Version Description
Better secure searching and filtering for forms and entries list
Download this release
Release Info
Developer | mmuro |
Plugin | Visual Form Builder |
Version | 2.8.3 |
Comparing to | |
See all releases |
Code changes from version 2.8.2 to 2.8.3
- includes/class-entries-list.php +5 -5
- includes/class-forms-list.php +3 -3
- readme.txt +9 -2
- visual-form-builder.php +6 -6
includes/class-entries-list.php
CHANGED
@@ -158,7 +158,7 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
158 |
|
159 |
// If the form filter dropdown is used
|
160 |
if ( $this->current_filter_action() )
|
161 |
-
$where .= 'AND forms.form_id = '
|
162 |
|
163 |
// Get the month and year from the dropdown
|
164 |
$m = isset( $_REQUEST['m'] ) ? (int) $_REQUEST['m'] : 0;
|
@@ -168,7 +168,7 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
168 |
$year = substr( $m, 0, 4 );
|
169 |
$month = substr( $m, -2 );
|
170 |
|
171 |
-
$where .= " AND YEAR(date_submitted) =
|
172 |
}
|
173 |
|
174 |
// Get the month/year from the dropdown
|
@@ -445,8 +445,8 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
445 |
* @returns int Form ID
|
446 |
*/
|
447 |
function current_filter_action() {
|
448 |
-
if ( isset( $
|
449 |
-
return $
|
450 |
|
451 |
return false;
|
452 |
}
|
@@ -511,7 +511,7 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
511 |
$searchand = $search = '';
|
512 |
// Loop through search terms and build query
|
513 |
foreach( $search_terms as $term ) {
|
514 |
-
$term = esc_sql(
|
515 |
|
516 |
$search .= "{$searchand}((entries.subject LIKE '%{$term}%') OR (entries.sender_name LIKE '%{$term}%') OR (entries.sender_email LIKE '%{$term}%') OR (entries.emails_to LIKE '%{$term}%') OR (entries.data LIKE '%{$term}%'))";
|
517 |
$searchand = ' AND ';
|
158 |
|
159 |
// If the form filter dropdown is used
|
160 |
if ( $this->current_filter_action() )
|
161 |
+
$where .= $wpdb->prepare( 'AND forms.form_id = %d', $this->current_filter_action() );
|
162 |
|
163 |
// Get the month and year from the dropdown
|
164 |
$m = isset( $_REQUEST['m'] ) ? (int) $_REQUEST['m'] : 0;
|
168 |
$year = substr( $m, 0, 4 );
|
169 |
$month = substr( $m, -2 );
|
170 |
|
171 |
+
$where .= $wpdb->prepare( " AND YEAR(date_submitted) = %d AND MONTH(date_submitted) = %d", $year, $month );
|
172 |
}
|
173 |
|
174 |
// Get the month/year from the dropdown
|
445 |
* @returns int Form ID
|
446 |
*/
|
447 |
function current_filter_action() {
|
448 |
+
if ( isset( $_POST['form-filter'] ) && -1 != $_POST['form-filter'] )
|
449 |
+
return absint( $_POST['form-filter'] );
|
450 |
|
451 |
return false;
|
452 |
}
|
511 |
$searchand = $search = '';
|
512 |
// Loop through search terms and build query
|
513 |
foreach( $search_terms as $term ) {
|
514 |
+
$term = esc_sql( $wpdb->esc_like( $term ) );
|
515 |
|
516 |
$search .= "{$searchand}((entries.subject LIKE '%{$term}%') OR (entries.sender_name LIKE '%{$term}%') OR (entries.sender_email LIKE '%{$term}%') OR (entries.emails_to LIKE '%{$term}%') OR (entries.data LIKE '%{$term}%'))";
|
517 |
$searchand = ' AND ';
|
includes/class-forms-list.php
CHANGED
@@ -349,8 +349,8 @@ class VisualFormBuilder_Forms_List extends WP_List_Table {
|
|
349 |
* @returns int Form ID
|
350 |
*/
|
351 |
function current_filter_action() {
|
352 |
-
if ( isset( $
|
353 |
-
return $
|
354 |
|
355 |
return false;
|
356 |
}
|
@@ -415,7 +415,7 @@ class VisualFormBuilder_Forms_List extends WP_List_Table {
|
|
415 |
$searchand = $search = '';
|
416 |
// Loop through search terms and build query
|
417 |
foreach( $search_terms as $term ) {
|
418 |
-
$term = esc_sql(
|
419 |
|
420 |
$search .= "{$searchand}((forms.form_title LIKE '%{$term}%') OR (forms.form_key LIKE '%{$term}%') OR (forms.form_email_subject LIKE '%{$term}%'))";
|
421 |
$searchand = ' AND ';
|
349 |
* @returns int Form ID
|
350 |
*/
|
351 |
function current_filter_action() {
|
352 |
+
if ( isset( $_POST['form-filter'] ) && -1 != $_POST['form-filter'] )
|
353 |
+
return absint( $_POST['form-filter'] );
|
354 |
|
355 |
return false;
|
356 |
}
|
415 |
$searchand = $search = '';
|
416 |
// Loop through search terms and build query
|
417 |
foreach( $search_terms as $term ) {
|
418 |
+
$term = esc_sql( $wpdb->esc_like( $term ) );
|
419 |
|
420 |
$search .= "{$searchand}((forms.form_title LIKE '%{$term}%') OR (forms.form_key LIKE '%{$term}%') OR (forms.form_email_subject LIKE '%{$term}%'))";
|
421 |
$searchand = ' AND ';
|
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: mmuro
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9UN9CLPH4&lc=US&item_name=Visual%20Form%20Builder¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
|
4 |
Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
|
5 |
Requires at least: 3.5
|
6 |
-
Tested up to: 4.2
|
7 |
-
Stable tag: 2.8.
