Easy Forms for MailChimp - Version 6.8.6

Version Description

  • December 17, 2021 =
  • Addressed potential XSS vulnerability
Download this release

Release Info

Developer yikesinc
Plugin Icon 128x128 Easy Forms for MailChimp
Version 6.8.6
Comparing to
See all releases

Code changes from version 6.8.5 to 6.8.6

Files changed (3) hide show
  1. admin/partials/ajax/add_field_to_form.php +9 -9
  2. readme.txt +5 -2
  3. yikes-inc-easy-mailchimp-extender.php +2 -2
admin/partials/ajax/add_field_to_form.php CHANGED
@@ -1,9 +1,9 @@
1
  <?php
2
  $form_data = array(
3
- 'field_name' => $_POST['field_name'],
4
- 'merge_tag' => $_POST['merge_tag'],
5
- 'field_type' => $_POST['field_type'],
6
- 'list_id' => $_POST['list_id'],
7
  );
8
 
9
  // Grab our list handler.
@@ -33,12 +33,12 @@ $index = $this->findMCListIndex( $form_data['merge_tag'], $available_merge_varia
33
  // store it and use it to pre-populate field data (only on initial add to form)
34
  $merge_field_data = $available_merge_variables['merge_fields'][ $index ];
35
  ?>
36
- <section class="draggable" id="<?php echo $form_data['field_name']; ?>">
37
  <!-- top -->
38
  <a href="#" class="expansion-section-title settings-sidebar">
39
  <span class="dashicons dashicons-plus yikes-mc-expansion-toggle" title="<?php _e( 'Expand Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>"></span>
40
- <?php echo stripslashes( $form_data['field_name'] ); ?>
41
- <span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . $form_data['field_type']; ?></small></span>
42
  </a>
43
  <!-- expansion section -->
44
  <div class="yikes-mc-settings-expansion-section">
@@ -46,8 +46,8 @@ $merge_field_data = $available_merge_variables['merge_fields'][ $index ];
46
  <!-- Single or Double Opt-in -->
47
  <p class="type-container form-field-container"><!-- necessary to prevent skipping on slideToggle(); -->
48
  <!-- store the label -->
49
- <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][label]" value="<?php echo htmlspecialchars( $form_data['field_name'] ); ?>" />
50
- <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][type]" value="<?php echo $form_data['field_type']; ?>" />
51
  <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][merge]" value="<?php echo $merge_field_data['tag']; ?>" />
52
  <input type="hidden" class="field-<?php echo $merge_field_data['tag']; ?>-position position-input" name="field[<?php echo $merge_field_data['tag']; ?>][position]" value="" />
53
 
1
  <?php
2
  $form_data = array(
3
+ 'field_name' => isset( $_POST['field_name'] ) ? sanitize_text_field($_POST['field_name']) : '',
4
+ 'merge_tag' => isset( $_POST['merge_tag'] ) ? sanitize_text_field($_POST['merge_tag']) : '',
5
+ 'field_type' => isset( $_POST['field_type'] ) ? sanitize_text_field($_POST['field_type']) : '',
6
+ 'list_id' => isset( $_POST['list_id'] ) ? sanitize_text_field($_POST['list_id']) : '',
7
  );
8
 
9
  // Grab our list handler.
33
  // store it and use it to pre-populate field data (only on initial add to form)
34
  $merge_field_data = $available_merge_variables['merge_fields'][ $index ];
35
  ?>
36
+ <section class="draggable" id="<?php echo esc_attr( $form_data['field_name'] ); ?>">
37
  <!-- top -->
38
  <a href="#" class="expansion-section-title settings-sidebar">
39
  <span class="dashicons dashicons-plus yikes-mc-expansion-toggle" title="<?php _e( 'Expand Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>"></span>
40
+ <?php echo wp_kses_post( stripslashes( $form_data['field_name'] ) ); ?>
41
+ <span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . esc_html( $form_data['field_type'] ); ?></small></span>
42
  </a>
43
  <!-- expansion section -->
44
  <div class="yikes-mc-settings-expansion-section">
46
  <!-- Single or Double Opt-in -->
47
  <p class="type-container form-field-container"><!-- necessary to prevent skipping on slideToggle(); -->
48
  <!-- store the label -->
49
+ <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][label]" value="<?php echo esc_attr( htmlspecialchars( $form_data['field_name'] ) ); ?>" />
50
+ <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][type]" value="<?php echo esc_attr( $form_data['field_type'] ); ?>" />
51
  <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][merge]" value="<?php echo $merge_field_data['tag']; ?>" />
52
  <input type="hidden" class="field-<?php echo $merge_field_data['tag']; ?>-position position-input" name="field[<?php echo $merge_field_data['tag']; ?>][position]" value="" />
53
 
