Changeset 3388694

Timestamp:

11/03/2025 08:53:56 AM (6 weeks ago)

Author:

ignatggeorgiev

Message:

Bump to 1.7.2

Location:

siteground-email-marketing/trunk

Files:

• README.md (modified) (2 diffs)
• core/Forms/Forms.php (modified) (2 diffs)
• core/Integrations/Elementor/Widget.php (modified) (3 diffs)
• core/Integrations/ThirdParty/CF7.php (modified) (4 diffs)
• core/Integrations/ThirdParty/GravityForms/GravityForms.php (modified) (1 diff)
• core/Integrations/ThirdParty/NinjaForms/SGWPMAIL_Action.php (modified) (1 diff)
• core/Integrations/ThirdParty/WPForms/SGWPMAIL_WPForms_Field.php (modified) (2 diffs)
• core/Integrations/ThirdParty/WPForms/WPForms.php (modified) (2 diffs)
• core/Pages/Page.php (modified) (1 diff)
• core/Renderer/Renderer.php (modified) (4 diffs)
• core/Rest/Controllers/v1/Pages/Forms.php (modified) (3 diffs)
• core/Services/Cron/Cron.php (modified) (4 diffs)
• core/Services/Mailer_Api/Mailer_Api.php (modified) (4 diffs)
• sg-email-marketing.php (modified) (2 diffs)
• templates/CF7_Checkbox_Markup.php (modified) (1 diff)
• templates/CF7_Integration_Tab_Template.php (modified) (2 diffs)
• templates/GF_Integration_Field_Settings.php (modified) (4 diffs)

siteground-email-marketing/trunk/README.md

@@ -4 +4 @@
 Requires PHP: 7.0
 Tested up to: 6.8
-Stable tag: 1.7.1
+Stable tag: 1.7.2
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
@@ -46 +46 @@
 
 == Changelog ==
+= Version 1.7.2 =
+Release Date: Nov 3rd, 2025
+
+* Security Improvements
+
 = Version 1.7.1 =
 Release Date: Jul 30th, 2025

siteground-email-marketing/trunk/core/Forms/Forms.php

@@ -62 +62 @@
      */
     public function handle_form_submission() {
-        if ( ! wp_verify_nonce( sanitize_key( $_POST['wpnonce'] ), 'sg-email-marketing-form' ) ) {
+        if ( ! isset( $_POST['wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['wpnonce'] ), 'sg-email-marketing-form' ) ) {
             wp_send_json_error();
         }
 
-        // Parse the URL-encoded string into an associative array
-        parse_str( html_entity_decode( $_POST['form_data'] ), $data );
+        if ( isset( $_POST['form_data'] ) ) {
+            // Parse the URL-encoded string into an associative array
+            parse_str( html_entity_decode( wp_unslash( $_POST['form_data'] ) ), $data );
+        }
 
-        if ( empty( $data['form-id'] ) || ! empty( $data['spam-protection'] )  ) {
+        if ( empty( $data['form-id'] ) || ! empty( $data['spam-protection'] ) ) {
             wp_send_json_error();
         }
@@ -105 +107 @@
 
             if ( intval( $field['required'] ) === 1 && empty( $field_value ) ) {
+                // translators: the label for the required form field.
                 $errors[ $field['sg-form-type'] ] = printf( esc_attr__( 'The field "%s" is required!', 'siteground-email-marketing' ), esc_attr( $field['label'] ) );
                 continue;

siteground-email-marketing/trunk/core/Integrations/Elementor/Widget.php

@@ -224 +224 @@
             [
                 'type'            => Controls_Manager::RAW_HTML,
-                'raw'             => __( '<strong>Colors</strong>', 'siteground-email-marketing' ),
+                'raw'             => '<strong>' . esc_html__( 'Colors', 'siteground-email-marketing' ) . '</strong>',
                 'separator'       => 'after',
             ]
@@ -334 +334 @@
             [
                 'type'            => Controls_Manager::RAW_HTML,
-                'raw'             => __( '<strong>Colors</strong>', 'siteground-email-marketing' ),
+                'raw'             => '<strong>' . __( 'Colors', 'siteground-email-marketing' ) . '</strong>',
                 'separator'       => 'after',
             ]
@@ -383 +383 @@
 
