MailPoet Newsletters (Previous) - Version 2.17

Version Description

  • 2021-11-10 =
  • Fixed security issues.
Download this release

Release Info

Developer MailPoet
Plugin Icon 128x128 MailPoet Newsletters (Previous)
Version 2.17
Comparing to
See all releases

Code changes from version 2.16 to 2.17

Files changed (34) hide show
  1. core/base.php +1 -1
  2. helpers/form_engine.php +6 -1
  3. helpers/render_engine.php +8 -0
  4. helpers/user.php +1 -1
  5. helpers/wp_tools.php +1 -1
  6. index.php +1 -1
  7. readme.txt +4 -1
  8. tools/templates/form/editor/widgets/checkbox.html +2 -2
  9. tools/templates/form/editor/widgets/country.html +2 -2
  10. tools/templates/form/editor/widgets/date.html +1 -1
  11. tools/templates/form/editor/widgets/date_day.html +1 -1
  12. tools/templates/form/editor/widgets/date_month.html +1 -1
  13. tools/templates/form/editor/widgets/date_year.html +1 -1
  14. tools/templates/form/editor/widgets/input.html +2 -2
  15. tools/templates/form/editor/widgets/list.html +1 -1
  16. tools/templates/form/editor/widgets/radio.html +2 -2
  17. tools/templates/form/editor/widgets/select.html +1 -1
  18. tools/templates/form/editor/widgets/submit.html +1 -1
  19. tools/templates/form/editor/widgets/text.html +2 -2
  20. tools/templates/form/editor/widgets/textarea.html +2 -2
  21. tools/templates/form/web/widgets/checkbox.html +2 -2
  22. tools/templates/form/web/widgets/country.html +2 -2
  23. tools/templates/form/web/widgets/date.html +1 -1
  24. tools/templates/form/web/widgets/date_day.html +1 -1
  25. tools/templates/form/web/widgets/date_month.html +1 -1
  26. tools/templates/form/web/widgets/date_year.html +1 -1
  27. tools/templates/form/web/widgets/input.html +2 -2
  28. tools/templates/form/web/widgets/list.html +1 -1
  29. tools/templates/form/web/widgets/radio.html +2 -2
  30. tools/templates/form/web/widgets/select.html +3 -3
  31. tools/templates/form/web/widgets/submit.html +1 -1
  32. tools/templates/form/web/widgets/text.html +2 -2
  33. tools/templates/form/web/widgets/textarea.html +2 -2
  34. views/back/config.php +1 -1
core/base.php CHANGED
@@ -19,7 +19,7 @@ class WYSIJA_object{
19
  * Static variable holding core MailPoet's version
20
  * @var array
21
  */
22
- static $version = '2.16';
23
 
24
  function __construct(){}
25
 
19
  * Static variable holding core MailPoet's version
20
  * @var array
21
  */
22
+ static $version = '2.17';
23
 
24
  function __construct(){}
25
 
helpers/form_engine.php CHANGED
@@ -632,9 +632,14 @@ class WYSIJA_help_form_engine extends WYSIJA_object {
632
  $helper_render_engine = WYSIJA::get('render_engine', 'helper');
633
  $helper_render_engine->setTemplatePath(WYSIJA_EDITOR_TOOLS);
634
 
 
 
 
 
 
635
  $data = array(
636
  'preview' => ($this->get_mode() === 'preview'),
637
- 'settings' => $this->get_data('settings'),
638
  'body' => $this->render_web_body()
639
  );
640
 
632
  $helper_render_engine = WYSIJA::get('render_engine', 'helper');
633
  $helper_render_engine->setTemplatePath(WYSIJA_EDITOR_TOOLS);
634
 
635
+ $settings = $this->get_data('settings');
636
+ if (isset($settings['success_message'])) {
637
+ $settings['success_message'] = esc_html($settings['success_message']);
638
+ }
639
+
640
  $data = array(
641
  'preview' => ($this->get_mode() === 'preview'),
642
+ 'settings' => $settings,
643
  'body' => $this->render_web_body()
644
  );
645
 
helpers/render_engine.php CHANGED
@@ -1244,6 +1244,14 @@ class WYSIJA_help_render_engine extends WYSIJA_object {
1244
  $value = $value%$arguments['0'];
1245
  break;
1246
 
 
 
 
 
