Easy Forms for MailChimp

Version Description

Files changed (5) hide show

admin/class-yikes-inc-easy-mailchimp-extender-admin.php CHANGED Viewed

	@@ -1154,7 +1154,7 @@ class Yikes_Inc_Easy_Mailchimp_Forms_Admin {
1154	update_option( 'yikes-mc-api-validation' , 'invalid_api_key' );
1155	return;
1156	}
1157	- $api_key = trim( $input );
1158	$dash_position = strpos( trim( $input ), '-' );
1159	if( $dash_position !== false ) {
1160	$api_endpoint = 'https://' . substr( $api_key, $dash_position + 1 ) . '.api.mailchimp.com/2.0/helper/ping.json';


1154	update_option( 'yikes-mc-api-validation' , 'invalid_api_key' );
1155	return;
1156	}
1157	+ $api_key = strip_tags ( trim( $input ) );
1158	$dash_position = strpos( trim( $input ), '-' );
1159	if( $dash_position !== false ) {
1160	$api_endpoint = 'https://' . substr( $api_key, $dash_position + 1 ) . '.api.mailchimp.com/2.0/helper/ping.json';

admin/partials/menu/options.php CHANGED Viewed

@@ -16,12 +16,19 @@
             			$api_error_response = '';
+            		}
+            	}
-            -
             ?>
-            -
            	<!--
-            -
            		Actual Settings Form
-            -
            		Chyea --
-            -
            	-->
             	<div class="wrap">
             		<!-- Freddie Logo -->


16	$api_error_response = '';
17	}
18	}
19	+
20	+ /*
21	+ * Properly Sanatize $_REQUEST['section'] variable
22	+ *
23	+ * @since 6.2.2
24	+ *
25	+ */
26	+ if ( isset( $_REQUEST['section'] ) ) {
27	+ $_REQUEST['section'] = preg_replace('/[^\w-]/', '', strip_tags ( $_REQUEST['section'] ) );
28	+ }
29	?>
30	+ <!-- Actual Settings Form
31	+ Chyea -->


32	<div class="wrap">
33
34	<!-- Freddie Logo -->

package.json CHANGED Viewed

	@@ -1,6 +1,6 @@
1	{
2	"name": "yikes-inc-easy-mailchimp-extender",
3	- "version": "6.2.1",
4	"description": "Easy MailChimp opt-in forms for your site.",
5	"main": "index.js",
6	"scripts": {


1	{
2	"name": "yikes-inc-easy-mailchimp-extender",
3	+ "version": "6.2.2",
4	"description": "Easy MailChimp opt-in forms for your site.",
5	"main": "index.js",
6	"scripts": {

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://yikesplugins.com/?utm_source=wp_plugin_repo&utm_medium=dona
4	Tags: MailChimp, MailChimp forms, MailChimp lists, opt-in forms, sign up form, MailChimp, email, forms, mailing lists, marketing, newsletter, sign up
5	Requires at least: 4.0
6	Tested up to: 4.6.1
7	- Stable tag: 6.2.1
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -235,6 +235,12 @@ Below you'll find a complete list of the hooks and filters available in Easy For
235
236	== Changelog ==
237






238	= Easy Forms for MailChimp 6.2.1 - October 19th, 2016 =
239	* Fixed a bug where the title and description will not display using the shortcode.
240	* Fixed a bug where the `recaptcha` shortcode parameter doesn't work properly.


4	Tags: MailChimp, MailChimp forms, MailChimp lists, opt-in forms, sign up form, MailChimp, email, forms, mailing lists, marketing, newsletter, sign up
5	Requires at least: 4.0
6	Tested up to: 4.6.1
7	+ Stable tag: 6.2.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

235
236	== Changelog ==
237
238	+ = Easy Forms for MailChimp 6.2.2 - October 25th, 2016 =
239	+ * Minor security patch - Thanks goes to the Tristan Md for locating and disclosing the issues below.
240	+ * Fixed a bug where request variable "section" was not sanitize before execution and rendering
241	+ * Fixed a bug where global constant "YIKES_MC_API_KEY" was not sanitize before execution and rendering
242	+ * Fixed a bug where WP option "yikes-mc-api-key" was not sanitize before validating and saving
243	+
244	= Easy Forms for MailChimp 6.2.1 - October 19th, 2016 =
245	* Fixed a bug where the title and description will not display using the shortcode.
246	* Fixed a bug where the `recaptcha` shortcode parameter doesn't work properly.

yikes-inc-easy-mailchimp-extender.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Easy Forms for MailChimp by YIKES
4	* Plugin URI: http://www.yikesinc.com/services/yikes-inc-easy-mailchimp-extender/
5	* Description: YIKES Easy Forms for MailChimp links your site to MailChimp and allows you to generate and display mailing list opt-in forms anywhere on your site with ease.
6	- * Version: 6.2.1
7	* Author: YIKES
8	* Author URI: http://www.yikesinc.com/
9	* License: GPL-3.0+
	@@ -193,13 +193,15 @@ yikes_inc_easy_mailchimp_extender()->run();
193	* Helper function to return our API key
194	* Support the use of a PHP constant
195	* @return string MailChimp API key from the PHP constant, or the options


196	*/
197	function yikes_get_mc_api_key() {
198	if ( defined( 'YIKES_MC_API_KEY' ) ) {
199	- return trim( YIKES_MC_API_KEY );
200	}
201
202	- return trim( get_option( 'yikes-mc-api-key', '' ) );
203	}
204
205	add_action( 'plugins_loaded', 'yikes_mailchimp_plugin_textdomain' );


3	* Plugin Name: Easy Forms for MailChimp by YIKES
4	* Plugin URI: http://www.yikesinc.com/services/yikes-inc-easy-mailchimp-extender/
5	* Description: YIKES Easy Forms for MailChimp links your site to MailChimp and allows you to generate and display mailing list opt-in forms anywhere on your site with ease.
6	+ * Version: 6.2.2
7	* Author: YIKES
8	* Author URI: http://www.yikesinc.com/
9	* License: GPL-3.0+

193	* Helper function to return our API key
194	* Support the use of a PHP constant
195	* @return string MailChimp API key from the PHP constant, or the options
196	+ * @security strip away tags and patch security
197	+ * @since 6.2.2
198	*/
199	function yikes_get_mc_api_key() {
200	if ( defined( 'YIKES_MC_API_KEY' ) ) {
201	+ return trim( strip_tags ( YIKES_MC_API_KEY ) );
202	}
203
204	+ return trim( strip_tags( get_option( 'yikes-mc-api-key', '' ) ) );
205	}
206
207	add_action( 'plugins_loaded', 'yikes_mailchimp_plugin_textdomain' );