Ninja Forms – The Easy and Powerful Forms Builder

Version Description

(5 March 2020) =

Security:

Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.

Bugs:

User permission filters should now work as expected.
Select image fields should now work properly when dev mode is disabled.
Resolved an error that was causing php warnings on some API calls.
Email settings should now properly read email addresses surrounded by <> characters.
Resolved an error that was causing deprecated function warnings in php error logs.
Forms with calculations should now display properly on sites using a "formal" language setting.
Export should now properly appear as an option in the bulk actions on the submissions page.
Resolved an error that was preventing the add-on manager from installing plugins.

Changes:

Add-on updates will now enforce php requirements if the current version on the installation is below the minimum for the add-on.

Download this release

Release Info

Developer	krmoorhouse
Plugin	Ninja Forms – The Easy and Powerful Forms Builder
Version	3.4.24.1
Comparing to
See all releases

Code changes from version 3.4.24 to 3.4.24.1

Files changed (5) hide show

deprecated/ninja-forms.php +1 -1
includes/Abstracts/MergeTags.php +18 -2
includes/MergeTags/Fields.php +26 -4
ninja-forms.php +2 -2
readme.txt +12 -2

deprecated/ninja-forms.php CHANGED Viewed

	@@ -265,7 +265,7 @@ class Ninja_Forms {
265
266	// Plugin version
267	if ( ! defined( 'NF_PLUGIN_VERSION' ) )
268	- define( 'NF_PLUGIN_VERSION', '3.4.24' );
269
270	// Plugin Folder Path
271	if ( ! defined( 'NF_PLUGIN_DIR' ) )


265
266	// Plugin version
267	if ( ! defined( 'NF_PLUGIN_VERSION' ) )
268	+ define( 'NF_PLUGIN_VERSION', '3.4.24.1' );
269
270	// Plugin Folder Path
271	if ( ! defined( 'NF_PLUGIN_DIR' ) )

includes/Abstracts/MergeTags.php CHANGED Viewed

	@@ -13,14 +13,16 @@ abstract class NF_Abstracts_MergeTags
13
14	protected $_default_group = TRUE;
15


16	public function __construct()
17	{
18	add_filter( 'kbj_test', array( $this, 'replace' ) );
19
20	add_filter( 'ninja_forms_render_default_value', array( $this, 'replace' ) );
21
22	- add_filter( 'ninja_forms_run_action_settings', array( $this, '~~replace~~' ) );
23	- add_filter( 'ninja_forms_run_action_settings_preview', array( $this, '~~replace~~' ) );
24
25	add_filter( 'ninja_forms_calc_setting', array( $this, 'replace' ) );
26
	@@ -28,6 +30,20 @@ abstract class NF_Abstracts_MergeTags
28	add_filter( 'ninja_forms_merge_tags', array( $this, 'replace' ) );
29	}
30














31	public function replace( $subject )
32	{
33	if( is_array( $subject ) ){


13
14	protected $_default_group = TRUE;
15
16	+ protected $use_safe = FALSE;
17	+
18	public function __construct()
19	{
20	add_filter( 'kbj_test', array( $this, 'replace' ) );
21
22	add_filter( 'ninja_forms_render_default_value', array( $this, 'replace' ) );
23
24	+ add_filter( 'ninja_forms_run_action_settings', array( $this, 'action_replace' ) );
25	+ add_filter( 'ninja_forms_run_action_settings_preview', array( $this, 'action_replace' ) );
26
27	add_filter( 'ninja_forms_calc_setting', array( $this, 'replace' ) );
28

30	add_filter( 'ninja_forms_merge_tags', array( $this, 'replace' ) );
31	}
32
33	+ public function action_replace( $subject ) {
34	+ if( is_array($subject) && isset($subject['objectType']) && 'Action' == $subject['objectType'] ) {
35	+ if( 'email' == $subject['type'] ) {
36	+ $this->use_safe = true;
37	+ } else {
38	+ $this->use_safe = false;
39	+ }
40	+ }
41	+ $subject = $this->replace( $subject );
42	+ // Make sure we reset use_safe after we finish replacing.
43	+ $this->use_safe = false;
44	+ return $subject;
45	+ }
46	+
47	public function replace( $subject )
48	{
49	if( is_array( $subject ) ){

includes/MergeTags/Fields.php CHANGED Viewed

	@@ -27,6 +27,9 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
27	if(isset($arguments[0]['calc'])) {
28	return $this->merge_tags[ $name ][ 'calc_value' ];
29	}



30	return $this->merge_tags[ $name ][ 'field_value' ];
31	}
32
	@@ -50,6 +53,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
50
51	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
52


53	$return .= '<tr><td>' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
54	}
55	$return .= '</table>';
	@@ -89,6 +94,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
89
90	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
91


92	// Check to see if the type is a list field and if it is...
93	$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
94	}
	@@ -137,6 +144,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
137
138	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
139


140	$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
141	}
142	$return .= '</table>';
	@@ -154,6 +163,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
154
155	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
156


