WordPress.org
Get WordPress

Plugin Directory

Changeset 3264438


Ignore:
Timestamp:
03/31/2025 12:47:00 PM (12 months ago)
Author:
teamzt
Message:

Resolved LFI issue, escaped outputs, and updated for WordPress 6.7.2.

Location:
smart-agreements
Files:
394 added
8 edited

Legend:

Unmodified
Added
Removed

  • smart-agreements/trunk/includes/class-ztsa-contracts.php

    r3069629 r3264438  
    604604                    );
    605605
    606                     $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", $last_entry_id));
     606                    $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", $last_entry_id));
    607607
    608608
     
    695695            $footer = get_post_meta($post_id, sanitize_key('ztsa_agreement_footer'), true);
    696696            echo $response = wp_json_encode(array("header" => wp_kses_post($header), "body" => wp_kses_post($body), "footer" => wp_kses_post($footer)));
    697        
    698697            exit;
    699698        }
     
    707706        {
    708707            if (!wp_verify_nonce(sanitize_text_field($_POST['ztsa_save_template']), 'ztsa_save_template')) {
    709                 wp_die(__('This Page is Protected.', "smart-agreements"));
     708                wp_die(esc_html__('This Page is Protected.', 'smart-agreements'));
    710709            }
    711710            $template_header_data = wp_kses_post($_POST['template_header_data']);

  • smart-agreements/trunk/includes/class-ztsa-entries-table.php

    r2986796 r3264438  
    2828            $table_name = $table_prefix . 'ztsa_customer_info';
    2929            if ( !empty( $search ) ) {
    30                 $results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE form_id = '%s' ", sanitize_text_field( $search ) ), ARRAY_A );
     30                $results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE form_id = %s", sanitize_text_field( $search ) ), ARRAY_A );
    3131            } else {
    3232                $results = $wpdb->get_results( "SELECT * FROM $table_name", ARRAY_A );
     
    104104                    $customer_info_data = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "ztsa_customer_info WHERE id=%d", $id ) );
    105105
    106                     $Additional_cust_no = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT( * ) FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", $id ) );
    107                     $Additional_cust_sign = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT( customer_sign ) FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", $id ) );
     106                    $Additional_cust_no = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT( * ) FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", $id ) );
     107                    $Additional_cust_sign = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT( customer_sign ) FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", $id ) );
    108108
    109109                    $customer_sign = ( !empty( $items['customer_sign'] ) ) ? 'true' : 'false';

  • smart-agreements/trunk/includes/class-ztsa-entries.php

    r2986796 r3264438  
    5050            $customer_info_data = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", $entry_id));
    5151
    52             $user_info = json_decode($wpdb->get_var($wpdb->prepare("SELECT customer_info FROM $table_name WHERE id='%d';", $entry_id)));
    53             $addition_user_info = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", $entry_id));
     52            $user_info = json_decode($wpdb->get_var($wpdb->prepare("SELECT customer_info FROM $table_name WHERE id=%d", $entry_id)));
     53            $addition_user_info = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", $entry_id));
    5454            if (count($addition_user_info) > 0) {
    5555                foreach ($addition_user_info as $count => $res) {
     
    133133            global $wpdb, $table_prefix;
    134134            $table_name = $table_prefix . 'ztsa_customer_info';
    135             $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id='%d'", sanitize_text_field($entry_id)), ARRAY_A);
     135            $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", sanitize_text_field($entry_id)), ARRAY_A);
    136136            $customer_info = json_decode($results[0]['customer_info']);
    137137            $customer_name = $customer_info->ztsa_user_name->values;
     
    154154
    155155            if (isset($acceptance_mail_to_multiple_tenant_data['checkbox']) && $acceptance_mail_to_multiple_tenant_data['checkbox'] == 'on') {
    156                 $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", sanitize_text_field($entry_id)));
     156                $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", sanitize_text_field($entry_id)));
    157157                if (count($additional_user_details) > 0) {
    158158                    foreach ($additional_user_details as $value) {
     
    201201                        global $wpdb, $table_prefix;
    202202                        $table_name = $table_prefix . 'ztsa_customer_info';
    203                         $entry_id = $wpdb->get_var($wpdb->prepare("SELECT `id` FROM $table_name WHERE id='%d'", $customer_id));
     203                        $entry_id = $wpdb->get_var($wpdb->prepare("SELECT `id` FROM $table_name WHERE id=%d", $customer_id));
    204204                        if ($entry_id == $customer_id) {
    205                             $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id='%d'", $customer_id), ARRAY_A);
     205                            $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", $customer_id), ARRAY_A);
    206206                            $post_id = $results[0]['form_id'];
    207207                            $customer_sign = $results[0]['customer_sign'];
     
    220220                } else {
    221221                    if (!wp_verify_nonce(sanitize_text_field($_POST['ztsa_owner_response_to_customer']), 'ztsa_owner_response_to_customer')) {
    222                         wp_die(__('This Page is Protected.'));
     222                        wp_die(esc_html__('This Page is Protected.', 'smart-agreements'));
    223223                    }
    224224
     
    228228                    global $wpdb, $table_prefix;
    229229                    $table_name = $table_prefix . 'ztsa_customer_info';
    230                     $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id='%d'", $customer_id), ARRAY_A);
     230                    $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", $customer_id), ARRAY_A);
    231231                    $customer_info = json_decode($results[0]['customer_info']);
    232232                    $customer_name = $customer_info->ztsa_user_name->values;
     
    284284                        $wpdb->query($sql);
    285285
    286                         $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d';", $customer_id));
     286                        $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", $customer_id));
    287287                        if (isset($rejection_mail_to_tenant_data['checkbox']) && !empty($rejection_mail_to_tenant_data['checkbox'])) {
    288288                            foreach ($array as $key => $value) {
     
