Version Description
(5 March 2020) =
Security:
- Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.
Bugs:
- User permission filters should now work as expected.
- Select image fields should now work properly when dev mode is disabled.
- Resolved an error that was causing php warnings on some API calls.
- Email settings should now properly read email addresses surrounded by <> characters.
- Resolved an error that was causing deprecated function warnings in php error logs.
- Forms with calculations should now display properly on sites using a "formal" language setting.
- Export should now properly appear as an option in the bulk actions on the submissions page.
- Resolved an error that was preventing the add-on manager from installing plugins.
Changes:
- Add-on updates will now enforce php requirements if the current version on the installation is below the minimum for the add-on.
=
Download this release
Release Info
Developer | krmoorhouse |
Plugin | Ninja Forms – The Easy and Powerful Forms Builder |
Version | 3.4.24.1 |
Comparing to | |
See all releases |
Code changes from version 3.4.24 to 3.4.24.1
- deprecated/ninja-forms.php +1 -1
- includes/Abstracts/MergeTags.php +18 -2
- includes/MergeTags/Fields.php +26 -4
- ninja-forms.php +2 -2
- readme.txt +12 -2
deprecated/ninja-forms.php
CHANGED
@@ -265,7 +265,7 @@ class Ninja_Forms {
|
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
-
define( 'NF_PLUGIN_VERSION', '3.4.24' );
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
+
define( 'NF_PLUGIN_VERSION', '3.4.24.1' );
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
includes/Abstracts/MergeTags.php
CHANGED
@@ -13,14 +13,16 @@ abstract class NF_Abstracts_MergeTags
|
|
13 |
|
14 |
protected $_default_group = TRUE;
|
15 |
|
|
|
|
|
16 |
public function __construct()
|
17 |
{
|
18 |
add_filter( 'kbj_test', array( $this, 'replace' ) );
|
19 |
|
20 |
add_filter( 'ninja_forms_render_default_value', array( $this, 'replace' ) );
|
21 |
|
22 |
-
add_filter( 'ninja_forms_run_action_settings', array( $this, '
|
23 |
-
add_filter( 'ninja_forms_run_action_settings_preview', array( $this, '
|
24 |
|
25 |
add_filter( 'ninja_forms_calc_setting', array( $this, 'replace' ) );
|
26 |
|
@@ -28,6 +30,20 @@ abstract class NF_Abstracts_MergeTags
|
|
28 |
add_filter( 'ninja_forms_merge_tags', array( $this, 'replace' ) );
|
29 |
}
|
30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
31 |
public function replace( $subject )
|
32 |
{
|
33 |
if( is_array( $subject ) ){
|
13 |
|
14 |
protected $_default_group = TRUE;
|
15 |
|
16 |
+
protected $use_safe = FALSE;
|
17 |
+
|
18 |
public function __construct()
|
19 |
{
|
20 |
add_filter( 'kbj_test', array( $this, 'replace' ) );
|
21 |
|
22 |
add_filter( 'ninja_forms_render_default_value', array( $this, 'replace' ) );
|
23 |
|
24 |
+
add_filter( 'ninja_forms_run_action_settings', array( $this, 'action_replace' ) );
|
25 |
+
add_filter( 'ninja_forms_run_action_settings_preview', array( $this, 'action_replace' ) );
|
26 |
|
27 |
add_filter( 'ninja_forms_calc_setting', array( $this, 'replace' ) );
|
28 |
|
30 |
add_filter( 'ninja_forms_merge_tags', array( $this, 'replace' ) );
|
31 |
}
|
32 |
|
33 |
+
public function action_replace( $subject ) {
|
34 |
+
if( is_array($subject) && isset($subject['objectType']) && 'Action' == $subject['objectType'] ) {
|
35 |
+
if( 'email' == $subject['type'] ) {
|
36 |
+
$this->use_safe = true;
|
37 |
+
} else {
|
38 |
+
$this->use_safe = false;
|
39 |
+
}
|
40 |
+
}
|
41 |
+
$subject = $this->replace( $subject );
|
42 |
+
// Make sure we reset use_safe after we finish replacing.
