WordPress.org
Get WordPress

Plugin Directory

Changeset 3056679


Ignore:
Timestamp:
03/22/2024 09:52:47 AM (2 years ago)
Author:
123contactform
Message:
  • Fix XSS vulnerability
  • Fix un-escaped DB parameter
Location:
captainform/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • captainform/trunk/captainform.php

    r2066324 r3056679  
    1717 * Plugin URI:        http://captainform.com
    1818 * Description:       CaptainForm is a fully-featured WordPress form plugin created for web designers, developers, and also for non-tech savvy users.
    19  * Version:           2.5.3
     19 * Version:           2.5.4
    2020 * Author:            captainform
    2121 * Author URI:        https://profiles.wordpress.org/captainform

  • captainform/trunk/includes/class-captainform.php

    r2066324 r3056679  
    3939     */
    4040    protected $loader;
    41    
     41
    4242    /**
    4343     * The class that's responsible for maintaining and registering all account settings
     
    4848     */
    4949    protected $account;
    50    
     50
    5151    /**
    5252     * The class responsible for defining all actions that occur in the admin area.
     
    5757     */
    5858    protected $admin;
    59    
     59
    6060    /**
    6161     * The class that's responsible for maintaining and registering the captainform widget
     
    6666     */
    6767    protected $widget;
    68    
     68
    6969    /**
    7070     * The class that's responsible for captainform utilities
     
    7575     */
    7676    protected $utils;
    77    
     77
    7878    /**
    7979     * The unique identifier of this plugin.
     
    9393     */
    9494    protected $version;
    95    
     95
    9696    /**
    9797     * Define the core functionality of the plugin.
     
    106106
    107107        $this->plugin_name = 'captainform';
    108         $this->version = '2.5.3';
     108        $this->version = '2.5.4';
    109109
    110110        $this->load_dependencies();
    111111        $this->set_locale();
    112112        $this->define_general_hooks();
    113        
     113
    114114        if(defined( 'DOING_AJAX' ) && DOING_AJAX)
    115115            $this->define_ajax_hooks();
     
    147147         */
    148148        require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/class-captainform-loader.php';
    149        
     149
    150150        /**
    151151         * The class responsible for defining internationalization functionality
     
    153153         */
    154154        require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/class-captainform-i18n.php';
    155        
     155
    156156        /**
    157157         * The class responsible for captainform widget.
     
    194194        $this->widget = new Captainform_Widget();
    195195        $this->utils = new Captainform_Utils();
    196        
     196
    197197    }
    198198
     
    245245     */
    246246    private function load_admin_dependencies() {
    247        
     247
    248248        /**
    249249         * The class responsible for maintaining and registering all account settings
    250250         */
    251251        require_once plugin_dir_path(dirname(__FILE__)) . 'includes/class-captainform-account.php';
    252        
     252
    253253        /**
    254254         * The class responsible for defining all actions that occur in the admin area.
    255255         */
    256256        require_once plugin_dir_path(dirname(__FILE__)) . 'admin/class-captainform-admin.php';
    257        
     257
    258258        $this->admin = new Captainform_Admin( $this->get_plugin_name(), $this->get_version() );
    259259        $this->account = new Captainform_Account( $this->get_plugin_name(), $this->get_version() );
    260        
    261     }
    262    
     260
     261    }
     262
    263263    /**
    264264     * Load the required dependencies for the public-facing functionality of the plugin.
     
    272272     */
    273273    private function load_public_dependencies() {
    274        
     274
    275275        /**
    276276         * The class responsible for defining all actions that occur in the public-facing
     
    280280
    281281    }
    282    
     282
    283283    /**
    284284     * Define the locale for this plugin for internationalization.
     