    352352        {
    353353            if (!wp_verify_nonce(sanitize_text_field($_POST['customer_response']), 'customer_response')) {
    354                 wp_die(__('This Page is Protected.'));
     354                wp_die(esc_html__('This Page is Protected.', 'smart-agreements'));
     355               
    355356            }
    356357
     
    362363                global $wpdb, $table_prefix;
    363364                $table_name = $table_prefix . 'ztsa_customer_info';
    364                 $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id='%d';", $customer_id), ARRAY_A);
     365                $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", $customer_id), ARRAY_A);
    365366                $customer_info = json_decode($results[0]['customer_info']);
    366367                $customer_name = $customer_info->ztsa_user_name->values;
     
    455456        {
    456457            if (!wp_verify_nonce(sanitize_text_field($_POST['ztsa_owner_signeture']), 'ztsa_owner_signeture')) {
    457                 wp_die(__('This Page is Protected.'));
     458                wp_die(esc_html__('This Page is Protected.', 'smart-agreements'));
    458459            }
    459460
     
    470471                $link = $generate_pdf->ztsa_final_agreement_pdf($customer_id);
    471472                $attachments = array($link);
    472                 $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id='%d'", $customer_id), ARRAY_A);
     473                $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", $customer_id), ARRAY_A);
    473474                $customer_info = json_decode($results[0]['customer_info']);
    474475                $customer_name = $customer_info->ztsa_user_name->values;
     
    490491                        $final_agreement_mail_data = str_replace("[$key]",  $value, $final_agreement_mail_data);
    491492                    }
    492                     $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", $customer_id));
     493                    $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", $customer_id));
    493494                    if (count($additional_user_details) > 0) {
    494495                        $Additional_customer_name = '';
     
    553554        {
    554555            if (!wp_verify_nonce(sanitize_text_field($_POST['ztsa_owner_sign_template']), 'ztsa_owner_sign_template')) {
    555                 wp_die(__('This Page is Protected.'));
     556                wp_die(esc_html__('This Page is Protected.', 'smart-agreements'));
    556557            }
    557558            if (isset($_REQUEST)) {

  • smart-agreements/trunk/includes/class-ztsa-pdf-generator.php

    r2986796 r3264438  
    122122            global $wpdb, $table_prefix;
    123123            $table_name = $table_prefix . 'ztsa_customer_info';
    124             $customer_entry = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id='%d'", sanitize_text_field($customer_id)), ARRAY_A);
    125             $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", sanitize_text_field($customer_id)), ARRAY_A);
     124            $customer_entry = $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE id=%d", sanitize_text_field($customer_id)), ARRAY_A);
     125            $additional_user_details = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id=%d", sanitize_text_field($customer_id)), ARRAY_A);
    126126            $customer_info = json_decode($customer_entry[0]['customer_info']);
    127127            $customer_name = $customer_info->ztsa_user_name->values;

  • smart-agreements/trunk/includes/class-ztsa-setting.php

    r3011921 r3264438  
    99 */
    1010
    11 if ( !defined( 'ABSPATH' ) ) {
     11if (!defined('ABSPATH')) {
    1212    exit; // Exit if accessed directly
    1313}
    1414
    15 if ( !class_exists( 'ZTSA_Setting' ) ) {
     15if (!class_exists('ZTSA_Setting')) {
    1616    /**
    1717     * ZTC Setting.
     
    2424        function __construct()
    2525        {
    26             add_action( 'admin_menu', [$this, 'ztsa_setting_sub_menu'] );
    27             add_action( 'admin_post_save_smtp_setting', [$this, 'ztsa_save_smtp_setting'] );
    28             add_action( 'phpmailer_init', [$this, 'ztsa_phpmailer_setting'] );
    29             add_action( 'wp_ajax_test_mail_check', [$this, 'ztsa_test_mail_check'] );
    30             add_action( 'admin_post_ztsa_notification_setting_tab', [$this, 'ztsa_notification_setting_tab'] );
     26            add_action('admin_menu', [$this, 'ztsa_setting_sub_menu']);
     27            add_action('admin_post_save_smtp_setting', [$this, 'ztsa_save_smtp_setting']);
     28            add_action('phpmailer_init', [$this, 'ztsa_phpmailer_setting']);
     29            add_action('wp_ajax_test_mail_check', [$this, 'ztsa_test_mail_check']);
     30            add_action('admin_post_ztsa_notification_setting_tab', [$this, 'ztsa_notification_setting_tab']);
    3131        }
    3232
     
    3838        function ztsa_setting_sub_menu_page()
    3939        {
    40             if ( isset( $_GET['ztsa_page'] ) ) {
    41                 require_once( ZTSA_UI_ADMIN_DIR . '/' . esc_attr( sanitize_text_field( $_GET['ztsa_page'] ) ) . '.php' );
     40            $allowed_pages = ['agreements'];
     41
     42            if (isset($_GET['ztsa_page']) && in_array($_GET['ztsa_page'], $allowed_pages, true)) {
     43                require_once(ZTSA_UI_ADMIN_DIR . '/agreements.php');
    4244            } else {
    43                 require_once( ZTSA_UI_ADMIN_DIR . '/setting-page.php' );
     45                require_once(ZTSA_UI_ADMIN_DIR . '/setting-page.php');
    4446            }
    4547        }
     
    5254        function ztsa_setting_sub_menu()
    5355        {
    54             $my_slug = sanitize_key( ZTSA_SETTING_PAGE_SLUG );
     56            $my_slug = sanitize_key(ZTSA_SETTING_PAGE_SLUG);
    5557            add_submenu_page(
    5658                'edit.php?post_type=' . ZTSA_POST_TYPE_SLUG,
    57                 __( "Contract Form Setting", "smart-agreements" ),
     59                __("Contract Form Setting", "smart-agreements"),
    5860                'Settings',
    5961                'manage_options',
     
