wpForo Forum - Version 1.4.11

Version Description

Download this release

Release Info

Developer Tomdever
Plugin Icon 128x128 wpForo Forum
Version 1.4.11
Comparing to
See all releases

Code changes from version 1.4.10 to 1.4.11

Files changed (6) hide show
  1. readme.txt +2 -3
  2. wpf-includes/class-template.php +1 -1
  3. wpf-includes/functions-template.php +2 -2
  4. wpf-includes/wpf-actions.php +119 -30
  5. wpf-includes/wpf-hooks.php +4 -2
  6. wpforo.php +2 -2
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: gVectors Team
3
  Tags: forum, forums, forum plugin, WordPress forum plugin, community, discussion
4
  Requires at least: 4.1
5
  Tested up to: 4.9
6
- Stable tag: 1.4.10
7
  Requires PHP: 5.4 and higher
8
  License: GPLv2 or later
9
  License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -152,12 +152,11 @@ Find wpForo forum plugin addons on [gVectors Team website...](https://gvectors.c
152
 
153
  == Changelog ==
154
 
155
- = wpForo Forum 1.4.10 | 30.05.2018 =
156
 
157
  * Fixed: This is a not planned security update. It includes data sanitization and filtering changes.
158
 
159
 
160
-
161
  = wpForo Forum 1.4.8 / 1.4.9 | 04.05.2018 =
162
 
163
  [wpForo v1.4.9 Release Summary](https://wpforo.com/community/wpforo-announcements/wpforo-1-4-9-is-released/)
3
  Tags: forum, forums, forum plugin, WordPress forum plugin, community, discussion
4
  Requires at least: 4.1
5
  Tested up to: 4.9
6
+ Stable tag: 1.4.11
7
  Requires PHP: 5.4 and higher
8
  License: GPLv2 or later
9
  License URI: https://www.gnu.org/licenses/gpl-2.0.html
152
 
153
  == Changelog ==
154
 
155
+ = wpForo Forum 1.4.10 / 1.4.11 | 30.05.2018 =
156
 
157
  * Fixed: This is a not planned security update. It includes data sanitization and filtering changes.
158
 
159
 
 
160
  = wpForo Forum 1.4.8 / 1.4.9 | 04.05.2018 =
161
 
162
  [wpForo v1.4.9 Release Summary](https://wpforo.com/community/wpforo-announcements/wpforo-1-4-9-is-released/)
wpf-includes/class-template.php CHANGED
@@ -2108,7 +2108,7 @@ class wpForoTemplate{
2108
 
2109
  public function ajx_active_tab_content(){
2110
  if( !empty($_POST['active_tab_id']) ){
2111
- $active_tab_id = trim($_POST['active_tab_id']);
2112
  switch ($active_tab_id){
2113
  case 'topic_merge_form':
2114
  $this->topic_merge_form();
2108
 
2109
  public function ajx_active_tab_content(){
2110
  if( !empty($_POST['active_tab_id']) ){
2111
+ $active_tab_id = sanitize_textarea_field($_POST['active_tab_id']);
2112
  switch ($active_tab_id){
2113
  case 'topic_merge_form':
2114
  $this->topic_merge_form();
wpf-includes/functions-template.php CHANGED
@@ -1014,8 +1014,8 @@ function wpforo_resetpassword(){ ?>
1014
  <p id="wpforo-title"><?php wpforo_phrase('Reset Password') ?></p>
1015
 
1016
  <form name="wpflogin" action="<?php echo site_url( 'wp-login.php?action=resetpass' ); ?>" method="POST" autocomplete="off">
1017
- <input type="hidden" name="rp_key" value="<?php echo $_REQUEST['rp_key'] ?>">
1018
- <input type="hidden" name="rp_login" value="<?php echo $_REQUEST['rp_login'] ?>">
1019
  <div class="wpforo-login-wrap">
1020
  <div class="wpforo-login-content">
1021
  <div class="wpforo-table wpforo-login-table">
1014
  <p id="wpforo-title"><?php wpforo_phrase('Reset Password') ?></p>
1015
 
