Visual Form Builder - Version 3.0.8

Version Description

Download this release

Release Info

Developer mmuro
Plugin Icon 128x128 Visual Form Builder
Version 3.0.8
Comparing to
See all releases

Code changes from version 3.0.7 to 3.0.8

Files changed (7) hide show
  1. admin/class-admin-menu.php +2 -2
  2. admin/class-entries-detail.php +3 -1
  3. admin/class-entries-list.php +12 -4
  4. admin/class-forms-edit.php +2 -0
  5. admin/class-forms-list.php +3 -2
  6. readme.txt +6 -2
  7. visual-form-builder.php +2 -2
admin/class-admin-menu.php CHANGED
@@ -264,8 +264,8 @@ class Visual_Form_Builder_Admin_Menu {
264
  ?>
265
  <form id="entries-filter" method="post" action="">
266
  <?php
267
- $entries_list->search_box( 'search', 'search_id' );
268
- $entries_list->display();
269
  ?>
270
  </form>
271
  <?php endif; ?>
264
  ?>
265
  <form id="entries-filter" method="post" action="">
266
  <?php
267
+ $entries_list->search_box( 'search', 'search_id' );
268
+ $entries_list->display();
269
  ?>
270
  </form>
271
  <?php endif; ?>
admin/class-entries-detail.php CHANGED
@@ -15,6 +15,8 @@ class Visual_Form_Builder_Entries_Detail {
15
  public function entries_detail() {
16
  global $wpdb;
17
 
 
 
18
  $entry_id = absint( $_GET['entry'] );
19
 
20
  $entries = $wpdb->get_results( $wpdb->prepare( "SELECT forms.form_title, entries.* FROM " . VFB_WP_FORMS_TABLE_NAME . " AS forms INNER JOIN " . VFB_WP_ENTRIES_TABLE_NAME . " AS entries ON entries.form_id = forms.form_id WHERE entries.entries_id = %d", $entry_id ) );
@@ -65,7 +67,7 @@ class Visual_Form_Builder_Entries_Detail {
65
 
66
  <div id="major-publishing-actions">
67
  <div id="delete-action">
68
- <?php echo sprintf( '<a class="submitdelete deletion entry-delete" href="%2$s&action=%3$s&entry=%4$d">%1$s</a>', __( 'Move to Trash', 'visual-form-builder' ), admin_url( 'admin.php?page=vfb-entries' ), 'trash', $entry_id ); ?>
69
  </div>
70
  <div id="publishing-action">
71
  <?php submit_button( __( 'Print', 'visual-form-builder' ), 'secondary', 'submit', false, array( 'onclick' => 'window.print();return false;' ) ); ?>
15
  public function entries_detail() {
16
  global $wpdb;
17
 
18
+ check_admin_referer( 'vfb_view_entry' );
19
+
20
  $entry_id = absint( $_GET['entry'] );
21
 
22
  $entries = $wpdb->get_results( $wpdb->prepare( "SELECT forms.form_title, entries.* FROM " . VFB_WP_FORMS_TABLE_NAME . " AS forms INNER JOIN " . VFB_WP_ENTRIES_TABLE_NAME . " AS entries ON entries.form_id = forms.form_id WHERE entries.entries_id = %d", $entry_id ) );
67
 
68
  <div id="major-publishing-actions">
69
  <div id="delete-action">
70
+ <?php echo sprintf( '<a class="submitdelete deletion entry-delete" href="%2$s&action=%3$s&entry=%4$d">%1$s</a>', __( 'Move to Trash', 'visual-form-builder' ), wp_nonce_url( admin_url( 'admin.php?page=vfb-entries' ), 'vfb_trash_entry' ), 'trash', $entry_id ); ?>
71
  </div>
72
  <div id="publishing-action">
73
  <?php submit_button( __( 'Print', 'visual-form-builder' ), 'secondary', 'submit', false, array( 'onclick' => 'window.print();return false;' ) ); ?>
admin/class-entries-list.php CHANGED
@@ -53,13 +53,13 @@ class Visual_Form_Builder_Entries_List extends Visual_Form_Builder_List_Table {
53
 
54
  // Build row actions
55
  if ( !$this->get_entry_status() || 'all' == $this->get_entry_status() )
56
- $actions['view'] = sprintf( '<a href="%s&action=%s&entry=%s" id="%3$s" class="view-entry">View</a>', admin_url( 'admin.php?page=vfb-entries' ), 'view', $item['entry_id'] );
57
 
