Changeset 3171503
- Timestamp:
- 10/18/2024 01:45:57 PM (14 months ago)
- Location:
- form-maker/trunk
- Files:
-
- 6 edited
-
admin/controllers/Widget.php (modified) (1 diff)
-
admin/views/Widget.php (modified) (1 diff)
-
form-maker.php (modified) (2 diffs)
-
frontend/models/form_maker.php (modified) (4 diffs)
-
frontend/views/form_maker.php (modified) (3 diffs)
-
readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
form-maker/trunk/admin/controllers/Widget.php
r2069192 r3171503 40 40 $contact_form_forms = explode(',', get_option('contact_form_forms')); 41 41 42 $instance['title'] = isset($instance['title']) ? $instance['title']: '';43 $instance['form_id'] = isset($instance['form_id']) ? $instance['form_id']: 0;42 $instance['title'] = isset($instance['title']) ? esc_html($instance['title']) : ''; 43 $instance['form_id'] = isset($instance['form_id']) ? intval($instance['form_id']) : 0; 44 44 45 45 if ( !WDFMInstance(self::PLUGIN)->is_free || !in_array($instance['form_id'], $contact_form_forms) ) { -
form-maker/trunk/admin/views/Widget.php
r2069192 r3171503 45 45 <p> 46 46 <label for="<?php echo $id_title; ?>">Title:</label> 47 <input class="widefat" id="<?php echo $id_title; ?>" name="<?php echo $name_title; ?>" type="text" value="<?php echo $instance['title']; ?>" />47 <input class="widefat" id="<?php echo $id_title; ?>" name="<?php echo esc_attr($name_title); ?>" type="text" value="<?php echo esc_attr($instance['title']); ?>" /> 48 48 <label for="<?php echo $id_form_id; ?>">Select a form:</label> 49 <select class="widefat" name="<?php echo $name_form_id; ?>" id="<?php echo $id_form_id; ?>">49 <select class="widefat" name="<?php echo esc_attr($name_form_id); ?>" id="<?php echo $id_form_id; ?>"> 50 50 <option style="text-align:center" value="0">- Select a Form -</option> 51 51 <?php -
form-maker/trunk/form-maker.php
r3160727 r3171503 4 4 * Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin 5 5 * Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms. 6 * Version: 1.15. 296 * Version: 1.15.30 7 7 * Author: 10Web Form Builder Team 8 8 * Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin … … 27 27 public $front_urls = array(); 28 28 public $main_file = ''; 29 public $plugin_version = '1.15. 29';30 public $db_version = '2.15. 29';29 public $plugin_version = '1.15.30'; 30 public $db_version = '2.15.30'; 31 31 public $menu_postfix = '_fm'; 32 32 public $plugin_postfix = ''; -
form-maker/trunk/frontend/models/form_maker.php
r3056119 r3171503 3007 3007 $current_page_url = WDW_FM_Library(self::PLUGIN)->get_current_page_url(); 3008 3008 $formtitle = $row->title; 3009 $submit_text = do_shortcode( $row->submit_text);3009 $submit_text = do_shortcode(wp_kses_post($row->submit_text)); 3010 3010 3011 3011 $label_type = array(); … … 4214 4214 $content_type = "text/html"; 4215 4215 $list_user = wordwrap( $list, 100, "\n" ); 4216 $new_script = wpautop( do_shortcode( $row->script_mail_user));4216 $new_script = wpautop( do_shortcode( wp_kses_post($row->script_mail_user) )); 4217 4217 } 4218 4218 else { 4219 4219 $content_type = "text/plain"; 4220 4220 $list_user = wordwrap( $list_text_mode, 1000, "\n" ); 4221 $new_script = do_shortcode( $row->script_mail_user);4221 $new_script = do_shortcode( wp_kses_post($row->script_mail_user) ); 4222 4222 } 4223 4223 … … 4413 4413 $content_type = "text/html"; 4414 4414 $list = wordwrap( $list, 100, "\n", TRUE ); 4415 $new_script = wpautop( do_shortcode( $row->script_mail));4415 $new_script = wpautop( do_shortcode( wp_kses_post($row->script_mail) )); 4416 4416 } 4417 4417 else { … … 4419 4419 $list = $list_text_mode; 4420 4420 $list = wordwrap( $list, 1000, "\n", TRUE ); 4421 $new_script = do_shortcode( $row->script_mail);4421 $new_script = do_shortcode( wp_kses_post($row->script_mail) ); 4422 4422 } 4423 4423 -
form-maker/trunk/frontend/views/form_maker.php
r3160727 r3171503 202 202 </div> 203 203 <div class="fm-header-description"> 204 ' . do_shortcode( $row->header_description) . '204 ' . do_shortcode(wp_kses_post($row->header_description)) . ' 205 205 </div> 206 206 </div>'; … … 290 290 $temp = $temp[1]; 291 291 } 292 $rep = '<div type="type_editor" class="wdform-field">' . html_entity_decode(do_shortcode( $param['w_editor'])) . '</div>';292 $rep = '<div type="type_editor" class="wdform-field">' . html_entity_decode(do_shortcode(wp_kses_post($param['w_editor']))) . '</div>'; 293 293 break; 294 294 } … … 1813 1813 </div> 1814 1814 <div class="fm-header-description"> 1815 ' . do_shortcode( $row->header_description) . '1815 ' . do_shortcode(wp_kses_post($row->header_description)) . ' 1816 1816 </div> 1817 1817 </div>'; -
form-maker/trunk/readme.txt
r3160743 r3171503 4 4 Requires at least: 4.6 5 5 Tested up to: 6.5 6 Stable tag: 1.15. 296 Stable tag: 1.15.30 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 67 67 **File Upload\*** 68 68 Your users can upload files to your forms. 69 70 69 71 70 _\* Premium version only_ … … 559 558 560 559 == Changelog == 560 = 1.15.30 = 561 * Fixed: Security issue fix. 562 561 563 = 1.15.29 = 562 564 * Fixed: Textarea input issue.
Note: See TracChangeset
for help on using the changeset viewer.