Version Description
(7 January 2019) =
Security:
- Patched a blind SQL injection vulnerability in the search filter on our submissions page. Thank you to Samuel Anttila at netsec.expert for practicing responsible disclosure.
=
Download this release
Release Info
| Developer | krmoorhouse |
| Plugin |  Ninja Forms – The Easy and Powerful Forms Builder |
| Version | 3.3.21.2 |
| Comparing to | |
| See all releases | |
Code changes from version 3.3.21.1 to 3.3.21.2
- deprecated/ninja-forms.php +1 -1
- includes/Admin/Menus/Submissions.php +4 -0
- ninja-forms.php +2 -2
- readme.txt +8 -10
deprecated/ninja-forms.php
CHANGED
|
@@ -265,7 +265,7 @@ class Ninja_Forms {
|
|
| 265 |
|
| 266 |
// Plugin version
|
| 267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
| 268 |
-
define( 'NF_PLUGIN_VERSION', '3.3.21.
|
| 269 |
|
| 270 |
// Plugin Folder Path
|
| 271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
| 265 |
|
| 266 |
// Plugin version
|
| 267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
| 268 |
+
define( 'NF_PLUGIN_VERSION', '3.3.21.2' );
|
| 269 |
|
| 270 |
// Plugin Folder Path
|
| 271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
includes/Admin/Menus/Submissions.php
CHANGED
|
@@ -296,6 +296,9 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 296 |
$vars = apply_filters( 'ninja_forms_sub_table_qv', $vars, $form_id );
|
| 297 |
}
|
| 298 |
|
|
|
|
|
|
|
|
|
|
| 299 |
public function search( $pieces ) {
|
| 300 |
global $typenow;
|
| 301 |
// filter to select search query
|
|
@@ -308,6 +311,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
|
|
| 308 |
|
| 309 |
foreach ($keywords as $word) {
|
| 310 |
|
|
|
|
| 311 |
$query .= " (mypm1.meta_value LIKE '%{$word}%') OR ";
|
| 312 |
}
|
| 313 |
|
| 296 |
$vars = apply_filters( 'ninja_forms_sub_table_qv', $vars, $form_id );
|
| 297 |
}
|
| 298 |
|
| 299 |
+
/**
|
| 300 |
+
* @updated 3.3.21.2
|
| 301 |
+
*/
|
| 302 |
public function search( $pieces ) {
|
| 303 |
global $typenow;
|
| 304 |
// filter to select search query
|
| 311 |
|
| 312 |
foreach ($keywords as $word) {
|
| 313 |
|
| 314 |
+
$wpdb->escape_by_ref( $word );
|
| 315 |
$query .= " (mypm1.meta_value LIKE '%{$word}%') OR ";
|
| 316 |
}
|
| 317 |
|
ninja-forms.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Ninja Forms
|
| 4 |
Plugin URI: http://ninjaforms.com/
|
| 5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
| 6 |
-
Version: 3.3.21.
|
| 7 |
Author: The WP Ninjas
|
| 8 |
Author URI: http://ninjaforms.com
|
| 9 |
Text Domain: ninja-forms
|
|
@@ -57,7 +57,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
|
|
| 57 |
/**
|
| 58 |
* @since 3.0
|
| 59 |
*/
|
| 60 |
-
const VERSION = '3.3.21.
|
| 61 |
|
| 62 |
const WP_MIN_VERSION = '4.8';
|
| 63 |
|
| 3 |
Plugin Name: Ninja Forms
|
| 4 |
Plugin URI: http://ninjaforms.com/
|
| 5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
| 6 |
+
Version: 3.3.21.2
|
| 7 |
Author: The WP Ninjas
|
| 8 |
Author URI: http://ninjaforms.com
|
| 9 |
Text Domain: ninja-forms
|
| 57 |
/**
|
| 58 |
* @since 3.0
|
| 59 |
*/
|
| 60 |
+
const VERSION = '3.3.21.2';
|
| 61 |
|
| 62 |
const WP_MIN_VERSION = '4.8';
|
| 63 |
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
|
|
| 3 |
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
|
| 4 |
Requires at least: 4.8
|
| 5 |
Tested up to: 5.0
|
| 6 |
-
Stable tag: 3.3.21.
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
|
|
@@ -111,21 +111,19 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
|
|
| 111 |
|
| 112 |
== Upgrade Notice ==
|
| 113 |
|
| 114 |
-
= 3.3.21.
|
| 115 |
|
| 116 |
*Security:*
|
| 117 |
|
| 118 |
-
* Patched a
|
| 119 |
|
| 120 |
-
|
| 121 |
|
| 122 |
-
|
| 123 |
|
| 124 |
-
*
|
| 125 |
-
|
| 126 |
-
* Product and quantity field merge tags can no longer be referenced in calculations.
|
| 127 |
|
| 128 |
-
|
| 129 |
|
| 130 |
= 3.3.21.1 (3 January 2019) =
|
| 131 |
|
|
@@ -137,7 +135,7 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
|
|
| 137 |
|
| 138 |
*Bugs:*
|
| 139 |
|
| 140 |
-
* Resolved an issue that caused our Gutenberg Block to not dispaly in the post editor when the Twenty
|
| 141 |
|
| 142 |
*Changes:*
|
| 143 |
|
| 3 |
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
|
| 4 |
Requires at least: 4.8
|
| 5 |
Tested up to: 5.0
|
| 6 |
+
Stable tag: 3.3.21.2
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
|
| 111 |
|
| 112 |
== Upgrade Notice ==
|
| 113 |
|
| 114 |
+
= 3.3.21.2 (7 January 2019) =
|
| 115 |
|
| 116 |
*Security:*
|
| 117 |
|
| 118 |
+
* Patched a blind SQL injection vulnerability in the search filter on our submissions page. Thank you to Samuel Anttila at netsec.expert for practicing responsible disclosure.
|
| 119 |
|
| 120 |
+
== Changelog ==
|
| 121 |
|
| 122 |
+
= 3.3.21.2 (7 January 2019) =
|
| 123 |
|
| 124 |
+
*Security:*
|
|
|
|
|
|
|
| 125 |
|
| 126 |
+
* Patched a blind SQL injection vulnerability in the search filter on our submissions page. Thank you to Samuel Anttila at netsec.expert for practicing responsible disclosure.
|
| 127 |
|
| 128 |
= 3.3.21.1 (3 January 2019) =
|
| 129 |
|
| 135 |
|
| 136 |
*Bugs:*
|
| 137 |
|
| 138 |
+
* Resolved an issue that caused our Gutenberg Block to not dispaly in the post editor when the Twenty Nineteen theme is active.
|
| 139 |
|
| 140 |
*Changes:*
|
| 141 |
|