1016
  <form name="wpflogin" action="<?php echo site_url( 'wp-login.php?action=resetpass' ); ?>" method="POST" autocomplete="off">
1017
+ <input type="hidden" name="rp_key" value="<?php echo esc_html($_REQUEST['rp_key']) ?>">
1018
+ <input type="hidden" name="rp_login" value="<?php echo esc_html($_REQUEST['rp_login']) ?>">
1019
  <div class="wpforo-login-wrap">
1020
  <div class="wpforo-login-content">
1021
  <div class="wpforo-table wpforo-login-table">
wpf-includes/wpf-actions.php CHANGED
@@ -144,7 +144,7 @@ function wpforo_actions(){
144
  wpforo_verify_form();
145
  $redirect_to = wpforo_get_request_uri();
146
  if( !empty($_POST['wpforo']['target_topic_url']) ){
147
- $target_slug = $_POST['wpforo']['target_topic_url'];
148
  if( preg_match('#^[\r\n\t\s]*https?://[^\r\n\t\s]+?/[^/]+/([^/]+?)(?:/?[\r\n\t\s]*$|/?\#post-\d+/?[\r\n\t\s]*$)#isu', $target_slug, $match) )
149
  if( is_wpforo_url($target_slug) ) $target_slug = $match[1];
150
  if ( strpos($target_slug, '/') === false && $target = WPF()->topic->get_topic($target_slug) ){
@@ -167,23 +167,23 @@ function wpforo_actions(){
167
  $redirect_to = wpforo_get_request_uri();
168
  if( !empty($_POST['wpforo']['create_new']) ){
169
  $args = array(
170
- 'title' => $_POST['wpforo']['new_topic_title'],
171
- 'forumid' => $_POST['wpforo']['new_topic_forumid'],
172
- 'postids' => $_POST['wpforo']['posts']
173
  );
174
  $to_target_title = (empty($_POST['wpforo']['to_target_title']) ? 0 : 1);
175
  if( $topicid = WPF()->topic->split($args, $to_target_title) )
176
  $redirect_to = WPF()->topic->get_topic_url($topicid);
177
  }else{
178
  if( !empty($_POST['wpforo']['target_topic_url']) && !empty($_POST['wpforo']['posts']) ){
179
- $target_slug = $_POST['wpforo']['target_topic_url'];
180
  if( preg_match('#^[\r\n\t\s]*https?://[^\r\n\t\s]+?/[^/]+/([^/]+?)(?:/?[\r\n\t\s]*$|/?\#post-\d+/?[\r\n\t\s]*$)#isu', $target_slug, $match) )
181
  if( is_wpforo_url($target_slug) ) $target_slug = $match[1];
182
  if ( strpos($target_slug, '/') === false && $target = WPF()->topic->get_topic($target_slug) ){
183
  $append = (empty($_POST['wpforo']['update_date_and_append']) ? 0 : 1);
184
  $to_target_title = (empty($_POST['wpforo']['to_target_title']) ? 0 : 1);
185
-
186
- if( WPF()->topic->merge( WPF()->current_object['topic'], $target, $_POST['wpforo']['posts'], $to_target_title, $append ) )
187
  $redirect_to = WPF()->topic->get_topic_url($target);
188
  }else{
189
  WPF()->notice->add('Target Topic not found', 'error');
@@ -210,9 +210,11 @@ function wpforo_actions(){
210
  }
211
 
212
  if( !empty( $_POST['wpforo_subscribe_manager']) ){
213
- $data = ( !empty($_POST['wpforo']['forums']) ? $_POST['wpforo']['forums'] : array() );
214
- $all = ( !empty($_POST['wpforo']['check_all']) ? $_POST['wpforo']['check_all'] : '' );
215
- WPF()->sbscrb->reset($data, $all);
 
 
216
  wp_redirect( wpforo_home_url('subscriptions') );
217
  exit();
218
  }
@@ -249,7 +251,7 @@ function wpforo_actions(){
249
  ##Settings action
250
  if( wpforo_is_admin() && isset($_POST['wpforo_screen_option']['value']) ){
251
  if(!current_user_can('administrator')) return;
252
- update_option('wpforo_count_per_page', $_POST['wpforo_screen_option']['value']);
253
  }
254
 
255
  if( wpforo_is_admin() && isset($_GET['page']) && $_GET['page'] == 'wpforo-community' && isset($_GET['action']) && $_GET['action'] ){
@@ -358,8 +360,8 @@ function wpforo_actions(){
358
 
359
  if( isset($_POST['wpforo_use_home_url']) && $_POST['wpforo_use_home_url'] ){
360
  $wpforo_use_home_url = 1;
361
- if( isset($_POST['wpforo_excld_urls']) && $_POST['wpforo_excld_urls'] )
362
- update_option('wpforo_excld_urls', trim($_POST['wpforo_excld_urls']));
363
  }else{
364
  $wpforo_use_home_url = 0;
365
  }
@@ -390,7 +392,14 @@ function wpforo_actions(){
390
  nocache_headers();
391
  }
392
 
393
- if( update_option('wpforo_general_options', $_POST['wpforo_general_options']) ){
 
 
 
 
 
 
 
394
  WPF()->notice->add('General options successfully updated', 'success');
395
  }else{
396
  WPF()->notice->add('Successfully updated', 'success');
@@ -414,7 +423,8 @@ function wpforo_actions(){
414
  ##Forums
415
  if( isset($_POST['wpforo_forum_options']) ){
416
  check_admin_referer( 'wpforo-settings-forums' );
417
- if( update_option('wpforo_forum_options', $_POST['wpforo_forum_options']) ){
 
