Changeset 2723451

Timestamp:

05/13/2022 04:25:59 PM (4 years ago)

Author:

mmuro

Message:

More updates

Location:

visual-form-builder/trunk/admin

Files:

• class-export.php (modified) (1 diff)
• class-forms-edit.php (modified) (3 diffs)
• class-page-settings.php (modified) (6 diffs)

visual-form-builder/trunk/admin/class-export.php

@@ -358 +358 @@
 
         ?>
-        <label for="vfb-export-fields-val-<?php echo $id; ?>">
+        <label for="vfb-export-fields-val-<?php echo esc_attr( $id ); ?>">
           <input 
-            name="settings[fields][<?php echo $id; ?>]" 
+            name="settings[fields][<?php echo esc_attr( $id ); ?>]" 
             class="vfb-export-fields-vals" 
-            id="vfb-export-fields-val-<?php echo $id; ?>" 
+            id="vfb-export-fields-val-<?php echo esc_attr( $id ); ?>" 
             type="checkbox" 
             value="<?php echo esc_attr( $value ); ?>" 

visual-form-builder/trunk/admin/class-forms-edit.php

@@ -73 +73 @@
           echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder'), esc_html( $_POST['s'] ) );
 
-        $form_nav_selected_id = isset( $_GET['form'] ) ? $_GET['form'] : '0';
+        $form_nav_selected_id = isset( $_GET['form'] ) ? absint( $_GET['form'] ) : '0';
       ?>
       </h1>
@@ -90 +90 @@
                   <form id="vfb-form-items" method="post" action="">
                     <input name="action" type="hidden" value="create_field" />
-                    <input name="form_id" type="hidden" value="<?php echo $form_nav_selected_id; ?>" />
+                    <input name="form_id" type="hidden" value="<?php echo esc_attr( $form_nav_selected_id ); ?>" />
                     <?php
                       wp_nonce_field( 'create-field-' . $form_nav_selected_id );
@@ -107 +107 @@
                   <p>
                     <?php _e( 'Shortcode', 'visual-form-builder' ); ?>
-                    <input value="[vfb id=<?php echo $form_nav_selected_id; ?>]" readonly="readonly" />
+                    <input value="[vfb id=<?php echo esc_attr( $form_nav_selected_id ); ?>]" readonly="readonly" />
                   </p>
                 </div> <!-- .vfb-accordion-section-content -->

visual-form-builder/trunk/admin/class-page-settings.php

@@ -36 +36 @@
             ?>
               <label for="vfb-settings-<?php echo $key; ?>">
-                <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo $title; ?>
+                <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?>
               </label>
               <br>
@@ -57 +57 @@
                 $vfb_settings[ $key ] = isset( $vfb_settings[ $key ] ) ? $vfb_settings[ $key ] : '';
             ?>
-              <label for="vfb-settings-<?php echo $key; ?>">
-                <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo $title; ?>
+              <label for="vfb-settings-<?php echo esc_attr( $key ); ?>">
+                <input type="checkbox" name="vfb-settings[<?php echo esc_attr( $key ); ?>]" id="vfb-settings-<?php echo esc_attr( $key ); ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?>
               </label>
               <br>
@@ -92 +92 @@
           <td>
             <?php $vfb_settings['spam-points'] = isset( $vfb_settings['spam-points'] ) ? $vfb_settings['spam-points'] : '4'; ?>
-            <input type="number" min="1" name="vfb-settings[spam-points]" id="vfb-settings-spam-points" value="<?php echo $vfb_settings['spam-points']; ?>" class="small-text" />
+            <input type="number" min="1" name="vfb-settings[spam-points]" id="vfb-settings-spam-points" value="<?php echo esc_attr( $vfb_settings['spam-points'] ); ?>" class="small-text" />
           </td>
         </tr>
@@ -100 +100 @@
           <td>
             <?php $vfb_settings['max-upload-size'] = isset( $vfb_settings['max-upload-size'] ) ? $vfb_settings['max-upload-size'] : '25'; ?>
-            <input type="number" name="vfb-settings[max-upload-size]" id="vfb-settings-max-upload-size" value="<?php echo $vfb_settings['max-upload-size']; ?>" class="small-text" /> MB
+            <input type="number" name="vfb-settings[max-upload-size]" id="vfb-settings-max-upload-size" value="<?php echo esc_attr( $vfb_settings['max-upload-size'] ); ?>" class="small-text" /> MB
           </td>
         </tr>
@@ -112 +112 @@
 
             // Get the site domain and get rid of www.
-            $sitename = strtolower( $_SERVER['SERVER_NAME'] );
+            $sitename = strtolower( sanitize_text_field( $_SERVER['SERVER_NAME'] ) );
             if ( substr( $sitename, 0, 4 ) == 'www.' )
               $sitename = substr( $sitename, 4 );
@@ -124 +124 @@
             $vfb_settings['sender-mail-header'] = isset( $vfb_settings['sender-mail-header'] ) ? $vfb_settings['sender-mail-header'] : $from_email;
             ?>
-            <input type="text" name="vfb-settings[sender-mail-header]" id="vfb-settings-sender-mail-header" value="<?php echo $vfb_settings['sender-mail-header']; ?>" class="regular-text" />
+            <input type="text" name="vfb-settings[sender-mail-header]" id="vfb-settings-sender-mail-header" value="<?php echo esc_attr( $vfb_settings['sender-mail-header'] ); ?>" class="regular-text" />
             <p class="description"><?php _e( 'Some server configurations require an existing email on the domain be used when sending emails.', 'visual-form-builder' ); ?></p>
           </td>