WordPress.org
Get WordPress

Plugin Directory

Changeset 3183170


Ignore:
Timestamp:
11/06/2024 01:31:47 PM (13 months ago)
Author:
10web
Message:

Fixed: Security issue fix.

Location:
form-maker/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • form-maker/trunk/admin/controllers/Manage_fm.php

    r2791341 r3183170  
    13201320    $header_title = WDW_FM_Library(self::PLUGIN)->get('header_title', '');
    13211321    $header_description = WDW_FM_Library(self::PLUGIN)->get('header_description', '', FALSE);
    1322     $header_image_url = WDW_FM_Library(self::PLUGIN)->get('header_image_url', '');
     1322    $header_image_url = WDW_FM_Library(self::PLUGIN)->get('header_image_url', 'sanitize_url');
    13231323    $header_image_animation = WDW_FM_Library(self::PLUGIN)->get('header_image_animation', '');
    13241324    $header_hide_image = WDW_FM_Library(self::PLUGIN)->get('header_hide_image', 0);

  • form-maker/trunk/admin/views/Manage_fm.php

    r2832872 r3183170  
    572572                    <div class="wd-group">
    573573                      <label class="wd-label" for="header_title"><?php _e('Title', WDFMInstance(self::PLUGIN)->prefix); ?></label>
    574                       <input type="text" id="header_title" name="header_title" class="fm-check-change" value="<?php echo $row->header_title; ?>" data-initial-value="<?php echo $row->header_title; ?>" />
     574                      <input type="text" id="header_title" name="header_title" class="fm-check-change" value="<?php echo esc_attr($row->header_title); ?>" data-initial-value="<?php echo esc_attr($row->header_title); ?>" />
    575575                    </div>
    576576                    <div class="wd-group" id="description_editor">
     
    588588                    <div class="wd-group">
    589589                      <label class="wd-label" for="header_image_url"><?php _e('Image', WDFMInstance(self::PLUGIN)->prefix); ?></label>
    590                       <input type="text" id="header_image_url" name="header_image_url" class="fm-check-change" value="<?php echo $row->header_image_url; ?>" data-initial-value="<?php echo $row->header_image_url; ?>" />
     590                      <input type="text" id="header_image_url" name="header_image_url" class="fm-check-change" value="<?php echo esc_url($row->header_image_url); ?>" data-initial-value="<?php echo esc_url($row->header_image_url); ?>" />
    591591                      <button class="button add-button medium" onclick="fmOpenMediaUploader(event); return false;"><?php _e('Add Image', WDFMInstance(self::PLUGIN)->prefix); ?></button>
    592592                      <?php $header_bg = $row->header_image_url ? 'background-image: url('.$row->header_image_url.'); background-position: center;' : ''; ?>

  • form-maker/trunk/form-maker.php

    r3171503 r3183170  
    44 * Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin
    55 * Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms.
    6  * Version: 1.15.30
     6 * Version: 1.15.31
    77 * Author: 10Web Form Builder Team
    88 * Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin
     
    2727  public $front_urls = array();
    2828  public $main_file = '';
    29   public $plugin_version = '1.15.30';
    30   public $db_version = '2.15.30';
     29  public $plugin_version = '1.15.31';
     30  public $db_version = '2.15.31';
    3131  public $menu_postfix = '_fm';
    3232  public $plugin_postfix = '';

  • form-maker/trunk/frontend/views/form_maker.php

    r3171503 r3183170  
    193193            if ( !isset($form_theme['HIPAlign']) || $form_theme['HIPAlign'] == 'left' || $form_theme['HIPAlign'] == 'top' ) {
    194194              if ( $row->header_image_url ) {
    195                 $form_maker_front_end .= '<div class="fm-header-img ' . $hide_header_image_class . ' fm-animated ' . $header_image_animation . '"><img src="' . $row->header_image_url . '" ' . $image_width . ' ' . $image_height . '/></div>';
     195                $form_maker_front_end .= '<div class="fm-header-img ' . $hide_header_image_class . ' fm-animated ' . $header_image_animation . '"><img src="' . esc_url($row->header_image_url) . '" ' . $image_width . ' ' . $image_height . '/></div>';
    196196              }
    197197            }
     
    208208            if ( isset($form_theme['HIPAlign']) && ($form_theme['HIPAlign'] == 'right' || $form_theme['HIPAlign'] == 'bottom') ) {
    209209              if ( $row->header_image_url ) {
    210                 $form_maker_front_end .= '<div class="fm-header-img"><img src="' . $row->header_image_url . '" ' . $image_width . ' ' . $image_height . '/></div>';
     210                $form_maker_front_end .= '<div class="fm-header-img"><img src="' . esc_url($row->header_image_url) . '" ' . $image_width . ' ' . $image_height . '/></div>';
    211211              }
    212212            }
     