         if ( $settings['formId'] ) {
-            echo Renderer::get_instance()->render( esc_attr( $settings['formId'] ), $settings );
+            echo Renderer::get_instance()->render( esc_attr( $settings['formId'] ), $settings ); //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, found 'Renderer'.
         }
     }

siteground-email-marketing/trunk/core/Integrations/ThirdParty/CF7.php

@@ -147 +147 @@
         }
 
-        $post_id = esc_attr( $_POST['post_ID'] );
-        update_post_meta( $post_id, self::CF7_TOGGLE_META, isset( $_POST['sgwpmail-cf7-enable'] ) );
-        update_post_meta( $post_id, self::CF7_CHECKBOX_META, isset( $_POST['sgwpmail-cf7-checkbox-toggle'] ) );
-
-        if ( isset ( $_POST['sgwpmail-cf7-labels'] ) ) {
-            update_post_meta( $post_id, self::CF7_SELECTED_LABELS_META, $_POST['sgwpmail-cf7-labels'] );
+        $post_id = esc_attr( sanitize_text_field( wp_unslash( $_POST['post_ID'] ) ) ); // phpcs:ignore
+        update_post_meta( $post_id, self::CF7_TOGGLE_META, isset( $_POST['sgwpmail-cf7-enable'] ) ); // phpcs:ignore
+        update_post_meta( $post_id, self::CF7_CHECKBOX_META, isset( $_POST['sgwpmail-cf7-checkbox-toggle'] ) ); // phpcs:ignore
+
+        if ( isset( $_POST['sgwpmail-cf7-labels'] ) ) {  // phpcs:ignore WordPress.Security.NonceVerification.Missing
+            update_post_meta( $post_id, self::CF7_SELECTED_LABELS_META, $_POST['sgwpmail-cf7-labels'] ); // phpcs:ignore
         } else {
             delete_post_meta( $post_id, self::CF7_SELECTED_LABELS_META );
         }
 
-        if ( isset( $_POST['sgwpmail-cf7-checkbox-label'] ) ) {
-            update_post_meta( $post_id, self::CF7_CHECKBOX_LABEL_META, esc_attr( $_POST['sgwpmail-cf7-checkbox-label'] ) );
+        if ( isset( $_POST['sgwpmail-cf7-checkbox-label'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+            update_post_meta( $post_id, self::CF7_CHECKBOX_LABEL_META, esc_attr( $_POST['sgwpmail-cf7-checkbox-label'] ) ); // phpcs:ignore
         } else {
             delete_post_meta( $post_id, self::CF7_CHECKBOX_LABEL_META );
@@ -170 +170 @@
      */
     public function get_data() {
-        return array_merge( (array) $_GET, (array) $_POST );
+        return array_merge( (array) $_GET, (array) $_POST ); // phpcs:ignore
     }
 
@@ -317 +317 @@
      */
     public function enqueue_styles_scripts() {
-        wp_enqueue_script( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/js/selectize.min.js', array( 'jquery' ) );
-        wp_enqueue_style( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/css/selectize.default.min.css' );
-        wp_enqueue_style( 'googleFonts', '//fonts.googleapis.com/css2?family=Roboto&display=swap', array(), null );
+        wp_enqueue_script( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/js/selectize.min.js', array( 'jquery' ), '0.15.2', true );
+        wp_enqueue_style( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/css/selectize.default.min.css', array(), '0.15.2', 'all' );
+        wp_enqueue_style( 'googleFonts', '//fonts.googleapis.com/css2?family=Roboto&display=swap', array(), '1.0.0', 'all' );
 
         wp_enqueue_script(
@@ -347 +347 @@
      */
     public function get_label_ids( $label_names ) {
+
         $labels_list = Loader::get_instance()->mailer_api->get_labels();
 

siteground-email-marketing/trunk/core/Integrations/ThirdParty/GravityForms/GravityForms.php

