Comments – wpDiscuz - Version 5.3.3

Version Description

Release Info

Developer	AdvancedCoding
Plugin	Comments – wpDiscuz
Version	5.3.3
Comparing to
See all releases

Code changes from version 5.3.2 to 5.3.3

Files changed (18) hide show

class.WpdiscuzCore.php +1 -1
forms/wpDiscuzForm.php +4 -0
forms/wpdFormAttr/Field/AgreementCheckbox.php +9 -9
forms/wpdFormAttr/Field/CheckboxField.php +1 -1
forms/wpdFormAttr/Field/CookiesConsent.php +1 -1
forms/wpdFormAttr/Field/DefaultField/Captcha.php +5 -0
forms/wpdFormAttr/Field/DefaultField/Website.php +1 -1
forms/wpdFormAttr/Field/Field.php +2 -2
forms/wpdFormAttr/Field/SelectField.php +2 -2
forms/wpdFormAttr/Field/UrlField.php +8 -5
forms/wpdFormAttr/Form.php +31 -14
forms/wpdFormAttr/Row.php +37 -4
readme.txt +7 -2
templates/comment/comment-form.php +2 -2
utils/ajax/wpdiscuz-ajax.php +17 -7
utils/class.WpdiscuzHelperEmail.php +2 -2
utils/form-bottom-statistics.php +3 -3
utils/layouts/pagination.php +1 -1

class.WpdiscuzCore.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/*
4	* Plugin Name: wpDiscuz
5	* Description: Better comment system. Wordpress post comments and discussion plugin. Allows your visitors discuss, vote for comments and share.
6	- * Version: 5.3.2
7	* Author: gVectors Team (A. Chakhoyan, G. Zakaryan, H. Martirosyan)
8	* Author URI: https://gvectors.com/
9	* Plugin URI: http://wpdiscuz.com/


3	/*
4	* Plugin Name: wpDiscuz
5	* Description: Better comment system. Wordpress post comments and discussion plugin. Allows your visitors discuss, vote for comments and share.
6	+ * Version: 5.3.3
7	* Author: gVectors Team (A. Chakhoyan, G. Zakaryan, H. Martirosyan)
8	* Author URI: https://gvectors.com/
9	* Plugin URI: http://wpdiscuz.com/

forms/wpDiscuzForm.php CHANGED Viewed

	@@ -97,6 +97,10 @@ class wpDiscuzForm implements wpdFormConst {
97	if ($isDefault) {
98	$field = 'wpdFormAttr\Field\\' . $field;
99	}




100	$fieldClass = call_user_func($field . '::getInstance');
101	$fieldClass->dashboardFormDialogHtml($row, $col);
102	} else {


97	if ($isDefault) {
98	$field = 'wpdFormAttr\Field\\' . $field;
99	}
100	+ $allowedFieldsType = $this->form->getAllowedFieldsType();
101	+ if(!in_array($field, $allowedFieldsType,true)){
102	+ throw new Exception('Not whitelisted value detected');
103	+ }
104	$fieldClass = call_user_func($field . '::getInstance');
105	$fieldClass->dashboardFormDialogHtml($row, $col);
106	} else {

forms/wpdFormAttr/Field/AgreementCheckbox.php CHANGED Viewed

	@@ -8,13 +8,13 @@ class AgreementCheckbox extends Field {
8	?>
9	<div class="wpd-field-body" style="display: <?php echo $this->display; ?>">
10	<div class="wpd-field-option wpdiscuz-item">
11	- <input class="wpd-field-type" type="hidden" value="<?php echo $this->type; ?>" name="<?php echo $this->fieldInputName; ?>[type]" />
12	<label><?php _e('Name', 'wpdiscuz'); ?>:</label>
13	- <input class="wpd-field-name" type="text" value="<?php echo $this->fieldData['name']; ?>" name="<?php echo $this->fieldInputName; ?>[name]" required />
14	</div>
15	<div class="wpd-field-option">
16	<label><?php _e('Description', 'wpdiscuz'); ?>:</label>
17	- <input type="text" value="<?php echo $this->fieldData['desc']; ?>" name="<?php echo $this->fieldInputName; ?>[desc]" />
18	<p class="wpd-info"><?php _e('Field specific short description or some rule related to inserted information.', 'wpdiscuz'); ?></p>
19	</div>
20	<div class="wpd-field-option">
	@@ -22,27 +22,27 @@ class AgreementCheckbox extends Field {
22	<p class="wpd-info"><?php _e('You can use HTML tags to add links to website Terms and Privacy Policy pages. For example: ', 'wpdiscuz'); ?><br>
23	<code><?php echo esc_html('I agree to the <a href="https://example.com/terms/" target="_blank">Terms</a> and <a href="https://example.com/privacy/" target="_blank">Privacy Policy</a>'); ?></code>
24	</p>
25	- <textarea required="required" type="text" name="<?php echo $this->fieldInputName; ?>[label]" style="height: 75px;width:100%"><?php echo $this->fieldData['label']; ?></textarea>
26	</div>
27	<div class="wpd-field-option">
28	<label><?php _e('Field is required', 'wpdiscuz'); ?>:</label>
29	- <input type="checkbox" value="1" <?php checked($this->fieldData['required'], 1, true); ?> name="<?php echo $this->fieldInputName; ?>[required]" />
30	</div>
31	<div class="wpd-field-option">
32	<label><?php _e('Display on reply form', 'wpdiscuz'); ?>:</label>
33	- <input type="checkbox" value="1" <?php checked($this->fieldData['is_show_sform'], 1, true); ?> name="<?php echo $this->fieldInputName; ?>[is_show_sform]" />
34	</div>
35	<div class="wpd-field-option">
36	<label><?php _e('Display for Guests', 'wpdiscuz'); ?>:</label>
37	- <input type="checkbox" value="1" <?php checked($this->fieldData['show_for_guests'], 1, true); ?> name="<?php echo $this->fieldInputName; ?>[show_for_guests]" />
38	</div>
39	<div class="wpd-field-option">
40	<label><?php _e('Display for Registered Users', 'wpdiscuz'); ?>:</label>
41	- <input type="checkbox" value="1" <?php checked($this->fieldData['show_for_users'], 1, true); ?> name="<?php echo $this->fieldInputName; ?>[show_for_users]" />
42	</div>
43	<div class="wpd-field-option">
44	<label><?php _e('Don\'t show again if the agreement is accepted once', 'wpdiscuz'); ?>:</label>
45	- <input type="checkbox" value="1" <?php checked($this->fieldData['donot_show_again_if_checked'], 1, true); ?> name="<?php echo $this->fieldInputName; ?>[donot_show_again_if_checked]" />
46	</div>
47	<div style="clear:both;"></div>
48	</div>


