Changeset 2727061
- Timestamp:
- 05/19/2022 07:34:43 PM (4 years ago)
- Location:
- visual-form-builder/trunk
- Files:
-
- 12 edited
-
admin/class-admin-notices.php (modified) (1 diff)
-
admin/class-ajax.php (modified) (4 diffs)
-
admin/class-entries-detail.php (modified) (1 diff)
-
admin/class-export.php (modified) (4 diffs)
-
admin/class-page-settings.php (modified) (1 diff)
-
admin/class-save.php (modified) (1 diff)
-
public/class-confirmation.php (modified) (1 diff)
-
public/class-email.php (modified) (25 diffs)
-
public/class-form-display.php (modified) (42 diffs)
-
public/class-load-css-js.php (modified) (4 diffs)
-
public/class-security.php (modified) (5 diffs)
-
visual-form-builder.php (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
visual-form-builder/trunk/admin/class-admin-notices.php
r2726274 r2727061 28 28 return; 29 29 } 30 31 30 if ( 'create_form' !== $_POST['action'] ) { 32 31 return; -
visual-form-builder/trunk/admin/class-ajax.php
r2726274 r2727061 75 75 76 76 $form_id = absint( $data['form_id'] ); 77 $field_key = sanitize_title( $_POST['field_type'] );78 $field_name = sanitize_text_field( $_POST['field_type'] );79 $field_type = strtolower( sanitize_title( $_POST['field_type'] ) );77 $field_key = isset( $_POST['field_type'] ) ? sanitize_title( wp_unslash( $_POST['field_type'] ) ) : ''; 78 $field_name = isset( $_POST['field_type'] ) ? sanitize_text_field( wp_unslash( $_POST['field_type'] ) ) : ''; 79 $field_type = isset( $_POST['field_type'] ) ? strtolower( sanitize_title( wp_unslash( $_POST['field_type'] ) ) ) : ''; 80 80 81 81 // Set defaults for validation. … … 158 158 global $wpdb; 159 159 160 if ( isset( $_POST['action'] ) && $_POST['action'] === 'visual_form_builder_delete_field') {160 if ( isset( $_POST['action'] ) && 'visual_form_builder_delete_field' === $_POST['action'] ) { 161 161 $form_id = isset( $_POST['form'] ) ? absint( $_POST['form'] ) : 0; 162 162 $field_id = isset( $_POST['field'] ) ? absint( $_POST['field'] ) : 0; … … 188 188 $current_user = wp_get_current_user(); 189 189 190 if ( isset( $_POST['action'] ) && $_POST['action'] === 'visual_form_builder_form_settings') {190 if ( isset( $_POST['action'] ) && 'visual_form_builder_form_settings' === $_POST['action'] ) { 191 191 $form_id = isset( $_POST['form'] ) ? absint( $_POST['form'] ) : 0; 192 $status = isset( $_POST['status'] ) ? sanitize_text_field( $_POST['status']) : 'opened';193 $accordion = isset( $_POST['accordion'] ) ? sanitize_text_field( $_POST['accordion']) : 'general-settings';192 $status = isset( $_POST['status'] ) ? sanitize_text_field( wp_unslash( $_POST['status'] ) ) : 'opened'; 193 $accordion = isset( $_POST['accordion'] ) ? sanitize_text_field( wp_unslash( $_POST['accordion'] ) ) : 'general-settings'; 194 194 $user_id = $current_user instanceof WP_User ? $current_user->ID : 1; 195 195 … … 202 202 203 203 // Set defaults if meta key doesn't exist. 204 if ( ! $form_settings || $form_settings === '') {204 if ( ! $form_settings || '' === $form_settings ) { 205 205 $meta_value[ $form_id ] = $array; 206 206 -
visual-form-builder/trunk/admin/class-entries-detail.php
r2726274 r2727061 77 77 wp_nonce_url( admin_url( 'admin.php?page=vfb-entries' ), 'vfb_trash_entry' ), 78 78 'trash', 79 $entry_id79 absint( $entry_id ) 80 80 ); 81 81 ?> -
visual-form-builder/trunk/admin/class-export.php
r2726291 r2727061 36 36 // Setup our default columns. 37 37 $this->default_cols = array( 38 'entries_id' => __( 'Entries ID', 'visual-form-builder' ),39 'date_submitted' => __( 'Date Submitted', 'visual-form-builder' ),40 'ip_address' => __( 'IP Address', 'visual-form-builder' ),41 'subject' => __( 'Subject', 'visual-form-builder' ),42 'sender_name' => __( 'Sender Name', 'visual-form-builder' ),43 'sender_email' => __( 'Sender Email', 'visual-form-builder' ),44 'emails_to' => __( 'Emailed To', 'visual-form-builder' ),38 'entries_id' => esc_html__( 'Entries ID', 'visual-form-builder' ), 39 'date_submitted' => esc_html__( 'Date Submitted', 'visual-form-builder' ), 40 'ip_address' => esc_html__( 'IP Address', 'visual-form-builder' ), 41 'subject' => esc_html__( 'Subject', 'visual-form-builder' ), 42 'sender_name' => esc_html__( 'Sender Name', 'visual-form-builder' ), 43 'sender_email' => esc_html__( 'Sender Email', 'visual-form-builder' ), 44 'emails_to' => esc_html__( 'Emailed To', 'visual-form-builder' ), 45 45 ); 46 46 … … 140 140 <?php 141 141 submit_button( 142 __( 'Download Export File', 'visual-form-builder' ),142 esc_html__( 'Download Export File', 'visual-form-builder' ), 143 143 'primary', 144 144 '' // leave blank so "name" attribute will not be added. … … 169 169 $data = array(); 170 170 171 foreach ( sanitize_text_field( wp_unslash( $_POST['settings'] ) ) as $key => $val ) { 172 $data[ $key ] = $val; 171 if ( isset( $_POST['settings'] ) ) { 172 foreach ( sanitize_text_field( wp_unslash( $_POST['settings'] ) ) as $key => $val ) { 173 $data[ $key ] = $val; 174 } 173 175 } 174 176 … … 534 536 "<option value='%s'>%s</option>\n", 535 537 esc_attr( $arc_row->year . '-' . $month ), 536 sprintf( __( '%1$s %2$d' ), esc_html( $wp_locale->get_month( $month ) ), esc_html( $year ) )538 sprintf( esc_html__( '%1$s %2$d' ), esc_html( $wp_locale->get_month( $month ) ), esc_html( $year ) ) 537 539 ); 538 540 } -
visual-form-builder/trunk/admin/class-page-settings.php
r2726967 r2727061 112 112 // Get the site domain and get rid of www. 113 113 $sitename = isset( $_SERVER['SERVER_NAME'] ) ? strtolower( sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) ) ) : 'localhost'; 114 if ( substr( $sitename, 0, 4 ) == 'www.' ) {114 if ( substr( $sitename, 0, 4 ) === 'www.' ) { 115 115 $sitename = substr( $sitename, 4 ); 116 116 } -
visual-form-builder/trunk/admin/class-save.php
r2726967 r2727061 433 433 $data = array(); 434 434 435 foreach ( wp_unslash( $_POST['vfb-settings'] ) as $key => $val ) { 436 $data[ $key ] = sanitize_text_field( $val ); 435 if ( isset( $_POST['vfb-settings'] ) ) { 436 foreach ( wp_unslash( $_POST['vfb-settings'] ) as $key => $val ) { 437 $data[ $key ] = sanitize_text_field( $val ); 438 } 437 439 } 438 440 -
visual-form-builder/trunk/public/class-confirmation.php
r2726967 r2727061 160 160 } 161 161 162 if ( ! isset( $_POST['form_id'] ) ) { 163 return; 164 } 165 162 166 // If class form ID doesn't match $_POST form ID, exit. 163 167 if ( $this->get_form_id() !== absint( $_POST['form_id'] ) ) { -
visual-form-builder/trunk/public/class-email.php
r2726235 r2727061 5 5 class Visual_Form_Builder_Email { 6 6 /** 7 * form_id7 * Form_id 8 8 * 9 9 * @var mixed … … 18 18 * @return void 19 19 */ 20 public function __construct() { 21 22 /** 23 * email function.20 public function __construct() {} 21 22 /** 23 * Email function. 24 24 * 25 25 * @access public … … 32 32 } 33 33 34 // Save Form ID to pass to phpmailer() 34 // Save Form ID to pass to phpmailer(). 35 35 $this->form_id = $form_id; 36 36 37 // Main Email 37 // Main Email. 38 38 $this->notification( $form_id ); 39 39 … … 49 49 * Send out main email 50 50 * 51 * @param [type] $form_id [description] 52 * @return [type] [description] 51 * @param [type] $form_id [$form_id description]. 52 * 53 * @return void 53 54 */ 54 55 public function notification( $form_id ) { 55 56 global $wpdb; 56 57 57 // Query to get all forms 58 // Query to get all forms. 58 59 $order = sanitize_sql_orderby( 'form_id DESC' ); 59 60 $form = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . VFB_WP_FORMS_TABLE_NAME . " WHERE form_id = %d ORDER BY $order", $form_id ) ); 60 61 61 62 $form_settings = (object) array( 62 'form_title' => stripslashes( html_entity_decode( $form->form_title, ENT_QUOTES, 'UTF-8' ) ),63 'form_subject' => stripslashes( html_entity_decode( $form->form_email_subject, ENT_QUOTES, 'UTF-8' ) ),64 'form_to' => ( is_array( unserialize( $form->form_email_to )) ) ? unserialize( $form->form_email_to ) : explode( ',', unserialize( $form->form_email_to ) ),65 'form_from' => stripslashes( $form->form_email_from ),66 'form_from_name' => stripslashes( $form->form_email_from_name ),67 'form_notification_setting' => stripslashes( $form->form_notification_setting ),68 'form_notification_email_name' => stripslashes( $form->form_notification_email_name ),69 'form_notification_email_from' => stripslashes( $form->form_notification_email_from ),70 'form_notification_subject' => stripslashes( html_entity_decode( $form->form_notification_subject, ENT_QUOTES, 'UTF-8' ) ),71 'form_notification_message' => stripslashes( $form->form_notification_message ),72 'form_notification_entry' => stripslashes( $form->form_notification_entry ),63 'form_title' => wp_unslash( html_entity_decode( $form->form_title, ENT_QUOTES, 'UTF-8' ) ), 64 'form_subject' => wp_unslash( html_entity_decode( $form->form_email_subject, ENT_QUOTES, 'UTF-8' ) ), 65 'form_to' => is_array( unserialize( $form->form_email_to ) ) ? unserialize( $form->form_email_to ) : explode( ',', unserialize( $form->form_email_to ) ), 66 'form_from' => wp_unslash( $form->form_email_from ), 67 'form_from_name' => wp_unslash( $form->form_email_from_name ), 68 'form_notification_setting' => wp_unslash( $form->form_notification_setting ), 69 'form_notification_email_name' => wp_unslash( $form->form_notification_email_name ), 70 'form_notification_email_from' => wp_unslash( $form->form_notification_email_from ), 71 'form_notification_subject' => wp_unslash( html_entity_decode( $form->form_notification_subject, ENT_QUOTES, 'UTF-8' ) ), 72 'form_notification_message' => wp_unslash( $form->form_notification_message ), 73 'form_notification_entry' => wp_unslash( $form->form_notification_entry ), 73 74 ); 74 // Allow the form settings to be filtered (ex: return $form_settings->'form_title' = 'Hello World';) 75 // Allow the form settings to be filtered (ex: return $form_settings->'form_title' = 'Hello World';). 