@@ -259 +259 @@
             field.inputs = null;
             if (!field.label)
-                field.label = <?php echo json_encode( esc_html__( 'Newsletter subscription', 'siteground-email-marketing' ) ); ?>;
+                field.label = <?php echo wp_json_encode( esc_html__( 'Newsletter subscription', 'siteground-email-marketing' ) ); ?>;
             if( !field.sgwpmailConsentToggle)
                 field.sgwpmailConsentToggle = true;
             if( !field.sgwpmailConsentText)
-                field.sgwpmailConsentText = '<?php _e( 'Subscribe to our Newsletter', 'siteground-email-marketing' ); ?>';
+                field.sgwpmailConsentText = '<?php esc_html_e( 'Subscribe to our Newsletter', 'siteground-email-marketing' ); ?>';
                 jQuery( '.sg_email_marketing_field_preview_label').text(field.sgwpmailConsentText);
             break;

siteground-email-marketing/trunk/core/Integrations/ThirdParty/NinjaForms/SGWPMAIL_Action.php

@@ -102 +102 @@
      */
     public function get_groups_html( $action ) {
-        $form_id = isset( $_GET['form_id'] ) ? wp_unslash( $_GET['form_id'] ) : 0;
+        $form_id = isset( $_GET['form_id'] ) ? sanitize_text_field( wp_unslash( $_GET['form_id'] ) ) : 0; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
         $form = \Ninja_Forms()->form( $form_id )->get();

siteground-email-marketing/trunk/core/Integrations/ThirdParty/WPForms/SGWPMAIL_WPForms_Field.php

@@ -204 +204 @@
     public function field_preview( $field ) {
         echo '<h4 class="sg-email-marketing-checkbox-disabled"><i class="fa fa-eye-slash"></i> ' .
-            __( 'Consent checkbox is NOT ADDED. We recommend adding a consent checkbox if the main purpose of the form is not subscription. To include a consent checkbox, simply click on this alert and activate the Consent Checkbox option from the settings menu.<br>Note: This message is for administrative purposes and will not be visible to users.', 'siteground-email-marketing' ) .
+            esc_html__( 'Consent checkbox is NOT ADDED. We recommend adding a consent checkbox if the main purpose of the form is not subscription. To include a consent checkbox, simply click on this alert and activate the Consent Checkbox option from the settings menu.<br>Note: This message is for administrative purposes and will not be visible to users.', 'siteground-email-marketing' ) .
             '</h4>';
 
         $checkbox_text = isset( $field['sg_email_marketing_checkbox_text'] ) ? $field['sg_email_marketing_checkbox_text'] : '';
 
-        printf( '<div class="sg-email-marketing-checkbox-enabled"><input type="checkbox" disabled><span class="sg_email_marketing_field_preview_label">%s</span></div>', $checkbox_text );
-
+        printf( '<div class="sg-email-marketing-checkbox-enabled"><input type="checkbox" disabled><span class="sg_email_marketing_field_preview_label">%s</span></div>', esc_html( $checkbox_text ) );
     }
 
@@ -229 +228 @@
         $field_id   = $field['properties']['inputs']['primary']['id'];
         $field_name = $field['properties']['inputs']['primary']['attr']['name'];
-        printf( '<input id="%s" value="1" name="%s" type="checkbox"><label for="%s" class="sg_email_marketing_field_preview_label">%s</span>', $field_id, $field_name, $field_id, $field['sg_email_marketing_checkbox_text'] );
-
+        printf( '<input id="%s" value="1" name="%s" type="checkbox"><label for="%s" class="sg_email_marketing_field_preview_label">%s</span>', esc_attr( $field_id ), esc_attr( $field_name ), esc_attr( $field_id ), esc_html( $field['sg_email_marketing_checkbox_text'] ) );
     }
 

siteground-email-marketing/trunk/core/Integrations/ThirdParty/WPForms/WPForms.php

