Official MailerLite Sign Up Forms - Version 1.5.4

Version Description

  • Fix - Input validation
  • Tested up to latest WP version
Download this release

Release Info

Developer mailerlite
Plugin Icon 128x128 Official MailerLite Sign Up Forms
Version 1.5.4
Comparing to
See all releases

Code changes from version 1.5.3 to 1.5.4

Files changed (8) hide show
  1. mailerlite.php +2 -2
  2. readme.txt +6 -2
  3. src/Admin/Views/EditCustomView.php +7 -2
  4. src/Admin/Views/EditEmbeddedView.php +7 -2
  5. src/Controllers/AdminController.php +4 -4
  6. src/Modules/Gutenberg.php +8 -3
  7. src/Modules/Shortcode.php +2 -2
  8. src/Views/Preview.php +5 -1
mailerlite.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * Plugin Name: MailerLite - Signup forms (official)
4
  * Description: Official MailerLite Signup forms plugin for WordPress. Ability to embed MailerLite webforms and create custom ones just with few clicks.
5
- * Version: 1.5.3
6
  * Author: MailerLite
7
  * Author URI: https://www.mailerlite.com
8
  * License: GPLv2 or later
@@ -33,7 +33,7 @@ define( 'MAILERLITE_PLUGIN_URL', plugins_url( '', __FILE__ ) );
33
  // Plugin basename
34
  define( 'MAILERLITE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
35
 
36
- define( 'MAILERLITE_VERSION', '1.5.3' );
37
 
38
  define( 'MAILERLITE_PHP_VERSION', '7.2.5' );
39
  define( 'MAILERLITE_WP_VERSION', '3.0.1' );
2
  /**
3
  * Plugin Name: MailerLite - Signup forms (official)
4
  * Description: Official MailerLite Signup forms plugin for WordPress. Ability to embed MailerLite webforms and create custom ones just with few clicks.
5
+ * Version: 1.5.4
6
  * Author: MailerLite
7
  * Author URI: https://www.mailerlite.com
8
  * License: GPLv2 or later
33
  // Plugin basename
34
  define( 'MAILERLITE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
35
 
36
+ define( 'MAILERLITE_VERSION', '1.5.4' );
37
 
38
  define( 'MAILERLITE_PHP_VERSION', '7.2.5' );
39
  define( 'MAILERLITE_WP_VERSION', '3.0.1' );
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: mailerlite
3
  Donate link: https://www.mailerlite.com/
4
  Tags: mailerlite, newsletter, subscribe, form, webform
5
  Requires at least: 3.0.1
6
- Tested up to: 5.9.2
7
  Requires PHP: 7.2.5
8
- Stable tag: 1.5.3
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -130,6 +130,10 @@ Add your custom CSS rules to the end of your theme stylesheet, /wp-content/theme
130
 
131
  == Changelog ==
132
 
 
 
 
 
133
  = 1.5.3 =
134
  * Update - API update
135
  * Tested up to latest WP version
3
  Donate link: https://www.mailerlite.com/
4
  Tags: mailerlite, newsletter, subscribe, form, webform
5
  Requires at least: 3.0.1
6
+ Tested up to: 5.9.3
7
  Requires PHP: 7.2.5
8
+ Stable tag: 1.5.4
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
130
 
131
  == Changelog ==
132
 
133
+ = 1.5.4 =
134
+ * Fix - Input validation
135
+ * Tested up to latest WP version
136
+
137
  = 1.5.3 =
138
  * Update - API update
139
  * Tested up to latest WP version
src/Admin/Views/EditCustomView.php CHANGED
@@ -31,6 +31,11 @@ class EditCustomView
31
  private function view($result, $form, $fields, $groups, $can_load_more_groups)
32
  {
33
 
 
 
 
 
 
34
  ?>
35
 
36
  <div class="wrap columns-2 dd-wrap">
@@ -46,7 +51,7 @@ class EditCustomView
46
  <div id="post-body">
47
  <div id="post-body-content">
48
  <form id="edit_custom"
49
- action="<?php echo admin_url( 'admin.php?page=mailerlite_main&view=edit&id=' . ( isset( $_GET['id'] ) ? $_GET['id'] : 0 ) ); ?>"
50
  method="post">
51
 
52
  <input type="text" name="form_name" class="form-large" size="30" maxlength="255"
@@ -55,7 +60,7 @@ class EditCustomView
55
  <div>
56
  <?php echo __( 'Use the shortcode', 'mailerlite' ); ?>
57
  <input type="text" onfocus="this.select();" readonly="readonly"
58
- value="[mailerlite_form form_id=<?php echo( isset( $_GET['id'] ) ? $_GET['id'] : 0 ); ?>]"
59
  size="26">
60
  <?php echo __( 'to display this form inside a post, page or text widget.',
61
  'mailerlite' ); ?>
31
  private function view($result, $form, $fields, $groups, $can_load_more_groups)
32
  {
33
 
