Version Description
(21 May 2020) =
Security:
- Patched an HTML injection vulnerability in our deprecated 2.9x codebase reported responsibly by Dave Job.
Bugs:
- Corrected an error in our required field validation that was allowing targeted spam through the submission process.
=
Download this release
Release Info
Developer | krmoorhouse |
Plugin | Ninja Forms – The Easy and Powerful Forms Builder |
Version | 3.4.24.3 |
Comparing to | |
See all releases |
Code changes from version 3.4.24.2 to 3.4.24.3
deprecated/includes/display/processing/class-ninja-forms-processing.php
CHANGED
@@ -145,7 +145,8 @@ class Ninja_Forms_Processing {
|
|
145 |
}
|
146 |
|
147 |
$val = nf_wp_kses_post_deep( $val );
|
148 |
-
|
|
|
149 |
$this->data['fields'][$field_id] = $val;
|
150 |
$field_row = ninja_forms_get_field_by_id( $field_id );
|
151 |
$field_row['data']['field_class'] = 'ninja-forms-field';
|
@@ -174,9 +175,11 @@ class Ninja_Forms_Processing {
|
|
174 |
if(!is_array($val)){
|
175 |
$value = stripslashes($val);
|
176 |
$value = nf_wp_kses_post_deep( $value );
|
|
|
177 |
//$value = htmlspecialchars($value);
|
178 |
}else{
|
179 |
$value = nf_wp_kses_post_deep( $val );
|
|
|
180 |
}
|
181 |
$this->data['form'][$key] = $value;
|
182 |
}
|
@@ -203,6 +206,7 @@ class Ninja_Forms_Processing {
|
|
203 |
|
204 |
$val = ninja_forms_stripslashes_deep( $val );
|
205 |
$val = nf_wp_kses_post_deep( $val );
|
|
|
206 |
|
207 |
$this->data['fields'][$field_id] = $val;
|
208 |
if ( isset ( $cache['field_settings'][$field_id] ) ) {
|
145 |
}
|
146 |
|
147 |
$val = nf_wp_kses_post_deep( $val );
|
148 |
+
$val = ninja_forms_htmlspecialchars_deep( $val );
|
149 |
+
|
150 |
$this->data['fields'][$field_id] = $val;
|
151 |
$field_row = ninja_forms_get_field_by_id( $field_id );
|
152 |
$field_row['data']['field_class'] = 'ninja-forms-field';
|
175 |
if(!is_array($val)){
|
176 |
$value = stripslashes($val);
|
177 |
$value = nf_wp_kses_post_deep( $value );
|
178 |
+
$value = ninja_forms_htmlspecialchars_deep( $value );
|
179 |
//$value = htmlspecialchars($value);
|
180 |
}else{
|
181 |
$value = nf_wp_kses_post_deep( $val );
|
182 |
+
$value = ninja_forms_htmlspecialchars_deep( $val );
|
183 |
}
|
184 |
$this->data['form'][$key] = $value;
|
185 |
}
|
206 |
|
207 |
$val = ninja_forms_stripslashes_deep( $val );
|
208 |
$val = nf_wp_kses_post_deep( $val );
|
209 |
+
$val = ninja_forms_htmlspecialchars_deep( $val );
|
210 |
|
211 |
$this->data['fields'][$field_id] = $val;
|
212 |
if ( isset ( $cache['field_settings'][$field_id] ) ) {
|
deprecated/ninja-forms.php
CHANGED
@@ -265,7 +265,7 @@ class Ninja_Forms {
|
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
-
define( 'NF_PLUGIN_VERSION', '3.4.24.
