Changeset 3229199
- Timestamp:
- 01/27/2025 08:01:49 AM (13 months ago)
- Location:
- form-maker/trunk
- Files:
-
- 4 edited
-
admin/views/Themes_fm.php (modified) (6 diffs)
-
admin/views/view.php (modified) (5 diffs)
-
form-maker.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
form-maker/trunk/admin/views/Themes_fm.php
r2316673 r3229199 229 229 foreach($tabs as $tkey => $tab) { 230 230 $active_class = $active_tab == $tkey ? "fm-theme-active-tab" : ""; 231 echo '<li><a id="' .$tkey.'" href="#" class="button '.$active_class . ($row->version == 1 && $tkey != 'custom_css' ? ' fm-disabled' : '') . '">'.$tab.'</a></li>';231 echo '<li><a id="' . esc_attr($tkey) . '" href="#" class="button ' . esc_attr($active_class . ($row->version == 1 && $tkey != 'custom_css' ? ' fm-disabled' : '')) . '">' . esc_html($tab) . '</a></li>'; 232 232 } 233 233 ?> … … 239 239 foreach($all_params as $pkey => $params) { 240 240 $show_hide_class = $active_tab == $pkey ? '' : 'fm-hide'; 241 echo '<div id="' .$pkey.'-content" class="fm-themes-container '.$show_hide_class.'">';241 echo '<div id="' . esc_attr($pkey) . '-content" class="fm-themes-container ' . esc_attr($show_hide_class) . '">'; 242 242 if ($row->version == 1 && $pkey == 'custom_css') { 243 echo '<div class="error inline"><p>' . __('This theme is outdated. Theme Options are only available in new themes provided by Form Maker. You can use Custom CSS panel to edit form styling, or alternatively select a new theme for your form.', WDFMInstance(self::PLUGIN)->prefix) . '</p></div>';243 echo '<div class="error inline"><p>' . esc_html__('This theme is outdated. Theme Options are only available in new themes provided by Form Maker. You can use Custom CSS panel to edit form styling, or alternatively select a new theme for your form.', WDFMInstance(self::PLUGIN)->prefix) . '</p></div>'; 244 244 } 245 245 foreach($params as $param){ 246 246 if($param["type"] == 'panel') { 247 echo '<div class="' .$param["class"].'">';247 echo '<div class="' . esc_attr($param["class"]) . '">'; 248 248 } 249 249 if($param["type"] != 'panel' || ($param["type"] == 'panel' && $param["label"]) ) 250 250 echo '<div class="fm-row">'; 251 251 if($param["type"] == 'panel' && $param["label"]) { 252 echo '<label class="' .$param["label_class"].'" >'.$param["label"].'</label>'.$param["after"];252 echo '<label class="' . esc_attr($param["label_class"]) . '" >' . esc_html($param["label"]) . '</label>' . wp_kses_post($param["after"]); 253 253 } else { 254 254 if($param["type"] == 'text') { 255 echo '<label class="fm-label-text">' .$param["label"].'</label>256 <div class="fm-input-text-wrap fm-input-text-wrap-' .$param["name"].'">257 <input type="' .$param["type"].'" name="'.$param["name"].'" class="'.$param["class"].'" ng-model="'.$param["name"].'" ng-init="'.$param["name"].'=\''.$param["value"].'\'" value="' . $param["value"] . '" placeholder="'. (isset($param["placeholder"]) ? $param["placeholder"] : "") .'" title="'.(isset($param["placeholder"]) ? $param["placeholder"] : "").'" />'. $param["after"].255 echo '<label class="fm-label-text">' . esc_html($param["label"]) . '</label> 256 <div class="fm-input-text-wrap fm-input-text-wrap-' . esc_attr($param["name"]) . '"> 257 <input type="' . esc_attr($param["type"]) . '" name="' . esc_attr($param["name"]) . '" class="' . esc_attr($param["class"]) . '" ng-model="' . esc_attr($param["name"]) . '" ng-init="' . esc_attr($param["name"]) . '=\'' . esc_attr($param["value"]) . '\'" value="' . esc_attr($param["value"]) . '" placeholder="' . esc_attr(isset($param["placeholder"]) ? $param["placeholder"] : "") . '" title="' . esc_attr(isset($param["placeholder"]) ? $param["placeholder"] : "") . '" />' . wp_kses_post($param["after"]) . 