    295295
    296296        $this->loader->add_action( 'plugins_loaded', $plugin_i18n, 'load_plugin_textdomain' );
    297        
    298     }
    299    
     297
     298    }
     299
    300300    /**
    301301     * Register all of the hooks related both to the public-facing functionality and the admin area functionality
     
    306306     */
    307307    private function define_general_hooks() {
    308        
     308
    309309        $php_version = phpversion();
    310310        if ($php_version >= 5.3) {
    311311            $this->loader->add_action( 'widgets_init', $this->widget, 'register_widget' );
    312312        } else if ($php_version >= 5.2) {
     313            // compatibility with OLD php versions
     314            // phpcs:disable WordPress.PHP.RestrictedPHPFunctions.create_function_create_function
    313315            add_action(
    314316                'widgets_init',
    315317                create_function('', 'return register_widget("Captainform_Widget");')
    316318            );
     319            // phpcs:enable WordPress.PHP.RestrictedPHPFunctions.create_function_create_function
    317320        }
    318        
     321
    319322        $this->loader->add_action( 'init', $this->utils, 'register_post_type' );
    320323        $this->loader->add_action( 'init', $this->utils, 'session_start' );
     
    332335        $this->loader->add_filter('autoptimize_filter_js_exclude', $this->utils, 'autoptimize_override_js_exclude');
    333336    }
    334    
     337
    335338    /**
    336339     * Register all of the hooks related to the admin area functionality
     
    341344     */
    342345    private function define_admin_hooks() {
    343        
     346
    344347        $this->loader->add_action( 'admin_enqueue_scripts', $this->admin, 'enqueue_styles' );
    345348        $this->loader->add_action( 'admin_enqueue_scripts', $this->admin, 'enqueue_scripts' );
    346349        $this->loader->add_action( 'admin_menu', $this->admin, 'add_menu_items' );
    347350        $this->loader->add_action( 'admin_menu', $this->admin, 'register_settings' );
    348        
     351
    349352        $this->loader->add_action( 'init', $this->utils, 'ob_start' );
    350        
     353
    351354        $this->loader->add_action( 'wp_ajax_captainform_insert_dialog', $this->admin, 'mce_insert_dialog' );
    352355
     
    373376        $this->loader->add_action( 'wp_enqueue_scripts', $plugin_public, 'enqueue_styles' );
    374377        $this->loader->add_action( 'wp_enqueue_scripts', $plugin_public, 'enqueue_scripts' );
    375        
     378
    376379        $this->loader->add_filter( 'widget_text', $this->widget, 'text_widget' );
    377380    }
    378    
     381
    379382    /**
    380383     * Register all of the hooks related to WordPress ajax
     
    388391         */
    389392        require_once plugin_dir_path(dirname(__FILE__)) . 'admin/class-captainform-admin.php';
    390        
     393
    391394        $this->admin = new Captainform_Admin( $this->get_plugin_name(), $this->get_version() );
    392395        $this->loader->add_action( 'wp_ajax_captainform_insert_dialog', $this->admin, 'mce_insert_dialog' );
     
    407410        }
    408411    }
    409    
     412
    410413    /**
    411414     * Register all the shortcodes
     
    416419     */
    417420    private function define_shortcodes() {
    418        
     421
    419422        $plugin_shortcodes = new Captainform_Shortcodes( $this->get_plugin_name(), $this->get_version() );
    420        
     423
    421424        $this->loader->add_shortcode( 'captainform', $plugin_shortcodes, 'evaluate' );
    422425        $this->loader->add_shortcode( 'captain-form', $plugin_shortcodes, 'evaluate' );

  • captainform/trunk/includes/integrations/class-captainform-integration-submissions.php

    r1530945 r3056679  
    105105        global $wpdb;
    106106        self::createTable();
     107        // secured encrypted query executed on both WP and 123 databases
     108        // phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
    107109        $statement = $_REQUEST['statement'];
    108110        $select_count = $_REQUEST['select_count'];
    109111        $query = Captainform_Encrypt::decrypt($_REQUEST['query']);
    110         $query = self::str_replace_first('[wp-prefix]',$wpdb->prefix,$query);
    111         //mail('adrian.dumitru.68@gmail.com','WP_RQUEST',print_r($_REQUEST,1));
     112        $query = self::str_replace_first('[wp-prefix]', $wpdb->prefix, $query);
    112113        if($statement == 'SELECT')
    113114        {
     
    125126
    126127        $return = json_encode(array('captainform_valid_response',$return));
    127 
     128        // phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
    128129        echo $return;
    129130        exit();