8	?>
9	<div class="wpd-field-body" style="display: <?php echo $this->display; ?>">
10	<div class="wpd-field-option wpdiscuz-item">
11	+ <input class="wpd-field-type" type="hidden" value="<?php echo $this->type; ?>" name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[type]" />
12	<label><?php _e('Name', 'wpdiscuz'); ?>:</label>
13	+ <input class="wpd-field-name" type="text" value="<?php echo htmlentities($this->fieldData['name'], ENT_QUOTES); ?>" name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[name]" required />
14	</div>
15	<div class="wpd-field-option">
16	<label><?php _e('Description', 'wpdiscuz'); ?>:</label>
17	+ <input type="text" value="<?php echo htmlentities($this->fieldData['desc'], ENT_QUOTES); ?>" name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[desc]" />
18	<p class="wpd-info"><?php _e('Field specific short description or some rule related to inserted information.', 'wpdiscuz'); ?></p>
19	</div>
20	<div class="wpd-field-option">

22	<p class="wpd-info"><?php _e('You can use HTML tags to add links to website Terms and Privacy Policy pages. For example: ', 'wpdiscuz'); ?><br>
23	<code><?php echo esc_html('I agree to the <a href="https://example.com/terms/" target="_blank">Terms</a> and <a href="https://example.com/privacy/" target="_blank">Privacy Policy</a>'); ?></code>
24	</p>
25	+ <textarea required="required" type="text" name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[label]" style="height: 75px;width:100%"><?php echo htmlentities($this->fieldData['label']); ?></textarea>
26	</div>
27	<div class="wpd-field-option">
28	<label><?php _e('Field is required', 'wpdiscuz'); ?>:</label>
29	+ <input type="checkbox" value="1" <?php checked($this->fieldData['required'], 1, true); ?> name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[required]" />
30	</div>
31	<div class="wpd-field-option">
32	<label><?php _e('Display on reply form', 'wpdiscuz'); ?>:</label>
33	+ <input type="checkbox" value="1" <?php checked($this->fieldData['is_show_sform'], 1, true); ?> name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[is_show_sform]" />
34	</div>
35	<div class="wpd-field-option">
36	<label><?php _e('Display for Guests', 'wpdiscuz'); ?>:</label>
37	+ <input type="checkbox" value="1" <?php checked($this->fieldData['show_for_guests'], 1, true); ?> name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[show_for_guests]" />
38	</div>
39	<div class="wpd-field-option">
40	<label><?php _e('Display for Registered Users', 'wpdiscuz'); ?>:</label>
41	+ <input type="checkbox" value="1" <?php checked($this->fieldData['show_for_users'], 1, true); ?> name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[show_for_users]" />
42	</div>
43	<div class="wpd-field-option">
44	<label><?php _e('Don\'t show again if the agreement is accepted once', 'wpdiscuz'); ?>:</label>
45	+ <input type="checkbox" value="1" <?php checked($this->fieldData['donot_show_again_if_checked'], 1, true); ?> name="<?php echo htmlentities($this->fieldInputName, ENT_QUOTES); ?>[donot_show_again_if_checked]" />
46	</div>
47	<div style="clear:both;"></div>
48	</div>

forms/wpdFormAttr/Field/CheckboxField.php CHANGED Viewed

	@@ -93,7 +93,7 @@ class CheckboxField extends Field {
93	<div class="wpd-field-group-title">
94	<div class="wpd-item">
95	<input id="<?php echo $name . '-1_' . $uniqueId; ?>" type="checkbox" name="<?php echo $name; ?>[]" value="1" class="<?php echo $name; ?> wpd-field" <?php echo $args['required'] ? 'required' : ''; ?>>
96	- <label class="wpd-field-label wpd-cursor-pointer" for="<?php echo $name . '-1_' . $uniqueId; ?>"><?php echo $args['values'][0]; ?></label>
97	</div>
98	</div>
99	<?php if ($args['desc']) { ?>


93	<div class="wpd-field-group-title">
94	<div class="wpd-item">
95	<input id="<?php echo $name . '-1_' . $uniqueId; ?>" type="checkbox" name="<?php echo $name; ?>[]" value="1" class="<?php echo $name; ?> wpd-field" <?php echo $args['required'] ? 'required' : ''; ?>>
96	+ <label class="wpd-field-label wpd-cursor-pointer" for="<?php echo $name . '-1_' . $uniqueId; ?>"><?php echo htmlentities($args['values'][0]); ?></label>
97	</div>
98	</div>
99	<?php if ($args['desc']) { ?>

forms/wpdFormAttr/Field/CookiesConsent.php CHANGED Viewed

	@@ -44,7 +44,7 @@ class CookiesConsent extends Field {
44	<div class="wpd-field-group-title">
45	<div class="wpd-item">
46	<input id="<?php echo $name . '-1_' . $uniqueId; ?>" name="<?php echo $name; ?>" type="checkbox" value="1" <?php echo $consent; ?> class="<?php echo $name; ?> wpd-field wpd-cookies-checkbox" />
47	- <label class="wpd-field-label wpd-cursor-pointer" for="<?php echo $name . '-1_' . $uniqueId; ?>"><?php echo $args['label']; ?></label>
48	</div>
49	</div>
50	<?php if ($args['desc']) { ?>


44	<div class="wpd-field-group-title">
45	<div class="wpd-item">
46	<input id="<?php echo $name . '-1_' . $uniqueId; ?>" name="<?php echo $name; ?>" type="checkbox" value="1" <?php echo $consent; ?> class="<?php echo $name; ?> wpd-field wpd-cookies-checkbox" />
47	+ <label class="wpd-field-label wpd-cursor-pointer" for="<?php echo $name . '-1_' . $uniqueId; ?>"><?php echo htmlentities($args['label']); ?></label>
48	</div>
49	</div>
50	<?php if ($args['desc']) { ?>

forms/wpdFormAttr/Field/DefaultField/Captcha.php CHANGED Viewed

	@@ -301,8 +301,13 @@ class Captcha extends Field {
301	return false;
302	}
303	$captchaLower = strtolower($captcha);

304	$file = $fileName . '.jpg';



305	$filePath = $this->captchaDir . WPDISCUZ_DS . $file;

306	$parts = explode('=', file_get_contents($filePath));
307	$tKey = $parts[0];
308	$tAnswer = $parts[1];


