Version Description
(28 April 2020) =
Security:
- Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) reported responsibly by Ramuel Gall (Wordfence Threat Intelligence Team).
=
Download this release
Release Info
Developer | krmoorhouse |
Plugin | Ninja Forms – The Easy and Powerful Forms Builder |
Version | 3.4.24.2 |
Comparing to | |
See all releases |
Code changes from version 3.4.24.1 to 3.4.24.2
- deprecated/ninja-forms.php +1 -1
- deprecated/upgrade/upgrade.js +2 -2
- lib/NF_Upgrade.php +4 -0
- ninja-forms.php +2 -2
- readme.txt +9 -18
deprecated/ninja-forms.php
CHANGED
@@ -265,7 +265,7 @@ class Ninja_Forms {
|
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
-
define( 'NF_PLUGIN_VERSION', '3.4.24.
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
+
define( 'NF_PLUGIN_VERSION', '3.4.24.2' );
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
deprecated/upgrade/upgrade.js
CHANGED
@@ -132,7 +132,7 @@ jQuery(document).ready(function($) {
|
|
132 |
$.post( ajaxurl, { nf2to3: 1, action: 'ninja_forms_ajax_migrate_database', security: nfThreeUpgrade.nonce }, function( response ) {
|
133 |
|
134 |
$.post( ajaxurl, { action: 'nfThreeUpgrade_GetSerializedFields' }, function( fieldsExport ) {
|
135 |
-
$.post(ajaxurl, { nf2to3: 1, fields: fieldsExport.serialized, action: 'ninja_forms_ajax_import_fields' }, function ( fieldsImport ) {
|
136 |
app.convertForms();
|
137 |
}, 'json' );
|
138 |
}, 'json' );
|
@@ -155,7 +155,7 @@ jQuery(document).ready(function($) {
|
|
155 |
app.updateTable();
|
156 |
|
157 |
$.post(ajaxurl, {action: 'nfThreeUpgrade_GetSerializedForm', formID: form.id}, function ( formExport ) {
|
158 |
-
$.post(ajaxurl, { nf2to3: 1, action: 'ninja_forms_ajax_import_form', formID: form.id, import: formExport.serialized, flagged: form.flagged }, function ( formImport ) {
|
159 |
form.converted = true;
|
160 |
form.icon = 'yes';
|
161 |
app.updateTable();
|
132 |
$.post( ajaxurl, { nf2to3: 1, action: 'ninja_forms_ajax_migrate_database', security: nfThreeUpgrade.nonce }, function( response ) {
|
133 |
|
134 |
$.post( ajaxurl, { action: 'nfThreeUpgrade_GetSerializedFields' }, function( fieldsExport ) {
|
135 |
+
$.post(ajaxurl, { nf2to3: 1, fields: fieldsExport.serialized, action: 'ninja_forms_ajax_import_fields', security: nfThreeUpgrade.nonce }, function ( fieldsImport ) {
|
136 |
app.convertForms();
|
137 |
}, 'json' );
|
138 |
}, 'json' );
|
155 |
app.updateTable();
|
156 |
|
157 |
$.post(ajaxurl, {action: 'nfThreeUpgrade_GetSerializedForm', formID: form.id}, function ( formExport ) {
|
158 |
+
$.post(ajaxurl, { nf2to3: 1, action: 'ninja_forms_ajax_import_form', security: nfThreeUpgrade.nonce, formID: form.id, import: formExport.serialized, flagged: form.flagged }, function ( formImport ) {
|
159 |
form.converted = true;
|
160 |
form.icon = 'yes';
|
161 |
app.updateTable();
|
lib/NF_Upgrade.php
CHANGED
@@ -25,6 +25,8 @@ function ninja_forms_ajax_migrate_database(){
|
|
25 |
add_action( 'wp_ajax_ninja_forms_ajax_import_form', 'ninja_forms_ajax_import_form' );
|
26 |
function ninja_forms_ajax_import_form(){
|
27 |
if( ! current_user_can( apply_filters( 'ninja_forms_admin_upgrade_import_form_capabilities', 'manage_options' ) ) ) return;
|
|
|
|
|
28 |
|
29 |
$import = stripslashes( $_POST[ 'import' ] );
|
30 |
|
@@ -48,6 +50,8 @@ function ninja_forms_ajax_import_form(){
|
|
48 |
add_action( 'wp_ajax_ninja_forms_ajax_import_fields', 'ninja_forms_ajax_import_fields' );
|
49 |
function ninja_forms_ajax_import_fields(){
|
50 |
if( ! current_user_can( apply_filters( 'ninja_forms_admin_upgrade_import_fields_capabilities', 'manage_options' ) ) ) return;
|
|
|
|
|
51 |
$fields = stripslashes( WPN_Helper::esc_html($_POST[ 'fields' ]) ); // TODO: How to sanitize serialized string?