 
 
 
 
1247
  case 'trim_br':
1248
  $value = str_replace(array ("<br>", "<br/>", "<br />"), "\n", $value);
1249
  $value = nl2br (trim ($value));
1244
  $value = $value%$arguments['0'];
1245
  break;
1246
 
1247
+ case 'esc_html':
1248
+ $value = esc_html($value);
1249
+ break;
1250
+
1251
+ case 'esc_attr':
1252
+ $value = esc_attr($value);
1253
+ break;
1254
+
1255
  case 'trim_br':
1256
  $value = str_replace(array ("<br>", "<br/>", "<br />"), "\n", $value);
1257
  $value = nl2br (trim ($value));
helpers/user.php CHANGED
@@ -202,7 +202,7 @@ class WYSIJA_help_user extends WYSIJA_object {
202
 
203
  // if the on_success action is 'message', display message
204
  if ( $form_data['settings']['on_success'] === 'message') {
205
- $message_success = nl2br( $form_data['settings']['success_message'] );
206
  }
207
  }
208
 
202
 
203
  // if the on_success action is 'message', display message
204
  if ( $form_data['settings']['on_success'] === 'message') {
205
+ $message_success = nl2br(esc_html( $form_data['settings']['success_message'] ));
206
  }
207
  }
208
 
helpers/wp_tools.php CHANGED
@@ -194,7 +194,7 @@ class WYSIJA_help_wp_tools extends WYSIJA_object{
194
  if($simple){
195
  $url=site_url();
196
  // make sure we have a trailing slash at the end
197
- if($url{strlen($url) - 1} !== '/') $url .= '/';
198
  }
199
 
200
  if(isset($paramsquery['query'])){
194
  if($simple){
195
  $url=site_url();
196
  // make sure we have a trailing slash at the end
197
+ if($url[strlen($url) - 1] !== '/') $url .= '/';
198
  }
199
 
200
  if(isset($paramsquery['query'])){
index.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: MailPoet 2
4
  Plugin URI: http://www.mailpoet.com/
5
  Description: Create and send newsletters or automated emails. Capture subscribers with a widget. Import and manage your lists. This version is being replaced by MailPoet 3. Support offered to Premium customers only. Updates are limited to security issues.
6
- Version: 2.16
7
  Author: MailPoet
8
  Author URI: http://www.mailpoet.com/
9
  License: GPLv2 or later
3
  Plugin Name: MailPoet 2
4
  Plugin URI: http://www.mailpoet.com/
5
  Description: Create and send newsletters or automated emails. Capture subscribers with a widget. Import and manage your lists. This version is being replaced by MailPoet 3. Support offered to Premium customers only. Updates are limited to security issues.
6
+ Version: 2.17
7
  Author: MailPoet
8
  Author URI: http://www.mailpoet.com/
9
  License: GPLv2 or later
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mailpoet
3
  Tags: newsletter, email, welcome email, post notification, autoresponder, signup, subscription, SMTP
4
  Requires at least: 3.5
5
  Tested up to: 5.5
6
- Stable tag: 2.16
7
  Send newsletters post notifications or autoresponders from WordPress easily, and beautifully. Start to capture subscribers with our widget now.
8
 
9
  == Description ==
@@ -113,6 +113,9 @@ Our [support site](https://www.mailpoet.com/support) has plenty of articles and
113
 
114
  == Changelog ==
115
 
 
 
 
116
  = 2.16 - 2021-10-06 =
117
  * Fixed security issues.
118
 
3
  Tags: newsletter, email, welcome email, post notification, autoresponder, signup, subscription, SMTP
4
  Requires at least: 3.5
5
  Tested up to: 5.5
6
+ Stable tag: 2.17
7
  Send newsletters post notifications or autoresponders from WordPress easily, and beautifully. Start to capture subscribers with our widget now.
8
 