301	return false;
302	}
303	$captchaLower = strtolower($captcha);
304	+ $captchaFiles = array_diff(scandir($this->captchaDir), array('..', '.'));
305	$file = $fileName . '.jpg';
306	+ if(!in_array($file, $captchaFiles,true)){
307	+ return false;
308	+ }
309	$filePath = $this->captchaDir . WPDISCUZ_DS . $file;
310	+ if(file_exists($filePath)){}
311	$parts = explode('=', file_get_contents($filePath));
312	$tKey = $parts[0];
313	$tAnswer = $parts[1];

forms/wpdFormAttr/Field/DefaultField/Website.php CHANGED Viewed

	@@ -50,7 +50,7 @@ class Website extends Field {
50	<?php if ($hasIcon) { ?>
51	<div class="wpd-field-icon"><i class="<?php echo strpos(trim($args['icon']), ' ') ? $args['icon'] : 'fas ' . $args['icon']; ?>"></i></div>
52	<?php } ?>
53	- <input value="<?php echo $authorUrl; ?>" class="<?php echo $name; ?> wpd-field" type="text" name="<?php echo $name; ?>" placeholder="<?php echo $args['name'];
54	echo!empty($args['required']) ? '*' : ''; ?>">
55	<?php if ($args['desc']) { ?>
56	<div class="wpd-field-desc"><i class="far fa-question-circle" aria-hidden="true"></i><span><?php echo $args['desc']; ?></span></div>


50	<?php if ($hasIcon) { ?>
51	<div class="wpd-field-icon"><i class="<?php echo strpos(trim($args['icon']), ' ') ? $args['icon'] : 'fas ' . $args['icon']; ?>"></i></div>
52	<?php } ?>
53	+ <input value="<?php echo $authorUrl; ?>" class="<?php echo $name; ?> wpd-field" type="text" name="<?php echo htmlentities($name, ENT_QUOTES); ?>" placeholder="<?php echo htmlentities($args['name'], ENT_QUOTES);
54	echo!empty($args['required']) ? '*' : ''; ?>">
55	<?php if ($args['desc']) { ?>
56	<div class="wpd-field-desc"><i class="far fa-question-circle" aria-hidden="true"></i><span><?php echo $args['desc']; ?></span></div>

forms/wpdFormAttr/Field/Field.php CHANGED Viewed

	@@ -55,7 +55,7 @@ abstract class Field {
55	?>
56	<div class="wpd-field <?php echo $this->isDefault ? 'wpd-default-field' : ''; ?>">
57	<div class="wpd-field-head">
58	- <?php echo $args['name']; ?>
59	<?php
60	if ($args['type'] == 'wpdFormAttr\Field\DefaultField\Submit') {
61	_e(' (Submit Button)', 'wpdiscuz');
	@@ -63,7 +63,7 @@ abstract class Field {
63	_e(' (CAPTCHA)', 'wpdiscuz');
64	} elseif (!strstr($args['type'], 'wpdFormAttr\Field\DefaultField')) {
65	$fieldLable = str_replace('wpdFormAttr\Field\\', '', $args['type']);
66	- echo ' ( ' . str_replace('Field', '', $fieldLable) . ' )';
67	}
68	?>
69	<div class="wpd-field-actions">


55	?>
56	<div class="wpd-field <?php echo $this->isDefault ? 'wpd-default-field' : ''; ?>">
57	<div class="wpd-field-head">
58	+ <?php echo htmlentities($args['name']); ?>
59	<?php
60	if ($args['type'] == 'wpdFormAttr\Field\DefaultField\Submit') {
61	_e(' (Submit Button)', 'wpdiscuz');

63	_e(' (CAPTCHA)', 'wpdiscuz');
64	} elseif (!strstr($args['type'], 'wpdFormAttr\Field\DefaultField')) {
65	$fieldLable = str_replace('wpdFormAttr\Field\\', '', $args['type']);
66	+ echo ' ( ' . htmlentities(str_replace('Field', '', $fieldLable)) . ' )';
67	}
68	?>
69	<div class="wpd-field-actions">

forms/wpdFormAttr/Field/SelectField.php CHANGED Viewed

	@@ -89,9 +89,9 @@ class SelectField extends Field {
89	<?php $required = $args['required'] ? ' required="required" ' : ''; ?>
90	<div class="wpdiscuz-item wpd-field-group wpd-field-select <?php echo $name, '-wrapper', ($hasDesc ? ' wpd-has-desc' : ''); ?>">
91	<select <?php echo $required; ?> name="<?php echo $name; ?>" class="<?php echo $name; ?> wpd-field wpdiscuz_select">
92	- <option value=""><?php echo $args['name']; ?></option>
93	<?php foreach ($args['values'] as $index => $val): ?>
94	- <option value="<?php echo $index + 1; ?>"><?php echo $val; ?></option>
95	<?php endforeach; ?>
96	</select>
97	<?php if ($args['desc']) { ?>


89	<?php $required = $args['required'] ? ' required="required" ' : ''; ?>
90	<div class="wpdiscuz-item wpd-field-group wpd-field-select <?php echo $name, '-wrapper', ($hasDesc ? ' wpd-has-desc' : ''); ?>">
91	<select <?php echo $required; ?> name="<?php echo $name; ?>" class="<?php echo $name; ?> wpd-field wpdiscuz_select">
92	+ <option value=""><?php echo htmlentities($args['name']); ?></option>
93	<?php foreach ($args['values'] as $index => $val): ?>
94	+ <option value="<?php echo $index + 1; ?>"><?php echo htmlentities($val); ?></option>
95	<?php endforeach; ?>
96	</select>
97	<?php if ($args['desc']) { ?>

forms/wpdFormAttr/Field/UrlField.php CHANGED Viewed

	@@ -78,13 +78,16 @@ class UrlField extends Field {
78	$hasDesc = $args['desc'] ? true : false;
79	?>
80	<div class="wpdiscuz-item <?php echo $name, '-wrapper', ($hasIcon ? ' wpd-has-icon' : ''), ($hasDesc ? ' wpd-has-desc' : ''); ?>">
81	- <?php if ($hasIcon) { ?>
82	- ~~<div~~ class~~="wpd-field-icon"><i~~ ~~style~~=~~"opacity:~~ ~~0.8;" class="<?php echo~~ strpos(trim($args['icon']), ' ') ? $args['icon'] : 'fas '.$args['icon']; ~~?>"></i></div>~~


83	<?php } ?>
84	- <?php ~~$required = $args['required'] ? 'required="required"' : ''; ?>~~
85	- ~~<input <?php echo~~ $required; ~~?> class~~=~~"<?php~~ ~~echo~~ $~~name; ?> wpd-field" type="url" name="<?php echo $name; ?>" value="" placeholder="<?php _e($~~args['~~name'], 'wpdiscuz'); echo !empty($args['~~required']) ? '*' : ''; ?>">