  • captainform/trunk/public/class-captainform-public-form-embedding.php

    r1585156 r3056679  
    238238            'miliseconds' => $this->is_preview_as_popup() ? 1000 : 3000,
    239239            'customVars' => $custom_vars->get_custom_vars(),
    240             'style' => $this->get_theme_preview_style(),
     240            'style' => esc_js($this->get_theme_preview_style()),
    241241            'lightbox_type' => '',
    242242            'position_class' => '',

  • captainform/trunk/readme.txt

    r2087611 r3056679  
    1 === Forms by CaptainForm - Form Builder for WordPress ===
     1=== Forms by CaptainForm - Form Builder for WordPress ===
    22
    33Contributors: captainform, 123contactform
    4 Tags: CaptainForm, contact form, drag-and-drop, file upload forms, form builder plugin, newsletter subscription, order form, payment form, paypal form, popup form, registration form, secure forms, survey,form builder, event registration, feedback form,booking form, poll, quiz, wordpress contact form, contact form wordpress,contact form for wordpress, wordpress contact forms, contact forms wordpress, contact forms for wordpress, contact form for wordpress free, contact form on wordpress, wordpress contact-form, contact forms in wordpress, wordpress [contact-form], word press contact form, wordpres contact form, contact form in wordpress, contact form wordpres, wordpress form, wordpress forms, forms wordpress, forms for wordpress, form wordpress, word press forms, form in wordpress, form on wordpress, forms on wordpress, form for wordpress, forms in wordpress, wordpress form plugin, wordpress booking forms, wordpress order forms, PayPal form
     4Tags: CaptainForm, contact form, drag-and-drop, file upload forms, form builder plugin, newsletter subscription, order form, payment form, paypal form, popup form, registration form, secure forms, survey,form builder, event registration, survey, feedback form,booking form, poll, quiz, wordpress contact form, contact form wordpress,contact form for wordpress, wordpress contact forms, contact forms wordpress, contact forms for wordpress, contact form for wordpress free, contact form on wordpress, wordpress contact-form, contact forms in wordpress, wordpress [contact-form], word press contact form, wordpres contact form, contact form in wordpress, contact form wordpres, wordpress form, wordpress forms, forms wordpress, forms for wordpress, form wordpress, word press forms, form in wordpress, form on wordpress, forms on wordpress, form for wordpress, forms in wordpress, wordpress form plugin, wordpress booking forms, wordpress order forms, PayPal form
    55Requires at least: 3.9
    66Tested up to: 5.2
     
    427427= Can I make a form active only for a specific period of time? =
    428428
    429 Of course. In the My Forms section, where all of your forms are listed, you'll see on the right side of each form an Active button. If you hover over it, the box will expand and a Custom option will be available. By choosing it, you'll have the possibility to set the period of time when the form is active for your visitors. 
     429Of course. In the My Forms section, where all of your forms are listed, you'll see on the right side of each form an Active button. If you hover over it, the box will expand and a Custom option will be available. By choosing it, you'll have the possibility to set the period of time when the form is active for your visitors.
    430430
    431431= How can I manage the data that I collect through my forms? =
     
    467467= How long is the license key valid? =
    468468
    469 The license key is valid 365 days from the day you activate it. It will expire after 365 days you will activate it, and you will be automatically restricted to access your forms and form submissions, until to the moment you will renew your yearly subscription. 
     469The license key is valid 365 days from the day you activate it. It will expire after 365 days you will activate it, and you will be automatically restricted to access your forms and form submissions, until to the moment you will renew your yearly subscription.
    470470
    471471= What happens to my old service plan? =
    472472
    473 If your subscription year is not over yet, you will be charged only for the difference of the higher plan. You will proceed the process only with one click and you will not need to fill credit card credentials again. 
     473If your subscription year is not over yet, you will be charged only for the difference of the higher plan. You will proceed the process only with one click and you will not need to fill credit card credentials again.
    474474Please, note that your credit card should be still eligible for online purchases.
    475475
     
    483483
    484484== Changelog ==
     485= 2.5.4 (22 March 2024) =
     486* Fix XSS vulnerability
     487* Fix unescaped DB parameter
     488
     489= 2.5.3 (10 April 2020) =
     490* Bug fixes
     491
    485492= 2.5.2 (10 April 2019) =
    486493* Bug fixes
Note: See TracChangeset for help on using the changeset viewer.