Version Description
- Fixed found out XSS issues
Download this release
Release Info
| Developer | Access Keys |
| Plugin |  Contact Form for WordPress – Ultimate Form Builder Lite |
| Version | 1.3.4 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.3 to 1.3.4
- classes/ufbl-model.php +4 -4
- inc/views/backend/form-entries-list.php +8 -8
- readme.txt +4 -1
- ultimate-form-builder-lite.php +3 -3
classes/ufbl-model.php
CHANGED
|
@@ -61,7 +61,7 @@ if ( !class_exists( 'UFBL_Model' ) ) {
|
|
| 61 |
*
|
| 62 |
*/
|
| 63 |
public static function change_form_status() {
|
| 64 |
-
$form_id = sanitize_text_field( $_POST['form_id'] );
|
| 65 |
$form_status = sanitize_text_field( $_POST['status'] );
|
| 66 |
global $wpdb;
|
| 67 |
$check = $wpdb->update(
|
|
@@ -103,7 +103,7 @@ if ( !class_exists( 'UFBL_Model' ) ) {
|
|
| 103 |
public static function delete_form() {
|
| 104 |
//global $library_obj;
|
| 105 |
//$library_obj->print_array($_POST);
|
| 106 |
-
$form_id = sanitize_text_field( $_POST['form_id'] );
|
| 107 |
global $wpdb;
|
| 108 |
$wpdb->delete( UFBL_FORM_TABLE, array( 'form_id' => $form_id ), array( '%d' ) );
|
| 109 |
die( 'success' );
|
|
@@ -130,7 +130,7 @@ if ( !class_exists( 'UFBL_Model' ) ) {
|
|
| 130 |
date_default_timezone_set($timezone);
|
| 131 |
|
| 132 |
if ( isset( $form_data['form_id'] ) ) {
|
| 133 |
-
$form_id = sanitize_text_field( $form_data['form_id'] );
|
| 134 |
unset( $form_data['form_id'] );
|
| 135 |
foreach ( $form_data as $key => $val ) {
|
| 136 |
if ( !is_array( $val ) ) {
|
|
@@ -283,7 +283,7 @@ if ( !class_exists( 'UFBL_Model' ) ) {
|
|
| 283 |
* @return void
|
| 284 |
*/
|
| 285 |
public static function copy_form() {
|
| 286 |
-
$form_id = sanitize_text_field( $_POST['form_id'] );
|
| 287 |
$form_title = sanitize_text_field( $_POST['form_title'] );
|
| 288 |
$form_row = self::get_form_row( $form_id );
|
| 289 |
$form_title = ($form_title == '') ? esc_attr( $form_row['form_title'] ) . '- Copy' : $form_title;
|
| 61 |
*
|
| 62 |
*/
|
| 63 |
public static function change_form_status() {
|
| 64 |
+
$form_id = intval(sanitize_text_field( $_POST['form_id'] ));
|
| 65 |
$form_status = sanitize_text_field( $_POST['status'] );
|
| 66 |
global $wpdb;
|
| 67 |
$check = $wpdb->update(
|
| 103 |
public static function delete_form() {
|
| 104 |
//global $library_obj;
|
| 105 |
//$library_obj->print_array($_POST);
|
| 106 |
+
$form_id = intval(sanitize_text_field( $_POST['form_id'] ));
|
| 107 |
global $wpdb;
|
| 108 |
$wpdb->delete( UFBL_FORM_TABLE, array( 'form_id' => $form_id ), array( '%d' ) );
|
| 109 |
die( 'success' );
|
| 130 |
date_default_timezone_set($timezone);
|
| 131 |
|
| 132 |
if ( isset( $form_data['form_id'] ) ) {
|
| 133 |
+
$form_id = intval(sanitize_text_field( $form_data['form_id'] ));
|
| 134 |
unset( $form_data['form_id'] );
|
| 135 |
foreach ( $form_data as $key => $val ) {
|
| 136 |
if ( !is_array( $val ) ) {
|
| 283 |
* @return void
|
| 284 |
*/
|
| 285 |
public static function copy_form() {
|
| 286 |
+
$form_id = intval(sanitize_text_field( $_POST['form_id'] ));
|
| 287 |
$form_title = sanitize_text_field( $_POST['form_title'] );
|
| 288 |
$form_row = self::get_form_row( $form_id );
|
| 289 |
$form_title = ($form_title == '') ? esc_attr( $form_row['form_title'] ) . '- Copy' : $form_title;
|
inc/views/backend/form-entries-list.php
CHANGED
|
@@ -12,7 +12,7 @@
|
|
| 12 |
<select class="ufbl-entry-filter-select" data-admin-url="<?php echo admin_url(); ?>">
|
| 13 |
<option value=""><?php _e( 'All Form entries', 'ultimate-form-builder-lite' ); ?></option>
|
| 14 |
