Version Description
(14 November 2018) =
Security:
- Patched a redirect XSS vulnerability using code injection on our submissions page.
Bugs:
- Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
- Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
- Resolved an issue that sometimes caused error log entries related to an invalid IP.
- The form selector on the submissions page should now be visible on mobile devices.
- Resolved an issue that sometimes caused CSV exports to have multiple header rows.
=
Download this release
Release Info
Developer | krmoorhouse |
Plugin | Ninja Forms – The Easy and Powerful Forms Builder |
Version | 3.3.18 |
Comparing to | |
See all releases |
Code changes from version 3.3.17 to 3.3.18
- assets/css/admin-settings.css +8 -1
- deprecated/ninja-forms.php +1 -1
- includes/Admin/CPT/DownloadAllSubmissions.php +4 -1
- includes/Admin/Menus/Submissions.php +32 -10
- includes/Dispatcher.php +7 -1
- includes/Templates/fields-number.html +2 -2
- ninja-forms.php +2 -2
- readme.txt +24 -9
assets/css/admin-settings.css
CHANGED
@@ -67,4 +67,11 @@
|
|
67 |
.alignleft.actions input[type=text] {
|
68 |
height: 28px;
|
69 |
border-radius: 4px;
|
70 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
67 |
.alignleft.actions input[type=text] {
|
68 |
height: 28px;
|
69 |
border-radius: 4px;
|
70 |
+
}
|
71 |
+
|
72 |
+
/*https://github.com/wpninjas/ninja-forms/issues/2296*/
|
73 |
+
@media screen and ( max-width: 782px ) {
|
74 |
+
.tablenav.top .actions, .tablenav .view-switch {
|
75 |
+
display:block;
|
76 |
+
}
|
77 |
+
}
|
deprecated/ninja-forms.php
CHANGED
@@ -265,7 +265,7 @@ class Ninja_Forms {
|
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
-
define( 'NF_PLUGIN_VERSION', '3.3.
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
+
define( 'NF_PLUGIN_VERSION', '3.3.18' );
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
includes/Admin/CPT/DownloadAllSubmissions.php
CHANGED
@@ -89,7 +89,10 @@ class NF_Admin_CPT_DownloadAllSubmissions extends NF_Step_Processing {
|
|
89 |
}
|
90 |
$export .= NF_Database_Models_Submission::export( $this->args['form_id'], $sub_ids, TRUE );
|
91 |
if( 1 < $this->step ) {
|
92 |
-
$
|
|
|
|
|
|
|
93 |
}
|
94 |
|
95 |
fwrite( $myfile, $export );
|
89 |
}
|
90 |
$export .= NF_Database_Models_Submission::export( $this->args['form_id'], $sub_ids, TRUE );
|
91 |
if( 1 < $this->step ) {
|
92 |
+
$stack = explode( apply_filters( 'nf_sub_csv_terminator', "\n" ), $export );
|
93 |
+
array_shift($stack);
|
94 |
+
$stack = implode( apply_filters( 'nf_sub_csv_terminator', "\n" ), $stack );
|
95 |
+
$export = $stack;
|
96 |
}
|
97 |
|
98 |
fwrite( $myfile, $export );
|
includes/Admin/Menus/Submissions.php
CHANGED
@@ -74,8 +74,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
74 |
unset( $views[ 'mine' ] );
|
75 |
unset( $views[ 'publish' ] );
|
76 |
|
77 |
-
// If the Form ID is not empty...
|
78 |
-
if( ! empty( $_GET[ 'form_id' ] ) ) {
|
79 |
// ...populate the rest of the query string.
