MailPoet Newsletters (Previous) - Version 2.15

Version Description

  • 2021-09-21 =
  • Fixed security issues, thank you to Mike for reporting these issues.
Download this release

Release Info

Developer MailPoet
Plugin Icon 128x128 MailPoet Newsletters (Previous)
Version 2.15
Comparing to
See all releases

Code changes from version 2.14 to 2.15

Files changed (9) hide show
  1. core/base.php +1 -1
  2. helpers/render_engine.php +1 -1
  3. helpers/user.php +2 -1
  4. index.php +1 -1
  5. models/user.php +1 -0
  6. models/wp_posts.php +3 -3
  7. modules/archive_std/archive_std_model.php +1 -0
  8. readme.txt +5 -2
  9. widgets/wysija_nl.php +1 -1
core/base.php CHANGED
@@ -19,7 +19,7 @@ class WYSIJA_object{
19
  * Static variable holding core MailPoet's version
20
  * @var array
21
  */
22
- static $version = '2.14';
23
 
24
  function __construct(){}
25
 
19
  * Static variable holding core MailPoet's version
20
  * @var array
21
  */
22
+ static $version = '2.15';
23
 
24
  function __construct(){}
25
 
helpers/render_engine.php CHANGED
@@ -421,7 +421,7 @@ class WYSIJA_help_render_engine extends WYSIJA_object {
421
  $i++;
422
  }
423
 
424
- $result_pattern .= implode ($loop, '');
425
  }
426
 
427
  # replace
421
  $i++;
422
  }
423
 
424
+ $result_pattern .= implode ('', $loop);
425
  }
426
 
427
  # replace
helpers/user.php CHANGED
@@ -949,7 +949,8 @@ class WYSIJA_help_user extends WYSIJA_object {
949
  // get the public list to which user is subscribed
950
  $model_user = WYSIJA::get('user_list', 'model');
951
 
952
- if ($list_ids) {
 
953
  $query = "Select B.name from `[wysija]list` as B where B.list_id IN ('" . implode("','", $list_ids) . "') and B.is_enabled>0";
954
  } else {
955
  $query = 'Select B.name from `[wysija]user_list` as A join `[wysija]list` as B on A.list_id=B.list_id where A.user_id=' . $this->uid . ' and B.is_enabled>0';
949
  // get the public list to which user is subscribed
950
  $model_user = WYSIJA::get('user_list', 'model');
951
 
952
+ if (is_array($list_ids) && !empty($list_ids)) {
953
+ $list_ids = array_map('intval', $list_ids);
954
  $query = "Select B.name from `[wysija]list` as B where B.list_id IN ('" . implode("','", $list_ids) . "') and B.is_enabled>0";
955
  } else {
956
  $query = 'Select B.name from `[wysija]user_list` as A join `[wysija]list` as B on A.list_id=B.list_id where A.user_id=' . $this->uid . ' and B.is_enabled>0';
index.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: MailPoet 2
4
  Plugin URI: http://www.mailpoet.com/
5
  Description: Create and send newsletters or automated emails. Capture subscribers with a widget. Import and manage your lists. This version is being replaced by MailPoet 3. Support offered to Premium customers only. Updates are limited to security issues.
6
- Version: 2.14
7
  Author: MailPoet
8
  Author URI: http://www.mailpoet.com/
9
  License: GPLv2 or later
3
  Plugin Name: MailPoet 2
4
  Plugin URI: http://www.mailpoet.com/
5
  Description: Create and send newsletters or automated emails. Capture subscribers with a widget. Import and manage your lists. This version is being replaced by MailPoet 3. Support offered to Premium customers only. Updates are limited to security issues.
6
+ Version: 2.15
7
  Author: MailPoet
8
  Author URI: http://www.mailpoet.com/
9
  License: GPLv2 or later
models/user.php CHANGED
@@ -77,6 +77,7 @@ class WYSIJA_model_user extends WYSIJA_model{
77
  */
78
  function countSubscribers(Array $list_ids = array(), $confirmed_subscribers = true)
79
  {
 
80
  $model_config = WYSIJA::get('config','model');
81
  $confirm_dbleoptin = $model_config->getValue('confirm_dbleoptin');
82
  if($confirm_dbleoptin) $confirmed_subscribers = true;
77
  */
78
  function countSubscribers(Array $list_ids = array(), $confirmed_subscribers = true)
79
  {
80
+ $list_ids = array_map('intval', $list_ids);
81
  $model_config = WYSIJA::get('config','model');
82
  $confirm_dbleoptin = $model_config->getValue('confirm_dbleoptin');
83
  if($confirm_dbleoptin) $confirmed_subscribers = true;
models/wp_posts.php CHANGED
@@ -221,7 +221,7 @@ class WYSIJA_model_wp_posts extends WYSIJA_model {
221
  $conditions[] = array(
222
  'col' => 'A.post_title',
223
  'sign' => 'LIKE',
224
- 'val' => '%' . $value . '%'
225
  );
226
  break;
227
  }
@@ -253,12 +253,12 @@ class WYSIJA_model_wp_posts extends WYSIJA_model {
253
 
