Version Description
(14 November 2018) =
Security:
- Patched a redirect XSS vulnerability using code injection on our submissions page.
Bugs:
- Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
- Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
- Resolved an issue that sometimes caused error log entries related to an invalid IP.
- The form selector on the submissions page should now be visible on mobile devices.
- Resolved an issue that sometimes caused CSV exports to have multiple header rows.
=
Download this release
Release Info
| Developer | krmoorhouse |
| Plugin |  Ninja Forms – The Easy and Powerful Forms Builder |
| Version | 3.3.18 |
| Comparing to | |
| See all releases | |
Code changes from version 3.3.17 to 3.3.18
- assets/css/admin-settings.css +8 -1
- deprecated/ninja-forms.php +1 -1
- includes/Admin/CPT/DownloadAllSubmissions.php +4 -1
- includes/Admin/Menus/Submissions.php +32 -10
- includes/Dispatcher.php +7 -1
- includes/Templates/fields-number.html +2 -2
- ninja-forms.php +2 -2
- readme.txt +24 -9
assets/css/admin-settings.css
CHANGED
|
@@ -67,4 +67,11 @@
|
|
| 67 |
.alignleft.actions input[type=text] {
|
| 68 |
height: 28px;
|
| 69 |
border-radius: 4px;
|
| 70 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 67 |
.alignleft.actions input[type=text] {
|
| 68 |
height: 28px;
|
| 69 |
border-radius: 4px;
|
| 70 |
+
}
|
| 71 |
+
|
| 72 |
+
/*https://github.com/wpninjas/ninja-forms/issues/2296*/
|
| 73 |
+
@media screen and ( max-width: 782px ) {
|
| 74 |
+
.tablenav.top .actions, .tablenav .view-switch {
|
| 75 |
+
display:block;
|
| 76 |
+
}
|
| 77 |
+
}
|
deprecated/ninja-forms.php
CHANGED
|
@@ -265,7 +265,7 @@ class Ninja_Forms {
|
|
| 265 |
|
| 266 |
// Plugin version
|
| 267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
| 268 |
-
define( 'NF_PLUGIN_VERSION', '3.3.
|
| 269 |
|
| 270 |
// Plugin Folder Path
|
| 271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
| 265 |
|
| 266 |
// Plugin version
|
| 267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
| 268 |
+
define( 'NF_PLUGIN_VERSION', '3.3.18' );
|
| 269 |
|
| 270 |
// Plugin Folder Path
|
| 271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
includes/Admin/CPT/DownloadAllSubmissions.php
CHANGED
|
@@ -89,7 +89,10 @@ class NF_Admin_CPT_DownloadAllSubmissions extends NF_Step_Processing {
|
|
| 89 |
}
|
| 90 |
$export .= NF_Database_Models_Submission::export( $this->args['form_id'], $sub_ids, TRUE );
|
| 91 |
if( 1 < $this->step ) {
|
| 92 |
-
$
|
|
|
|
|
|
|
|
|
|
| 93 |
}
|
| 94 |
|
| 95 |
fwrite( $myfile, $export );
|
| 89 |
}
|
| 90 |
$export .= NF_Database_Models_Submission::export( $this->args['form_id'], $sub_ids, TRUE );
|
| 91 |
if( 1 < $this->step ) {
|
| 92 |
+
$stack = explode( apply_filters( 'nf_sub_csv_terminator', "\n" ), $export );
|
| 93 |
+
array_shift($stack);
|
| 94 |
+
$stack = implode( apply_filters( 'nf_sub_csv_terminator', "\n" ), $stack );
|
| 95 |
+
$export = $stack;
|
| 96 |
}
|
| 97 |
|
| 98 |
fwrite( $myfile, $export );
|
includes/Admin/Menus/Submissions.php
CHANGED
|
@@ -74,8 +74,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 74 |
unset( $views[ 'mine' ] );
|
| 75 |
unset( $views[ 'publish' ] );
|
| 76 |
|
| 77 |
-
// If the Form ID is not empty...
|
| 78 |
-
if( ! empty( $_GET[ 'form_id' ] ) ) {
|
| 79 |
// ...populate the rest of the query string.