|
80 |
$form_id = '&form_id=' . $_GET[ 'form_id' ] . '&nf_form_filter&paged=1';
|
81 |
} else {
|
@@ -140,7 +140,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
140 |
*/
|
141 |
public function change_columns()
|
142 |
{
|
143 |
-
|
|
|
144 |
|
145 |
if( ! $form_id ) return array();
|
146 |
|
@@ -184,6 +185,10 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
184 |
*/
|
185 |
public function custom_columns( $column, $sub_id )
|
186 |
{
|
|
|
|
|
|
|
|
|
187 |
$sub = Ninja_Forms()->form()->get_sub( $sub_id );
|
188 |
|
189 |
switch( $column ){
|
@@ -233,20 +238,36 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
233 |
$form_options = apply_filters( 'ninja_forms_submission_filter_form_options', $form_options );
|
234 |
asort($form_options);
|
235 |
|
236 |
-
|
|
|
|
|
237 |
$form_selected = $_GET[ 'form_id' ];
|
238 |
} else {
|
239 |
$form_selected = 0;
|
240 |
}
|
241 |
|
242 |
if( isset( $_GET[ 'begin_date' ] ) ) {
|
243 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
244 |
} else {
|
245 |
$begin_date = '';
|
246 |
}
|
247 |
|
248 |
if( isset( $_GET[ 'end_date' ] ) ) {
|
249 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
250 |
} else {
|
251 |
$end_date = '';
|
252 |
}
|
@@ -265,7 +286,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
265 |
|
266 |
$vars = &$query->query_vars;
|
267 |
|
268 |
-
|
|
|
269 |
|
270 |
$vars = $this->table_filter_by_form( $vars, $form_id );
|
271 |
|
@@ -277,7 +299,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
277 |
public function search( $pieces ) {
|
278 |
global $typenow;
|
279 |
// filter to select search query
|
280 |
-
if (
|
281 |
global $wpdb;
|
282 |
|
283 |
$keywords = explode(' ', get_query_var('s'));
|
@@ -377,7 +399,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
377 |
$sub_ids = WPN_Helper::esc_html($_REQUEST['post']);
|
378 |
}
|
379 |
|
380 |
-
Ninja_Forms()->form( $_REQUEST['form_id'] )->export_subs( $sub_ids );
|
381 |
}
|
382 |
|
383 |
if (isset ($_REQUEST['download_file']) && !empty($_REQUEST['download_file'])) {
|
@@ -498,7 +520,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
498 |
|
499 |
// Include submissions on the end_date.
|
500 |
$end_date = date( 'm/d/Y', strtotime( '+1 day', strtotime( $end_date ) ) );
|
501 |
-
|
502 |
if ( ! isset ( $vars['date_query'] ) ) {
|
503 |
|
504 |
$vars['date_query'] = array(
|
74 |
unset( $views[ 'mine' ] );
|
75 |
unset( $views[ 'publish' ] );
|
76 |
|
77 |
+
// If the Form ID is not empty and IS a number...
|
78 |
+
if( ! empty( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) {
|
79 |
// ...populate the rest of the query string.
|
80 |
$form_id = '&form_id=' . $_GET[ 'form_id' ] . '&nf_form_filter&paged=1';
|
81 |
} else {
|
140 |
*/
|
141 |
public function change_columns()
|
142 |
{
|
143 |
+
// if the form_id isset and ID a number
|
144 |
+
$form_id = ( isset( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : FALSE;
|
145 |
|
146 |
if( ! $form_id ) return array();
|
147 |
|
185 |
*/
|
186 |
public function custom_columns( $column, $sub_id )
|
187 |
{
|
188 |
+
global $post_type;
|
189 |
+
|
190 |
+
if ( 'nf_sub' !== $post_type ) return false;
|
191 |
+
|
192 |
$sub = Ninja_Forms()->form()->get_sub( $sub_id );
|
193 |
|
194 |
switch( $column ){
|
238 |
$form_options = apply_filters( 'ninja_forms_submission_filter_form_options', $form_options );
|
239 |
asort($form_options);
|
240 |
|
241 |
+
|
242 |
+
// make sure form_id isset and is a number
|
243 |
+
if( isset( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) {
|
244 |
$form_selected = $_GET[ 'form_id' ];
|
245 |
} else {
|
246 |
$form_selected = 0;
|
247 |
}
|
248 |
|
249 |
if( isset( $_GET[ 'begin_date' ] ) ) {
|
250 |
+
// check for bad characters(possible xss vulnerability)
|
251 |
+
$beg_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'begin_date' ]);
|
252 |
+
|
253 |
+
if ( 1 !== count( array_unique( str_split( $beg_date_sep ) ) ) ) {// We got bad data.