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: yikesinc, eherman24, liljimmi, JPry, yikesitskevin, fmixell, vochr
3
  Donate link: https://yikesplugins.com/?utm_source=wp_plugin_repo&utm_medium=donate_link&utm_campaign=easy_forms_for_mailchimp
4
  Tags: Mailchimp, Mailchimp forms, Mailchimp lists, opt-in forms, sign up form, Mailchimp, email, forms, mailing lists, marketing, newsletter, sign up
5
  Requires at least: 4.0
6
- Tested up to: 5.8
7
  Requires PHP: 5.2.13
8
- Stable tag: 6.8.5
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -172,6 +172,9 @@ For information and code examples on how to implement the hooks and filters prov
172
 
173
  == Changelog ==
174
 
 
 
 
175
  = 6.8.5 - September 2, 2021 =
176
  * Deprecated filter block_categories is replaced by block_categories_all in WP 5.8
177
 
3
  Donate link: https://yikesplugins.com/?utm_source=wp_plugin_repo&utm_medium=donate_link&utm_campaign=easy_forms_for_mailchimp
4
  Tags: Mailchimp, Mailchimp forms, Mailchimp lists, opt-in forms, sign up form, Mailchimp, email, forms, mailing lists, marketing, newsletter, sign up
5
  Requires at least: 4.0
6
+ Tested up to: 6.0
7
  Requires PHP: 5.2.13
8
+ Stable tag: 6.8.6
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
172
 
173
  == Changelog ==
174
 
175
+ = 6.8.6 - December 17, 2021 =
176
+ * Addressed potential XSS vulnerability
177
+
178
  = 6.8.5 - September 2, 2021 =
179
  * Deprecated filter block_categories is replaced by block_categories_all in WP 5.8
180
 
yikes-inc-easy-mailchimp-extender.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Easy Forms for Mailchimp
4
  * Plugin URI: https://yikesplugins.com/plugin/easy-forms-for-mailchimp/
5
  * Description: The ultimate Mailchimp WordPress plugin. Easily build <strong>unlimited forms for your Mailchimp lists</strong>, add them to your site and track subscriber activity. To get started, go to the settings page and enter your <a href="https://yikesplugins.com/support/knowledge-base/finding-your-mailchimp-api-key/" target="_blank">Mailchimp API key</a>.
6
- * Version: 6.8.5
7
  * Author: YIKES, Inc.
8
  * Author URI: https://www.yikesplugins.com/
9
  * License: GPL-3.0+
@@ -42,7 +42,7 @@ if ( ! defined( 'WPINC' ) ) {
42
  * @since 6.1.3
43
  */
44
  if ( ! defined( 'YIKES_MC_VERSION' ) ) {
45
- define( 'YIKES_MC_VERSION', '6.8.5' );
46
  }
47
 
48
  /**
3
  * Plugin Name: Easy Forms for Mailchimp
4
  * Plugin URI: https://yikesplugins.com/plugin/easy-forms-for-mailchimp/
5
  * Description: The ultimate Mailchimp WordPress plugin. Easily build <strong>unlimited forms for your Mailchimp lists</strong>, add them to your site and track subscriber activity. To get started, go to the settings page and enter your <a href="https://yikesplugins.com/support/knowledge-base/finding-your-mailchimp-api-key/" target="_blank">Mailchimp API key</a>.
6
+ * Version: 6.8.6
7
  * Author: YIKES, Inc.
8
  * Author URI: https://www.yikesplugins.com/
9
  * License: GPL-3.0+
42
  * @since 6.1.3
43
  */
44
  if ( ! defined( 'YIKES_MC_VERSION' ) ) {
45
+ define( 'YIKES_MC_VERSION', '6.8.6' );
46
  }
47
 
48
  /**