|
43 |
+
$this->use_safe = false;
|
44 |
+
return $subject;
|
45 |
+
}
|
46 |
+
|
47 |
public function replace( $subject )
|
48 |
{
|
49 |
if( is_array( $subject ) ){
|
includes/MergeTags/Fields.php
CHANGED
@@ -27,6 +27,9 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
27 |
if(isset($arguments[0]['calc'])) {
|
28 |
return $this->merge_tags[ $name ][ 'calc_value' ];
|
29 |
}
|
|
|
|
|
|
|
30 |
return $this->merge_tags[ $name ][ 'field_value' ];
|
31 |
}
|
32 |
|
@@ -50,6 +53,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
50 |
|
51 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
52 |
|
|
|
|
|
53 |
$return .= '<tr><td>' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
|
54 |
}
|
55 |
$return .= '</table>';
|
@@ -89,6 +94,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
89 |
|
90 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
91 |
|
|
|
|
|
92 |
// Check to see if the type is a list field and if it is...
|
93 |
$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
|
94 |
}
|
@@ -137,6 +144,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
137 |
|
138 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
139 |
|
|
|
|
|
140 |
$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
|
141 |
}
|
142 |
$return .= '</table>';
|
@@ -154,6 +163,8 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
154 |
|
155 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
156 |
|
|
|
|
|
157 |
$return .= $field[ 'label' ] .': ' . $field[ 'value' ] . "\r\n";
|
158 |
}
|
159 |
return $return;
|
@@ -182,7 +193,7 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
182 |
|
183 |
$value = apply_filters('ninja_forms_merge_tag_value_' . $field['type'], $field['value'], $field);
|
184 |
|
185 |
-
$this->add( $callback, $field['id'], '{field:' . $field['id'] . '}', $value );
|
186 |
|
187 |
if( isset( $field[ 'key' ] ) ) {
|
188 |
$field_key = $field[ 'key' ];
|
@@ -276,15 +287,18 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
276 |
* @param $value
|
277 |
* @param bool $calc_value
|
278 |
*/
|
279 |
-
public function add( $callback, $id, $tag, $value, $calc_value = false )
|
280 |
{
|
281 |
$this->merge_tags[ $callback ] = array(
|
282 |
'id' => $id,
|
283 |
'tag' => $tag,
|
284 |
'callback' => $callback,
|
285 |
-
|
286 |
'calc_value' => ($calc_value === false) ? $value : $calc_value,
|
287 |
-
|
|
|
|
|
|
|
288 |
}
|
289 |
|
290 |
public function set_form_id( $form_id )
|
@@ -292,6 +306,14 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
292 |
$this->form_id = $form_id;
|
293 |
}
|
294 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
295 |
private function get_fields_sorted()
|
296 |
{
|
297 |
$fields = $this->merge_tags[ 'all_fields' ][ 'fields' ];
|
27 |
if(isset($arguments[0]['calc'])) {
|
28 |
return $this->merge_tags[ $name ][ 'calc_value' ];
|
29 |
}
|
30 |
+
if($this->use_safe && isset($this->merge_tags[ $name ][ 'safe_value' ])) {
|
31 |
+
return $this->merge_tags[ $name ][ 'safe_value' ];
|
32 |
+
}
|
33 |
return $this->merge_tags[ $name ][ 'field_value' ];
|
34 |
}
|
35 |
|
53 |
|
54 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
55 |
|
56 |
+
$field = $this->maybe_sanitize( $field );
|
57 |
+
|
58 |
$return .= '<tr><td>' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
|
59 |
}
|
60 |
$return .= '</table>';
|
94 |
|
95 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
96 |
|
97 |
+
$field = $this->maybe_sanitize( $field );
|
98 |
+
|
99 |
// Check to see if the type is a list field and if it is...