|
254 |
+
$begin_date = '';
|
255 |
+
} else {
|
256 |
+
$begin_date = $_GET[ 'begin_date' ];
|
257 |
+
}
|
258 |
} else {
|
259 |
$begin_date = '';
|
260 |
}
|
261 |
|
262 |
if( isset( $_GET[ 'end_date' ] ) ) {
|
263 |
+
// check for bad characters(possible xss vulnerability)
|
264 |
+
$end_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'end_date' ]);
|
265 |
+
|
266 |
+
if ( 1 !== count( array_unique( str_split( $end_date_sep ) ) ) ) {// We got bad data.
|
267 |
+
$end_date = '';
|
268 |
+
} else {
|
269 |
+
$end_date = $_GET[ 'end_date' ];
|
270 |
+
}
|
271 |
} else {
|
272 |
$end_date = '';
|
273 |
}
|
286 |
|
287 |
$vars = &$query->query_vars;
|
288 |
|
289 |
+
// make sure form_id is not empty and is a number
|
290 |
+
$form_id = ( ! empty( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : 0;
|
291 |
|
292 |
$vars = $this->table_filter_by_form( $vars, $form_id );
|
293 |
|
299 |
public function search( $pieces ) {
|
300 |
global $typenow;
|
301 |
// filter to select search query
|
302 |
+
if ( isset ( $_GET['s'] ) && $typenow == 'nf_sub' && is_search() && is_admin() ) {
|
303 |
global $wpdb;
|
304 |
|
305 |
$keywords = explode(' ', get_query_var('s'));
|
399 |
$sub_ids = WPN_Helper::esc_html($_REQUEST['post']);
|
400 |
}
|
401 |
|
402 |
+
Ninja_Forms()->form( absint( $_REQUEST['form_id'] ) )->export_subs( $sub_ids );
|
403 |
}
|
404 |
|
405 |
if (isset ($_REQUEST['download_file']) && !empty($_REQUEST['download_file'])) {
|
520 |
|
521 |
// Include submissions on the end_date.
|
522 |
$end_date = date( 'm/d/Y', strtotime( '+1 day', strtotime( $end_date ) ) );
|
523 |
+
|
524 |
if ( ! isset ( $vars['date_query'] ) ) {
|
525 |
|
526 |
$vars['date_query'] = array(
|
includes/Dispatcher.php
CHANGED
@@ -65,7 +65,13 @@ final class NF_Dispatcher
|
|
65 |
$ip_address = $_SERVER[ 'LOCAL_ADDR' ];
|
66 |
}
|
67 |
|
68 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
69 |
|
70 |
if ( is_multisite() ) {
|
71 |
$multisite_enabled = 1;
|
65 |
$ip_address = $_SERVER[ 'LOCAL_ADDR' ];
|
66 |
}
|
67 |
|
68 |
+
// If we have a valid IP Address...
|
69 |
+
if ( filter_var( $ip_address, FILTER_VALIDATE_IP ) ) {
|
70 |
+
// Get the hostname.
|
71 |
+
$host_name = gethostbyaddr( $ip_address );
|
72 |
+
} else {
|
73 |
+
$host_name = 'unknown';
|
74 |
+
}
|
75 |
|
76 |
if ( is_multisite() ) {
|
77 |
$multisite_enabled = 1;
|
includes/Templates/fields-number.html
CHANGED
@@ -1,6 +1,6 @@
|
|
1 |
<script id="tmpl-nf-field-number" type="text/template">
|
2 |
-
|
3 |
aria-labelledby="nf-label-field-{{{ data.id }}}"
|
4 |
{{{ data.maybeRequired() }}}
|
5 |
-
type="number" value="
|
6 |
</script>
|
1 |
<script id="tmpl-nf-field-number" type="text/template">
|
2 |
+
<input id="nf-field-{{{ data.id }}}" name="nf-field-{{{ data.id }}}" aria-invalid="false" aria-describedby="nf-error-{{{ data.id }}}" class="{{{ data.renderClasses() }}} nf-element"
|
3 |
aria-labelledby="nf-label-field-{{{ data.id }}}"
|
4 |
{{{ data.maybeRequired() }}}
|
5 |
+
type="number" value="<# if(data.default && data.default <=data.num_max && data.default >= data.num_min) {print(data.default)} #>" min="{{{ data.num_min }}}" max="{{{ data.num_max }}}" step="{{{ data.num_step }}}" {{{ data.renderPlaceholder() }}}>
|
6 |
</script>
|
ninja-forms.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
-
Version: 3.3.