418
  WPF()->notice->add('Forum options successfully updated', 'success');
419
  }else{
420
  WPF()->notice->add('Forum options successfully updated, but previous value not changed', 'success');
@@ -446,6 +456,22 @@ function wpforo_actions(){
446
  if( isset($_POST['wpforo_member_options']) ){
447
  check_admin_referer( 'wpforo-settings-members' );
448
  $_POST['wpforo_member_options']['online_status_timeout'] = intval($_POST['wpforo_member_options']['online_status_timeout']) * 60;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
449
  if( update_option('wpforo_member_options', $_POST['wpforo_member_options']) ){
450
  WPF()->notice->add('Member options successfully updated', 'success');
451
  }else{
@@ -459,7 +485,7 @@ function wpforo_actions(){
459
  ##Features
460
  if( isset($_POST['wpforo_features']) ){
461
  check_admin_referer( 'wpforo-features' );
462
- if( update_option('wpforo_features', $_POST['wpforo_features']) ){
463
  WPF()->notice->add('Features successfully updated', 'success');
464
  }else{
465
  WPF()->notice->add('Features successfully updated, but previous value not changed', 'success');
@@ -484,8 +510,19 @@ function wpforo_actions(){
484
  ##Theme options
485
  if( isset($_POST['wpforo_theme_options']) && isset($_POST['wpforo_style_options']) ){
486
  check_admin_referer( 'wpforo-settings-styles' );
487
- WPF()->tpl->options['style'] = sanitize_text_field($_POST['wpforo_theme_options']['style']);
488
- WPF()->tpl->options['styles'] = $_POST['wpforo_theme_options']['styles'];
 
 
 
 
 
 
 
 
 
 
 
489
  update_option('wpforo_style_options', $_POST['wpforo_style_options']);
490
  update_option('wpforo_theme_options', WPF()->tpl->options);
491
  WPF()->notice->add('Theme options successfully updated', 'success');
@@ -497,6 +534,23 @@ function wpforo_actions(){
497
  ##Subscription
498
  if( isset($_POST['wpforo_subscribe_options']) ){
499
  check_admin_referer( 'wpforo-settings-emails' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
500
  if( update_option('wpforo_subscribe_options', $_POST['wpforo_subscribe_options']) ){
501
  WPF()->notice->add('Subscribe options successfully updated', 'success');
502
  }else{
@@ -506,7 +560,6 @@ function wpforo_actions(){
506
  wp_redirect( admin_url( 'admin.php?page=wpforo-settings&tab=emails' ) );
507
  exit();
508
  }
509
-
510
  }
511
 
512
  ### forum action ###
@@ -567,9 +620,9 @@ function wpforo_actions(){
567
 
568
  $u_action = '';
569
  if( !empty($_GET['action']) && $_GET['action'] != '-1' ){
570
- $u_action = $_GET['action'];
571
  }elseif( !empty($_GET['action2']) && $_GET['action2'] != '-1' ){
572
- $u_action = $_GET['action2'];
573
  }
574
  $bulk = FALSE;
575
  $pids = array();
@@ -662,9 +715,9 @@ function wpforo_actions(){
662
  if( wpforo_is_admin() && isset($_GET['page']) && $_GET['page'] == 'wpforo-members' ){
663
  $u_action = '';
664
  if( !empty($_GET['action']) && $_GET['action'] != '-1' ){
665
- $u_action = $_GET['action'];
666
  }elseif( !empty($_GET['action2']) && $_GET['action2'] != '-1' ){
667
- $u_action = $_GET['action2'];
668
  }
669
  $bulk = FALSE;
670
  $uids = array();
@@ -906,7 +959,30 @@ function wpforo_actions(){
906
 
907
  if( isset($_POST['wpforo_tools_antispam']) ){
908
  check_admin_referer( 'wpforo-tools-antispam' );
909
- if( update_option('wpforo_tools_antispam', $_POST['wpforo_tools_antispam']) ){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
910
  WPF()->notice->add('Settings successfully updated', 'success');
911
  }
912
  wp_redirect( admin_url( 'admin.php?page=wpforo-tools&tab=antispam' ) );
@@ -914,16 +990,18 @@ function wpforo_actions(){
914
  }
915
 
916
  if( isset($_POST['wpforo_tools_cleanup']) ){
917
- check_admin_referer( 'wpforo-tools-cleanup' );
918
- if( update_option('wpforo_tools_cleanup', $_POST['wpforo_tools_cleanup']) ){
919
- WPF()->notice->add('Settings successfully updated', 'success');
920
- }
921
- wp_redirect( admin_url( 'admin.php?page=wpforo-tools&tab=cleanup' ) );
922
- exit();
923
  }
924
 
925
  if( isset($_POST['wpforo_tools_misc']) ){
926
  check_admin_referer( 'wpforo-tools-misc' );
 
 
927
  if( update_option('wpforo_tools_misc', $_POST['wpforo_tools_misc']) ){
928
  WPF()->notice->add('Settings successfully updated', 'success');
929
  }
@@ -933,6 +1011,17 @@ function wpforo_actions(){
933
 
934
  if( isset($_POST['wpforo_tools_legal']) ){
935
  check_admin_referer( 'wpforo-tools-legal' );
 
 
 
 
 
 
 
 
 
 
 
