WordPress.org
Get WordPress

Plugin Directory

Changeset 3433276


Ignore:
Timestamp:
01/06/2026 06:59:05 AM (6 weeks ago)
Author:
zealopensource
Message:

Update to version 2.6 from GitHub

Location:
user-registration-using-contact-form-7
Files:
10 edited
1 copied

Legend:

Unmodified
Added
Removed

  • user-registration-using-contact-form-7/tags/2.6/assets/js/admin.js

    r3420008 r3433276  
    77            dataType: "json",
    88            url: ajaxurl,
    9             data: { action: "get_cf7_form_data", zurcf7_formid: zurcf7_formid },
     9            data: { action: "get_cf7_form_data", zurcf7_formid: zurcf7_formid, nonce: cf7forms_data.ajax_nonce },
    1010            beforeSend: function() {
    1111                $('.loader').show();

  • user-registration-using-contact-form-7/tags/2.6/inc/admin/class.zurcf7.admin.action.php

    r3420008 r3433276  
    6161            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Display check, not form processing
    6262            $post_type = isset( $_GET['post_type'] ) ? sanitize_text_field( wp_unslash( $_GET['post_type'] ) ) : '';
    63             if( $post_type && (ZURCF7_POST_TYPE === $post_type) ){
     63            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Display check, not form processing
     64            $page = isset( $_GET['page'] ) ? sanitize_text_field( wp_unslash( $_GET['page'] ) ) : '';
     65            if( ( $post_type && (ZURCF7_POST_TYPE === $post_type) ) || ( $page && 'zurcf7_settings' === $page ) ){
    6466                wp_register_script( ZURCF7_PREFIX . '-admin-js', ZURCF7_URL . 'assets/js/admin.min.js', array( 'jquery-core' ), ZURCF7_VERSION, false );
    6567                wp_register_style( ZURCF7_PREFIX . '-admin-css', ZURCF7_URL . 'assets/css/admin.min.css', array(), ZURCF7_VERSION );
     
    7880                    'zurcf7_fb_signup_app_id_tool' => __( '<h3>App Id</h3><p>Please enter app id.</p>', 'user-registration-using-contact-form-7' ),
    7981                    'zurcf7_fb_app_secret_tool' => __( '<h3>App Secret</h3><p>Please enter app secret.</p>', 'user-registration-using-contact-form-7' ),
    80                    
     82                    'ajax_nonce' => wp_create_nonce( 'zurcf7_get_cf7_form_data' ),
    8183                );
    8284

  • user-registration-using-contact-form-7/tags/2.6/inc/class.zurcf7.php

    r3420008 r3433276  
    4242            #get Contact form data in admin
    4343            add_action("wp_ajax_get_cf7_form_data", array($this,"fn_get_cf7_form_data"));
    44             add_action("wp_ajax_nopriv_get_cf7_form_data", array($this,"fn_get_cf7_form_data"));
    4544
    4645        }
     
    179178         */
    180179        function fn_get_cf7_form_data(){
    181         //Get current saved CF7 ID
     180            // Check user capabilities - only allow users with manage_options capability
     181            if ( ! current_user_can( 'manage_options' ) ) {
     182                wp_send_json( array( 'response' => 'error', 'formtag' => '<option value="">Unauthorized access</option>' ) );
     183                return;
     184            }
     185
     186            // Verify nonce for additional security
     187            if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'zurcf7_get_cf7_form_data' ) ) {
     188                wp_send_json( array( 'response' => 'error', 'formtag' => '<option value="">Security check failed</option>' ) );
     189                return;
     190            }
     191
     192            //Get current saved CF7 ID
    182193            $zurcf7_formid = (get_option( 'zurcf7_formid')) ? get_option( 'zurcf7_formid') : "";
    183194
    184             $html .= '<option value="">Select field</option>';
     195            $html = '<option value="">Select field</option>';
    185196            if(!empty(sanitize_text_field($_POST['zurcf7_formid']))){  //phpcs:ignore
    186197

  • user-registration-using-contact-form-7/tags/2.6/readme.txt

    r3420008 r3433276  
    66Requires at least: 3.5
    77Tested up to:  6.9
    8 Stable tag: 2.5
     8Stable tag: 2.6
    99Requires PHP: 5.6
    1010License: GPL-3.0
    11 Version: 2.5
     11Version: 2.6
    1212License URI: http://www.gnu.org/licenses/gpl-3.0.html
    1313
     
    108108== Changelog ==
    109109
     110= 2.6 =
     111* Security: Fixed unauthorized access vulnerability
     112* Added nonce verification.
     113
    110114= 2.5 =
    111115* Security: Addressed potential user registration vulnerability via Contact Form 7.
     
    140144== Upgrade Notice ==
    141145
     146= 2.6 =
     147* Security: Fixed unauthorized access vulnerability
     148* Added nonce verification.
     149
     150= 2.5 =
     151* Security: Addressed potential user registration vulnerability via Contact Form 7.
     152* Added input validation, nonce verification, and proper role handling.
     153
    142154= 2.4 =
    143155* ACF Field Condition Updated.

