WordPress.org

Plugin Directory

Changeset 569013


Ignore:
Timestamp:
07/08/12 16:12:24 (22 months ago)
Author:
tlovett1
Message:

Version 5.1.0.0

Location:
custom-contact-forms
Files:
129 added
13 edited

Legend:

Unmodified
Added
Removed
  • custom-contact-forms/trunk/css/custom-contact-forms.css

    r521367 r569013  
    122122    padding:0; 
    123123} 
     124 
     125/* reCaptcha */ 
     126#recaptcha_widget { 
     127    width: 425px; 
     128    padding: 10px !important; 
     129    min-height: 100px; 
     130    height: auto; 
     131    border: 1px solid #ccc; 
     132} 
     133#recaptcha_image { 
     134    border: 1px solid #ccc; 
     135} 
     136#recaptcha_widget .left { 
     137    width: 295px; 
     138} 
     139#recaptcha_widget .right { 
     140    float: right; 
     141    width: 110px; 
     142} 
     143#recaptcha_widget input { 
     144    width: 294px !important; 
     145    margin-top: 6px !important; 
     146} 
     147#recaptcha_widget .logo { 
     148    width: 75px; 
     149    height: 80px; 
     150    float: right; 
     151} 
     152#recaptcha_widget .reload { 
     153    width:  25px; 
     154    height: 18px; 
     155} 
     156#recaptcha_widget .audio { 
     157    width:  25px; 
     158    height: 15px; 
     159    margin: -1px 0 2px 0; 
     160} 
     161#recaptcha_widget .help { 
     162    width:  25px; 
     163    height: 16px; 
     164} 
  • custom-contact-forms/trunk/custom-contact-forms-admin.php

    r521367 r569013  
    133133                <li> 
    134134                    <div class="news-header"> 
    135                         <a href="<?php echo $item->get_permalink(); ?>"><?php echo $item->get_title(); ?></a> <span class="date"><?php echo $item->get_date('j F, Y'); ?></span> 
     135                        <a href="<?php echo esc_attr($item->get_permalink()); ?>"><?php echo esc_html($item->get_title()); ?></a> <span class="date"><?php echo esc_html($item->get_date('j F, Y')); ?></span> 
    136136                    </div> 
    137137                    <div class="news-content"> 
     
    199199                'click_to_confirm' => __('Click to Confirm', 'custom-contact-forms'), 
    200200                'selected_tab' => (isset($_POST['selected_tab'])) ? $_POST['selected_tab'] : 0, 
    201                 'delete_confirm' => __('Are you sure you want to delete this', 'custom-contact-forms'), 
     201                'delete_confirm' => __('Are you sure you want to delete this?', 'custom-contact-forms'), 
    202202                'error' => __('An error has occured. Please try again later.', 'custom-contact-forms'), 
    203203                'nothing_to_show' => __('Nothing to show.', 'custom-contact-forms'), 
     
    380380            <?php if (!empty($this->action_complete)) { ?> 
    381381            <div id="message" class="updated below-h2"> 
    382                 <p><?php echo $this->action_complete; ?></p> 
     382                <p><?php echo esc_html($this->action_complete); ?></p> 
    383383            </div> 
    384384            <?php } ?>   
     
    389389                  </span></h3> 
    390390                <div class="inside"> 
    391                   <form id="ccf-create-form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     391                  <form id="ccf-create-form" method="post" action="<?php menu_page_url("custom-contact-forms", 1); ?>"> 
    392392                  <input value="forms" name="selected_tab" type="hidden" /> 
    393393                    <ul class="left"> 
     
    480480                                ?> 
    481481                                <div class="role"> 
    482                                  <input type="checkbox" checked="checked" name="object[form_access][]" value="<?php echo $role; ?>" />  
    483                                  <?php echo $role; ?> 
     482                                 <input type="checkbox" checked="checked" name="object[form_access][]" value="<?php echo esc_attr($role); ?>" />  
     483                                 <?php echo esc_html($role); ?> 
    484484                                </div> 
    485485                                <?php 
     
    503503                <?php _e("Manage Forms", 'custom-contact-forms'); ?> 
    504504              </h3> 
    505               <form class="ccf-edit-ajax" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     505              <form class="ccf-edit-ajax" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    506506              <input type="hidden" name="selected_tab" value="forms" /> 
    507507              <table class="widefat post" id="manage-forms" cellspacing="0"> 
     