    7072        function ztsa_save_smtp_setting()
    7173        {
    72             if ( isset( $_POST['smtp_generate_nonce'] ) && !wp_verify_nonce( sanitize_text_field( $_POST['smtp_generate_nonce'] ), 'save_smtp_setting' ) ) {
    73                 wp_die( 'SMTP From is protected!!' );
     74            if (isset($_POST['smtp_generate_nonce']) && !wp_verify_nonce(sanitize_text_field($_POST['smtp_generate_nonce']), 'save_smtp_setting')) {
     75                wp_die('SMTP From is protected!!');
    7476            }
    7577            $smtpData = array(
    76                 'smtp_email' => isset( $_POST['smtp_email'] ) ? sanitize_email( $_POST['smtp_email'] ) : '',
    77                 'smtp_name' => isset( $_POST['smtp_name'] ) ? sanitize_text_field( $_POST['smtp_name'] ) : '',
    78                 'smtp_host' => isset( $_POST['smtp_host'] ) ? sanitize_text_field( $_POST['smtp_host'] ) : '',
    79                 'ecription_type' => isset( $_POST['ecription_type'] ) ? sanitize_text_field( $_POST['ecription_type'] ) : '',
    80                 'smtp_port' => isset( $_POST['smtp_port'] ) ? sanitize_text_field( $_POST['smtp_port'] ) : '',
    81                 'authentication_type' => isset( $_POST['authentication_type'] ) ? sanitize_text_field( $_POST['authentication_type'] ) : '',
    82                 'smtp_user' => isset( $_POST['smtp_user'] ) ? sanitize_text_field( $_POST['smtp_user'] ) : '',
    83                 'smtp_password' => isset( $_POST['smtp_password'] ) ? sanitize_text_field( $_POST['smtp_password'] ) : '',
     78                'smtp_email' => isset($_POST['smtp_email']) ? sanitize_email($_POST['smtp_email']) : '',
     79                'smtp_name' => isset($_POST['smtp_name']) ? sanitize_text_field($_POST['smtp_name']) : '',
     80                'smtp_host' => isset($_POST['smtp_host']) ? sanitize_text_field($_POST['smtp_host']) : '',
     81                'ecription_type' => isset($_POST['ecription_type']) ? sanitize_text_field($_POST['ecription_type']) : '',
     82                'smtp_port' => isset($_POST['smtp_port']) ? sanitize_text_field($_POST['smtp_port']) : '',
     83                'authentication_type' => isset($_POST['authentication_type']) ? sanitize_text_field($_POST['authentication_type']) : '',
     84                'smtp_user' => isset($_POST['smtp_user']) ? sanitize_text_field($_POST['smtp_user']) : '',
     85                'smtp_password' => isset($_POST['smtp_password']) ? sanitize_text_field($_POST['smtp_password']) : '',
    8486             );
    85             update_option( sanitize_key( 'ztsa_SMTP_Setting' ), array_map( 'sanitize_text_field', $smtpData ) );
     87            update_option(sanitize_key('ztsa_SMTP_Setting'), array_map('sanitize_text_field', $smtpData));
    8688            $link = wp_get_referer();
    87             $link = parse_url( $link );
    88             if ( isset( $link['query'] ) ) {
    89                 $link = remove_query_arg( 'success', wp_get_referer(  ) );
     89            $link = parse_url($link);
     90            if (isset($link['query'])) {
     91                $link = remove_query_arg('success', wp_get_referer());
    9092                $page_url = $link . '&success=true';
    9193            } else {
    9294                $page_url = $link['path'] . '&success=true';
    9395            }
    94             wp_safe_redirect( $page_url );
     96            wp_safe_redirect($page_url);
    9597            exit;
    9698        }
     
    102104         * @return void
    103105         */
    104         function ztsa_phpmailer_setting( $phpmailer )
    105         {
    106 
    107             $smtpData = get_option( sanitize_key( 'ztsa_SMTP_Setting' ) );
    108             $phpmailer->isSMTP(  );
     106        function ztsa_phpmailer_setting($phpmailer)
     107        {
     108
     109            $smtpData = get_option(sanitize_key('ztsa_SMTP_Setting'));
     110            $phpmailer->isSMTP();
    109111            $phpmailer->Host = $smtpData['smtp_host'];
    110112            $phpmailer->SMTPAuth = $smtpData['authentication_type'];
     
    124126        function ztsa_test_mail_check()
    125127        {
    126             if ( isset( $_REQUEST ) ) {
    127                 $smtpData = get_option( sanitize_key( 'ztsa_SMTP_Setting' ) );
    128 
    129                 $to = isset( $_REQUEST["testMailData"]['to'] ) ? sanitize_email( $_REQUEST["testMailData"]['to'] ) : '';
    130                 $subject = isset( $_REQUEST["testMailData"]['subject'] ) ? sanitize_text_field( $_REQUEST["testMailData"]['subject'] ) : '';
    131                 $message = isset( $_REQUEST["testMailData"]['msg_body'] ) ? wp_kses_post( $_REQUEST["testMailData"]['msg_body'] ) : '';
    132                 $headers[] = 'From: ' . esc_attr( $smtpData['smtp_name'] ) . ' <' . esc_attr( $smtpData['smtp_email'] ) . '>';
    133                 $sent = wp_mail( $to, $subject, $message, $headers );
    134 
    135                 if ( $sent ) {
     128            if (isset($_REQUEST)) {
     129                $smtpData = get_option(sanitize_key('ztsa_SMTP_Setting'));
     130
     131                $to = isset($_REQUEST["testMailData"]['to']) ? sanitize_email($_REQUEST["testMailData"]['to']) : '';
     132                $subject = isset($_REQUEST["testMailData"]['subject']) ? sanitize_text_field($_REQUEST["testMailData"]['subject']) : '';
     133                $message = isset($_REQUEST["testMailData"]['msg_body']) ? wp_kses_post($_REQUEST["testMailData"]['msg_body']) : '';
     134                $headers[] = 'From: ' . esc_attr($smtpData['smtp_name']) . ' <' . esc_attr($smtpData['smtp_email']) . '>';
     135                $sent = wp_mail($to, $subject, $message, $headers);
     136
     137                if ($sent) {
    136138                    echo "success";
    137139                } else {
     
