Changeset 2723452

Timestamp:

05/13/2022 04:32:28 PM (4 years ago)

Author:

mmuro

Message:

Update tagged copy of new changes

Location:

visual-form-builder/tags/3.0.9/admin

Files:

• class-export.php (modified) (5 diffs)
• class-forms-edit.php (modified) (3 diffs)
• class-page-settings.php (modified) (6 diffs)

visual-form-builder/tags/3.0.9/admin/class-export.php

@@ -5 +5 @@
  */
 class Visual_Form_Builder_Export {
-  
+
   /**
    * Default delimiter for CSV and Tab export
@@ -106 +106 @@
           ?>
           </select>
-        
+
         <div class="vfb-export-entries-options">
           <h3><?php _e( 'Customize your export', 'visual-form-builder' ); ?></h3>
@@ -205 +205 @@
         if ( $end_date )
           $where .= $wpdb->prepare( " AND date_submitted < %s", date( 'Y-m-d', strtotime( '+1 month', strtotime( $end_date ) ) ) );
-        
+
         $title = $wpdb->get_var( null, 1 );
 
@@ -335 +335 @@
     if ( 0 == $entries_count )
       return _e( 'No entries.', 'visual-form-builder' );
-    
+
     if ( is_array( $entries ) && !empty( $entries ) ) {
       $columns = $this->get_cols( $entries );
@@ -358 +358 @@
 
         ?>
-        <label for="vfb-export-fields-val-<?php echo $id; ?>">
-          <input 
-            name="settings[fields][<?php echo $id; ?>]" 
-            class="vfb-export-fields-vals" 
-            id="vfb-export-fields-val-<?php echo $id; ?>" 
-            type="checkbox" 
-            value="<?php echo esc_attr( $value ); ?>" 
+        <label for="vfb-export-fields-val-<?php echo esc_attr( $id ); ?>">
+          <input
+            name="settings[fields][<?php echo esc_attr( $id ); ?>]"
+            class="vfb-export-fields-vals"
+            id="vfb-export-fields-val-<?php echo esc_attr( $id ); ?>"
+            type="checkbox"
+            value="<?php echo esc_attr( $value ); ?>"
             <?php echo $selected; ?>
-          /> 
+          />
           <?php echo esc_html( $search ); ?>
         </label><br>

visual-form-builder/tags/3.0.9/admin/class-forms-edit.php

@@ -73 +73 @@
           echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"' , 'visual-form-builder'), esc_html( $_POST['s'] ) );
 
-        $form_nav_selected_id = isset( $_GET['form'] ) ? $_GET['form'] : '0';
+        $form_nav_selected_id = isset( $_GET['form'] ) ? absint( $_GET['form'] ) : '0';
       ?>
       </h1>
@@ -90 +90 @@
                   <form id="vfb-form-items" method="post" action="">
                     <input name="action" type="hidden" value="create_field" />
-                    <input name="form_id" type="hidden" value="<?php echo $form_nav_selected_id; ?>" />
+                    <input name="form_id" type="hidden" value="<?php echo esc_attr( $form_nav_selected_id ); ?>" />
                     <?php
                       wp_nonce_field( 'create-field-' . $form_nav_selected_id );
@@ -107 +107 @@
                   <p>
                     <?php _e( 'Shortcode', 'visual-form-builder' ); ?>
-                    <input value="[vfb id=<?php echo $form_nav_selected_id; ?>]" readonly="readonly" />
+                    <input value="[vfb id=<?php echo esc_attr( $form_nav_selected_id ); ?>]" readonly="readonly" />
                   </p>
                 </div> <!-- .vfb-accordion-section-content -->

visual-form-builder/tags/3.0.9/admin/class-page-settings.php

@@ -36 +36 @@
             ?>
               <label for="vfb-settings-<?php echo $key; ?>">
-                <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo $title; ?>
+                <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?>
               </label>
               <br>
@@ -57 +57 @@
                 $vfb_settings[ $key ] = isset( $vfb_settings[ $key ] ) ? $vfb_settings[ $key ] : '';
             ?>
-              <label for="vfb-settings-<?php echo $key; ?>">
-                <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo $title; ?>
+              <label for="vfb-settings-<?php echo esc_attr( $key ); ?>">
+                <input type="checkbox" name="vfb-settings[<?php echo esc_attr( $key ); ?>]" id="vfb-settings-<?php echo esc_attr( $key ); ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?>
               </label>
               <br>
@@ -92 +92 @@
           <td>
             <?php $vfb_settings['spam-points'] = isset( $vfb_settings['spam-points'] ) ? $vfb_settings['spam-points'] : '4'; ?>
-            <input type="number" min="1" name="vfb-settings[spam-points]" id="vfb-settings-spam-points" value="<?php echo $vfb_settings['spam-points']; ?>" class="small-text" />
+            <input type="number" min="1" name="vfb-settings[spam-points]" id="vfb-settings-spam-points" value="<?php echo esc_attr( $vfb_settings['spam-points'] ); ?>" class="small-text" />
           </td>
         </tr>
@@ -100 +100 @@
           <td>
             <?php $vfb_settings['max-upload-size'] = isset( $vfb_settings['max-upload-size'] ) ? $vfb_settings['max-upload-size'] : '25'; ?>
-            <input type="number" name="vfb-settings[max-upload-size]" id="vfb-settings-max-upload-size" value="<?php echo $vfb_settings['max-upload-size']; ?>" class="small-text" /> MB
+            <input type="number" name="vfb-settings[max-upload-size]" id="vfb-settings-max-upload-size" value="<?php echo esc_attr( $vfb_settings['max-upload-size'] ); ?>" class="small-text" /> MB
           </td>
         </tr>
@@ -112 +112 @@
 
             // Get the site domain and get rid of www.
-            $sitename = strtolower( $_SERVER['SERVER_NAME'] );
+            $sitename = strtolower( sanitize_text_field( $_SERVER['SERVER_NAME'] ) );
             if ( substr( $sitename, 0, 4 ) == 'www.' )
               $sitename = substr( $sitename, 4 );
@@ -124 +124 @@
             $vfb_settings['sender-mail-header'] = isset( $vfb_settings['sender-mail-header'] ) ? $vfb_settings['sender-mail-header'] : $from_email;
             ?>
-            <input type="text" name="vfb-settings[sender-mail-header]" id="vfb-settings-sender-mail-header" value="<?php echo $vfb_settings['sender-mail-header']; ?>" class="regular-text" />
+            <input type="text" name="vfb-settings[sender-mail-header]" id="vfb-settings-sender-mail-header" value="<?php echo esc_attr( $vfb_settings['sender-mail-header'] ); ?>" class="regular-text" />
             <p class="description"><?php _e( 'Some server configurations require an existing email on the domain be used when sending emails.', 'visual-form-builder' ); ?></p>
           </td>