936
  if( update_option('wpforo_tools_legal', $_POST['wpforo_tools_legal']) ){
937
  WPF()->notice->add('Settings successfully updated', 'success');
938
  }
144
  wpforo_verify_form();
145
  $redirect_to = wpforo_get_request_uri();
146
  if( !empty($_POST['wpforo']['target_topic_url']) ){
147
+ $target_slug = esc_url( $_POST['wpforo']['target_topic_url']);
148
  if( preg_match('#^[\r\n\t\s]*https?://[^\r\n\t\s]+?/[^/]+/([^/]+?)(?:/?[\r\n\t\s]*$|/?\#post-\d+/?[\r\n\t\s]*$)#isu', $target_slug, $match) )
149
  if( is_wpforo_url($target_slug) ) $target_slug = $match[1];
150
  if ( strpos($target_slug, '/') === false && $target = WPF()->topic->get_topic($target_slug) ){
167
  $redirect_to = wpforo_get_request_uri();
168
  if( !empty($_POST['wpforo']['create_new']) ){
169
  $args = array(
170
+ 'title' => sanitize_text_field( $_POST['wpforo']['new_topic_title']),
171
+ 'forumid' => intval( $_POST['wpforo']['new_topic_forumid']),
172
+ 'postids' => array_map( 'intval', $_POST['wpforo']['posts'] )
173
  );
174
  $to_target_title = (empty($_POST['wpforo']['to_target_title']) ? 0 : 1);
175
  if( $topicid = WPF()->topic->split($args, $to_target_title) )
176
  $redirect_to = WPF()->topic->get_topic_url($topicid);
177
  }else{
178
  if( !empty($_POST['wpforo']['target_topic_url']) && !empty($_POST['wpforo']['posts']) ){
179
+ $target_slug = esc_url( $_POST['wpforo']['target_topic_url'] );
180
  if( preg_match('#^[\r\n\t\s]*https?://[^\r\n\t\s]+?/[^/]+/([^/]+?)(?:/?[\r\n\t\s]*$|/?\#post-\d+/?[\r\n\t\s]*$)#isu', $target_slug, $match) )
181
  if( is_wpforo_url($target_slug) ) $target_slug = $match[1];
182
  if ( strpos($target_slug, '/') === false && $target = WPF()->topic->get_topic($target_slug) ){
183
  $append = (empty($_POST['wpforo']['update_date_and_append']) ? 0 : 1);
184
  $to_target_title = (empty($_POST['wpforo']['to_target_title']) ? 0 : 1);
185
+ $posts = array_map( 'intval', $_POST['wpforo']['posts']);
186
+ if( WPF()->topic->merge( WPF()->current_object['topic'], $target, $posts, $to_target_title, $append ) )
187
  $redirect_to = WPF()->topic->get_topic_url($target);
188
  }else{
189
  WPF()->notice->add('Target Topic not found', 'error');
210
  }
211
 
212
  if( !empty( $_POST['wpforo_subscribe_manager']) ){
213
+
214
+ $data = ( !empty($_POST['wpforo']['forums']) ? array_map( 'sanitize_title', $_POST['wpforo']['forums'] ) : array() );
215
+ $all = ( !empty($_POST['wpforo']['check_all']) ? sanitize_title($_POST['wpforo']['check_all']) : '' );
216
+
217
+ WPF()->sbscrb->reset($data, $all);
218
  wp_redirect( wpforo_home_url('subscriptions') );
219
  exit();
220
  }
251
  ##Settings action
252
  if( wpforo_is_admin() && isset($_POST['wpforo_screen_option']['value']) ){
253
  if(!current_user_can('administrator')) return;
254
+ update_option('wpforo_count_per_page', intval($_POST['wpforo_screen_option']['value']) );
255
  }
256
 
257
  if( wpforo_is_admin() && isset($_GET['page']) && $_GET['page'] == 'wpforo-community' && isset($_GET['action']) && $_GET['action'] ){
360
 
361
  if( isset($_POST['wpforo_use_home_url']) && $_POST['wpforo_use_home_url'] ){
362
  $wpforo_use_home_url = 1;
363
+ if( isset($_POST['wpforo_excld_urls']) && $_POST['wpforo_excld_urls'] ){}
364
+ update_option('wpforo_excld_urls', sanitize_textarea_field($_POST['wpforo_excld_urls']));
365
  }else{
366
  $wpforo_use_home_url = 0;
367
  }
392
  nocache_headers();
393
  }
394
 
