Version Description
Better secure searching and filtering for forms and entries list
Download this release
Release Info
| Developer | mmuro |
| Plugin |  Visual Form Builder |
| Version | 2.8.3 |
| Comparing to | |
| See all releases | |
Code changes from version 2.8.2 to 2.8.3
- includes/class-entries-list.php +5 -5
- includes/class-forms-list.php +3 -3
- readme.txt +9 -2
- visual-form-builder.php +6 -6
includes/class-entries-list.php
CHANGED
|
@@ -158,7 +158,7 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
| 158 |
|
| 159 |
// If the form filter dropdown is used
|
| 160 |
if ( $this->current_filter_action() )
|
| 161 |
-
$where .= 'AND forms.form_id = '
|
| 162 |
|
| 163 |
// Get the month and year from the dropdown
|
| 164 |
$m = isset( $_REQUEST['m'] ) ? (int) $_REQUEST['m'] : 0;
|
|
@@ -168,7 +168,7 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
| 168 |
$year = substr( $m, 0, 4 );
|
| 169 |
$month = substr( $m, -2 );
|
| 170 |
|
| 171 |
-
$where .= " AND YEAR(date_submitted) =
|
| 172 |
}
|
| 173 |
|
| 174 |
// Get the month/year from the dropdown
|
|
@@ -445,8 +445,8 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
| 445 |
* @returns int Form ID
|
| 446 |
*/
|
| 447 |
function current_filter_action() {
|
| 448 |
-
if ( isset( $
|
| 449 |
-
return $
|
| 450 |
|
| 451 |
return false;
|
| 452 |
}
|
|
@@ -511,7 +511,7 @@ class VisualFormBuilder_Entries_List extends WP_List_Table {
|
|
| 511 |
$searchand = $search = '';
|
| 512 |
// Loop through search terms and build query
|
| 513 |
foreach( $search_terms as $term ) {
|
| 514 |
-
$term = esc_sql(
|
| 515 |
|
| 516 |
$search .= "{$searchand}((entries.subject LIKE '%{$term}%') OR (entries.sender_name LIKE '%{$term}%') OR (entries.sender_email LIKE '%{$term}%') OR (entries.emails_to LIKE '%{$term}%') OR (entries.data LIKE '%{$term}%'))";
|
| 517 |
$searchand = ' AND ';
|
| 158 |
|
| 159 |
// If the form filter dropdown is used
|
| 160 |
if ( $this->current_filter_action() )
|
| 161 |
+
$where .= $wpdb->prepare( 'AND forms.form_id = %d', $this->current_filter_action() );
|
| 162 |
|
| 163 |
// Get the month and year from the dropdown
|
| 164 |
$m = isset( $_REQUEST['m'] ) ? (int) $_REQUEST['m'] : 0;
|
| 168 |
$year = substr( $m, 0, 4 );
|
| 169 |
$month = substr( $m, -2 );
|
| 170 |
|
| 171 |
+
$where .= $wpdb->prepare( " AND YEAR(date_submitted) = %d AND MONTH(date_submitted) = %d", $year, $month );
|
| 172 |
}
|
| 173 |
|
| 174 |
// Get the month/year from the dropdown
|
| 445 |
* @returns int Form ID
|
| 446 |
*/
|
| 447 |
function current_filter_action() {
|
| 448 |
+
if ( isset( $_POST['form-filter'] ) && -1 != $_POST['form-filter'] )
|
| 449 |
+
return absint( $_POST['form-filter'] );
|
| 450 |
|
| 451 |
return false;
|
| 452 |
}
|
| 511 |
$searchand = $search = '';
|
| 512 |
// Loop through search terms and build query
|
| 513 |
foreach( $search_terms as $term ) {
|
| 514 |
+
$term = esc_sql( $wpdb->esc_like( $term ) );
|
| 515 |
|
| 516 |
$search .= "{$searchand}((entries.subject LIKE '%{$term}%') OR (entries.sender_name LIKE '%{$term}%') OR (entries.sender_email LIKE '%{$term}%') OR (entries.emails_to LIKE '%{$term}%') OR (entries.data LIKE '%{$term}%'))";
|
| 517 |
$searchand = ' AND ';
|
includes/class-forms-list.php
CHANGED
|
@@ -349,8 +349,8 @@ class VisualFormBuilder_Forms_List extends WP_List_Table {
|
|
| 349 |
* @returns int Form ID
|
| 350 |
*/
|
| 351 |