9
  == Description ==
113
 
114
  == Changelog ==
115
 
116
+ = 2.17 - 2021-11-10 =
117
+ * Fixed security issues.
118
+
119
  = 2.16 - 2021-10-06 =
120
  * Fixed security issues.
121
 
tools/templates/form/editor/widgets/checkbox.html CHANGED
@@ -1,6 +1,6 @@
1
- {if #params.label}<p>{#params.label}</p>{/if}
2
  <p>
3
  {loop name="#params.values"}
4
- <label><input class="checkbox" type="checkbox" value="1"{if #is_checked} checked="checked"{/if} disabled="disabled" />{#value}</label>
5
  {/loop}
6
  </p>
1
+ {if #params.label}<p>{#params.label|esc_html}</p>{/if}
2
  <p>
3
  {loop name="#params.values"}
4
+ <label><input class="checkbox" type="checkbox" value="1"{if #is_checked} checked="checked"{/if} disabled="disabled" />{#value|esc_html}</label>
5
  {/loop}
6
  </p>
tools/templates/form/editor/widgets/country.html CHANGED
@@ -1,9 +1,9 @@
1
  <p>
2
- {if #params.label}<label>{#params.label}</label>{/if}
3
  <select disabled="disabled">
4
  {if ! #params.values}<option value="">--</option>{/if}
5
  {loop name="#params.values"}
6
- <option value="{#value}"{if #is_checked} selected="selected"{/if}>{#value}</option>
7
  {/loop}
8
  </select>
9
  </p>
1
  <p>
2
+ {if #params.label}<label>{#params.label|esc_html}</label>{/if}
3
  <select disabled="disabled">
4
  {if ! #params.values}<option value="">--</option>{/if}
5
  {loop name="#params.values"}
6
+ <option value="{#value|esc_attr}"{if #is_checked} selected="selected"{/if}>{#value|esc_html}</option>
7
  {/loop}
8
  </select>
9
  </p>
tools/templates/form/editor/widgets/date.html CHANGED
@@ -1,5 +1,5 @@
1
  <p>
2
- {if #params.label}<label>{#params.label}</label>{/if}
3
 
4
  {foreach name="#date_fields" key="j" value="value"}
5
  {if #value === 'dd'}{set var="$date_template" value="day"}{/if}
1
  <p>
2
+ {if #params.label}<label>{#params.label|esc_html}</label>{/if}
3
 
