MW WP Form - Version 2.11.0

Version Description

  • Bugfix : Fixed a bug that to remove the uploaded file when filesize validation error.
  • Bugfix : Fixed a bug that removing temp files only when uploading is success.
  • Bugfix : Fixed a bug that xss vulnerability exists in the echo option is enabled in the hidden field.
Download this release

Release Info

Developer inc2734
Plugin Icon wp plugin MW WP Form
Version 2.11.0
Comparing to
See all releases

Code changes from version 2.10.0 to 2.11.0

Files changed (5) hide show
  1. classes/form-fields/class.hidden.php +5 -5
  2. classes/models/class.file.php +4 -3
  3. classes/validation-rules/class.filesize.php +48 -15
  4. mw-wp-form.php +2 -2
  5. readme.txt +6 -1
classes/form-fields/class.hidden.php CHANGED
@@ -2,11 +2,11 @@
2
  /**
3
  * Name : MW WP Form Hidden
4
  * Description: hiddenフィールドを出力
5
- * Version : 1.6.2
6
  * Author : Takashi Kitajima
7
  * Author URI : http://2inc.org
8
  * Created : December 14, 2012
9
- * Modified : April 7, 2015
10
  * License : GPLv2 or later
11
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  */
@@ -62,11 +62,11 @@ class MW_WP_Form_Field_Hidden extends MW_WP_Form_Abstract_Form_Field {
62
  */
63
  protected function confirm_page() {
64
  $value = $this->Data->get_raw( $this->atts['name'] );
65
- $echo_value = '';
66
  if ( $this->atts['echo'] === 'true' ) {
67
- $echo_value = $value;
68
  }
69
- return $echo_value . $this->Form->hidden( $this->atts['name'], $value );
70
  }
71
 
72
  /**
2
  /**
3
  * Name : MW WP Form Hidden
4
  * Description: hiddenフィールドを出力
5
+ * Version : 1.6.3
6
  * Author : Takashi Kitajima
7
  * Author URI : http://2inc.org
8
  * Created : December 14, 2012
9
+ * Modified : September 28, 2016
10
  * License : GPLv2 or later
11
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  */
62
  */
63
  protected function confirm_page() {
64
  $value = $this->Data->get_raw( $this->atts['name'] );
65
+ $echo = '';
66
  if ( $this->atts['echo'] === 'true' ) {
67
+ $echo = $value;
68
  }
69
+ return esc_html( $echo ) . $this->Form->hidden( $this->atts['name'], $value );
70
  }
71
 
72
  /**
classes/models/class.file.php CHANGED
@@ -2,11 +2,11 @@
2
  /**
3
  * Name : MW WP Form File
4
  * Description: Tempディレクトリ、ファイルアップロードの処理を行うクラス
5
- * Version : 1.0.8
6
  * Author : Takashi Kitajima
7
  * Author URI : http://2inc.org
8
  * Created : October 10, 2013
9
- * Modified : March 18, 2016
10
  * License : GPLv2 or later
11
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  */
@@ -38,6 +38,8 @@ class MW_WP_Form_File {
38
  * @return array ( name属性値 => アップロードできたファイルのURL, … )
39
  */
40
  public function upload( array $files = array() ) {
 
 
41
  $uploaded_files = array();
42
  foreach ( $files as $key => $file ) {
43
  $uploaded_file = $this->single_file_upload( $key );
@@ -56,7 +58,6 @@ class MW_WP_Form_File {
56
  */
57
  protected function single_file_upload( $key ) {
58
  $this->create_temp_dir();
59
- $this->clean_temp_dir();
60
 