75 76 $form_settings = (object) apply_filters_ref_array( 'vfb_email_form_settings', array( $form_settings, $form_id ) ); 76 77 77 // Get global settings 78 // Get global settings. 78 79 $vfb_settings = get_option( 'vfb-settings' ); 79 80 80 // Settings - Max Upload Size 81 // Settings - Max Upload Size. 81 82 $settings_max_upload = isset( $vfb_settings['max-upload-size'] ) ? $vfb_settings['max-upload-size'] : 25; 82 83 83 // Settings - Spam word sensitivity 84 // Settings - Spam word sensitivity. 84 85 $settings_spam_points = isset( $vfb_settings['spam-points'] ) ? $vfb_settings['spam-points'] : 4; 85 86 86 // Sender name field ID 87 // Sender name field ID. 87 88 $sender = $form->form_email_from_name_override; 88 89 89 // Sender email field ID 90 // Sender email field ID. 90 91 $email = $form->form_email_from_override; 91 92 92 // Notifcation email field ID 93 // Notifcation email field ID. 93 94 $notify = $form->form_notification_email; 94 95 … … 96 97 $reply_to_email = $form_settings->form_from; 97 98 98 // Use field for sender name 99 // Use field for sender name. 99 100 if ( ! empty( $sender ) && isset( $_POST[ 'vfb-' . $sender ] ) ) { 100 $form_settings->form_from_name = wp_kses_data( $_POST[ 'vfb-' . $sender ]);101 $form_settings->form_from_name = wp_kses_data( wp_unslash( $_POST[ 'vfb-' . $sender ] ) ); 101 102 $reply_to_name = $form_settings->form_from_name; 102 103 } 103 104 104 // Use field for sender email 105 // Use field for sender email. 105 106 if ( ! empty( $email ) && isset( $_POST[ 'vfb-' . $email ] ) ) { 106 $form_settings->form_from = sanitize_email( $_POST[ 'vfb-' . $email ]);107 $form_settings->form_from = sanitize_email( wp_unslash( $_POST[ 'vfb-' . $email ] ) ); 107 108 $reply_to_email = $form_settings->form_from; 108 109 } 109 110 110 // Use field for copy email 111 $copy_email = ( ! empty( $notify ) ) ? sanitize_email( $_POST[ 'vfb-' . $notify ]) : '';112 113 // Query to get all forms 111 // Use field for copy email. 112 $copy_email = ! empty( $notify ) && isset( $_POST[ 'vfb-' . $notify ] ) ? sanitize_email( wp_unslash( $_POST[ 'vfb-' . $notify ] ) ) : ''; 113 114 // Query to get all forms. 114 115 $order = sanitize_sql_orderby( 'field_sequence ASC' ); 115 116 $fields = $wpdb->get_results( $wpdb->prepare( 'SELECT field_id, field_key, field_name, field_type, field_options, field_parent, field_required FROM ' . VFB_WP_FIELDS_TABLE_NAME . " WHERE form_id = %d ORDER BY $order", $form_id ) ); 116 117 117 // Setup counter for alt rows 118 // Setup counter for alt rows. 118 119 $i = $points = 0; 119 120 120 // Setup HTML email vars 121 // Setup HTML email vars. 121 122 $header = $body = $message = $footer = $html_email = $auto_response_email = ''; 122 123 $attachments = array(); 123 124 124 // Prepare the beginning of the content 125 // Prepare the beginning of the content. 125 126 $header = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 126 127 <html> … … 131 132 <body><table rules="all" style="border-color: #666;" cellpadding="10">' . "\n"; 132 133 133 // Loop through each form field and build the body of the message 134 // Loop through each form field and build the body of the message. 134 135 foreach ( $fields as $field ) { 135 // Handle attachments 136 if ( $field->field_type == 'file-upload') {137 $value = ( isset( $_FILES[ 'vfb-' . $field->field_id ] ) ) ? $_FILES[ 'vfb-' . $field->field_id ]: '';136 // Handle attachments. 137 if ( 'file-upload' === $field->field_type ) { 138 $value = ( isset( $_FILES[ 'vfb-' . $field->field_id ] ) ) ? wp_unslash( $_FILES[ 'vfb-' . $field->field_id ] ) : ''; 138 139 139 140 if ( is_array( $value ) && $value['size'] > 0 ) { 140 // 25MB is the max size allowed 141 // 25MB is the max size allowed. 141 142 $size = apply_filters( 'vfb_max_file_size', $settings_max_upload ); 142 143 $max_attach_size = $size * 1048576; 143 144 144 // Display error if file size has been exceeded 145 // Display error if file size has been exceeded. 145 146 if ( $value['size'] > $max_attach_size ) { 146 wp_die( sprintf( __( 'File size exceeds %dMB. Please decrease the file size and try again.', 'visual-form-builder' ), $size), '', array( 'back_link' => true ) );147 } 148 149 // Options array for the wp_handle_upload function. 'test_form' => false 147 wp_die( sprintf( esc_html__( 'File size exceeds %dMB. Please decrease the file size and try again.', 'visual-form-builder' ), absint( $size ) ), '', array( 'back_link' => true ) ); 148 } 149 150 // Options array for the wp_handle_upload function. 'test_form' => false. 150 151 $upload_overrides = array( 'test_form' => false ); 151 152 152 // We need to include the file that runs the wp_handle_upload function 153 // We need to include the file that runs the wp_handle_upload function. 153 154 include_once ABSPATH . 'wp-admin/includes/file.php'; 154 155 155 // Handle the upload using WP's wp_handle_upload function. Takes the posted file and an options array 156 // Handle the upload using WP's wp_handle_upload function. Takes the posted file and an options array. 156 157 $uploaded_file = wp_handle_upload( $value, $upload_overrides ); 157 158 158 // If the wp_handle_upload call returned a local path for the image 159 // If the wp_handle_upload call returned a local path for the image. 159 160 if ( isset( $uploaded_file['file'] ) ) { 160 // Retrieve the file type from the file name. Returns an array with extension and mime type 161 // Retrieve the file type from the file name. Returns an array with extension and mime type. 161 162 $wp_filetype = wp_check_filetype( basename( $uploaded_file['file'] ), null ); 162 163 163 // Return the current upload directory location 164 // Return the current upload directory location. 164 165 $wp_upload_dir = wp_upload_dir(); 165 166 … … 172 173 ); 173 174 174 // Insert attachment into Media Library and get attachment ID 175 // Insert attachment into Media Library and get attachment ID. 175 176 $attach_id = wp_insert_attachment( $media_upload, $uploaded_file['file'] ); 176 177 177 // Include the file that runs wp_generate_attachment_metadata() 178 // Include the file that runs wp_generate_attachment_metadata(). 178 179 include_once ABSPATH . 'wp-admin/includes/image.php'; 179 180 include_once ABSPATH . 'wp-admin/includes/media.php'; 180 181 181 // Setup attachment metadata 182 // Setup attachment metadata. 182 183 $attach_data = wp_generate_attachment_metadata( $attach_id, $uploaded_file['file'] ); 183 184 184 // Update the attachment metadata 185 // Update the attachment metadata. 185 186 wp_update_attachment_metadata( $attach_id, $attach_data ); 186 187 … … 199 200 $body .= sprintf( 200 201 '<tr> 201 202 203 204 stripslashes( $field->field_name),202 <td><strong>%1$s: </strong></td> 203 <td><a href="%2$s">%2$s</a></td> 204 </tr>' . "\n", 205 esc_html( wp_unslash( $field->field_name ) ), 205 206 $uploaded_file['url'] 206 207 ); 207 208 } 208 209 } else { 209 $value = ( isset( $_POST[ 'vfb-' . $field->field_id ] ) ) ? $_POST[ 'vfb-' . $field->field_id ]: '';210 $value = ( isset( $_POST[ 'vfb-' . $field->field_id ] ) ) ? sanitize_text_field( wp_unslash( $_POST[ 'vfb-' . $field->field_id ] ) ) : ''; 210 211 $body .