395
+ $general_options = array(
396
+ 'title' => sanitize_text_field($_POST['wpforo_general_options']['title']),
397
+ 'description' => sanitize_text_field($_POST['wpforo_general_options']['description']),
398
+ 'menu_position' => intval($_POST['wpforo_general_options']['menu_position']),
399
+ 'lang' => intval($_POST['wpforo_general_options']['lang'])
400
+ );
401
+
402
+ if( update_option('wpforo_general_options', $general_options) ){
403
  WPF()->notice->add('General options successfully updated', 'success');
404
  }else{
405
  WPF()->notice->add('Successfully updated', 'success');
423
  ##Forums
424
  if( isset($_POST['wpforo_forum_options']) ){
425
  check_admin_referer( 'wpforo-settings-forums' );
426
+
427
+ if( update_option('wpforo_forum_options', array_map( 'intval', $_POST['wpforo_forum_options']) ) ){
428
  WPF()->notice->add('Forum options successfully updated', 'success');
429
  }else{
430
  WPF()->notice->add('Forum options successfully updated, but previous value not changed', 'success');
456
  if( isset($_POST['wpforo_member_options']) ){
457
  check_admin_referer( 'wpforo-settings-members' );
458
  $_POST['wpforo_member_options']['online_status_timeout'] = intval($_POST['wpforo_member_options']['online_status_timeout']) * 60;
459
+ $_POST['wpforo_member_options']['url_structure'] = sanitize_title($_POST['wpforo_member_options']['url_structure']);
460
+ $_POST['wpforo_member_options']['search_type'] = sanitize_title($_POST['wpforo_member_options']['search_type']);
461
+ $_POST['wpforo_member_options']['login_url'] = sanitize_text_field($_POST['wpforo_member_options']['login_url']);
462
+ $_POST['wpforo_member_options']['register_url'] = sanitize_text_field($_POST['wpforo_member_options']['register_url']);
463
+ $_POST['wpforo_member_options']['lost_password_url'] = sanitize_text_field($_POST['wpforo_member_options']['lost_password_url']);
464
+ $_POST['wpforo_member_options']['redirect_url_after_login'] = esc_url($_POST['wpforo_member_options']['redirect_url_after_login']);
465
+ $_POST['wpforo_member_options']['redirect_url_after_register'] = esc_url($_POST['wpforo_member_options']['redirect_url_after_register']);
466
+ $_POST['wpforo_member_options']['redirect_url_after_confirm_sbscrb'] = esc_url($_POST['wpforo_member_options']['redirect_url_after_confirm_sbscrb']);
467
+ $_POST['wpforo_member_options']['custom_title_is_on'] = intval($_POST['wpforo_member_options']['custom_title_is_on']);
468
+ $_POST['wpforo_member_options']['default_title'] = sanitize_text_field($_POST['wpforo_member_options']['default_title']);
469
+ $_POST['wpforo_member_options']['rating_title_ug'] = array_map('intval', $_POST['wpforo_member_options']['rating_title_ug']);
470
+ $_POST['wpforo_member_options']['rating_badge_ug'] = array_map('intval', $_POST['wpforo_member_options']['rating_badge_ug']);
471
+ $_POST['wpforo_member_options']['title_usergroup'] = array_map('intval', $_POST['wpforo_member_options']['title_usergroup']);
472
+ foreach($_POST['wpforo_member_options']['default_title']['rating'] as $key => $subArray){
473
+ $_POST['wpforo_member_options']['default_title']['rating'][$key] = array_map('sanitize_text_field', $subArray);
474
+ }
475
  if( update_option('wpforo_member_options', $_POST['wpforo_member_options']) ){
476
  WPF()->notice->add('Member options successfully updated', 'success');
477
  }else{
485
  ##Features
486
  if( isset($_POST['wpforo_features']) ){
487
  check_admin_referer( 'wpforo-features' );
488
+ if( update_option('wpforo_features', array_map('intval', $_POST['wpforo_features']) ) ){
489
  WPF()->notice->add('Features successfully updated', 'success');
490
  }else{
491
  WPF()->notice->add('Features successfully updated, but previous value not changed', 'success');
510
  ##Theme options
511
  if( isset($_POST['wpforo_theme_options']) && isset($_POST['wpforo_style_options']) ){
512
  check_admin_referer( 'wpforo-settings-styles' );
513
+ //Theme Options//////////////////////////////////////////////////////////////////////
514
+ $_POST['wpforo_theme_options']['style'] = sanitize_title($_POST['wpforo_theme_options']['style']);
515
+ foreach($_POST['wpforo_theme_options']['styles'] as $key => $subArray){