258 258 '</div>'; 259 259 } 260 260 else { 261 261 if($param["type"] == '2text') { 262 echo '<label class="fm-label-2text">' .$param["label"].'</label>263 <div class="' .$param["class"].'" style="display:inline-block; vertical-align: middle;">262 echo '<label class="fm-label-2text">' . esc_html($param["label"]) . '</label> 263 <div class="' . esc_attr($param["class"]) . '" style="display:inline-block; vertical-align: middle;"> 264 264 <div style="float:left;display:table-row;"> 265 <span style="display:table-cell;">' .$param["before1"].'</span><input type="text" name="'.$param["name1"].'" ng-model="'.$param["name1"].'" ng-init="'.$param["name1"].'=\''.$param["value1"].'\'" value="'.$param["value1"].'" placeholder="'.(isset($param["placeholder"]) ? $param["placeholder"] : "").'" title="'.(isset($param["placeholder"]) ? $param["placeholder"] : "").'" style="display:table-cell; "/>'.$param["after"].'265 <span style="display:table-cell;">' . esc_html($param["before1"]) . '</span><input type="text" name="' . esc_attr($param["name1"]) . '" ng-model="' . esc_attr($param["name1"]) . '" ng-init="' . esc_attr($param["name1"]) . '=\'' . esc_attr($param["value1"]) . '\'" value="' . esc_attr($param["value1"]) . '" placeholder="' . esc_attr(isset($param["placeholder"]) ? $param["placeholder"] : "") . '" title="' . esc_attr(isset($param["placeholder"]) ? $param["placeholder"] : "") . '" style="display:table-cell; "/>' . wp_kses_post($param["after"]) .' 266 266 </div> 267 267 <div style="float:left;display:table-row;"> 268 <span style="display:table-cell;">' .$param["before2"].'</span><input type="text" name="'.$param["name2"].'" class="'.$param["class"].'" ng-model="'.$param["name2"].'" ng-init="'.$param["name2"].'=\''.$param["value2"].'\'" value="'.$param["value2"].'" placeholder="'.(isset($param["placeholder"]) ? $param["placeholder"] : "").'" title="'.(isset($param["placeholder"]) ? $param["placeholder"] : "").'" style="display:table-cell; "/>'.$param["after"].'268 <span style="display:table-cell;">' . esc_html($param["before2"]) . '</span><input type="text" name="' . esc_attr($param["name2"]) . '" class="' . esc_attr($param["class"]) . '" ng-model="' . esc_attr($param["name2"]) . '" ng-init="' . esc_attr($param["name2"]) . '=\'' . esc_attr($param["value2"]) . '\'" value="' . esc_attr($param["value2"]) . '" placeholder="' . esc_attr(isset($param["placeholder"]) ? $param["placeholder"] : "") . '" title="' . esc_attr(isset($param["placeholder"]) ? $param["placeholder"] : "") . '" style="display:table-cell; "/>' . wp_kses_post($param["after"]) .' 269 269 </div> 270 270 </div>'; … … 272 272 else { 273 273 if($param["type"] == 'select') { 274 echo '<label class="fm-label-select">' .$param["label"].'</label>274 echo '<label class="fm-label-select">' . esc_html($param["label"]) . '</label> 275 275 <div class="fm-select-wrap"> 276 <select name="' .$param["name"].'" ng-model="'.$param["name"].'" ng-init="'.$param["name"].'=\''.$param["value"].'\'">';276 <select name="' . esc_attr($param["name"]) . '" ng-model="' . esc_attr($param["name"]) . '" ng-init="' . esc_attr($param["name"]) . '=\'' . esc_attr($param["value"]) . '\'">'; 277 277 foreach($param["options"] as $option_key => $option) { 278 echo '<option value="' .$option_key.'">'.$option.'</option>';278 echo '<option value="' . esc_attr($option_key) . '">' . esc_html($option) . '</option>'; 279 279 } 280 echo '</select>' .$param["after"].281 280 echo '</select>' . wp_kses_post($param["after"]). 281 '</div>'; 282 282 } else { 283 283 if($param["type"] == 'label') { 284 echo '<label class="' .$param["class"].'" >'.$param["label"].'</label>'.$param["after"];284 echo '<label class="' . esc_attr($param["class"]) . '" >' . esc_html($param["label"]) . '</label>' . wp_kses_post($param["after"]); 285 285 } else { 286 286 if($param["type"] == 'checkbox') { 287 echo '<label>' .