254
  // order by
255
  if(isset($args['orderby'])) {
256
- $query .= ' ORDER BY ' . $args['orderby'];
257
  if(isset($args['sort_by'])) {
258
  $query .= ' ' . (($args['sort_by'] === 'newest') ? 'DESC' : 'ASC');
259
  } else {
260
  if(isset($args['order'])) {
261
- $query .= ' ' . $args['order'];
262
  }
263
  }
264
  }
221
  $conditions[] = array(
222
  'col' => 'A.post_title',
223
  'sign' => 'LIKE',
224
+ 'val' => '%' . esc_sql($value) . '%'
225
  );
226
  break;
227
  }
253
 
254
  // order by
255
  if(isset($args['orderby'])) {
256
+ $query .= ' ORDER BY ' . preg_replace('/[^a-z_]/i', '', $args['orderby']);
257
  if(isset($args['sort_by'])) {
258
  $query .= ' ' . (($args['sort_by'] === 'newest') ? 'DESC' : 'ASC');
259
  } else {
260
  if(isset($args['order'])) {
261
+ $query .= ' ' . (strtolower($args['order']) === 'desc' ? 'DESC' : 'ASC');
262
  }
263
  }
264
  }
modules/archive_std/archive_std_model.php CHANGED
@@ -35,6 +35,7 @@ class WYSIJA_model_archive_std extends WYSIJA_model {
35
  $where[] = 'e.`sent_at` IS NOT NULL';
36
  $where_join = '';
37
  if (!empty($list_ids))
 
38
  $where_join = ' AND cl.`list_id` IN ('.implode(',', $list_ids).')';
39
  $query = '
40
  SELECT
35
  $where[] = 'e.`sent_at` IS NOT NULL';
36
  $where_join = '';
37
  if (!empty($list_ids))
38
+ $list_ids = array_map('intval', $list_ids);
39
  $where_join = ' AND cl.`list_id` IN ('.implode(',', $list_ids).')';
40
  $query = '
41
  SELECT
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
  === MailPoet Newsletters (Previous) ===
2
- Contributors: wysija
3
  Tags: newsletter, email, welcome email, post notification, autoresponder, signup, subscription, SMTP
4
  Requires at least: 3.5
5
  Tested up to: 5.5
6
- Stable tag: 2.14
7
  Send newsletters post notifications or autoresponders from WordPress easily, and beautifully. Start to capture subscribers with our widget now.
8
 
9
  == Description ==
@@ -113,6 +113,9 @@ Our [support site](https://www.mailpoet.com/support) has plenty of articles and
113
 
114
  == Changelog ==
115
 
 
 
 
116
  = 2.14 - 2020-07-22 =
117
  * Fixed PHPMail 6.x support for WordPress 5.5.
118
 
1
  === MailPoet Newsletters (Previous) ===
2
+ Contributors: mailpoet
3
  Tags: newsletter, email, welcome email, post notification, autoresponder, signup, subscription, SMTP
4
  Requires at least: 3.5
5
  Tested up to: 5.5
6
+ Stable tag: 2.15
7
  Send newsletters post notifications or autoresponders from WordPress easily, and beautifully. Start to capture subscribers with our widget now.
8
 
9
  == Description ==
113
 
114
  == Changelog ==
115
 
116
+ = 2.15 - 2021-09-21 =
117
+ * Fixed security issues, thank you to Mike for reporting these issues.
118
+
119
  = 2.14 - 2020-07-22 =
120
  * Fixed PHPMail 6.x support for WordPress 5.5.
121
 
widgets/wysija_nl.php CHANGED
@@ -246,7 +246,7 @@ class WYSIJA_NL_Widget extends WP_Widget {
246
  //widget id should include the type of widget iframe, php, etc...
247
  if ( isset( $args['widget_id'] ) ) {
248
  // we come here only for classic wordpress widgetized area
249
- $instance['id_form'] = str_replace( '_', '-', $args['widget_id'] );
250
  } else {
251
  // we come here everywhere else
252
  if ( isset( $instance['form'] ) && isset( $instance['form_type'] ) ) {
246
  //widget id should include the type of widget iframe, php, etc...
247
  if ( isset( $args['widget_id'] ) ) {
248
  // we come here only for classic wordpress widgetized area
249
+ $instance['id_form'] = str_replace( '_', '-', esc_attr( $args['widget_id'] ) );
250
  } else {
251
  // we come here everywhere else
252
  if ( isset( $instance['form'] ) && isset( $instance['form_type'] ) ) {