516
+ $_POST['wpforo_theme_options']['styles'][$key] = array_map('sanitize_text_field', $subArray);
517
+ }
518
+ WPF()->tpl->options['style'] = sanitize_text_field($_POST['wpforo_theme_options']['style']);
519
+ WPF()->tpl->options['styles'] = $_POST['wpforo_theme_options']['styles'];
520
+ //Style Options/////////////////////////////////////////////////////////////////////
521
+ $_POST['wpforo_style_options']['font_size_forum'] = intval($_POST['wpforo_style_options']['font_size_forum']);
522
+ $_POST['wpforo_style_options']['font_size_topic'] = intval($_POST['wpforo_style_options']['font_size_topic']);
523
+ $_POST['wpforo_style_options']['font_size_post_content'] = intval($_POST['wpforo_style_options']['font_size_post_content']);
524
+ $_POST['wpforo_style_options']['custom_css'] = sanitize_textarea_field($_POST['wpforo_style_options']['custom_css']);
525
+ ////////////////////////////////////////////////////////////////////////////////////
526
  update_option('wpforo_style_options', $_POST['wpforo_style_options']);
527
  update_option('wpforo_theme_options', WPF()->tpl->options);
528
  WPF()->notice->add('Theme options successfully updated', 'success');
534
  ##Subscription
535
  if( isset($_POST['wpforo_subscribe_options']) ){
536
  check_admin_referer( 'wpforo-settings-emails' );
537
+ $_POST['wpforo_subscribe_options']['from_name'] = sanitize_text_field($_POST['wpforo_subscribe_options']['from_name']);
538
+ $_POST['wpforo_subscribe_options']['from_email'] = sanitize_text_field($_POST['wpforo_subscribe_options']['from_email']);
539
+ $_POST['wpforo_subscribe_options']['admin_emails'] = sanitize_text_field($_POST['wpforo_subscribe_options']['admin_emails']);
540
+ $_POST['wpforo_subscribe_options']['new_topic_notify'] = intval($_POST['wpforo_subscribe_options']['new_topic_notify']);
541
+ $_POST['wpforo_subscribe_options']['new_reply_notify'] = intval($_POST['wpforo_subscribe_options']['new_reply_notify']);
542
+ $_POST['wpforo_subscribe_options']['confirmation_email_subject'] = sanitize_text_field($_POST['wpforo_subscribe_options']['confirmation_email_subject']);
543
+ $_POST['wpforo_subscribe_options']['confirmation_email_message'] = wpforo_kses($_POST['wpforo_subscribe_options']['confirmation_email_message'], 'email');
544
+ $_POST['wpforo_subscribe_options']['new_topic_notification_email_subject'] = sanitize_text_field($_POST['wpforo_subscribe_options']['new_topic_notification_email_subject']);
545
+ $_POST['wpforo_subscribe_options']['new_topic_notification_email_message'] = wpforo_kses($_POST['wpforo_subscribe_options']['new_topic_notification_email_message'], 'email');
546
+ $_POST['wpforo_subscribe_options']['new_post_notification_email_subject'] = sanitize_text_field($_POST['wpforo_subscribe_options']['new_post_notification_email_subject']);
547
+ $_POST['wpforo_subscribe_options']['new_post_notification_email_message'] = wpforo_kses($_POST['wpforo_subscribe_options']['new_post_notification_email_message'], 'email');
548
+ $_POST['wpforo_subscribe_options']['report_email_subject'] = sanitize_text_field($_POST['wpforo_subscribe_options']['report_email_subject']);
549
+ $_POST['wpforo_subscribe_options']['report_email_message'] = wpforo_kses($_POST['wpforo_subscribe_options']['report_email_message'], 'email');
550
+ $_POST['wpforo_subscribe_options']['reset_password_email_message'] = wpforo_kses($_POST['wpforo_subscribe_options']['reset_password_email_message'], 'email');
551
+ $_POST['wpforo_subscribe_options']['user_mention_notify'] = intval($_POST['wpforo_subscribe_options']['user_mention_notify']);
552
+ $_POST['wpforo_subscribe_options']['user_mention_email_subject'] = sanitize_text_field($_POST['wpforo_subscribe_options']['user_mention_email_subject']);
553
+ $_POST['wpforo_subscribe_options']['user_mention_email_message'] = wpforo_kses($_POST['wpforo_subscribe_options']['user_mention_email_message'], 'email');
554
  if( update_option('wpforo_subscribe_options', $_POST['wpforo_subscribe_options']) ){
555
  WPF()->notice->add('Subscribe options successfully updated', 'success');
556
  }else{
560
  wp_redirect( admin_url( 'admin.php?page=wpforo-settings&tab=emails' ) );
561
  exit();
562
  }
 