4
  {foreach name="#date_fields" key="j" value="value"}
5
  {if #value === 'dd'}{set var="$date_template" value="day"}{/if}
tools/templates/form/editor/widgets/date_day.html CHANGED
@@ -1,5 +1,5 @@
1
  <select class="wysija_date_day" placeholder="{#i18n.date_select_day}">
2
  {loop name="#days"}
3
- <option value="{#day}"{if #is_selected} selected="selected"{/if}>{#day}</option>
4
  {/loop}
5
  </select>
1
  <select class="wysija_date_day" placeholder="{#i18n.date_select_day}">
2
  {loop name="#days"}
3
+ <option value="{#day|esc_attr}"{if #is_selected} selected="selected"{/if}>{#day|esc_html}</option>
4
  {/loop}
5
  </select>
tools/templates/form/editor/widgets/date_month.html CHANGED
@@ -1,5 +1,5 @@
1
  <select class="wysija_date_month" placeholder="{#i18n.date_select_month}">
2
  {loop name="#months"}
3
- <option value="{#month}"{if #is_selected} selected="selected"{/if}>{#month_name}</option>
4
  {/loop}
5
  </select>
1
  <select class="wysija_date_month" placeholder="{#i18n.date_select_month}">
2
  {loop name="#months"}
3
+ <option value="{#month|esc_attr}"{if #is_selected} selected="selected"{/if}>{#month_name|esc_html}</option>
4
  {/loop}
5
  </select>
tools/templates/form/editor/widgets/date_year.html CHANGED
@@ -1,5 +1,5 @@
1
  <select class="wysija_date_year" placeholder="{#i18n.date_select_year}">
2
  {loop name="#years"}
3
- <option value="{#year}"{if #is_selected} selected="selected"{/if}>{#year}</option>
4
  {/loop}
5
  </select>
1
  <select class="wysija_date_year" placeholder="{#i18n.date_select_year}">
2
  {loop name="#years"}
3
+ <option value="{#year|esc_attr}"{if #is_selected} selected="selected"{/if}>{#year|esc_html}</option>
4
  {/loop}
5
  </select>
tools/templates/form/editor/widgets/input.html CHANGED
@@ -1,2 +1,2 @@
1
- {if ! #params.label_within}<label>{#params.label}{if #params.required} *{/if}</label>{/if}
2
- <input type="text" disabled="disabled" value="" placeholder="{if #params.label_within}{#params.label}{/if}" />
1
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} *{/if}</label>{/if}
2
+ <input type="text" disabled="disabled" value="" placeholder="{if #params.label_within}{#params.label|esc_attr}{/if}" />
tools/templates/form/editor/widgets/list.html CHANGED
@@ -1,4 +1,4 @@
1
- {if #params.label}<p>{#params.label}</p>{/if}
2
  {if ! #params.values}<p class="wysija_warning">{$i18n.list_cannot_be_empty}</p>{/if}
3
  {loop name="#params.values"}
4
  <p>
1
+ {if #params.label}<p>{#params.label|esc_html}</p>{/if}
2
  {if ! #params.values}<p class="wysija_warning">{$i18n.list_cannot_be_empty}</p>{/if}
3
  {loop name="#params.values"}
4
  <p>
tools/templates/form/editor/widgets/radio.html CHANGED
@@ -1,6 +1,6 @@
1
- {if #params.label}<p>{#params.label}</p>{/if}
2
  <p>
3
  {loop name="#params.values"}
4
- <label><input class="radio" type="radio" value="1"{if #is_checked} checked="checked"{/if} disabled="disabled" />{#value}</label>
5
  {/loop}
6
  </p>
1
+ {if #params.label}<p>{#params.label|esc_html}</p>{/if}
2
  <p>
3
  {loop name="#params.values"}
4
+ <label><input class="radio" type="radio" value="1"{if #is_checked} checked="checked"{/if} disabled="disabled" />{#value|esc_html}</label>
5
  {/loop}
6
  </p>
tools/templates/form/editor/widgets/select.html CHANGED
@@ -3,7 +3,7 @@
3
  <select>
4
  {if #params.label_within && #params.label}<option value="">{#params.label}</option>{/if}
5
  {loop name="#params.values"}
6
- <option value="{#value}"{if #is_checked} selected="selected"{/if}>{#value}</option>
7
  {/loop}
8
  </select>
9
  </p>
3
  <select>
4
  {if #params.label_within && #params.label}<option value="">{#params.label}</option>{/if}
5
  {loop name="#params.values"}
6
+ <option value="{#value_attr}"{if #is_checked} selected="selected"{/if}>{#value}</option>
7
  {/loop}
8
  </select>
9
  </p>
tools/templates/form/editor/widgets/submit.html CHANGED
@@ -1 +1 @@
1
- <input type="button" value="{#params.label}" />
1
+ <input type="button" value="{#params.label|esc_attr}" />
tools/templates/form/editor/widgets/text.html CHANGED
@@ -1,2 +1,2 @@
1
- {if ! #params.label_within}<label>{#params.label}{if #params.required} *{/if}</label>{/if}
2