= sprintf( 211 212 '<tr> 212 <td><strong>%1$s: </strong></td>213 <td>%2$s</td>214 </tr>' . "\n",215 stripslashes( $field->field_name),213 <td><strong>%1$s: </strong></td> 214 <td>%2$s</td> 215 </tr>' . "\n", 216 esc_html( wp_unslash( $field->field_name ) ), 216 217 $value 217 218 ); 218 219 } 219 } 220 // Everything else 221 else { 222 $value = ( isset( $_POST[ 'vfb-' . $field->field_id ] ) ) ? $_POST[ 'vfb-' . $field->field_id ] : ''; 223 224 // If time field, build proper output 225 if ( is_array( $value ) && $field->field_type == 'time' ) { 220 } else { 221 $value = ( isset( $_POST[ 'vfb-' . $field->field_id ] ) ) ? sanitize_text_field( wp_unslash( $_POST[ 'vfb-' . $field->field_id ] ) ) : ''; 222 223 // If time field, build proper output. 224 if ( is_array( $value ) && 'time' === $field->field_type ) { 226 225 $value = $this->format_field( $value, $field->field_type ); 227 } 228 // If address field, build proper output 229 elseif ( is_array( $value ) && $field->field_type == 'address' ) { 226 } elseif ( is_array( $value ) && 'address' === $field->field_type ) { 227 // If address field, build proper output. 230 228 $value = $this->format_field( $value, $field->field_type ); 231 } 232 // If multiple values, build the list 233 elseif ( is_array( $value ) ) { 229 } elseif ( is_array( $value ) ) { 230 // If multiple values, build the list. 234 231 $value = $this->format_field( $value, $field->field_type ); 235 } elseif ( 'radio' == $field->field_type ) { 236 $value = wp_specialchars_decode( stripslashes( esc_html( $value ) ), ENT_QUOTES ); 237 } 238 // Lastly, handle single values 239 else { 240 $value = html_entity_decode( stripslashes( esc_html( $value ) ), ENT_QUOTES, 'UTF-8' ); 241 } 242 243 // Spam Words - Exploits 232 } elseif ( 'radio' === $field->field_type ) { 233 $value = wp_specialchars_decode( wp_unslash( esc_html( $value ) ), ENT_QUOTES ); 234 } else { 235 $value = html_entity_decode( wp_unslash( esc_html( $value ) ), ENT_QUOTES, 'UTF-8' ); // Lastly, handle single values. 236 } 237 238 // Spam Words - Exploits. 244 239 $exploits = array( 'content-type', 'bcc:', 'cc:', 'document.cookie', 'onclick', 'onload', 'javascript', 'alert' ); 245 240 $exploits = apply_filters( 'vfb_spam_words_exploits', $exploits, $form_id ); 246 241 247 // Spam Words - Exploits 242 // Spam Words - Exploits. 248 243 $profanity = array( 'beastial', 'bestial', 'blowjob', 'clit', 'cock', 'cum', 'cunilingus', 'cunillingus', 'cunnilingus', 'cunt', 'ejaculate', 'fag', 'felatio', 'fellatio', 'fuck', 'fuk', 'fuks', 'gangbang', 'gangbanged', 'gangbangs', 'hotsex', 'jism', 'jiz', 'kock', 'kondum', 'kum', 'kunilingus', 'orgasim', 'orgasims', 'orgasm', 'orgasms', 'phonesex', 'phuk', 'phuq', 'porn', 'pussies', 'pussy', 'spunk', 'xxx' ); 249 244 $profanity = apply_filters( 'vfb_spam_words_profanity', $profanity, $form_id ); 250 245 251 // Spam Words - Misc 246 // Spam Words - Misc. 252 247 $spamwords = array( 'viagra', 'phentermine', 'tramadol', 'adipex', 'advai', 'alprazolam', 'ambien', 'ambian', 'amoxicillin', 'antivert', 'blackjack', 'backgammon', 'holdem', 'poker', 'carisoprodol', 'ciara', 'ciprofloxacin', 'debt', 'dating', 'porn' ); 253 248 $spamwords = apply_filters( 'vfb_spam_words_misc', $spamwords, $form_id ); 254 249 255 // Add up points for each spam hit 250 // Add up points for each spam hit. 256 251 if ( preg_match( '/(' . implode( '|', $exploits ) . ')/i', $value ) ) { 257 252 $points += 2; 258 253 } elseif ( preg_match( '/(' . implode( '|', $profanity ) . ')/i', $value ) ) { 259 $points += 1;254 ++$points; 260 255 } elseif ( preg_match( '/(' . implode( '|', $spamwords ) . ')/i', $value ) ) { 261 $points += 1;262 } 263 264 // Sanitize input 256 ++$points; 257 } 258 259 // Sanitize input. 265 260 $value = $this->sanitize_input( $value, $field->field_type ); 266 // Validate input 261 // Validate input. 267 262 $this->validate_input( $value, $field->field_name, $field->field_type, $field->field_required ); 268 263 269 264 $removed_field_types = array( 'verification', 'secret', 'submit' ); 270 265 271 // Don't add certain fields to the email 266 // Don't add certain fields to the email. 272 267 if ( ! in_array( $field->field_type, $removed_field_types ) ) { 273 if ( $field->field_type == 'fieldset') {268 if ( 'fieldset' === $field->field_type ) { 274 269 $body .= sprintf( 275 270 '<tr style="background-color:#393E40;color:white;font-size:14px;"> 276 <td colspan="2">%1$s</td> 277 </tr>' . "\n", 278 stripslashes( $field->field_name ) 279 ); 280 } elseif ( $field->field_type == 'section' ) { 271 <td colspan="2">%1$s</td> 272 </tr>' . "\n", 273 wp_unslash( $field->field_name ) 274 ); } elseif ( 'section' === $field->field_type ) { 281 275 $body .= sprintf( 282 276 '<tr style="background-color:#6E7273;color:white;font-size:14px;"> 283 <td colspan="2">%1$s</td> 284 </tr>' . "\n", 285 stripslashes( $field->field_name ) 286 ); 287 } else { 288 // Convert new lines to break tags for textarea in html 289 $display_value = ( 'textarea' == $field->field_type ) ? nl2br( $value ) : $value; 290 291 $body .= sprintf( 292 '<tr> 293 <td><strong>%1$s: </strong></td> 294 <td>%2$s</td> 295 </tr>' . "\n", 296 stripslashes( $field->field_name ), 297 $display_value 298 ); 299 } 277 <td colspan="2">%1$s</td> 278 </tr>' . "\n", 279 wp_unslash( $field->field_name ) 280 ); } else { 281 // Convert new lines to break tags for textarea in html. 282 $display_value = ( 'textarea' == $field->field_type ) ? nl2br( $value ) : $value; 283 284 $body .= sprintf( 285 '<tr> 286 <td><strong>%1$s: </strong></td> 287 <td>%2$s</td> 288 </tr>' . "\n", 289 wp_unslash( $field->field_name ), 290 $display_value 291 ); 292 } 300 293 } 301 294 … … 311 304 } 312 305 313 // If the user accumulates more than 4 points, it might be spam 306 // If the user accumulates more than 4 points, it might be spam. 314 307 if ( $points > $settings_spam_points ) { 315 wp_die( __( 'Your responses look too much like spam and could not be sent at this time.', 'visual-form-builder' ), '', array( 'back_link' => true ) );308 wp_die( esc_html__( 'Your responses look too much like spam and could not be sent at this time.', 'visual-form-builder' ), '', array( 'back_link' => true ) ); 316 309 } 317 310 } 318 311 319 // Setup our entries data 312 // Setup our entries data. 320 313 $entry = array( 321 314 'form_id' => $form_id, … … 326 319 'emails_to' => serialize( $form_settings->form_to ), 327 320 'date_submitted' => date_i18n( 'Y-m-d H:i:s' ), 328 'ip_address' => esc_html( $_SERVER['REMOTE_ADDR'] ),321 'ip_address' => isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '', 329 322 ); 330 323 331 // Settings - Disable Saving Entries 324 // Settings - Disable Saving Entries. 332 325 $settings_disable_saving = isset( $vfb_settings['disable-saving-entries'] ) ? $vfb_settings['disable-saving-entries'] : ''; 333 326 334 // Insert this data into the entries table if setting is not set 327 // Insert this data into the entries table if setting is not set. 335 328 if ( empty( $settings_disable_saving ) ) { 336 329 $wpdb->insert( VFB_WP_ENTRIES_TABLE_NAME, $entry ); 337 330 } 338 331 339 // Close out the content 332 // Close out the content. 340 333 $footer .= '<tr> 341 <td class="footer" height="61" align="left" valign="middle" colspan="2">342 <p style="font-size: 12px; font-weight: normal; margin: 0; line-height: 16px; padding: 0;">This email was built and sent using <a href="http://wordpress.org/extend/plugins/visual-form-builder/" style="font-size: 12px;">Visual Form Builder</a>.</p>343 </td>344 </tr>345 </table>346 </body>347 </html>' . "\n";348 349 // Build complete HTML email 334 <td class="footer" height="61" align="left" valign="middle" colspan="2"> 335 <p style="font-size: 12px; font-weight: normal; margin: 0; line-height: 16px; padding: 0;">This email was built and sent using <a href="http://wordpress.org/extend/plugins/visual-form-builder/" style="font-size: 12px;">Visual Form Builder</a>.</p> 336 </td> 337 </tr> 338 </table> 339 </body> 340 </html>' . "\n"; 341 342 // Build complete HTML email. 350 343 $message = $header . $body . $footer; 351 344 352 // Wrap lines longer than 70 words to meet email standards 345 // Wrap lines longer than 70 words to meet email standards. 353 346 $message = wordwrap( $message, 70 ); 354 347 355 // Decode HTML for message so it outputs properly 356 $notify_message = ( $form_settings->form_notification_message !== '') ? html_entity_decode( $form_settings->form_notification_message ) : '';357 358 // Initialize header filter vars 359 $header_from_name = function_exists( 'mb_encode_mimeheader' ) ? mb_encode_mimeheader( stripslashes( $reply_to_name ) ) : stripslashes( $reply_to_name );348 // Decode HTML for message so it outputs properly. 