  $value = $this->Form->getValue( $this->atts['name'] );
90
- $_ret = $value;
91
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
92
  return $_ret;
93
  }
87
  */
88
  protected function confirmPage() {
89
  $value = $this->Form->getValue( $this->atts['name'] );
90
+ $_ret = esc_html( $value );
91
  $_ret .= $this->Form->hidden( $this->atts['name'], $value );
92
  return $_ret;
93
  }
form_fields/mw_form_field_zip.php CHANGED
@@ -75,7 +75,7 @@ class mw_form_field_zip extends mw_form_field {
75
  */
76
  protected function confirmPage() {
77
  $value = $this->Form->getZipValue( $this->atts['name'] );
78
- $_ret = $value;
79
  $_ret .= $this->Form->hidden( $this->atts['name'].'[data]', $value );
80
  $_ret .= $this->Form->separator( $this->atts['name'] );
81
  return $_ret;
75
  */
76
  protected function confirmPage() {
77
  $value = $this->Form->getZipValue( $this->atts['name'] );
78
+ $_ret = esc_html( $value );
79
  $_ret .= $this->Form->hidden( $this->atts['name'].'[data]', $value );
80
  $_ret .= $this->Form->separator( $this->atts['name'] );
81
  return $_ret;
mw-wp-form.php CHANGED
@@ -3,11 +3,11 @@
3
  * Plugin Name: MW WP Form
4
  * Plugin URI: http://plugins.2inc.org/mw-wp-form/
5
  * Description: MW WP Form can create mail form with a confirmation screen.
6
- * Version: 1.7.1
7
  * Author: Takashi Kitajima
8
  * Author URI: http://2inc.org
9
  * Created : September 25, 2012
10
- * Modified: June 30, 2014
11
  * Text Domain: mw-wp-form
12
  * Domain Path: /languages/
13
  * License: GPL2
3
  * Plugin Name: MW WP Form
4
  * Plugin URI: http://plugins.2inc.org/mw-wp-form/
5
  * Description: MW WP Form can create mail form with a confirmation screen.
6
+ * Version: 1.7.2
7
  * Author: Takashi Kitajima
8
  * Author URI: http://2inc.org
9
  * Created : September 25, 2012
10
+ * Modified: July 29, 2014
11
  * Text Domain: mw-wp-form
12
  * Domain Path: /languages/
13
  * License: GPL2
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.amazon.co.jp/registry/wishlist/39ANKRNSTNW40
4
  Tags: plugin, form, confirm, preview, shortcode, mail
5
  Requires at least: 3.5
6
  Tested up to: 3.9.1
7
- Stable tag: 1.7.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -54,6 +54,9 @@ Do you have questions or issues with MW WP Form? Use these support channels appr
54
 
55
  == Changelog ==
56
 
 
 
 
57
  = 1.7.1 =
58
  * Bug fix : Fixed a bug that MW WP Form's shortcodes doesn't parse in the nested shortcode.
59
 
4
  Tags: plugin, form, confirm, preview, shortcode, mail
5
  Requires at least: 3.5
6
  Tested up to: 3.9.1
7
+ Stable tag: 1.7.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
54
 
55
  == Changelog ==
56
 
57
+ = 1.7.2 =
58
+ * Bug fix : XSS vulnerability fix.
59
+
60
  = 1.7.1 =
61
  * Bug fix : Fixed a bug that MW WP Form's shortcodes doesn't parse in the nested shortcode.
62