Changeset 2726967
- Timestamp:
- 05/19/2022 04:37:08 PM (4 years ago)
- Location:
- visual-form-builder/trunk
- Files:
-
- 16 edited
-
admin/class-entries-list.php (modified) (1 diff)
-
admin/class-fields.php (modified) (8 diffs)
-
admin/class-forms-edit.php (modified) (26 diffs)
-
admin/class-forms-list.php (modified) (26 diffs)
-
admin/class-forms-new.php (modified) (1 diff)
-
admin/class-media-button.php (modified) (5 diffs)
-
admin/class-page-settings.php (modified) (8 diffs)
-
admin/class-save.php (modified) (19 diffs)
-
admin/class-screen-options.php (modified) (1 diff)
-
admin/class-widget.php (modified) (8 diffs)
-
inc/class-i18n.php (modified) (3 diffs)
-
inc/class-install.php (modified) (6 diffs)
-
inc/class-uninstall.php (modified) (2 diffs)
-
inc/countries.php (modified) (1 diff)
-
public/class-confirmation.php (modified) (11 diffs)
-
visual-form-builder.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
visual-form-builder/trunk/admin/class-entries-list.php
r2726274 r2726967 572 572 'entry_id' => $entry->entries_id, 573 573 'id' => $entry->entries_id, 574 'form' => stripslashes( $entry->form_title ),575 'subject' => stripslashes( $entry->subject ),576 'sender_name' => stripslashes( $entry->sender_name ),577 'sender_email' => stripslashes( $entry->sender_email ),578 'emails_to' => implode( ',', unserialize( stripslashes( $entry->emails_to ) ) ),574 'form' => wp_unslash( $entry->form_title ), 575 'subject' => wp_unslash( $entry->subject ), 576 'sender_name' => wp_unslash( $entry->sender_name ), 577 'sender_email' => wp_unslash( $entry->sender_email ), 578 'emails_to' => implode( ',', unserialize( wp_unslash( $entry->emails_to ) ) ), 579 579 'date' => gmdate( "$date_format $time_format", strtotime( $entry->date_submitted ) ), 580 580 'ip_address' => $entry->ip_address, -
visual-form-builder/trunk/admin/class-fields.php
r2726292 r2726967 55 55 <dl class="menu-item-bar vfb-menu-item-inactive"> 56 56 <dt class="vfb-menu-item-handle vfb-menu-item-type-<?php echo esc_attr( $field->field_type ); ?>"> 57 <span class="item-title"><?php echo esc_html( $field->field_name); ?><?php echo ( 'yes' === $field->field_required ) ? ' <span class="is-field-required">*</span>' : ''; ?></span>57 <span class="item-title"><?php echo esc_html( wp_unslash( $field->field_name ) ); ?><?php echo ( 'yes' === $field->field_required ) ? ' <span class="is-field-required">*</span>' : ''; ?></span> 58 58 <span class="item-controls"> 59 59 <span class="item-type"><?php echo esc_html( strtoupper( str_replace( '-', ' ', $field->field_type ) ) ); ?></span> … … 70 70 <span class="vfb-tooltip" rel="<?php esc_attr_e( 'For Fieldsets, a Legend is simply the name of that group. Use general terms that describe the fields included in this Fieldset.', 'visual-form-builder' ); ?>" title="<?php esc_attr_e( 'About Legend', 'visual-form-builder' ); ?>">(?)</span> 71 71 <br /> 72 <input type="text" value="<?php echo esc_html( $field->field_name); ?>" name="field_name-<?php echo esc_attr( $field->field_id ); ?>" class="widefat" id="edit-form-item-name-<?php echo esc_attr( $field->field_id ); ?>" maxlength="255" />72 <input type="text" value="<?php echo esc_html( wp_unslash( $field->field_name ) ); ?>" name="field_name-<?php echo esc_attr( $field->field_id ); ?>" class="widefat" id="edit-form-item-name-<?php echo esc_attr( $field->field_id ); ?>" maxlength="255" /> 73 73 </label> 74 74 </p> 75 75 <p class="description description-wide"> 76 76 <label for="edit-form-item-css-<?php echo esc_attr( $field->field_id ); ?>"> 77 77 <?php esc_html_e( 'CSS Classes', 'visual-form-builder' ); ?> 78 78 <span class="vfb-tooltip" rel="<?php esc_attr_e( 'For each field, you can insert your own CSS class names which can be used in your own stylesheets.', 'visual-form-builder' ); ?>" title="<?php esc_attr_e( 'About CSS Classes', 'visual-form-builder' ); ?>">(?)</span> 79 79 <br /> … … 89 89 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Name', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( "A field's name is the most visible and direct way to describe what that field is for.", 'visual-form-builder' ); ?>">(?)</span> 90 90 <br /> 91 <input type="text" value="<?php echo esc_html( $field->field_name); ?>" name="field_name-<?php echo esc_attr( $field->field_id ); ?>" class="widefat" id="edit-form-item-name-<?php echo esc_attr( $field->field_id ); ?>" maxlength="255" />91 <input type="text" value="<?php echo esc_html( wp_unslash( $field->field_name ) ); ?>" name="field_name-<?php echo esc_attr( $field->field_id ); ?>" class="widefat" id="edit-form-item-name-<?php echo esc_attr( $field->field_id ); ?>" maxlength="255" /> 92 92 </label> 93 93 </p> … … 98 98 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Instructions Description', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'The Instructions field allows for long form explanations, typically seen at the beginning of Fieldsets or Sections. HTML tags are allowed.', 'visual-form-builder' ); ?>">(?)</span> 99 99 <br /> 100 <textarea name="field_description-<?php echo esc_attr( $field->field_id ); ?>" class="widefat edit-menu-item-description" cols="20" rows="3" id="edit-form-item-description-<?php echo esc_attr( $field->field_id ); ?>" /><?php echo esc_html( $field->field_description); ?></textarea>100 <textarea name="field_description-<?php echo esc_attr( $field->field_id ); ?>" class="widefat edit-menu-item-description" cols="20" rows="3" id="edit-form-item-description-<?php echo esc_attr( $field->field_id ); ?>" /><?php echo esc_html( wp_unslash( $field->field_description ) ); ?></textarea> 101 101 </label> 102 102 </p> … … 145 145 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Name', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( "A field's name is the most visible and direct way to describe what that field is for.", 'visual-form-builder' ); ?>">(?)</span> 146 146 <br /> 147 <input type="text" value="<?php echo esc_html( $field->field_name); ?>" name="field_name-<?php echo esc_attr( $field->field_id ); ?>" class="widefat" id="edit-form-item-name-<?php echo esc_attr( $field->field_id ); ?>" maxlength="255" />147 <input type="text" value="<?php echo esc_html( wp_unslash( $field->field_name ) ); ?>" name="field_name-<?php echo esc_attr( $field->field_id ); ?>" class="widefat" id="edit-form-item-name-<?php echo esc_attr( $field->field_id ); ?>" maxlength="255" /> 148 148 </label> 149 149 </p> … … 165 165 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Description', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'A description is an optional piece of text that further explains the meaning of this field. Descriptions are displayed below the field. HTML tags are allowed.', 'visual-form-builder' ); ?>">(?)</span> 166 166 <br /> 167 <textarea name="field_description-<?php echo esc_html( $field->field_id ); ?>" class="widefat edit-menu-item-description" cols="20" rows="3" id="edit-form-item-description-<?php echo esc_attr( $field->field_id ); ?>" /><?php echo esc_html( $field->field_description); ?></textarea>167 <textarea name="field_description-<?php echo esc_html( $field->field_id ); ?>" class="widefat edit-menu-item-description" cols="20" rows="3" id="edit-form-item-description-<?php echo esc_attr( $field->field_id ); ?>" /><?php echo esc_html( wp_unslash( $field->field_description ) ); ?></textarea> 168 168 </label> 169 169 </p> … … 197 197 <label for="edit-form-item-options-<?php echo esc_attr( $field->field_id . "-$count" ); ?>" class="clonedOption"> 198 198 <input type="radio" value="<?php echo esc_html( $count ); ?>" name="field_default-<?php echo esc_attr( $field->field_id ); ?>" <?php checked( $field->field_default, $count ); ?> /> 199 <input type="text" value="<?php echo esc_html( $options); ?>" name="field_options-<?php echo esc_attr( $field->field_id ); ?>[]" class="widefat" id="edit-form-item-options-<?php echo esc_attr( $field->field_id . "-$count" ); ?>" />199 <input type="text" value="<?php echo esc_html( wp_unslash( $options ) ); ?>" name="field_options-<?php echo esc_attr( $field->field_id ); ?>[]" class="widefat" id="edit-form-item-options-<?php echo esc_attr( $field->field_id . "-$count" ); ?>" /> 200 200 </label> 201 201 202 202 <a href="#" class="deleteOption vfb-interface-icon vfb-interface-minus" title="Delete Option"> 203 203 <?php esc_html_e( 'Delete', 'visual-form-builder' ); ?> 204 204 </a> 205 205 <span class="vfb-interface-icon vfb-interface-sort" title="<?php esc_attr_e( 'Drag and Drop to Sort Options', 'visual-form-builder' ); ?>"></span> … … 209 209 endforeach; 210 210 ?> 211 212 211 </div> <!-- .vfb-cloned-options --> 213 212 <div class="clear"></div> 214 213 <div class="vfb-add-options-group"> 215 214 <a href="#" class="vfb-button vfb-add-option" title="Add Option"> 216 215 <?php esc_html_e( 'Add Option', 'visual-form-builder' ); ?> 217 216 <span class="vfb-interface-icon vfb-interface-plus"></span> 218 217 </a> -
visual-form-builder/trunk/admin/class-forms-edit.php
r2726235 r2726967 5 5 class Visual_Form_Builder_Forms_Edit { 6 6 /** 7 * display function.7 * Display function. 8 8 * 9 9 * @access public … … 11 11 */ 12 12 public function display() { 13 13 global $wpdb; 14 14 15 15 $current_user = wp_get_current_user(); 16 16 17 // Save current user ID 17 // Save current user ID. 18 18 $user_id = $current_user instanceof WP_User ? $current_user->ID : 1; 19 19 20 // Set variables depending on which tab is selected 21 $form_nav_selected_id = isset( $_GET['form'] ) ? $_GET['form']: '0';20 // Set variables depending on which tab is selected. 21 $form_nav_selected_id = isset( $_GET['form'] ) ? sanitize_text_field( wp_unslash( $_GET['form'] ) ) : '0'; 22 22 23 23 $order = sanitize_sql_orderby( 'form_id DESC' ); … … 34 34 $form_email_from = esc_html( $form->form_email_from ); 35 35 $form_email_from_override = esc_html( $form->form_email_from_override ); 36 $form_email_from_name_override = stripslashes( $form->form_email_from_name_override );36 $form_email_from_name_override = wp_unslash( $form->form_email_from_name_override ); 37 37 $form_email_to = is_array( unserialize( $form->form_email_to ) ) ? unserialize( $form->form_email_to ) : explode( ',', unserialize( $form->form_email_to ) ); 38 $form_success_type = stripslashes( $form->form_success_type );39 $form_success_message = stripslashes( $form->form_success_message );40 $form_notification_setting = stripslashes( $form->form_notification_setting );41 $form_notification_email_name = stripslashes( $form->form_notification_email_name );42 $form_notification_email_from = stripslashes( $form->form_notification_email_from );43 $form_notification_email = stripslashes( $form->form_notification_email );44 $form_notification_subject = stripslashes( $form->form_notification_subject );45 $form_notification_message = stripslashes( $form->form_notification_message );46 $form_notification_entry = stripslashes( $form->form_notification_entry );47 48 $form_label_alignment = stripslashes( $form->form_label_alignment );49 50 // Only show required text fields for the sender name override 38 $form_success_type = wp_unslash( $form->form_success_type ); 39 $form_success_message = wp_unslash( $form->form_success_message ); 40 $form_notification_setting = wp_unslash( $form->form_notification_setting ); 41 $form_notification_email_name = wp_unslash( $form->form_notification_email_name ); 42 $form_notification_email_from = wp_unslash( $form->form_notification_email_from ); 43 $form_notification_email = wp_unslash( $form->form_notification_email ); 44 $form_notification_subject = wp_unslash( $form->form_notification_subject ); 45 $form_notification_message = wp_unslash( $form->form_notification_message ); 46 $form_notification_entry = wp_unslash( $form->form_notification_entry ); 47 48 $form_label_alignment = wp_unslash( $form->form_label_alignment ); 49 50 // Only show required text fields for the sender name override. 51 51 $senders = $wpdb->get_results( $wpdb->prepare( 'SELECT field_id, field_name FROM ' . VFB_WP_FIELDS_TABLE_NAME . " WHERE form_id = %d AND field_type IN( 'text', 'name' ) AND field_validation = '' AND field_required = 'yes'", $form_nav_selected_id ) ); 52 52 53 // Only show required email fields for the email override 53 // Only show required email fields for the email override. 