349 $notify_message = ! empty( $form_settings->form_notification_message ) ? html_entity_decode( $form_settings->form_notification_message ) : ''; 350 351 // Initialize header filter vars. 352 $header_from_name = function_exists( 'mb_encode_mimeheader' ) ? mb_encode_mimeheader( wp_unslash( $reply_to_name ) ) : wp_unslash( $reply_to_name ); 360 353 $header_from = $reply_to_email; 361 354 $header_content_type = 'text/html'; 362 355 363 // Either prepend the notification message to the submitted entry, or send by itself 364 if ( $form_settings->form_notification_entry !== '') {356 // Either prepend the notification message to the submitted entry, or send by itself. 357 if ( ! empty( $form_settings->form_notification_entry ) ) { 365 358 $auto_response_email = $header . $notify_message . $body . $footer; 366 359 } else { … … 373 366 } 374 367 375 // Build email headers 376 $from_name = ( $header_from_name == '') ? 'WordPress' : $header_from_name;377 378 // Use the admin_email as the From email 368 // Build email headers. 369 $from_name = empty( $header_from_name ) ? 'WordPress' : $header_from_name; 370 371 // Use the admin_email as the From email. 379 372 $from_email = get_option( 'admin_email' ); 380 373 381 374 // Get the site domain and get rid of www. 382 $sitename = strtolower( $_SERVER['SERVER_NAME'] );383 if ( substr( $sitename, 0, 4 ) == 'www.' ) {375 $sitename = isset( $_SERVER['SERVER_NAME'] ) ? strtolower( sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) ) ) : 'localhost'; 376 if ( substr( $sitename, 0, 4 ) === 'www.' ) { 384 377 $sitename = substr( $sitename, 4 ); 385 378 } 386 379 387 // Get the domain from the admin_email 380 // Get the domain from the admin_email. 388 381 list( $user, $domain ) = explode( '@', $from_email ); 389 382 390 // If site domain and admin_email domain match, use admin_email, otherwise a same domain email must be created 383 // If site domain and admin_email domain match, use admin_email, otherwise a same domain email must be created. 391 384 $from_email = ( $sitename == $domain ) ? $from_email : "wordpress@$sitename"; 392 385 393 // Settings - Sender Mail Header 386 // Settings - Sender Mail Header. 394 387 $settings_sender_header = isset( $vfb_settings['sender-mail-header'] ) ? $vfb_settings['sender-mail-header'] : $from_email; 395 388 396 // Allow Sender email to be filtered 389 // Allow Sender email to be filtered. 397 390 $from_email = apply_filters( 'vfb_sender_mail_header', $settings_sender_header, $form_id ); 398 391 … … 406 399 $notify_subject = wp_specialchars_decode( $form_settings->form_notification_subject, ENT_QUOTES ); 407 400 408 // Sanitize main emails_to 401 // Sanitize main emails_to. 409 402 $emails_to = array_map( 'sanitize_email', $form_settings->form_to ); 410 403 411 // Send the mail 404 // Send the mail. 412 405 foreach ( $emails_to as $email ) { 413 406 wp_mail( $email, $form_subject, $message, $headers, $attachments ); 414 407 } 415 408 416 // Send auto-responder email 417 if ( $form_settings->form_notification_setting !== '') {418 $attachments = ( $form_settings->form_notification_entry !== '') ? $attachments : '';419 420 // Reset headers for notification email 421 $reply_name = function_exists( 'mb_encode_mimeheader' ) ? mb_encode_mimeheader( stripslashes( $form_settings->form_notification_email_name ) ) : stripslashes( $form_settings->form_notification_email_name );409 // Send auto-responder email. 410 if ( ! empty( $form_settings->form_notification_setting ) ) { 411 $attachments = ! empty( $form_settings->form_notification_entry ) ? $attachments : ''; 412 413 // Reset headers for notification email. 414 $reply_name = function_exists( 'mb_encode_mimeheader' ) ? mb_encode_mimeheader( stripslashes( $form_settings->form_notification_email_name ) ) : wp_unslash( $form_settings->form_notification_email_name ); 422 415 $reply_email = $form_settings->form_notification_email_from; 423 416 $reply_to = "\"$reply_name\" <$reply_email>"; … … 427 420 $headers[] = "Content-Type: $header_content_type; charset=\"" . get_option( 'blog_charset' ) . '"'; 428 421 429 // Send the mail 422 // Send the mail. 430 423 wp_mail( $copy_email, $notify_subject, $auto_response_email, $headers, $attachments ); 431 424 } … … 435 428 * [format_field description] 436 429 * 437 * @param [type] $value [description] 438 * @param string $type [description] 430 * @param [type] $value [description]. 431 * @param string $type [description]. 439 432 * @return [type] [description] 440 433 */ … … 442 435 $output = ''; 443 436 444 // Basic check for type when not set 437 // Basic check for type when not set. 445 438 if ( empty( $type ) ) { 446 439 if ( is_array( $value ) && array_key_exists( 'address', $value ) ) { … … 455 448 } 456 449 457 // Build array'd form item output 450 // Build array'd form item output. 458 451 switch ( $type ) { 459 452 … … 510 503 511 504 default: 512 $output = wp_specialchars_decode( stripslashes( esc_html( $value ) ), ENT_QUOTES );505 $output = wp_specialchars_decode( wp_unslash( esc_html( $value ) ), ENT_QUOTES ); 513 506 break; 514 507 } … … 520 513 * Validate the input 521 514 * 522 * @since 2.2 515 * @param [type] $data [$data description]. 516 * @param [type] $name [$name description]. 517 * @param [type] $type [$type description]. 518 * @param [type] $required [$required description]. 519 * 520 * @return [type] [return description] 523 521 */ 524 522 public function validate_input( $data, $name, $type, $required ) { 525 if ( 'yes' == $required && strlen( $data )== 0 ) {526 wp_die( "<h1>$name</h1><br>" . __( 'This field is required and cannot be empty.', 'visual-form-builder' ), $name, array( 'back_link' => true ) );523 if ( 'yes' === $required && strlen( $data ) === 0 ) { 524 wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'This field is required and cannot be empty.', 'visual-form-builder' ), esc_html( $name ), array( 'back_link' => true ) ); 527 525 } 528 526 529 527 if ( strlen( $data ) > 0 ) { 530 528 switch ( $type ) { 531 532 529 case 'email': 533 530 if ( ! is_email( $data ) ) { 534 wp_die( "<h1>$name</h1><br>" .__( 'Not a valid email address', 'visual-form-builder' ), '', array( 'back_link' => true ) );531 wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid email address', 'visual-form-builder' ), '', array( 'back_link' => true ) ); 535 532 } 536 533 … … 540 537 case 'currency': 541 538 if ( ! is_numeric( $data ) ) { 542 wp_die( "<h1>$name</h1><br>" .__( 'Not a valid number', 'visual-form-builder' ), '', array( 'back_link' => true ) );539 wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid number', 'visual-form-builder' ), '', array( 'back_link' => true ) ); 543 540 } 544 541 … … 549 546 return true; 550 547 } else { 551 wp_die( "<h1>$name</h1><br>" .__( 'Not a valid phone number. Most US/Canada and International formats accepted.', 'visual-form-builder' ), '', array( 'back_link' => true ) );548 wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid phone number. Most US/Canada and International formats accepted.', 'visual-form-builder' ), '', array( 'back_link' => true ) ); 552 549 } 553 550 … … 556 553 case 'url': 557 554 if ( ! preg_match( '|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $data ) ) { 558 wp_die( "<h1>$name</h1><br>" .__( 'Not a valid URL.', 'visual-form-builder' ), '', array( 'back_link' => true ) );555 wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid URL.', 'visual-form-builder' ), '', array( 'back_link' => true ) ); 559 556 } 560 557 561 558 break; 562 563 default:564 return true;565 break;566 567 559 } 560 561 return true; 568 562 } 569 563 } … … 572 566 * Sanitize the input 573 567 * 574 * @since 2.5 568 * @param [type] $data [$data description]. 569 * @param [type] $type [$type description]. 570 * 571 * @return [type] [return description] 575 572 */ 576 573 public function sanitize_input( $data, $type ) { … … 603 600 return wp_kses( $data, $allowed_html ); 604 601 break; 605 606 default:607 return wp_kses_data( $data );608 break;609 602 } 603 604 return wp_kses_data( $data ); 610 605 } 611 606 } … … 615 610 * 616 611 * @access private 617 * @return void612 * @return int 618 613 */ 619 614 private function get_form_id() { … … 632 627 */ 633 628 public function submit_check() { 634 // If form ID hasn't been submitted by $_POST, exit 629 // If form ID hasn't been submitted by $_POST, exit. 635 630 if ( ! $this->get_form_id() ) { 636 631 return; 637 632 } 638 633 639 // If form ID hasn't been submitted by $_POST, exit 634 // If form ID hasn't been submitted by $_POST, exit. 640 635 if ( ! isset( $_POST['vfb-submit'] ) ) { 641 636 return; -
visual-form-builder/trunk/public/class-form-display.php