<?php
|
| 15 |
-
$form_id = isset( $_GET['form_id'] ) ? $_GET['form_id'] : '';
|
| 16 |
if ( count( $form_rows ) > 0 ) {
|
| 17 |
foreach ( $form_rows as $form_row ) {
|
| 18 |
?>
|
|
@@ -28,7 +28,7 @@
|
|
| 28 |
<?php
|
| 29 |
}
|
| 30 |
|
| 31 |
-
$current_page = isset( $_GET['page_num'] ) ? $_GET['page_num'] : 1;
|
| 32 |
$upper_page_limit = $current_page + 2;
|
| 33 |
$upper_page_limit = ($upper_page_limit > $total_pages) ? $total_pages : $upper_page_limit;
|
| 34 |
$lower_page_limit = $current_page - 2;
|
|
@@ -41,8 +41,8 @@
|
|
| 41 |
$previous_page = $current_page - 1;
|
| 42 |
$next_page = $current_page + 1;
|
| 43 |
if ( $previous_page > 0 ) {
|
| 44 |
-
if (
|
| 45 |
-
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&form_id=' . $
|
| 46 |
} else {
|
| 47 |
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&page_num=' . $previous_page );
|
| 48 |
}
|
|
@@ -51,8 +51,8 @@
|
|
| 51 |
<?php
|
| 52 |
}
|
| 53 |
for ( $page = $lower_page_limit; $page <= $upper_page_limit; $page++ ) {
|
| 54 |
-
if (
|
| 55 |
-
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&form_id=' . $
|
| 56 |
} else {
|
| 57 |
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&page_num=' . $page );
|
| 58 |
}
|
|
@@ -61,8 +61,8 @@
|
|
| 61 |
<?php
|
| 62 |
}
|
| 63 |
if ( $next_page <= $total_pages ) {
|
| 64 |
-
if (
|
| 65 |
-
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&form_id=' . $
|
| 66 |
} else {
|
| 67 |
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&page_num=' . $next_page );
|
| 68 |
}
|
| 12 |
<select class="ufbl-entry-filter-select" data-admin-url="<?php echo admin_url(); ?>">
|
| 13 |
<option value=""><?php _e( 'All Form entries', 'ultimate-form-builder-lite' ); ?></option>
|
| 14 |
<?php
|
| 15 |
+
$form_id = isset( $_GET['form_id'] ) ? intval(sanitize_text_field($_GET['form_id'])) : '';
|
| 16 |
if ( count( $form_rows ) > 0 ) {
|
| 17 |
foreach ( $form_rows as $form_row ) {
|
| 18 |
?>
|
| 28 |
<?php
|
| 29 |
}
|
| 30 |
|
| 31 |
+
$current_page = isset( $_GET['page_num'] ) ? intval(sanitize_text_field($_GET['page_num'])) : 1;
|
| 32 |
$upper_page_limit = $current_page + 2;
|
| 33 |
$upper_page_limit = ($upper_page_limit > $total_pages) ? $total_pages : $upper_page_limit;
|
| 34 |
$lower_page_limit = $current_page - 2;
|
| 41 |
$previous_page = $current_page - 1;
|
| 42 |
$next_page = $current_page + 1;
|
| 43 |
if ( $previous_page > 0 ) {
|
| 44 |
+
if ( $form_id != '' ) {
|
| 45 |
+
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&form_id=' . $form_id . '&page_num=' . $previous_page );
|
| 46 |
} else {
|
| 47 |
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&page_num=' . $previous_page );
|
| 48 |
}
|
| 51 |
<?php
|
| 52 |
}
|
| 53 |
for ( $page = $lower_page_limit; $page <= $upper_page_limit; $page++ ) {
|
| 54 |
+
if ( $form_id != '' ) {
|
| 55 |
+
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&form_id=' . $form_id . '&page_num=' . $page );
|
| 56 |
} else {
|
| 57 |
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&page_num=' . $page );
|
| 58 |
}
|
| 61 |
<?php
|
| 62 |
}
|
| 63 |
if ( $next_page <= $total_pages ) {
|
| 64 |
+
if ( $form_id != '' ) {
|
| 65 |
+
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&form_id=' . $form_id . '&page_num=' . $next_page );
|
| 66 |
} else {
|
| 67 |
$page_link = admin_url( 'admin.php?page=ufbl-form-entries&page_num=' . $next_page );
|
| 68 |
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Tags: contact form, form builder, form, forms, contact forms, enquiry forms, for
|
|
| 4 |
Donate link: http://accesspressthemes.com/donation/