|
100 |
$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
|
101 |
}
|
144 |
|
145 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
146 |
|
147 |
+
$field = $this->maybe_sanitize( $field );
|
148 |
+
|
149 |
$return .= '<tr><td valign="top">' . apply_filters('ninja_forms_merge_label', $field[ 'label' ], $field, $this->form_id) .':</td><td>' . $field[ 'value' ] . '</td></tr>';
|
150 |
}
|
151 |
$return .= '</table>';
|
163 |
|
164 |
if( is_array( $field[ 'value' ] ) ) $field[ 'value' ] = implode( ', ', $field[ 'value' ] );
|
165 |
|
166 |
+
$field = $this->maybe_sanitize( $field );
|
167 |
+
|
168 |
$return .= $field[ 'label' ] .': ' . $field[ 'value' ] . "\r\n";
|
169 |
}
|
170 |
return $return;
|
193 |
|
194 |
$value = apply_filters('ninja_forms_merge_tag_value_' . $field['type'], $field['value'], $field);
|
195 |
|
196 |
+
$this->add( $callback, $field['id'], '{field:' . $field['id'] . '}', $value, false, ('html' !== $field['type']) );
|
197 |
|
198 |
if( isset( $field[ 'key' ] ) ) {
|
199 |
$field_key = $field[ 'key' ];
|
287 |
* @param $value
|
288 |
* @param bool $calc_value
|
289 |
*/
|
290 |
+
public function add( $callback, $id, $tag, $value, $calc_value = false, $sanitize = true )
|
291 |
{
|
292 |
$this->merge_tags[ $callback ] = array(
|
293 |
'id' => $id,
|
294 |
'tag' => $tag,
|
295 |
'callback' => $callback,
|
296 |
+
'field_value' => $value,
|
297 |
'calc_value' => ($calc_value === false) ? $value : $calc_value,
|
298 |
+
);
|
299 |
+
if ($sanitize) {
|
300 |
+
$this->merge_tags[ $callback ][ 'safe_value' ] = strip_tags( $value );
|
301 |
+
}
|
302 |
}
|
303 |
|
304 |
public function set_form_id( $form_id )
|
306 |
$this->form_id = $form_id;
|
307 |
}
|
308 |
|
309 |
+
public function maybe_sanitize( $field )
|
310 |
+
{
|
311 |
+
if ( 'html' !== $field['type'] && $this->use_safe ) {
|
312 |
+
$field['value'] = strip_tags($field['value']);
|
313 |
+
}
|
314 |
+
return $field;
|
315 |
+
}
|
316 |
+
|
317 |
private function get_fields_sorted()
|
318 |
{
|
319 |
$fields = $this->merge_tags[ 'all_fields' ][ 'fields' ];
|
ninja-forms.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
-
Version: 3.4.24
|
7 |
Author: Saturday Drive
|
8 |
Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
|
9 |
Text Domain: ninja-forms
|
@@ -59,7 +59,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
|
|
59 |
* @since 3.0
|
60 |
*/
|
61 |
|
62 |
-
const VERSION = '3.4.24';
|
63 |
|
64 |
/**
|
65 |
* @since 3.4.0
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
+
Version: 3.4.24.1
|
7 |
Author: Saturday Drive
|
8 |
Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
|
9 |
Text Domain: ninja-forms
|
59 |
* @since 3.0
|
60 |
*/
|
61 |
|
62 |
+
const VERSION = '3.4.24.1';
|
63 |
|
64 |
/**
|
65 |
* @since 3.4.0
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
|
|
3 |
Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
|
4 |
Requires at least: 5.1
|
5 |
Tested up to: 5.3
|
6 |
-
Stable tag: 3.4.24
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
|
@@ -303,7 +303,11 @@ This section describes how to install the plugin and get it working.
|
|
303 |
|
304 |
== Upgrade Notice ==
|
305 |
|
306 |
-
= 3.4.24 (
|
|
|
|
|
|
|
|
|
307 |
|
308 |
*Bugs:*
|
309 |
|
@@ -322,6 +326,12 @@ This section describes how to install the plugin and get it working.
|
|
322 |
|
323 |
== Changelog ==
|
324 |
|
|
|
|
|
|
|
|
|
|
|
|
|
325 |
= 3.4.24 (2 March 2020) =
|
326 |
|
327 |
*Bugs:*
|
3 |
Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
|
4 |
Requires at least: 5.1
|
5 |
Tested up to: 5.3
|
6 |
+
Stable tag: 3.4.24.1
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
|
303 |
|
304 |
== Upgrade Notice ==
|
305 |
|
306 |
+
= 3.4.24.1 (5 March 2020) =
|
307 |
+
|
308 |
+
*Security:*
|
309 |
+
|
310 |
+
* Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.
|
311 |
|
312 |
*Bugs:*
|
313 |
|
326 |
|
327 |
== Changelog ==
|
328 |
|
329 |
+
= 3.4.24.1 (5 March 2020) =
|
330 |
+
|
331 |
+
*Security:*
|
332 |
+
|
333 |
+
* Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.
|
334 |
+
|
335 |
= 3.4.24 (2 March 2020) =
|
336 |
|
337 |
*Bugs:*
|