r2726235 r2727061 19 19 * @return void 20 20 */ 21 protected function __construct() { 21 protected function __construct() {} 22 22 23 23 /** … … 26 26 * @return void 27 27 */ 28 private function __clone() { 28 private function __clone() {} 29 29 30 30 /** … … 33 33 * @return void 34 34 */ 35 private function __wakeup() { 35 private function __wakeup() {} 36 36 37 37 /** … … 66 66 */ 67 67 public function css() { 68 68 $scripts = new Visual_Form_Builder_Scripts_Loader(); 69 69 $scripts->add_css(); 70 70 } … … 93 93 $security = new Visual_Form_Builder_Security(); 94 94 95 // Secret check 95 // Secret check. 96 96 if ( true !== $security->secret_check() ) { 97 97 wp_die( $security->secret_check() ); 98 98 } 99 99 100 // Referer check 100 // Referer check. 101 101 if ( true !== $security->referer_check() ) { 102 102 wp_die( $security->referer_check() ); 103 103 } 104 104 105 // SPAM Bot check 105 // SPAM Bot check. 106 106 if ( true !== $security->bot_check() ) { 107 107 wp_die( $security->bot_check() ); 108 108 } 109 109 110 // Honeypot check 110 // Honeypot check. 111 111 if ( true !== $security->honeypot_check() ) { 112 112 wp_die( $security->honeypot_check() ); … … 126 126 $email = new Visual_Form_Builder_Email(); 127 127 128 // If form hasn't been submitted, exit 128 // If form hasn't been submitted, exit. 129 129 if ( null == $email->submit_check() ) { 130 130 return; 131 131 } 132 132 133 // Run security checks 133 // Run security checks. 134 134 self::security_checks(); 135 135 … … 139 139 /** 140 140 * Handle the confirmation redirects 141 *142 141 * Must be hooked into 'init' so it works properly 143 142 * 144 * @access public 145 * @return void 143 * @param [type] $form_id [$form_id description]. 144 * 145 * @return [type] [return description] 146 146 */ 147 147 public static function process_redirect( $form_id ) { 148 148 $confirmation = new Visual_Form_Builder_Confirmation( $form_id ); 149 149 150 // If form hasn't been submitted, exit 150 // If form hasn't been submitted, exit. 151 151 if ( null == $confirmation->submit_check() ) { 152 152 return; 153 153 } 154 154 155 // WP Page 155 // WP Page. 156 156 $confirmation->wp_page(); 157 157 158 // Custom URL 158 // Custom URL. 159 159 $confirmation->redirect(); 160 160 } … … 162 162 /** 163 163 * Handle the Text message confirmation action 164 *165 164 * Called directly from the display() function below 166 165 * 167 * @access public 168 * @return void 166 * @param [type] $form_id [$form_id description]. 167 * 168 * @return [type] [return description] 169 169 */ 170 170 public static function process_confirmation( $form_id ) { 171 171 $confirmation = new Visual_Form_Builder_Confirmation( $form_id ); 172 172 173 // If form hasn't been submitted, exit 173 // If form hasn't been submitted, exit. 174 174 if ( null == $confirmation->submit_check() ) { 175 175 return; 176 176 } 177 177 178 // Save entry ID to class instance 179 // self::$entry_id = $entry_id; 178 // Save entry ID to class instance. 179 // self::$entry_id = $entry_id;. 180 180 $message = $confirmation->text(); 181 181 … … 184 184 185 185 /** 186 * Display form 187 * 188 * @access public 189 * @param mixed $atts 190 * @return void 186 * Display Form 187 * 188 * @param [type] $atts [$atts description]. 189 * @param [type] $output [$output description]. 190 * 191 * @return [type] [return description] 191 192 */ 192 193 public static function display( $atts, $output = '' ) { 193 194 wp_enqueue_script( 'jquery-form-validation' ); 194 195 wp_enqueue_script( 'visual-form-builder-validation' ); 195 196 wp_enqueue_script( 'visual-form-builder-metadata' ); … … 206 207 $form_id = absint( $atts['id'] ); 207 208 208 // Text confirmation 209 // Text confirmation. 209 210 $confirm_message = self::process_confirmation( $form_id ); 210 211 211 // If text message is returned, output 212 // If text message is returned, output. 212 213 if ( null !== $confirm_message ) { 213 214 return $confirm_message; … … 217 218 $fields = self::get_fields( $form_id ); 218 219 219 // Setup default variables 220 // Setup default variables. 220 221 $count = 1; 221 222 $open_fieldset = $open_section = false; … … 223 224 $verification = ''; 224 225 225 $label_alignment = ( $form->form_label_alignment !== '') ? esc_attr( " $form->form_label_alignment" ) : '';226 227 // Start form container 226 $label_alignment = ! empty( $form->form_label_alignment ) ? esc_attr( " $form->form_label_alignment" ) : ''; 227 228 // Start form container. 228 229 $output .= sprintf( '<div id="vfb-form-%d" class="visual-form-builder-container">', $form_id ); 229 230 230 231 $output .= sprintf( 231 232 '<form id="%1$s-%2$d" class="visual-form-builder %3$s %4$s" method="post" enctype="multipart/form-data"> 232 <input type="hidden" name="form_id" value="%5$d" />',233 <input type="hidden" name="form_id" value="%5$d" />', 233 234 esc_attr( $form->form_key ), 234 235 $form_id, … … 241 242 $field_id = absint( $field->field_id ); 242 243 $field_type = esc_html( $field->field_type ); 243 $field_name = esc_html( stripslashes( $field->field_name ) );244 $required_span = ( ! empty( $field->field_required ) && $field->field_required === 'yes' )? ' <span class="vfb-required-asterisk">*</span>' : '';245 $required = ( ! empty( $field->field_required ) && $field->field_required === 'yes' )? esc_attr( ' required' ) : '';246 $validation = ( ! empty( $field->field_validation )) ? esc_attr( " $field->field_validation" ) : '';247 $css = ( ! empty( $field->field_css )) ? esc_attr( " $field->field_css" ) : '';244 $field_name = esc_html( wp_unslash( $field->field_name ) ); 245 $required_span = ! empty( $field->field_required ) && 'yes' === $field->field_required ? ' <span class="vfb-required-asterisk">*</span>' : ''; 246 $required = ! empty( $field->field_required ) && 'yes' === $field->field_required ? esc_attr( ' required' ) : ''; 247 $validation = ! empty( $field->field_validation ) ? esc_attr( " $field->field_validation" ) : ''; 248 $css = ! empty( $field->field_css ) ? esc_attr( " $field->field_css" ) : ''; 248 249 $id_attr = "vfb-{$field_id}"; 249 $size = ( ! empty( $field->field_size ) ) ? esc_attr( " vfb-$field->field_size" ) : ''; 250 $layout = ( ! empty( $field->field_layout ) ) ? esc_attr( " vfb-$field->field_layout" ) : ''; 251 $default = ( ! empty( $field->field_default ) ) ? wp_specialchars_decode( esc_html( stripslashes( $field->field_default ) ), ENT_QUOTES ) : ''; 252 $description = ( ! empty( $field->field_description ) ) ? wp_specialchars_decode( esc_html( stripslashes( $field->field_description ) ), ENT_QUOTES ) : ''; 253 254 // Close each section 255 if ( $open_section == true ) { 256 // If this field's parent does NOT equal our section ID 257 if ( $sec_id && $sec_id !== absint( $field->field_parent ) ) { 250 $size = ! empty( $field->field_size ) ? esc_attr( " vfb-$field->field_size" ) : ''; 251 $layout = ! empty( $field->field_layout ) ? esc_attr( " vfb-$field->field_layout" ) : ''; 252 $default = ! empty( $field->field_default ) ? wp_specialchars_decode( esc_html( wp_unslash( $field->field_default ) ), ENT_QUOTES ) : ''; 253 $description = ! empty( $field->field_description ) ? wp_specialchars_decode( esc_html( wp_unslash( $field->field_description ) ), ENT_QUOTES ) : ''; 254 255 // Close each section. 256 if ( true === $open_section ) { 257 // If this field's parent does NOT equal our section ID. 258 $field_parent = absint( $field->field_parent ); 259 if ( $sec_id && $sec_id !== $field_parent ) { 258 260 $output .= '</div><div class="vfb-clear"></div>'; 259 261 $open_section = false; … … 261 263 } 262 264 263 // Force an initial fieldset and display an error message to strongly encourage user to add one 264 if ( $count === 1 && $field_type !== 'fieldset') {265 // Force an initial fieldset and display an error message to strongly encourage user to add one. 266 if ( 1 === $count && 'fieldset' !== $field_type ) { 265 267 $output .= sprintf( 266 268 '<fieldset class="vfb-fieldset"><div class="vfb-legend" style="background-color:#FFEBE8;border:1px solid #CC0000;"><h3>%1$s</h3><p style="color:black;">%2$s</p></div><ul class="section section-%3$d">', 267 __( 'Oops! Missing Fieldset', 'visual-form-builder' ),268 __( 'If you are seeing this message, it means you need to <strong>add a Fieldset to the beginning of your form</strong>. Your form may not function or display properly without one.', 'visual-form-builder' ),269 esc_html__( 'Oops! Missing Fieldset', 'visual-form-builder' ), 270 esc_html__( 'If you are seeing this message, it means you need to <strong>add a Fieldset to the beginning of your form</strong>. Your form may not function or display properly without one.', 'visual-form-builder' ), 269 271 $count 270 272 ); … … 273 275 } 274 276 275 if ( $field_type == 'fieldset') {276 // Close each fieldset 277 if ( $open_fieldset == true) {277 if ( 'fieldset' === $field_type ) { 278 // Close each fieldset. 279 if ( true === $open_fieldset ) { 278 280 $output .