54 54 $emails = $wpdb->get_results( $wpdb->prepare( 'SELECT field_id, field_name FROM ' . VFB_WP_FIELDS_TABLE_NAME . " WHERE (form_id = %d AND field_type='text' AND field_validation = 'email' AND field_required = 'yes') OR (form_id = %d AND field_type='email' AND field_validation = 'email' AND field_required = 'yes')", $form_nav_selected_id, $form_nav_selected_id ) ); 55 55 … … 60 60 <h1> 61 61 <?php 62 _e( 'Visual Form Builder', 'visual-form-builder' );63 64 // Add New link 65 echo sprintf(62 esc_html_e( 'Visual Form Builder', 'visual-form-builder' ); 63 64 // Add New link. 65 printf( 66 66 ' <a href="%1$s" class="page-title-action">%2$s</a>', 67 67 esc_url( admin_url( 'admin.php?page=vfb-add-new' ) ), 68 esc_html ( __( 'Add New', 'visual-form-builder' ))68 esc_html__( 'Add New', 'visual-form-builder' ) 69 69 ); 70 70 71 // If searched, output the query 71 // If searched, output the query. 72 72 if ( isset( $_POST['s'] ) && ! empty( $_POST['s'] ) ) { 73 echo '<span class="subtitle">' . sprintf( __( 'Search results for "%s"', 'visual-form-builder' ), esc_html( $_POST['s']) );73 echo '<span class="subtitle">' . sprintf( esc_html__( 'Search results for "%s"', 'visual-form-builder' ), esc_html( sanitize_text_field( wp_unslash( $_POST['s'] ) ) ) ); 74 74 } 75 75 … … 77 77 ?> 78 78 </h1> 79 <div id="vfb-form-builder-frame" class="metabox-holder <?php echo $class; ?>">79 <div id="vfb-form-builder-frame" class="metabox-holder <?php echo esc_attr( $class ); ?>"> 80 80 <div id="vfb-postbox-container-1" class='vfb-postbox-container'> 81 81 <div id="side-sortables" class="meta-box-sortables"> … … 84 84 <li class="vfb-control-section vfb-accordion-section open"> 85 85 <h3 class="vfb-accordion-section-title"> 86 <?php _e( 'Fields', 'visual-form-builder' ); ?>86 <?php esc_html_e( 'Fields', 'visual-form-builder' ); ?> 87 87 </h3> 88 88 <div class="vfb-accordion-section-content"> 89 <p><?php _e( 'Click to add fields', 'visual-form-builder' ); ?><span class="spinner"></span></p>89 <p><?php esc_html_e( 'Click to add fields', 'visual-form-builder' ); ?><span class="spinner"></span></p> 90 90 91 91 <form id="vfb-form-items" method="post" action=""> … … 102 102 <li class="vfb-control-section vfb-accordion-section"> 103 103 <h3 class="vfb-accordion-section-title"> 104 <?php _e( 'Shortcode', 'visual-form-builder' ); ?>104 <?php esc_html_e( 'Shortcode', 'visual-form-builder' ); ?> 105 105 </h3> 106 106 <div class="vfb-accordion-section-content"> 107 <p><?php _e( 'Add forms to your Posts or Pages by locating the <strong>Add Form</strong> button in the area above your post/page editor.', 'visual-form-builder' ); ?></p>107 <p><?php esc_html_e( 'Add forms to your Posts or Pages by locating the <strong>Add Form</strong> button in the area above your post/page editor.', 'visual-form-builder' ); ?></p> 108 108 <p> 109 <?php _e( 'Shortcode', 'visual-form-builder' ); ?>109 <?php esc_html_e( 'Shortcode', 'visual-form-builder' ); ?> 110 110 <input value="[vfb id=<?php echo esc_attr( $form_nav_selected_id ); ?>]" readonly="readonly" /> 111 111 </p> … … 123 123 <form method="post" id="visual-form-builder-update" action=""> 124 124 <input name="action" type="hidden" value="update_form" /> 125 <input name="form_id" type="hidden" value="<?php echo $form_nav_selected_id; ?>" />125 <input name="form_id" type="hidden" value="<?php echo esc_attr( $form_nav_selected_id ); ?>" /> 126 126 <?php wp_nonce_field( 'vfb_update_form' ); ?> 127 127 <div id="form-editor-header"> … … 129 129 <div class="vfb-major-publishing-actions"> 130 130 <label for="form-name" class="menu-name-label howto open-label"> 131 <span class="sender-labels"><?php _e( 'Form Name', 'visual-form-builder' ); ?></span>132 <input type="text" value="<?php echo ( isset( $form_title ) ) ? $form_title : ''; ?>" placeholder="<?php_e( 'Enter form name here', 'visual-form-builder' ); ?>" class="menu-name regular-text menu-item-textbox required" id="form-name" name="form_title" />131 <span class="sender-labels"><?php esc_html_e( 'Form Name', 'visual-form-builder' ); ?></span> 132 <input type="text" value="<?php echo ( isset( $form_title ) ) ? esc_attr( $form_title ) : ''; ?>" placeholder="<?php esc_attr_e( 'Enter form name here', 'visual-form-builder' ); ?>" class="menu-name regular-text menu-item-textbox required" id="form-name" name="form_title" /> 133 133 </label> 134 134 <br class="clear" /> 135 135 136 136 <?php 137 // Get the Form Setting drop down and accordion settings, if any 137 // Get the Form Setting drop down and accordion settings, if any. 138 138 $user_form_settings = get_user_meta( $user_id, 'vfb-form-settings' ); 139 139 140 // Setup defaults for the Form Setting tab and accordion 140 // Setup defaults for the Form Setting tab and accordion. 141 141 $settings_tab = 'closed'; 142 142 $settings_accordion = 'general-settings'; 143 143 144 // Loop through the user_meta array 144 // Loop through the user_meta array. 145 145 foreach ( $user_form_settings as $set ) { 146 // If form settings exist for this form, use them instead of the defaults 146 // If form settings exist for this form, use them instead of the defaults. 147 147 if ( isset( $set[ $form_id ] ) ) { 148 148 $settings_tab = $set[ $form_id ]['form_setting_tab']; … … 151 151 } 152 152 153 // If tab is opened, set current class 154 $opened_tab = ( $settings_tab == 'opened') ? 'current' : '';153 // If tab is opened, set current class. 154 $opened_tab = ( 'opened' === $settings_tab ) ? 'current' : ''; 155 155 ?> 156 157 158 156 <div class="vfb-button-group"> 159 <a href="#form-settings" id="form-settings-button" class="vfb-button vfb-settings <?php echo $opened_tab; ?>">160 <?php _e( 'Settings', 'visual-form-builder' ); ?>157 <a href="#form-settings" id="form-settings-button" class="vfb-button vfb-settings <?php echo esc_attr( $opened_tab ); ?>"> 158 <?php esc_html_e( 'Settings', 'visual-form-builder' ); ?> 161 159 <span class="vfb-interface-icon vfb-interface-settings"></span> 162 160 </a> 163 161 <a href="<?php echo esc_url( wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder&action=copy_form&form=' . $form_nav_selected_id ), 'copy-form-' . $form_nav_selected_id ) ); ?>" class="vfb-button vfb-duplicate"> 164 <?php _e( 'Duplicate', 'visual-form-builder' ); ?>162 <?php esc_html_e( 'Duplicate', 'visual-form-builder' ); ?> 165 163 <span class="vfb-interface-icon vfb-interface-duplicate"></span> 166 164 </a> 167 165 <a href="<?php echo esc_url( wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder&action=delete_form&form=' . $form_nav_selected_id ), 'delete-form-' . $form_nav_selected_id ) ); ?>" class="vfb-button vfb-delete vfb-last menu-delete"> 168 <?php _e( 'Delete', 'visual-form-builder' ); ?>166 <?php esc_html_e( 'Delete', 'visual-form-builder' ); ?> 169 167 <span class="vfb-interface-icon vfb-interface-trash"></span> 170 168 </a> 171 169 172 <?php submit_button( __( 'Save', 'visual-form-builder' ), 'primary', 'save_form', false ); ?>170 <?php submit_button( esc_html__( 'Save', 'visual-form-builder' ), 'primary', 'save_form', false ); ?> 173 171 </div> 174 172 175 <div id="form-settings" class="<?php echo $opened_tab; ?>">173 <div id="form-settings" class="<?php echo esc_attr( $opened_tab ); ?>"> 176 174 <!-- General settings section --> 177 <a href="#general-settings" class="settings-links<?php echo ( $settings_accordion == 'general-settings' ) ? ' on' : ''; ?>"><?php_e( 'General', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a>178 <div id="general-settings" class="form-details<?php echo ( $settings_accordion == 'general-settings') ? ' on' : ''; ?>">175 <a href="#general-settings" class="settings-links<?php echo ( 'general-settings' === $settings_accordion ) ? ' on' : ''; ?>"><?php esc_html_e( 'General', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a> 176 <div id="general-settings" class="form-details<?php echo ( 'general-settings' === $settings_accordion ) ? ' on' : ''; ?>"> 179 177 <!-- Label Alignment --> 180 178 <p class="description description-wide"> 181 179 <label for="form-label-alignment"> 182 <?php _e( 'Label Alignment', 'visual-form-builder' ); ?>180 <?php esc_html_e( 'Label Alignment', 'visual-form-builder' ); ?> 183 181 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Label Alignment', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Set the field labels for this form to be aligned either on top, to the left, or to the right. By default, all labels are aligned on top of the inputs.' ); ?>">(?)</span> 184 182 <br /> 185 183 </label> 186 184 <select name="form_label_alignment" id="form-label-alignment" class="widefat"> 187 <option value="" <?php selected( $form_label_alignment, '' ); ?>><?php _e( 'Top Aligned', 'visual-form-builder' ); ?></option>188 <option value="left-label" <?php selected( $form_label_alignment, 'left-label' ); ?>><?php _e( 'Left Aligned', 'visual-form-builder' ); ?></option>189 <option value="right-label" <?php selected( $form_label_alignment, 'right-label' ); ?>><?php _e( 'Right Aligned', 'visual-form-builder' ); ?></option>185 <option value="" <?php selected( $form_label_alignment, '' ); ?>><?php esc_html_e( 'Top Aligned', 'visual-form-builder' ); ?></option> 186 <option value="left-label" <?php selected( $form_label_alignment, 'left-label' ); ?>><?php esc_html_e( 'Left Aligned', 'visual-form-builder' ); ?></option> 187 <option value="right-label" <?php selected( $form_label_alignment, 'right-label' ); ?>><?php esc_html_e( 'Right Aligned', 'visual-form-builder' ); ?></option> 190 188 </select> 191 189 </p> 192 190 <br class="clear" /> 193 191 </div> <!-- #general-settings --> 194 195 196 192 <!-- Email section --> 197 <a href="#email-details" class="settings-links<?php echo ( $settings_accordion == 'email-details' ) ? ' on' : ''; ?>"><?php _e( 'Email', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a> 198 <div id="email-details" class="form-details<?php echo ( $settings_accordion == 'email-details' ) ? ' on' : ''; ?>"> 199 200 <p><em><?php _e( 'The forms you build here will send information to one or more email addresses when submitted by a user on your site. Use the fields below to customize the details of that email.', 'visual-form-builder' ); ?></em></p> 193 <a href="#email-details" class="settings-links<?php echo ( 'email-details' === $settings_accordion ) ? ' on' : ''; ?>"><?php esc_html_e( 'Email', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a> 194 <div id="email-details" class="form-details<?php echo ( 'email-details' === $settings_accordion ) ? ' on' : ''; ?>"> 195 <p><em><?php esc_html_e( 'The forms you build here will send information to one or more email addresses when submitted by a user on your site. Use the fields below to customize the details of that email.', 'visual-form-builder' ); ?></em></p> 201 196 202 197 <!-- E-mail Subject --> 203 198 <p class="description description-wide"> 204 199 <label for="form-email-subject"> 205 <?php _e( 'E-mail Subject', 'visual-form-builder' ); ?>200 <?php esc_html_e( 'E-mail Subject', 'visual-form-builder' ); ?> 206 201 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About E-mail Subject', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'This option sets the subject of the email that is sent to the emails you have set in the E-mail(s) To field.', 'visual-form-builder' ); ?>">(?)</span> 207 202 <br /> 208 <input type="text" value="<?php echo stripslashes( $form_subject ); ?>" class="widefat" id="form-email-subject" name="form_email_subject" />203 <input type="text" value="<?php echo esc_attr( $form_subject ); ?>" class="widefat" id="form-email-subject" name="form_email_subject" /> 209 204 </label> 210 205 </p> … … 214 209 <p class="description description-thin"> 215 210 <label for="form-email-sender-name"> 216 <?php _e( 'Your Name or Company', 'visual-form-builder' ); ?>211 <?php esc_html_e( 'Your Name or Company', 'visual-form-builder' ); ?> 217 212 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Your Name or Company', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'This option sets the From display name of the email that is sent to the emails you have set in the E-mail(s) To field.', 'visual-form-builder' ); ?>">(?)</span> 218 213 <br /> 219 <input type="text" value="<?php echo $form_email_from_name; ?>" class="widefat" id="form-email-sender-name" name="form_email_from_name"<?php echo ( $form_email_from_name_override != '') ? ' readonly="readonly"' : ''; ?> />214 <input type="text" value="<?php echo esc_attr( $form_email_from_name ); ?>" class="widefat" id="form-email-sender-name" name="form_email_from_name"<?php echo ( '' !== $form_email_from_name_override ) ? ' readonly="readonly"' : ''; ?> /> 220 215 </label> 221 216 </p> 222 217 <p class="description description-thin"> 223 218 <label for="form_email_from_name_override"> 224 <?php _e( "User's Name (optional)", 'visual-form-builder' ); ?