Contact Form for WordPress – Ultimate Form Builder Lite - Version 1.3.3

Version Description

  • Fixed XSS issues on preview page and backend form settings page
    • Special Thanks to 0xSec Team for reporting the security bugs
Download this release

Release Info

Developer Access Keys
Plugin Icon 128x128 Contact Form for WordPress – Ultimate Form Builder Lite
Version 1.3.3
Comparing to
See all releases

Code changes from version 1.3.2 to 1.3.3

Files changed (3) hide show
  1. inc/views/frontend/preview-form.php +3 -2
  2. readme.txt +5 -1
  3. ultimate-form-builder-lite.php +12 -6
inc/views/frontend/preview-form.php CHANGED
@@ -1,3 +1,4 @@
 
1
  <html>
2
  <head>
3
  <title><?php _e( 'Form Preview', 'ultimate-form-builder-lite' ); ?></title>
@@ -16,9 +17,9 @@
16
  </div>
17
  <div class="ufbl-preview-note"><?php _e( 'This is just the basic preview and it may look different when used in frontend as per your theme\'s styles.', 'ultimate-form-builder-lite' ); ?></div>
18
  <div class="ufbl-form-preview-wrap">
19
- <span class="ufb-preview-subtitle"><a href="<?php echo admin_url('admin.php?page=ufbl&action=edit-form&form_id='.$_GET['ufbl_form_id']);?>"><?php _e('Edit Form','ultimate-form-builder-lite');?></a></span>
20
  <?php
21
- $form_id = sanitize_text_field( $_GET['ufbl_form_id'] );
22
  echo do_shortcode( '[ufbl form_id="' . $form_id . '"]' );
23
  ?>
24
  </div>
1
+ <?php $form_id = intval(sanitize_text_field($_GET['ufbl_form_id'])); ?>
2
  <html>
3
  <head>
4
  <title><?php _e( 'Form Preview', 'ultimate-form-builder-lite' ); ?></title>
17
  </div>
18
  <div class="ufbl-preview-note"><?php _e( 'This is just the basic preview and it may look different when used in frontend as per your theme\'s styles.', 'ultimate-form-builder-lite' ); ?></div>
19
  <div class="ufbl-form-preview-wrap">
20
+ <span class="ufb-preview-subtitle"><a href="<?php echo admin_url('admin.php?page=ufbl&action=edit-form&form_id='.esc_attr($form_id));?>"><?php _e('Edit Form','ultimate-form-builder-lite');?></a></span>
21
  <?php
22
+
23
  echo do_shortcode( '[ufbl form_id="' . $form_id . '"]' );
24
  ?>
25
  </div>
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: contact form, form builder, form, forms, contact forms, enquiry forms, for
4
  Donate link: http://accesspressthemes.com/donation/
5
  Requires at least: 4.0
6
  Tested up to: 4.7
7
- Stable tag: 1.3.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -151,6 +151,10 @@ Once you install the plugin , you can check some general documentation about how
151
  10. Backend Entry Detail
152
 
153
  == Changelog ==
 
 
 
 
154
  = 1.3.2 =
155
  * Added documentation link in how to use section
156
 
4
  Donate link: http://accesspressthemes.com/donation/
5
  Requires at least: 4.0
6
  Tested up to: 4.7
7
+ Stable tag: 1.3.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
151
  10. Backend Entry Detail
152
 
153
  == Changelog ==
154
+ = 1.3.3 =
155
+ * Fixed XSS issues on preview page and backend form settings page
156
+ - Special Thanks to 0xSec Team for reporting the security bugs
157
+
158
  = 1.3.2 =
159
  * Added documentation link in how to use section
160
 