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
265 |
|
266 |
// Plugin version
|
267 |
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
|
268 |
+
define( 'NF_PLUGIN_VERSION', '3.4.24.3' );
|
269 |
|
270 |
// Plugin Folder Path
|
271 |
if ( ! defined( 'NF_PLUGIN_DIR' ) )
|
includes/Abstracts/Field.php
CHANGED
@@ -146,8 +146,12 @@ abstract class NF_Abstracts_Field
|
|
146 |
$field[ 'value' ] = implode( '', $field[ 'value' ] );
|
147 |
}
|
148 |
|
149 |
-
if( isset( $field['required'] ) && 1 ==
|
150 |
-
$
|
|
|
|
|
|
|
|
|
151 |
}
|
152 |
return $errors;
|
153 |
}
|
146 |
$field[ 'value' ] = implode( '', $field[ 'value' ] );
|
147 |
}
|
148 |
|
149 |
+
if( isset( $field['required'] ) && 1 == intval( $field['required'] ) ) {
|
150 |
+
$val = trim( $field['value'] );
|
151 |
+
if( empty( $val ) && '0' !== $val ){
|
152 |
+
$errors['slug'] = 'required-error';
|
153 |
+
$errors['message'] = esc_html__('This field is required.', 'ninja-forms');
|
154 |
+
}
|
155 |
}
|
156 |
return $errors;
|
157 |
}
|
includes/MergeTags/Fields.php
CHANGED
@@ -193,7 +193,10 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
193 |
|
194 |
$value = apply_filters('ninja_forms_merge_tag_value_' . $field['type'], $field['value'], $field);
|
195 |
|
196 |
-
|
|
|
|
|
|
|
197 |
|
198 |
if( isset( $field[ 'key' ] ) ) {
|
199 |
$field_key = $field[ 'key' ];
|
@@ -201,17 +204,15 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
201 |
|
202 |
// Add Field Key Callback
|
203 |
$callback = 'field_' . $field_key;
|
204 |
-
$this->add( $callback, $field_key, '{field:' . $field_key . '}', $value, $calc_value );
|
205 |
|
206 |
// Add Field by Key for All Fields
|
207 |
$this->merge_tags[ 'all_fields_by_key' ][ 'fields' ][ $field_key ] = $field;
|
208 |
|
209 |
// Add Field Calc Callabck
|
210 |
if( '' == $calc_value ) $calc_value = '0';
|
211 |
-
//var_dump($calc_value);
|
212 |
-
//echo('myspace');
|
213 |
$callback = 'field_' . $field_key . '_calc';
|
214 |
-
$this->add( $callback, $field_key, '{field:' . $field_key . ':calc}', $calc_value, $calc_value );
|
215 |
|
216 |
|
217 |
/*
|
@@ -286,6 +287,7 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
286 |
* @param $tag
|
287 |
* @param $value
|
288 |
* @param bool $calc_value
|
|
|
289 |
*/
|
290 |
public function add( $callback, $id, $tag, $value, $calc_value = false, $sanitize = true )
|
291 |
{
|
@@ -308,7 +310,9 @@ final class NF_MergeTags_Fields extends NF_Abstracts_MergeTags
|
|
308 |
|
309 |
public function maybe_sanitize( $field )
|
310 |
{
|
311 |
-
|
|
|
|
|
312 |
$field['value'] = strip_tags($field['value']);
|
313 |
}
|
314 |
return $field;
|
193 |
|
194 |
$value = apply_filters('ninja_forms_merge_tag_value_' . $field['type'], $field['value'], $field);
|
195 |
|
196 |
+
$safe = apply_filters('ninja_forms_get_html_safe_fields',
|
197 |
+
array( 'html' ) );
|
198 |
+
$sanitize = (! in_array($field['type'], $safe));
|
199 |
+
$this->add( $callback, $field['id'], '{field:' . $field['id'] . '}', $value, false, $sanitize );
|
200 |
|
201 |
if( isset( $field[ 'key' ] ) ) {
|
202 |
$field_key = $field[ 'key' ];
|
204 |
|
205 |
// Add Field Key Callback
|
206 |
$callback = 'field_' . $field_key;
|
207 |
+
$this->add( $callback, $field_key, '{field:' . $field_key . '}', $value, $calc_value, $sanitize );
|
208 |
|
209 |
// Add Field by Key for All Fields
|
210 |
$this->merge_tags[ 'all_fields_by_key' ][ 'fields' ][ $field_key ] = $field;
|
211 |
|
212 |
// Add Field Calc Callabck
|
213 |
if( '' == $calc_value ) $calc_value = '0';
|
|
|
|
|
214 |
$callback = 'field_' . $field_key . '_calc';
|
215 |
+
$this->add( $callback, $field_key, '{field:' . $field_key . ':calc}', $calc_value, $calc_value, $sanitize );
|
216 |
|
217 |
|
218 |
/*
|
287 |
* @param $tag
|
288 |
* @param $value
|
289 |
* @param bool $calc_value
|
290 |
+
* @param bool $sanitize
|
291 |
*/
|
292 |
public function add( $callback, $id, $tag, $value, $calc_value = false, $sanitize = true )
|
293 |
{
|
310 |
|
311 |
public function maybe_sanitize( $field )
|
312 |
{
|
313 |
+
$safe = apply_filters( 'ninja_forms_get_html_safe_fields',
|
314 |
+
array( 'html' ) );
|
315 |
+
if ( ! in_array( $field['type'], $safe ) && $this->use_safe ) {
|
316 |
$field['value'] = strip_tags($field['value']);
|
317 |
}
|
318 |
return $field;
|
ninja-forms.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
-
Version: 3.4.24.