>219 <?php esc_html_e( "User's Name (optional)", 'visual-form-builder' ); ?> 225 220 <span class="vfb-tooltip" title="<?php esc_attr_e( "About User's Name", 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Select a required text field from your form to use as the From display name in the email.', 'visual-form-builder' ); ?>">(?)</span> 226 221 <br /> 227 222 <?php if ( empty( $senders ) ) : ?> 228 <span><?php _e( 'No required text fields detected', 'visual-form-builder' ); ?></span>223 <span><?php esc_html_e( 'No required text fields detected', 'visual-form-builder' ); ?></span> 229 224 <?php else : ?> 230 225 <select name="form_email_from_name_override" id="form_email_from_name_override" class="widefat"> … … 234 229 echo sprintf( 235 230 '<option value="%1$d"%2$s>%3$s</option>', 236 $sender->field_id,231 esc_html( $sender->field_id ), 237 232 selected( $form_email_from_name_override, $sender->field_id, 0 ), 238 stripslashes( $sender->field_name )233 esc_html( $sender->field_name ) 239 234 ); 240 235 } … … 249 244 <p class="description description-thin"> 250 245 <label for="form-email-sender"> 251 <?php_e( 'Reply-To E-mail', 'visual-form-builder' ); ?>246 <?php esc_html_e( 'Reply-To E-mail', 'visual-form-builder' ); ?> 252 247 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Reply-To Email', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Manually set the email address that users will reply to.', 'visual-form-builder' ); ?>">(?)</span> 253 248 <br /> 254 <input type="text" value="<?php echo $form_email_from; ?>" class="widefat" id="form-email-sender" name="form_email_from"<?php echo ( $form_email_from_override != '') ? ' readonly="readonly"' : ''; ?> />249 <input type="text" value="<?php echo esc_attr( $form_email_from ); ?>" class="widefat" id="form-email-sender" name="form_email_from"<?php echo ( '' !== $form_email_from_override ) ? ' readonly="readonly"' : ''; ?> /> 255 250 </label> 256 251 </p> 257 252 <p class="description description-thin"> 258 253 <label for="form_email_from_override"> 259 <?php_e( "User's E-mail (optional)", 'visual-form-builder' ); ?>254 <?php esc_html_e( "User's E-mail (optional)", 'visual-form-builder' ); ?> 260 255 <span class="vfb-tooltip" title="<?php esc_attr_e( "About User's Email", 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Select a required email field from your form to use as the Reply-To email.', 'visual-form-builder' ); ?>">(?)</span> 261 256 <br /> 262 257 <?php if ( empty( $emails ) ) : ?> 263 <span><?php _e( 'No required email fields detected', 'visual-form-builder' ); ?></span>258 <span><?php esc_html_e( 'No required email fields detected', 'visual-form-builder' ); ?></span> 264 259 <?php else : ?> 265 260 <select name="form_email_from_override" id="form_email_from_override" class="widefat"> … … 269 264 echo sprintf( 270 265 '<option value="%1$d"%2$s>%3$s</option>', 271 $email->field_id,266 esc_html( $email->field_id ), 272 267 selected( $form_email_from_override, $email->field_id, 0 ), 273 stripslashes( $email->field_name )268 esc_html( $email->field_name ) 274 269 ); 275 270 } … … 283 278 <!-- E-mail(s) To --> 284 279 <?php 285 // Basic count to keep track of multiple options 280 // Basic count to keep track of multiple options. 286 281 $count = 1; 287 282 288 // Loop through the options 283 // Loop through the options. 289 284 foreach ( $form_email_to as $email_to ) : 290 285 ?> 291 <div id="clone-email-<?php echo $count; ?>" class="option">286 <div id="clone-email-<?php echo esc_attr( $count ); ?>" class="option"> 292 287 <p class="description description-wide"> 293 <label for="form-email-to-<?php echo "$count"; ?>" class="clonedOption">294 <?php _e( 'E-mail(s) To', 'visual-form-builder' ); ?>288 <label for="form-email-to-<?php echo esc_attr( $count ); ?>" class="clonedOption"> 289 <?php esc_html_e( 'E-mail(s) To', 'visual-form-builder' ); ?> 295 290 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About E-mail(s) To', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'This option sets single or multiple emails to send the submitted form data to. At least one email is required.', 'visual-form-builder' ); ?>">(?)</span> 296 291 <br /> 297 <input type="email" value="<?php echo esc_html( $email_to ); ?>" name="form_email_to[]" class="widefat" id="form-email-to-<?php echo "$count"; ?>" />292 <input type="email" value="<?php echo esc_html( $email_to ); ?>" name="form_email_to[]" class="widefat" id="form-email-to-<?php echo esc_attr( $count ); ?>" /> 298 293 </label> 299 294 300 295 <a href="#" class="addEmail vfb-interface-icon vfb-interface-plus" title="<?php esc_attr_e( 'Add an Email', 'visua-form-builder' ); ?>"> 301 <?php _e( 'Add', 'visual-form-builder' ); ?>296 <?php esc_html_e( 'Add', 'visual-form-builder' ); ?> 302 297 </a> 303 298 <a href="#" class="deleteEmail vfb-interface-icon vfb-interface-minus" title="<?php esc_attr_e( 'Delete Email', 'visual-form-builder' ); ?>"> 304 <?php _e( 'Delete', 'visual-form-builder' ); ?>299 <?php esc_html_e( 'Delete', 'visual-form-builder' ); ?> 305 300 </a> 306 301 … … 316 311 317 312 <!-- Confirmation section --> 318 <a href="#confirmation" class="settings-links<?php echo ( $settings_accordion == 'confirmation' ) ? ' on' : ''; ?>"><?php_e( 'Confirmation', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a>319 <div id="confirmation-message" class="form-details<?php echo ( $settings_accordion == 'confirmation') ? ' on' : ''; ?>">320 <p><em><?php _e( "After someone submits a form, you can control what is displayed. By default, it's a message but you can send them to another WordPress Page or a custom URL.", 'visual-form-builder' ); ?></em></p>313 <a href="#confirmation" class="settings-links<?php echo ( 'confirmation' === $settings_accordion ) ? ' on' : ''; ?>"><?php esc_html_e( 'Confirmation', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a> 314 <div id="confirmation-message" class="form-details<?php echo ( 'confirmation' === $settings_accordion ) ? ' on' : ''; ?>"> 315 <p><em><?php esc_html_e( "After someone submits a form, you can control what is displayed. By default, it's a message but you can send them to another WordPress Page or a custom URL.", 'visual-form-builder' ); ?></em></p> 321 316 <label for="form-success-type-text" class="menu-name-label open-label"> 322 317 <input type="radio" value="text" id="form-success-type-text" class="form-success-type" name="form_success_type" <?php checked( $form_success_type, 'text' ); ?> /> 323 <span><?php _e( 'Text', 'visual-form-builder' ); ?></span>318 <span><?php esc_html_e( 'Text', 'visual-form-builder' ); ?></span> 324 319 </label> 325 320 <label for="form-success-type-page" class="menu-name-label open-label"> 326 321 <input type="radio" value="page" id="form-success-type-page" class="form-success-type" name="form_success_type" <?php checked( $form_success_type, 'page' ); ?>/> 327 <span><?php _e( 'Page', 'visual-form-builder' ); ?></span>322 <span><?php esc_html_e( 'Page', 'visual-form-builder' ); ?></span> 328 323 </label> 329 324 <label for="form-success-type-redirect" class="menu-name-label open-label"> 330 325 <input type="radio" value="redirect" id="form-success-type-redirect" class="form-success-type" name="form_success_type" <?php checked( $form_success_type, 'redirect' ); ?>/> 331 <span><?php _e( 'Redirect', 'visual-form-builder' ); ?></span>326 <span><?php esc_html_e( 'Redirect', 'visual-form-builder' ); ?></span> 332 327 </label> 333 328 <br class="clear" /> … … 336 331 $default_text = ''; 337 332 338 / * If there's no text message, make sure there is something displayed by setting a default */339 if ( $form_success_message === '') {340 $default_text = sprintf( '<p id="form_success">%s</p>',__( 'Your form was successfully submitted. Thank you for contacting us.', 'visual-form-builder' ) );333 // If there's no text message, make sure there is something displayed by setting a default. 334 if ( empty( $form_success_message ) ) { 335 $default_text = sprintf( '<p id="form_success">%s</p>', esc_html__( 'Your form was successfully submitted. Thank you for contacting us.', 'visual-form-builder' ) ); 341 336 } 342 337 ?> 343 <textarea id="form-success-message-text" class="form-success-message<?php echo ( 'text' == $form_success_type ) ? ' active' : ''; ?>" name="form_success_message_text"><?php echo $default_text; ?><?php echo ( 'text' == $form_success_type ) ? $form_success_message: ''; ?></textarea>338 <textarea id="form-success-message-text" class="form-success-message<?php echo ( 'text' === $form_success_type ) ? ' active' : ''; ?>" name="form_success_message_text"><?php echo esc_html( $default_text ); ?><?php echo ( 'text' === $form_success_type ) ? esc_html( $form_success_message ) : ''; ?></textarea> 344 339 345 340 <?php 346 / * Display all Pages */341 // Display all Pages. 347 342 wp_dropdown_pages( 348 343 array( … … 350 345 'id' => 'form-success-message-page', 351 346 'class' => 'widefat', 352 'show_option_none' => __( 'Select a Page', 'visual-form-builder' ),353 'selected' => $form_success_message,347 'show_option_none' => esc_html__( 'Select a Page', 'visual-form-builder' ), 348 'selected' => esc_html( $form_success_message ), 354 349 ) 355 350 ); 356 351 ?> 357 <input type="text" value="<?php echo ( 'redirect' == $form_success_type ) ? $form_success_message : ''; ?>" id="form-success-message-redirect" class="form-success-message regular-text<?php echo ( 'redirect' == $form_success_type ) ? ' active' : ''; ?>" name="form_success_message_redirect" placeholder="http://" /> 358 </p> 359 <br class="clear" /> 360 352 <input type="text" value="<?php echo ( 'redirect' == $form_success_type ) ? esc_attr( $form_success_message ) : ''; ?>" id="form-success-message-redirect" class="form-success-message regular-text<?php echo ( 'redirect' == $form_success_type ) ? ' active' : ''; ?>" name="form_success_message_redirect" placeholder="http://" /> 353 </p> 354 <br class="clear" /> 361 355 </div> 362 356 363 357 <!-- Notification section --> 364 <a href="#notification" class="settings-links<?php echo ( $settings_accordion == 'notification' ) ? ' on' : ''; ?>"><?php_e( 'Notification', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a>365 <div id="notification" class="form-details<?php echo ( $settings_accordion == 'notification') ? ' on' : ''; ?>">366 <p><em><?php _e( 'When a user submits their entry, you can send a customizable notification email.', 'visual-form-builder' ); ?></em></p>358 <a href="#notification" class="settings-links<?php echo ( 'notification' === $settings_accordion ) ? ' on' : ''; ?>"><?php esc_html_e( 'Notification', 'visual-form-builder' ); ?><span class="vfb-large-arrow"></span></a> 359 <div id="notification" class="form-details<?php echo ( 'notification' === $settings_accordion ) ? ' on' : ''; ?>"> 360 <p><em><?php esc_html_e( 'When a user submits their entry, you can send a customizable notification email.', 'visual-form-builder' ); ?></em></p> 367 361 <label for="form-notification-setting"> 368 362 <input type="checkbox" value="1" id="form-notification-setting" class="form-notification" name="form_notification_setting" <?php checked( $form_notification_setting, '1' ); ?> style="margin-top:-1px;margin-left:0;"/> 369 <?php _e( 'Send Confirmation Email to User', 'visual-form-builder' ); ?>363 <?php esc_html_e( 'Send Confirmation Email to User', 'visual-form-builder' ); ?> 370 364 </label> 371 365 <br class="clear" /> … … 373 367 <p class="description description-wide"> 374 368 <label for="form-notification-email-name"> 375 <?php _e( 'Sender Name or Company', 'visual-form-builder' ); ?>369 <?php esc_html_e( 'Sender Name or Company', 'visual-form-builder' ); ?> 376 370 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Sender Name or Company', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Enter the name you would like to use for the email notification.', 'visual-form-builder' ); ?>">(?)</span> 377 371 <br /> 378 <input type="text" value="<?php echo $form_notification_email_name; ?>" class="widefat" id="form-notification-email-name" name="form_notification_email_name" />372 <input type="text" value="<?php echo esc_attr( $form_notification_email_name ); ?>" class="widefat" id="form-notification-email-name" name="form_notification_email_name" /> 379 373 </label> 380 374 </p> … … 382 376 <p class="description description-wide"> 383 377 <label for="form-notification-email-from"> 384 <?php _e( 'Reply-To E-mail', 'visual-form-builder' ); ?>378 <?php esc_html_e( 'Reply-To E-mail', 'visual-form-builder' ); ?