Official MailerLite Sign Up Forms

Version Description

Fix - Additional security for database queries

Release Info

Developer	mailerlite
Plugin	Official MailerLite Sign Up Forms
Version	1.4.4
Comparing to
See all releases

Code changes from version 1.4.3 to 1.4.4

Files changed (7) hide show

include/mailerlite-admin.php +25 -15
include/mailerlite-form.php +13 -4
include/mailerlite-gutenberg.php +14 -5
include/mailerlite-shortcode.php +12 -5
include/mailerlite-widget.php +12 -7
mailerlite.php +23 -8
readme.txt +5 -2

include/mailerlite-admin.php CHANGED Viewed

	@@ -54,16 +54,18 @@ class MailerLite_Admin {
54	}
55
56	add_action( 'wp_ajax_mailerlite_get_more_groups', 'MailerLite_Admin::ajax_get_more_groups' );
57	- add_action( 'wp_ajax_nopriv_mailerlite_get_more_groups', 'MailerLite_Admin::ajax_get_more_groups' );
58	}
59
60	function ajax_get_more_groups() {
61	global $wpdb;
62
63	- $~~form~~ = $wpdb->~~get_row~~(
64	- "SELECT * ~~FROM " . $wpdb->base_prefix~~
65	- . "mailerlite_forms ~~WHERE id = " . $_POST['form_id']~~


66	);

67
68	$form->data = unserialize( $form->data );
69
	@@ -220,10 +222,13 @@ class MailerLite_Admin {
220
221	$form_id = absint( $_GET['id'] );
222
223	- $~~form~~ = $wpdb->~~get_row~~(
224	- "SELECT * ~~FROM " . $wpdb->base_prefix~~
225	- . "mailerlite_forms ~~WHERE id = " . $form_id~~


226	);

227
228	if ( isset( $form->data ) ) {
229	$form->data = unserialize( $form->data );
	@@ -310,7 +315,7 @@ class MailerLite_Admin {
310
311	$form_selected_groups =[];
312	$selected_groups = explode(';*',$_POST['selected_groups']);
313	-
314	foreach ($selected_groups as $group) {
315	$group = explode('::', $group);
316	$group_data = [];
	@@ -414,9 +419,12 @@ class MailerLite_Admin {
414	include( MAILERLITE_PLUGIN_DIR . 'include/templates/admin/edit_embedded.php' );
415	}
416	} else {
417	- $~~forms_data~~ = ~~$wpdb->get_results(~~
418	- "SELECT * FROM ~~" . $wpdb->base_prefix . "mailerlite_forms ORDER BY time DESC"~~
419	- );



420
421	include( MAILERLITE_PLUGIN_DIR . 'include/templates/admin/main.php' );
422	}
	@@ -430,10 +438,12 @@ class MailerLite_Admin {
430	wp_redirect( 'admin.php?page=mailerlite_main' );
431	} // Signup forms list
432	else {
433	- $~~forms_data~~ = ~~$wpdb->get_results(~~
434	- "SELECT * FROM ~~" . $wpdb->base_prefix~~
435	- ~~. "~~mailerlite_forms ~~ORDER BY time DESC"~~
436	- );


437
438	include( MAILERLITE_PLUGIN_DIR . 'include/templates/admin/main.php' );
439	}


54	}
55
56	add_action( 'wp_ajax_mailerlite_get_more_groups', 'MailerLite_Admin::ajax_get_more_groups' );

57	}
58
59	function ajax_get_more_groups() {
60	global $wpdb;
61
62	+ $query = $wpdb->prepare(
63	+ "SELECT *
64	+ FROM {$wpdb->base_prefix}mailerlite_forms
65	+ WHERE id=%d",
66	+ $_POST['form_id']
67	);
68	+ $form = $wpdb->get_row($query);
69
70	$form->data = unserialize( $form->data );
71

222
223	$form_id = absint( $_GET['id'] );
224
225	+ $query = $wpdb->prepare(
226	+ "SELECT *
227	+ FROM {$wpdb->base_prefix}mailerlite_forms
228	+ WHERE id=%d",
229	+ $form_id
230	);
231	+ $form = $wpdb->get_row($query);
232
233	if ( isset( $form->data ) ) {
234	$form->data = unserialize( $form->data );

315
316	$form_selected_groups =[];
317	$selected_groups = explode(';*',$_POST['selected_groups']);
318	+
319	foreach ($selected_groups as $group) {
320	$group = explode('::', $group);
321	$group_data = [];

419	include( MAILERLITE_PLUGIN_DIR . 'include/templates/admin/edit_embedded.php' );
420	}
421	} else {
422	+ $query = "
423	+ SELECT * FROM
424	+ {$wpdb->base_prefix}mailerlite_forms
425	+ ORDER BY time DESC
426	+ ";
427	+ $forms_data = $wpdb->get_results($query);
428
429	include( MAILERLITE_PLUGIN_DIR . 'include/templates/admin/main.php' );
430	}