157	$return .= $field[ 'label' ] .': ' . $field[ 'value' ] . "\r\n";
158	}
159	return $return;
	@@ -182,7 +193,7 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
182
183	$value = apply_filters('ninja_forms_merge_tag_value_' . $field['type'], $field['value'], $field);
184
185	- $this->add( $callback, $field['id'], '{field:' . $field['id'] . '}', $value );
186
187	if( isset( $field[ 'key' ] ) ) {
188	$field_key = $field[ 'key' ];
	@@ -276,15 +287,18 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
276	* @param $value
277	* @param bool $calc_value
278	*/
279	- public function add( $callback, $id, $tag, $value, $calc_value = false )
280	{
281	$this->merge_tags[ $callback ] = array(
282	'id' => $id,
283	'tag' => $tag,
284	'callback' => $callback,
285	- 'field_value' => $value,
286	'calc_value' => ($calc_value === false) ? $value : $calc_value,
287	- );



288	}
289
290	public function set_form_id( $form_id )
	@@ -292,6 +306,14 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
292	$this->form_id = $form_id;
293	}
294








295	private function get_fields_sorted()
296	{
297	$fields = $this->merge_tags[ 'all_fields' ][ 'fields' ];


27	if(isset($arguments[0]['calc'])) {
28	return $this->merge_tags[ $name ][ 'calc_value' ];
29	}
30	+ if($this->use_safe && isset($this->merge_tags[ $name ][ 'safe_value' ])) {
31	+ return $this->merge_tags[ $name ][ 'safe_value' ];
32	+ }
33	return $this->merge_tags[ $name ][ 'field_value' ];
34	}
35

53
54	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
55
56	+ $field = $this->maybe_sanitize( $field );
57	+
58	$return .= '<tr><td>' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
59	}
60	$return .= '</table>';

94
95	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
96
97	+ $field = $this->maybe_sanitize( $field );
98	+
99	// Check to see if the type is a list field and if it is...
100	$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
101	}

144
145	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
146
147	+ $field = $this->maybe_sanitize( $field );
148	+
149	$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
150	}
151	$return .= '</table>';

163
164	if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
165
166	+ $field = $this->maybe_sanitize( $field );
167	+
168	$return .= $field[ 'label' ] .': ' . $field[ 'value' ] . "\r\n";
169	}
170	return $return;

193
194	$value = apply_filters('ninja_forms_merge_tag_value_' . $field['type'], $field['value'], $field);
195
196	+ $this->add( $callback, $field['id'], '{field:' . $field['id'] . '}', $value, false, ('html' !== $field['type']) );
197
198	if( isset( $field[ 'key' ] ) ) {
199	$field_key = $field[ 'key' ];

287	* @param $value
288	* @param bool $calc_value
289	*/
290	+ public function add( $callback, $id, $tag, $value, $calc_value = false, $sanitize = true )
291	{
292	$this->merge_tags[ $callback ] = array(
293	'id' => $id,
294	'tag' => $tag,
295	'callback' => $callback,
296	+ 'field_value' => $value,
297	'calc_value' => ($calc_value === false) ? $value : $calc_value,
298	+ );
299	+ if ($sanitize) {
300	+ $this->merge_tags[ $callback ][ 'safe_value' ] = strip_tags( $value );
301	+ }
302	}
303
304	public function set_form_id( $form_id )

306	$this->form_id = $form_id;
307	}
308
309	+ public function maybe_sanitize( $field )
310	+ {
311	+ if ( 'html' !== $field['type'] && $this->use_safe ) {
312	+ $field['value'] = strip_tags($field['value']);
313	+ }
314	+ return $field;
315	+ }
316	+
317	private function get_fields_sorted()
318	{
319	$fields = $this->merge_tags[ 'all_fields' ][ 'fields' ];

ninja-forms.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Ninja Forms
4	Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
5	Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
6	- Version: 3.4.24
7	Author: Saturday Drive
8	Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
9	Text Domain: ninja-forms
	@@ -59,7 +59,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
59	* @since 3.0
60	*/
61
62	- const VERSION = '3.4.24';
63
64	/**
65	* @since 3.4.0


3	Plugin Name: Ninja Forms
4	Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
5	Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
6	+ Version: 3.4.24.1
7	Author: Saturday Drive
8	Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
9	Text Domain: ninja-forms

59	* @since 3.0
60	*/
61
62	+ const VERSION = '3.4.24.1';
63
64	/**
65	* @since 3.4.0

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
3	Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
4	Requires at least: 5.1
5	Tested up to: 5.3
6	- Stable tag: 3.4.24
7	License: GPLv2 or later
8
9	The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
	@@ -303,7 +303,11 @@ This section describes how to install the plugin and get it working.
303
304	== Upgrade Notice ==
305
306	- = 3.4.24 (2 March 2020) =




307
308	Bugs:
309
	@@ -322,6 +326,12 @@ This section describes how to install the plugin and get it working.
322
323	== Changelog ==
324






325	= 3.4.24 (2 March 2020) =
326
327	Bugs:


3	Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
4	Requires at least: 5.1
5	Tested up to: 5.3
6	+ Stable tag: 3.4.24.1
7	License: GPLv2 or later
8
9	The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

303
304	== Upgrade Notice ==
305
306	+ = 3.4.24.1 (5 March 2020) =
307	+
308	+ Security:
309	+
310	+ * Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.
311
312	Bugs:
313

326
327	== Changelog ==
328
329	+ = 3.4.24.1 (5 March 2020) =
330	+
331	+ Security:
332	+
333	+ * Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.
334	+
335	= 3.4.24 (2 March 2020) =
336
337	Bugs:

Ninja Forms – The Easy and Powerful Forms Builder - Version 3.4.24.1

Version Description

Release Info

Code changes from version 3.4.24 to 3.4.24.1