58
  if ( !$this->get_entry_status() || 'all' == $this->get_entry_status() )
59
- $actions['trash'] = sprintf( '<a href="%s&action=%s&entry=%s">Trash</a>', admin_url( 'admin.php?page=vfb-entries' ), 'trash', $item['entry_id'] );
60
  elseif ( $this->get_entry_status() && 'trash' == $this->get_entry_status() ) {
61
- $actions['restore'] = sprintf( '<a href="%s&action=%s&entry=%s">%s</a>', admin_url( 'admin.php?page=vfb-entries' ), 'restore', $item['entry_id'], __( 'Restore', 'visual-form-builder' ) );
62
- $actions['delete'] = sprintf( '<a href="%s&action=%s&entry=%s">%s</a>', admin_url( 'admin.php?page=vfb-entries' ), 'delete', $item['entry_id'], __( 'Delete Permanently', 'visual-form-builder' ) );
63
  }
64
 
65
  return sprintf( '%1$s %2$s', $item['form'], $this->row_actions( $actions ) );
@@ -306,6 +306,8 @@ class Visual_Form_Builder_Entries_List extends Visual_Form_Builder_List_Table {
306
 
307
  switch( $this->current_action() ) :
308
  case 'trash' :
 
 
309
  foreach ( $entry_id as $id ) {
310
  $id = absint( $id );
311
  $wpdb->update( VFB_WP_ENTRIES_TABLE_NAME, array( 'entry_approved' => 'trash' ), array( 'entries_id' => $id ) );
@@ -313,6 +315,8 @@ class Visual_Form_Builder_Entries_List extends Visual_Form_Builder_List_Table {
313
  break;
314
 
315
  case 'delete' :
 
 
316
  foreach ( $entry_id as $id ) {
317
  $id = absint( $id );
318
  $wpdb->query( $wpdb->prepare( "DELETE FROM " . VFB_WP_ENTRIES_TABLE_NAME . " WHERE entries_id = %d", $id ) );
@@ -320,6 +324,8 @@ class Visual_Form_Builder_Entries_List extends Visual_Form_Builder_List_Table {
320
  break;
321
 
322
  case 'restore' :
 
 
323
  foreach ( $entry_id as $id ) {
324
  $id = absint( $id );
325
  $wpdb->update( VFB_WP_ENTRIES_TABLE_NAME, array( 'entry_approved' => 1 ), array( 'entries_id' => $id ) );
@@ -327,6 +333,8 @@ class Visual_Form_Builder_Entries_List extends Visual_Form_Builder_List_Table {
327
  break;
328
 
329
  case 'delete' :
 
 
330
  $entry_id = ( isset( $_GET['entry'] ) && is_array( $_GET['entry'] ) ) ? $_GET['entry'] : array( $_GET['entry'] );
331
 
332
  global $wpdb;
53
 
54
  // Build row actions
55
  if ( !$this->get_entry_status() || 'all' == $this->get_entry_status() )
56
+ $actions['view'] = sprintf( '<a href="%s&action=%s&entry=%s" id="%3$s" class="view-entry">View</a>', wp_nonce_url( admin_url( 'admin.php?page=vfb-entries' ), 'vfb_view_entry' ), 'view', $item['entry_id'] );
57
 
58
  if ( !$this->get_entry_status() || 'all' == $this->get_entry_status() )
59
+ $actions['trash'] = sprintf( '<a href="%s&action=%s&entry=%s">Trash</a>', wp_nonce_url( admin_url( 'admin.php?page=vfb-entries' ), 'vfb_trash_entry' ), 'trash', $item['entry_id'] );
60
  elseif ( $this->get_entry_status() && 'trash' == $this->get_entry_status() ) {
61
+ $actions['restore'] = sprintf( '<a href="%s&action=%s&entry=%s">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=vfb-entries' ), 'vfb_undo_trash_entry' ), 'restore', $item['entry_id'], __( 'Restore', 'visual-form-builder' ) );
62
+ $actions['delete'] = sprintf( '<a href="%s&action=%s&entry=%s">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=vfb-entries' ), 'vfb_delete_entry' ), 'delete', $item['entry_id'], __( 'Delete Permanently', 'visual-form-builder' ) );
63
  }
64
 
65
  return sprintf( '%1$s %2$s', $item['form'], $this->row_actions( $actions ) );
306
 
307
  switch( $this->current_action() ) :
308
  case 'trash' :
309
+ check_admin_referer( 'vfb_trash_entry' );
310
+
311
  foreach ( $entry_id as $id ) {
312
  $id = absint( $id );
313
  $wpdb->update( VFB_WP_ENTRIES_TABLE_NAME, array( 'entry_approved' => 'trash' ), array( 'entries_id' => $id ) );
315
  break;
316
 
317
  case 'delete' :
318
+ check_admin_referer( 'vfb_delete_entry' );
319
+
320
  foreach ( $entry_id as $id ) {
321
  $id = absint( $id );
322
  $wpdb->query( $wpdb->prepare( "DELETE FROM " . VFB_WP_ENTRIES_TABLE_NAME . " WHERE entries_id = %d", $id ) );
324
  break;
325
 