- <input type="text" disabled="disabled" value="{if #params.label_within}{#params.label}{/if}" />
1
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} *{/if}</label>{/if}
2
+ <input type="text" disabled="disabled" value="{if #params.label_within}{#params.label|esc_attr}{/if}" />
tools/templates/form/editor/widgets/textarea.html CHANGED
@@ -1,2 +1,2 @@
1
- {if ! #params.label_within}<label>{#params.label}{if #params.required} *{/if}</label>{/if}
2
- <textarea disabled="disabled" rows="{#params.lines|default:1}" placeholder="{if #params.label_within}{#params.label}{/if}"></textarea>
1
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} *{/if}</label>{/if}
2
+ <textarea disabled="disabled" rows="{#params.lines|default:1}" placeholder="{if #params.label_within}{#params.label|esc_attr}{/if}"></textarea>
tools/templates/form/web/widgets/checkbox.html CHANGED
@@ -1,7 +1,7 @@
1
  <p class="wysija-paragraph">
2
- {if #params.label}<label>{#params.label}</label>{/if}
3
  <input type="hidden" name="{#field_prefix}[{#field}]" value="0" />
4
  {loop name="#params.values"}
5
- <label class="wysija-checkbox-label"><input type="checkbox" class="wysija-checkbox {$validation}" name="{$field_prefix}[{$field}]" value="1" {if #is_checked}checked="checked"{/if} />{#value}</label>
6
  {/loop}
7
  </p>
1
  <p class="wysija-paragraph">
2
+ {if #params.label}<label>{#params.label|esc_html}</label>{/if}
3
  <input type="hidden" name="{#field_prefix}[{#field}]" value="0" />
4
  {loop name="#params.values"}
5
+ <label class="wysija-checkbox-label"><input type="checkbox" class="wysija-checkbox {$validation}" name="{$field_prefix}[{$field}]" value="1" {if #is_checked}checked="checked"{/if} />{#value|esc_html}</label>
6
  {/loop}
7
  </p>
tools/templates/form/web/widgets/country.html CHANGED
@@ -1,9 +1,9 @@
1
  <p>
2
- {if #params.label}<label>{#params.label}</label>{/if}
3
  <select class="wysija-select" name="{#field_prefix}[{#field}]">
4
  {if ! #params.values}<option value="">--</option>{/if}
5
  {loop name="#params.values"}
6
- <option value="{#value}"{if #is_checked} selected="selected"{/if}>{#value}</option>
7
  {/loop}
8
  </select>
9
  </p>
1
  <p>
2
+ {if #params.label}<label>{#params.label|esc_html}</label>{/if}
3
  <select class="wysija-select" name="{#field_prefix}[{#field}]">
4
  {if ! #params.values}<option value="">--</option>{/if}
5
  {loop name="#params.values"}
6
+ <option value="{#value|esc_attr}"{if #is_checked} selected="selected"{/if}>{#value|esc_html}</option>
7
  {/loop}
8
  </select>
9
  </p>
tools/templates/form/web/widgets/date.html CHANGED
@@ -1,5 +1,5 @@
1
  <p class="wysija-paragraph wysija-date">
2
- {if ! #params.label_within}<label>{#params.label}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
  {foreach name="#date_fields" key="j" value="value"}
4
  {if #value === 'dd'}{set var="$date_template" value="day"}{/if}
5
  {if #value === 'mm'}{set var="$date_template" value="month"}{/if}
1
  <p class="wysija-paragraph wysija-date">
2
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
  {foreach name="#date_fields" key="j" value="value"}
4
  {if #value === 'dd'}{set var="$date_template" value="day"}{/if}
5
  {if #value === 'mm'}{set var="$date_template" value="month"}{/if}
tools/templates/form/web/widgets/date_day.html CHANGED
@@ -1,5 +1,5 @@
1
  <select class="wysija_date_day {$validation}" name="{#field_prefix}[{#field}][day]" placeholder="{#i18n.date_select_day}">
2
  {loop name="#days"}
3
- <option value="{#day}"{if #is_selected} selected="selected"{/if}>{#day}</option>
4
  {/loop}
5
  </select>
1
  <select class="wysija_date_day {$validation}" name="{#field_prefix}[{#field}][day]" placeholder="{#i18n.date_select_day}">
2
  {loop name="#days"}
3
+ <option value="{#day|esc_attr}"{if #is_selected} selected="selected"{/if}>{#day|esc_html}</option>
4
  {/loop}
5
  </select>
tools/templates/form/web/widgets/date_month.html CHANGED
@@ -1,5 +1,5 @@
1
  <select class="wysija_date_month {$validation}" name="{#field_prefix}[{#field}][month]" placeholder="{#i18n.date_select_month}">
2
  {loop name="#months"}
3
- <option value="{#month}"{if #is_selected} selected="selected"{/if}>{#month_name}</option>
4
  {/loop}
5
  </select>
1