$param["label"].'</label>287 echo '<label>' . esc_html($param["label"]) . '</label> 288 288 <div class="fm-btn-group">'; 289 289 foreach($param["options"] as $op_key => $option){ … … 291 291 $init = isset($param_values->{$param["name"].ucfirst($op_key)}) ? 'true' : 'false'; 292 292 echo '<div class="fm-ch-button"> 293 <input type="checkbox" id="' .$param["name"].ucfirst($op_key).'" name="'.$param["name"].ucfirst($op_key).'" value="'.$op_key.'" ng-model="'.$param["name"].ucfirst($op_key).'" ng-checked="'.$param["name"].ucfirst($op_key).'" ng-init="'.$param["name"].ucfirst($op_key).'='.$init.'"><label for="'.$param["name"].ucfirst($op_key).'">'.$option.'</label>293 <input type="checkbox" id="' . esc_attr($param["name"]) . ucfirst($op_key) . '" name="' . esc_attr($param["name"]) . ucfirst($op_key) . '" value="' . esc_attr($op_key) . '" ng-model="' . esc_attr($param["name"]) . ucfirst($op_key) . '" ng-checked="' . esc_attr($param["name"]) . ucfirst($op_key) . '" ng-init="' . esc_attr($param["name"]) . ucfirst($op_key) . '=' . esc_attr($init) . '"><label for="' . esc_attr($param["name"]) . ucfirst($op_key) . '">' . esc_html($option) . '</label> 294 294 </div>'; 295 295 } … … 297 297 } else { 298 298 if($param["type"] == 'radio'){ 299 echo '<div class="fm_shake_row"><label>' .$param["label"].'</label>299 echo '<div class="fm_shake_row"><label>' . esc_html($param["label"]) . '</label> 300 300 <div class="fm-btn-group">'; 301 301 $checked = (!isset($param_values->{$param["name"]}) || (isset($param_values->{$param["name"]}) && $param_values->{$param["name"]} == 'yes')) ? true : false; 302 302 $html = '<div class="fm-ch-select">'; 303 $html .= '<input type="radio" ' .(($checked)?"checked":"") .' id="'.$param["name"].'Yes" name="'.$param["name"].'" value="yes">';304 $html .= '<label for="' .$param["name"].'Yes">'.__('Yes', WDFMInstance(self::PLUGIN)->prefix).'</label>';305 $html .= '<input type="radio" ' .((!$checked)?"checked":"") .' id="'.$param["name"].'No" name="'.$param["name"].'" value="no">';306 $html .= '<label for="' .$param["name"].'No">'.__('No', WDFMInstance(self::PLUGIN)->prefix).'</label>';303 $html .= '<input type="radio" ' . (($checked)?"checked":"") . ' id="' . esc_attr($param["name"]) . 'Yes" name="' . esc_attr($param["name"]) . '" value="yes">'; 304 $html .= '<label for="' . esc_attr($param["name"]) . 'Yes">' . esc_html(__('Yes', WDFMInstance(self::PLUGIN)->prefix)) . '</label>'; 305 $html .= '<input type="radio" ' . ((!$checked)?"checked":"") . ' id="' . esc_attr($param["name"]) . 'No" name="' . esc_attr($param["name"]) . '" value="no">'; 306 $html .= '<label for="' . esc_attr($param["name"]) . 'No">' . esc_html(__('No', WDFMInstance(self::PLUGIN)->prefix)) . '</label>'; 307 307 $html .= '</div>'; 308 308 echo $html; … … 311 311 } else { 312 312 if ( $param["type"] == 'hidden' ) { 313 echo '<input type="' . $param["type"] . '" />' . $param["after"];313 echo '<input type="' . esc_attr($param["type"]) . '" />' . wp_kses_post($param["after"]); 314 314 } else { 315 315 if ( $param["type"] == 'textarea' ) { 316 echo '<label>' . $param["label"]. '</label>317 <textarea name="' . $param["name"] . '" rows="5" columns="10" style="vertical-align:middle;">' . $param["value"]. '</textarea>';316 echo '<label>' . esc_html($param["label"]) . '</label> 317 <textarea name="' . esc_attr($param["name"]) . '" rows="5" columns="10" style="vertical-align:middle;">' . esc_html($param["value"]) . '</textarea>'; 318 318 } 319 319 } -
form-maker/trunk/admin/views/view.php
