Newsletter - Version 6.7.7

Version Description

Fixed text escape for header and footer blocks (was reported as security required fix)

Download this release

Release Info

Developer	satollo
Plugin	Newsletter
Version	6.7.7
Comparing to
See all releases

Code changes from version 6.7.6 to 6.7.7

Files changed (6) hide show

emails/blocks/canspam/block.php +3 -3
emails/blocks/footer/block.php +2 -2
emails/blocks/header/block.php +1 -1
plugin.php +2 -2
profile/profile.php +2 -3
readme.txt +5 -1

emails/blocks/canspam/block.php CHANGED Viewed

	@@ -35,9 +35,9 @@ $options = array_merge($default_options, $options);
35	</style>
36
37	<div inline-class="canspam-text">
38	- <strong><?php echo $options['title'] ?></strong>
39	<br>
40	- <?php echo $options['address'] ?>
41	<br>
42	- <em><?php echo $options['copyright'] ?></em>
43	</div>


35	</style>
36
37	<div inline-class="canspam-text">
38	+ <strong><?php echo esc_html($options['title']) ?></strong>
39	<br>
40	+ <?php echo esc_html($options['address']) ?>
41	<br>
42	+ <em><?php echo esc_html($options['copyright']) ?></em>
43	</div>

emails/blocks/footer/block.php CHANGED Viewed

	@@ -30,9 +30,9 @@ $options = array_merge($default_options, $options);
30	}
31	</style>
32
33	- <a inline-class="footer-text" href="{profile_url}" target="_blank"><?php echo $options['profile'] ?></a>
34
35	<span inline-class="footer-text">   \|   </span>
36
37	- <a inline-class="footer-text" href="{email_url}" target="_blank"><?php echo $options['view'] ?></a>
38


30	}
31	</style>
32
33	+ <a inline-class="footer-text" href="{profile_url}" target="_blank"><?php echo esc_html($options['profile']) ?></a>
34
35	<span inline-class="footer-text">   \|   </span>
36
37	+ <a inline-class="footer-text" href="{email_url}" target="_blank"><?php echo esc_html($options['view']) ?></a>
38

emails/blocks/header/block.php CHANGED Viewed

	@@ -75,7 +75,7 @@ $empty = empty($info['header_logo']['id']) && empty($info['header_sub']) && empt
75	<?php } ?>
76	</td>
77	<td width="50%" align="right" class="mobile-hide" inline-class="header-text">
78	- <?php echo $info['header_sub'] ?>
79	</td>
80	</tr>
81	</table>


75	<?php } ?>
76	</td>
77	<td width="50%" align="right" class="mobile-hide" inline-class="header-text">
78	+ <?php echo esc_html($info['header_sub']) ?>
79	</td>
80	</tr>
81	</table>

plugin.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	Plugin Name: Newsletter
5	Plugin URI: https://www.thenewsletterplugin.com/plugins/newsletter
6	Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="https://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
7	- Version: 6.7.6
8	Author: Stefano Lissa & The Newsletter Team
9	Author URI: https://www.thenewsletterplugin.com
10	Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
	@@ -35,7 +35,7 @@ if (version_compare(phpversion(), '5.6', '<')) {
35	return;
36	}
37
38	- define('NEWSLETTER_VERSION', '6.7.6');
39
40	global $newsletter, $wpdb;
41


4	Plugin Name: Newsletter
5	Plugin URI: https://www.thenewsletterplugin.com/plugins/newsletter
6	Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="https://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
7	+ Version: 6.7.7
8	Author: Stefano Lissa & The Newsletter Team
9	Author URI: https://www.thenewsletterplugin.com
10	Disclaimer: Use at your own risk. No warranty expressed or implied is provided.

35	return;
36	}
37
38	+ define('NEWSLETTER_VERSION', '6.7.7');
39
40	global $newsletter, $wpdb;
41

profile/profile.php CHANGED Viewed

	@@ -371,7 +371,7 @@ class NewsletterProfile extends NewsletterModule {
371	$subscription_module = NewsletterSubscription::instance();
372
373	if (!$this->is_email($_REQUEST['ne'])) {
374	- $user->alert = $~~this->~~options['profile_error'];
375	return $user;
376	}
377
	@@ -382,8 +382,7 @@ class NewsletterProfile extends NewsletterModule {
382	if ($email_changed) {
383	$tmp = $this->get_user($email);
384	if ($tmp != null && $tmp->id != $user->id) {
385	- // ~~TODO:~~ ~~Move the label on profile setting panel~~
386	- $user->alert = $this->options['error'];
387	return $user;
388	}
389	$data['status'] = Newsletter::STATUS_NOT_CONFIRMED;


371	$subscription_module = NewsletterSubscription::instance();
372
373	if (!$this->is_email($_REQUEST['ne'])) {
374	+ $user->alert = $options['profile_error'];
375	return $user;
376	}
377

382	if ($email_changed) {
383	$tmp = $this->get_user($email);
384	if ($tmp != null && $tmp->id != $user->id) {
385	+ $user->alert = $options['error'];

386	return $user;
387	}
388	$data['status'] = Newsletter::STATUS_NOT_CONFIRMED;

readme.txt CHANGED Viewed

	@@ -2,7 +2,7 @@
2	Tags: email, email marketing, newsletter, newsletter subscribers, welcome email, signup forms, contact, lead generation, popup, marketing automation
3	Requires at least: 3.4.0
4	Tested up to: 5.4.2
5	- Stable tag: 6.7.6
6	Requires PHP: 5.6
7	Contributors: satollo,webagile,michael-travan
8
	@@ -113,6 +113,10 @@ Thank you, The Newsletter Team
113
114	== Changelog ==
115




116	= 6.7.6 =
117
118	* Fixed error on profile save


2	Tags: email, email marketing, newsletter, newsletter subscribers, welcome email, signup forms, contact, lead generation, popup, marketing automation
3	Requires at least: 3.4.0
4	Tested up to: 5.4.2
5	+ Stable tag: 6.7.7
6	Requires PHP: 5.6
7	Contributors: satollo,webagile,michael-travan
8

113
114	== Changelog ==
115
116	+ = 6.7.7 =
117	+
118	+ * Fixed text escape for header and footer blocks (was reported as security required fix)
119	+
120	= 6.7.6 =
121
122	* Fixed error on profile save