86	<?php if ($args['desc']) { ?>
87	- <div class="wpd-field-desc"><i class="far fa-question-circle" aria-hidden="true"></i><span><?php echo $args['desc']; ?></span></div>
88	<?php } ?>
89	</div>
90	<?php


78	$hasDesc = $args['desc'] ? true : false;
79	?>
80	<div class="wpdiscuz-item <?php echo $name, '-wrapper', ($hasIcon ? ' wpd-has-icon' : ''), ($hasDesc ? ' wpd-has-desc' : ''); ?>">
81	+ <?php if ($hasIcon) {
82	+ $class = strpos(trim($args['icon']), ' ') ? $args['icon'] : 'fas '.$args['icon'];
83	+ ?>
84	+ <div class="wpd-field-icon"><i style="opacity: 0.8;" class="<?php echo htmlentities($class, ENT_QUOTES);?>"></i></div>
85	<?php } ?>
86	+ <?php
87	+ $required = $args['required'] ? 'required="required"' : ''; ?>
88	+ <input <?php echo $required; ?> class="<?php echo htmlentities($name, ENT_QUOTES); ?> wpd-field" type="url" name="<?php echo htmlentities($name, ENT_QUOTES); ?>" value="" placeholder="<?php _e($args['name'], 'wpdiscuz'); echo !empty($args['required']) ? '*' : ''; ?>">
89	<?php if ($args['desc']) { ?>
90	+ <div class="wpd-field-desc"><i class="far fa-question-circle" aria-hidden="true"></i><span><?php echo htmlentities($args['desc']); ?></span></div>
91	<?php } ?>
92	</div>
93	<?php

forms/wpdFormAttr/Form.php CHANGED Viewed

	@@ -149,13 +149,13 @@ class Form {
149	switch ($column) {
150	case 'form_post_types':
151	$postTypes = isset($this->generalOptions[wpdFormConst::WPDISCUZ_META_FORMS_POSTE_TYPES]) ? $this->generalOptions[wpdFormConst::WPDISCUZ_META_FORMS_POSTE_TYPES] : '';
152	- echo $postTypes ? implode(', ', $this->generalOptions[wpdFormConst::WPDISCUZ_META_FORMS_POSTE_TYPES]) : '';
153	break;
154	case 'form_post_ids':
155	- echo isset($this->generalOptions['postid']) ? $this->generalOptions['postid'] : '';
156	break;
157	case 'form_lang':
158	- echo isset($this->generalOptions['lang']) ? $this->generalOptions['lang'] : '';
159	break;
160	}
161	}
	@@ -487,8 +487,12 @@ class Form {
487	}
488
489	public function validateFields($currentUser) {

490	foreach ($this->formCustomFields as $fieldName => $fieldArgs) {
491	$fieldType = $fieldArgs['type'];



492	$field = call_user_func($fieldType . '::getInstance');
493	if (isset($fieldArgs['no_insert_meta'])) {
494	$field->validateFieldData($fieldName, $fieldArgs, $this->wpdOptions, $currentUser);
	@@ -541,11 +545,12 @@ class Form {
541
542	private function _renderFrontCommentMetaHtml($meta, $formCustomFields, $loc) {
543	$html = '';

544	foreach ($formCustomFields as $key => $value) {
545	if (isset($value['loc']) && $value['loc'] == $loc) {
546	$fieldType = $value['type'];
547	$metaValuen = isset($meta[$key][0]) ? maybe_unserialize($meta[$key][0]) : '';
548	- if (is_callable($fieldType . '::getInstance') && $metaValuen) {
549	$field = call_user_func($fieldType . '::getInstance');
550	$html .= $field->drawContent($metaValuen, $value);
551	}
	@@ -631,11 +636,14 @@ class Form {
631	$html .= '<div class="wpdiscuz-item wpdiscuz-textarea-wrap"><textarea required="required" name="wc_comment" class="wc_comment wpd-field wc_edit_comment" style="min-height: 2em;">' . str_replace(array('<code>', '</code>'), array('`', '`'), $comment->comment_content) . '</textarea></div>';
632	if ($this->formCustomFields) {
633	$html .= '<table class="form-table editcomment wpd-form-row"><tbody>';

634	foreach ($this->formCustomFields as $key => $data) {
635	$fieldType = $data['type'];
636	- ~~$field~~ ~~= call_user_func~~($fieldType . ~~'::getInstance'~~);
637	- $~~value~~ = ~~get_comment_meta~~($~~comment->comment_ID,~~ ~~$key,~~ ~~true~~);
638	- $~~html~~ .= $~~field~~->~~editCommentHtml($key~~, $~~value~~, ~~$data, $comment~~);


639	}
640	$html .= '</tbody></table>';
641	}
	@@ -655,11 +663,14 @@ class Form {
655	<table class="form-table editcomment">
656	<tbody>
657	<?php

658	foreach ($this->formCustomFields as $key => $data) {
659	$fieldType = $data['type'];
660	- ~~$field~~ ~~= call_user_func~~($fieldType . ~~'::getInstance'~~);
661	- $~~value~~ = ~~get_comment_meta~~($~~comment->comment_ID,~~ ~~$key,~~ ~~true~~);
662	- ~~echo~~ $~~field~~->~~editCommentHtml($key~~, $~~value~~, ~~$data, $comment~~);


663	}
664	?>
665	</tbody>
	@@ -687,7 +698,7 @@ class Form {
687	</th>
688	<td>
689	<?php $lang = isset($this->generalOptions['lang']) ? $this->generalOptions['lang'] : get_locale(); ?>
690	- <input required="" type="text" name="<?php echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[lang]" value="<?php echo $lang; ?>" >
691	<a href="https://wpdiscuz.com/docs/wpdiscuz-documentation/getting-started/custom-comment-form/comment-form-settings/#language" title="<?php _e('Read the documentation', 'wpdiscuz') ?>" target="_blank"><i class="far fa-question-circle"></i></a>
692	</td>
693	</tr>
	@@ -754,7 +765,7 @@ class Form {
754	</th>
755	<td>
756	<?php $subscriptionAgreementLabel = isset($this->generalOptions['subscription_agreement_label']) && $this->generalOptions['subscription_agreement_label'] ? $this->generalOptions['subscription_agreement_label'] : __('I allow to use my email address and send notification about new comments and replies (you can unsubscribe at any time).', 'wpdiscuz'); ?>
757	- <textarea name="<?php echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[subscription_agreement_label]" style="width:80%;"><?php echo $subscriptionAgreementLabel; ?></textarea>
758	</td>
759	</tr>
760	</tr>
	@@ -764,7 +775,8 @@ class Form {
764	</th>
765	<td >
766	<div>
767	- ~~<input type="text" name="~~<?php ~~echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[~~header_text]" ~~placeholder~~=~~"<?php~~ ~~_e('Leave a Reply', 'wpdiscuz'); ?>" value="<?php echo~~ isset($this->generalOptions['header_text']) ? $this->generalOptions['header_text'] : __('Leave a Reply', 'wpdiscuz'); ?>~~" style="width:80%;">~~