|
52 |
$fields = maybe_unserialize( $fields );
|
53 |
|
25 |
add_action( 'wp_ajax_ninja_forms_ajax_import_form', 'ninja_forms_ajax_import_form' );
|
26 |
function ninja_forms_ajax_import_form(){
|
27 |
if( ! current_user_can( apply_filters( 'ninja_forms_admin_upgrade_import_form_capabilities', 'manage_options' ) ) ) return;
|
28 |
+
if ( ! isset( $_POST[ 'security' ] ) ) return;
|
29 |
+
if ( ! wp_verify_nonce( $_POST[ 'security' ], 'ninja_forms_upgrade_nonce' ) ) return;
|
30 |
|
31 |
$import = stripslashes( $_POST[ 'import' ] );
|
32 |
|
50 |
add_action( 'wp_ajax_ninja_forms_ajax_import_fields', 'ninja_forms_ajax_import_fields' );
|
51 |
function ninja_forms_ajax_import_fields(){
|
52 |
if( ! current_user_can( apply_filters( 'ninja_forms_admin_upgrade_import_fields_capabilities', 'manage_options' ) ) ) return;
|
53 |
+
if ( ! isset( $_POST[ 'security' ] ) ) return;
|
54 |
+
if ( ! wp_verify_nonce( $_POST[ 'security' ], 'ninja_forms_upgrade_nonce' ) ) return;
|
55 |
$fields = stripslashes( WPN_Helper::esc_html($_POST[ 'fields' ]) ); // TODO: How to sanitize serialized string?
|
56 |
$fields = maybe_unserialize( $fields );
|
57 |
|
ninja-forms.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
-
Version: 3.4.24.
|
7 |
Author: Saturday Drive
|
8 |
Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
|
9 |
Text Domain: ninja-forms
|
@@ -59,7 +59,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
|
|
59 |
* @since 3.0
|
60 |
*/
|
61 |
|
62 |
-
const VERSION = '3.4.24.
|
63 |
|
64 |
/**
|
65 |
* @since 3.4.0
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
+
Version: 3.4.24.2
|
7 |
Author: Saturday Drive
|
8 |
Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
|
9 |
Text Domain: ninja-forms
|
59 |
* @since 3.0
|
60 |
*/
|
61 |
|
62 |
+
const VERSION = '3.4.24.2';
|
63 |
|
64 |
/**
|
65 |
* @since 3.4.0
|
readme.txt
CHANGED
@@ -1,9 +1,9 @@
|
|
1 |
=== Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress ===
|
2 |
Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorhouse, jmcelhaney, wpnzach, ericwindhamsd
|
3 |
Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
|
4 |
-
Requires at least: 5.
|
5 |
-
Tested up to: 5.
|
6 |
-
Stable tag: 3.4.24.
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
|
@@ -303,28 +303,19 @@ This section describes how to install the plugin and get it working.
|
|
303 |
|
304 |
== Upgrade Notice ==
|
305 |
|
306 |
-
= 3.4.24.
|
307 |
|
308 |
*Security:*
|
309 |
|
310 |
-
*
|
311 |
|
312 |
-
|
313 |
-
|
314 |
-
* User permission filters should now work as expected.
|
315 |
-
* Select image fields should now work properly when dev mode is disabled.
|
316 |
-
* Resolved an error that was causing php warnings on some API calls.
|
317 |
-
* Email settings should now properly read email addresses surrounded by <> characters.
|
318 |
-
* Resolved an error that was causing deprecated function warnings in php error logs.
|
319 |
-
* Forms with calculations should now display properly on sites using a "formal" language setting.
|
320 |
-
* Export should now properly appear as an option in the bulk actions on the submissions page.
|
321 |
-
* Resolved an error that was preventing the add-on manager from installing plugins.
|
322 |
|
323 |
-
|
324 |
|
325 |
-
*
|
326 |
|
327 |
-
|
328 |
|
329 |
= 3.4.24.1 (5 March 2020) =
|
330 |
|
1 |
=== Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress ===
|
2 |
Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorhouse, jmcelhaney, wpnzach, ericwindhamsd
|
3 |
Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
|
4 |
+
Requires at least: 5.2
|
5 |
+
Tested up to: 5.4
|
6 |
+
Stable tag: 3.4.24.2
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
|
303 |
|
304 |
== Upgrade Notice ==
|
305 |
|
306 |
+
= 3.4.24.2 (28 April 2020) =
|
307 |
|
308 |
*Security:*
|
309 |
|
310 |
+
* Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) [reported responsibly](https://ninjaforms.com/security) by Ramuel Gall (Wordfence Threat Intelligence Team).
|
311 |
|
312 |
+
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
313 |
|
314 |
+
= 3.4.24.2 (28 April 2020) =
|
315 |
|
316 |
+
*Security:*
|
317 |
|
318 |
+
* Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) [reported responsibly](https://ninjaforms.com/security) by Ramuel Gall (Wordfence Threat Intelligence Team).
|
319 |
|
320 |
= 3.4.24.1 (5 March 2020) =
|
321 |
|