  <select class="wysija_date_month {$validation}" name="{#field_prefix}[{#field}][month]" placeholder="{#i18n.date_select_month}">
2
  {loop name="#months"}
3
+ <option value="{#month|esc_attr}"{if #is_selected} selected="selected"{/if}>{#month_name|esc_html}</option>
4
  {/loop}
5
  </select>
tools/templates/form/web/widgets/date_year.html CHANGED
@@ -1,5 +1,5 @@
1
  <select class="wysija_date_year {$validation}" name="{#field_prefix}[{#field}][year]" placeholder="{#i18n.date_select_year}">
2
  {loop name="#years"}
3
- <option value="{#year}"{if #is_selected} selected="selected"{/if}>{#year}</option>
4
  {/loop}
5
  </select>
1
  <select class="wysija_date_year {$validation}" name="{#field_prefix}[{#field}][year]" placeholder="{#i18n.date_select_year}">
2
  {loop name="#years"}
3
+ <option value="{#year|esc_attr}"{if #is_selected} selected="selected"{/if}>{#year|esc_html}</option>
4
  {/loop}
5
  </select>
tools/templates/form/web/widgets/input.html CHANGED
@@ -1,7 +1,7 @@
1
  <p class="wysija-paragraph">
2
- {if ! #params.label_within}<label>{#params.label}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
  {if !#params.lines || #params.lines == 1}
4
- <input type="text" name="{#field_prefix}[{#field}]" class="wysija-input {$validation}" title="{#params.label|html_value}" {if #params.label_within}placeholder="{#params.label|html_value}"{/if} value="{if #value}{#value|html_value}{/if}" />
5
  {/if}
6
  {if #params.lines > 1}
7
  <textarea name="" class="wysija-textarea {$validation}"></textarea>
1
  <p class="wysija-paragraph">
2
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
  {if !#params.lines || #params.lines == 1}
4
+ <input type="text" name="{#field_prefix}[{#field}]" class="wysija-input {$validation}" title="{#params.label|esc_attr}" {if #params.label_within}placeholder="{#params.label|esc_attr"{/if} value="{if #value}{#value|html_value}{/if}" />
5
  {/if}
6
  {if #params.lines > 1}
7
  <textarea name="" class="wysija-textarea {$validation}"></textarea>
tools/templates/form/web/widgets/list.html CHANGED
@@ -1,4 +1,4 @@
1
  {if #params.label}<p class="wysija-checkbox-label">{#params.label}</p>{/if}
2
  {loop name="#params.values"}
3
- <p class="wysija-checkbox-paragraph"><label><input class="wysija-checkbox {$validation}" name="wysija[user_list][list_id][]" type="checkbox" value="{#list_id}" {if #is_checked}checked="checked"{/if} /> {#name}</label></p>
4
  {/loop}
1
  {if #params.label}<p class="wysija-checkbox-label">{#params.label}</p>{/if}
2
  {loop name="#params.values"}
3
+ <p class="wysija-checkbox-paragraph"><label><input class="wysija-checkbox {$validation}" name="wysija[user_list][list_id][]" type="checkbox" value="{#list_id|esc_attr}" {if #is_checked}checked="checked"{/if} /> {#name|esc_html}</label></p>
4
  {/loop}
tools/templates/form/web/widgets/radio.html CHANGED
@@ -1,6 +1,6 @@
1
  <p class="wysija-paragraph">
2
- {if #params.label}<label>{#params.label}</label>{/if}
3
  {loop name="#params.values"}
4
- <label class="wysija-radio-label"><input type="radio" class="wysija-radio {$validation}" name="{$field_prefix}[{$field}]" value="{#value}" {if #is_checked}checked="checked"{/if} />{#value}</label>
5
  {/loop}
6
  </p>
1
  <p class="wysija-paragraph">
2
+ {if #params.label}<label>{#params.label|esc_html}</label>{/if}
3
  {loop name="#params.values"}
4
+ <label class="wysija-radio-label"><input type="radio" class="wysija-radio {$validation}" name="{$field_prefix}[{$field}]" value="{#value|esc_attr}" {if #is_checked}checked="checked"{/if} />{#value|esc_html}</label>
5
  {/loop}
6
  </p>
tools/templates/form/web/widgets/select.html CHANGED
@@ -1,9 +1,9 @@
1
  <p class="wysija-paragraph">
2
- {if !#params.label_within && #params.label}<label class="wysija-select-label">{#params.label}</label>{/if}
3
  <select class="wysija-select {$validation}" name="{#field_prefix}[{#field}]">
4
- {if #params.label_within && #params.label}<option value="">{#params.label}</option>{/if}
5
  {loop name="#params.values"}
6
- <option value="{#value}"{if #is_checked} selected="selected"{/if}>{#value}</option>
7
  {/loop}
8
  </select>
9
  </p>
1
  <p class="wysija-paragraph">
2