768	<a href="https://wpdiscuz.com/docs/wpdiscuz-documentation/getting-started/custom-comment-form/comment-form-settings/#comment_form_header_text" title="<?php _e('Read the documentation', 'wpdiscuz') ?>" target="_blank"><i class="far fa-question-circle"></i></a>
769	</div>
770	</td>
	@@ -804,7 +816,8 @@ class Form {
804	<p class="wpd-info"> <?php _e('You can use this form for certain posts/pages specified by comma separated IDs.', 'wpdiscuz'); ?></p>
805	</th>
806	<td>
807	- ~~<input type="text" name="~~<?php ~~echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[postid]" placeholder~~=~~"5,26,30..."~~ ~~value="<?php echo~~ isset($this->generalOptions['postid']) ? $this->generalOptions['postid'] : ''~~; ?>" style="width:80%;">~~

808	<a href="https://wpdiscuz.com/docs/wpdiscuz-documentation/getting-started/custom-comment-form/comment-form-settings/#comment_form_for_post_id" title="<?php _e('Read the documentation', 'wpdiscuz') ?>" target="_blank"><i class="far fa-question-circle"></i></a>
809	</td>
810	</tr>
	@@ -993,5 +1006,9 @@ class Form {
993	$this->formCustomFields = array();
994	$this->formFields = array();
995	}




996
997	}


149	switch ($column) {
150	case 'form_post_types':
151	$postTypes = isset($this->generalOptions[wpdFormConst::WPDISCUZ_META_FORMS_POSTE_TYPES]) ? $this->generalOptions[wpdFormConst::WPDISCUZ_META_FORMS_POSTE_TYPES] : '';
152	+ echo $postTypes ? htmlentities(implode(', ', $this->generalOptions[wpdFormConst::WPDISCUZ_META_FORMS_POSTE_TYPES])) : '';
153	break;
154	case 'form_post_ids':
155	+ echo isset($this->generalOptions['postid']) ? htmlentities($this->generalOptions['postid']) : '';
156	break;
157	case 'form_lang':
158	+ echo isset($this->generalOptions['lang']) ? htmlentities($this->generalOptions['lang']) : '';
159	break;
160	}
161	}

487	}
488
489	public function validateFields($currentUser) {
490	+ $allowedFieldsType = $this->row->allowedFieldsType();
491	foreach ($this->formCustomFields as $fieldName => $fieldArgs) {
492	$fieldType = $fieldArgs['type'];
493	+ if (!in_array($fieldType, $allowedFieldsType, true)) {
494	+ throw new Exception('Not whitelisted value detected');
495	+ }
496	$field = call_user_func($fieldType . '::getInstance');
497	if (isset($fieldArgs['no_insert_meta'])) {
498	$field->validateFieldData($fieldName, $fieldArgs, $this->wpdOptions, $currentUser);

545
546	private function _renderFrontCommentMetaHtml($meta, $formCustomFields, $loc) {
547	$html = '';
548	+ $allowedFieldsType = $this->row->allowedFieldsType();
549	foreach ($formCustomFields as $key => $value) {
550	if (isset($value['loc']) && $value['loc'] == $loc) {
551	$fieldType = $value['type'];
552	$metaValuen = isset($meta[$key][0]) ? maybe_unserialize($meta[$key][0]) : '';
553	+ if (in_array($fieldType, $allowedFieldsType, true) && is_callable($fieldType . '::getInstance') && $metaValuen) {
554	$field = call_user_func($fieldType . '::getInstance');
555	$html .= $field->drawContent($metaValuen, $value);
556	}

636	$html .= '<div class="wpdiscuz-item wpdiscuz-textarea-wrap"><textarea required="required" name="wc_comment" class="wc_comment wpd-field wc_edit_comment" style="min-height: 2em;">' . str_replace(array('<code>', '</code>'), array('`', '`'), $comment->comment_content) . '</textarea></div>';
637	if ($this->formCustomFields) {
638	$html .= '<table class="form-table editcomment wpd-form-row"><tbody>';
639	+ $allowedFieldsType = $this->row->allowedFieldsType();
640	foreach ($this->formCustomFields as $key => $data) {
641	$fieldType = $data['type'];
642	+ if (in_array($fieldType, $allowedFieldsType, true)) {
643	+ $field = call_user_func($fieldType . '::getInstance');
644	+ $value = get_comment_meta($comment->comment_ID, $key, true);
645	+ $html .= $field->editCommentHtml($key, $value, $data, $comment);
646	+ }
647	}
648	$html .= '</tbody></table>';
649	}

663	<table class="form-table editcomment">
664	<tbody>
665	<?php
666	+ $allowedFieldsType = $this->row->allowedFieldsType();
667	foreach ($this->formCustomFields as $key => $data) {
668	$fieldType = $data['type'];
669	+ if (in_array($fieldType, $allowedFieldsType, true)) {
670	+ $field = call_user_func($fieldType . '::getInstance');
671	+ $value = get_comment_meta($comment->comment_ID, $key, true);
672	+ echo $field->editCommentHtml($key, $value, $data, $comment);
673	+ }
674	}
675	?>
676	</tbody>

698	</th>
699	<td>
700	<?php $lang = isset($this->generalOptions['lang']) ? $this->generalOptions['lang'] : get_locale(); ?>
701	+ <input required="" type="text" name="<?php echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[lang]" value="<?php echo htmlentities($lang, ENT_QUOTES); ?>" >
702	<a href="https://wpdiscuz.com/docs/wpdiscuz-documentation/getting-started/custom-comment-form/comment-form-settings/#language" title="<?php _e('Read the documentation', 'wpdiscuz') ?>" target="_blank"><i class="far fa-question-circle"></i></a>
703	</td>
704	</tr>

765	</th>
766	<td>
767	<?php $subscriptionAgreementLabel = isset($this->generalOptions['subscription_agreement_label']) && $this->generalOptions['subscription_agreement_label'] ? $this->generalOptions['subscription_agreement_label'] : __('I allow to use my email address and send notification about new comments and replies (you can unsubscribe at any time).', 'wpdiscuz'); ?>
768	+ <textarea name="<?php echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[subscription_agreement_label]" style="width:80%;"><?php echo htmlentities($subscriptionAgreementLabel); ?></textarea>
769	</td>
770	</tr>
771	</tr>