438	wp_redirect( 'admin.php?page=mailerlite_main' );
439	} // Signup forms list
440	else {
441	+ $query = "
442	+ SELECT * FROM
443	+ {$wpdb->base_prefix}mailerlite_forms
444	+ ORDER BY time DESC
445	+ ";
446	+ $forms_data = $wpdb->get_results($query);
447
448	include( MAILERLITE_PLUGIN_DIR . 'include/templates/admin/main.php' );
449	}

include/mailerlite-form.php CHANGED Viewed

	@@ -58,10 +58,13 @@ class MailerLite_Form {
58	$api_key = get_option( 'mailerlite_api_key' );
59
60	if ( $form_id > 0 && isset( $form_fields['email'] ) ) {
61	- $~~form~~ = $wpdb->~~get_row~~(
62	- "SELECT * FROM ~~" . $wpdb->base_prefix~~
63	- ~~. "~~mailerlite_forms ~~WHERE id = " . $form_id~~


64	);

65
66	if ( isset( $form->data ) ) {
67
	@@ -199,7 +202,13 @@ add_action(
199	function load_mailerlite_form( $form_id ) {
200	global $wpdb;
201
202	- $~~form~~ = $wpdb->~~get_row~~( ~~"SELECT * FROM " . $wpdb->base_prefix . "mailerlite_forms WHERE id = " . $form_id );~~






203
204	if ( isset( $form->data ) ) {
205	$form_data = unserialize( $form->data );


58	$api_key = get_option( 'mailerlite_api_key' );
59
60	if ( $form_id > 0 && isset( $form_fields['email'] ) ) {
61	+ $query = $wpdb->prepare(
62	+ "SELECT * FROM
63	+ {$wpdb->base_prefix}mailerlite_forms
64	+ WHERE id = %d",
65	+ $form_id
66	);
67	+ $form = $wpdb->get_row($query);
68
69	if ( isset( $form->data ) ) {
70

202	function load_mailerlite_form( $form_id ) {
203	global $wpdb;
204
205	+ $query = $wpdb->prepare(
206	+ "SELECT * FROM
207	+ {$wpdb->base_prefix}mailerlite_forms
208	+ WHERE id = %d",
209	+ $form_id
210	+ );
211	+ $form = $wpdb->get_row($query);
212
213	if ( isset( $form->data ) ) {
214	$form_data = unserialize( $form->data );

include/mailerlite-gutenberg.php CHANGED Viewed

	@@ -54,9 +54,13 @@ class MailerLite_Gutenberg {
54	*/
55	public static function ajax_forms() {
56	global $wpdb;
57	- ~~$forms_data = $wpdb->get_results(~~
58	- ~~"SELECT * FROM " .~~ $~~wpdb->base_prefix~~ . "~~mailerlite_forms ORDER BY time DESC"~~
59	- );




60
61	$forms_data = array_map( function ( $form ) {
62	return [
	@@ -86,9 +90,14 @@ class MailerLite_Gutenberg {
86	public function form_preview_iframe() {
87	global $wpdb;
88
89	- $~~form~~ = $wpdb->~~get_results~~(
90	- "SELECT * FROM ~~`" . $wpdb->base_prefix . "mailerlite_forms` WHERE `id` = " . $_POST['form_id'] . " ORDER BY time DESC"~~




91	);

92
93	if ( count( $form ) === 0 ) {
94	echo wp_send_json_success( [ 'html' => false, 'edit_link' => false ] );


54	*/
55	public static function ajax_forms() {
56	global $wpdb;
57	+
58	+ $query = "
59	+ SELECT * FROM
60	+ {$wpdb->base_prefix}mailerlite_forms
61	+ ORDER BY time DESC
62	+ ";
63	+ $forms_data = $wpdb->get_results($query);
64
65	$forms_data = array_map( function ( $form ) {
66	return [

90	public function form_preview_iframe() {
91	global $wpdb;
92
93	+ $query = $wpdb->prepare(
94	+ "SELECT * FROM
95	+ {$wpdb->base_prefix}mailerlite_forms
96	+ WHERE id = %d
97	+ ORDER BY time DESC",
98	+ $_POST['form_id']
99	);
100	+ $form = $wpdb->get_results($query);
101
102	if ( count( $form ) === 0 ) {
103	echo wp_send_json_success( [ 'html' => false, 'edit_link' => false ] );

include/mailerlite-shortcode.php CHANGED Viewed

	@@ -79,9 +79,11 @@ class MailerLite_Shortcode {
79	return;
80	}
81
82	- $~~forms~~ = ~~$wpdb->get_results(~~
83	- "SELECT * ~~FROM " . $wpdb->base_prefix . "mailerlite_forms"~~
84	- );