function current_filter_action() {
|
| 352 |
-
if ( isset( $
|
| 353 |
-
return $
|
| 354 |
|
| 355 |
return false;
|
| 356 |
}
|
|
@@ -415,7 +415,7 @@ class VisualFormBuilder_Forms_List extends WP_List_Table {
|
|
| 415 |
$searchand = $search = '';
|
| 416 |
// Loop through search terms and build query
|
| 417 |
foreach( $search_terms as $term ) {
|
| 418 |
-
$term = esc_sql(
|
| 419 |
|
| 420 |
$search .= "{$searchand}((forms.form_title LIKE '%{$term}%') OR (forms.form_key LIKE '%{$term}%') OR (forms.form_email_subject LIKE '%{$term}%'))";
|
| 421 |
$searchand = ' AND ';
|
| 349 |
* @returns int Form ID
|
| 350 |
*/
|
| 351 |
function current_filter_action() {
|
| 352 |
+
if ( isset( $_POST['form-filter'] ) && -1 != $_POST['form-filter'] )
|
| 353 |
+
return absint( $_POST['form-filter'] );
|
| 354 |
|
| 355 |
return false;
|
| 356 |
}
|
| 415 |
$searchand = $search = '';
|
| 416 |
// Loop through search terms and build query
|
| 417 |
foreach( $search_terms as $term ) {
|
| 418 |
+
$term = esc_sql( $wpdb->esc_like( $term ) );
|
| 419 |
|
| 420 |
$search .= "{$searchand}((forms.form_title LIKE '%{$term}%') OR (forms.form_key LIKE '%{$term}%') OR (forms.form_email_subject LIKE '%{$term}%'))";
|
| 421 |
$searchand = ' AND ';
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: mmuro
|
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9UN9CLPH4&lc=US&item_name=Visual%20Form%20Builder¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
|
| 4 |
Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
|
| 5 |
Requires at least: 3.5
|
| 6 |
-
Tested up to: 4.2
|
| 7 |
-
Stable tag: 2.8.
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
|
|
@@ -237,6 +237,10 @@ function my_scripts_method() {
|
|
| 237 |
|
| 238 |
== Changelog ==
|
| 239 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 240 |
**Version 2.8.2 - Apr 23, 2015**
|
| 241 |
|
| 242 |
* Fix bug with WordPress 4.2 and class property variables not being set
|
|
@@ -657,6 +661,9 @@ function my_scripts_method() {
|
|
| 657 |
|
| 658 |
== Upgrade Notice ==
|
| 659 |
|
|
|
|
|
|
|
|
|
|
| 660 |
= 2.8.2 =
|
| 661 |
Fix bug with WordPress 4.2 and class property variables not being set
|
| 662 |
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9UN9CLPH4&lc=US&item_name=Visual%20Form%20Builder¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
|
| 4 |
Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
|
| 5 |
Requires at least: 3.5
|
| 6 |
+
Tested up to: 4.2.2
|
| 7 |
+
Stable tag: 2.8.3
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
|
| 237 |
|
| 238 |
== Changelog ==
|
| 239 |
|
| 240 |
+
**Version 2.8.3 - May 08, 2015**
|
| 241 |
+
|
| 242 |
+
* Better secure searching and filtering for forms and entries list
|
| 243 |
+
|
| 244 |
**Version 2.8.2 - Apr 23, 2015**
|
| 245 |
|
| 246 |
* Fix bug with WordPress 4.2 and class property variables not being set
|
| 661 |
|
| 662 |
== Upgrade Notice ==
|
| 663 |
|
| 664 |
+
= 2.8.3 =
|
| 665 |
+
Better secure searching and filtering for forms and entries list
|
| 666 |
+
|
| 667 |
= 2.8.2 =
|
| 668 |
Fix bug with WordPress 4.2 and class property variables not being set
|
| 669 |
|
visual-form-builder.php
CHANGED
|
@@ -4,11 +4,11 @@ Plugin Name: Visual Form Builder
|
|
| 4 |
Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
|
| 5 |
Author: Matthew Muro
|
| 6 |
Author URI: http://matthewmuro.com
|
| 7 |
-
Version: 2.8.