34
+ $form_id = 0;
35
+
36
+ if ( isset($_GET['id']) )
37
+ $form_id = absint( $_GET['id'] );
38
+
39
  ?>
40
 
41
  <div class="wrap columns-2 dd-wrap">
51
  <div id="post-body">
52
  <div id="post-body-content">
53
  <form id="edit_custom"
54
+ action="<?php echo admin_url( 'admin.php?page=mailerlite_main&view=edit&id=' . $form_id); ?>"
55
  method="post">
56
 
57
  <input type="text" name="form_name" class="form-large" size="30" maxlength="255"
60
  <div>
61
  <?php echo __( 'Use the shortcode', 'mailerlite' ); ?>
62
  <input type="text" onfocus="this.select();" readonly="readonly"
63
+ value="[mailerlite_form form_id=<?php echo $form_id; ?>]"
64
  size="26">
65
  <?php echo __( 'to display this form inside a post, page or text widget.',
66
  'mailerlite' ); ?>
src/Admin/Views/EditEmbeddedView.php CHANGED
@@ -30,6 +30,11 @@ class EditEmbeddedView
30
  private function view($result, $form, $webforms, $apiType)
31
  {
32
 
 
 
 
 
 
33
  ?>
34
 
35
  <div class="wrap columns-2 dd-wrap">
@@ -44,7 +49,7 @@ class EditEmbeddedView
44
  <?php new SidebarView(); ?>
45
  <div id="post-body">
46
  <div id="post-body-content">
47
- <form action="<?php echo admin_url( 'admin.php?page=mailerlite_main&view=edit&id=' . ( isset( $_GET['id'] ) ? $_GET['id'] : 0 ) ); ?>"
48
  method="post">
49
 
50
  <input type="text" class="form-large" name="form_name" size="30" maxlength="255"
@@ -53,7 +58,7 @@ class EditEmbeddedView
53
  <div>
54
  <?php echo __( 'Use the shortcode', 'mailerlite' ); ?>
55
  <input type="text" onfocus="this.select();" readonly="readonly"
56
- value="[mailerlite_form form_id=<?php echo( isset( $_GET['id'] ) ? $_GET['id'] : 0 ); ?>]"
57
  size="26">
58
  <?php echo __( 'to display this form inside a post, page or text widget.', 'mailerlite' ); ?>
59
  </div>
30
  private function view($result, $form, $webforms, $apiType)
31
  {
32
 
33
+ $form_id = 0;
34
+
35
+ if ( isset($_GET['id']) )
36
+ $form_id = absint( $_GET['id'] );
37
+
38
  ?>
39
 
40
  <div class="wrap columns-2 dd-wrap">
49
  <?php new SidebarView(); ?>
50
  <div id="post-body">
51
  <div id="post-body-content">
52
+ <form action="<?php echo admin_url( 'admin.php?page=mailerlite_main&view=edit&id=' . $form_id ); ?>"
53
  method="post">
54
 
55
  <input type="text" class="form-large" name="form_name" size="30" maxlength="255"
58
  <div>
59
  <?php echo __( 'Use the shortcode', 'mailerlite' ); ?>
60
  <input type="text" onfocus="this.select();" readonly="readonly"
61
+ value="[mailerlite_form form_id=<?php echo $form_id; ?>]"
62
  size="26">
63
  <?php echo __( 'to display this form inside a post, page or text widget.', 'mailerlite' ); ?>
64
  </div>
src/Controllers/AdminController.php CHANGED
@@ -268,7 +268,7 @@ class AdminController
268
 
269
  $form_webform_id = isset( $_POST['form_webform_id'] )
270
  && isset( $parsed_webforms[ $_POST['form_webform_id'] ] )
271
- ? $_POST['form_webform_id'] : 0;
272
 
273
  $form_data = [
274
  'id' => $form_webform_id,
@@ -309,7 +309,7 @@ class AdminController
309
  && $_GET['view'] == 'delete'
310
  && absint( $_GET['id'] ) ) {
311
  $wpdb->delete(
312
- $wpdb->base_prefix . 'mailerlite_forms', [ 'id' => $_GET['id'] ]
313
  );
314
  wp_redirect( 'admin.php?page=mailerlite_main' );
315
  } // Signup forms list
@@ -401,8 +401,8 @@ class AdminController
401
 
402
  check_admin_referer( 'mailerlite_load_more_groups', 'ml_nonce' );
403
 
404
- $form_id = intval( $_POST['form_id'] );
405
- $offset = intval( $_POST['offset'] );
406
 
407
  $query = $wpdb->prepare(
408
  "SELECT *
268
 
269
  $form_webform_id = isset( $_POST['form_webform_id'] )
270
  && isset( $parsed_webforms[ $_POST['form_webform_id'] ] )
271
+ ? absint( $_POST['form_webform_id'] ) : 0;
272
 