85
86	include( MAILERLITE_PLUGIN_DIR . 'include/templates/common/tiny_mce.php' );
87
	@@ -110,9 +112,14 @@ class MailerLite_Shortcode {
110	public function redirect_to_form_edit() {
111	global $wpdb;
112
113	- $~~form~~ = $wpdb->~~get_row~~(
114	- "SELECT * FROM ~~`" . $wpdb->base_prefix . "mailerlite_forms` WHERE `id` = " . $_GET['form_id'] . " ORDER BY time DESC"~~




115	);

116
117	if ( $form != null ) {
118	if ( $form->type == MailerLite_Form::TYPE_CUSTOM ) {


79	return;
80	}
81
82	+ $query = "
83	+ SELECT *
84	+ FROM {$wpdb->base_prefix}mailerlite_forms
85	+ ";
86	+ $forms = $wpdb->get_results($query);
87
88	include( MAILERLITE_PLUGIN_DIR . 'include/templates/common/tiny_mce.php' );
89

112	public function redirect_to_form_edit() {
113	global $wpdb;
114
115	+ $query = $wpdb->prepare(
116	+ "SELECT * FROM
117	+ {$wpdb->base_prefix}mailerlite_forms
118	+ WHERE id = %d
119	+ ORDER BY time DESC",
120	+ $_GET['form_id']
121	);
122	+ $form = $wpdb->get_row($query);
123
124	if ( $form != null ) {
125	if ( $form->type == MailerLite_Form::TYPE_CUSTOM ) {

include/mailerlite-widget.php CHANGED Viewed

	@@ -35,10 +35,13 @@ class MailerLite_Widget extends WP_Widget {
35	&& intval(
36	$instance['mailerlite_form_id']
37	) ? $instance['mailerlite_form_id'] : 0;
38	- $~~form~~ = $wpdb->~~get_row~~(
39	- "SELECT * FROM ~~" . $wpdb->base_prefix . "mailerlite_forms WHERE id = "~~
40	- . $~~form_id~~


41	);

42
43	if ( isset( $form->data ) ) {
44	$form_data = unserialize( $form->data );
	@@ -66,10 +69,12 @@ class MailerLite_Widget extends WP_Widget {
66	public function form( $instance ) {
67	global $wpdb;
68
69	- $~~forms_data~~ = ~~$wpdb->get_results(~~
70	- "SELECT * FROM ~~" . $wpdb->base_prefix~~
71	- ~~. "~~mailerlite_forms ~~ORDER BY time DESC"~~
72	- );


73
74	if ( isset( $instance['mailerlite_form_id'] ) ) {
75	$id = $instance['mailerlite_form_id'];


35	&& intval(
36	$instance['mailerlite_form_id']
37	) ? $instance['mailerlite_form_id'] : 0;
38	+ $query = $wpdb->prepare(
39	+ "SELECT * FROM
40	+ {$wpdb->base_prefix}mailerlite_forms
41	+ WHERE id = %d",
42	+ $form_id
43	);
44	+ $form = $wpdb->get_row($query);
45
46	if ( isset( $form->data ) ) {
47	$form_data = unserialize( $form->data );

69	public function form( $instance ) {
70	global $wpdb;
71
72	+ $query = "
73	+ SELECT * FROM
74	+ {$wpdb->base_prefix}mailerlite_forms
75	+ ORDER BY time DESC
76	+ ";
77	+ $forms_data = $wpdb->get_results($query);
78
79	if ( isset( $instance['mailerlite_form_id'] ) ) {
80	$id = $instance['mailerlite_form_id'];

mailerlite.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	* Plugin Name: Official MailerLite Sign Up Forms
5	* Description: Official MailerLite Sign Up Forms plugin for WordPress. Ability to embed MailerLite webforms and create custom ones just with few clicks.
6	- * Version: 1.4.3
7	* Author: MailerGroup
8	* Author URI: https://www.mailerlite.com
9	* License: GPLv2 or later
	@@ -29,7 +29,7 @@
29	define( 'MAILERLITE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
30	define( 'MAILERLITE_PLUGIN_URL', plugins_url( '', __FILE__ ) );
31
32	- define( 'MAILERLITE_VERSION', '1.4.3' );
33
34	define( 'MAILERLITE_PHP_VERSION', '5.6.0' );
35	define( 'MAILERLITE_WP_VERSION', '3.0.1' );
	@@ -83,13 +83,25 @@ function mailerlite_install() {
83	) DEFAULT " . $charset_collate . ";";
84	dbDelta( $sql );
85
86	- $sql = ~~"ALTER TABLE " .~~ $~~table_name . " " . $charset_collate . ";";~~