r2599814 r3229199 25 25 ob_start(); 26 26 // Form. 27 $action = isset($attr['action']) ? esc_attr($attr['action']): '';28 $method = isset($attr['method']) ? esc_attr($attr['method']): 'post';29 $name = isset($attr['name']) ? esc_attr($attr['name']): WDFMInstance(self::PLUGIN)->prefix . '_form';30 $id = isset($attr['id']) ? esc_attr($attr['id']): '';31 $class = isset($attr['class']) ? esc_attr($attr['class']): WDFMInstance(self::PLUGIN)->prefix . '_form';32 $style = isset($attr['style']) ? esc_attr($attr['style']): '';33 $current_id = isset($attr['current_id']) ? esc_attr($attr['current_id']): '';27 $action = isset($attr['action']) ? $attr['action'] : ''; 28 $method = isset($attr['method']) ? $attr['method'] : 'post'; 29 $name = isset($attr['name']) ? $attr['name'] : WDFMInstance(self::PLUGIN)->prefix . '_form'; 30 $id = isset($attr['id']) ? $attr['id'] : ''; 31 $class = isset($attr['class']) ? $attr['class'] : WDFMInstance(self::PLUGIN)->prefix . '_form'; 32 $style = isset($attr['style']) ? $attr['style'] : ''; 33 $current_id = isset($attr['current_id']) ? $attr['current_id'] : ''; 34 34 ?> 35 35 <div id="fm-form-admin" class="wrap"> … … 41 41 ?> 42 42 <form 43 <?php echo $action ? 'action="' . $action. '"' : ''; ?>44 <?php echo $method ? 'method="' . $method. '"' : ''; ?>45 <?php echo $name ? ' name="' . $name. '"' : ''; ?>46 <?php echo $id ? ' id="' . $id. '"' : ''; ?>47 <?php echo $class ? ' class="' . $class. '"' : ''; ?>48 <?php echo $style ? ' style="' . $style. '"' : ''; ?>43 <?php echo $action ? 'action="' . esc_url($action) . '"' : ''; ?> 44 <?php echo $method ? 'method="' . esc_attr($method) . '"' : ''; ?> 45 <?php echo $name ? ' name="' . esc_attr($name) . '"' : ''; ?> 46 <?php echo $id ? ' id="' . esc_attr($id) . '"' : ''; ?> 47 <?php echo $class ? ' class="' . esc_attr($class) . '"' : ''; ?> 48 <?php echo $style ? ' style="' . esc_attr($style) . '"' : ''; ?> 49 49 ><?php 50 50 echo $content; … … 53 53 ?> 54 54 <input id="task" name="task" type="hidden" value=""/> 55 <input id="current_id" name="current_id" type="hidden" value="<?php echo $current_id; ?>"/>55 <input id="current_id" name="current_id" type="hidden" value="<?php echo esc_attr($current_id); ?>"/> 56 56 </form> 57 57 </div><?php … … 74 74 $add_new_button = !empty($params['add_new_button']) ? $params['add_new_button'] : ''; 75 75 76 $attributes = ''; 77 if ( !empty($add_new_button) && is_array($add_new_button) ) { 78 foreach ( $add_new_button as $key => $val ) { 79 $attributes .= $key . '="' . $val . '"'; 80 } 81 } 82 ob_start(); 83 ?><div class="wd-page-title <?php echo $title_class; ?>"> 84 <h1 class="wp-heading-inline"><?php echo $title; ?> 76 $attributes = ''; 77 if (!empty($add_new_button) && is_array($add_new_button)) { 78 foreach ($add_new_button as $key => $val) { 79 $attributes .= esc_attr($key) . '="' . esc_attr($val) . '" '; 80 } 81 } 82 ob_start(); 83 ?> 84 <div class="wd-page-title <?php echo esc_attr($title_class); ?>"> 85 <h1 class="wp-heading-inline"><?php echo wp_kses_post($title); ?> 85 86 <?php 86 87 if ( $title_name || $title_id || $title_value ) { 87 88 ?> 88 89 <span id="fm-title-edit"> 89 <input type="text" id="<?php echo $title_id; ?>" name="<?php echo $title_name; ?>" value="<?php echo $title_value; ?>" />90 <input type="text" id="<?php echo esc_attr($title_id); ?>" name="<?php echo esc_attr($title_name); ?>" value="<?php echo esc_attr($title_value); ?>" /> 90 91 </span> 91 92 <?php … … 115 116 protected function buttons( $buttons = array(), $single = FALSE, $parent = array() ) { 116 117 ob_start(); 117 if ( !$single) {118 $parent_id = isset($parent['id']) ? esc_attr($parent['id']): '';119 $parent_class = isset($parent['class']) ? esc_attr($parent['class']): 'wd-buttons';120 $parent_style = isset($parent['style']) ? esc_attr($parent['style']): '';118 if (!