    139141                }
    140142            }
    141             wp_die(  );
     143            wp_die();
    142144        }
    143145        /**
     
    148150        function ztsa_notification_setting_tab()
    149151        {
    150             if ( isset( $_REQUEST ) ) {
    151                 if ( isset( $_POST['ztsa_notification_setting_tab'] ) && !wp_verify_nonce( sanitize_text_field( $_POST['ztsa_notification_setting_tab'] ), 'ztsa_notification_setting_tab' ) ) {
    152                     wp_die( 'Notification tab setting is protected!!' );
     152            if (isset($_REQUEST)) {
     153                if (isset($_POST['ztsa_notification_setting_tab']) && !wp_verify_nonce(sanitize_text_field($_POST['ztsa_notification_setting_tab']), 'ztsa_notification_setting_tab')) {
     154                    wp_die('Notification tab setting is protected!!');
    153155                }
    154156
    155157                $ztsa_ques_crtd_mail_to_owner = array(
    156                     'checkbox' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_owner_checkbox'] ) : '',
    157                     'to' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_to'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_owner_to'] ) : '',
    158                     'cc' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_cc'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_owner_cc'] ) : '',
    159                     'subject' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_subject'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_owner_subject'] ) : '',
    160                     'msg_header' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_ques_crtd_mail_to_owner_msg_header'] ) ) : '',
    161                     'msg_body' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_ques_crtd_mail_to_owner_msg_body'] ) ) : '',
    162                     'msg_footer' => isset( $_POST['ztsa_ques_crtd_mail_to_owner_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_ques_crtd_mail_to_owner_msg_footer'] ) ) : ''
     158                    'checkbox' => isset($_POST['ztsa_ques_crtd_mail_to_owner_checkbox']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_owner_checkbox']) : '',
     159                    'to' => isset($_POST['ztsa_ques_crtd_mail_to_owner_to']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_owner_to']) : '',
     160                    'cc' => isset($_POST['ztsa_ques_crtd_mail_to_owner_cc']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_owner_cc']) : '',
     161                    'subject' => isset($_POST['ztsa_ques_crtd_mail_to_owner_subject']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_owner_subject']) : '',
     162                    'msg_header' => isset($_POST['ztsa_ques_crtd_mail_to_owner_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_ques_crtd_mail_to_owner_msg_header'])) : '',
     163                    'msg_body' => isset($_POST['ztsa_ques_crtd_mail_to_owner_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_ques_crtd_mail_to_owner_msg_body'])) : '',
     164                    'msg_footer' => isset($_POST['ztsa_ques_crtd_mail_to_owner_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_ques_crtd_mail_to_owner_msg_footer'])) : ''
    163165                 );
    164166                $ztsa_ques_crtd_mail_to_admin = array(
    165                     'checkbox' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_admin_checkbox'] ) : '',
    166                     'to' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_to'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_admin_to'] ) : '',
    167                     'cc' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_cc'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_admin_cc'] ) : '',
    168                     'subject' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_subject'] ) ? sanitize_text_field( $_POST['ztsa_ques_crtd_mail_to_admin_subject'] ) : '',
    169                     'msg_header' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_ques_crtd_mail_to_admin_msg_header'] ) ) : '',
    170                     'msg_body' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_ques_crtd_mail_to_admin_msg_body'] ) ) : '',
    171                     'msg_footer' => isset( $_POST['ztsa_ques_crtd_mail_to_admin_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_ques_crtd_mail_to_admin_msg_footer'] ) ) : ''
     167                    'checkbox' => isset($_POST['ztsa_ques_crtd_mail_to_admin_checkbox']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_admin_checkbox']) : '',
     168                    'to' => isset($_POST['ztsa_ques_crtd_mail_to_admin_to']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_admin_to']) : '',
     169                    'cc' => isset($_POST['ztsa_ques_crtd_mail_to_admin_cc']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_admin_cc']) : '',
     170                    'subject' => isset($_POST['ztsa_ques_crtd_mail_to_admin_subject']) ? sanitize_text_field($_POST['ztsa_ques_crtd_mail_to_admin_subject']) : '',
     171                    'msg_header' => isset($_POST['ztsa_ques_crtd_mail_to_admin_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_ques_crtd_mail_to_admin_msg_header'])) : '',
     172                    'msg_body' => isset($_POST['ztsa_ques_crtd_mail_to_admin_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_ques_crtd_mail_to_admin_msg_body'])) : '',
     173                    'msg_footer' => isset($_POST['ztsa_ques_crtd_mail_to_admin_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_ques_crtd_mail_to_admin_msg_footer'])) : ''
    172174                 );
    173175                $ztsa_form_mail_to_tenant = array(
    174                     'checkbox' => isset( $_POST['ztsa_form_mail_to_tenant_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_form_mail_to_tenant_checkbox'] ) : '',
    175                     'to' => isset( $_POST['ztsa_form_mail_to_tenant_to'] ) ? sanitize_text_field( $_POST['ztsa_form_mail_to_tenant_to'] ) : '',
    176                     'cc' => isset( $_POST['ztsa_form_mail_to_tenant_cc'] ) ? sanitize_text_field( $_POST['ztsa_form_mail_to_tenant_cc'] ) : '',
    177                     'subject' => isset( $_POST['ztsa_form_mail_to_tenant_subject'] ) ? sanitize_text_field( $_POST['ztsa_form_mail_to_tenant_subject'] ) : '',
    178                     'msg_header' => isset( $_POST['ztsa_form_mail_to_tenant_msg_heading'] ) ? wpautop( wp_kses_post( $_POST['ztsa_form_mail_to_tenant_msg_heading'] ) ) : '',
    179                     'msg_body' => isset( $_POST['ztsa_form_mail_to_tenant_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_form_mail_to_tenant_msg_body'] ) ) : '',
    180                     'msg_footer' => isset( $_POST['ztsa_form_mail_to_tenant_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_form_mail_to_tenant_msg_footer'] ) ) : ''
     176                    'checkbox' => isset($_POST['ztsa_form_mail_to_tenant_checkbox']) ? sanitize_text_field($_POST['ztsa_form_mail_to_tenant_checkbox']) : '',