|
7 |
Author: Saturday Drive
|
8 |
Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
|
9 |
Text Domain: ninja-forms
|
@@ -59,7 +59,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
|
|
59 |
* @since 3.0
|
60 |
*/
|
61 |
|
62 |
-
const VERSION = '3.4.24.
|
63 |
|
64 |
/**
|
65 |
* @since 3.4.0
|
3 |
Plugin Name: Ninja Forms
|
4 |
Plugin URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=readme
|
5 |
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
|
6 |
+
Version: 3.4.24.3
|
7 |
Author: Saturday Drive
|
8 |
Author URI: http://ninjaforms.com/?utm_source=Ninja+Forms+Plugin&utm_medium=Plugins+WP+Dashboard
|
9 |
Text Domain: ninja-forms
|
59 |
* @since 3.0
|
60 |
*/
|
61 |
|
62 |
+
const VERSION = '3.4.24.3';
|
63 |
|
64 |
/**
|
65 |
* @since 3.4.0
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
|
|
3 |
Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
|
4 |
Requires at least: 5.2
|
5 |
Tested up to: 5.4
|
6 |
-
Stable tag: 3.4.24.
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
|
@@ -303,14 +303,28 @@ This section describes how to install the plugin and get it working.
|
|
303 |
|
304 |
== Upgrade Notice ==
|
305 |
|
306 |
-
= 3.4.24.
|
307 |
|
308 |
*Security:*
|
309 |
|
310 |
-
*
|
|
|
|
|
|
|
|
|
311 |
|
312 |
== Changelog ==
|
313 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
314 |
= 3.4.24.2 (28 April 2020) =
|
315 |
|
316 |
*Security:*
|
3 |
Tags: forms, contact form, email form, form builder, custom form, pdf form, registration form, payment form, login form, contact me, signature form, upload form, file upload form, conditional form, feedback form, appointment form, quote form, survey form, contact button, signup form, form plugin, contact form plugin, subscription form, email subscription form, newsletter form, donation form, booking form, quote request form, multi page form, conditional logic form, subscription form, application form, employment verification form, star rating form, rating form, event form, mailchimp form, campaign monitor form, constant contact form, mailpoet form, aweber form, cleverreach form, emma form, convertkit form, active campaign form, salesforce form, zoho form, capsule form, insightly form, pipelinedeals form, onepagecrm form
|
4 |
Requires at least: 5.2
|
5 |
Tested up to: 5.4
|
6 |
+
Stable tag: 3.4.24.3
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
|
303 |
|
304 |
== Upgrade Notice ==
|
305 |
|
306 |
+
= 3.4.24.3 (21 May 2020) =
|
307 |
|
308 |
*Security:*
|
309 |
|
310 |
+
* Patched an HTML injection vulnerability in our deprecated 2.9x codebase [reported responsibly](https://ninjaforms.com/security) by Dave Job.
|
311 |
+
|
312 |
+
*Bugs:*
|
313 |
+
|
314 |
+
* Corrected an error in our required field validation that was allowing targeted spam through the submission process.
|
315 |
|
316 |
== Changelog ==
|
317 |
|
318 |
+
= 3.4.24.3 (21 May 2020) =
|
319 |
+
|
320 |
+
*Security:*
|
321 |
+
|
322 |
+
* Patched an HTML injection vulnerability in our deprecated 2.9x codebase [reported responsibly](https://ninjaforms.com/security) by Dave Job.
|
323 |
+
|
324 |
+
*Bugs:*
|
325 |
+
|
326 |
+
* Corrected an error in our required field validation that was allowing targeted spam through the submission process.
|
327 |
+
|
328 |
= 3.4.24.2 (28 April 2020) =
|
329 |
|
330 |
*Security:*
|