Visual Form Builder - Version 3.0.7

Version Description

Download this release

Release Info

Developer mmuro
Plugin Icon 128x128 Visual Form Builder
Version 3.0.7
Comparing to
See all releases

Code changes from version 3.0.6 to 3.0.7

Files changed (4) hide show
  1. admin/class-forms-edit.php +2 -2
  2. admin/class-save.php +2 -2
  3. readme.txt +6 -2
  4. visual-form-builder.php +2 -2
admin/class-forms-edit.php CHANGED
@@ -34,7 +34,7 @@ class Visual_Form_Builder_Forms_Edit {
34
  $form_email_from = esc_html( $form->form_email_from);
35
  $form_email_from_override = esc_html( $form->form_email_from_override);
36
  $form_email_from_name_override = stripslashes( $form->form_email_from_name_override);
37
- $form_email_to = ( is_array( unserialize( $form->form_email_to ) ) ) ? unserialize( $form->form_email_to ) : explode( ',', unserialize( $form->form_email_to ) );
38
  $form_success_type = stripslashes( $form->form_success_type );
39
  $form_success_message = stripslashes( $form->form_success_message );
40
  $form_notification_setting = stripslashes( $form->form_notification_setting );
@@ -291,7 +291,7 @@ class Visual_Form_Builder_Forms_Edit {
291
  <?php _e( 'E-mail(s) To' , 'visual-form-builder'); ?>
292
  <span class="vfb-tooltip" title="<?php esc_attr_e( 'About E-mail(s) To', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'This option sets single or multiple emails to send the submitted form data to. At least one email is required.', 'visual-form-builder' ); ?>">(?)</span>
293
  <br />
294
- <input type="text" value="<?php echo stripslashes( $email_to ); ?>" name="form_email_to[]" class="widefat" id="form-email-to-<?php echo "$count"; ?>" />
295
  </label>
296
 
297
  <a href="#" class="addEmail vfb-interface-icon vfb-interface-plus" title="<?php esc_attr_e( 'Add an Email', 'visua-form-builder' ); ?>">
34
  $form_email_from = esc_html( $form->form_email_from);
35
  $form_email_from_override = esc_html( $form->form_email_from_override);
36
  $form_email_from_name_override = stripslashes( $form->form_email_from_name_override);
37
+ $form_email_to = is_array( unserialize( $form->form_email_to ) ) ? unserialize( $form->form_email_to ) : explode( ',', unserialize( $form->form_email_to ) );
38
  $form_success_type = stripslashes( $form->form_success_type );
39
  $form_success_message = stripslashes( $form->form_success_message );
40
  $form_notification_setting = stripslashes( $form->form_notification_setting );
291
  <?php _e( 'E-mail(s) To' , 'visual-form-builder'); ?>
292
  <span class="vfb-tooltip" title="<?php esc_attr_e( 'About E-mail(s) To', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'This option sets single or multiple emails to send the submitted form data to. At least one email is required.', 'visual-form-builder' ); ?>">(?)</span>
293
  <br />
294
+ <input type="email" value="<?php echo esc_html( $email_to ); ?>" name="form_email_to[]" class="widefat" id="form-email-to-<?php echo "$count"; ?>" />
295
  </label>
296
 
297
  <a href="#" class="addEmail vfb-interface-icon vfb-interface-plus" title="<?php esc_attr_e( 'Add an Email', 'visua-form-builder' ); ?>">
admin/class-save.php CHANGED
@@ -43,7 +43,7 @@ class Visual_Form_Builder_Admin_Save {
43
  $form_from_name = sanitize_text_field( $_POST['form_email_from_name'] );
44
  $form_subject = sanitize_text_field( $_POST['form_email_subject'] );
45
  $form_from = sanitize_email( $_POST['form_email_from'] );
46
- $form_to = serialize( $_POST['form_email_to'] );
47
 