|
| 80 |
$form_id = '&form_id=' . $_GET[ 'form_id' ] . '&nf_form_filter&paged=1';
|
| 81 |
} else {
|
|
@@ -140,7 +140,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 140 |
*/
|
| 141 |
public function change_columns()
|
| 142 |
{
|
| 143 |
-
|
|
|
|
| 144 |
|
| 145 |
if( ! $form_id ) return array();
|
| 146 |
|
|
@@ -184,6 +185,10 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 184 |
*/
|
| 185 |
public function custom_columns( $column, $sub_id )
|
| 186 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
| 187 |
$sub = Ninja_Forms()->form()->get_sub( $sub_id );
|
| 188 |
|
| 189 |
switch( $column ){
|
|
@@ -233,20 +238,36 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 233 |
$form_options = apply_filters( 'ninja_forms_submission_filter_form_options', $form_options );
|
| 234 |
asort($form_options);
|
| 235 |
|
| 236 |
-
|
|
|
|
|
|
|
| 237 |
$form_selected = $_GET[ 'form_id' ];
|
| 238 |
} else {
|
| 239 |
$form_selected = 0;
|
| 240 |
}
|
| 241 |
|
| 242 |
if( isset( $_GET[ 'begin_date' ] ) ) {
|
| 243 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 244 |
} else {
|
| 245 |
$begin_date = '';
|
| 246 |
}
|
| 247 |
|
| 248 |
if( isset( $_GET[ 'end_date' ] ) ) {
|
| 249 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 250 |
} else {
|
| 251 |
$end_date = '';
|
| 252 |
}
|
|
@@ -265,7 +286,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 265 |
|
| 266 |
$vars = &$query->query_vars;
|
| 267 |
|
| 268 |
-
|
|
|
|
| 269 |
|
| 270 |
$vars = $this->table_filter_by_form( $vars, $form_id );
|
| 271 |
|
|
@@ -277,7 +299,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 277 |
public function search( $pieces ) {
|
| 278 |
global $typenow;
|
| 279 |
// filter to select search query
|
| 280 |
-
if (
|
| 281 |
global $wpdb;
|
| 282 |
|
| 283 |
$keywords = explode(' ', get_query_var('s'));
|
|
@@ -377,7 +399,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 377 |
$sub_ids = WPN_Helper::esc_html($_REQUEST['post']);
|
| 378 |
}
|
| 379 |
|
| 380 |
-
Ninja_Forms()->form( $_REQUEST['form_id'] )->export_subs( $sub_ids );
|
| 381 |
}
|
| 382 |
|
| 383 |
if (isset ($_REQUEST['download_file']) && !empty($_REQUEST['download_file'])) {
|
|
@@ -498,7 +520,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 498 |
|
| 499 |
// Include submissions on the end_date.
|
| 500 |
$end_date = date( 'm/d/Y', strtotime( '+1 day', strtotime( $end_date ) ) );
|
| 501 |
-
|
| 502 |
if ( ! isset ( $vars['date_query'] ) ) {
|
| 503 |
|
| 504 |
$vars['date_query'] = array(
|
| 74 |
unset( $views[ 'mine' ] );
|
| 75 |
unset( $views[ 'publish' ] );
|
| 76 |
|
| 77 |
+
// If the Form ID is not empty and IS a number...
|
| 78 |
+
if( ! empty( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) {
|
| 79 |
// ...populate the rest of the query string.
|
| 80 |
$form_id = '&form_id=' . $_GET[ 'form_id' ] . '&nf_form_filter&paged=1';
|
| 81 |
} else {
|
| 140 |
*/
|
| 141 |
public function change_columns()
|
| 142 |
{
|
| 143 |
+
// if the form_id isset and ID a number
|
| 144 |
+
$form_id = ( isset( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : FALSE;
|
| 145 |
|
| 146 |
if( ! $form_id ) return array();
|
| 147 |
|
| 185 |
*/
|
| 186 |
public function custom_columns( $column, $sub_id )
|
| 187 |
{
|
| 188 |
+
global $post_type;
|
| 189 |
+
|
| 190 |
+
if ( 'nf_sub' !== $post_type ) return false;
|
| 191 |
+
|
| 192 |
$sub = Ninja_Forms()->form()->get_sub( $sub_id );
|
| 193 |
|
| 194 |
switch( $column ){
|
| 238 |
$form_options = apply_filters( 'ninja_forms_submission_filter_form_options', $form_options );
|
| 239 |
asort($form_options);
|
| 240 |
|
| 241 |
+
|
| 242 |
+
// make sure form_id isset and is a number
|
| 243 |
+
if( isset( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) {
|
| 244 |
$form_selected = $_GET[ 'form_id' ];
|
| 245 |
} else {
|
| 246 |
$form_selected = 0;
|
| 247 |
}
|
| 248 |
|
| 249 |
if( isset( $_GET[ 'begin_date' ] ) ) {
|
| 250 |
+
// check for bad characters(possible xss vulnerability)
|
| 251 |
+
$beg_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'begin_date' ]);
|
| 252 |
+
|
| 253 |
+
if ( 1 !== count( array_unique( str_split( $beg_date_sep ) ) ) ) {// We got bad data.