@@ -78 +78 @@
      */
     public function enqueue_styles_scripts() {
-        wp_enqueue_script( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/js/selectize.min.js', array( 'jquery' ) );
-        wp_enqueue_style( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/css/selectize.default.min.css' );
-        wp_enqueue_style( 'googleFonts', '//fonts.googleapis.com/css2?family=Roboto&display=swap', array(), null );
+        wp_enqueue_script( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/js/selectize.min.js', array( 'jquery' ), '0.15.2', true );
+        wp_enqueue_style( 'selectize.js', 'https://cdnjs.cloudflare.com/ajax/libs/selectize.js/0.15.2/css/selectize.default.min.css', array(), '0.15.2', 'all' );
+        wp_enqueue_style( 'googleFonts', '//fonts.googleapis.com/css2?family=Roboto&display=swap', array(), '1.0.0', 'all' );
 
         wp_enqueue_script(
@@ -105 +105 @@
      */
     public function save_form() {
-        if ( isset( $_POST['form_id'] ) && isset( $_POST['sg_email_marketing_groups'] ) ) {
-            update_post_meta( esc_attr( $_POST['form_id'] ), 'sg_email_marketing_groups', json_decode( stripslashes( $_POST['sg_email_marketing_groups'] ) ) );
+        if ( isset( $_POST['form_id'] ) && isset( $_POST['sg_email_marketing_groups'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+            update_post_meta( esc_attr( $_POST['form_id'] ), 'sg_email_marketing_groups', json_decode( stripslashes( $_POST['sg_email_marketing_groups'] ) ) ); // phpcs:ignore
         }
     }

siteground-email-marketing/trunk/core/Pages/Page.php

@@ -52 +52 @@
         // Hide all error in our page.
         if (
-            isset( $_GET['page'] ) &&
+            isset( $_GET['page'] ) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
             ( $this->page_id === $_GET['page'] ) // phpcs:ignore
         ) {

siteground-email-marketing/trunk/core/Renderer/Renderer.php

@@ -153 +153 @@
      */
     public function render( $form_id, $attr ) {
-        $form         = get_post( $form_id );
+        $form_id = (int) $form_id;
+        $form = get_post( $form_id );
+        // Check if the form id belongs to the 'sg_form' post type.
+        if ( 'sg_form' !== $form->post_type ) {
+            return;
+        }
+
         $fields       = json_decode( $form->post_content );
         $attr['hash'] = bin2hex( random_bytes( 18 ) );
@@ -159 +165 @@
         $orientation  = isset( $attr['formOrientation'] ) ? 'sg-marketing-form-container-' . $attr['formOrientation'] : 'sg-marketing-form-container-column';
 
-        $html .= '<form class="sg-marketing-form sg-email-marketing-form-' . $form_id . '-' . $attr['hash'] . '">';
+        $html .= '<form class="sg-marketing-form sg-email-marketing-form-' . esc_attr( $form_id ) . '-' . $attr['hash'] . '">';
         $html .= \wp_nonce_field( 'sg-email-marketing-form', '_wpnonce', true, false );
-        $html .= '<div class="sg-email-marketing-form-' . $form_id . '-' . $attr['hash'] . ' sg-marketing-form-submit_message sg-marketing-form-submit_message--hidden sg-marketing-form-submit_message--success">' . $fields->settings->success_message . '</div>';
-        $html .= '<div class="sg-email-marketing-form-' . $form_id . '-' . $attr['hash'] . ' sg-marketing-form-submit_message sg-marketing-form-submit_message--hidden sg-marketing-form-submit_message--error">' . __( 'There was an issue submitting the form!', 'siteground-email-marketing' ) . '</div>';
-        $html .= '<fieldset id="sg-email-marketing-' . esc_attr( $form_id ) . '" class="sg-marketing-form-container sg-email-marketing-form-' . $form_id . '-' . $attr['hash'] . ' ' . esc_attr( $orientation ) . '">';
+        $html .= '<div class="sg-email-marketing-form-' . esc_attr( $form_id ) . '-' . $attr['hash'] . ' sg-marketing-form-submit_message sg-marketing-form-submit_message--hidden sg-marketing-form-submit_message--success">' . esc_html( $fields->settings->success_message ) . '</div>';
+        $html .= '<div class="sg-email-marketing-form-' . esc_attr( $form_id ) . '-' . $attr['hash'] . ' sg-marketing-form-submit_message sg-marketing-form-submit_message--hidden sg-marketing-form-submit_message--error">' . __( 'There was an issue submitting the form!', 'siteground-email-marketing' ) . '</div>';
+        $html .= '<fieldset id="sg-email-marketing-' . esc_attr( $form_id ) . '" class="sg-marketing-form-container sg-email-marketing-form-' . esc_attr( $form_id ) . '-' . $attr['hash'] . ' ' . esc_attr( $orientation ) . '">';
 
