Ultimate FAQ - Version 1.8.22

Version Description

  • Fixes a minor possible XSS issue
Download this release

Release Info

Developer Rustaurius
Plugin Icon 128x128 Ultimate FAQ
Version 1.8.22
Comparing to
See all releases

Code changes from version 1.8.21 to 1.8.22

Files changed (6) hide show
  1. Functions/EWD_UFAQ_Import.php +6 -4
  2. Functions/EWD_UFAQ_Submit_Question.php +1 -1
  3. Main.php +1 -1
  4. Shortcodes/DisplayFAQs.php +1 -1
  5. html/WelcomeScreen.php +4 -3
  6. readme.txt +4 -1
Functions/EWD_UFAQ_Import.php CHANGED
@@ -178,20 +178,22 @@ function EWD_UFAQ_Import_From_Spreadsheet() {
178
  $error = __('File must be .csv, .xls or .xlsx', 'ultimate-faqs');
179
  }
180
  else {
181
- $msg = " ";
182
- $msg .= $_FILES['FAQs_Spreadsheet']['name'];
 
 
183
  //for security reason, we force to remove all uploaded file
184
  $target_path = ABSPATH . "wp-content/plugins/ultimate-faqs/faq-sheets/";
185
  //plugins_url("order-tracking/product-sheets/");
186
 
187
- $target_path = $target_path . basename( $_FILES['FAQs_Spreadsheet']['name']);
188
 
189
  if (!move_uploaded_file($_FILES['FAQs_Spreadsheet']['tmp_name'], $target_path)) {
190
  //if (!$upload = wp_upload_bits($_FILES["Item_Image"]["name"], null, file_get_contents($_FILES["Item_Image"]["tmp_name"]))) {
191
  $error .= "There was an error uploading the file, please try again!";
192
  }
193
  else {
194
- $Excel_File_Name = basename( $_FILES['FAQs_Spreadsheet']['name']);
195
  }
196
  }
197
 
178
  $error = __('File must be .csv, .xls or .xlsx', 'ultimate-faqs');
179
  }
180
  else {
181
+ $filename = basename( $_FILES['FAQs_Spreadsheet']['name']);
182
+ $filename = mb_ereg_replace("([^\w\s\d\-_~,;\[\]\(\).])", '', $filename);
183
+ $filename = mb_ereg_replace("([\.]{2,})", '', $file);
184
+
185
  //for security reason, we force to remove all uploaded file
186
  $target_path = ABSPATH . "wp-content/plugins/ultimate-faqs/faq-sheets/";
187
  //plugins_url("order-tracking/product-sheets/");
188
 
189
+ $target_path = $target_path . $filename;
190
 
191
  if (!move_uploaded_file($_FILES['FAQs_Spreadsheet']['tmp_name'], $target_path)) {
192
  //if (!$upload = wp_upload_bits($_FILES["Item_Image"]["name"], null, file_get_contents($_FILES["Item_Image"]["tmp_name"]))) {
193
  $error .= "There was an error uploading the file, please try again!";
194
  }
195
  else {
196
+ $Excel_File_Name = $filename;
197
  }
198
  }
199
 
Functions/EWD_UFAQ_Submit_Question.php CHANGED
@@ -67,7 +67,7 @@ function EWD_UFAQ_Submit_Question($success_message) {
67
  if (function_exists('EWD_URP_Send_Email_To_Non_User')) {
68
  $Params = array(
69
  'Email_ID' => $Submit_FAQ_Email,
70
- 'Email_Address' => $_POST['Author_Email'],
71
  'post_id' => $post_id
72
  );
73
 
67
  if (function_exists('EWD_URP_Send_Email_To_Non_User')) {
68
  $Params = array(
69
  'Email_ID' => $Submit_FAQ_Email,
70
+ 'Email_Address' => sanitize_email($_POST['Author_Email']),
71
  'post_id' => $post_id
72
  );
73
 
Main.php CHANGED
@@ -7,7 +7,7 @@ Author: Etoile Web Design
7
  Author URI: http://www.EtoileWebDesign.com/wordpress-plugins/
8
  Terms and Conditions: http://www.etoilewebdesign.com/plugin-terms-and-conditions/
9
  Text Domain: ultimate-faqs
10
- Version: 1.8.21
11
  */
12
 
13
  global $ewd_ufaq_message;
7
  Author URI: http://www.EtoileWebDesign.com/wordpress-plugins/
8
  Terms and Conditions: http://www.etoilewebdesign.com/plugin-terms-and-conditions/
9
  Text Domain: ultimate-faqs
10
+ Version: 1.8.22
11
  */
12
 
13
  global $ewd_ufaq_message;
Shortcodes/DisplayFAQs.php CHANGED
@@ -534,7 +534,7 @@ function Display_FAQs($atts) {
534
 
535
  $ReturnString .= "<div class='ewd-ufaq-bottom ewd-ufaq-page-type-" . $Page_Type . "' data-currentpage='" . $faq_page . "'>";
536
  $ReturnString .= "<form>";
537
- $ReturnString .= "<input type='hidden' name='include_category' value='" . $include_category . "' id='ufaq-include-category' />";
538
  $ReturnString .= "<input type='hidden' name='exclude_category' value='" . $exclude_category . "' id='ufaq-exclude-category' />";
539
  $ReturnString .= "<input type='hidden' name='orderby' value='" . $orderby . "' id='ufaq-orderby' />";
540
  $ReturnString .= "<input type='hidden' name='order' value='" . $order . "' id='ufaq-order' />";
534
 