775	</th>
776	<td >
777	<div>
778	+ <?php $header_text = isset($this->generalOptions['header_text']) ? $this->generalOptions['header_text'] : __('Leave a Reply', 'wpdiscuz'); ?>
779	+ <input type="text" name="<?php echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[header_text]" placeholder="<?php _e('Leave a Reply', 'wpdiscuz'); ?>" value="<?php echo htmlentities($header_text,ENT_QUOTES);?>" style="width:80%;">
780	<a href="https://wpdiscuz.com/docs/wpdiscuz-documentation/getting-started/custom-comment-form/comment-form-settings/#comment_form_header_text" title="<?php _e('Read the documentation', 'wpdiscuz') ?>" target="_blank"><i class="far fa-question-circle"></i></a>
781	</div>
782	</td>

816	<p class="wpd-info"> <?php _e('You can use this form for certain posts/pages specified by comma separated IDs.', 'wpdiscuz'); ?></p>
817	</th>
818	<td>
819	+ <?php $optionsPostids = isset($this->generalOptions['postid']) ? $this->generalOptions['postid'] : '';?>
820	+ <input type="text" name="<?php echo wpdFormConst::WPDISCUZ_META_FORMS_GENERAL_OPTIONS; ?>[postid]" placeholder="5,26,30..." value="<?php echo htmlentities($optionsPostids, ENT_QUOTES); ?>" style="width:80%;">
821	<a href="https://wpdiscuz.com/docs/wpdiscuz-documentation/getting-started/custom-comment-form/comment-form-settings/#comment_form_for_post_id" title="<?php _e('Read the documentation', 'wpdiscuz') ?>" target="_blank"><i class="far fa-question-circle"></i></a>
822	</td>
823	</tr>

1006	$this->formCustomFields = array();
1007	$this->formFields = array();
1008	}
1009	+
1010	+ public function getAllowedFieldsType(){
1011	+ return $this->row->allowedFieldsType();
1012	+ }
1013
1014	}

forms/wpdFormAttr/Row.php CHANGED Viewed

	@@ -57,8 +57,12 @@ class Row {
57	<div class="col-body">
58	<?php
59	if ($fields) {

60	foreach ($fields as $name => $fieldData) {
61	$fieldType = $fieldData['type'];



62	$field = call_user_func($fieldType . '::getInstance');
63	$field->dashboardFormHtml($id, $colName, $name, $fieldData);
64	}
	@@ -95,10 +99,13 @@ class Row {
95	?>
96	<div class="wpd-form-col-<?php echo $colName; ?>">
97	<?php

98	foreach ($fields as $fieldName => $fieldData) {
99	$fieldType = $fieldData['type'];
100	- ~~$field~~ ~~= call_user_func~~($fieldType . ~~'::getInstance'~~);
101	- $field~~->frontFormHtml($fieldName,~~ ~~$fieldData,~~ $~~options,~~ ~~$currentUser,~~ ~~$uniqueId, $isMainForm~~);


102	}
103	?>
104	</div>
	@@ -128,12 +135,13 @@ class Row {
128	}
129
130	private function callFieldSanitize($args, &$fields) {

131	foreach ($args as $fieldName => $fieldData) {
132	if (!isset($fieldData['type']) && !$fieldData['type']) {
133	continue;
134	}
135	$callableClass = str_replace('\\\\', '\\', $fieldData['type']);
136	- if (is_callable($callableClass . '::getInstance')) {
137	$field = call_user_func($callableClass . '::getInstance');
138	$fieldNewName = $this->changeFieldName($fieldName, $fieldData);
139	if ($fieldNewName != $fieldName) {
	@@ -186,7 +194,7 @@ class Row {
186
187	private function getPostRatingMeta() {
188	global $wpdb;
189	- $sql = $wpdb->prepare("SELECT `post_id`,`meta_value` FROM `{$wpdb->postmeta}` WHERE `meta_key` = %s",wpdFormConst::WPDISCUZ_RATING_COUNT);
190	return $wpdb->get_results($sql, ARRAY_A);
191	}
192
	@@ -201,4 +209,29 @@ class Row {
201	return $array;
202	}
203

























204	}


57	<div class="col-body">
58	<?php
59	if ($fields) {
60	+ $allowedFieldsType = $this->allowedFieldsType();
61	foreach ($fields as $name => $fieldData) {
62	$fieldType = $fieldData['type'];
63	+ if (!in_array($fieldType, $allowedFieldsType, true)) {
64	+ throw new Exception('Not whitelisted value detected');
65	+ }
66	$field = call_user_func($fieldType . '::getInstance');
67	$field->dashboardFormHtml($id, $colName, $name, $fieldData);
68	}

99	?>
100	<div class="wpd-form-col-<?php echo $colName; ?>">
101	<?php
102	+ $allowedFieldsType = $this->allowedFieldsType();
103	foreach ($fields as $fieldName => $fieldData) {
104	$fieldType = $fieldData['type'];
105	+ if (in_array($fieldType, $allowedFieldsType, true)) {
106	+ $field = call_user_func($fieldType . '::getInstance');
107	+ $field->frontFormHtml($fieldName, $fieldData, $options, $currentUser, $uniqueId, $isMainForm);
108	+ }
109	}
110	?>
111	</div>

135	}
136
137	private function callFieldSanitize($args, &$fields) {
138	+ $allowedFieldsType = $this->allowedFieldsType();
139	foreach ($args as $fieldName => $fieldData) {
140	if (!isset($fieldData['type']) && !$fieldData['type']) {
141	continue;
142	}
143	$callableClass = str_replace('\\\\', '\\', $fieldData['type']);
144	+ if (in_array($callableClass, $allowedFieldsType, true) && is_callable($callableClass . '::getInstance')) {
145	$field = call_user_func($callableClass . '::getInstance');
146	$fieldNewName = $this->changeFieldName($fieldName, $fieldData);
147	if ($fieldNewName != $fieldName) {

194
195	private function getPostRatingMeta() {
196	global $wpdb;
197	+ $sql = $wpdb->prepare("SELECT `post_id`,`meta_value` FROM `{$wpdb->postmeta}` WHERE `meta_key` = %s", wpdFormConst::WPDISCUZ_RATING_COUNT);
198	return $wpdb->get_results($sql, ARRAY_A);
199	}
200