87	$wpdb->query( $sql );
88
89	- $sql = ~~"ALTER TABLE " .~~ $~~table_name . " CHANGE `name` `name` TINYTEXT " . $charset_collate . ";";~~




90	$wpdb->query( $sql );
91
92	- $sql = ~~"ALTER TABLE " .~~ $~~table_name . " CHANGE `data` `data` TEXT " . $charset_collate . ";";~~




93	$wpdb->query( $sql );
94	}
95
	@@ -142,8 +154,11 @@ function mailerlite_status_information() {
142
143	// Only if loading the plugin succeeded
144	if ( class_exists( 'MailerLite_Form' ) ) {
145	- $~~forms~~ = ~~$wpdb->get_results( sprintf(~~ "~~SELECT * FROM %smailerlite_forms",~~
146	- ~~$wpdb->base_prefix~~ ~~) );~~



147	$number_of_custom_forms = 0;
148	$number_of_embedded_forms = 0;
149
	@@ -220,4 +235,4 @@ if ( in_array( 'official-mailerlite-sign-up-forms/mailerlite.php', get_option( '
220	require_once( MAILERLITE_PLUGIN_DIR . 'include/mailerlite-admin-status.php' );
221	add_action( 'init', [ 'MailerLite_Admin_Status', 'init' ] );
222	}
223	- }


3	/**
4	* Plugin Name: Official MailerLite Sign Up Forms
5	* Description: Official MailerLite Sign Up Forms plugin for WordPress. Ability to embed MailerLite webforms and create custom ones just with few clicks.
6	+ * Version: 1.4.4
7	* Author: MailerGroup
8	* Author URI: https://www.mailerlite.com
9	* License: GPLv2 or later

29	define( 'MAILERLITE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
30	define( 'MAILERLITE_PLUGIN_URL', plugins_url( '', __FILE__ ) );
31
32	+ define( 'MAILERLITE_VERSION', '1.4.4' );
33
34	define( 'MAILERLITE_PHP_VERSION', '5.6.0' );
35	define( 'MAILERLITE_WP_VERSION', '3.0.1' );

83	) DEFAULT " . $charset_collate . ";";
84	dbDelta( $sql );
85
86	+ $sql = $wpdb->prepare(
87	+ "ALTER TABLE %s %s;",
88	+ $table_name,
89	+ $charset_collate
90	+ );
91	$wpdb->query( $sql );
92
93	+ $sql = $wpdb->prepare(
94	+ "ALTER TABLE %s CHANGE `name` `name` TINYTEXT %s;",
95	+ $table_name,
96	+ $charset_collate
97	+ );
98	$wpdb->query( $sql );
99
100	+ $sql = $wpdb->prepare(
101	+ "ALTER TABLE %s CHANGE `data` `data` TEXT %s;",
102	+ $table_name,
103	+ $charset_collate
104	+ );
105	$wpdb->query( $sql );
106	}
107

154
155	// Only if loading the plugin succeeded
156	if ( class_exists( 'MailerLite_Form' ) ) {
157	+ $query = "
158	+ SELECT *
159	+ FROM {$wpdb->base_prefix}mailerlite_forms
160	+ ";
161	+ $forms = $wpdb->get_results($query);
162	$number_of_custom_forms = 0;
163	$number_of_embedded_forms = 0;
164

235	require_once( MAILERLITE_PLUGIN_DIR . 'include/mailerlite-admin-status.php' );
236	add_action( 'init', [ 'MailerLite_Admin_Status', 'init' ] );
237	}
238	+ }

readme.txt CHANGED Viewed

	@@ -3,9 +3,9 @@ Contributors: mailerlite
3	Donate link: https://www.mailerlite.com/
4	Tags: mailerlite, newsletter, subscribe, form, webform
5	Requires at least: 3.0.1
6	- Tested up to: 5.3.2
7	Requires PHP: 5.6.0
8	- Stable tag: 1.4.3
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
	@@ -130,6 +130,9 @@ Add your custom CSS rules to the end of your theme stylesheet, /wp-content/theme
130
131	== Changelog ==
132



133	= 1.4.3 =
134	* Fix - removed use of deprecated php method
135


3	Donate link: https://www.mailerlite.com/
4	Tags: mailerlite, newsletter, subscribe, form, webform
5	Requires at least: 3.0.1
6	+ Tested up to: 5.4.1
7	Requires PHP: 5.6.0
8	+ Stable tag: 1.4.4
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

130
131	== Changelog ==
132
133	+ = 1.4.4 =
134	+ * Fix - Additional security for database queries
135	+
136	= 1.4.3 =
137	* Fix - removed use of deprecated php method
138

Official MailerLite Sign Up Forms - Version 1.4.4

Version Description

Release Info

Code changes from version 1.4.3 to 1.4.4