61
  $file = '';
62
  if ( is_array( $_FILES ) && isset( $_FILES[$key] ) ) {
2
  /**
3
  * Name : MW WP Form File
4
  * Description: Tempディレクトリ、ファイルアップロードの処理を行うクラス
5
+ * Version : 1.0.9
6
  * Author : Takashi Kitajima
7
  * Author URI : http://2inc.org
8
  * Created : October 10, 2013
9
+ * Modified : September 28, 2016
10
  * License : GPLv2 or later
11
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  */
38
  * @return array ( name属性値 => アップロードできたファイルのURL, … )
39
  */
40
  public function upload( array $files = array() ) {
41
+ $this->clean_temp_dir();
42
+
43
  $uploaded_files = array();
44
  foreach ( $files as $key => $file ) {
45
  $uploaded_file = $this->single_file_upload( $key );
58
  */
59
  protected function single_file_upload( $key ) {
60
  $this->create_temp_dir();
 
61
 
62
  $file = '';
63
  if ( is_array( $_FILES ) && isset( $_FILES[$key] ) ) {
classes/validation-rules/class.filesize.php CHANGED
@@ -2,11 +2,11 @@
2
  /**
3
  * Name : MW WP Form Validation Rule FileSize
4
  * Description: ファイルサイズが指定したサイズ以内
5
- * Version : 1.1.2
6
  * Author : Takashi Kitajima
7
  * Author URI : http://2inc.org
8
  * Created : July 21, 2014
9
- * Modified : July 6, 2016
10
  * License : GPLv2 or later
11
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  */
@@ -22,25 +22,58 @@ class MW_WP_Form_Validation_Rule_FileSize extends MW_WP_Form_Abstract_Validation
22
  * バリデーションチェック
23
  *
24
  * @param string $key name属性
25
- * @param array $option
26
  * @return string エラーメッセージ
27
  */
28
  public function rule( $key, array $options = array() ) {
29
  $data = $this->Data->get_post_value_by_key( MWF_Config::UPLOAD_FILES );
30
- if ( !is_null( $data ) && is_array( $data ) && array_key_exists( $key, $data ) ) {
31
- $file = $data[$key];
32
- if ( !empty( $file['size'] ) ) {
33
- $defaults = array(
34
- 'bytes' => '0',
35
- 'message' => __( 'This file size is too big.', 'mw-wp-form' )
36
- );
37
- $options = array_merge( $defaults, $options );
38
- if ( !( preg_match( '/^[\d]+$/', $options['bytes'] ) && $options['bytes'] >= $file['size'] ) ) {
39
- return $options['message'];
40
  }
41
- } elseif ( !empty( $file['error'] ) && $file['error'] == 1 ) {
42
- return __( 'Failed to upload the file.', 'mw-wp-form' );
43
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
44
  }
45
  }
46
 
2
  /**
3
  * Name : MW WP Form Validation Rule FileSize
4
  * Description: ファイルサイズが指定したサイズ以内
5
+ * Version : 2.0.0
6
  * Author : Takashi Kitajima
7
  * Author URI : http://2inc.org
8
  * Created : July 21, 2014
9
+ * Modified : September 28, 2016
10
  * License : GPLv2 or later
11
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  */
22
  * バリデーションチェック
23
  *
24
  * @param string $key name属性
25
+ * @param array $options
26
  * @return string エラーメッセージ
27
  */
28
  public function rule( $key, array $options = array() ) {
29
  $data = $this->Data->get_post_value_by_key( MWF_Config::UPLOAD_FILES );
30
+
31
+ if ( ! is_null( $data ) ) {
32
+
33
+ if ( is_array( $data ) && array_key_exists( $key, $data ) ) {
34
+ $file = $data[$key];
35
+ if ( ! empty( $file['size'] ) ) {
36
+ return $this->filesize_validate( $file['size'], $options );
37
+ } elseif ( ! empty( $file['error'] ) && $file['error'] == 1 ) {
38
+ return __( 'Failed to upload the file.', 'mw-wp-form' );
 