= '</ul> </fieldset>'; 279 281 } 280 282 281 // Only display Legend if field name is not blank 283 // Only display Legend if field name is not blank. 282 284 $legend = ! empty( $field_name ) ? sprintf( '<div class="vfb-legend"><h3>%s</h3></div>', $field_name ) : ' '; 283 285 … … 293 295 $open_fieldset = true; 294 296 $count++; 295 } elseif ( $field_type == 'section') {297 } elseif ( 'section' === $field_type ) { 296 298 $output .= sprintf( 297 299 '<div id="item-%1$s" class="vfb-section-div %2$s"><h4>%3$s</h4>', … … 301 303 ); 302 304 303 // Save section ID for future comparison 305 // Save section ID for future comparison. 304 306 $sec_id = $field_id; 305 307 $open_section = true; … … 307 309 $columns_choice = ( ! empty( $field->field_size ) && in_array( $field_type, array( 'radio', 'checkbox' ) ) ) ? esc_attr( " vfb-$field->field_size" ) : ''; 308 310 309 if ( $field_type !== 'hidden') {310 // Don't add for attribute for certain form items 311 if ( 'hidden' !== $field_type ) { 312 // Don't add for attribute for certain form items. 311 313 $for = ! in_array( $field_type, array( 'checkbox', 'radio', 'time', 'address', 'instructions' ) ) ? ' for="%4$s"' : ''; 312 314 … … 323 325 } elseif ( in_array( $field_type, array( 'verification', 'secret' ) ) ) { 324 326 325 if ( $field_type == 'verification') {327 if ( 'verification' === $field_type ) { 326 328 $verification .= sprintf( 327 329 '<fieldset class="vfb-fieldset vfb-fieldset-%1$d %2$s %3$s" id="item-%4$s" style="display:block"><div class="vfb-legend"><h3>%5$s</h3></div><ul class="vfb-section vfb-section-%1$d">', … … 334 336 } 335 337 336 if ( $field_type == 'secret') {337 // Default logged in values 338 if ( 'secret' === $field_type ) { 339 // Default logged in values. 338 340 $logged_in_display = $logged_in_value = ''; 339 341 340 // If the user is logged in, fill the field in for them 342 // If the user is logged in, fill the field in for them. 341 343 if ( is_user_logged_in() ) { 342 // Hide the secret field if logged in 344 // Hide the secret field if logged in. 343 345 $logged_in_display = ' style="display:none;"'; 344 346 $logged_in_value = 14; 345 347 346 // Get logged in user details 348 // Get logged in user details. 347 349 $user = wp_get_current_user(); 348 350 $user_identity = ! empty( $user->ID ) ? $user->display_name : ''; 349 351 350 // Display a message for logged in users 351 $logged_in_as = sprintf( __( 'Logged in as <a href="%1$s">%2$s</a>. Verification not required.', 'visual-form-builder' ), admin_url( 'profile.php' ), $user_identity );352 // Display a message for logged in users. 353 $logged_in_as = sprintf( esc_html__( 'Logged in as <a href="%1$s">%2$s</a>. Verification not required.', 'visual-form-builder' ), admin_url( 'profile.php' ), $user_identity ); 352 354 353 355 $verification .= sprintf( … … 367 369 ); 368 370 369 // Set variable for testing if required is Yes/No 370 $verification .= ( empty( $required )) ? '<input type="hidden" name="_vfb-required-secret" value="0" />' : '';371 372 // Set hidden secret to matching input 371 // Set variable for testing if required is Yes/No. 372 $verification .= empty( $required ) ? '<input type="hidden" name="_vfb-required-secret" value="0" />' : ''; 373 374 // Set hidden secret to matching input. 373 375 $verification .= sprintf( '<input type="hidden" name="_vfb-secret" value="vfb-%d" />', $field_id ); 374 376 … … 397 399 case 'number': 398 400 case 'phone': 399 // HTML5 types 401 // HTML5 types. 400 402 if ( in_array( $field_type, array( 'email', 'url' ) ) ) { 401 403 $type = esc_attr( $field_type ); … … 435 437 $output .= '<div>'; 436 438 437 $output .= ( ! empty( $description )) ? sprintf( '<span class="vfb-span"><label>%2$s</label></span>%1$s', $form_item, $description ) : $form_item;439 $output .= ! empty( $description ) ? sprintf( '<span class="vfb-span"><label>%2$s</label></span>%1$s', $form_item, $description ) : $form_item; 438 440 439 441 $output .= '</div>'; … … 446 448 $options = ''; 447 449 448 // Loop through each option and output 450 // Loop through each option and output. 449 451 foreach ( $field_options as $option => $value ) { 450 $options .= sprintf( '<option value="%1$s"%2$s>%1$s</option>', esc_attr( trim( stripslashes( $value ) ) ), selected( $default, ++$option, 0 ) );452 $options .= sprintf( '<option value="%1$s"%2$s>%1$s</option>', esc_attr( trim( wp_unslash( $value ) ) ), selected( $default, ++$option, 0 ) ); 451 453 } 452 454 … … 470 472 $options = ''; 471 473 472 // Loop through each option and output 474 // Loop through each option and output. 473 475 foreach ( $field_options as $option => $value ) { 474 476 $option++; … … 481 483 $required, 482 484 $css, 483 esc_attr( trim( stripslashes( $value ) ) ),484 wp_specialchars_decode( stripslashes( $value ) ),485 esc_attr( trim( wp_unslash( $value ) ) ), 486 wp_specialchars_decode( wp_unslash( $value ) ), 485 487 checked( $default, $option, 0 ) 486 488 ); … … 502 504 $options = ''; 503 505 504 // Loop through each option and output 506 // Loop through each option and output. 505 507 foreach ( $field_options as $option => $value ) { 506 508 $options .= sprintf( … … 511 513 $required, 512 514 $css, 513 esc_attr( trim( stripslashes( $value ) ) ),514 wp_specialchars_decode( stripslashes( $value ) ),515 esc_attr( trim( wp_unslash( $value ) ) ), 516 wp_specialchars_decode( wp_unslash( $value ) ), 515 517 checked( $default, ++$option, 0 ) 516 518 ); … … 528 530 529 531 case 'address': 530 // Get global settings 532 // Get global settings. 531 533 $vfb_settings = get_option( 'vfb-settings' ); 532 534 533 // Settings - Place Address labels above fields 535 // Settings - Place Address labels above fields. 534 536 $settings_address_labels = isset( $vfb_settings['address-labels'] ) ? false : true; 535 537 … … 538 540 $address_parts = array( 539 541 'address' => array( 540 'label' => __( 'Street Address', 'visual-form-builder' ),542 'label' => esc_html__( 'Street Address', 'visual-form-builder' ), 541 543 'layout' => 'full', 542 544 ), 543 545 'address-2' => array( 544 'label' => __( 'Apt, Suite, Bldg. (optional)', 'visual-form-builder' ),546 'label' => esc_html__( 'Apt, Suite, Bldg. (optional)', 'visual-form-builder' ), 545 547 'layout' => 'full', 546 548 ), 547 549 'city' => array( 548 'label' => __( 'City', 'visual-form-builder' ),550 'label' => esc_html__( 'City', 'visual-form-builder' ), 549 551 'layout' => 'left', 550 552 ), 551 553 'state' => array( 552 'label' => __( 'State / Province / Region', 'visual-form-builder' ),554 'label' => esc_html__( 'State / Province / Region', 'visual-form-builder' ), 553 555 'layout' => 'right', 554 556 ), 555 557 'zip' => array( 556 'label' => __( 'Postal / Zip Code', 'visual-form-builder' ),558 'label' => esc_html__( 'Postal / Zip Code', 'visual-form-builder' ), 557 559 'layout' => 'left', 558 560 ), 559 561 'country' => array( 560 'label' => __( 'Country', 'visual-form-builder' ),562 'label' => esc_html__( 'Country', 'visual-form-builder' ), 561 563 'layout' => 'right', 562 564 ), … … 571 573 foreach ( $address_parts as $parts => $part ) { 572 574 573 // Make sure the second address line is not required 575 // Make sure the second address line is not required. 574 576 $addr_required = ( 'address-2' !== $parts ) ? $required : ''; 575 577 … … 617 619 618 620 case 'date': 619 // Load jQuery UI datepicker library 621 // Load jQuery UI datepicker library. 620 622 wp_enqueue_script( 'jquery-ui-datepicker' ); 621 623 wp_enqueue_script( 'vfb-datepicker-i18n' ); 622 624 623 625 $options = maybe_unserialize( $field->field_options ); 624 $date Format = ( $options )? $options['dateFormat'] : '';626 $date_format = $options ? $options['dateFormat'] : ''; 625 627 626 628 $form_item = sprintf( … … 632 634 $required, 633 635 $css, 634 $date Format636 $date_format 635 637 ); 636 638 … … 642 644 $hour = $minute = $ampm = ''; 643 645 644 // Get the time format (12 or 24) 646 // Get the time format (12 or 24). 645 647 $time_format = str_replace( 'time-', '', $validation ); 646 648 … … 649 651 $min_interval = apply_filters( 'vfb_time_min_interval', 5, $form_id ); 650 652 651 // Set whether we start with 0 or 1 and how many total hours 652 $hour_start = ( $time_format == '12' )? 1 : 0;653 $hour_total = ( $time_format == '12' )? 12 : 23;654 655 // Hour 653 // Set whether we start with 0 or 1 and how many total hours. 654 $hour_start = '12' === $time_format ? 1 : 0; 655 $hour_total = '12' === $time_format ? 12 : 23; 656 657 // Hour. 656 658 for ( $i = $hour_start; $i <= $hour_total; $i++ ) { 657 659 $hour .= sprintf( '<option value="%1$02d">%1$02d</option>', $i ); 658 660 } 659 661 660 // Minute 662 // Minute. 