     177                    'to' => isset($_POST['ztsa_form_mail_to_tenant_to']) ? sanitize_text_field($_POST['ztsa_form_mail_to_tenant_to']) : '',
     178                    'cc' => isset($_POST['ztsa_form_mail_to_tenant_cc']) ? sanitize_text_field($_POST['ztsa_form_mail_to_tenant_cc']) : '',
     179                    'subject' => isset($_POST['ztsa_form_mail_to_tenant_subject']) ? sanitize_text_field($_POST['ztsa_form_mail_to_tenant_subject']) : '',
     180                    'msg_header' => isset($_POST['ztsa_form_mail_to_tenant_msg_heading']) ? wpautop(wp_kses_post($_POST['ztsa_form_mail_to_tenant_msg_heading'])) : '',
     181                    'msg_body' => isset($_POST['ztsa_form_mail_to_tenant_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_form_mail_to_tenant_msg_body'])) : '',
     182                    'msg_footer' => isset($_POST['ztsa_form_mail_to_tenant_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_form_mail_to_tenant_msg_footer'])) : ''
    181183                 );
    182184                $ztsa_form_Detail_mailed_to_owner = array(
    183                     'checkbox' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_form_Detail_mailed_to_owner_checkbox'] ) : '',
    184                     'to' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_to'] ) ? sanitize_text_field( $_POST['ztsa_form_Detail_mailed_to_owner_to'] ) : '',
    185                     'cc' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_cc'] ) ? sanitize_text_field( $_POST['ztsa_form_Detail_mailed_to_owner_cc'] ) : '',
    186                     'subject' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_subject'] ) ? sanitize_text_field( $_POST['ztsa_form_Detail_mailed_to_owner_subject'] ) : '',
    187                     'msg_header' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_form_Detail_mailed_to_owner_msg_header'] ) ) : '',
    188                     'msg_body' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_form_Detail_mailed_to_owner_msg_body'] ) ) : '',
    189                     'msg_footer' => isset( $_POST['ztsa_form_Detail_mailed_to_owner_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_form_Detail_mailed_to_owner_msg_footer'] ) ) : ''
     185                    'checkbox' => isset($_POST['ztsa_form_Detail_mailed_to_owner_checkbox']) ? sanitize_text_field($_POST['ztsa_form_Detail_mailed_to_owner_checkbox']) : '',
     186                    'to' => isset($_POST['ztsa_form_Detail_mailed_to_owner_to']) ? sanitize_text_field($_POST['ztsa_form_Detail_mailed_to_owner_to']) : '',
     187                    'cc' => isset($_POST['ztsa_form_Detail_mailed_to_owner_cc']) ? sanitize_text_field($_POST['ztsa_form_Detail_mailed_to_owner_cc']) : '',
     188                    'subject' => isset($_POST['ztsa_form_Detail_mailed_to_owner_subject']) ? sanitize_text_field($_POST['ztsa_form_Detail_mailed_to_owner_subject']) : '',
     189                    'msg_header' => isset($_POST['ztsa_form_Detail_mailed_to_owner_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_form_Detail_mailed_to_owner_msg_header'])) : '',
     190                    'msg_body' => isset($_POST['ztsa_form_Detail_mailed_to_owner_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_form_Detail_mailed_to_owner_msg_body'])) : '',
     191                    'msg_footer' => isset($_POST['ztsa_form_Detail_mailed_to_owner_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_form_Detail_mailed_to_owner_msg_footer'])) : ''
    190192                 );
    191193                $ztsa_agmt_acpt_mail_tenant = array(
    192                     'checkbox' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_tenant_checkbox'] ) : '',
    193                     'to' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_to'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_tenant_to'] ) : '',
    194                     'cc' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_cc'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_tenant_cc'] ) : '',
    195                     'subject' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_subject'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_tenant_subject'] ) : '',
    196                     'msg_header' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_tenant_msg_header'] ) ) : '',
    197                     'msg_body' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_tenant_msg_body'] ) ) : '',
    198                     'msg_footer' => isset( $_POST['ztsa_agmt_acpt_mail_tenant_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_tenant_msg_footer'] ) ) : ''
     194                    'checkbox' => isset($_POST['ztsa_agmt_acpt_mail_tenant_checkbox']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_tenant_checkbox']) : '',
     195                    'to' => isset($_POST['ztsa_agmt_acpt_mail_tenant_to']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_tenant_to']) : '',
     196                    'cc' => isset($_POST['ztsa_agmt_acpt_mail_tenant_cc']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_tenant_cc']) : '',
     197                    'subject' => isset($_POST['ztsa_agmt_acpt_mail_tenant_subject']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_tenant_subject']) : '',
     198                    'msg_header' => isset($_POST['ztsa_agmt_acpt_mail_tenant_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_tenant_msg_header'])) : '',
     199                    'msg_body' => isset($_POST['ztsa_agmt_acpt_mail_tenant_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_tenant_msg_body'])) : '',
     200                    'msg_footer' => isset($_POST['ztsa_agmt_acpt_mail_tenant_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_tenant_msg_footer'])) : ''
    199201                 );
    200202                $ztsa_agmt_acpt_mail_multi_tenant = array(
    201                     'checkbox' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_multi_tenant_checkbox'] ) : '',
    202                     'to' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_to'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_multi_tenant_to'] ) : '',
    203                     'cc' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_cc'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_multi_tenant_cc'] ) : '',
    204                     'subject' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_subject'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_multi_tenant_subject'] ) : '',
    205                     'msg_header' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_header'] ) ) : '',
    206                     'msg_body' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_body'] ) ) : '',
    207                     'msg_footer' => isset( $_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_footer'] ) ) : ''
     203                    'checkbox' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_checkbox']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_multi_tenant_checkbox']) : '',