|
| 254 |
+
$begin_date = '';
|
| 255 |
+
} else {
|
| 256 |
+
$begin_date = $_GET[ 'begin_date' ];
|
| 257 |
+
}
|
| 258 |
} else {
|
| 259 |
$begin_date = '';
|
| 260 |
}
|
| 261 |
|
| 262 |
if( isset( $_GET[ 'end_date' ] ) ) {
|
| 263 |
+
// check for bad characters(possible xss vulnerability)
|
| 264 |
+
$end_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'end_date' ]);
|
| 265 |
+
|
| 266 |
+
if ( 1 !== count( array_unique( str_split( $end_date_sep ) ) ) ) {// We got bad data.
|
| 267 |
+
$end_date = '';
|
| 268 |
+
} else {
|
| 269 |
+
$end_date = $_GET[ 'end_date' ];
|
| 270 |
+
}
|
| 271 |
} else {
|
| 272 |
$end_date = '';
|
| 273 |
}
|
| 286 |
|
| 287 |
$vars = &$query->query_vars;
|
| 288 |
|
| 289 |
+
// make sure form_id is not empty and is a number
|
| 290 |
+
$form_id = ( ! empty( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : 0;
|
| 291 |
|
| 292 |
$vars = $this->table_filter_by_form( $vars, $form_id );
|
| 293 |
|
| 299 |
public function search( $pieces ) {
|
| 300 |
global $typenow;
|
| 301 |
// filter to select search query
|
| 302 |
+
if ( isset ( $_GET['s'] ) && $typenow == 'nf_sub' && is_search() && is_admin() ) {
|
| 303 |
global $wpdb;
|
| 304 |
|
| 305 |
$keywords = explode(' ', get_query_var('s'));
|
| 399 |
$sub_ids = WPN_Helper::esc_html($_REQUEST['post']);
|
| 400 |
}
|
| 401 |
|
| 402 |
+
Ninja_Forms()->form( absint( $_REQUEST['form_id'] ) )->export_subs( $sub_ids );
|
| 403 |
}
|
| 404 |
|
| 405 |
if (isset ($_REQUEST['download_file']) && !empty($_REQUEST['download_file'])) {
|
| 520 |
|
| 521 |
// Include submissions on the end_date.
|
| 522 |
$end_date = date( 'm/d/Y', strtotime( '+1 day', strtotime( $end_date ) ) );
|
| 523 |
+
|
| 524 |
if ( ! isset ( $vars['date_query'] ) ) {
|
| 525 |
|
| 526 |
$vars['date_query'] = array(
|
includes/Dispatcher.php
CHANGED
|
@@ -65,7 +65,13 @@ final class NF_Dispatcher
|
|
| 65 |
$ip_address = $_SERVER[ 'LOCAL_ADDR' ];
|
| 66 |
}
|
| 67 |
|
| 68 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 69 |
|
| 70 |
if ( is_multisite() ) {
|
| 71 |
$multisite_enabled = 1;
|
| 65 |
$ip_address = $_SERVER[ 'LOCAL_ADDR' ];
|
| 66 |
}
|
| 67 |
|
| 68 |
+
// If we have a valid IP Address...
|
| 69 |
+
if ( filter_var( $ip_address, FILTER_VALIDATE_IP ) ) {
|
| 70 |
+
// Get the hostname.
|
| 71 |
+
$host_name = gethostbyaddr( $ip_address );
|
| 72 |
+
} else {
|
| 73 |
+
$host_name = 'unknown';
|
| 74 |
+
}
|
| 75 |
|
| 76 |
if ( is_multisite() ) {
|
| 77 |
$multisite_enabled = 1;
|
includes/Templates/fields-number.html
CHANGED
|
@@ -1,6 +1,6 @@
|
|
| 1 |
<script id="tmpl-nf-field-number" type="text/template">
|
| 2 |
-
|
| 3 |
aria-labelledby="nf-label-field-{{{ data.id }}}"
|
| 4 |
{{{ data.maybeRequired() }}}
|
| 5 |
-
type="number" value="
|
| 6 |
</script>
|
| 1 |
<script id="tmpl-nf-field-number" type="text/template">
|
| 2 |
+
<input id="nf-field-{{{ data.id }}}" name="nf-field-{{{ data.id }}}" aria-invalid="false" aria-describedby="nf-error-{{{ data.id }}}" class="{{{ data.renderClasses() }}} nf-element"
|
| 3 |
aria-labelledby="nf-label-field-{{{ data.id }}}"
|
| 4 |
{{{ data.maybeRequired() }}}
|
| 5 |
+
type="number" value="<# if(data.default && data.default <=data.num_max && data.default >= data.num_min) {print(data.default)} #>" min="{{{ data.num_min }}}" max="{{{ data.num_max }}}" step="{{{ data.num_step }}}" {{{ data.renderPlaceholder() }}}>
|
| 6 |
</script>
|
ninja-forms.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Ninja Forms
|
| 4 |
Plugin URI: http://ninjaforms.com/
|
| 5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
| 6 |
-
Version: 3.3.
