Changeset 2682024
- Timestamp:
- 02/20/2022 02:14:10 PM (3 years ago)
- Location:
- contact-form-submissions
- Files:
-
- 4 edited
- 5 copied
-
tags/1.7.3 (copied) (copied from contact-form-submissions/trunk)
-
tags/1.7.3/Admin.php (copied) (copied from contact-form-submissions/trunk/Admin.php) (8 diffs)
-
tags/1.7.3/Submissions.php (copied) (copied from contact-form-submissions/trunk/Submissions.php) (1 diff)
-
tags/1.7.3/contact-form-submissions.php (copied) (copied from contact-form-submissions/trunk/contact-form-submissions.php) (1 diff)
-
tags/1.7.3/readme.txt (copied) (copied from contact-form-submissions/trunk/readme.txt) (2 diffs)
-
trunk/Admin.php (modified) (8 diffs)
-
trunk/Submissions.php (modified) (1 diff)
-
trunk/contact-form-submissions.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
contact-form-submissions/tags/1.7.3/Admin.php
r2511030 r2682024 85 85 ?> 86 86 <?php $selected = ($post->ID == filter_var($_GET['wpcf7_contact_form'], FILTER_SANITIZE_NUMBER_INT)) ? 'selected' : ''; ?> 87 <option value="<?php echo $post->ID; ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option>87 <option value="<?php echo esc_attr($post->ID); ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option> 88 88 <?php 89 89 } ?> … … 191 191 <strong> 192 192 <a class="row-title" href="<?php echo get_edit_post_link($post_id); ?>"> 193 <?php echo $nested . htmlspecialchars(get_post_meta($post_id, 'sender', true)); ?>193 <?php echo $nested . esc_html(htmlspecialchars(get_post_meta($post_id, 'sender', true))); ?> 194 194 </a> 195 195 </strong> … … 227 227 public function mail_meta_box($post) 228 228 { 229 $form_id = get_post_meta($post->ID, 'form_id', true);229 $form_id = esc_html(get_post_meta($post->ID, 'form_id', true)); 230 230 $sender = esc_html(get_post_meta($post->ID, 'sender', true)); 231 231 $sender_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $sender); … … 234 234 $subject = esc_html(get_post_meta($post->ID, 'subject', true)); 235 235 236 $body = apply_filters('the_content', esc_html($post->post_content));236 $body = wp_kses_post(apply_filters('the_content', esc_html($post->post_content))); 237 237 238 238 $additional_headers = esc_html(get_post_meta($post->ID, 'additional_headers', true)); ?> … … 282 282 <tbody> 283 283 <?php foreach ($values as $key => $value) { 284 $label = wp_kses_post($key); 284 285 // check if the value is serialized and unserialize it 285 286 $posted_field = is_serialized($value[0]) ? implode(', ', unserialize($value[0])) : $value[0]; … … 287 288 ?> 288 289 <tr> 289 <th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $ key), 'contact-form-submissions'); ?></th>290 <th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $label), 'contact-form-submissions'); ?></th> 290 291 <td><?php echo $posted_field; ?></td> 291 292 </tr> … … 345 346 <div id="misc-publishing-actions"> 346 347 <div class="misc-pub-section curtime misc-pub-curtime"> 347 <span id="timestamp"><?php _e('Submitted', 'contact-form-submissions'); ?> : <strong><?php echo $date; ?></strong></span>348 <span id="timestamp"><?php _e('Submitted', 'contact-form-submissions'); ?> : <strong><?php echo esc_html($date); ?></strong></span> 348 349 </div> 349 350 </div> … … 368 369 $post_meta, 369 370 array_flip(array_filter(array_keys($post_meta), function ($key) { 370 return preg_match('/^wpcf7s_posted-/', $key);371 return esc_html(preg_match('/^wpcf7s_posted-/', $key)); 371 372 })) 372 373 ); -
contact-form-submissions/tags/1.7.3/Submissions.php
r2680229 r2682024 171 171 foreach ($additional_fields as $name => $value) { 172 172 if (!empty($value)) { 173 add_post_meta($post_id, 'wpcf7s_posted-' . $name, wp_kses_post($value));173 add_post_meta($post_id, 'wpcf7s_posted-' . $name, $value); 174 174 } 175 175 } -
contact-form-submissions/tags/1.7.3/contact-form-submissions.php
r2680229 r2682024 3 3 Plugin Name: Contact Form Submissions 4 4 Description: Never miss an enquiry again! Save all Contact Form 7 submissions in your database. 5 Version: 1.7. 25 Version: 1.7.3 6 6 Author: Jason Green 7 7 License: GPLv3 -