> 385 379 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Reply-To Email', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Manually set the email address that users will reply to.', 'visual-form-builder' ); ?>">(?)</span> 386 380 <br /> 387 <input type="text" value="<?php echo $form_notification_email_from; ?>" class="widefat" id="form-notification-email-from" name="form_notification_email_from" />381 <input type="text" value="<?php echo esc_attr( $form_notification_email_from ); ?>" class="widefat" id="form-notification-email-from" name="form_notification_email_from" /> 388 382 </label> 389 383 </p> … … 391 385 <p class="description description-wide"> 392 386 <label for="form-notification-email"> 393 <?php _e( 'E-mail To', 'visual-form-builder' ); ?>387 <?php esc_html_e( 'E-mail To', 'visual-form-builder' ); ?> 394 388 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About E-mail To', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Select a required email field from your form to send the notification email to.', 'visual-form-builder' ); ?>">(?)</span> 395 389 <br /> 396 390 <?php if ( empty( $emails ) ) : ?> 397 <span><?php _e( 'No required email fields detected', 'visual-form-builder' ); ?></span>391 <span><?php esc_html_e( 'No required email fields detected', 'visual-form-builder' ); ?></span> 398 392 <?php else : ?> 399 393 <select name="form_notification_email" id="form-notification-email" class="widefat"> … … 403 397 echo sprintf( 404 398 '<option value="%1$d"%2$s>%3$s</option>', 405 $email->field_id,399 esc_html( $email->field_id ), 406 400 selected( $form_notification_email, $email->field_id, 0 ), 407 $email->field_name401 esc_html( $email->field_name ) 408 402 ); 409 403 } … … 416 410 <p class="description description-wide"> 417 411 <label for="form-notification-subject"> 418 <?php_e( 'E-mail Subject', 'visual-form-builder' ); ?>412 <?php esc_html_e( 'E-mail Subject', 'visual-form-builder' ); ?> 419 413 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About E-mail Subject', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'This option sets the subject of the email that is sent to the emails you have set in the E-mail To field.', 'visual-form-builder' ); ?>">(?)</span> 420 414 <br /> 421 <input type="text" value="<?php echo $form_notification_subject; ?>" class="widefat" id="form-notification-subject" name="form_notification_subject" />415 <input type="text" value="<?php echo esc_html( $form_notification_subject ); ?>" class="widefat" id="form-notification-subject" name="form_notification_subject" /> 422 416 </label> 423 417 </p> 424 418 <br class="clear" /> 425 419 <p class="description description-wide"> 426 <label for="form-notification-message"><?php _e( 'Message', 'visual-form-builder' ); ?></label>420 <label for="form-notification-message"><?php esc_html_e( 'Message', 'visual-form-builder' ); ?></label> 427 421 <span class="vfb-tooltip" title="<?php esc_attr_e( 'About Message', 'visual-form-builder' ); ?>" rel="<?php esc_attr_e( 'Insert a message to the user. This will be inserted into the beginning of the email body.', 'visual-form-builder' ); ?>">(?)</span> 428 422 <br /> 429 <textarea id="form-notification-message" class="form-notification-message widefat" name="form_notification_message"><?php echo $form_notification_message; ?></textarea>423 <textarea id="form-notification-message" class="form-notification-message widefat" name="form_notification_message"><?php echo esc_html( $form_notification_message ); ?></textarea> 430 424 </p> 431 425 <br class="clear" /> 432 426 <label for="form-notification-entry"> 433 427 <input type="checkbox" value="1" id="form-notification-entry" class="form-notification" name="form_notification_entry" <?php checked( $form_notification_entry, '1' ); ?> style="margin-top:-1px;margin-left:0;"/> 434 <?php _e( "Include a Copy of the User's Entry", 'visual-form-builder' ); ?>428 <?php esc_html_e( "Include a Copy of the User's Entry", 'visual-form-builder' ); ?> 435 429 </label> 436 430 <br class="clear" /> … … 443 437 <div id="post-body"> 444 438 <div id="post-body-content"> 445 <div id="vfb-fieldset-first-warning" class="error"><?php printf( '<p><strong>%1$s </strong><br>%2$s</p>', __( 'Warning — Missing Fieldset', 'visual-form-builder' ),__( 'Your form may not function or display correctly. Please be sure to add or move a Fieldset to the beginning of your form.', 'visual-form-builder' ) ); ?></div>439 <div id="vfb-fieldset-first-warning" class="error"><?php printf( '<p><strong>%1$s </strong><br>%2$s</p>', esc_html__( 'Warning — Missing Fieldset', 'visual-form-builder' ), esc_html__( 'Your form may not function or display correctly. Please be sure to add or move a Fieldset to the beginning of your form.', 'visual-form-builder' ) ); ?></div> 446 440 <!-- !Field Items output --> 447 441 <ul id="vfb-menu-to-edit" class="menu ui-sortable droppable"> … … 467 461 * [form_items description] 468 462 * 469 * @return [type] [description]463 * @return void 470 464 */ 471 465 public function standard_fields() { … … 504 498 * A wrapper function to output the Edit Field box 505 499 * 506 * @ access public507 * @param mixed $id508 * @return void500 * @param mixed $id [$id description]. 501 * 502 * @return void [return description] 509 503 */ 510 504 public function edit_field( $id ) { 511 505 $field = new Visual_Form_Builder_Admin_Fields(); 512 506 $field->field_output( $id ); 513 507 } -
visual-form-builder/trunk/admin/class-forms-list.php
r2726274 r2726967 7 7 class Visual_Form_Builder_Forms_List extends WP_List_Table { 8 8 /** 9 * errors9 * Errors 10 10 * 11 11 * @var mixed … … 14 14 public $errors; 15 15 16 function __construct() { 16 /** 17 * [__construct description] 18 * 19 * @return void 20 */ 21 public function __construct() { 17 22 global $status, $page; 18 23 19 // Set parent defaults 24 // Set parent defaults. 20 25 parent::__construct( 21 26 array( … … 26 31 ); 27 32 28 // Handle our bulk actions 33 // Handle our bulk actions. 29 34 $this->process_bulk_action(); 30 35 } … … 33 38 * Display column names 34 39 * 35 * @since 1.2 36 * @returns $item string Column name 37 */ 38 function column_default( $item, $column_name ) { 40 * @param [type] $item [$item description]. 41 * @param [type] $column_name [$column_name description]. 42 * 43 * @return [type] [return description] 44 */ 45 public function column_default( $item, $column_name ) { 39 46 switch ( $column_name ) { 40 47 case 'id': … … 47 54 * Builds the on:hover links for the Form column 48 55 * 49 * @since 1.2 50 */ 51 function column_form_title( $item ) { 56 * @param [type] $item [$item description]. 57 * 58 * @return [type] [return description] 59 */ 60 public function column_form_title( $item ) { 52 61 $actions = array(); 53 62 54 // Edit Form 63 // Edit Form. 55 64 $edit_link = admin_url( 'admin.php?page=visual-form-builder' ); 56 65 $form_title = sprintf( '<strong><a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a></strong>', $edit_link, 'edit', $item['form_id'], $item['form_title'] ); 57 $actions['edit'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', $edit_link, 'edit', $item['form_id'], __( 'Edit', 'visual-form-builder' ) );58 59 // Duplicate Form 60 $actions['copy'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'copy-form-' . $item['form_id'] ), 'copy_form', $item['form_id'], __( 'Duplicate', 'visual-form-builder' ) );61 62 // Delete Form 63 $actions['delete'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'delete-form-' . $item['form_id'] ), 'delete_form', $item['form_id'], __( 'Delete', 'visual-form-builder' ) );66 $actions['edit'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', $edit_link, 'edit', $item['form_id'], esc_html__( 'Edit', 'visual-form-builder' ) ); 67 68 // Duplicate Form. 69 $actions['copy'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'copy-form-' . $item['form_id'] ), 'copy_form', $item['form_id'], esc_html__( 'Duplicate', 'visual-form-builder' ) ); 70 71 // Delete Form. 72 $actions['delete'] = sprintf( '<a href="%s&action=%s&form=%s" id="%3$s" class="view-form">%s</a>', wp_nonce_url( admin_url( 'admin.php?page=visual-form-builder' ), 'delete-form-' . $item['form_id'] ), 'delete_form', $item['form_id'], esc_html__( 'Delete', 'visual-form-builder' ) ); 64 73 65 74 return sprintf( '%1$s %2$s', $form_title, $this->row_actions( $actions ) ); … … 69 78 * [column_entries description] 70 79 * 71 * @param [type] $item [description] 72 * @return [type] [description]73 */ 74 function column_entries( $item ) {80 * @param [type] $item [description]. 81 * @return void 82 */ 83 public function column_entries( $item ) { 75 84 $this->comments_bubble( $item['form_id'], $item['entries'] ); 76 85 } … … 79 88 * [comments_bubble description] 80 89 * 81 * @param [type] $form_id [description] 82 * @param [type] $count [description] 83 * @return [type] [description]84 */ 85 function comments_bubble( $form_id, $count ) {86 echo sprintf(90 * @param [type] $form_id [description]. 91 * @param [type] $count [description]. 92 * @return void 93 */ 94 public function comments_bubble( $form_id, $count ) { 95 printf( 87 96 '<div class="entries-count-wrapper"><a href="%1$s" title="%2$s" class="vfb-meta-entries-total"><span class="entries-count">%4$s</span></a> %3$s</div>', 88 97 esc_url( add_query_arg( array( 'form-filter' => $form_id ), admin_url( 'admin.php?page=vfb-entries' ) ) ), 89 98 esc_attr__( 'Entries Total', 'visual-form-builder' ), 90 __( 'Total', 'visual-form-builder' ),91 number_format_i18n( $count['total'])99 esc_html__( 'Total', 'visual-form-builder' ), 100 esc_html( number_format_i18n( $count['total'] ) ) 92 101 ); 93 102 … … 96 105 } 97 106 98 echo sprintf(107 printf( 99 108 '<div class="entries-count-wrapper"><a href="%1$s" title="%2$s" class="vfb-meta-entries-total"><span class="entries-count">%4$s</span></a> %3$s</div>', 100 109 esc_url( … … 108 117 ), 109 118 esc_attr__( 'Entries Today', 'visual-form-builder' ), 110 __( 'Today', 'visual-form-builder' ),111 number_format_i18n( $count['today'])119 esc_html__( 'Today', 'visual-form-builder' ), 120 esc_html( number_format_i18n( $count['today'] ) ) 112 121 ); 113 122 … … 120 129 * Used for checkboxes and bulk editing 121 130 * 131 * @param [type] $item [$item description]. 132 * 133 * @return [type] [return description] 134 */ 135 public function column_cb( $item ) { 136 return sprintf( '<input type="checkbox" name="%1$s[]" value="%2$s" />', $this->_args['singular'], $item['form_id'] ); 137 } 138 139 /** 140 * Builds the actual columns 141 * 122 142 * @since 1.2 123 143 */ 124 function column_cb( $item ) { 125 return sprintf( '<input type="checkbox" name="%1$s[]" value="%2$s" />', $this->_args['singular'], $item['form_id'] ); 126 } 127 128 /** 129 * Builds the actual columns 130 * 131 * @since 1.2 132 */ 133 function get_columns() { 144 public function get_columns() { 134 145 $columns = array( 135 'cb' => '<input type="checkbox" />', // Render a checkbox instead of text136 'form_title' => __( 'Form', 'visual-form-builder' ),137 'form_id' => __( 'Form ID', 'visual-form-builder' ),138 'entries' => __( 'Entries', 'visual-form-builder' ),146 'cb' => '<input type="checkbox" />', 147 'form_title' => esc_html__( 'Form', 'visual-form-builder' ), 148 'form_id' => esc_html__( 'Form ID', 'visual-form-builder' ), 149 'entries' => esc_html__( 'Entries', 'visual-form-builder' ), 139 150 ); 140 151 … … 145 156 * A custom function to get the entries and sort them 146 157 * 147 * @since 1.2 148 * @returns array() $cols SQL results 149 */ 150 function get_forms( $orderby = 'form_id', $order = 'ASC', $per_page, $offset = 0, $search = '' ) { 151 global $wpdb; 152 153 // Set OFFSET for pagination 158 * @param [type] $orderby [$orderby description]. 159 * @param form_id $order [$order description]. 160 * @param ASC $per_page [$per_page description]. 161 * @param [type] $offset [$offset description]. 162 * @param [type] $search [$search description]. 163 * 164 * @return [type] [return description] 165 */ 166 public function get_forms( $orderby = 'form_id', $order = 'ASC', $per_page, $offset = 0, $search = '' ) { 167 global $wpdb; 168 169 // Set OFFSET for pagination. 154 170 $offset = ( $offset > 0 ) ? "OFFSET $offset" : ''; 155 171 156 172 $where = apply_filters( 'vfb_pre_get_forms', '' ); 157 173 158 // If the form filter dropdown is used 174 // If the form filter dropdown is used. 159 175 if ( $this->current_filter_action() ) { 160 176 $where .