|
7 |
Author: The WP Ninjas
|
8 |
Author URI: http://ninjaforms.com
|
9 |
Text Domain: ninja-forms
|
@@ -57,7 +57,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
|
|
57 |
/**
|
58 |
* @since 3.0
|
59 |
*/
|
60 |
-
const VERSION = '3.3.
|
61 |
|
62 |
const WP_MIN_VERSION = '4.7';
|
63 |
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
+
Version: 3.3.18
|
7 |
Author: The WP Ninjas
|
8 |
Author URI: http://ninjaforms.com
|
9 |
Text Domain: ninja-forms
|
57 |
/**
|
58 |
* @since 3.0
|
59 |
*/
|
60 |
+
const VERSION = '3.3.18';
|
61 |
|
62 |
const WP_MIN_VERSION = '4.7';
|
63 |
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
|
|
3 |
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
|
4 |
Requires at least: 4.7
|
5 |
Tested up to: 4.9
|
6 |
-
Stable tag: 3.3.
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
|
@@ -111,21 +111,36 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
|
|
111 |
|
112 |
== Upgrade Notice ==
|
113 |
|
114 |
-
= 3.3.
|
115 |
|
116 |
-
*
|
117 |
|
118 |
-
*
|
119 |
-
* Resolved an issue that could have caused some display issues on the dashboard due to cached scripts.
|
120 |
|
121 |
-
*
|
122 |
|
123 |
-
*
|
124 |
-
*
|
125 |
-
*
|
|
|
|
|
126 |
|
127 |
== Changelog ==
|
128 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
129 |
= 3.3.17 (16 October 2018) =
|
130 |
|
131 |
*Bugs:*
|
3 |
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
|
4 |
Requires at least: 4.7
|
5 |
Tested up to: 4.9
|
6 |
+
Stable tag: 3.3.18
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
|
111 |
|
112 |
== Upgrade Notice ==
|
113 |
|
114 |
+
= 3.3.18 (14 November 2018) =
|
115 |
|
116 |
+
*Security:*
|
117 |
|
118 |
+
* Patched a redirect XSS vulnerability using code injection on our submissions page.
|
|
|
119 |
|
120 |
+
*Bugs:*
|
121 |
|
122 |
+
* Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
|
123 |
+
* Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
|
124 |
+
* Resolved an issue that sometimes caused error log entries related to an invalid IP.
|
125 |
+
* The form selector on the submissions page should now be visible on mobile devices.
|
126 |
+
* Resolved an issue that sometimes caused CSV exports to have multiple header rows.
|
127 |
|
128 |
== Changelog ==
|
129 |
|
130 |
+
= 3.3.18 (14 November 2018) =
|
131 |
+
|
132 |
+
*Security:*
|
133 |
+
|
134 |
+
* Patched a redirect XSS vulnerability using code injection on our submissions page.
|
135 |
+
|
136 |
+
*Bugs:*
|
137 |
+
|
138 |
+
* Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
|
139 |
+
* Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
|
140 |
+
* Resolved an issue that sometimes caused error log entries related to an invalid IP.
|
141 |
+
* The form selector on the submissions page should now be visible on mobile devices.
|
142 |
+
* Resolved an issue that sometimes caused CSV exports to have multiple header rows.
|
143 |
+
|
144 |
= 3.3.17 (16 October 2018) =
|
145 |
|
146 |
*Bugs:*
|