535
  $ReturnString .= "<div class='ewd-ufaq-bottom ewd-ufaq-page-type-" . $Page_Type . "' data-currentpage='" . $faq_page . "'>";
536
  $ReturnString .= "<form>";
537
+ $ReturnString .= "<input type='hidden' name='include_category' value='" . htmlspecialchars($include_category) . "' id='ufaq-include-category' />";
538
  $ReturnString .= "<input type='hidden' name='exclude_category' value='" . $exclude_category . "' id='ufaq-exclude-category' />";
539
  $ReturnString .= "<input type='hidden' name='orderby' value='" . $orderby . "' id='ufaq-orderby' />";
540
  $ReturnString .= "<input type='hidden' name='order' value='" . $order . "' id='ufaq-order' />";
html/WelcomeScreen.php CHANGED
@@ -48,11 +48,12 @@
48
  </div>
49
  </div>
50
  <div class='ewd-ufaq-welcome-screen-previous-button' data-previousaction='categories'><?php _e('Previous', 'ultimate-faqs'); ?></div>
51
- <div class='ewd-ufaq-welcome-screen-next-button' data-nextaction='faq-page'><?php _e('Next', 'ultimate-faqs'); ?></div>
 
52
  <div class='ewd-ufaq-clear'></div>
53
  </div>
54
  </div>
55
-
56
  <div class='ewd-ufaq-welcome-screen-box ewd-ufaq-welcome-screen-faq-page' data-screen='faq-page'>
57
  <h2><?php _e('3. Add an FAQ Page', 'ultimate-faqs'); ?></h2>
58
  <div class='ewd-ufaq-welcome-screen-box-content'>
@@ -158,7 +159,7 @@
158
  <div class='ewd-ufaq-clear'></div>
159
  </div>
160
  </div>
161
-
162
  <div class='ewd-ufaq-welcome-screen-skip-container'>
163
  <a href='admin.php?page=EWD-UFAQ-Options'><div class='ewd-ufaq-welcome-screen-skip-button'><?php _e('Skip Setup', 'ultimate-faqs'); ?></div></a>
164
  </div>
48
  </div>
49
  </div>
50
  <div class='ewd-ufaq-welcome-screen-previous-button' data-previousaction='categories'><?php _e('Previous', 'ultimate-faqs'); ?></div>
51
+ <?php if (isset($_GET['exclude'])) { ?><div class='ewd-ufaq-welcome-screen-finish-button'><a href='admin.php?page=EWD-UFAQ-Options'><?php _e('Finish', 'ultimate-faqs'); ?></a></div>
52
+ <?php } else { ?><div class='ewd-ufaq-welcome-screen-next-button' data-nextaction='faq-page'><?php _e('Next', 'ultimate-faqs'); ?></div><?php } ?>
53
  <div class='ewd-ufaq-clear'></div>
54
  </div>
55
  </div>
56
+ <?php if (!isset($_GET['exclude'])) { ?>
57
  <div class='ewd-ufaq-welcome-screen-box ewd-ufaq-welcome-screen-faq-page' data-screen='faq-page'>
58
  <h2><?php _e('3. Add an FAQ Page', 'ultimate-faqs'); ?></h2>
59
  <div class='ewd-ufaq-welcome-screen-box-content'>
159
  <div class='ewd-ufaq-clear'></div>
160
  </div>
161
  </div>
162
+ <?php } ?>
163
  <div class='ewd-ufaq-welcome-screen-skip-container'>
164
  <a href='admin.php?page=EWD-UFAQ-Options'><div class='ewd-ufaq-welcome-screen-skip-button'><?php _e('Skip Setup', 'ultimate-faqs'); ?></div></a>
165
  </div>
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Contributors: Rustaurius, EtoileWebDesign
3
  Tags: faq, faqs, woocommerce faq, frequently asked questions, faq widget
4
  Requires at least: 3.9.0
5
- Tested up to: 5.1
6
  License: GPLv3
7
  License URI:http://www.gnu.org/licenses/gpl-3.0.html
8
 
@@ -276,6 +276,9 @@ Video 3 - FAQs Ordering
276
 
277
 
278
  == Changelog ==
 
 
 
279
  = 1.8.21 =
280
  - Updated reference variable that was causing a notice in FAQ comments
281
 
2
  Contributors: Rustaurius, EtoileWebDesign
3
  Tags: faq, faqs, woocommerce faq, frequently asked questions, faq widget
4
  Requires at least: 3.9.0
5
+ Tested up to: 5.2
6
  License: GPLv3
7
  License URI:http://www.gnu.org/licenses/gpl-3.0.html
8
 
276
 
277
 
278
  == Changelog ==
279
+ = 1.8.22 =
280
+ - Fixes a minor possible XSS issue
281
+
282
  = 1.8.21 =
283
  - Updated reference variable that was causing a notice in FAQ comments
284