= ' AND forms.form_id = ' . $this->current_filter_action(); … … 173 189 * @returns array $status_links Status links with counts 174 190 */ 175 function get_views() {191 public function get_views() { 176 192 $status_links = array(); 177 193 $num_forms = $this->get_forms_count(); … … 184 200 185 201 $total_entries = (int) $num_forms->all; 186 $entry_status = isset( $_GET['form_status'] ) ? $_GET['form_status']: 'all';202 $entry_status = isset( $_GET['form_status'] ) ? sanitize_text_field( wp_unslash( $_GET['form_status'] ) ) : 'all'; 187 203 188 204 foreach ( $stati as $status => $label ) { 189 $class = ( $status == $entry_status ) ? ' class="current"' : '';205 $class = ( $status === $entry_status ) ? ' class="current"' : ''; 190 206 191 207 if ( ! isset( $num_forms->$status ) ) { … … 210 226 * @returns array $stats Counts of different entry types 211 227 */ 212 function get_entries_count() {228 public function get_entries_count() { 213 229 global $wpdb; 214 230 … … 234 250 * @returns array $stats Counts of different entry types 235 251 */ 236 function get_entries_today_count() {252 public function get_entries_today_count() { 237 253 global $wpdb; 238 254 … … 258 274 * @returns int $count Form count 259 275 */ 260 function get_forms_count() {276 public function get_forms_count() { 261 277 global $wpdb; 262 278 … … 278 294 * @returns array() $sortable_columns Sortable columns 279 295 */ 280 function get_sortable_columns() {296 public function get_sortable_columns() { 281 297 $sortable_columns = array( 282 298 'id' => array( 'id', false ), … … 295 311 * @returns array() $actions Bulk actions 296 312 */ 297 function get_bulk_actions() {313 public function get_bulk_actions() { 298 314 $actions = array(); 299 315 300 // Build the row actions 301 $actions['delete'] = __( 'Delete Permanently', 'visual-form-builder' );316 // Build the row actions. 317 $actions['delete'] = esc_html__( 'Delete Permanently', 'visual-form-builder' ); 302 318 303 319 return $actions; … … 309 325 * @since 1.2 310 326 */ 311 function process_bulk_action() {327 public function process_bulk_action() { 312 328 global $wpdb; 313 329 314 330 $form_id = ''; 315 331 316 // Set the Entry ID array 332 // Set the Entry ID array. 317 333 if ( isset( $_POST['form'] ) ) { 318 334 if ( is_array( $_POST['form'] ) ) { 319 $form_id = $_POST['form'];335 $form_id = array_map( 'sanitize_text_field', wp_unslash( $_POST['form'] ) ); 320 336 } else { 321 $form_id = (array) $_POST['form'];337 $form_id = array_map( 'sanitize_text_field', (array) wp_unslash( $_POST['form'] ) ); 322 338 } 323 339 } … … 352 368 * @returns int Form ID 353 369 */ 354 function current_filter_action() {370 public function current_filter_action() { 355 371 if ( isset( $_POST['form-filter'] ) && -1 != $_POST['form-filter'] ) { 356 372 return absint( $_POST['form-filter'] ); … … 365 381 * @since 1.2 366 382 */ 367 function prepare_items() {368 global $wpdb; 369 370 // get the current user ID 383 public function prepare_items() { 384 global $wpdb; 385 386 // get the current user ID. 371 387 $user = get_current_user_id(); 372 388 373 // get the current admin screen 389 // get the current admin screen. 374 390 $screen = get_current_screen(); 375 391 376 // retrieve the "per_page" option 392 // retrieve the "per_page" option. 377 393 $screen_option = $screen->get_option( 'per_page', 'option' ); 378 394 379 // retrieve the value of the option stored for the current user 395 // retrieve the value of the option stored for the current user. 380 396 $per_page = get_user_meta( $user, $screen_option, true ); 381 397 382 // get the default value if none is set 398 // get the default value if none is set. 383 399 if ( empty( $per_page ) || $per_page < 1 ) { 384 400 $per_page = 20; 385 401 } 386 402 387 // Get the date/time format that is saved in the options table 403 // Get the date/time format that is saved in the options table. 388 404 $date_format = get_option( 'date_format' ); 389 405 $time_format = get_option( 'time_format' ); … … 392 408 $current_page = $this->get_pagenum(); 393 409 394 // Use offset for pagination 410 // Use offset for pagination. 395 411 $offset = ( $current_page - 1 ) * $per_page; 396 412 397 // Get column headers 413 // Get column headers. 398 414 $columns = $this->get_columns(); 399 415 $hidden = get_hidden_columns( $this->screen ); 400 416 401 // Get sortable columns 417 // Get sortable columns. 402 418 $sortable = $this->get_sortable_columns(); 403 419 404 // Build the column headers 420 // Build the column headers. 405 421 $this->_column_headers = array( $columns, $hidden, $sortable ); 406 422 407 // Get entries search terms 408 $search_terms = ( ! empty( $_POST['s'] ) ) ? explode( ' ', $_POST['s']) : array();423 // Get entries search terms. 424 $search_terms = ( ! empty( $_POST['s'] ) ) ? explode( ' ', sanitize_text_field( wp_unslash( $_POST['s'] ) ) ) : array(); 409 425 410 426 $searchand = $search = ''; 411 // Loop through search terms and build query 427 // Loop through search terms and build query. 412 428 foreach ( $search_terms as $term ) { 413 429 $term = esc_sql( $wpdb->esc_like( $term ) ); … … 419 435 $search = ( ! empty( $search ) ) ? " AND ({$search}) " : ''; 420 436 421 // Set our ORDER BY and ASC/DESC to sort the entries 422 $orderby = ! empty( $_GET['orderby'] ) ? sanitize_text_field( $_GET['orderby']) : 'form_id';423 $order = ! empty( $_GET['order'] ) ? sanitize_text_field( $_GET['order']) : 'desc';424 425 // Get the sorted entries 437 // Set our ORDER BY and ASC/DESC to sort the entries. 438 $orderby = ! empty( $_GET['orderby'] ) ? sanitize_text_field( wp_unslash( $_GET['orderby'] ) ) : 'form_id'; 439 $order = ! empty( $_GET['order'] ) ? sanitize_text_field( wp_unslash( $_GET['order'] ) ) : 'desc'; 440 441 // Get the sorted entries. 426 442 $forms = $this->get_forms( $orderby, $order, $per_page, $offset, $search ); 427 443 428 // Get entries totals 444 // Get entries totals. 429 445 $entries_total = $this->get_entries_count(); 430 446 $entries_today = $this->get_entries_today_count(); … … 432 448 $data = array(); 433 449 434 // Loop trough the entries and setup the data to be displayed for each row 450 // Loop trough the entries and setup the data to be displayed for each row. 435 451 foreach ( $forms as $form ) : 436 452 437 // Check if index exists first, not every form has entries 453 // Check if index exists first, not every form has entries. 438 454 $entries_total[ $form->form_id ] = isset( $entries_total[ $form->form_id ] ) ? $entries_total[ $form->form_id ] : 0; 439 455 440 // Check if index exists first, not every form has entries today 456 // Check if index exists first, not every form has entries today. 441 457 $entries_today[ $form->form_id ] = isset( $entries_today[ $form->form_id ] ) ? $entries_today[ $form->form_id ] : 0; 442 458 … … 449 465 'id' => $form->form_id, 450 466 'form_id' => $form->form_id, 451 'form_title' => stripslashes( $form->form_title ),467 'form_title' => wp_unslash( $form->form_title ), 452 468 'entries' => $entries_counts, 453 469 ); … … 457 473 $total_items = $this->get_forms_count(); 458 474 459 // Add sorted data to the items property 475 // Add sorted data to the items property. 460 476 $this->items = $data; 461 477 462 // Register our pagination 478 // Register our pagination. 463 479 $this->set_pagination_args( 464 480 array( -
visual-form-builder/trunk/admin/class-forms-new.php
r2726235 r2726967 4 4 */ 5 5 class Visual_Form_Builder_Forms_New { 6 7 6 /** 8 * display function.7 * Display function. 9 8 * 10 9 * @access public 11 10 * @return void 12 11 */ 13 public function display() { ?> 12 public function display() { 13 ?> 14 14 <form method="post" id="visual-form-builder-new-form" action=""> 15 <input name="action" type="hidden" value="create_form" />16 <?php17 wp_nonce_field( 'create_form' );15 <input name="action" type="hidden" value="create_form" /> 16 <?php 17 wp_nonce_field( 'create_form' ); 18 18 19 if ( ! current_user_can( 'manage_options' ) ) {20 wp_die(__( 'You do not have sufficient permissions to create a new form.', 'visual-form-builder' ) );21 }22 ?>23 <h3><?php_e( 'Create a form', 'visual-form-builder' ); ?></h3>19 if ( ! current_user_can( 'manage_options' ) ) { 20 wp_die( esc_html__( 'You do not have sufficient permissions to create a new form.', 'visual-form-builder' ) ); 21 } 22 ?> 23 <h3><?php esc_html_e( 'Create a form', 'visual-form-builder' ); ?></h3> 24 24 25 <table class="form-table"> 26 <tbody> 27 <!-- Form Name --> 28 <tr valign="top"> 29 <th scope="row"><label for="form-name"><?php _e( 'Name the form', 'visual-form-builder' ); ?></label></th> 30 <td> 31 <input type="text" autofocus="autofocus" class="regular-text required" id="form-name" name="form_title" /> 32 <p class="description"><?php _e( 'Required. This name is used for admin purposes.', 'visual-form-builder' ); ?></p> 33 </td> 34 </tr> 35 <!-- Sender Name --> 36 <tr valign="top"> 37 <th scope="row"><label for="form-email-sender-name"><?php _e( 'Your Name or Company', 'visual-form-builder' ); ?></label></th> 25 <table class="form-table"> 26 <tbody> 27 <!-- Form Name --> 28 <tr valign="top"> 29 <th scope="row"><label for="form-name"><?php esc_html_e( 'Name the form', 'visual-form-builder' ); ?></label></th> 38 30 <td> 39 <input type="text" value="" placeholder="" class="regular-text required" id="form-email-sender-name" name="form_email_from_name" />40 <p class="description"><?php _e( 'Required. This option sets the "From" display name of the email that is sent.', 'visual-form-builder' ); ?></p>31 <input type="text" autofocus="autofocus" class="regular-text required" id="form-name" name="form_title" /> 32 <p class="description"><?php esc_html_e( 'Required. This name is used for admin purposes.', 'visual-form-builder' ); ?></p> 41 33 </td> 42 </tr> 43 <!-- Reply-to Email --> 44 <tr valign="top"> 45 <th scope="row"><label for="form-email-from"><?php _e( 'Reply-To E-mail', 'visual-form-builder' ); ?></label></th> 46 <td> 47 <input type="text" value="" placeholder="" class="regular-text required" id="form-email-from" name="form_email_from" /> 48 <p class="description"><?php _e( 'Required. Replies to your email will go here.', 'visual-form-builder' ); ?></p> 49 <p class="description"><?php _e( 'Tip: for best results, use an email that exists on this domain.', 'visual-form-builder' ); ?></p> 50 </td> 51 </tr> 52 <!-- Email Subject --> 53 <tr valign="top"> 54 <th scope="row"><label for="form-email-subject"><?php _e( 'E-mail Subject', 'visual-form-builder' ); ?></label></th> 55 <td> 56 <input type="text" value="" placeholder="" class="regular-text" id="form-email-subject" name="form_email_subject" /> 57 <p class="description"><?php _e( 'This sets the subject of the email that is sent.', 'visual-form-builder' ); ?></p> 58 </td> 59 </tr> 60 <!-- E-mail To --> 61 <tr valign="top"> 62 <th scope="row"><label for="form-email-to"><?php _e( 'E-mail To', 'visual-form-builder' ); ?></label></th> 63 <td> 64 <input type="text" value="" placeholder="" class="regular-text" id="form-email-to" name="form_email_to[]" /> 65 <p class="description"><?php _e( 'Who to send the submitted data to. You can add more after creating the form.', 'visual-form-builder' ); ?></p> 66 </td> 67 </tr> 34 </tr> 35 <!-- Sender Name --> 36 <tr valign="top"> 37 <th scope="row"><label for="form-email-sender-name"><?php esc_html_e( 'Your Name or Company', 'visual-form-builder' ); ?></label></th> 38 <td> 39 <input type="text" value="" placeholder="" class="regular-text required" id="form-email-sender-name" name="form_email_from_name" /> 40 <p class="description"><?php esc_html_e( 'Required. This option sets the "From" display name of the email that is sent.', 'visual-form-builder' ); ?></p> 41 </td> 42 </tr> 43 <!-- Reply-to Email --> 44 <tr valign="top"> 45 <th scope="row"><label for="form-email-from"><?php esc_html_e( 'Reply-To E-mail', 'visual-form-builder' ); ?></label></th> 46 <td> 47 <input type="text" value="" placeholder="" class="regular-text required" id="form-email-from" name="form_email_from" /> 48 <p class="description"><?php esc_html_e( 'Required. Replies to your email will go here.', 'visual-form-builder' ); ?></p> 49 <p class="description"><?php esc_html_e( 'Tip: for best results, use an email that exists on this domain.', 'visual-form-builder' ); ?></p> 50 </td> 51 </tr> 52 <!-- Email Subject --> 53 <tr valign="top"> 54 <th scope="row"><label for="form-email-subject"><?php esc_html_e( 'E-mail Subject', 'visual-form-builder' ); ?></label></th> 55 <td> 56 <input type="text" value="" placeholder="" class="regular-text" id="form-email-subject" name="form_email_subject" /> 57 <p class="description"><?php esc_html_e( 'This sets the subject of the email that is sent.', 'visual-form-builder' ); ?></p> 58 </td> 59 </tr> 60 <!-- E-mail To --> 61 <tr valign="top"> 62 <th scope="row"><label for="form-email-to"><?php esc_html_e( 'E-mail To', 'visual-form-builder' ); ?></label></th> 63 <td> 64 <input type="text" value="" placeholder="" class="regular-text" id="form-email-to" name="form_email_to[]" /> 65 <p class="description"><?php esc_html_e( 'Who to send the submitted data to. You can add more after creating the form.', 'visual-form-builder' ); ?></p> 66 </td> 67 </tr> 68 68 69 </tbody>70 </table>71 <?php submit_button( __( 'Create Form', 'visual-form-builder' ) ); ?>69 </tbody> 70 </table> 71 <?php submit_button( esc_html__( 'Create Form', 'visual-form-builder' ) ); ?> 72 72 </form> 73 73 <?php -