    18041804          if ( $form_theme['HIPAlign'] == 'left' || $form_theme['HIPAlign'] == 'top' ) {
    18051805            if ( $row->header_image_url ) {
    1806               $form_maker_front_end .= '<div class="fm-header-img ' . $hide_header_image_class . ' fm-animated ' . $header_image_animation . '"><img src="' . $row->header_image_url . '" ' . $image_width . ' ' . $image_height . '/></div>';
     1806              $form_maker_front_end .= '<div class="fm-header-img ' . $hide_header_image_class . ' fm-animated ' . $header_image_animation . '"><img src="' . esc_url($row->header_image_url) . '" ' . $image_width . ' ' . $image_height . '/></div>';
    18071807            }
    18081808          }
     
    18191819          if ( $form_theme['HIPAlign'] == 'right' || $form_theme['HIPAlign'] == 'bottom' ) {
    18201820            if ( $row->header_image_url ) {
    1821               $form_maker_front_end .= '<div class="fm-header-img"><img src="' . $row->header_image_url . '" ' . $image_width . ' ' . $image_height . '/></div>';
     1821              $form_maker_front_end .= '<div class="fm-header-img"><img src="' . esc_url($row->header_image_url) . '" ' . $image_width . ' ' . $image_height . '/></div>';
    18221822            }
    18231823          }

  • form-maker/trunk/readme.txt

    r3171503 r3183170  
    44Requires at least: 4.6
    55Tested up to: 6.5
    6 Stable tag: 1.15.30
     6Stable tag: 1.15.31
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    558558
    559559== Changelog ==
     560= 1.15.31 =
     561* Fixed: Security issue fix.
     562
    560563= 1.15.30 =
    561564* Fixed: Security issue fix.

  • form-maker/trunk/wd/includes/notices.php

    r2257177 r3183170  
    9191                                <p class="wd-notice-body">' . $admin_display_msg . '</p>
    9292                                <ul class="wd-notice-body wd-blue">' . $admin_display_link . '</ul>
    93                                 <a href="' . $query_str . '" class="dashicons dashicons-dismiss"></a>
     93                                <a href="' . esc_url($query_str) . '" class="dashicons dashicons-dismiss"></a>
    9494                              </div>';
    9595          }
     
    100100                                    ' . $admin_display_link . '
    101101                                  </ul>';
    102             echo '<a href="' . $query_str . '" class="dashicons dashicons-dismiss close-promo"></a>';
     102            echo '<a href="' . esc_url($query_str) . '" class="dashicons dashicons-dismiss close-promo"></a>';
    103103            echo '</div>';
    104104          }
     
    209209      'msg' => sprintf(__('We hope you\'ve enjoyed using WordPress %s! Would you consider leaving us a review on WordPress.org?', $wd_options->prefix), $wd_options->plugin_title),
    210210      'link' => '<li><span class="dashicons dashicons-external"></span><a href="https://wordpress.org/support/plugin/' . $wd_options->plugin_wordpress_slug . '/reviews?filter=5&rate=5#new-post" target="_blank">' . __('Sure! I\'d love to!', $wd_options->prefix) . '</a></li>
    211                          <li><span class="dashicons dashicons-smiley"></span><a href="' . $two_week_review_ignore . '"> ' . __('I\'ve already left a review', $wd_options->prefix) . '</a></li>
    212                          <li><span class="dashicons dashicons-calendar-alt"></span><a href="' . $two_week_review_temp . '">' . __('Maybe Later', $wd_options->prefix) . '</a></li>
    213                          <li><span class="dashicons dashicons-dismiss"></span><a href="' . $two_week_review_ignore . '">' . __('Never show again', $wd_options->prefix) . '</a></li>',
     211                         <li><span class="dashicons dashicons-smiley"></span><a href="' . esc_url($two_week_review_ignore) . '"> ' . __('I\'ve already left a review', $wd_options->prefix) . '</a></li>
     212                         <li><span class="dashicons dashicons-calendar-alt"></span><a href="' . esc_url($two_week_review_temp) . '">' . __('Maybe Later', $wd_options->prefix) . '</a></li>
     213                         <li><span class="dashicons dashicons-dismiss"></span><a href="' . esc_url($two_week_review_ignore) . '">' . __('Never show again', $wd_options->prefix) . '</a></li>',
    214214      'later_link' => $two_week_review_temp,
    215215      'int' => 14,
Note: See TracChangeset for help on using the changeset viewer.