661 663 for ( $i = 0; $i <= $total_mins; $i += $min_interval ) { 662 664 $minute .= sprintf( '<option value="%1$02d">%1$02d</option>', $i ); 663 665 } 664 666 665 // AM/PM 666 if ( $time_format == '12') {667 // AM/PM. 668 if ( '12' === $time_format ) { 667 669 $ampm = sprintf( 668 670 '<span class="vfb-time"><select name="vfb-%1$d[ampm]" id="%2$s-ampm" class="vfb-select %5$s %6$s"><option value="AM">AM</option><option value="PM">PM</option></select><label for="%2$s-ampm">AM/PM</label></span>', … … 726 728 } 727 729 728 // Use output buffering to capture wp_editor 730 // Use output buffering to capture wp_editor. 729 731 ob_start(); 730 732 … … 739 741 case 'file-upload': 740 742 $options = maybe_unserialize( $field->field_options ); 741 $accept = ( ! empty( $options[0] )) ? " {accept:'$options[0]'}" : '';743 $accept = ! empty( $options[0] ) ? " {accept:'$options[0]'}" : ''; 742 744 743 745 $form_item = sprintf( … … 753 755 ); 754 756 755 $output .= ( ! empty( $description )) ? sprintf( '<span class="vfb-span">%1$s<label>%2$s</label></span>', $form_item, $description ) : $form_item;757 $output .= ! empty( $description ) ? sprintf( '<span class="vfb-span">%1$s<label>%2$s</label></span>', $form_item, $description ) : $form_item; 756 758 757 759 break; 758 760 759 761 case 'instructions': 760 $output .= wp_specialchars_decode( esc_html( stripslashes( $description ) ), ENT_QUOTES );762 $output .= wp_specialchars_decode( esc_html( wp_unslash( $description ) ), ENT_QUOTES ); 761 763 762 764 break; … … 779 781 } 780 782 781 // Closing </li> 782 $output .= ( ! in_array( $field_type, array( 'verification', 'secret', 'submit', 'fieldset', 'section' )) ) ? '</li>' : '';783 } 784 785 // Close user-added fields 783 // Closing </li>. 784 $output .= ! in_array( $field_type, array( 'verification', 'secret', 'submit', 'fieldset', 'section' ) ) ? '</li>' : ''; 785 } 786 787 // Close user-added fields. 786 788 $output .= '</ul> </fieldset>'; 787 789 788 // Make sure the verification displays even if they have not updated their form 790 // Make sure the verification displays even if they have not updated their form. 789 791 if ( empty( $verification ) ) { 790 792 $verification = sprintf( 791 793 '<fieldset class="vfb-fieldset vfb-verification" style="display:block"> 792 <div class="vfb-legend"><h3>%1$s</h3></div>793 <ul class="vfb-section vfb-section-%2$d">794 <li class="vfb-item vfb-item-text" style="display:block">795 <label for="vfb-secret" class="vfb-desc">%3$s<span>*</span></label>796 <div><input type="text" name="vfb-secret" id="vfb-secret" class="vfb-text vfb-medium" style="display:block" /></div>797 </li>',798 __( 'Verification', 'visual-form-builder' ),794 <div class="vfb-legend"><h3>%1$s</h3></div> 795 <ul class="vfb-section vfb-section-%2$d"> 796 <li class="vfb-item vfb-item-text" style="display:block"> 797 <label for="vfb-secret" class="vfb-desc">%3$s<span>*</span></label> 798 <div><input type="text" name="vfb-secret" id="vfb-secret" class="vfb-text vfb-medium" style="display:block" /></div> 799 </li>', 800 esc_html__( 'Verification', 'visual-form-builder' ), 799 801 $count, 800 __( 'Please enter any two digits with <strong>no</strong> spaces (Example: 12)', 'visual-form-builder' )802 esc_html__( 'Please enter any two digits with <strong>no</strong> spaces (Example: 12)', 'visual-form-builder' ) 801 803 ); 802 804 } 803 805 804 // Output our security test 806 // Output our security test. 805 807 $output .= sprintf( 806 808 $verification . 807 809 '<li style="display:none;"><label>%1$s:</label><div><input name="vfb-spam" /></div></li> 808 809 810 __( 'This box is for spam protection - <strong>please leave it blank</strong>', 'visual-form-builder' ),810 %2$s</ul> 811 </fieldset>', 812 esc_html__( 'This box is for spam protection - <strong>please leave it blank</strong>', 'visual-form-builder' ), 811 813 $submit 812 814 ); … … 814 816 $output .= wp_referer_field( false ); 815 817 816 // Close the form out 818 // Close the form out. 817 819 $output .= '</form>'; 818 820 819 // Close form container 821 // Close form container. 820 822 $output .= '</div> <!-- .visual-form-builder-container -->'; 821 823 822 // Force tags to balance 824 // Force tags to balance. 823 825 force_balance_tags( $output ); 824 826 … … 829 831 * [get_form description] 830 832 * 831 * @param [type] $form_id [description] 833 * @param [type] $form_id [description]. 832 834 * @return [type] [description] 833 835 */ … … 848 850 * [get_fields description] 849 851 * 850 * @param [type] $form_id [description] 852 * @param [type] $form_id [description]. 851 853 * @return [type] [description] 852 854 */ 853 855 public static function get_fields( $form_id ) { 854 856 global $wpdb; 855 857 856 858 $order_fields = sanitize_sql_orderby( 'field_sequence ASC' ); -
visual-form-builder/trunk/public/class-load-css-js.php
r2726235 r2727061 15 15 */ 16 16 public function add_css() { 17 17 wp_register_style( 'vfb-jqueryui-css', apply_filters( 'vfb-date-picker-css', VFB_WP_PLUGIN_URL . 'public/assets/css/smoothness/jquery-ui-1.10.3.min.css' ), array(), '2013.12.03' ); 18 18 wp_register_style( 'visual-form-builder-css', apply_filters( 'visual-form-builder-css', VFB_WP_PLUGIN_URL . 'public/assets/css/visual-form-builder.min.css' ), array(), '2014.04.12' ); 19 19 20 20 $vfb_settings = get_option( 'vfb-settings' ); 21 21 22 // Settings - Always load CSS 22 // Settings - Always load CSS. 23 23 if ( isset( $vfb_settings['always-load-css'] ) ) { 24 24 wp_enqueue_style( 'visual-form-builder-css' ); … … 28 28 } 29 29 30 // Settings - Disable CSS 30 // Settings - Disable CSS. 31 31 if ( isset( $vfb_settings['disable-css'] ) ) { 32 32 return; 33 33 } 34 34 35 // Get active widgets 35 // Get active widgets. 36 36 $widget = is_active_widget( false, false, 'vfb_widget' ); 37 37 38 // If no widget is found, test for shortcode 38 // If no widget is found, test for shortcode. 39 39 if ( empty( $widget ) ) { 40 // If WordPress 3.6, use internal function. Otherwise, my own 40 // If WordPress 3.6, use internal function. Otherwise, my own. 41 41 if ( function_exists( 'has_shortcode' ) ) { 42 42 global $post; 43 43 44 // If no post exists, exit 44 // If no post exists, exit. 45 45 if ( ! $post ) { 46 46 return; … … 72 72 $locale = get_locale(); 73 73 $translations = array( 74 'cs_CS', // Czech 75 'de_DE', // German 76 'el_GR', // Greek 77 'en_US', // English (US) 78 'en_AU', // English (AU) 79 'en_GB', // English (GB) 80 'es_ES', // Spanish 81 'fr_FR', // French 82 'he_IL', // Hebrew83 'hu_HU', // Hungarian 84 'id_ID', // Indonseian 85 'it_IT', // Italian 86 'ja_JP', // Japanese 87 'ko_KR', // Korean 88 'nl_NL', // Dutch 89 'pl_PL', // Polish 90 'pt_BR', // Portuguese (Brazilian) 91 'pt_PT', // Portuguese (European) 92 'ro_RO', // Romanian 93 'ru_RU', // Russian 94 'sv_SE', // Swedish 95 'tr_TR', // Turkish96 'zh_CN', // Chinese 97 'zh_TW', // Chinese (Taiwan) 74 'cs_CS', // Czech. 75 'de_DE', // German. 76 'el_GR', // Greek. 77 'en_US', // English (US). 78 'en_AU', // English (AU). 79 'en_GB', // English (GB). 80 'es_ES', // Spanish. 81 'fr_FR', // French. 82 'he_IL', // Hebrew. 83 'hu_HU', // Hungarian. 84 'id_ID', // Indonseian. 85 'it_IT', // Italian. 86 'ja_JP', // Japanese. 87 'ko_KR', // Korean. 88 'nl_NL', // Dutch. 89 'pl_PL', // Polish. 90 'pt_BR', // Portuguese (Brazilian). 91 'pt_PT', // Portuguese (European). 92 'ro_RO', // Romanian. 93 'ru_RU', // Russian. 94 'sv_SE', // Swedish. 95 'tr_TR', // Turkish. 96 'zh_CN', // Chinese. 97 'zh_TW', // Chinese (Taiwan). 98 98 ); 99 99 100 // Load localized vaidation and datepicker text, if translation files exist 100 // Load localized vaidation and datepicker text, if translation files exist. 101 101 if ( in_array( $locale, $translations ) ) { 102 102 wp_register_script( 'vfb-validation-i18n', VFB_WP_PLUGIN_URL . "public/assets/js/i18n/validate/messages-$locale.js", array( 'jquery-form-validation' ), '1.9.0', true ); 103 103 wp_register_script( 'vfb-datepicker-i18n', VFB_WP_PLUGIN_URL . "public/assets/js/i18n/datepicker/datepicker-$locale.js", array( 'jquery-ui-datepicker' ), '1.0', true ); 104 } 105 // Otherwise, load English translations 106 else { 104 } else { 105 // Otherwise, load English translations. 107 106 wp_register_script( 'vfb-validation-i18n', VFB_WP_PLUGIN_URL . 'public/assets/js/i18n/validate/messages-en_US.js', array( 'jquery-form-validation' ), '1.9.0', true ); 108 107 wp_register_script( 'vfb-datepicker-i18n', VFB_WP_PLUGIN_URL . 'public/assets/js/i18n/datepicker/datepicker-en_US.js', array( 'jquery-ui-datepicker' ), '1.0', true ); … … 113 112 * Check whether the content contains the specified shortcode 114 113 * 115 * @ access public116 * @param string $shortcode (default: '')117 * @return void114 * @param [type] $shortcode [$shortcode description]. 115 * 116 * @return shortcode 118 117 */ 119 118 public function has_shortcode( $shortcode = '' ) { 120 119 $post_to_check = get_post( get_the_ID() ); 121 120 122 // false because we have to search through the post content first 121 // false because we have to search through the post content first. 123 122 $found = false; 124 123 125 // if no short code was provided, return false 124 // if no short code was provided, return false. 126 125 if ( ! $shortcode ) { 127 126 return $found; 128 127 } 129 128 130 // check the post content for the short code 129 // check the post content for the short code. 131 130 if ( stripos( $post_to_check->post_content, '[' . $shortcode ) !== false ) { 132 // we have found the short code 131 // we have found the short code. 133 132 $found = true; 134 133 } 135 134 136 // return our final results 135 // return our final results. 137 136 return $found; 138 137 } -
