Plugin Directory

Changeset 2931706 for wp-mail-log


Ignore:
Timestamp:
06/28/2023 08:26:15 AM (22 months ago)
Author:
wpvibes
Message:

Released 1.1.2

Location:
wp-mail-log
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • wp-mail-log/tags/1.1.2/readme.txt

    r2931421 r2931706  
    44Requires at least: 5.0
    55Tested up to: 6.2
    6 Stable tag: trunk
     6Stable tag: 1.1.2
    77Requires PHP: 7.4
    88License: GPLv2 or later
  • wp-mail-log/trunk/classes/api.php

    r2885546 r2931706  
    233233        }
    234234
     235        // sanitize $sql recursively
     236       
     237        $sql = $this->sanitize_data( $sql );
     238
    235239        $res = [
    236240            'columns'   => $columns,
     
    423427        return rest_ensure_response( $response );
    424428    }
     429
     430    function sanitize_data( $data ) {
     431
     432        $sanitized_data = [];
     433       
     434        $allowed_html = wp_kses_allowed_html('post');
     435        $allowed_html['style'] = [];
     436
     437        foreach ( $data as $key => $row ) {
     438            $sanitized_data[] = [
     439                'id'    => $row->id,
     440                'to_email' => $row->to_email,
     441                'subject' => sanitize_text_field( $row->subject ),
     442                'message' => wp_kses( $row->message, $allowed_html ),
     443                'headers' =>  $row->headers,
     444                'attachments' => $row->attachments,
     445                'sent_date' =>  $row->sent_date,
     446                'files' => $row->files,
     447            ];
     448        }
     449
     450        return $sanitized_data;
     451    }
    425452}
  • wp-mail-log/trunk/classes/capture-mail.php

    r2885546 r2931706  
    2222     */
    2323    public static function log_email( $mail_info ) {
     24
     25        $original_mail_info = $mail_info;
     26
    2427        global $wpdb;
    2528        $table_name         = $wpdb->prefix . 'wml_entries';
     
    4043            }
    4144        };
     45
     46        // sanitize email
     47        if(is_array($mail_to)){
     48            $mail_to = self::sanitize_to_email($mail_to);
     49        } else if(strpos($mail_to, ',') !== false){
     50            $mail_to = explode(',', $mail_to);
     51            $mail_to = self::sanitize_to_email($mail_to);
     52        } else {
     53            $mail_to = self::sanitize_to_email([$mail_to]);
     54        }
     55
     56        // implode email
     57        $mail_to = implode(', ', $mail_to);
     58
     59        $mail_info['subject'] = sanitize_text_field($mail_info['subject']);
     60       
     61        $allowed_html = wp_kses_allowed_html('post');
     62        $allowed_html['style'] = [];
     63        //print_r($allowed_html); die();
     64        // sanitize message but allow style tags
     65        $mail_info['message'] = wp_kses($mail_info['message'], $allowed_html);
     66
    4267        // Log into the database
     68       
    4369        $wpdb->insert(
    4470            $table_name,
     
    5682
    5783        // return unmodifiyed array
    58         return $mail_info;
     84        return $original_mail_info;
     85    }
     86
     87    public static function sanitize_to_email( $array ) {
     88       
     89        foreach ( $array as $key => &$value ) {
     90            if ( is_array( $value ) ) {
     91                $value = self::sanitize_to_email( $value );
     92            } else {
     93                $value = sanitize_email( $value );
     94            }
     95        }
     96       
     97        return $array;
    5998    }
    6099}
  • wp-mail-log/trunk/classes/db-table.php

    r2920109 r2931706  
    5050            `sent_date` VARCHAR(50) NOT NULL,
    5151            `captured_gmt` VARCHAR(50) NOT NULL,
    52                         `attachments_file` TEXT
     52            `attachments_file` TEXT
    5353            ) collate {$wpdb_collate};";
    5454
  • wp-mail-log/trunk/readme.txt

    r2920109 r2931706  
    44Requires at least: 5.0
    55Tested up to: 6.2
    6 Stable tag: trunk
     6Stable tag: 1.1.2
    77Requires PHP: 7.4
    88License: GPLv2 or later
     
    4343== Changelog ==
    4444
     45= 1.1.2 =
     46* Improved data sanitization and escaping for enhanced security
     47
    4548= 1.1.1 =
    46 * Fixed: Not creating DB tables in some cases
     49* Fixed: Not creating required DB table in some cases
    4750
    4851= 1.1 =
  • wp-mail-log/trunk/wp-mail-log.php

    r2920109 r2931706  
    66 * Plugin URI: https://wpvibes.com/
    77 * Author: WPVibes
    8  * Version: 1.1.1
     8 * Version: 1.1.2
    99 * Author URI: https://wpvibes.com/
    1010 * License:      GNU General Public License v2 or later
     
    2222define( 'WML_BASE', plugin_basename( __FILE__ ) );
    2323define( 'WML_FILE', __FILE__ );
    24 define( 'WML_VERSION', '1.1.1' );
     24define( 'WML_VERSION', '1.1.2' );
    2525
    2626
Note: See TracChangeset for help on using the changeset viewer.