563
  }
564
 
565
  ### forum action ###
620
 
621
  $u_action = '';
622
  if( !empty($_GET['action']) && $_GET['action'] != '-1' ){
623
+ $u_action = sanitize_textarea_field($_GET['action']);
624
  }elseif( !empty($_GET['action2']) && $_GET['action2'] != '-1' ){
625
+ $u_action = sanitize_textarea_field($_GET['action2']);
626
  }
627
  $bulk = FALSE;
628
  $pids = array();
715
  if( wpforo_is_admin() && isset($_GET['page']) && $_GET['page'] == 'wpforo-members' ){
716
  $u_action = '';
717
  if( !empty($_GET['action']) && $_GET['action'] != '-1' ){
718
+ $u_action = sanitize_textarea_field($_GET['action']);
719
  }elseif( !empty($_GET['action2']) && $_GET['action2'] != '-1' ){
720
+ $u_action = sanitize_textarea_field($_GET['action2']);
721
  }
722
  $bulk = FALSE;
723
  $uids = array();
959
 
960
  if( isset($_POST['wpforo_tools_antispam']) ){
961
  check_admin_referer( 'wpforo-tools-antispam' );
962
+ $_POST['wpforo_tools_antispam']['spam_filter'] = intval($_POST['wpforo_tools_antispam']['spam_filter']);
963
+ $_POST['wpforo_tools_antispam']['spam_user_ban'] = intval($_POST['wpforo_tools_antispam']['spam_user_ban']);
964
+ $_POST['wpforo_tools_antispam']['spam_user_ban_notification'] = intval($_POST['wpforo_tools_antispam']['spam_user_ban_notification']);
965
+ $_POST['wpforo_tools_antispam']['spam_filter_level_topic'] = intval($_POST['wpforo_tools_antispam']['spam_filter_level_topic']);
966
+ $_POST['wpforo_tools_antispam']['spam_filter_level_post'] = intval($_POST['wpforo_tools_antispam']['spam_filter_level_post']);
967
+ $_POST['wpforo_tools_antispam']['new_user_max_posts'] = intval($_POST['wpforo_tools_antispam']['new_user_max_posts']);
968
+ $_POST['wpforo_tools_antispam']['min_number_post_to_attach'] = intval($_POST['wpforo_tools_antispam']['min_number_post_to_attach']);
969
+ $_POST['wpforo_tools_antispam']['min_number_post_to_link'] = intval($_POST['wpforo_tools_antispam']['min_number_post_to_link']);
970
+ $_POST['wpforo_tools_antispam']['limited_file_ext'] = sanitize_textarea_field($_POST['wpforo_tools_antispam']['limited_file_ext']);
971
+ $_POST['wpforo_tools_antispam']['rc_site_key'] = sanitize_text_field($_POST['wpforo_tools_antispam']['rc_site_key']);
972
+ $_POST['wpforo_tools_antispam']['rc_secret_key'] = sanitize_text_field($_POST['wpforo_tools_antispam']['rc_secret_key']);
973
+ $_POST['wpforo_tools_antispam']['rc_theme'] = sanitize_text_field($_POST['wpforo_tools_antispam']['rc_theme']);
974
+ $_POST['wpforo_tools_antispam']['rc_topic_editor'] = intval($_POST['wpforo_tools_antispam']['rc_topic_editor']);
975
+ $_POST['wpforo_tools_antispam']['rc_post_editor'] = intval($_POST['wpforo_tools_antispam']['rc_post_editor']);
976
+ $_POST['wpforo_tools_antispam']['rc_wpf_login_form'] = intval($_POST['wpforo_tools_antispam']['rc_wpf_login_form']);
977
+ $_POST['wpforo_tools_antispam']['rc_wpf_reg_form'] = intval($_POST['wpforo_tools_antispam']['rc_wpf_reg_form']);
978
+ $_POST['wpforo_tools_antispam']['rc_wpf_lostpass_form'] = intval($_POST['wpforo_tools_antispam']['rc_wpf_lostpass_form']);
979
+ $_POST['wpforo_tools_antispam']['rc_login_form'] = intval($_POST['wpforo_tools_antispam']['rc_login_form']);
980
+ $_POST['wpforo_tools_antispam']['rc_reg_form'] = intval($_POST['wpforo_tools_antispam']['rc_reg_form']);
981
+ $_POST['wpforo_tools_antispam']['rc_lostpass_form'] = intval($_POST['wpforo_tools_antispam']['rc_lostpass_form']);
982
+ $_POST['wpforo_tools_antispam']['html'] = sanitize_textarea_field($_POST['wpforo_tools_antispam']['html']);
983
+ $_POST['wpforo_tools_antispam']['spam_file_scanner'] = intval($_POST['wpforo_tools_antispam']['spam_file_scanner']);
984
+ $_POST['wpforo_tools_antispam']['exclude_file_ext'] = sanitize_textarea_field($_POST['wpforo_tools_antispam']['exclude_file_ext']);
985
+ if( update_option('wpforo_tools_antispam', $_POST['wpforo_tools_antispam']) ){
986
  WPF()->notice->add('Settings successfully updated', 'success');
987
  }
988
  wp_redirect( admin_url( 'admin.php?page=wpforo-tools&tab=antispam' ) );
990
  }
991
 
992
  if( isset($_POST['wpforo_tools_cleanup']) ){
993
+ //check_admin_referer( 'wpforo-tools-cleanup' );
994
+ //if( update_option('wpforo_tools_cleanup', $_POST['wpforo_tools_cleanup']) ){
995
+ //WPF()->notice->add('Settings successfully updated', 'success');
996
+ //}
997
+ //wp_redirect( admin_url( 'admin.php?page=wpforo-tools&tab=cleanup' ) );
998
+ //exit();
999
  }
1000
 
1001
  if( isset($_POST['wpforo_tools_misc']) ){
1002
  check_admin_referer( 'wpforo-tools-misc' );
1003
+ $_POST['wpforo_tools_misc']['dofollow'] = sanitize_textarea_field($_POST['wpforo_tools_misc']['dofollow']);
1004
+ $_POST['wpforo_tools_misc']['noindex'] = sanitize_textarea_field($_POST['wpforo_tools_misc']['noindex']);
1005
  if( update_option('wpforo_tools_misc', $_POST['wpforo_tools_misc']) ){
1006
  WPF()->notice->add('Settings successfully updated', 'success');
1007
  }
1011
 