ultimate-form-builder-lite.php CHANGED
@@ -6,7 +6,7 @@ defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
6
  Plugin Name: Ultimate Form Builder Lite
7
  Plugin URI: https://accesspressthemes.com/wordpress-plugins/ultimate-form-builder-lite/
8
  Description: A plugin to build any type of forms
9
- Version: 1.3.2
10
  Author: AccessPress Themes
11
  Author URI: http://accesspressthemes.com
12
  License: GPL2
@@ -19,7 +19,7 @@ defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
19
  * Necessary Constants for plugin
20
  */
21
  global $wpdb;
22
- defined( 'UFBL_VERSION' ) or define( 'UFBL_VERSION', '1.3.2' ); //plugin version
23
  defined( 'UFBL_SLUG' ) or define( 'UFBL_SLUG', 'ufbl' ); //plugin admin slug
24
  defined( 'UFBL_TD' ) or define( 'UFBL_TD', 'ultimate-form-builder-lite' ); //plugin's text domain
25
  defined( 'UFBL_IMG_DIR' ) or define( 'UFBL_IMG_DIR', plugin_dir_url( __FILE__ ) . 'images' ); //plugin image directory
@@ -145,7 +145,7 @@ if ( !class_exists( 'UFBL_Class' ) ) {
145
  */
146
  function forms_list() {
147
  if ( isset( $_GET['action'], $_GET['form_id'] ) && $_GET['action'] == 'edit-form' ) {
148
- $form_id = sanitize_text_field( $_GET['form_id'] );
149
  $data['form_row'] = $this->model->get_form_detail( $form_id );
150
  if ( $data['form_row'] != null ) {
151
  $this->library->load_view( 'backend/form-builder', $data );
@@ -278,7 +278,7 @@ if ( !class_exists( 'UFBL_Class' ) ) {
278
  $limit = UFBL_ENTRY_LIMIT;
279
  $offset = ($page-1)*$limit;
280
  if ( isset( $_GET['form_id'] ) ) {
281
- $form_id = sanitize_text_field( $_GET['form_id'] );
282
  $form_entries_row = $this->model->get_forms_entries( $form_id,$limit,$offset );
283
  $total_form_entries = $this->model->get_total_form_entries($form_id);
284
  } else {
@@ -382,7 +382,7 @@ if ( !class_exists( 'UFBL_Class' ) ) {
382
  function export_csv() {
383
  if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'ufbl-csv-nonce' ) ) {
384
  if ( isset( $_GET['form_id'] ) ) {
385
- $form_id = sanitize_text_field( $_GET['form_id'] );
386
  $form_data = $this->model->get_form_data( $form_id );
387
  $entry_rows = $this->model->get_all_forms_entries( $form_id );
388
  $this->library->generate_csv( $form_data, $entry_rows );
@@ -411,8 +411,14 @@ if ( !class_exists( 'UFBL_Class' ) ) {
411
  */
412
  function preview_form(){
413
  if(isset($_GET['ufbl_form_preview'],$_GET['ufbl_form_id']) && is_user_logged_in()){
414
- $this->library->load_view('frontend/preview-form');
 
 
 
 
415
  exit();
 
 
416
  }
417
  }
418
 
6
  Plugin Name: Ultimate Form Builder Lite
7
  Plugin URI: https://accesspressthemes.com/wordpress-plugins/ultimate-form-builder-lite/
8
  Description: A plugin to build any type of forms
9
+ Version: 1.3.3
10
  Author: AccessPress Themes
11
  Author URI: http://accesspressthemes.com
12
  License: GPL2
19
  * Necessary Constants for plugin
20
  */
21
  global $wpdb;
22
+ defined( 'UFBL_VERSION' ) or define( 'UFBL_VERSION', '1.3.3' ); //plugin version
23
  defined( 'UFBL_SLUG' ) or define( 'UFBL_SLUG', 'ufbl' ); //plugin admin slug
24
  defined( 'UFBL_TD' ) or define( 'UFBL_TD', 'ultimate-form-builder-lite' ); //plugin's text domain
25
  defined( 'UFBL_IMG_DIR' ) or define( 'UFBL_IMG_DIR', plugin_dir_url( __FILE__ ) . 'images' ); //plugin image directory
145
  */
146
  function forms_list() {
147
  if ( isset( $_GET['action'], $_GET['form_id'] ) && $_GET['action'] == 'edit-form' ) {
148
+ $form_id = intval(sanitize_text_field( $_GET['form_id'] ));
149
  $data['form_row'] = $this->model->get_form_detail( $form_id );
150
  if ( $data['form_row'] != null ) {
151
  $this->library->load_view( 'backend/form-builder', $data );
278
  $limit = UFBL_ENTRY_LIMIT;
279
  $offset = ($page-1)*$limit;
280
  if ( isset( $_GET['form_id'] ) ) {
281
+ $form_id = intval(sanitize_text_field( $_GET['form_id'] ));
282
  $form_entries_row = $this->model->get_forms_entries( $form_id,$limit,$offset );
283
  $total_form_entries = $this->model->get_total_form_entries($form_id);
284
  } else {
382
  function export_csv() {
383
  if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'ufbl-csv-nonce' ) ) {
384
  if ( isset( $_GET['form_id'] ) ) {
385
+ $form_id = intval(sanitize_text_field( $_GET['form_id'] ));
386
  $form_data = $this->model->get_form_data( $form_id );
387
  $entry_rows = $this->model->get_all_forms_entries( $form_id );
388
  $this->library->generate_csv( $form_data, $entry_rows );
411
  */
412
  function preview_form(){
413
  if(isset($_GET['ufbl_form_preview'],$_GET['ufbl_form_id']) && is_user_logged_in()){
414
+
415
+ $current_user = wp_get_current_user();
416
+ if (user_can( $current_user, 'administrator' )) {
417
+ // user is an admin
418
+ $this->library->load_view('frontend/preview-form');
419
  exit();
420
+ }
421
+
422
  }
423
  }
424