|
| 7 |
Author: The WP Ninjas
|
| 8 |
Author URI: http://ninjaforms.com
|
| 9 |
Text Domain: ninja-forms
|
|
@@ -57,7 +57,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
|
|
| 57 |
/**
|
| 58 |
* @since 3.0
|
| 59 |
*/
|
| 60 |
-
const VERSION = '3.3.
|
| 61 |
|
| 62 |
const WP_MIN_VERSION = '4.7';
|
| 63 |
|
| 3 |
Plugin Name: Ninja Forms
|
| 4 |
Plugin URI: http://ninjaforms.com/
|
| 5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
| 6 |
+
Version: 3.3.18
|
| 7 |
Author: The WP Ninjas
|
| 8 |
Author URI: http://ninjaforms.com
|
| 9 |
Text Domain: ninja-forms
|
| 57 |
/**
|
| 58 |
* @since 3.0
|
| 59 |
*/
|
| 60 |
+
const VERSION = '3.3.18';
|
| 61 |
|
| 62 |
const WP_MIN_VERSION = '4.7';
|
| 63 |
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
|
|
| 3 |
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
|
| 4 |
Requires at least: 4.7
|
| 5 |
Tested up to: 4.9
|
| 6 |
-
Stable tag: 3.3.
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
|
|
@@ -111,21 +111,36 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
|
|
| 111 |
|
| 112 |
== Upgrade Notice ==
|
| 113 |
|
| 114 |
-
= 3.3.
|
| 115 |
|
| 116 |
-
*
|
| 117 |
|
| 118 |
-
*
|
| 119 |
-
* Resolved an issue that could have caused some display issues on the dashboard due to cached scripts.
|
| 120 |
|
| 121 |
-
*
|
| 122 |
|
| 123 |
-
*
|
| 124 |
-
*
|
| 125 |
-
*
|
|
|
|
|
|
|
| 126 |
|
| 127 |
== Changelog ==
|
| 128 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 129 |
= 3.3.17 (16 October 2018) =
|
| 130 |
|
| 131 |
*Bugs:*
|
| 3 |
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
|
| 4 |
Requires at least: 4.7
|
| 5 |
Tested up to: 4.9
|
| 6 |
+
Stable tag: 3.3.18
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
|
| 111 |
|
| 112 |
== Upgrade Notice ==
|
| 113 |
|
| 114 |
+
= 3.3.18 (14 November 2018) =
|
| 115 |
|
| 116 |
+
*Security:*
|
| 117 |
|
| 118 |
+
* Patched a redirect XSS vulnerability using code injection on our submissions page.
|
|
|
|
| 119 |
|
| 120 |
+
*Bugs:*
|
| 121 |
|
| 122 |
+
* Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
|
| 123 |
+
* Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
|
| 124 |
+
* Resolved an issue that sometimes caused error log entries related to an invalid IP.
|
| 125 |
+
* The form selector on the submissions page should now be visible on mobile devices.
|
| 126 |
+
* Resolved an issue that sometimes caused CSV exports to have multiple header rows.
|
| 127 |
|
| 128 |
== Changelog ==
|
| 129 |
|
| 130 |
+
= 3.3.18 (14 November 2018) =
|
| 131 |
+
|
| 132 |
+
*Security:*
|
| 133 |
+
|
| 134 |
+
* Patched a redirect XSS vulnerability using code injection on our submissions page.
|
| 135 |
+
|
| 136 |
+
*Bugs:*
|
| 137 |
+
|
| 138 |
+
* Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
|
| 139 |
+
* Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
|
| 140 |
+
* Resolved an issue that sometimes caused error log entries related to an invalid IP.
|
| 141 |
+
* The form selector on the submissions page should now be visible on mobile devices.
|
| 142 |
+
* Resolved an issue that sometimes caused CSV exports to have multiple header rows.
|
| 143 |
+
|
| 144 |
= 3.3.17 (16 October 2018) =
|
| 145 |
|
| 146 |
*Bugs:*
|