visual-form-builder/trunk/public/class-security.php
r2726235 r2727061 10 10 * @return void 11 11 */ 12 public function __construct() { 12 public function __construct() {} 13 13 14 14 /** 15 * honeypot_check function.15 * Honeypot_check function. 16 16 * 17 17 * @access public 18 * @return void18 * @return true 19 19 */ 20 20 public function honeypot_check() { … … 31 31 32 32 /** 33 * secret_check function.33 * Secret_check function. 34 34 * 35 35 * @access public 36 * @return void36 * @return true 37 37 */ 38 38 public function secret_check() { 39 $required = ( isset( $_POST['_vfb-required-secret'] ) && $_POST['_vfb-required-secret'] == '0' )? false : true;40 $secret_field = ( isset( $_POST['_vfb-secret'] ) ) ? sanitize_text_field( $_POST['_vfb-secret']) : '';39 $required = isset( $_POST['_vfb-required-secret'] ) && '0' === $_POST['_vfb-required-secret'] ? false : true; 40 $secret_field = isset( $_POST['_vfb-secret'] ) ? sanitize_text_field( wp_unslash( $_POST['_vfb-secret'] ) ) : ''; 41 41 42 // If the verification is set to required, run validation check 43 if ( true == $required && ! empty( $secret_field ) ) { 44 if ( ! is_numeric( $_POST[ $secret_field ] ) || strlen( $_POST[ $secret_field ] ) !== 2 ) { 45 return __( 'Security check: failed secret question. Please try again!', 'visual-form-builder' ); 42 // If the verification is set to required, run validation check. 43 if ( true === $required && ! empty( $secret_field ) ) { 44 if ( isset( $_POST[ $secret_field ] ) ) { 45 $post_secret_field = sanitize_text_field( wp_unslash( $_POST[ $secret_field ] ) ); 46 if ( ! is_numeric( $post_secret_field ) || strlen( $post_secret_field ) !== 2 ) { 47 return esc_html__( 'Security check: failed secret question. Please try again!', 'visual-form-builder' ); 48 } 46 49 } 47 50 } … … 56 59 */ 57 60 public function referer_check() { 58 $referrer = ( isset( $_POST['_wp_http_referer'] ) ) ? sanitize_text_field( $_POST['_wp_http_referer']) : false;61 $referrer = isset( $_POST['_wp_http_referer'] ) ? sanitize_text_field( wp_unslash( $_POST['_wp_http_referer'] ) ) : false; 59 62 $wp_get_referer = wp_get_referer(); 60 $form_id = absint( $_POST['form_id'] );63 $form_id = isset( $_POST['form_id'] ) ? absint( $_POST['form_id'] ) : 0; 61 64 62 65 $skip_referrer_check = apply_filters( 'vfb_skip_referrer_check', false, $form_id ); 63 66 64 // Test if referral URL has been set 67 // Test if referral URL has been set. 65 68 if ( ! $referrer ) { 66 return __( 'Security check: referal URL does not appear to be set.', 'visual-form-builder' );69 return esc_html__( 'Security check: referal URL does not appear to be set.', 'visual-form-builder' ); 67 70 } 68 71 69 // Allow referrer check to be skipped 72 // Allow referrer check to be skipped. 70 73 if ( ! $skip_referrer_check ) { 71 // Test if the referral URL matches what sent from WordPress 74 // Test if the referral URL matches what sent from WordPress. 72 75 if ( $wp_get_referer ) { 73 return __( 'Security check: referal does not match this site.', 'visual-form-builder' );76 return esc_html__( 'Security check: referal does not match this site.', 'visual-form-builder' ); 74 77 } 75 78 } … … 84 87 * 85 88 * @access public 86 * @return void89 * @return true 87 90 */ 88 91 public function bot_check() { … … 120 123 ); 121 124 122 $user_agent = isset( $_SERVER['HTTP_USER_AGENT'] ) ? wp_kses_data( $_SERVER['HTTP_USER_AGENT']) : '';125 $user_agent = isset( $_SERVER['HTTP_USER_AGENT'] ) ? wp_kses_data( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ) : ''; 123 126 124 do_action( 'vfb_is Bot', $user_agent, $bots );127 do_action( 'vfb_isbot', $user_agent, $bots ); 125 128 126 129 foreach ( $bots as $bot ) { 127 130 if ( stripos( $user_agent, $bot ) !== false ) { 128 return __( 'Security check: looks like you are a SPAM bot. If you think this is an error, please email the site owner.', 'visual-form-builder' );131 return esc_html__( 'Security check: looks like you are a SPAM bot. If you think this is an error, please email the site owner.', 'visual-form-builder' ); 129 132 } 130 133 } -
visual-form-builder/trunk/visual-form-builder.php
r2726967 r2727061 52 52 * @return void 53 53 */ 54 protected function __construct() { 54 protected function __construct() {} 55 55 56 56 /** … … 59 59 * @return void 60 60 */ 61 private function __clone() { 61 private function __clone() {} 62 62 63 63 /** … … 66 66 * @return void 67 67 */ 68 private function __wakeup() { 68 private function __wakeup() {} 69 69 70 70 /** … … 85 85 self::$instance->autoload_classes(); 86 86 87 // Setup Entries CPT 88 // self::$instance->entries_cpt = new VFB_Pro_Entries_CPT(); 89 90 // Install DB 87 // Install DB. 91 88 register_activation_hook( __FILE__, array( self::$instance, 'install' ) ); 92 89 93 // Update DB 90 // Update DB. 94 91 add_action( 'plugins_loaded', array( self::$instance, 'upgrade_db_check' ) ); 95 92 96 // Load i18n 93 // Load i18n. 97 94 add_action( 'plugins_loaded', array( self::$instance, 'lang' ) ); 98 95 … … 106 103 /** 107 104 * Setup constants 108 *109 * @return [type] [description]110 105 */ 111 106 private function setup_constants() { 112 107 global $wpdb; 113 108 114 // Database version 109 // Database version. 115 110 if ( ! defined( 'VFB_WP_DB_VERSION' ) ) { 116 111 define( 'VFB_WP_DB_VERSION', $this->db_version ); 117 112 } 118 113 119 // Plugin version 114 // Plugin version. 120 115 if ( ! defined( 'VFB_WP_PLUGIN_VERSION' ) ) { 121 116 define( 'VFB_WP_PLUGIN_VERSION', $this->version ); 122 117 } 123 118 124 // Plugin Folder Path 119 // Plugin Folder Path. 125 120 if ( ! defined( 'VFB_WP_PLUGIN_DIR' ) ) { 126 121 define( 'VFB_WP_PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); 127 122 } 128 123 129 // Plugin Folder URL 124 // Plugin Folder URL. 130 125 if ( ! defined( 'VFB_WP_PLUGIN_URL' ) ) { 131 126 define( 'VFB_WP_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); 132 127 } 133 128 134 // Plugin Root File 129 // Plugin Root File. 135 130 if ( ! defined( 'VFB_WP_PLUGIN_FILE' ) ) { 136 131 define( 'VFB_WP_PLUGIN_FILE', __FILE__ ); 137 132 } 138 133 139 // Form table name 134 // Form table name. 140 135 if ( ! defined( 'VFB_WP_FORMS_TABLE_NAME' ) ) { 141 136 define( 'VFB_WP_FORMS_TABLE_NAME', $wpdb->prefix . 'visual_form_builder_forms' ); 142 137 } 143 138 144 // Field table name 139 // Field table name. 145 140 if ( ! defined( 'VFB_WP_FIELDS_TABLE_NAME' ) ) { 146 141 define( 'VFB_WP_FIELDS_TABLE_NAME', $wpdb->prefix . 'visual_form_builder_fields' ); 147 142 } 148 143 149 // Form meta table name 144 // Form meta table name. 150 145 if ( ! defined( 'VFB_WP_ENTRIES_TABLE_NAME' ) ) { 151 146 define( 'VFB_WP_ENTRIES_TABLE_NAME', $wpdb->prefix . 'visual_form_builder_entries' ); … … 155 150 /** 156 151 * Include files 157 *158 * @return [type] [description]159 152 */ 160 153 private function includes() { … … 191 184 /** 192 185 * Install DB 193 *194 * @return [type] [description]195 186 */ 196 187 public function install() { 197 188 $install = new Visual_Form_Builder_Install(); 198 189 $install->install(); 199 190 } … … 201 192 /** 202 193 * Check database version and run SQL install, if needed 203 *204 * @return [type] [description]205 194 */ 206 195 public function upgrade_db_check() { … … 215 204 /** 216 205 * Load localization file 217 *218 * @return [type] [description]219 206 */ 220 207 public function lang() { … … 227 214 /** 228 215 * Autoload some VFB classes that aren't loaded via other files. 229 *230 * @return [type] [description]231 216 */ 232 217 public function autoload_classes() {
Note: See TracChangeset
for help on using the changeset viewer.