         // Check if $fields->title is set and is an array.
@@ -205 +211 @@
                     $html .= '<div class="sg-input-container">';
                     if ( ! empty( $field->label ) ) {
-                        $html .= '<label for="input-' . esc_attr( $field->id ) . $attr['hash'] . '"> ' . $field->label;
+                        $html .= '<label for="input-' . esc_attr( $field->id ) . $attr['hash'] . '"> ' . esc_html( $field->label );
                             $html .= ( $required ? ' <span class="sg-marketing-form-required-label" aria-hidden="true">*</span>' : '' );
                         $html .= '</label>';
@@ -229 +235 @@
 
             $link = ! empty( $fields->consent->consent_link ) ?
-                '<a ' . $new_tab . ' href="' . $fields->consent->consent_link . '">' . $fields->consent->consent_text . '</a>' :
-                $fields->consent->consent_text;
+                '<a ' . $new_tab . ' href="' . esc_url( $fields->consent->consent_link ) . '">' . esc_html( $fields->consent->consent_text ) . '</a>' :
+                esc_html( $fields->consent->consent_text );
 
             if ( ! empty( $fields->consent->consent_checkbox ) ) {

siteground-email-marketing/trunk/core/Rest/Controllers/v1/Pages/Forms.php

@@ -23 +23 @@
 
     /**
+     * The Database placeholder.
+     */
+    public $wpdb;
+
+    /**
      * The Constructor.
      *
@@ -31 +36 @@
         $this->namespace = $this->rest_namespace;
         $this->rest_base = 'forms';
+
+        global $wpdb;
+        $this->wpdb = $wpdb;
     }
 
@@ -85 +93 @@
      */
     public function form_title_exists( $title, $id ) {
-        global $wpdb;
-
-        $posts = $wpdb->get_results(
-            $wpdb->prepare(
-                "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type = 'sg_form' AND post_status = 'publish' LIMIT 1",
-                $title,
-            ),
+
+        $posts = $this->wpdb->get_results(
+                    $this->wpdb->prepare( // phpcs:ignore
+                        'SELECT ID FROM ' . esc_sql( $this->wpdb->posts ) . " WHERE post_title = %s AND post_type = 'sg_form' AND post_status = 'publish' LIMIT 1",
+                        esc_sql( $title ),
+                    ),
             ARRAY_A
         );

siteground-email-marketing/trunk/core/Services/Cron/Cron.php

@@ -34 +34 @@
 
     /**
+     * The Database placeholder.
+     */
+    public $wpdb;
+
+    /**
      * The constructor.
      *
@@ -42 +47 @@
     public function __construct( $background_process ) {
         $this->background_process = $background_process;
+
+        global $wpdb;
+        $this->wpdb = $wpdb;
     }
 
@@ -85 +93 @@
      */
     private function get_data() {
-        global $wpdb;
 
-        $results = $wpdb->get_results(
-            "
-            SELECT `meta_value`
-                FROM $wpdb->postmeta 
-            WHERE `meta_key` = 'sg_email_marketing_user_data'
-            UNION ALL
-            SELECT `meta_value`
-                FROM $wpdb->usermeta 
-            WHERE `meta_key` = 'sg_email_marketing_user_data'
-            UNION ALL
-            SELECT `meta_value`
-                FROM $wpdb->commentmeta 
-            WHERE `meta_key` = 'sg_email_marketing_user_data'
-            "
+        $results = $this->wpdb->get_results(
+                        $this->wpdb->prepare( //phpcs:ignore
+                            '
+                            SELECT `meta_value`
+                                FROM ' . esc_sql( $this->wpdb->postmeta ) . '
+                            WHERE `meta_key` = %s
+                            UNION ALL
+                            SELECT `meta_value`
+                                FROM ' . esc_sql( $this->wpdb->usermeta ) . ' 
+                            WHERE `meta_key` = %s
+                            UNION ALL
+                            SELECT `meta_value`
+                                FROM ' . esc_sql( $this->wpdb->commentmeta ) . ' 
+                            WHERE `meta_key` = %s
+                            ',
+                            'sg_email_marketing_user_data',
+                            'sg_email_marketing_user_data',
+                            'sg_email_marketing_user_data'
+                        )
         );
+
         foreach( $results as $index => $result ) {
             if ( is_array( $result->meta_value ) ) {
@@ -128 +141 @@
         global $wpdb;
 