$single) { 119 $parent_id = isset($parent['id']) ? $parent['id'] : ''; 120 $parent_class = isset($parent['class']) ? $parent['class'] : 'wd-buttons'; 121 $parent_style = isset($parent['style']) ? $parent['style'] : ''; 121 122 ?> 122 <div123 <?php echo $parent_id ? 'id="' . $parent_id. '"' : ''; ?>124 <?php echo $parent_class ? ' class="' . $parent_class. '"' : ''; ?>125 <?php echo $parent_style ? ' style="' . $parent_style. '"' : ''; ?>123 <div 124 <?php echo $parent_id ? 'id="' . esc_attr($parent_id) . '"' : ''; ?> 125 <?php echo $parent_class ? ' class="' . esc_attr($parent_class) . '"' : ''; ?> 126 <?php echo $parent_style ? ' style="' . esc_attr($parent_style) . '"' : ''; ?> 126 127 > 127 128 <?php 128 129 } 129 130 foreach ($buttons as $button) { 130 $title = isset($button['title']) ? esc_attr($button['title']) : ''; 131 $value = isset($button['value']) ? esc_attr($button['value']) : ''; 132 $name = isset($button['name']) ? esc_attr($button['name']) : ''; 133 $id = isset($button['id']) ? esc_attr($button['id']) : ''; 134 $class = isset($button['class']) ? esc_attr($button['class']) : ''; 135 $style = isset($button['style']) ? esc_attr($button['style']) : ''; 136 $onclick = isset($button['onclick']) ? esc_attr($button['onclick']) : ''; 137 ?><button type="submit" 138 <?php echo $value ? ' value="' . $value . '"' : ''; ?> 139 <?php echo $name ? ' name="' . $name . '"' : ''; ?> 140 <?php echo $id ? ' id="' . $id . '"' : ''; ?> 141 class="wd-button <?php echo $class; ?>" 142 <?php echo $style ? ' style="' . $style . '"' : ''; ?> 143 <?php echo $onclick ? ' onclick="' . $onclick . '"' : ''; ?> 144 ><?php echo $title; ?></button><?php 131 $title = isset($button['title']) ? $button['title'] : ''; 132 $value = isset($button['value']) ? $button['value'] : ''; 133 $name = isset($button['name']) ? $button['name'] : ''; 134 $id = isset($button['id']) ? $button['id'] : ''; 135 $class = isset($button['class']) ? $button['class'] : ''; 136 $style = isset($button['style']) ? $button['style'] : ''; 137 $onclick = isset($button['onclick']) ? $button['onclick'] : ''; 138 ?> 139 <button type="submit" 140 <?php echo $value ? ' value="' . esc_attr($value) . '"' : ''; ?> 141 <?php echo $name ? ' name="' . esc_attr($name) . '"' : ''; ?> 142 <?php echo $id ? ' id="' . esc_attr($id) . '"' : ''; ?> 143 class="wd-button <?php echo esc_attr($class); ?>" 144 <?php echo $style ? ' style="' . esc_attr($style) . '"' : ''; ?> 145 <?php echo $onclick ? ' onclick="' . esc_attr($onclick) . '"' : ''; ?> 146 ><?php echo esc_html($title); ?></button> 147 <?php 145 148 } 146 149 if ( !$single ) { -
form-maker/trunk/form-maker.php
r3201732 r3229199 4 4 * Plugin URI: https://10web.io/plugins/wordpress-form-maker/?utm_source=form_maker&utm_medium=free_plugin 5 5 * Description: This plugin is a modern and advanced tool for easy and fast creating of a WordPress Form. The backend interface is intuitive and user friendly which allows users far from scripting and programming to create WordPress Forms. 6 * Version: 1.15.3 26 * Version: 1.15.33 7 7 * Author: 10Web Form Builder Team 8 8 * Author URI: https://10web.io/plugins/?utm_source=form_maker&utm_medium=free_plugin … … 27 27 public $front_urls = array(); 28 28 public $main_file = ''; 29 public $plugin_version = '1.15.3 2';30 public $db_version = '2.15.3 2';29 public $plugin_version = '1.15.33'; 30 public $db_version = '2.15.33'; 31 31 public $menu_postfix = '_fm'; 32 32 public $plugin_postfix = ''; -
form-maker/trunk/readme.txt
r3201732 r3229199 4 4 Requires at least: 4.6 5 5 Tested up to: 6.5 6 Stable tag: 1.15.3 26 Stable tag: 1.15.33 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 558 558 559 559 == Changelog == 560 = 1.15.33 = 561 * Fixed: Security issue fix. 562 560 563 = 1.15.32 = 561 564 * Fixed: Security issue fix.
Note: See TracChangeset
for help on using the changeset viewer.