|
| 8 |
*/
|
| 9 |
|
| 10 |
// Version number to output as meta tag
|
| 11 |
-
define( 'VFB_VERSION', '2.8.
|
| 12 |
|
| 13 |
/*
|
| 14 |
This program is free software; you can redistribute it and/or modify
|
|
@@ -1614,8 +1614,8 @@ class Visual_Form_Builder{
|
|
| 1614 |
<?php _e( 'Entries', 'visual-form-builder' ); ?>
|
| 1615 |
<?php
|
| 1616 |
// If searched, output the query
|
| 1617 |
-
if ( isset( $
|
| 1618 |
-
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), $
|
| 1619 |
?>
|
| 1620 |
</h2>
|
| 1621 |
<?php
|
|
@@ -1790,8 +1790,8 @@ class Visual_Form_Builder{
|
|
| 1790 |
echo sprintf( ' <a href="%1$s" class="add-new-h2">%2$s</a>', esc_url( admin_url( 'admin.php?page=vfb-add-new' ) ), esc_html( __( 'Add New', 'visual-form-builder' ) ) );
|
| 1791 |
|
| 1792 |
// If searched, output the query
|
| 1793 |
-
if ( isset( $
|
| 1794 |
-
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), $
|
| 1795 |
?>
|
| 1796 |
</h2>
|
| 1797 |
<?php if ( empty( $form_nav_selected_id ) ) : ?>
|
| 4 |
Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
|
| 5 |
Author: Matthew Muro
|
| 6 |
Author URI: http://matthewmuro.com
|
| 7 |
+
Version: 2.8.3
|
| 8 |
*/
|
| 9 |
|
| 10 |
// Version number to output as meta tag
|
| 11 |
+
define( 'VFB_VERSION', '2.8.3' );
|
| 12 |
|
| 13 |
/*
|
| 14 |
This program is free software; you can redistribute it and/or modify
|
| 1614 |
<?php _e( 'Entries', 'visual-form-builder' ); ?>
|
| 1615 |
<?php
|
| 1616 |
// If searched, output the query
|
| 1617 |
+
if ( isset( $_POST['s'] ) && !empty( $_POST['s'] ) )
|
| 1618 |
+
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), esc_html( $_POST['s'] ) );
|
| 1619 |
?>
|
| 1620 |
</h2>
|
| 1621 |
<?php
|
| 1790 |
echo sprintf( ' <a href="%1$s" class="add-new-h2">%2$s</a>', esc_url( admin_url( 'admin.php?page=vfb-add-new' ) ), esc_html( __( 'Add New', 'visual-form-builder' ) ) );
|
| 1791 |
|
| 1792 |
// If searched, output the query
|
| 1793 |
+
if ( isset( $_POST['s'] ) && !empty( $_POST['s'] ) )
|
| 1794 |
+
echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder' ), esc_html( $_POST['s'] ) );
|
| 1795 |
?>
|
| 1796 |
</h2>
|
| 1797 |
<?php if ( empty( $form_nav_selected_id ) ) : ?>
|