48
  $newdata = array(
49
  'form_key' => $form_key,
@@ -209,7 +209,7 @@ class Visual_Form_Builder_Admin_Save {
209
  foreach ( $field_ids as $id ) {
210
  $id = absint( $id );
211
 
212
- $field_name = isset( $_POST['field_name-' . $id] ) ? trim( $_POST['field_name-' . $id] ) : '';
213
  $field_key = sanitize_key( sanitize_title( $field_name, $id ) );
214
  $field_desc = isset( $_POST['field_description-' . $id] ) ? sanitize_textarea_field( trim( $_POST['field_description-' . $id] ) ) : '';
215
  $field_options = isset( $_POST['field_options-' . $id] ) ? serialize( array_map( 'sanitize_text_field', $_POST['field_options-' . $id] ) ) : '';
43
  $form_from_name = sanitize_text_field( $_POST['form_email_from_name'] );
44
  $form_subject = sanitize_text_field( $_POST['form_email_subject'] );
45
  $form_from = sanitize_email( $_POST['form_email_from'] );
46
+ $form_to = serialize( sanitize_email( $_POST['form_email_to'] ) );
47
 
48
  $newdata = array(
49
  'form_key' => $form_key,
209
  foreach ( $field_ids as $id ) {
210
  $id = absint( $id );
211
 
212
+ $field_name = isset( $_POST['field_name-' . $id] ) ? sanitize_text_field( trim( $_POST['field_name-' . $id] ) ) : '';
213
  $field_key = sanitize_key( sanitize_title( $field_name, $id ) );
214
  $field_desc = isset( $_POST['field_description-' . $id] ) ? sanitize_textarea_field( trim( $_POST['field_description-' . $id] ) ) : '';
215
  $field_options = isset( $_POST['field_options-' . $id] ) ? serialize( array_map( 'sanitize_text_field', $_POST['field_options-' . $id] ) ) : '';
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: mmuro
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9UN9CLPH4&lc=US&item_name=Visual%20Form%20Builder&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
4
  Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
5
  Requires at least: 4.7
6
- Tested up to: 5.8.1
7
- Stable tag: 3.0.6
8
  License: GPLv2 or later
9
 
10
  Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
@@ -231,6 +231,10 @@ function my_scripts_method() {
231
 
232
  == Changelog ==
233
 
 
 
 
 
234
  **Version 3.0.6 - Nov 03, 2021**
235
 
236
  * Update export code with various improvements
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9UN9CLPH4&lc=US&item_name=Visual%20Form%20Builder&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
4
  Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
5
  Requires at least: 4.7
6
+ Tested up to: 5.9.3
7
+ Stable tag: 3.0.7
8
  License: GPLv2 or later
9
 
10
  Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
231
 
232
  == Changelog ==
233
 
234
+ **Version 3.0.6 - Apr 06, 2022**
235
+
236
+ * Fix security on Email To under Add New page
237
+
238
  **Version 3.0.6 - Nov 03, 2021**
239
 
240
  * Update export code with various improvements
visual-form-builder.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Visual Form Builder
4
  Plugin URI: https://wordpress.org/plugins/visual-form-builder/
5
  Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
6
- Version: 3.0.6
7
  Author: Matthew Muro
8
  Author URI: http://vfbpro.com
9
  Text Domain: visual-form-builder
@@ -26,7 +26,7 @@ class Visual_Form_Builder {
26
  * The current version of the plugin.
27
  * @var [type]
28
  */
29
- protected $version = '3.0.6';
30
 
31
  /**
32
  * The current DB version. Used if we need to update the DB later.
3
  Plugin Name: Visual Form Builder
4
  Plugin URI: https://wordpress.org/plugins/visual-form-builder/
5
  Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
6
+ Version: 3.0.7
7
  Author: Matthew Muro
8
  Author URI: http://vfbpro.com
9
  Text Domain: visual-form-builder
26
  * The current version of the plugin.
27
  * @var [type]
28
  */
29
+ protected $version = '3.0.7';
30
 
31
  /**
32
  * The current DB version. Used if we need to update the DB later.