209	return $array;
210	}
211
212	+ public function allowedFieldsType() {
213	+ $allowedFieldsType = [
214	+ 'wpdFormAttr\Field\DefaultField\Name',
215	+ 'wpdFormAttr\Field\DefaultField\Email',
216	+ 'wpdFormAttr\Field\DefaultField\Website',
217	+ 'wpdFormAttr\Field\DefaultField\Captcha',
218	+ 'wpdFormAttr\Field\DefaultField\Submit',
219	+ 'wpdFormAttr\Field\AgreementCheckbox',
220	+ 'wpdFormAttr\Field\CheckboxField',
221	+ 'wpdFormAttr\Field\ColorField',
222	+ 'wpdFormAttr\Field\CookiesConsent',
223	+ 'wpdFormAttr\Field\DateField',
224	+ 'wpdFormAttr\Field\HTMLField',
225	+ 'wpdFormAttr\Field\NumberField',
226	+ 'wpdFormAttr\Field\RadioField',
227	+ 'wpdFormAttr\Field\RatingField',
228	+ 'wpdFormAttr\Field\SelectField',
229	+ 'wpdFormAttr\Field\TextAreaField',
230	+ 'wpdFormAttr\Field\TextField',
231	+ 'wpdFormAttr\Field\UrlField',
232	+ ];
233	+
234	+ return apply_filters('wpdiscuz_allowed_form_field', $allowedFieldsType);
235	+ }
236	+
237	}

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: gVectors Team
3	Tags: comment, comments, ajax comments, custom comment form, custom comment field
4	Requires at least: 4.4
5	- Tested up to: 5.1
6	- Stable tag: 5.3.2
7	Requires PHP: 5.4 and higher
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -174,6 +174,11 @@ Nothing will be lost! Comments - wpDiscuz will show all old comments.
174
175	== Changelog ==
176





177	= Comments - wpDiscuz v5.3.2 =
178
179	* Updated: WordPress 5.1 Compatibility


2	Contributors: gVectors Team
3	Tags: comment, comments, ajax comments, custom comment form, custom comment field
4	Requires at least: 4.4
5	+ Tested up to: 5.2
6	+ Stable tag: 5.3.3
7	Requires PHP: 5.4 and higher
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

174
175	== Changelog ==
176
177	+ = Comments - wpDiscuz v5.3.3 =
178	+
179	+ * Code Optimization (sanitization, filtering)
180	+
181	+
182	= Comments - wpDiscuz v5.3.2 =
183
184	* Updated: WordPress 5.1 Compatibility

templates/comment/comment-form.php CHANGED Viewed

	@@ -190,7 +190,7 @@ if (!post_password_required($post->ID)) {
190	<div class="wpd-cc-arrow"></div>
191	</div>
192	<?php } ?>
193	- <?php echo $form->getHeaderText(); ?>
194	</h3>
195	<?php
196	}
	@@ -328,7 +328,7 @@ if (!post_password_required($post->ID)) {
328	<?php if (!$currentUser->ID && $form->isShowSubscriptionBarAgreement()): ?>
329	<div class="wpdiscuz-subscribe-agreement">
330	<input id="show_subscription_agreement" type="checkbox" required="required" name="show_subscription_agreement" value="1">
331	- <label for="show_subscription_agreement"><?php echo $form->subscriptionBarAgreementLabel(); ?></label>
332	</div>
333	<?php endif; ?>
334	<?php wp_nonce_field('wpdiscuz_subscribe_form_nonce_action', 'wpdiscuz_subscribe_form_nonce'); ?>


190	<div class="wpd-cc-arrow"></div>
191	</div>
192	<?php } ?>
193	+ <?php echo htmlentities($form->getHeaderText()); ?>
194	</h3>
195	<?php
196	}

328	<?php if (!$currentUser->ID && $form->isShowSubscriptionBarAgreement()): ?>
329	<div class="wpdiscuz-subscribe-agreement">
330	<input id="show_subscription_agreement" type="checkbox" required="required" name="show_subscription_agreement" value="1">
331	+ <label for="show_subscription_agreement"><?php echo htmlentities($form->subscriptionBarAgreementLabel()); ?></label>
332	</div>
333	<?php endif; ?>
334	<?php wp_nonce_field('wpdiscuz_subscribe_form_nonce_action', 'wpdiscuz_subscribe_form_nonce'); ?>

utils/ajax/wpdiscuz-ajax.php CHANGED Viewed

	@@ -2,12 +2,15 @@
2
3	//mimic the actuall admin-ajax
4	define('DOING_AJAX', true);
5	-
6	- if (~~!isset(~~$~~_POST['~~action'])~~) {~~


7	die('-1');
8	}
9
10	- ~~require_once~~(~~'../../../../../wp-load.php'~~);

11
12	header('Content-Type: text/html');
13	send_nosniff_header();
	@@ -16,7 +19,7 @@ header('Cache-Control: no-cache');
16	header('Pragma: no-cache');
17
18	$wpdiscuz = wpDiscuz();
19	- $~~action~~ = esc_attr(trim($~~_POST['action']~~));
20	$allowedActions = array(
21	'wpdLoadMoreComments',
22	'wpdVoteOnComment',
	@@ -124,12 +127,19 @@ add_action('wpdiscuz_wpdCloseThread', array($wpdiscuz->helperAjax, 'closeThread'
124	// Follow user
125	add_action('wpdiscuz_wpdFollowUser', array($wpdiscuz->helperAjax, 'followUser'));
126
127	- if (in_array($~~action~~, $allowedActions)) {
128	if (is_user_logged_in()) {
129	- do_action('wpdiscuz_' . $~~action~~);
130	} else {
131	- do_action('wpdiscuz_nopriv_' . $~~action~~);
132	}
133	} else {
134	die('-1');







135	}


2
3	//mimic the actuall admin-ajax
4	define('DOING_AJAX', true);
5	+ $wpdiscuz_ajax_action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
6	+ //var_dump($action);
7	+ //print_r($_POST);
8	+ if (!$wpdiscuz_ajax_action) {
9	die('-1');
10	}
11
12	+ $ABSPATH = wpdiscuz_ABSPATH();
13	+ require_once($ABSPATH . DIRECTORY_SEPARATOR .'wp-load.php');
14
15	header('Content-Type: text/html');
16	send_nosniff_header();

19	header('Pragma: no-cache');
20
21	$wpdiscuz = wpDiscuz();
22	+ $wpdiscuz_ajax_action = esc_attr(trim($wpdiscuz_ajax_action));
23	$allowedActions = array(
24	'wpdLoadMoreComments',
25	'wpdVoteOnComment',