visual-form-builder/trunk/admin/class-media-button.php
r2726235 r2726967 11 11 */ 12 12 public function __construct() { 13 13 add_action( 'media_buttons', array( $this, 'add_button' ), 999 ); 14 14 add_action( 'wp_ajax_vfb-media-button', array( $this, 'display' ) ); 15 15 } … … 22 22 */ 23 23 public function add_button() { 24 // Check permission before display 24 // Check permission before display. 25 25 if ( ! current_user_can( 'manage_options' ) ) { 26 26 return; … … 39 39 <a href="<?php echo esc_url( $button_url ); ?>" class="button add_media thickbox" title="<?php esc_attr_e( 'Add Visual Form Builder form', 'visual-form-builder' ); ?>"> 40 40 <span class="dashicons dashicons-feedback" style="color:#888; display: inline-block; width: 18px; height: 18px; vertical-align: text-top; margin: 0 4px 0 0;"></span> 41 <?php _e( 'Add Form', 'visual-form-builder' ); ?>41 <?php esc_html_e( 'Add Form', 'visual-form-builder' ); ?> 42 42 </a> 43 43 <?php … … 51 51 */ 52 52 public function display() { 53 53 global $wpdb; 54 54 55 55 check_admin_referer( 'vfb_media_button' ); 56 56 57 // Sanitize the sql orderby 57 // Sanitize the sql orderby. 58 58 $order = sanitize_sql_orderby( 'form_id ASC' ); 59 59 60 // Build our forms as an object 60 // Build our forms as an object. 61 61 $forms = $wpdb->get_results( 'SELECT form_id, form_title FROM ' . VFB_WP_FORMS_TABLE_NAME . " ORDER BY $order" ); 62 62 … … 75 75 <div> 76 76 <form id="add_vfb_form" class="media-upload-form type-form validate"> 77 <h3><?php _e( 'Insert Visual Form Builder form', 'visual-form-builder' ); ?></h3>78 <p><?php _e( 'Select a form below to insert into any Post or Page.', 'visual-form-builder' ); ?></p>77 <h3><?php esc_html_e( 'Insert Visual Form Builder form', 'visual-form-builder' ); ?></h3> 78 <p><?php esc_html_e( 'Select a form below to insert into any Post or Page.', 'visual-form-builder' ); ?></p> 79 79 <select id="vfb_forms" name="vfb_forms"> 80 80 <?php foreach ( $forms as $form ) : ?> 81 <option value="<?php echo esc_attr( $form->form_id ); ?>"><?php echo $form->form_title; ?></option>81 <option value="<?php echo esc_attr( $form->form_id ); ?>"><?php echo esc_html( $form->form_title ); ?></option> 82 82 <?php endforeach; ?> 83 83 </select> 84 84 <?php 85 85 submit_button( 86 __( 'Add Form', 'visual-form-builder' ),86 esc_html__( 'Add Form', 'visual-form-builder' ), 87 87 'primary', 88 '' // leave blank so "name" attribute will not be added 88 '' // leave blank so "name" attribute will not be added. 89 89 ); 90 90 ?> -
visual-form-builder/trunk/admin/class-page-settings.php
r2726235 r2726967 8 8 * [display description] 9 9 * 10 * @return [type] [description]10 * @return void 11 11 */ 12 12 public function display() { 13 13 $vfb_settings = get_option( 'vfb-settings' ); 14 14 ?> 15 15 <div class="wrap"> 16 <h2><?php _e( 'Settings', 'visual-form-builder' ); ?></h2>16 <h2><?php esc_html_e( 'Settings', 'visual-form-builder' ); ?></h2> 17 17 <form id="vfb-settings" method="post"> 18 18 <input name="action" type="hidden" value="vfb_settings" /> 19 19 <?php wp_nonce_field( 'vfb-update-settings' ); ?> 20 <h3><?php _e( 'Global Settings', 'visual-form-builder' ); ?></h3>21 <p><?php _e( 'These settings will affect all forms on your site.', 'visual-form-builder' ); ?></p>20 <h3><?php esc_html_e( 'Global Settings', 'visual-form-builder' ); ?></h3> 21 <p><?php esc_html_e( 'These settings will affect all forms on your site.', 'visual-form-builder' ); ?></p> 22 22 <table class="form-table"> 23 23 <tr valign="top"> 24 <th scope="row"><?php _e( 'CSS', 'visual-form-builder' ); ?></th>24 <th scope="row"><?php esc_html_e( 'CSS', 'visual-form-builder' ); ?></th> 25 25 <td> 26 26 <fieldset> 27 27 <?php 28 28 $disable = array( 29 'always-load-css' => __( 'Always load CSS', 'visual-form-builder' ), 30 'disable-css' => __( 'Disable CSS', 'visual-form-builder' ), // visual-form-builder-css 31 ); 32 33 foreach ( $disable as $key => $title ) : 34 35 $vfb_settings[ $key ] = isset( $vfb_settings[ $key ] ) ? $vfb_settings[ $key ] : ''; 36 ?> 37 <label for="vfb-settings-<?php echo $key; ?>"> 38 <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?> 39 </label> 40 <br> 41 <?php endforeach; ?> 42 </fieldset> 43 </td> 44 </tr> 45 46 <tr valign="top"> 47 <th scope="row"><?php _e( 'Form Output', 'visual-form-builder' ); ?></th> 48 <td> 49 <fieldset> 50 <?php 51 $disable = array( 52 'address-labels' => __( 'Place Address labels above fields', 'visual-form-builder' ), // vfb_address_labels_placement 29 'always-load-css' => esc_html__( 'Always load CSS', 'visual-form-builder' ), 30 'disable-css' => esc_html__( 'Disable CSS', 'visual-form-builder' ), 53 31 ); 54 32 … … 67 45 68 46 <tr valign="top"> 69 <th scope="row"><?php _e( 'Disable Saving Entries', 'visual-form-builder' ); ?></th>47 <th scope="row"><?php esc_html_e( 'Form Output', 'visual-form-builder' ); ?></th> 70 48 <td> 71 49 <fieldset> 72 50 <?php 73 51 $disable = array( 74 ' disable-saving-entries' => __( 'Disables saving entry data for each submission after all emails have been sent.', 'visual-form-builder' ), // vfb_address_labels_placement52 'address-labels' => esc_html__( 'Place Address labels above fields', 'visual-form-builder' ), 75 53 ); 76 54 … … 79 57 $vfb_settings[ $key ] = isset( $vfb_settings[ $key ] ) ? $vfb_settings[ $key ] : ''; 80 58 ?> 81 <label for="vfb-settings-<?php echo $key; ?>">82 <input type="checkbox" name="vfb-settings[<?php echo $key; ?>]" id="vfb-settings-<?php echo $key; ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo $title; ?>59 <label for="vfb-settings-<?php echo esc_attr( $key ); ?>"> 60 <input type="checkbox" name="vfb-settings[<?php echo esc_attr( $key ); ?>]" id="vfb-settings-<?php echo esc_attr( $key ); ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?> 83 61 </label> 84 62 <br> … … 89 67 90 68 <tr valign="top"> 91 <th scope="row"><label for="vfb-settings-spam-points"><?php _e( 'Spam word sensitivity', 'visual-form-builder' ); ?></label></th> 69 <th scope="row"><?php esc_html_e( 'Disable Saving Entries', 'visual-form-builder' ); ?></th> 70 <td> 71 <fieldset> 72 <?php 73 $disable = array( 74 'disable-saving-entries' => esc_html__( 'Disables saving entry data for each submission after all emails have been sent.', 'visual-form-builder' ), 75 ); 76 77 foreach ( $disable as $key => $title ) : 78 $vfb_settings[ $key ] = isset( $vfb_settings[ $key ] ) ? $vfb_settings[ $key ] : ''; 79 ?> 80 <label for="vfb-settings-<?php echo esc_attr( $key ); ?>"> 81 <input type="checkbox" name="vfb-settings[<?php echo esc_attr( $key ); ?>]" id="vfb-settings-<?php echo esc_attr( $key ); ?>" value="1" <?php checked( $vfb_settings[ $key ], 1 ); ?> /> <?php echo esc_html( $title ); ?> 82 </label> 83 <br> 84 <?php endforeach; ?> 85 </fieldset> 86 </td> 87 </tr> 88 89 <tr valign="top"> 90 <th scope="row"><label for="vfb-settings-spam-points"><?php esc_html_e( 'Spam word sensitivity', 'visual-form-builder' ); ?></label></th> 92 91 <td> 93 92 <?php $vfb_settings['spam-points'] = isset( $vfb_settings['spam-points'] ) ? $vfb_settings['spam-points'] : '4'; ?> … … 97 96 98 97 <tr valign="top"> 99 <th scope="row"><label for="vfb-settings-max-upload-size"><?php _e( 'Max Upload Size', 'visual-form-builder' ); ?></label></th>98 <th scope="row"><label for="vfb-settings-max-upload-size"><?php esc_html_e( 'Max Upload Size', 'visual-form-builder' ); ?></label></th> 100 99 <td> 101 100 <?php $vfb_settings['max-upload-size'] = isset( $vfb_settings['max-upload-size'] ) ? $vfb_settings['max-upload-size'] : '25'; ?> … … 105 104 106 105 <tr valign="top"> 107 <th scope="row"><label for="vfb-settings-sender-mail-header"><?php _e( 'Sender Mail Header', 'visual-form-builder' ); ?></label></th>106 <th scope="row"><label for="vfb-settings-sender-mail-header"><?php esc_html_e( 'Sender Mail Header', 'visual-form-builder' ); ?></label></th> 108 107 <td> 109 108 <?php 110 // Use the admin_email as the From email 109 // Use the admin_email as the From email. 111 110 $from_email = get_option( 'admin_email' ); 112 111 113 112 // Get the site domain and get rid of www. 114 $sitename = strtolower( sanitize_text_field( $_SERVER['SERVER_NAME'] ) );113 $sitename = isset( $_SERVER['SERVER_NAME'] ) ? strtolower( sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) ) ) : 'localhost'; 115 114 if ( substr( $sitename, 0, 4 ) == 'www.' ) { 116 115 $sitename = substr( $sitename, 4 ); 117 116 } 118 117 119 // Get the domain from the admin_email 118 // Get the domain from the admin_email. 120 119 list( $user, $domain ) = explode( '@', $from_email ); 121 120 122 // If site domain and admin_email domain match, use admin_email, otherwise a same domain email must be created 123 $from_email = ( $sitename == $domain ) ? $from_email : "wordpress@$sitename";121 // If site domain and admin_email domain match, use admin_email, otherwise a same domain email must be created. 122 $from_email = ( $sitename === $domain ) ? $from_email : "wordpress@$sitename"; 124 123 125 124 $vfb_settings['sender-mail-header'] = isset( $vfb_settings['sender-mail-header'] ) ? $vfb_settings['sender-mail-header'] : $from_email; 126 125 ?> 127 126 <input type="text" name="vfb-settings[sender-mail-header]" id="vfb-settings-sender-mail-header" value="<?php echo esc_attr( $vfb_settings['sender-mail-header'] ); ?>" class="regular-text" /> 128 <p class="description"><?php _e( 'Some server configurations require an existing email on the domain be used when sending emails.', 'visual-form-builder' ); ?></p>127 <p class="description"><?php esc_html_e( 'Some server configurations require an existing email on the domain be used when sending emails.', 'visual-form-builder' ); ?></p> 129 128 </td> 130 129 </tr> … … 132 131 133 132 <div class="vfb-notices vfb-notice-danger" style="width: 50%;"> 134 <h3><?php _e( 'Uninstall Visual Form Builder', 'visual-form-builder' ); ?></h3>135 <p><?php _e( 'Running this uninstall process will delete all Visual Form Builder data for this site. This process cannot be reversed.', 'visual-form-builder' ); ?></p>133 <h3><?php esc_html_e( 'Uninstall Visual Form Builder', 'visual-form-builder' ); ?></h3> 134 <p><?php esc_html_e( 'Running this uninstall process will delete all Visual Form Builder data for this site. This process cannot be reversed.', 'visual-form-builder' ); ?></p> 136 135 <?php 137 136 submit_button( 138 __( 'Uninstall', 'visual-form-builder' ),137 esc_html__( 'Uninstall', 'visual-form-builder' ), 139 138 'delete', 140 139 'visual-form-builder-uninstall', … … 144 143 </div> <!-- .vfb-notices --> 145 144 146 <?php submit_button( __( 'Save', 'visual-form-builder' ), 'primary', 'submit', false ); ?>145 <?php submit_button( esc_html__( 'Save', 'visual-form-builder' ), 'primary', 'submit', false ); ?> 147 146 </form> 148 147 </div> <!-- .wrap --> -
visual-form-builder/trunk/admin/class-save.php