-        $results = $wpdb->get_results( "DELETE FROM $wpdb->postmeta WHERE `meta_key` = 'sg_email_marketing_user_data';" );
-        $results = $wpdb->get_results( "DELETE FROM $wpdb->usermeta WHERE `meta_key` = 'sg_email_marketing_user_data';" );
-        $results = $wpdb->get_results( "DELETE FROM $wpdb->commentmeta WHERE `meta_key` = 'sg_email_marketing_user_data';" );
+        $results = $wpdb->get_results(
+                    $wpdb->prepare(  //phpcs:ignore
+                        'DELETE FROM ' . esc_sql( $wpdb->postmeta ) . ' WHERE `meta_key` = %s;',
+                        'sg_email_marketing_user_data'
+                    )
+        );
+
+        $results = $wpdb->get_results(
+                    $wpdb->prepare(  //phpcs:ignore
+                        'DELETE FROM ' . esc_sql( $wpdb->usermeta ) . ' WHERE `meta_key` = %s;',
+                        'sg_email_marketing_user_data'
+                    )
+        );
+
+        $results = $wpdb->get_results(
+                    $wpdb->prepare(  //phpcs:ignore
+                        'DELETE FROM ' . esc_sql( $wpdb->commentmeta ) . ' WHERE `meta_key` = %s;',
+                        'sg_email_marketing_user_data'
+                    )
+        );
     }
 }

siteground-email-marketing/trunk/core/Services/Mailer_Api/Mailer_Api.php

@@ -26 +26 @@
 
     /**
-     * Call the mailer api.
+     * Call the mailer API.
      *
      * @since  1.0.0
@@ -36 +36 @@
      * @throws \Exception An exception if something went wrong.
      *
-     * @return array         The response from the mailer api.
+     * @return array         The response from the mailer API.
      */
     private function call( $route, $data = array(), $method = 'GET' ) {
         if ( empty( $this->token ) ) {
-            throw new \Exception( __( 'Missing api token.', 'siteground-email-marketing' ), 400 );
+            throw new \Exception( esc_html__( 'Missing api token.', 'siteground-email-marketing' ), 400 );
         }
 
         // Load .env and retrieve constants.
-        $api_url  = ! isset( $_ENV['SG_EM_API_URL'] ) ? self::API_URL : $_ENV['SG_EM_API_URL'];
-        $api_host = ! isset( $_ENV['SG_EM_API_HOST'] ) ? '' : $_ENV['SG_EM_API_HOST'];
+        $api_url  = ! isset( $_ENV['SG_EM_API_URL'] ) ? self::API_URL : esc_url_raw( $_ENV['SG_EM_API_URL'] );
+        $api_host = ! isset( $_ENV['SG_EM_API_HOST'] ) ? '' : sanitize_text_field( $_ENV['SG_EM_API_HOST'] );
 
         $headers = array(
@@ -213 +213 @@
 
             if ( 401 === $status_code ) {
-                throw new \Exception( __( 'Please provide a valid token', 'siteground-email-marketing' ), 403 );
+                throw new \Exception( esc_html__( 'Please provide a valid token', 'siteground-email-marketing' ), 403 );
             }
         }
@@ -239 +239 @@
 
         if ( is_wp_error( $response ) ) {
-            throw new \Exception( __( 'WordPress cannot process the request.', 'siteground-email-marketing' ), 400 );
+            throw new \Exception( esc_html__( 'WordPress cannot process the request.', 'siteground-email-marketing' ), 400 );
         }
 