     204                    'to' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_to']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_multi_tenant_to']) : '',
     205                    'cc' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_cc']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_multi_tenant_cc']) : '',
     206                    'subject' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_subject']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_multi_tenant_subject']) : '',
     207                    'msg_header' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_header'])) : '',
     208                    'msg_body' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_body'])) : '',
     209                    'msg_footer' => isset($_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_multi_tenant_msg_footer'])) : ''
    208210                 );
    209211                $ztsa_rejection_mail_tenant = array(
    210                     'checkbox' => isset( $_POST['ztsa_rejection_mail_tenant_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_rejection_mail_tenant_checkbox'] ) : '',
    211                     'to' => isset( $_POST['ztsa_rejection_mail_tenant_to'] ) ? sanitize_text_field( $_POST['ztsa_rejection_mail_tenant_to'] ) : '',
    212                     'cc' => isset( $_POST['ztsa_rejection_mail_tenant_cc'] ) ? sanitize_text_field( $_POST['ztsa_rejection_mail_tenant_cc'] ) : '',
    213                     'subject' => isset( $_POST['ztsa_rejection_mail_tenant_subject'] ) ? sanitize_text_field( $_POST['ztsa_rejection_mail_tenant_subject'] ) : '',
    214                     'msg_header' => isset( $_POST['ztsa_rejection_mail_tenant_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_rejection_mail_tenant_msg_header'] ) ) : '',
    215                     'msg_body' => isset( $_POST['ztsa_rejection_mail_tenant_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_rejection_mail_tenant_msg_body'] ) ) : '',
    216                     'msg_footer' => isset( $_POST['ztsa_rejection_mail_tenant_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_rejection_mail_tenant_msg_footer'] ) ) : ''
     212                    'checkbox' => isset($_POST['ztsa_rejection_mail_tenant_checkbox']) ? sanitize_text_field($_POST['ztsa_rejection_mail_tenant_checkbox']) : '',
     213                    'to' => isset($_POST['ztsa_rejection_mail_tenant_to']) ? sanitize_text_field($_POST['ztsa_rejection_mail_tenant_to']) : '',
     214                    'cc' => isset($_POST['ztsa_rejection_mail_tenant_cc']) ? sanitize_text_field($_POST['ztsa_rejection_mail_tenant_cc']) : '',
     215                    'subject' => isset($_POST['ztsa_rejection_mail_tenant_subject']) ? sanitize_text_field($_POST['ztsa_rejection_mail_tenant_subject']) : '',
     216                    'msg_header' => isset($_POST['ztsa_rejection_mail_tenant_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_rejection_mail_tenant_msg_header'])) : '',
     217                    'msg_body' => isset($_POST['ztsa_rejection_mail_tenant_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_rejection_mail_tenant_msg_body'])) : '',
     218                    'msg_footer' => isset($_POST['ztsa_rejection_mail_tenant_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_rejection_mail_tenant_msg_footer'])) : ''
    217219                 );
    218220                $ztsa_agmt_acpt_mail_owner = array(
    219                     'checkbox' => isset( $_POST['ztsa_agmt_acpt_mail_owner_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_owner_checkbox'] ) : '',
    220                     'to' => isset( $_POST['ztsa_agmt_acpt_mail_owner_to'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_owner_to'] ) : '',
    221                     'cc' => isset( $_POST['ztsa_agmt_acpt_mail_owner_cc'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_owner_cc'] ) : '',
    222                     'subject' => isset( $_POST['ztsa_agmt_acpt_mail_owner_subject'] ) ? sanitize_text_field( $_POST['ztsa_agmt_acpt_mail_owner_subject'] ) : '',
    223                     'msg_header' => isset( $_POST['ztsa_agmt_acpt_mail_owner_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_owner_msg_header'] ) ) : '',
    224                     'msg_body' => isset( $_POST['ztsa_agmt_acpt_mail_owner_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_owner_msg_body'] ) ) : '',
    225                     'msg_footer' => isset( $_POST['ztsa_agmt_acpt_mail_owner_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_acpt_mail_owner_msg_footer'] ) ) : ''
     221                    'checkbox' => isset($_POST['ztsa_agmt_acpt_mail_owner_checkbox']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_owner_checkbox']) : '',
     222                    'to' => isset($_POST['ztsa_agmt_acpt_mail_owner_to']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_owner_to']) : '',
     223                    'cc' => isset($_POST['ztsa_agmt_acpt_mail_owner_cc']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_owner_cc']) : '',
     224                    'subject' => isset($_POST['ztsa_agmt_acpt_mail_owner_subject']) ? sanitize_text_field($_POST['ztsa_agmt_acpt_mail_owner_subject']) : '',
     225                    'msg_header' => isset($_POST['ztsa_agmt_acpt_mail_owner_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_owner_msg_header'])) : '',
     226                    'msg_body' => isset($_POST['ztsa_agmt_acpt_mail_owner_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_owner_msg_body'])) : '',
     227                    'msg_footer' => isset($_POST['ztsa_agmt_acpt_mail_owner_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_acpt_mail_owner_msg_footer'])) : ''
    226228                 );
    227229                $ztsa_agmt_rej_mail_owner = array(
    228                     'checkbox' => isset( $_POST['ztsa_agmt_rej_mail_owner_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_agmt_rej_mail_owner_checkbox'] ) : '',
    229                     'to' => isset( $_POST['ztsa_agmt_rej_mail_owner_to'] ) ? sanitize_text_field( $_POST['ztsa_agmt_rej_mail_owner_to'] ) : '',
    230                     'cc' => isset( $_POST['ztsa_agmt_rej_mail_owner_cc'] ) ? sanitize_text_field( $_POST['ztsa_agmt_rej_mail_owner_cc'] ) : '',
    231                     'subject' => isset( $_POST['ztsa_agmt_rej_mail_owner_subject'] ) ? sanitize_text_field( $_POST['ztsa_agmt_rej_mail_owner_subject'] ) : '',
    232                     'msg_header' => isset( $_POST['ztsa_agmt_rej_mail_owner_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_rej_mail_owner_msg_header'] ) ) : '',
    233                     'msg_body' => isset( $_POST['ztsa_agmt_rej_mail_owner_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_rej_mail_owner_msg_body'] ) ) : '',
    234                     'msg_footer' => isset( $_POST['ztsa_agmt_rej_mail_owner_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_agmt_rej_mail_owner_msg_footer'] ) ) : ''