contact-form-submissions/tags/1.7.3/readme.txt
r2680229 r2682024 4 4 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SNHXWSXSPYATE 5 5 Requires at least: 3.0.1 6 Tested up to: 5. 77 Stable tag: 1.7. 26 Tested up to: 5.9 7 Stable tag: 1.7.3 8 8 Requires PHP: 5.6 9 9 License: GPLv3 … … 43 43 44 44 == Changelog == 45 46 = 1.7.3 = 47 * Security fix 45 48 46 49 = 1.7.2 = -
contact-form-submissions/trunk/Admin.php
r2511030 r2682024 85 85 ?> 86 86 <?php $selected = ($post->ID == filter_var($_GET['wpcf7_contact_form'], FILTER_SANITIZE_NUMBER_INT)) ? 'selected' : ''; ?> 87 <option value="<?php echo $post->ID; ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option>87 <option value="<?php echo esc_attr($post->ID); ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option> 88 88 <?php 89 89 } ?> … … 191 191 <strong> 192 192 <a class="row-title" href="<?php echo get_edit_post_link($post_id); ?>"> 193 <?php echo $nested . htmlspecialchars(get_post_meta($post_id, 'sender', true)); ?>193 <?php echo $nested . esc_html(htmlspecialchars(get_post_meta($post_id, 'sender', true))); ?> 194 194 </a> 195 195 </strong> … … 227 227 public function mail_meta_box($post) 228 228 { 229 $form_id = get_post_meta($post->ID, 'form_id', true);229 $form_id = esc_html(get_post_meta($post->ID, 'form_id', true)); 230 230 $sender = esc_html(get_post_meta($post->ID, 'sender', true)); 231 231 $sender_mailto = preg_replace('/([a-zA-Z0-9_\-\.]*@\\S+\\.\\w+)/', '<a href="mailto:$1">$1</a>', $sender); … … 234 234 $subject = esc_html(get_post_meta($post->ID, 'subject', true)); 235 235 236 $body = apply_filters('the_content', esc_html($post->post_content));236 $body = wp_kses_post(apply_filters('the_content', esc_html($post->post_content))); 237 237 238 238 $additional_headers = esc_html(get_post_meta($post->ID, 'additional_headers', true)); ?> … … 282 282 <tbody> 283 283 <?php foreach ($values as $key => $value) { 284 $label = wp_kses_post($key); 284 285 // check if the value is serialized and unserialize it 285 286 $posted_field = is_serialized($value[0]) ? implode(', ', unserialize($value[0])) : $value[0]; … … 287 288 ?> 288 289 <tr> 289 <th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $ key), 'contact-form-submissions'); ?></th>290 <th scope="row"><?php _e(str_replace('wpcf7s_posted-', '', $label), 'contact-form-submissions'); ?></th> 290 291 <td><?php echo $posted_field; ?></td> 291 292 </tr> … … 345 346 <div id="misc-publishing-actions"> 346 347 <div class="misc-pub-section curtime misc-pub-curtime"> 347 <span id="timestamp"><?php _e('Submitted', 'contact-form-submissions'); ?> : <strong><?php echo $date; ?></strong></span>348 <span id="timestamp"><?php _e('Submitted', 'contact-form-submissions'); ?> : <strong><?php echo esc_html($date); ?></strong></span> 348 349 </div> 349 350 </div> … … 368 369 $post_meta, 369 370 array_flip(array_filter(array_keys($post_meta), function ($key) { 370 return preg_match('/^wpcf7s_posted-/', $key);371 return esc_html(preg_match('/^wpcf7s_posted-/', $key)); 371 372 })) 372 373 ); -
contact-form-submissions/trunk/Submissions.php
r2680229 r2682024 171 171 foreach ($additional_fields as $name => $value) { 172 172 if (!empty($value)) { 173 add_post_meta($post_id, 'wpcf7s_posted-' . $name, wp_kses_post($value));173 add_post_meta($post_id, 'wpcf7s_posted-' . $name, $value); 174 174 } 175 175 } -
contact-form-submissions/trunk/contact-form-submissions.php
r2680229 r2682024 3 3 Plugin Name: Contact Form Submissions 4 4 Description: Never miss an enquiry again! Save all Contact Form 7 submissions in your database. 5 Version: 1.7. 25 Version: 1.7.3 6 6 Author: Jason Green 7 7 License: GPLv3 -
contact-form-submissions/trunk/readme.txt
r2680229 r2682024 4 4 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SNHXWSXSPYATE 5 5 Requires at least: 3.0.1 6 Tested up to: 5. 77 Stable tag: 1.7. 26 Tested up to: 5.9 7 Stable tag: 1.7.3 8 8 Requires PHP: 5.6 9 9 License: GPLv3 … … 43 43 44 44 == Changelog == 45 46 = 1.7.3 = 47 * Security fix 45 48 46 49 = 1.7.2 =
Note: See TracChangeset
for help on using the changeset viewer.