siteground-email-marketing/trunk/sg-email-marketing.php

@@ -11 +11 @@
  * Plugin URI:        https://siteground.com
  * Description:       Use this plugin to link your WordPress site with the SiteGround Email Marketing service and seamlessly grow your mailing list!
- * Version:           1.7.1
+ * Version:           1.7.2
  * Author:            SiteGround
  * Author URI:        https://www.siteground.com
@@ -33 +33 @@
 // Define version constant.
 if ( ! defined( __NAMESPACE__ . '\VERSION' ) ) {
-    define( __NAMESPACE__ . '\VERSION', '1.7.1' );
+    define( __NAMESPACE__ . '\VERSION', '1.7.2' );
 }
 

siteground-email-marketing/trunk/templates/CF7_Checkbox_Markup.php

@@ -3 +3 @@
     <input type="checkbox" name="<?php echo esc_attr( $this->checkbox_name ); ?>" value="1" />
     <label for="<?php echo esc_attr( $this->checkbox_name ); ?>">
-        <?php echo $label; ?>
+        <?php echo esc_html( $label ); ?>
     </label>
 </span>

siteground-email-marketing/trunk/templates/CF7_Integration_Tab_Template.php

@@ -1 +1 @@
 <div class="sgwpmail-cf7-integration">
-    <h3 class="sgwpmail-cf7-page-heading"> <?php _e( 'SiteGround Email Marketing', 'siteground-email-marketing' ); ?> </h3>
+    <h3 class="sgwpmail-cf7-page-heading"> <?php esc_html_e( 'SiteGround Email Marketing', 'siteground-email-marketing' ); ?> </h3>
     <span class="sgwpmail-cf7-enable-checkbox">
-        <h4 class="sgwpmail-cf7-page-label"> <?php _e( 'Enable SG Email Marketing', 'siteground-email-marketing' ) ?> </h4>
-        <input type="checkbox" <?php echo $is_integration_enabled; ?> id="sgwpmail-cf7-enable" name="sgwpmail-cf7-enable"/>
+        <h4 class="sgwpmail-cf7-page-label"> <?php esc_html_e( 'Enable SG Email Marketing', 'siteground-email-marketing' ); ?> </h4>
+        <input type="checkbox" <?php echo esc_attr( $is_integration_enabled ); ?> id="sgwpmail-cf7-enable" name="sgwpmail-cf7-enable"/>
         <label for="sgwpmail-cf7-enable">
-            <?php _e( 'Enable people filling this form to be added as subscribers to SiteGround Email Marketing', 'siteground-email-marketing' ); ?>
+            <?php esc_html_e( 'Enable people filling this form to be added as subscribers to SiteGround Email Marketing', 'siteground-email-marketing' ); ?>
         </label>
     </span>
     <span class="sgwpmail-cf7-checkbox-toggle">
-        <h4 class="sgwpmail-cf7-page-label"> <?php _e( 'Manage Consent', 'siteground-email-marketing' ); ?></h4>
-        <input type="checkbox" <?php echo $is_checkbox_enabled; ?> id="sgwpmail-cf7-checkbox-toggle" name="sgwpmail-cf7-checkbox-toggle"/>
+        <h4 class="sgwpmail-cf7-page-label"> <?php esc_html_e( 'Manage Consent', 'siteground-email-marketing' ); ?></h4>
+        <input type="checkbox" <?php echo esc_attr( $is_checkbox_enabled ); ?> id="sgwpmail-cf7-checkbox-toggle" name="sgwpmail-cf7-checkbox-toggle"/>
         <label for="sgwpmail-cf7-checkbox-toggle">
-            <?php _e( 'Display consent checkbox. (Recommended if subscription is not the main purpose of the form)', 'siteground-email-marketing' ); ?>
+            <?php esc_html_e( 'Display consent checkbox. (Recommended if subscription is not the main purpose of the form)', 'siteground-email-marketing' ); ?>
         </label>
     </span>
     <span class="sgwpmail-cf7-checkbox-label-input">
         <label class="sgwpmail-cf7-page-label" for="sgwpmail-cf7-checbkox-label">
-            <?php _e( 'Consent checkbox text.', 'siteground-email-marketing' ); ?>
+            <?php esc_html_e( 'Consent checkbox text.', 'siteground-email-marketing' ); ?>
         </label>
-        <input id="sgwpmail-cf7-checkbox-label" name="sgwpmail-cf7-checkbox-label" value="<?php echo $checkbox_label; ?>"/>
+        <input id="sgwpmail-cf7-checkbox-label" name="sgwpmail-cf7-checkbox-label" value="<?php echo esc_attr( $checkbox_label ); ?>"/>
     </span>
     <span class=sgwpmail-cf7-labels-dropdown>
         <label class="sgwpmail-cf7-page-label" for="sgwpmail-cf7-labels">
-            <?php _e( 'Groups', 'siteground-email-marketing' ); ?>
+            <?php esc_html_e( 'Groups', 'siteground-email-marketing' ); ?>
         </label>
         <select multiple id="sgwpmail-cf7-labels" name="sgwpmail-cf7-labels[]">
@@ -29 +29 @@
                 foreach ( $labels_list['data'] as $label ) {
                     if ( 'array' === gettype( $saved_labels ) && \in_array( $label['name'], $saved_labels ) ) {
-                        echo '<option selected value="' . $label['name'] . '">' . $label['name'] . '</option>';
+                        echo '<option selected value="' . esc_attr( $label['name'] ) . '">' . esc_html( $label['name'] ) . '</option>';
                         continue;
                     }
-                    echo '<option value="' . $label['name'] . '">' . $label['name'] . '</option>';
+                    echo '<option value="' . esc_attr( $label['name'] ) . '">' . esc_html( $label['name'] ) . '</option>';
                 }
             ?>
         </select>
         <span class="sgwpmail-description">
-            <?php _e( 'People subscribing through this form will be added to the selected groups', 'siteground-email-marketing' ); ?>
+            <?php esc_html_e( 'People subscribing through this form will be added to the selected groups', 'siteground-email-marketing' ); ?>
         </span>
     </span>