     230                    'checkbox' => isset($_POST['ztsa_agmt_rej_mail_owner_checkbox']) ? sanitize_text_field($_POST['ztsa_agmt_rej_mail_owner_checkbox']) : '',
     231                    'to' => isset($_POST['ztsa_agmt_rej_mail_owner_to']) ? sanitize_text_field($_POST['ztsa_agmt_rej_mail_owner_to']) : '',
     232                    'cc' => isset($_POST['ztsa_agmt_rej_mail_owner_cc']) ? sanitize_text_field($_POST['ztsa_agmt_rej_mail_owner_cc']) : '',
     233                    'subject' => isset($_POST['ztsa_agmt_rej_mail_owner_subject']) ? sanitize_text_field($_POST['ztsa_agmt_rej_mail_owner_subject']) : '',
     234                    'msg_header' => isset($_POST['ztsa_agmt_rej_mail_owner_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_rej_mail_owner_msg_header'])) : '',
     235                    'msg_body' => isset($_POST['ztsa_agmt_rej_mail_owner_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_rej_mail_owner_msg_body'])) : '',
     236                    'msg_footer' => isset($_POST['ztsa_agmt_rej_mail_owner_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_agmt_rej_mail_owner_msg_footer'])) : ''
    235237                 );
    236238                $ztsa_final_agreement = array(
    237                     'checkbox' => isset( $_POST['ztsa_final_agreement_checkbox'] ) ? sanitize_text_field( $_POST['ztsa_final_agreement_checkbox'] ) : '',
    238                     'to' => isset( $_POST['ztsa_final_agreement_to'] ) ? sanitize_text_field( $_POST['ztsa_final_agreement_to'] ) : '',
    239                     'cc' => isset( $_POST['ztsa_final_agreement_cc'] ) ? sanitize_text_field( $_POST['ztsa_final_agreement_cc'] ) : '',
    240                     'subject' => isset( $_POST['ztsa_final_agreement_subject'] ) ? sanitize_text_field( $_POST['ztsa_final_agreement_subject'] ) : '',
    241                     'msg_header' => isset( $_POST['ztsa_final_agreement_msg_header'] ) ? wpautop( wp_kses_post( $_POST['ztsa_final_agreement_msg_header'] ) ) : '',
    242                     'msg_body' => isset( $_POST['ztsa_final_agreement_msg_body'] ) ? wpautop( wp_kses_post( $_POST['ztsa_final_agreement_msg_body'] ) ) : '',
    243                     'msg_footer' => isset( $_POST['ztsa_final_agreement_msg_footer'] ) ? wpautop( wp_kses_post( $_POST['ztsa_final_agreement_msg_footer'] ) ) : ''
    244                  );
    245                 update_option( sanitize_key( 'ztsa_ques_crtd_mail_to_owner' ), array_map( 'wp_kses_post', $ztsa_ques_crtd_mail_to_owner ) );
    246                 update_option( sanitize_key( 'ztsa_ques_crtd_mail_to_admin' ), array_map( 'wp_kses_post', $ztsa_ques_crtd_mail_to_admin ) );
    247                 update_option( sanitize_key( 'ztsa_form_mail_to_tenant' ), array_map( 'wp_kses_post', $ztsa_form_mail_to_tenant ) );
    248                 update_option( sanitize_key( 'ztsa_form_Detail_mailed_to_owner' ), array_map( 'wp_kses_post', $ztsa_form_Detail_mailed_to_owner ) );
    249                 update_option( sanitize_key( 'ztsa_agmt_acpt_mail_tenant' ), array_map( 'wp_kses_post', $ztsa_agmt_acpt_mail_tenant ) );
    250                 update_option( sanitize_key( 'ztsa_agmt_acpt_mail_multi_tenant' ), array_map( 'wp_kses_post', $ztsa_agmt_acpt_mail_multi_tenant ) );
    251                 update_option( sanitize_key( 'ztsa_rejection_mail_tenant' ), array_map( 'wp_kses_post', $ztsa_rejection_mail_tenant ) );
    252                 update_option( sanitize_key( 'ztsa_agmt_acpt_mail_owner' ), array_map( 'wp_kses_post', $ztsa_agmt_acpt_mail_owner ) );
    253                 update_option( sanitize_key( 'ztsa_agmt_rej_mail_owner' ), array_map( 'wp_kses_post', $ztsa_agmt_rej_mail_owner ) );
    254                 update_option( sanitize_key( 'ztsa_final_agreement' ), array_map( 'wp_kses_post', $ztsa_final_agreement ) );
     239                    'checkbox' => isset($_POST['ztsa_final_agreement_checkbox']) ? sanitize_text_field($_POST['ztsa_final_agreement_checkbox']) : '',
     240                    'to' => isset($_POST['ztsa_final_agreement_to']) ? sanitize_text_field($_POST['ztsa_final_agreement_to']) : '',
     241                    'cc' => isset($_POST['ztsa_final_agreement_cc']) ? sanitize_text_field($_POST['ztsa_final_agreement_cc']) : '',
     242                    'subject' => isset($_POST['ztsa_final_agreement_subject']) ? sanitize_text_field($_POST['ztsa_final_agreement_subject']) : '',
     243                    'msg_header' => isset($_POST['ztsa_final_agreement_msg_header']) ? wpautop(wp_kses_post($_POST['ztsa_final_agreement_msg_header'])) : '',
     244                    'msg_body' => isset($_POST['ztsa_final_agreement_msg_body']) ? wpautop(wp_kses_post($_POST['ztsa_final_agreement_msg_body'])) : '',
     245                    'msg_footer' => isset($_POST['ztsa_final_agreement_msg_footer']) ? wpautop(wp_kses_post($_POST['ztsa_final_agreement_msg_footer'])) : ''
     246                 );
     247                update_option(sanitize_key('ztsa_ques_crtd_mail_to_owner'), array_map('wp_kses_post', $ztsa_ques_crtd_mail_to_owner));
     248                update_option(sanitize_key('ztsa_ques_crtd_mail_to_admin'), array_map('wp_kses_post', $ztsa_ques_crtd_mail_to_admin));
     249                update_option(sanitize_key('ztsa_form_mail_to_tenant'), array_map('wp_kses_post', $ztsa_form_mail_to_tenant));
     250                update_option(sanitize_key('ztsa_form_Detail_mailed_to_owner'), array_map('wp_kses_post', $ztsa_form_Detail_mailed_to_owner));
     251                update_option(sanitize_key('ztsa_agmt_acpt_mail_tenant'), array_map('wp_kses_post', $ztsa_agmt_acpt_mail_tenant));
     252                update_option(sanitize_key('ztsa_agmt_acpt_mail_multi_tenant'), array_map('wp_kses_post', $ztsa_agmt_acpt_mail_multi_tenant));
     253                update_option(sanitize_key('ztsa_rejection_mail_tenant'), array_map('wp_kses_post', $ztsa_rejection_mail_tenant));
     254                update_option(sanitize_key('ztsa_agmt_acpt_mail_owner'), array_map('wp_kses_post', $ztsa_agmt_acpt_mail_owner));
     255                update_option(sanitize_key('ztsa_agmt_rej_mail_owner'), array_map('wp_kses_post', $ztsa_agmt_rej_mail_owner));
     256                update_option(sanitize_key('ztsa_final_agreement'), array_map('wp_kses_post', $ztsa_final_agreement));
    255257
    256258                $link = wp_get_referer();
    257                 $link = parse_url( $link );
    258                 if ( isset( $link['query'] ) ) {
    259                     $link = remove_query_arg( 'success', wp_get_referer(  ) );
     259                $link = parse_url($link);
     260                if (isset($link['query'])) {
     261                    $link = remove_query_arg('success', wp_get_referer());
    260262                    $page_url = $link . '&success=true';
    261263                } else {
    262264                    $page_url = $link['path'] . '&success=true';
    263265                }
    264                 wp_safe_redirect( $page_url );
     266                wp_safe_redirect($page_url);
    265267                exit;
    266268            }