326
  case 'restore' :
327
+ check_admin_referer( 'vfb_undo_trash_entry' );
328
+
329
  foreach ( $entry_id as $id ) {
330
  $id = absint( $id );
331
  $wpdb->update( VFB_WP_ENTRIES_TABLE_NAME, array( 'entry_approved' => 1 ), array( 'entries_id' => $id ) );
333
  break;
334
 
335
  case 'delete' :
336
+ check_admin_referer( 'vfb_delete_entry' );
337
+
338
  $entry_id = ( isset( $_GET['entry'] ) && is_array( $_GET['entry'] ) ) ? $_GET['entry'] : array( $_GET['entry'] );
339
 
340
  global $wpdb;
admin/class-forms-edit.php CHANGED
@@ -13,6 +13,8 @@ class Visual_Form_Builder_Forms_Edit {
13
  public function display() {
14
  global $wpdb;
15
 
 
 
16
  $current_user = wp_get_current_user();
17
 
18
  // Save current user ID
13
  public function display() {
14
  global $wpdb;
15
 
16
+ check_admin_referer( 'vfb_edit_form' );
17
+
18
  $current_user = wp_get_current_user();
19
 
20
  // Save current user ID
admin/class-forms-list.php CHANGED
@@ -51,8 +51,9 @@ class Visual_Form_Builder_Forms_List extends Visual_Form_Builder_List_Table {
51
  $actions = array();
52
 
53
  // Edit Form
54
- $form_title = sprintf( '<strong><a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a></strong>', admin_url( 'admin.php?page=visual-form-builder' ), 'edit', $item['form_id'], $item['form_title'] );
55
- $actions['edit'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', admin_url( 'admin.php?page=visual-form-builder' ), 'edit', $item['form_id'], __( 'Edit', 'visual-form-builder' ) );
 
56
 
57
  // Duplicate Form
58
  $actions['copy'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'copy-form-' . $item['form_id'] ), 'copy_form', $item['form_id'], __( 'Duplicate', 'visual-form-builder' ) );
51
  $actions = array();
52
 
53
  // Edit Form
54
+ $edit_link = wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'vfb_edit_form' );
55
+ $form_title = sprintf( '<strong><a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a></strong>', $edit_link, 'edit', $item['form_id'], $item['form_title'] );
56
+ $actions['edit'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', $edit_link, 'edit', $item['form_id'], __( 'Edit', 'visual-form-builder' ) );
57
 
58
  // Duplicate Form
59
  $actions['copy'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'copy-form-' . $item['form_id'] ), 'copy_form', $item['form_id'], __( 'Duplicate', 'visual-form-builder' ) );
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=G87A9
4
  Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
5
  Requires at least: 4.7
6
  Tested up to: 5.9.3
7
- Stable tag: 3.0.7
8
  License: GPLv2 or later
9
 
10
  Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
@@ -231,7 +231,11 @@ function my_scripts_method() {
231
 
232
  == Changelog ==
233
 
234
- **Version 3.0.6 - Apr 06, 2022**
 
 
 
 
235
 
236
  * Fix security on Email To under Add New page
237
 
4
  Tags: form, forms, contact form, contact forms, form, forms, form to email, email form, email, input, validation, jquery, shortcode, form builder, contact form builder, form manager, form creator
5
  Requires at least: 4.7
6
  Tested up to: 5.9.3
7
+ Stable tag: 3.0.8
8
  License: GPLv2 or later
9
 
10
  Build beautiful, fully functional contact forms in only a few minutes without writing PHP, CSS, or HTML.
231
 
232
  == Changelog ==
233
 
234
+ **Version 3.0.8 - Apr 08, 2022**
235
+
236
+ * Update Entries table with CSRF protection
237
+
238
+ **Version 3.0.7 - Apr 06, 2022**
239
 
240
  * Fix security on Email To under Add New page
241
 
visual-form-builder.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Visual Form Builder
4
  Plugin URI: https://wordpress.org/plugins/visual-form-builder/
5
  Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
6
- Version: 3.0.7
7
  Author: Matthew Muro
8
  Author URI: http://vfbpro.com
9
  Text Domain: visual-form-builder
@@ -26,7 +26,7 @@ class Visual_Form_Builder {
26
  * The current version of the plugin.
27
  * @var [type]
28
  */
29
- protected $version = '3.0.7';
30
 
31
  /**
32
  * The current DB version. Used if we need to update the DB later.
3
  Plugin Name: Visual Form Builder
4
  Plugin URI: https://wordpress.org/plugins/visual-form-builder/
5
  Description: Dynamically build forms using a simple interface. Forms include jQuery validation, a basic logic-based verification system, and entry tracking.
6
+ Version: 3.0.8
7
  Author: Matthew Muro
8
  Author URI: http://vfbpro.com
9
  Text Domain: visual-form-builder
26
  * The current version of the plugin.
27
  * @var [type]
28
  */
29
+ protected $version = '3.0.8';
30
 
31
  /**
32
  * The current DB version. Used if we need to update the DB later.