39
  }
 
 
40
  }
41
+
42
+ } else {
43
+
44
+ $upload_file_keys = $this->Data->get_post_value_by_key( MWF_Config::UPLOAD_FILE_KEYS );
45
+ $filepath = MWF_Functions::fileurl_to_path( $this->Data->get( $key ) );
46
+ if ( is_array( $upload_file_keys ) && in_array( $key, $upload_file_keys ) && file_exists( $filepath ) ) {
47
+ $error_message = $this->filesize_validate( filesize( $filepath ), $options );
48
+ if ( $error_message ) {
49
+ // バリデーションは送信ボタン押下時、ページ遷移の後画面表示時にも発火するため
50
+ // 普通に削除すると画面表示時のチェックが発火せずエラーメッセージが表示されない
51
+ // そのため、非 POST 時(= リダイレクト = 画面表示時)にのみ削除する
52
+ if ( empty( $_POST ) ) {
53
+ unlink( $filepath );
54
+ }
55
+ return $error_message;
56
+ }
57
+ }
58
+
59
+ }
60
+ }
61
+
62
+ /**
63
+ * Validates the filesize
64
+ *
65
+ * @param int $byte filesize
66
+ * @param array $options
67
+ * @return string Error message
68
+ */
69
+ protected function filesize_validate( $byte, $options ) {
70
+ $defaults = array(
71
+ 'bytes' => '0',
72
+ 'message' => __( 'This file size is too big.', 'mw-wp-form' )
73
+ );
74
+ $options = array_merge( $defaults, $options );
75
+ if ( ! ( preg_match( '/^[\d]+$/', $options['bytes'] ) && $options['bytes'] >= $byte ) ) {
76
+ return $options['message'];
77
  }
78
  }
79
 
mw-wp-form.php CHANGED
@@ -3,11 +3,11 @@
3
  * Plugin Name: MW WP Form
4
  * Plugin URI: http://plugins.2inc.org/mw-wp-form/
5
  * Description: MW WP Form is shortcode base contact form plugin. This plugin have many feature. For example you can use many validation rules, contact data saving, and chart aggregation using saved contact data.
6
- * Version: 2.10.0
7
  * Author: Takashi Kitajima
8
  * Author URI: http://2inc.org
9
  * Created : September 25, 2012
10
- * Modified: September 18, 2016
11
  * Text Domain: mw-wp-form
12
  * Domain Path: /languages/
13
  * License: GPLv2 or later
3
  * Plugin Name: MW WP Form
4
  * Plugin URI: http://plugins.2inc.org/mw-wp-form/
5
  * Description: MW WP Form is shortcode base contact form plugin. This plugin have many feature. For example you can use many validation rules, contact data saving, and chart aggregation using saved contact data.
6
+ * Version: 2.11.0
7
  * Author: Takashi Kitajima
8
  * Author URI: http://2inc.org
9
  * Created : September 25, 2012
10
+ * Modified: September 28, 2016
11
  * Text Domain: mw-wp-form
12
  * Domain Path: /languages/
13
  * License: GPLv2 or later
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.amazon.co.jp/registry/wishlist/39ANKRNSTNW40
4
  Tags: plugin, form, confirm, preview, shortcode, mail, chart, graph, html, contact form, form creation, form creator, form manager, form builder, custom form
5
  Requires at least: 4.0
6
  Tested up to: 4.6.0
7
- Stable tag: 2.10.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -80,6 +80,11 @@ Do you have questions or issues with MW WP Form? Use these support channels appr
80
 
81
  == Changelog ==
82
 
 
 
 
 
 
83
  = 2.10.0 =
84
  * Added : Added filter hook mwform_translate_datepicker_mw-wp-form-xxx
85
 
4
  Tags: plugin, form, confirm, preview, shortcode, mail, chart, graph, html, contact form, form creation, form creator, form manager, form builder, custom form
5
  Requires at least: 4.0
6
  Tested up to: 4.6.0
7
+ Stable tag: 2.11.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
80
 
81
  == Changelog ==
82
 
83
+ = 2.11.0 =
84
+ * Bugfix : Fixed a bug that to remove the uploaded file when filesize validation error.
85
+ * Bugfix : Fixed a bug that removing temp files only when uploading is success.
86
+ * Bugfix : Fixed a bug that xss vulnerability exists in the echo option is enabled in the hidden field.
87
+
88
  = 2.10.0 =
89
  * Added : Added filter hook mwform_translate_datepicker_mw-wp-form-xxx
90