r2726235 r2726967 12 12 */ 13 13 public function __construct() { 14 14 add_action( 'admin_init', array( $this, 'add_new_form' ) ); 15 15 add_action( 'admin_init', array( $this, 'save_update_form' ) ); 16 16 add_action( 'admin_init', array( $this, 'save_trash_delete_form' ) ); … … 38 38 39 39 if ( ! current_user_can( 'manage_options' ) ) { 40 wp_die( __( 'You do not have sufficient permissions to create a new form.', 'visual-form-builder' ) );40 wp_die( esc_html__( 'You do not have sufficient permissions to create a new form.', 'visual-form-builder' ) ); 41 41 } 42 42 43 43 check_admin_referer( 'create_form' ); 44 44 45 $form_key = sanitize_title( $_POST['form_title'] );46 $form_title = sanitize_text_field( $_POST['form_title'] );47 $form_from_name = sanitize_text_field( $_POST['form_email_from_name'] );48 $form_subject = sanitize_text_field( $_POST['form_email_subject'] );49 $form_from = sanitize_email( $_POST['form_email_from'] );50 $form_to = serialize( sanitize_email( $_POST['form_email_to'] ) );45 $form_key = isset( $_POST['form_title'] ) ? sanitize_title( wp_unslash( $_POST['form_title'] ) ) : ''; 46 $form_title = isset( $_POST['form_title'] ) ? sanitize_text_field( wp_unslash( $_POST['form_title'] ) ) : ''; 47 $form_from_name = isset( $_POST['form_email_from_name'] ) ? sanitize_text_field( wp_unslash( $_POST['form_email_from_name'] ) ) : ''; 48 $form_subject = isset( $_POST['form_email_subject'] ) ? sanitize_text_field( wp_unslash( $_POST['form_email_subject'] ) ) : ''; 49 $form_from = isset( $_POST['form_email_from'] ) ? sanitize_email( wp_unslash( $_POST['form_email_from'] ) ) : ''; 50 $form_to = isset( $_POST['form_email_to'] ) ? serialize( sanitize_email( wp_unslash( $_POST['form_email_to'] ) ) ) : ''; 51 51 52 52 $newdata = array( … … 60 60 ); 61 61 62 // Create the form 62 // Create the form. 63 63 $wpdb->insert( VFB_WP_FORMS_TABLE_NAME, $newdata ); 64 64 65 // Get form ID to add our first field 65 // Get form ID to add our first field. 66 66 $new_form_selected = $wpdb->insert_id; 67 67 68 // Setup the initial fieldset 68 // Setup the initial fieldset. 69 69 $initial_fieldset = array( 70 70 'form_id' => $wpdb->insert_id, … … 75 75 ); 76 76 77 // Add the first fieldset to get things started 77 // Add the first fieldset to get things started. 78 78 $wpdb->insert( VFB_WP_FIELDS_TABLE_NAME, $initial_fieldset ); 79 79 … … 87 87 ); 88 88 89 // Insert the submit field 89 // Insert the submit field. 90 90 $wpdb->insert( VFB_WP_FIELDS_TABLE_NAME, $verification_fieldset ); 91 91 … … 104 104 ); 105 105 106 // Insert the submit field 106 // Insert the submit field. 107 107 $wpdb->insert( VFB_WP_FIELDS_TABLE_NAME, $secret ); 108 108 109 // Make the submit last in the sequence 109 // Make the submit last in the sequence. 110 110 $submit = array( 111 111 'form_id' => $new_form_selected, … … 117 117 ); 118 118 119 // Insert the submit field 119 // Insert the submit field. 120 120 $wpdb->insert( VFB_WP_FIELDS_TABLE_NAME, $submit ); 121 121 … … 148 148 check_admin_referer( 'vfb_update_form' ); 149 149 150 $form_id = absint( $_POST['form_id'] );151 $form_key = sanitize_title( $_POST['form_title'], $form_id );152 $form_title = sanitize_text_field( $_POST['form_title'] );153 $form_subject = sanitize_text_field( $_POST['form_email_subject'] );154 $form_to = serialize( array_map( 'sanitize_email', $_POST['form_email_to'] ) );155 $form_from = sanitize_email( $_POST['form_email_from'] );156 $form_from_name = sanitize_text_field( $_POST['form_email_from_name'] );150 $form_id = isset( $_POST['form_id'] ) ? absint( wp_unslash( $_POST['form_id'] ) ) : ''; 151 $form_key = isset( $_POST['form_title'] ) ? sanitize_title( wp_unslash( $_POST['form_title'] ), $form_id ) : ''; 152 $form_title = isset( $_POST['form_title'] ) ? sanitize_text_field( wp_unslash( $_POST['form_title'] ) ) : ''; 153 $form_subject = isset( $_POST['form_email_subject'] ) ? sanitize_text_field( wp_unslash( $_POST['form_email_subject'] ) ) : ''; 154 $form_to = isset( $_POST['form_email_to'] ) ? serialize( array_map( 'sanitize_email', wp_unslash( $_POST['form_email_to'] ) ) ) : ''; 155 $form_from = isset( $_POST['form_email_from'] ) ? sanitize_email( wp_unslash( $_POST['form_email_from'] ) ) : ''; 156 $form_from_name = isset( $_POST['form_email_from_name'] ) ? sanitize_text_field( wp_unslash( $_POST['form_email_from_name'] ) ) : ''; 157 157 $form_from_override = isset( $_POST['form_email_from_override'] ) ? absint( $_POST['form_email_from_override'] ) : ''; 158 158 $form_from_name_override = isset( $_POST['form_email_from_name_override'] ) ? absint( $_POST['form_email_from_name_override'] ) : ''; 159 $form_success_type = sanitize_text_field( $_POST['form_success_type'] );159 $form_success_type = isset( $_POST['form_success_type'] ) ? sanitize_text_field( wp_unslash( $_POST['form_success_type'] ) ) : ''; 160 160 $form_notification_setting = isset( $_POST['form_notification_setting'] ) ? absint( $_POST['form_notification_setting'] ) : ''; 161 $form_notification_email_name = isset( $_POST['form_notification_email_name'] ) ? sanitize_text_field( $_POST['form_notification_email_name']) : '';162 $form_notification_email_from = isset( $_POST['form_notification_email_from'] ) ? sanitize_email( $_POST['form_notification_email_from']) : '';161 $form_notification_email_name = isset( $_POST['form_notification_email_name'] ) ? sanitize_text_field( wp_unslash( $_POST['form_notification_email_name'] ) ) : ''; 162 $form_notification_email_from = isset( $_POST['form_notification_email_from'] ) ? sanitize_email( wp_unslash( $_POST['form_notification_email_from'] ) ) : ''; 163 163 $form_notification_email = isset( $_POST['form_notification_email'] ) ? absint( $_POST['form_notification_email'] ) : ''; 164 $form_notification_subject = isset( $_POST['form_notification_subject'] ) ? sanitize_text_field( $_POST['form_notification_subject']) : '';165 $form_notification_message = isset( $_POST['form_notification_message'] ) ? format_for_editor( $_POST['form_notification_message']) : '';164 $form_notification_subject = isset( $_POST['form_notification_subject'] ) ? sanitize_text_field( wp_unslash( $_POST['form_notification_subject'] ) ) : ''; 165 $form_notification_message = isset( $_POST['form_notification_message'] ) ? format_for_editor( wp_kses_post( wp_unslash( $_POST['form_notification_message'] ) ) ) : ''; 166 166 $form_notification_entry = isset( $_POST['form_notification_entry'] ) ? absint( $_POST['form_notification_entry'] ) : ''; 167 $form_label_alignment = sanitize_text_field( $_POST['form_label_alignment'] );168 169 // Add confirmation based on which type was selected 167 $form_label_alignment = isset( $_POST['form_label_alignment'] ) ? sanitize_text_field( wp_unslash( $_POST['form_label_alignment'] ) ) : ''; 168 169 // Add confirmation based on which type was selected. 170 170 switch ( $form_success_type ) { 171 171 case 'text': 172 $form_success_message = format_for_editor( $_POST['form_success_message_text'] );172 $form_success_message = isset( $_POST['form_success_message_text'] ) ? format_for_editor( wp_kses_post( wp_unslash( $_POST['form_success_message_text'] ) ) ) : ''; 173 173 break; 174 174 case 'page': 175 $form_success_message = absint( $_POST['form_success_message_page'] );175 $form_success_message = isset( $_POST['form_success_message_page'] ) ? absint( $_POST['form_success_message_page'] ) : ''; 176 176 break; 177 177 case 'redirect': 178 $form_success_message = esc_url_raw( $_POST['form_success_message_redirect'] );178 $form_success_message = isset( $_POST['form_success_message_redirect'] ) ? esc_url_raw( wp_unslash( $_POST['form_success_message_redirect'] ) ) : ''; 179 179 break; 180 180 } … … 203 203 $where = array( 'form_id' => $form_id ); 204 204 205 // Update form details 205 // Update form details. 206 206 $wpdb->update( VFB_WP_FORMS_TABLE_NAME, $newdata, $where ); 207 207 208 208 $field_ids = array(); 209 209 210 foreach ( $_POST['field_id']as $fields ) {210 foreach ( wp_unslash( $_POST['field_id'] ) as $fields ) { 211 211 $field_ids[] = $fields; 212 212 } 213 213 214 // Initialize field sequence 214 // Initialize field sequence. 215 215 $field_sequence = 0; 216 216 217 // Loop through each field and update 217 // Loop through each field and update. 218 218 foreach ( $field_ids as $id ) { 219 219 $id = absint( $id ); 220 220 221 $field_name = isset( $_POST[ 'field_name-' . $id ] ) ? sanitize_text_field( trim( $_POST[ 'field_name-' . $id ] ) ) : '';221 $field_name = isset( $_POST[ 'field_name-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_name-' . $id ] ) ) : ''; 222 222 $field_key = sanitize_key( sanitize_title( $field_name, $id ) ); 223 $field_desc = isset( $_POST[ 'field_description-' . $id ] ) ? sanitize_textarea_field( trim( $_POST[ 'field_description-' . $id ] ) ) : '';224 $field_options = isset( $_POST[ 'field_options-' . $id ] ) ? serialize( array_map( 'sanitize_text_field', $_POST[ 'field_options-' . $id ]) ) : '';225 $field_validation = isset( $_POST[ 'field_validation-' . $id ] ) ? sanitize_text_field( $_POST[ 'field_validation-' . $id ]) : '';226 $field_required = isset( $_POST[ 'field_required-' . $id ] ) ? sanitize_text_field( $_POST[ 'field_required-' . $id ]) : '';227 $field_size = isset( $_POST[ 'field_size-' . $id ] ) ? sanitize_text_field( $_POST[ 'field_size-' . $id ]) : '';228 $field_css = isset( $_POST[ 'field_css-' . $id ] ) ? sanitize_text_field( $_POST[ 'field_css-' . $id ]) : '';229 $field_layout = isset( $_POST[ 'field_layout-' . $id ] ) ? sanitize_text_field( $_POST[ 'field_layout-' . $id ]) : '';230 $field_default = isset( $_POST[ 'field_default-' . $id ] ) ? sanitize_text_field( trim( $_POST[ 'field_default-' . $id ] ) ) : '';223 $field_desc = isset( $_POST[ 'field_description-' . $id ] ) ? sanitize_textarea_field( wp_unslash( $_POST[ 'field_description-' . $id ] ) ) : ''; 224 $field_options = isset( $_POST[ 'field_options-' . $id ] ) ? serialize( array_map( 'sanitize_text_field', wp_unslash( $_POST[ 'field_options-' . $id ] ) ) ) : ''; 225 $field_validation = isset( $_POST[ 'field_validation-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_validation-' . $id ] ) ) : ''; 226 $field_required = isset( $_POST[ 'field_required-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_required-' . $id ] ) ) : ''; 227 $field_size = isset( $_POST[ 'field_size-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_size-' . $id ] ) ) : ''; 228 $field_css = isset( $_POST[ 'field_css-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_css-' . $id ] ) ) : ''; 229 $field_layout = isset( $_POST[ 'field_layout-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_layout-' . $id ] ) ) : ''; 230 $field_default = isset( $_POST[ 'field_default-' . $id ] ) ? sanitize_text_field( wp_unslash( $_POST[ 'field_default-' . $id ] ) ) : ''; 231 231 232 232 $field_data = array( … … 249 249 ); 250 250 251 // Update all fields 251 // Update all fields. 252 252 $wpdb->update( VFB_WP_FIELDS_TABLE_NAME, $field_data, $where ); 253 253 … … 276 276 } 277 277 278 $id = absint( $_GET['form'] );278 $id = isset( $_GET['form'] ) ? absint( $_GET['form'] ) : 0; 279 279 280 280 check_admin_referer( 'delete-form-' . $id ); 281 281 282 // Delete form and all fields 282 // Delete form and all fields. 283 283 $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . VFB_WP_FORMS_TABLE_NAME . ' WHERE form_id = %d', $id ) ); 284 284 $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . VFB_WP_FIELDS_TABLE_NAME . ' WHERE form_id = %d', $id ) ); 285 285 $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . VFB_WP_ENTRIES_TABLE_NAME . ' WHERE form_id = %d', $id ) ); 286 286 287 // Redirect to keep the URL clean (use AJAX in the future?) 287 // Redirect to keep the URL clean (use AJAX in the future?). 288 288 wp_redirect( add_query_arg( 'action', 'deleted', 'admin.php?page=visual-form-builder' ) ); 289 289 exit(); … … 310 310 } 311 311 312 $id = absint( $_GET['form'] );312 $id = isset( $_GET['form'] ) ? absint( $_GET['form'] ) : 0; 313 313 314 314 check_admin_referer( 'copy-form-' . $id ); 315 315 316 // Get all fields and data for the request form 316 // Get all fields and data for the request form. 317 317 $fields = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . VFB_WP_FIELDS_TABLE_NAME . ' WHERE form_id = %d', $id ) ); 318 318 $forms = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . VFB_WP_FORMS_TABLE_NAME . ' WHERE form_id = %d', $id ) ); … … 321 321 $notify = $wpdb->get_var( null, 2 ); 322 322 323 // Copy this form and force the initial title to denote a copy 323 // Copy this form and force the initial title to denote a copy. 324 324 foreach ( $forms as $form ) { 325 325 $data = array( … … 347 347 } 348 348 349 // Get form ID to add our first field 349 // Get form ID to add our first field. 350 350 $new_form_selected = $wpdb->insert_id; 351 351 352 // Copy each field and data 352 // Copy each field and data. 353 353 foreach ( $fields as $field ) { 354 354 $data = array( … … 370 370 $wpdb->insert( VFB_WP_FIELDS_TABLE_NAME, $data ); 371 371 372 // If a parent field, save the old ID and the new ID to update new parent ID 372 // If a parent field, save the old ID and the new ID to update new parent ID. 373 373 if ( in_array( $field->field_type, array( 'fieldset', 'section', 'verification' ) ) ) { 374 374 $parents[ $field->field_id ] = $wpdb->insert_id; … … 388 388 } 389 389 390 // Loop through our parents and update them to their new IDs 390 // Loop through our parents and update them to their new IDs. 391 391 foreach ( $parents as $k => $v ) { 392 392 $wpdb->update( … … 400 400 } 401 401 402 // Redirect to keep the URL clean (use AJAX in the future?) 403 wp_ redirect( 'admin.php?page=visual-form-builder&action=edit&form=' . $new_form_selected );402 // Redirect to keep the URL clean (use AJAX in the future?). 403 wp_safe_redirect( 'admin.php?page=visual-form-builder&action=edit&form=' . $new_form_selected ); 404 404 exit(); 405 405 } … … 433 433 $data = array(); 434 434 435 foreach ( $_POST['vfb-settings']as $key => $val ) {436 $data[ $key ] = esc_html( $val );435 foreach ( wp_unslash( $_POST['vfb-settings'] ) as $key => $val ) { 436 $data[ $key ] = sanitize_text_field( $val ); 437 437 } 438 438 … … 442 442 /** 443 443 * Uninstall plugin. 444 *445 444 * Run uninstall on Settings page instead of Plugins page so we can 446 445 * keep VFB files on the server. 447 446 * 448 * @access private 449 * @param mixed $license_key 450 * @param mixed $license_email 451 * @return void 447 * @return void 452 448 */ 453 449 private function uninstall_plugin() { -