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
|
@@ -237,6 +237,10 @@ function my_scripts_method() {
|
|
237 |
|
238 |
== Changelog ==
|
239 |
|
|
|
|
|
|
|
|
|
240 |
**Version 2.8.2 - Apr 23, 2015**
|
241 |
|
242 |
* Fix bug with WordPress 4.2 and class property variables not being set
|
@@ -657,6 +661,9 @@ function my_scripts_method() {
|
|
657 |
|
658 |
== Upgrade Notice ==
|
659 |
|
|
|
|
|
|
|
660 |
= 2.8.2 =
|
661 |
Fix bug with WordPress 4.2 and class property variables not being set
|
662 |
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9UN9CLPH4&lc=US&item_name=Visual%20Form%20Builder¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
|
4 |
Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
|
5 |
Requires at least: 3.5
|
6 |
+
Tested up to: 4.2.2
|
7 |
+
Stable tag: 2.8.3
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
|
237 |
|
238 |
== Changelog ==
|
239 |
|
240 |
+
**Version 2.8.3 - May 08, 2015**
|
241 |
+
|
242 |
+
* Better secure searching and filtering for forms and entries list
|
243 |
+
|
244 |
**Version 2.8.2 - Apr 23, 2015**
|
245 |
|
246 |
* Fix bug with WordPress 4.2 and class property variables not being set
|
661 |
|
662 |
== Upgrade Notice ==
|
663 |
|
664 |
+
= 2.8.3 =
|
665 |
+
Better secure searching and filtering for forms and entries list
|
666 |
+
|
667 |
= 2.8.2 =
|
668 |
Fix bug with WordPress 4.2 and class property variables not being set
|
669 |
|
visual-form-builder.php
CHANGED
@@ -4,11 +4,11 @@ Plugin Name: Visual Form Builder
|
|
4 |
Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
|
5 |
Author: Matthew Muro
|
6 |
Author URI: http://matthewmuro.com
|
7 |
-
Version: 2.8.
|
8 |
*/
|
9 |
|
10 |
// Version number to output as meta tag
|
11 |
-
define( 'VFB_VERSION', '2.8.
|
12 |
|
13 |
/*
|
14 |
This program is free software; you can redistribute it and/or modify
|
@@ -1614,8 +1614,8 @@ class Visual_Form_Builder{
|
|
1614 |
<?php _e( 'Entries', 'visual-form-builder' ); ?>
|
1615 |
<?php
|
1616 |
// If searched, output the query
|
1617 |
-
if ( isset( $
|
1618 |
-
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), $
|
1619 |
?>
|
1620 |
</h2>
|
1621 |
<?php
|
@@ -1790,8 +1790,8 @@ class Visual_Form_Builder{
|
|
1790 |
echo sprintf( ' <a href="%1$s" class="add-new-h2">%2$s</a>', esc_url( admin_url( 'admin.php?page=vfb-add-new' ) ), esc_html( __( 'Add New', 'visual-form-builder' ) ) );
|
1791 |
|
1792 |
// If searched, output the query
|
1793 |
-
if ( isset( $
|
1794 |
-
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), $
|
1795 |
?>
|
1796 |
</h2>
|
1797 |
<?php if ( empty( $form_nav_selected_id ) ) : ?>
|
4 |
Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
|
5 |
Author: Matthew Muro
|
6 |
Author URI: http://matthewmuro.com
|
7 |
+
Version: 2.8.3
|
8 |
*/
|
9 |
|
10 |
// Version number to output as meta tag
|
11 |
+
define( 'VFB_VERSION', '2.8.3' );
|
12 |
|
13 |
/*
|
14 |
This program is free software; you can redistribute it and/or modify
|
1614 |
<?php _e( 'Entries', 'visual-form-builder' ); ?>
|
1615 |
<?php
|
1616 |
// If searched, output the query
|
1617 |
+
if ( isset( $_POST['s'] ) && !empty( $_POST['s'] ) )
|
1618 |
+
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), esc_html( $_POST['s'] ) );
|
1619 |
?>
|
1620 |
</h2>
|
1621 |
<?php
|
1790 |
echo sprintf( ' <a href="%1$s" class="add-new-h2">%2$s</a>', esc_url( admin_url( 'admin.php?page=vfb-add-new' ) ), esc_html( __( 'Add New', 'visual-form-builder' ) ) );
|
1791 |
|
1792 |
// If searched, output the query
|
1793 |
+
if ( isset( $_POST['s'] ) && !empty( $_POST['s'] ) )
|
1794 |
+
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), esc_html( $_POST['s'] ) );
|
1795 |
?>
|
1796 |
</h2>
|
1797 |
<?php if ( empty( $form_nav_selected_id ) ) : ?>
|