|
| 5 |
Requires at least: 4.0
|
| 6 |
Tested up to: 4.7
|
| 7 |
-
Stable tag: 1.3.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -151,6 +151,9 @@ Once you install the plugin , you can check some general documentation about how
|
|
| 151 |
10. Backend Entry Detail
|
| 152 |
|
| 153 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 154 |
= 1.3.3 =
|
| 155 |
* Fixed XSS issues on preview page and backend form settings page
|
| 156 |
- Special Thanks to 0xSec Team for reporting the security bugs
|
| 4 |
Donate link: http://accesspressthemes.com/donation/
|
| 5 |
Requires at least: 4.0
|
| 6 |
Tested up to: 4.7
|
| 7 |
+
Stable tag: 1.3.4
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 151 |
10. Backend Entry Detail
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
+
= 1.3.4 =
|
| 155 |
+
* Fixed found out XSS issues
|
| 156 |
+
|
| 157 |
= 1.3.3 =
|
| 158 |
* Fixed XSS issues on preview page and backend form settings page
|
| 159 |
- Special Thanks to 0xSec Team for reporting the security bugs
|
ultimate-form-builder-lite.php
CHANGED
|
@@ -6,7 +6,7 @@ defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
|
|
| 6 |
Plugin Name: Ultimate Form Builder Lite
|
| 7 |
Plugin URI: https://accesspressthemes.com/wordpress-plugins/ultimate-form-builder-lite/
|
| 8 |
Description: A plugin to build any type of forms
|
| 9 |
-
Version: 1.3.
|
| 10 |
Author: AccessPress Themes
|
| 11 |
Author URI: http://accesspressthemes.com
|
| 12 |
License: GPL2
|
|
@@ -19,7 +19,7 @@ defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
|
|
| 19 |
* Necessary Constants for plugin
|
| 20 |
*/
|
| 21 |
global $wpdb;
|
| 22 |
-
defined( 'UFBL_VERSION' ) or define( 'UFBL_VERSION', '1.3.
|
| 23 |
defined( 'UFBL_SLUG' ) or define( 'UFBL_SLUG', 'ufbl' ); //plugin admin slug
|
| 24 |
defined( 'UFBL_TD' ) or define( 'UFBL_TD', 'ultimate-form-builder-lite' ); //plugin's text domain
|
| 25 |
defined( 'UFBL_IMG_DIR' ) or define( 'UFBL_IMG_DIR', plugin_dir_url( __FILE__ ) . 'images' ); //plugin image directory
|
|
@@ -274,7 +274,7 @@ if ( !class_exists( 'UFBL_Class' ) ) {
|
|
| 274 |
function forms_entries() {
|
| 275 |
$form_rows = $this->model->get_forms();
|
| 276 |
$data['form_rows'] = $form_rows;
|
| 277 |
-
$page = isset($_GET['page_num'])
|
| 278 |
$limit = UFBL_ENTRY_LIMIT;
|
| 279 |
$offset = ($page-1)*$limit;
|
| 280 |
if ( isset( $_GET['form_id'] ) ) {
|
| 6 |
Plugin Name: Ultimate Form Builder Lite
|
| 7 |
Plugin URI: https://accesspressthemes.com/wordpress-plugins/ultimate-form-builder-lite/
|
| 8 |
Description: A plugin to build any type of forms
|
| 9 |
+
Version: 1.3.4
|
| 10 |
Author: AccessPress Themes
|
| 11 |
Author URI: http://accesspressthemes.com
|
| 12 |
License: GPL2
|
| 19 |
* Necessary Constants for plugin
|
| 20 |
*/
|
| 21 |
global $wpdb;
|
| 22 |
+
defined( 'UFBL_VERSION' ) or define( 'UFBL_VERSION', '1.3.4' ); //plugin version
|
| 23 |
defined( 'UFBL_SLUG' ) or define( 'UFBL_SLUG', 'ufbl' ); //plugin admin slug
|
| 24 |
defined( 'UFBL_TD' ) or define( 'UFBL_TD', 'ultimate-form-builder-lite' ); //plugin's text domain
|
| 25 |
defined( 'UFBL_IMG_DIR' ) or define( 'UFBL_IMG_DIR', plugin_dir_url( __FILE__ ) . 'images' ); //plugin image directory
|
| 274 |
function forms_entries() {
|
| 275 |
$form_rows = $this->model->get_forms();
|
| 276 |
$data['form_rows'] = $form_rows;
|
| 277 |
+
$page = isset($_GET['page_num'])?intval(sanitize_text_field($_GET['page_num'])):1;
|
| 278 |
$limit = UFBL_ENTRY_LIMIT;
|
| 279 |
$offset = ($page-1)*$limit;
|
| 280 |
if ( isset( $_GET['form_id'] ) ) {
|