siteground-email-marketing/trunk/templates/GF_Integration_Field_Settings.php

@@ -15 +15 @@
         <span class=sgwpmail-groups-dropdown>
             <label class="sgwpmail-page-label" for="sgwpmail-gf-groups">
-                <?php _e( 'Groups', 'siteground-email-marketing' ); ?>
+                <?php esc_html_e( 'Groups', 'siteground-email-marketing' ); ?>
                 <?php \gform_tooltip( 'sgwpmail_groups' ); ?>
             </label>
@@ -22 +22 @@
                 foreach ( $labels_list as $label ) {
                     if ( 'array' === gettype( $saved_labels ) && \in_array( $label, $saved_labels ) ) {
-                        echo '<option selected value="' . $label . '">' . $label . '</option>';
+                        echo '<option selected value="' . esc_attr( $label ) . '">' . esc_html( $label ) . '</option>';
                         continue;
                     }
-                    echo '<option value="' . $label . '">' . $label . '</option>';
+                    echo '<option value="' . esc_attr( $label ) . '">' . esc_html( $label ) . '</option>';
                 }
                 ?>
@@ -32 +32 @@
     </li>
     <li class="sgwpmail_consent_toggle field_setting">
-        <label> <?php _e( 'Manage Consent', 'siteground-email-marketing' ); ?> </label>
+        <label> <?php esc_html_e( 'Manage Consent', 'siteground-email-marketing' ); ?> </label>
         <input type="checkbox" id="field_sgwpmail_consent_toggle" onclick="sgwpmail_change_consent_checkbox(this);" />
         <label for="field_sgwpmail_consent_toggle" style="display:inline;">
-            <?php _e( "Display consent checkbox", "siteground-email-marketing" ); ?>
+            <?php esc_html_e( "Display consent checkbox", "siteground-email-marketing" ); ?>
             <?php \gform_tooltip( 'sgwpmail_manage_consent' ); ?>
         </label>
@@ -46 +46 @@
     <li class="sgwpmail_consent_text field_setting">
         <label for="field_sgwpmail_consent_text">
-            <?php _e("Consent Checkbox Text", "siteground-email-marketing"); ?>
+            <?php esc_html_e( "Consent Checkbox Text", "siteground-email-marketing" ); ?>
             <?php \gform_tooltip( 'sgwpmail_consent_label' ); ?>
         </label>