+ {if !#params.label_within && #params.label}<label class="wysija-select-label">{#params.label|esc_html}</label>{/if}
3
  <select class="wysija-select {$validation}" name="{#field_prefix}[{#field}]">
4
+ {if #params.label_within && #params.label}<option value="">{#params.label|esc_html}</option>{/if}
5
  {loop name="#params.values"}
6
+ <option value="{#value|esc_attr}"{if #is_checked} selected="selected"{/if}>{#value|esc_html}</option>
7
  {/loop}
8
  </select>
9
  </p>
tools/templates/form/web/widgets/submit.html CHANGED
@@ -1,2 +1,2 @@
1
  {if #params.recaptcha_key}<div class="g-recaptcha" data-sitekey="{#params.recaptcha_key}" data-size="compact"></div>{/if}
2
- <input class="wysija-submit wysija-submit-field" type="submit" value="{#params.label}" />
1
  {if #params.recaptcha_key}<div class="g-recaptcha" data-sitekey="{#params.recaptcha_key}" data-size="compact"></div>{/if}
2
+ <input class="wysija-submit wysija-submit-field" type="submit" value="{#params.label|esc_attr}" />
tools/templates/form/web/widgets/text.html CHANGED
@@ -1,6 +1,6 @@
1
  <p class="wysija-paragraph">
2
- {if ! #params.label_within}<label>{#params.label}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
- <input type="text" name="wysija[user][{#field}]" class="wysija-input {$validation}" title="{#params.label|html_value}" {if #params.label_within}placeholder="{#params.label|html_value}"{/if} value="{if #value}{#value|html_value}{/if}" />
4
  {if ! $preview}
5
  <span class="abs-req">
6
  <input type="text" name="wysija[user][abs][{#field}]" class="wysija-input validated[abs][{#field}]" value="" />
1
  <p class="wysija-paragraph">
2
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
+ <input type="text" name="wysija[user][{#field}]" class="wysija-input {$validation}" title="{#params.label|html_value}" {if #params.label_within}placeholder="{#params.label|esc_attr}"{/if} value="{if #value}{#value|esc_attr}{/if}" />
4
  {if ! $preview}
5
  <span class="abs-req">
6
  <input type="text" name="wysija[user][abs][{#field}]" class="wysija-input validated[abs][{#field}]" value="" />
tools/templates/form/web/widgets/textarea.html CHANGED
@@ -1,6 +1,6 @@
1
  <p class="wysija-paragraph">
2
- {if ! #params.label_within}<label>{#params.label}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
- <textarea name="{#field_prefix}[{#field}]" class="wysija-textarea {$validation}" rows="{#params.lines|default:1}" placeholder="{if #params.label_within}{#params.label}{/if}"></textarea>
4
  {if ! $preview}
5
  <span class="abs-req">
6
  <input type="text" name="{#field_prefix}[abs][{#field}]" class="wysija-input validated[abs][{#field}]" value="" />
1
  <p class="wysija-paragraph">
2
+ {if ! #params.label_within}<label>{#params.label|esc_html}{if #params.required} <span class="wysija-required">*</span>{/if}</label>{/if}
3
+ <textarea name="{#field_prefix}[{#field}]" class="wysija-textarea {$validation}" rows="{#params.lines|default:1}" placeholder="{if #params.label_within}{#params.label|esc_attr}{/if}"></textarea>
4
  {if ! $preview}
5
  <span class="abs-req">
6
  <input type="text" name="{#field_prefix}[abs][{#field}]" class="wysija-input validated[abs][{#field}]" value="" />
views/back/config.php CHANGED
@@ -1888,7 +1888,7 @@ class WYSIJA_view_back_config extends WYSIJA_view_back {
1888
  <!--<label><input type="radio" name="on_success" value="message" checked="checked" /><?php _e('show message', WYSIJA); ?></label>
1889
  <label><input type="radio" name="on_success" value="page" /><?php _e('go to page', WYSIJA); ?></label>-->
1890
  </p>
1891
- <textarea name="success_message"><?php echo $helper_form_engine->get_setting('success_message'); ?></textarea>
1892
  </div>
1893
 
1894
  <p id="form-error" style="display:none;"></p>
1888
  <!--<label><input type="radio" name="on_success" value="message" checked="checked" /><?php _e('show message', WYSIJA); ?></label>
1889
  <label><input type="radio" name="on_success" value="page" /><?php _e('go to page', WYSIJA); ?></label>-->
1890
  </p>
1891
+ <textarea name="success_message"><?php echo esc_html($helper_form_engine->get_setting('success_message')); ?></textarea>
1892
  </div>
1893
 
1894
  <p id="form-error" style="display:none;"></p>