1012
  if( isset($_POST['wpforo_tools_legal']) ){
1013
  check_admin_referer( 'wpforo-tools-legal' );
1014
+ $_POST['wpforo_tools_legal']['contact_page_url'] = esc_url($_POST['wpforo_tools_legal']['contact_page_url']);
1015
+ $_POST['wpforo_tools_legal']['checkbox_terms_privacy'] = intval($_POST['wpforo_tools_legal']['checkbox_terms_privacy']);
1016
+ $_POST['wpforo_tools_legal']['checkbox_email_password'] = intval($_POST['wpforo_tools_legal']['checkbox_email_password']);
1017
+ $_POST['wpforo_tools_legal']['page_terms'] = esc_url($_POST['wpforo_tools_legal']['page_terms']);
1018
+ $_POST['wpforo_tools_legal']['page_privacy'] = esc_url($_POST['wpforo_tools_legal']['page_privacy']);
1019
+ $_POST['wpforo_tools_legal']['checkbox_forum_privacy'] = intval($_POST['wpforo_tools_legal']['checkbox_forum_privacy']);
1020
+ $_POST['wpforo_tools_legal']['forum_privacy_text'] = wpforo_kses($_POST['wpforo_tools_legal']['forum_privacy_text'], 'post');
1021
+ $_POST['wpforo_tools_legal']['checkbox_fb_login'] = intval($_POST['wpforo_tools_legal']['checkbox_fb_login']);
1022
+ $_POST['wpforo_tools_legal']['cookies'] = intval($_POST['wpforo_tools_legal']['cookies']);
1023
+ $_POST['wpforo_tools_legal']['rules_checkbox'] = intval($_POST['wpforo_tools_legal']['rules_checkbox']);
1024
+ $_POST['wpforo_tools_legal']['rules_text'] = wpforo_kses($_POST['wpforo_tools_legal']['rules_text'], 'post');
1025
  if( update_option('wpforo_tools_legal', $_POST['wpforo_tools_legal']) ){
1026
  WPF()->notice->add('Settings successfully updated', 'success');
1027
  }
wpf-includes/wpf-hooks.php CHANGED
@@ -1920,6 +1920,8 @@ function wpforo_redirect_to_custom_password_reset(){
1920
 
1921
  if ( 'GET' == $_SERVER['REQUEST_METHOD'] ) {
1922
  // Verify key / login combo
 
 
1923
  $user = check_password_reset_key( $_REQUEST['key'], $_REQUEST['login'] );
1924
  if ( ! $user || is_wp_error( $user ) ) {
1925
  if ( $user && $user->get_error_code() === 'expired_key' ) {
@@ -1965,8 +1967,8 @@ function wpforo_do_password_reset() {
1965
  if( !wpforo_feature('resetpass-url') ) return;
1966
 
1967
  if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
1968
- $rp_key = $_REQUEST['rp_key'];
1969
- $rp_login = $_REQUEST['rp_login'];
1970
 
1971
  $user = check_password_reset_key( $rp_key, $rp_login );
1972
 
1920
 
1921
  if ( 'GET' == $_SERVER['REQUEST_METHOD'] ) {
1922
  // Verify key / login combo
1923
+ $_REQUEST['key'] = sanitize_textarea_field($_REQUEST['key']);
1924
+ $_REQUEST['key'] = sanitize_textarea_field($_REQUEST['login']);
1925
  $user = check_password_reset_key( $_REQUEST['key'], $_REQUEST['login'] );
1926
  if ( ! $user || is_wp_error( $user ) ) {
1927
  if ( $user && $user->get_error_code() === 'expired_key' ) {
1967
  if( !wpforo_feature('resetpass-url') ) return;
1968
 
1969
  if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
1970
+ $rp_key = sanitize_textarea_field($_REQUEST['rp_key']);
1971
+ $rp_login = sanitize_textarea_field($_REQUEST['rp_login']);
1972
 
1973
  $user = check_password_reset_key( $rp_key, $rp_login );
1974
 
wpforo.php CHANGED
@@ -5,14 +5,14 @@
5
  * Description: WordPress Forum plugin. wpForo is a full-fledged forum solution for your community. Comes with multiple modern forum layouts.
6
  * Author: gVectors Team (A. Chakhoyan, R. Hovhannisyan)
7
  * Author URI: https://gvectors.com/
8
- * Version: 1.4.10
9
  * Text Domain: wpforo
10
  * Domain Path: /wpf-languages
11
  */
12
 
13
  //Exit if accessed directly
14
  if( !defined( 'ABSPATH' ) ) exit;
15
- if( !defined( 'WPFORO_VERSION' ) ) define('WPFORO_VERSION', '1.4.10');
16
 
17
  function wpforo_load_plugin_textdomain() { load_plugin_textdomain( 'wpforo', FALSE, basename( dirname( __FILE__ ) ) . '/wpf-languages/' ); }
18
  add_action( 'plugins_loaded', 'wpforo_load_plugin_textdomain' );
5
  * Description: WordPress Forum plugin. wpForo is a full-fledged forum solution for your community. Comes with multiple modern forum layouts.
6
  * Author: gVectors Team (A. Chakhoyan, R. Hovhannisyan)
7
  * Author URI: https://gvectors.com/
8
+ * Version: 1.4.11
9
  * Text Domain: wpforo
10
  * Domain Path: /wpf-languages
11
  */
12
 
13
  //Exit if accessed directly
14
  if( !defined( 'ABSPATH' ) ) exit;
15
+ if( !defined( 'WPFORO_VERSION' ) ) define('WPFORO_VERSION', '1.4.11');
16
 
17
  function wpforo_load_plugin_textdomain() { load_plugin_textdomain( 'wpforo', FALSE, basename( dirname( __FILE__ ) ) . '/wpf-languages/' ); }
18
  add_action( 'plugins_loaded', 'wpforo_load_plugin_textdomain' );