127	// Follow user
128	add_action('wpdiscuz_wpdFollowUser', array($wpdiscuz->helperAjax, 'followUser'));
129
130	+ if (in_array($wpdiscuz_ajax_action, $allowedActions)) {
131	if (is_user_logged_in()) {
132	+ do_action('wpdiscuz_' . $wpdiscuz_ajax_action);
133	} else {
134	+ do_action('wpdiscuz_nopriv_' . $wpdiscuz_ajax_action);
135	}
136	} else {
137	die('-1');
138	+ }
139	+
140	+ function wpdiscuz_ABSPATH(){
141	+ $dirname = dirname(__FILE__);
142	+ $path = join(DIRECTORY_SEPARATOR, ['wp-content','plugins','wpdiscuz','utils','ajax']);
143	+ $abspath = str_replace($path, '', $dirname);
144	+ return $abspath;
145	}

utils/class.WpdiscuzHelperEmail.php CHANGED Viewed

	@@ -21,7 +21,7 @@ class WpdiscuzHelperEmail implements WpDiscuzConstants {
21	if (!current_user_can('moderate_comments') && $key = trim($this->optionsSerialized->antispamKey)) {
22	if (!isset($_POST['ahk']) \|\| (!($ahk = trim($_POST['ahk'])) \|\| $key != $ahk)) {
23	$httpReferer .= $wp_rewrite->using_permalinks() ? "?wpdiscuzUrlAnchor&subscriptionSuccess=$success&subscriptionID=0#wc_unsubscribe_message" : "&wpdiscuzUrlAnchor&subscriptionSuccess=$success#wc_unsubscribe_message";
24	- wp_redirect($httpReferer);
25	exit();
26	}
27	}
	@@ -59,7 +59,7 @@ class WpdiscuzHelperEmail implements WpDiscuzConstants {
59	}
60	}
61	$httpReferer .= $wp_rewrite->using_permalinks() ? "?wpdiscuzUrlAnchor&subscriptionSuccess=$success&subscriptionID=" . $confirmData['id'] . "#wc_unsubscribe_message" : "&wpdiscuzUrlAnchor&subscriptionSuccess=$success#wc_unsubscribe_message";
62	- wp_redirect($httpReferer);
63	exit();
64	}
65


21	if (!current_user_can('moderate_comments') && $key = trim($this->optionsSerialized->antispamKey)) {
22	if (!isset($_POST['ahk']) \|\| (!($ahk = trim($_POST['ahk'])) \|\| $key != $ahk)) {
23	$httpReferer .= $wp_rewrite->using_permalinks() ? "?wpdiscuzUrlAnchor&subscriptionSuccess=$success&subscriptionID=0#wc_unsubscribe_message" : "&wpdiscuzUrlAnchor&subscriptionSuccess=$success#wc_unsubscribe_message";
24	+ wp_redirect(get_bloginfo('wpurl') . '/' . $httpReferer);
25	exit();
26	}
27	}

59	}
60	}
61	$httpReferer .= $wp_rewrite->using_permalinks() ? "?wpdiscuzUrlAnchor&subscriptionSuccess=$success&subscriptionID=" . $confirmData['id'] . "#wc_unsubscribe_message" : "&wpdiscuzUrlAnchor&subscriptionSuccess=$success#wc_unsubscribe_message";
62	+ wp_redirect(get_bloginfo('wpurl') . '/' . $httpReferer);
63	exit();
64	}
65

utils/form-bottom-statistics.php CHANGED Viewed

	@@ -20,7 +20,7 @@ if ($isMain && $commentsCount && $postId) {
20	}
21	?>
22	<div class="wpdiscuz-stat wpd-stat-threads wpd-tooltip-left">
23	- <i class="fas fa-align-left fa-rotate-180" data-fa-transform="rotate-180"></i><span class="wpd-stat-threads-count"><?php echo $threads; ?></span>
24	<wpdtip><?php echo $form->wpdOptions->phrases['wc_comment_threads']; ?></wpdtip>
25	</div>
26	<?php } ?>
	@@ -34,7 +34,7 @@ if ($isMain && $commentsCount && $postId) {
34	}
35	?>
36	<div class="wpdiscuz-stat wpd-stat-replies wpd-tooltip-left">
37	- <i class="far fa-comments"></i><span class="wpd-stat-replies-count"><?php echo $replies; ?></span>
38	<wpdtip><?php echo $form->wpdOptions->phrases['wc_thread_replies']; ?></wpdtip>
39	</div>
40	<?php } ?>
	@@ -74,7 +74,7 @@ if ($isMain && $commentsCount && $postId) {
74	}
75	?>
76	<div class="wpdiscuz-stat wpd-stat-users wpd-tooltip">
77	- <i class="fas fa-user-circle"></i> <span class="wpd-stat-authors-count"><?php echo $authorsCount; ?></span>
78	<wpdtip><?php echo $form->wpdOptions->phrases['wc_comment_authors']; ?></wpdtip>
79	</div>
80	<?php } ?>


20	}
21	?>
22	<div class="wpdiscuz-stat wpd-stat-threads wpd-tooltip-left">
23	+ <i class="fas fa-align-left fa-rotate-180" data-fa-transform="rotate-180"></i><span class="wpd-stat-threads-count"><?php echo htmlentities($threads); ?></span>
24	<wpdtip><?php echo $form->wpdOptions->phrases['wc_comment_threads']; ?></wpdtip>
25	</div>
26	<?php } ?>

34	}
35	?>
36	<div class="wpdiscuz-stat wpd-stat-replies wpd-tooltip-left">
37	+ <i class="far fa-comments"></i><span class="wpd-stat-replies-count"><?php echo htmlentities($replies); ?></span>
38	<wpdtip><?php echo $form->wpdOptions->phrases['wc_thread_replies']; ?></wpdtip>
39	</div>
40	<?php } ?>

74	}
75	?>
76	<div class="wpdiscuz-stat wpd-stat-users wpd-tooltip">
77	+ <i class="fas fa-user-circle"></i> <span class="wpd-stat-authors-count"><?php echo htmlentities($authorsCount); ?></span>
78	<wpdtip><?php echo $form->wpdOptions->phrases['wc_comment_authors']; ?></wpdtip>
79	</div>
80	<?php } ?>

utils/layouts/pagination.php CHANGED Viewed

	@@ -55,7 +55,7 @@ if ($pageCount && $pageCount > 1) {
55	<?php
56	}
57	?>
58	- <input type='hidden' class='wpd-action' value='<?php echo $action; ?>'/>
59	<div class="clear"></div>
60	</div>
61	<?php


55	<?php
56	}
57	?>
58	+ <input type='hidden' class='wpd-action' value='<?php echo htmlentities($action, ENT_QUOTES); ?>'/>
59	<div class="clear"></div>
60	</div>
61	<?php