  • user-registration-using-contact-form-7/tags/2.6/user-registration-cf7.php

    r3420008 r3433276  
    44 * Plugin URL: https://wordpress.org/plugin-url/
    55 * Description: User Registration Using Contact Form 7 plugin provide the feature to register the user to the website using Contact Form 7.
    6  * Version: 2.5
     6 * Version: 2.6
    77 * Author: ZealousWeb
    88 * Author URI: https://www.zealousweb.com/
     
    2828
    2929if ( !defined( 'ZURCF7_VERSION' ) ) {
    30     define( 'ZURCF7_VERSION', '2.5' ); // Version of plugin
     30    define( 'ZURCF7_VERSION', '2.6' ); // Version of plugin
    3131}
    3232

  • user-registration-using-contact-form-7/trunk/assets/js/admin.js

    r3420008 r3433276  
    77            dataType: "json",
    88            url: ajaxurl,
    9             data: { action: "get_cf7_form_data", zurcf7_formid: zurcf7_formid },
     9            data: { action: "get_cf7_form_data", zurcf7_formid: zurcf7_formid, nonce: cf7forms_data.ajax_nonce },
    1010            beforeSend: function() {
    1111                $('.loader').show();

  • user-registration-using-contact-form-7/trunk/inc/admin/class.zurcf7.admin.action.php

    r3420008 r3433276  
    6161            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Display check, not form processing
    6262            $post_type = isset( $_GET['post_type'] ) ? sanitize_text_field( wp_unslash( $_GET['post_type'] ) ) : '';
    63             if( $post_type && (ZURCF7_POST_TYPE === $post_type) ){
     63            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Display check, not form processing
     64            $page = isset( $_GET['page'] ) ? sanitize_text_field( wp_unslash( $_GET['page'] ) ) : '';
     65            if( ( $post_type && (ZURCF7_POST_TYPE === $post_type) ) || ( $page && 'zurcf7_settings' === $page ) ){
    6466                wp_register_script( ZURCF7_PREFIX . '-admin-js', ZURCF7_URL . 'assets/js/admin.min.js', array( 'jquery-core' ), ZURCF7_VERSION, false );
    6567                wp_register_style( ZURCF7_PREFIX . '-admin-css', ZURCF7_URL . 'assets/css/admin.min.css', array(), ZURCF7_VERSION );
     
    7880                    'zurcf7_fb_signup_app_id_tool' => __( '<h3>App Id</h3><p>Please enter app id.</p>', 'user-registration-using-contact-form-7' ),
    7981                    'zurcf7_fb_app_secret_tool' => __( '<h3>App Secret</h3><p>Please enter app secret.</p>', 'user-registration-using-contact-form-7' ),
    80                    
     82                    'ajax_nonce' => wp_create_nonce( 'zurcf7_get_cf7_form_data' ),
    8183                );
    8284

  • user-registration-using-contact-form-7/trunk/inc/class.zurcf7.php

    r3420008 r3433276  
    4242            #get Contact form data in admin
    4343            add_action("wp_ajax_get_cf7_form_data", array($this,"fn_get_cf7_form_data"));
    44             add_action("wp_ajax_nopriv_get_cf7_form_data", array($this,"fn_get_cf7_form_data"));
    4544
    4645        }
     
    179178         */
    180179        function fn_get_cf7_form_data(){
    181         //Get current saved CF7 ID
     180            // Check user capabilities - only allow users with manage_options capability
     181            if ( ! current_user_can( 'manage_options' ) ) {
     182                wp_send_json( array( 'response' => 'error', 'formtag' => '<option value="">Unauthorized access</option>' ) );
     183                return;
     184            }
     185
     186            // Verify nonce for additional security
     187            if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'zurcf7_get_cf7_form_data' ) ) {
     188                wp_send_json( array( 'response' => 'error', 'formtag' => '<option value="">Security check failed</option>' ) );
     189                return;
     190            }
     191
     192            //Get current saved CF7 ID
    182193            $zurcf7_formid = (get_option( 'zurcf7_formid')) ? get_option( 'zurcf7_formid') : "";
    183194
    184             $html .= '<option value="">Select field</option>';
     195            $html = '<option value="">Select field</option>';
    185196            if(!empty(sanitize_text_field($_POST['zurcf7_formid']))){  //phpcs:ignore
    186197

  • user-registration-using-contact-form-7/trunk/readme.txt

    r3420008 r3433276  
    66Requires at least: 3.5
    77Tested up to:  6.9
    8 Stable tag: 2.5
     8Stable tag: 2.6
    99Requires PHP: 5.6
    1010License: GPL-3.0
    11 Version: 2.5
     11Version: 2.6
    1212License URI: http://www.gnu.org/licenses/gpl-3.0.html
    1313
     
    108108== Changelog ==
    109109
     110= 2.6 =
     111* Security: Fixed unauthorized access vulnerability
     112* Added nonce verification.
     113
    110114= 2.5 =
    111115* Security: Addressed potential user registration vulnerability via Contact Form 7.
     
    140144== Upgrade Notice ==
    141145
     146= 2.6 =
     147* Security: Fixed unauthorized access vulnerability
     148* Added nonce verification.
     149
     150= 2.5 =
     151* Security: Addressed potential user registration vulnerability via Contact Form 7.
     152* Added input validation, nonce verification, and proper role handling.
     153
    142154= 2.4 =
    143155* ACF Field Condition Updated.

  • user-registration-using-contact-form-7/trunk/user-registration-cf7.php

    r3420008 r3433276  
    44 * Plugin URL: https://wordpress.org/plugin-url/
    55 * Description: User Registration Using Contact Form 7 plugin provide the feature to register the user to the website using Contact Form 7.
    6  * Version: 2.5
     6 * Version: 2.6
    77 * Author: ZealousWeb
    88 * Author URI: https://www.zealousweb.com/
     
    2828
    2929if ( !defined( 'ZURCF7_VERSION' ) ) {
    30     define( 'ZURCF7_VERSION', '2.5' ); // Version of plugin
     30    define( 'ZURCF7_VERSION', '2.6' ); // Version of plugin
    3131}
    3232
Note: See TracChangeset for help on using the changeset viewer.