  • smart-agreements/trunk/readme.txt

    r3215573 r3264438  
    33Tags: Smart Contracts, Digital signature, Digital Contracts, e-signature, WordPress e-signature
    44Requires at least: 5.5
    5 Tested up to: 6.7.1
     5Tested up to: 6.7.2
    66Requires PHP: 7.2
    7 Stable tag: 1.0.3
     7Stable tag: 1.0.4
    88License: GPLv2
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    9292
    9393* Update: All functionality was updated for WordPress 6.5.4
     94
     95= 1.0.4 =
     96
     97* Update: Improved compatibility with WordPress 6.7.2
     98
     99* Improved security by properly escaping all outputs.
     100
     101* Security Fix: Prevented Local File Inclusion (LFI) vulnerability.

  • smart-agreements/trunk/smart-agreements.php

    r3104448 r3264438  
    33* Plugin Name: Smart Agreements
    44* Description:The smart agreements plugin helps to create a agreement/contract and digital signature.
    5 * Version: 1.0.3
     5* Version: 1.0.4
    66* Author: Zehntech Technologies Pvt. Ltd.
    77* Author URI: https://www.zehntech.com/

  • smart-agreements/trunk/ui-front/agreement-page.php

    r2986796 r3264438  
    1515global $wpdb, $table_prefix;
    1616$table_name = $table_prefix . 'ztsa_customer_info';
    17 $results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE id='%d'", sanitize_text_field( $customer_id ) ), ARRAY_A);
     17$results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE id= %d", sanitize_text_field( $customer_id ) ), ARRAY_A);
    1818$customer_info = json_decode($results[0]['customer_info']);
    1919$customer_name = $customer_info->ztsa_user_name->values;
     
    2424$customer_sign = $results[0]['customer_sign'];
    2525$owner_sign = $results[0]['owner_sign'];
    26 $additional_user_details = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM ".$wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id='%d'", sanitize_text_field( $customer_id ) ), ARRAY_A);
     26$additional_user_details = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM ".$wpdb->prefix . "ztsa_extra_customer_info WHERE entry_id= %d", sanitize_text_field( $customer_id ) ), ARRAY_A);
    2727$header = get_post_meta(sanitize_text_field($post_id), sanitize_key('ztsa_agreement_header'), true);
    2828$body = get_post_meta(sanitize_text_field($post_id), sanitize_key('ztsa_agreement_body'), true);
     
    3737
    3838if (count($additional_user_details) > 0) {
    39   $additional_user_sign = $wpdb->get_var( $wpdb->prepare( "SELECT customer_sign FROM ".$wpdb->prefix . "ztsa_extra_customer_info WHERE id='%d'", sanitize_text_field( $additional_entry_id ) ) );
     39  $additional_user_sign = $wpdb->get_var( $wpdb->prepare( "SELECT customer_sign FROM ".$wpdb->prefix . "ztsa_extra_customer_info WHERE id= %d", sanitize_text_field( $additional_entry_id ) ) );
    4040  foreach ($additional_user_details as $values) {
    4141    $extra_user_name[] = $values['customer_name'];
Note: See TracChangeset for help on using the changeset viewer.