273
  $form_data = [
274
  'id' => $form_webform_id,
309
  && $_GET['view'] == 'delete'
310
  && absint( $_GET['id'] ) ) {
311
  $wpdb->delete(
312
+ $wpdb->base_prefix . 'mailerlite_forms', [ 'id' => absint( $_GET['id'] ) ]
313
  );
314
  wp_redirect( 'admin.php?page=mailerlite_main' );
315
  } // Signup forms list
401
 
402
  check_admin_referer( 'mailerlite_load_more_groups', 'ml_nonce' );
403
 
404
+ $form_id = absint( $_POST['form_id'] );
405
+ $offset = absint( $_POST['offset'] );
406
 
407
  $query = $wpdb->prepare(
408
  "SELECT *
src/Modules/Gutenberg.php CHANGED
@@ -129,6 +129,11 @@ class Gutenberg
129
 
130
  global $wpdb;
131
 
 
 
 
 
 
132
  check_admin_referer( 'mailerlite_gutenberg', 'ml_nonce' );
133
 
134
  $query = $wpdb->prepare(
@@ -136,7 +141,7 @@ class Gutenberg
136
  {$wpdb->base_prefix}mailerlite_forms
137
  WHERE id = %d
138
  ORDER BY time DESC",
139
- $_POST['form_id']
140
  );
141
  $form = $wpdb->get_results($query);
142
 
@@ -146,7 +151,7 @@ class Gutenberg
146
 
147
  $nonce = wp_create_nonce('mailerlite_preview');
148
 
149
- $url = admin_url('admin-ajax.php').'?action=mailerlite_gutenberg_form_preview2&ml_nonce='.$nonce.'&form_id='.$_POST['form_id'];
150
 
151
  ob_start();
152
 
@@ -158,7 +163,7 @@ class Gutenberg
158
 
159
  wp_send_json_success( [
160
  'html' => $html,
161
- 'edit_link' => admin_url( 'admin-ajax.php' ) . '?action=mailerlite_redirect_to_form_edit&ml_nonce='.$nonce.'&form_id=' . $_POST['form_id'],
162
  ] );
163
  }
164
  }
129
 
130
  global $wpdb;
131
 
132
+ $form_id = 0;
133
+
134
+ if ( isset($_POST['form_id']) )
135
+ $form_id = absint( $_POST['form_id'] );
136
+
137
  check_admin_referer( 'mailerlite_gutenberg', 'ml_nonce' );
138
 
139
  $query = $wpdb->prepare(
141
  {$wpdb->base_prefix}mailerlite_forms
142
  WHERE id = %d
143
  ORDER BY time DESC",
144
+ $form_id
145
  );
146
  $form = $wpdb->get_results($query);
147
 
151
 
152
  $nonce = wp_create_nonce('mailerlite_preview');
153
 
154
+ $url = admin_url('admin-ajax.php').'?action=mailerlite_gutenberg_form_preview2&ml_nonce='.$nonce.'&form_id='.$form_id;
155
 
156
  ob_start();
157
 
163
 
164
  wp_send_json_success( [
165
  'html' => $html,
166
+ 'edit_link' => admin_url( 'admin-ajax.php' ) . '?action=mailerlite_redirect_to_form_edit&ml_nonce='.$nonce.'&form_id=' . $form_id,
167
  ] );
168
  }
169
  }
src/Modules/Shortcode.php CHANGED
@@ -127,8 +127,8 @@ class Shortcode
127
 
128
  check_admin_referer( 'mailerlite_redirect', 'ml_nonce' );
129
 
130
- $form_id = intval( $_GET['form_id'] );
131
- $apiType = intval( $_GET['platform'] );
132
 
133
  $query = $wpdb->prepare(
134
  "SELECT * FROM
127
 
128
  check_admin_referer( 'mailerlite_redirect', 'ml_nonce' );
129
 
130
+ $form_id = absint( $_GET['form_id'] );
131
+ $apiType = absint( $_GET['platform'] );
132
 
133
  $query = $wpdb->prepare(
134
  "SELECT * FROM
src/Views/Preview.php CHANGED
@@ -29,6 +29,10 @@ class Preview
29
  private function view()
30
  {
31
 
 
 
 
 
32
  ?>
33
 
34
  <html lang="en">
@@ -38,7 +42,7 @@ class Preview
38
  </head>
39
  <body>
40
  <div style='width: 400px;margin: auto;'>
41
- <?php ( new Form() )->load_mailerlite_form( $_GET['form_id'] ); ?>
42
  </div>
43
  <style>
44
  .ml_message_wrapper > * {
29
  private function view()
30
  {
31
 
32
+ $form_id = 0;
33
+
34
+ if ( isset($_GET['form_id']) )
35
+ $form_id = absint( $_GET['form_id'] );
36
  ?>
37
 
38
  <html lang="en">
42
  </head>
43
  <body>
44
  <div style='width: 400px;margin: auto;'>
45
+ <?php ( new Form() )->load_mailerlite_form( $form_id ); ?>
46
  </div>
47
  <style>
48
  .ml_message_wrapper > * {