visual-form-builder/trunk/admin/class-screen-options.php
r2726235 r2726967 51 51 * Save Screen Options 52 52 * 53 * @ access public54 * @param mixed $status Return this so we don't break other plugins55 * @param mixed $option The option name56 * @param mixed $value The submitted value57 * @return void53 * @param [type] $status Return this so we don't break other plugins. 54 * @param [type] $option The option name. 55 * @param [type] $value The submitted value. 56 * 57 * @return [type] [return description] 58 58 */ 59 59 public function save_option( $status, $option, $value ) { -
visual-form-builder/trunk/admin/class-widget.php
r2726235 r2726967 1 1 <?php 2 3 add_action( 'widgets_init', 'vfb_register_widgets' ); 4 2 /** 3 * [vfb_register_widgets description] 4 * 5 * @return void 6 */ 5 7 function vfb_register_widgets() { 6 8 register_widget( 'Visual_Form_Builder_Widget' ); 7 9 } 10 add_action( 'widgets_init', 'vfb_register_widgets' ); 8 11 9 12 /** … … 22 25 array( 23 26 'classname' => 'vfb_widget_class', 24 'description' => __( 'Visual Form Builder Widget', 'visual-form-builder' ),27 'description' => esc_html__( 'Visual Form Builder Widget', 'visual-form-builder' ), 25 28 ) 26 29 ); … … 30 33 * [form description] 31 34 * 32 * @param [type] $instance [description] 33 * @return [type] [description] 35 * @param [type] $instance [$instance description]. 36 * 37 * @return void 34 38 */ 35 39 public function form( $instance ) { 36 40 global $wpdb; 37 41 38 // Query to get all forms 42 // Query to get all forms. 39 43 $order = sanitize_sql_orderby( 'form_id ASC' ); 40 44 $where = apply_filters( 'vfb_pre_get_forms_widget', '' ); … … 46 50 ?> 47 51 <p> 48 <label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>49 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title'); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />52 <label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _esc_html_e( 'Title:', 'visual-form-builder' ); ?></label> 53 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /> 50 54 </p> 51 55 <p> 52 <label for="<?php echo $this->get_field_id( 'id' ); ?>"><?php_e( 'Form to display:', 'visual-form-builder' ); ?></label>53 <select id="<?php echo $this->get_field_id( 'id' ); ?>" name="<?php echo $this->get_field_name( 'id'); ?>" class="widefat">56 <label for="<?php echo esc_attr( $this->get_field_id( 'id' ) ); ?>"><?php esc_html_e( 'Form to display:', 'visual-form-builder' ); ?></label> 57 <select id="<?php echo esc_attr( $this->get_field_id( 'id' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'id' ) ); ?>" class="widefat"> 54 58 <?php 55 59 foreach ( $forms as $form ) { … … 59 63 esc_html( $form->form_key ), 60 64 selected( $form->form_id, $instance['id'], 1 ), 61 wp_specialchars_decode( esc_html( stripslashes( $form->form_title ) ), ENT_QUOTES)65 esc_html( wp_unslash( $form->form_title ) ) 62 66 ); 63 67 } … … 71 75 * [widget description] 72 76 * 73 * @param [type] $args [description] 74 * @param [type] $instance [description] 75 * @return [type] [description] 77 * @param [type] $args [description]. 78 * @param [type] $instance [description]. 76 79 */ 77 80 public function widget( $args, $instance ) { 78 extract( $args );79 80 81 $form_id = absint( $instance['id'] ); 81 82 82 echo $before_widget;83 echo esc_html( $args['before_widget'] ); 83 84 84 // Title 85 // Title. 85 86 if ( ! empty( $instance['title'] ) ) { 86 echo $args['before_title'] . esc_html( $instance['title'] ) . $args['after_title'];87 echo esc_html( $args['before_title'] . $instance['title'] . $args['after_title'] ); 87 88 } 88 89 89 // Print the output 90 // Print the output. 90 91 echo do_shortcode( '[vfb id=' . wp_kses_post( $form_id ) . ']' ); 91 92 92 echo $after_widget;93 echo esc_html( $args['after_widget'] ); 93 94 } 94 95 … … 96 97 * [update description] 97 98 * 98 * @param [type] $new_instance [description] 99 * @param [type] $old_instance [description] 99 * @param [type] $new_instance [description]. 100 * @param [type] $old_instance [description]. 100 101 * @return [type] [description] 101 102 */ … … 104 105 105 106 $instance['id'] = ! empty( $new_instance['id'] ) ? absint( $new_instance['id'] ) : ''; 106 $instance['title'] = ! empty( $new_instance['title'] ) ? strip_tags( $new_instance['title'] ) : '';107 $instance['title'] = ! empty( $new_instance['title'] ) ? wp_strip_all_tags( $new_instance['title'] ) : ''; 107 108 108 109 return $instance; -
visual-form-builder/trunk/inc/class-i18n.php
r2726235 r2726967 8 8 * @since 1.0 9 9 */ 10 class Visual_Form_Builder_i18n { 11 12 10 class Visual_Form_Builder_I18n { 13 11 /** 14 12 * The domain specified for this plugin. … … 27 25 public function load_lang() { 28 26 29 // The "plugin_locale" filter is also used in load_plugin_textdomain() 27 // The "plugin_locale" filter is also used in load_plugin_textdomain(). 30 28 $locale = apply_filters( 'plugin_locale', get_locale(), $this->domain ); 31 29 32 30 $wp_lang_dir = WP_LANG_DIR . '/' . $this->domain . '/' . $locale . '.mo'; 33 31 34 // Load translated strings from WP_LANG_DIR 32 // Load translated strings from WP_LANG_DIR. 35 33 load_textdomain( $this->domain, $wp_lang_dir ); 36 34 37 // Main plugin path 35 // Main plugin path. 38 36 $plugin_dir = VFB_WP_PLUGIN_FILE; 39 37 40 // Lang folder path 38 // Lang folder path. 41 39 $lang_dir = dirname( plugin_basename( $plugin_dir ) ) . '/lang/'; 42 40 43 // Load translated strings, if no WP_LANG_DIR found 41 // Load translated strings, if no WP_LANG_DIR found. 44 42 load_plugin_textdomain( $this->domain, false, $lang_dir ); 45 46 43 } 47 44 … … 55 52 $this->domain = $domain; 56 53 } 57 58 54 } -
visual-form-builder/trunk/inc/class-install.php
r2726235 r2726967 1 1 <?php 2 2 /** 3 * [Visual_Form_Builder_Install description] 4 */ 3 5 class Visual_Form_Builder_Install { 4 6 /** 5 7 * Initial setup 6 8 */ 7 public function __construct() { 9 public function __construct() {} 8 10 9 11 /** 10 12 * Check DB version and run SQL install, if needed 11 13 * 12 * @return [type] [description]14 * @return void 13 15 */ 14 16 public function upgrade_db_check() { 15 17 $current_db_version = VFB_WP_DB_VERSION; 16 18 17 if ( get_option( 'vfb_db_version' ) != $current_db_version ) {19 if ( get_option( 'vfb_db_version' ) !== $current_db_version ) { 18 20 $this->install_db(); 19 21 } 20 22 } 21 23 24 /** 25 * [install_db description] 26 * 27 * @return void 28 */ 22 29 public function install_db() { 23 30 global $wpdb; … … 27 34 include_once ABSPATH . 'wp-admin/includes/upgrade.php'; 28 35 29 // Forms table 36 // Forms table. 30 37 $sql = 'CREATE TABLE ' . VFB_WP_FORMS_TABLE_NAME . " ( 31 38 form_id BIGINT(20) NOT NULL AUTO_INCREMENT, … … 49 56 form_label_alignment VARCHAR(25), 50 57 PRIMARY KEY (form_id) 51 ) $charset_collate;";58 ) $charset_collate;"; 52 59 53 60 dbDelta( $sql ); 54 61 55 // Fields table 62 // Fields table. 56 63 $sql = 'CREATE TABLE ' . VFB_WP_FIELDS_TABLE_NAME . " ( 57 64 field_id BIGINT(20) NOT NULL AUTO_INCREMENT, … … 71 78 field_default TEXT, 72 79 PRIMARY KEY (field_id) 73 ) $charset_collate;";80 ) $charset_collate;"; 74 81 75 82 dbDelta( $sql ); 76 83 77 // Entries table 84 // Entries table. 78 85 $sql = 'CREATE TABLE ' . VFB_WP_ENTRIES_TABLE_NAME . " ( 79 86 entries_id BIGINT(20) NOT NULL AUTO_INCREMENT, … … 88 95 entry_approved VARCHAR(20) DEFAULT '1', 89 96 PRIMARY KEY (entries_id) 90 ) $charset_collate;";97 ) $charset_collate;"; 91 98 92 99 dbDelta( $sql ); … … 98 105 * A wrapper to check DB version which then calls install_db 99 106 * 100 * @return [type] [description]107 * @return void 101 108 */ 102 109 public function install() { 103 110 $this->upgrade_db_check(); 104 111 } 105 112 } -
visual-form-builder/trunk/inc/class-uninstall.php
r2726235 r2726967 17 17 18 18 /** 19 * uninstall function.19 * [uninstall description] 20 20 * 21 * @access public 22 * @param mixed $license_key 23 * @param mixed $license_email 24 * @return void 21 * @return void 25 22 */ 26 23 public function uninstall() { … … 42 39 ); 43 40 44 wp_ redirect( admin_url( 'plugins.php' ) );41 wp_safe_edirect( admin_url( 'plugins.php' ) ); 45 42 exit(); 46 43 } -
visual-form-builder/trunk/inc/countries.php
r2726235 r2726967 9 9 10 10 if ( ! defined( 'ABSPATH' ) ) { 11 exit; // Exit if accessed directly11 exit; 12 12 } 13 13 -
visual-form-builder/trunk/public/class-confirmation.php
r2726235 r2726967 6 6 7 7 /** 8 * form8 * Form 9 9 * 10 10 * @var mixed … … 14 14 15 15 /** 16 * __construct function.16 * [__construct description] 17 17 * 18 * @access public 19 * @return void 18 * @param [type] $form_id [$form_id description]. 19 * 20 * @return void 20 21 */ 21 22 public function __construct( $form_id ) { … … 26 27 * Text message confirmation 27 28 * 28 * @access public 29 * @param mixed $message 30 * @return void 29 * @return [type] [return description] 31 30 */ 32 31 public function text() { … … 34 33 35 34 $type = isset( $data['form_success_type'] ) ? $data['form_success_type'] : 'text'; 36 $message = isset( $data['form_success_message'] ) ? stripslashes( html_entity_decode( wp_kses_stripslashes( $data['form_success_message'] ) ) ) : '';35 $message = isset( $data['form_success_message'] ) ? wp_unslash( html_entity_decode( wp_kses_stripslashes( $data['form_success_message'] ) ) ) : ''; 37 36 38 37 if ( 'text' !== $type ) { … … 44 43 45 44 /** 46 * WordPress Page redirect45 * [wp_page description] 47 46 * 48 * @access public49 * @param mixed $page50 47 * @return void 51 48 */ 52 49 public function wp_page() { 53 50 $data = $this->get_settings(); 54 51 55 52 $type = isset( $data['form_success_type'] ) ? $data['form_success_type'] : 'text'; … … 61 58 62 59 $permalink = get_permalink( $page ); 63 wp_ redirect( esc_url_raw( $permalink ) );60 wp_safe_redirect( esc_url_raw( $permalink ) ); 64 61 65 62 exit(); … … 67 64 68 65 /** 69 * Custom URL redirect66 * [redirect description] 70 67 * 71 * @access public 72 * @param mixed $url 73 * @return void 68 * @return [type] [return description] 74 69 */ 75 70 public function redirect() { … … 83 78 } 84 79 85 wp_ redirect( esc_url_raw( $redirect ) );80 wp_safe_redirect( esc_url_raw( $redirect ) ); 86 81 87 82 exit(); … … 105 100 $form = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . VFB_WP_FORMS_TABLE_NAME . " WHERE form_id = %d ORDER BY $order", $form_id ), ARRAY_A ); 106 101 107 if ( $form != null) {102 if ( null !== $form ) { 108 103 return $form; 109 104 } else { … … 138 133 * 139 134 * @access private 140 * @return void135 * @return int 141 136 */ 142 137 public function get_form_id() { … … 155 150 */ 156 151 public function submit_check() { 157 // If class form ID hasn't been set, exit 152 // If class form ID hasn't been set, exit. 158 153 if ( ! $this->get_form_id() ) { 159 154 return; 160 155 } 161 156 162 // If form ID hasn't been submitted by $_POST, exit 157 // If form ID hasn't been submitted by $_POST, exit. 163 158 if ( ! isset( $_POST['vfb-submit'] ) ) { 164 159 return; 165 160 } 166 161 167 // If class form ID doesn't match $_POST form ID, exit 162 // If class form ID doesn't match $_POST form ID, exit. 168 163 if ( $this->get_form_id() !== absint( $_POST['form_id'] ) ) { 169 164 return; -
visual-form-builder/trunk/visual-form-builder.php
r2726235 r2726967 219 219 */ 220 220 public function lang() { 221 $i18n = new Visual_Form_Builder_ i18n();221 $i18n = new Visual_Form_Builder_I18n(); 222 222 $i18n->set_domain( $this->plugin_name ); 223 223
Note: See TracChangeset
for help on using the changeset viewer.