    531531                $sty_opt = $style_options; 
    532532            ?> 
    533                   <tr class="row-form-<?php echo $forms[$i]->id; ?> <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    534                     <td><input type="checkbox" class="object-check" value="1" name="objects[<?php echo $forms[$i]->id; ?>][object_do]" /></td> 
    535                     <td><input type="text" class="ccf-width175" value="[customcontact form=<?php echo $forms[$i]->id; ?>]" name="post_code_<?php echo $forms[$i]->id; ?>" /></td> 
    536                     <td><input type="text" class="ccf-width125" value="&lt;?php if (function_exists('serveCustomContactForm')) { serveCustomContactForm(<?php echo $forms[$i]->id; ?>); } ?&gt;" name="theme_code_<?php echo $forms[$i]->id; ?>" /></td> 
    537                     <td><input type="text" class="ccf-width175" name="objects[<?php echo $forms[$i]->id; ?>][values][form_slug]" value="<?php echo $forms[$i]->form_slug; ?>" /></td> 
    538                     <td><input type="text" class="ccf-width175" name="objects[<?php echo $forms[$i]->id; ?>][values][form_title]" value="<?php echo $forms[$i]->form_title; ?>" /></td> 
    539                     <td><select name="objects[<?php echo $forms[$i]->id; ?>][values][form_style]" class="form_style_input"> 
     533                  <tr class="row-form-<?php echo esc_attr($forms[$i]->id); ?> <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     534                    <td><input type="checkbox" class="object-check" value="1" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][object_do]" /></td> 
     535                    <td><input type="text" class="ccf-width175" value="[customcontact form=<?php echo esc_attr($forms[$i]->id); ?>]" name="post_code_<?php echo esc_attr($forms[$i]->id); ?>" /></td> 
     536                    <td><input type="text" class="ccf-width125" value="&lt;?php if (function_exists('serveCustomContactForm')) { serveCustomContactForm(<?php echo esc_attr($forms[$i]->id); ?>); } ?&gt;" name="theme_code_<?php echo esc_attr($forms[$i]->id); ?>" /></td> 
     537                    <td><input type="text" class="ccf-width175" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_slug]" value="<?php echo esc_attr($forms[$i]->form_slug); ?>" /></td> 
     538                    <td><input type="text" class="ccf-width175" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_title]" value="<?php echo esc_attr($forms[$i]->form_title); ?>" /></td> 
     539                    <td><select name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_style]" class="form_style_input"> 
    540540                        <?php echo $sty_opt; ?> 
    541541                      </select></td> 
    542                     <td><input class="object-id" type="hidden" name="objects[<?php echo $forms[$i]->id; ?>][object_id]" value="<?php echo $forms[$i]->id; ?>" /> 
    543                       <input type="hidden" class="object-type" name="objects[<?php echo $forms[$i]->id; ?>][object_type]" value="form" /> 
     542                    <td><input class="object-id" type="hidden" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][object_id]" value="<?php echo esc_attr($forms[$i]->id); ?>" /> 
     543                      <input type="hidden" class="object-type" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][object_type]" value="form" /> 
    544544                      <input type="button" class="single-save" value="<?php _e('Save', 'custom-contact-forms'); ?>" />  
    545545                      <input type="button" class="single-delete" value="<?php _e('Delete', 'custom-contact-forms'); ?>" /> 
    546546                      <input type="button" class="form-options-expand-link" value="<?php _e('Options', 'custom-contact-forms'); ?>" /> 
    547                       <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-form-<?php echo $forms[$i]->id; ?>" /></div> 
     547                      <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-form-<?php echo esc_attr($forms[$i]->id); ?>" /></div> 
    548548                    </td> 
    549549                  </tr> 
    550                   <tr class="row-form-<?php echo $forms[$i]->id; ?> <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     550                  <tr class="row-form-<?php echo esc_attr($forms[$i]->id); ?> <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    551551                    <td class="form-extra-options ccf-center ccf-hide" colspan="8"> 
    552552                     
     
    554554                            <span>Email</span> 
    555555                            <ul> 
    556                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("Form submissions will be emailed to this address.", 'custom-contact-forms'); ?>">(?)</a> Destination Email:</label> <input type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][form_email]" class="ccf-width250" value="<?php echo $forms[$i]->form_email; ?>" /></li> 
    557                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This is the form email subject sent to the destination email address. If left blank, the default from General Settings will be used.", 'custom-contact-forms'); ?>">(?)</a> Email Subject:</label> <input class="ccf-width250" type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][form_email_subject]" maxlength="250" value="<?php echo $forms[$i]->form_email_subject; ?>" /></li> 
    558                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This is the from name of the email sent on successful form submission. If left blank, the default from General Settings will be used.", 'custom-contact-forms'); ?>">(?)</a> Email From Name:</label> <input class="ccf-width250" type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][form_email_name]" maxlength="100" value="<?php echo $forms[$i]->form_email_name; ?>" /></li> 
     556                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("Form submissions will be emailed to this address.", 'custom-contact-forms'); ?>">(?)</a> Destination Email:</label> <input type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_email]" class="ccf-width250" value="<?php echo esc_attr($forms[$i]->form_email); ?>" /></li> 
     557                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This is the form email subject sent to the destination email address. If left blank, the default from General Settings will be used.", 'custom-contact-forms'); ?>">(?)</a> Email Subject:</label> <input class="ccf-width250" type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_email_subject]" maxlength="250" value="<?php echo esc_attr($forms[$i]->form_email_subject); ?>" /></li> 
     558                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This is the from name of the email sent on successful form submission. If left blank, the default from General Settings will be used.", 'custom-contact-forms'); ?>">(?)</a> Email From Name:</label> <input class="ccf-width250" type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_email_name]" maxlength="100" value="<?php echo esc_attr($forms[$i]->form_email_name); ?>" /></li> 
    559559                            </ul> 
    560560                            <span>Advanced</span> 
    561561                            <ul> 
    562                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("The Form Method is the method by which information is transfer through your form. If you aren't an expert with HTML and PHP, leave this as Post.", 'custom-contact-forms'); ?>">(?)</a> Method:</label> <select name="objects[<?php echo $forms[$i]->id; ?>][values][form_method]"> 
     562                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("The Form Method is the method by which information is transfer through your form. If you aren't an expert with HTML and PHP, leave this as Post.", 'custom-contact-forms'); ?>">(?)</a> Method:</label> <select name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_method]"> 
    563563                                <?php echo $form_methods; ?> 
    564564                              </select></li> 
    565                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This lets you process your forms through alternate scripts. If you use a service like InfusionSoft or Aweber, set this to be the same form action as the code provided to you by that service, otherwise leave this blank.", 'custom-contact-forms'); ?>">(?)</a> Form Action:</label> <input class="ccf-width250" type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][form_action]" value="<?php echo $forms[$i]->form_action; ?>" /></li> 
    566                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("Insert the page id's that your form will be used on. This will make it so the plugin will only load JS and CSS files on these select pages. This will improve your site's load time.", 'custom-contact-forms'); ?>">(?)</a> Form Pages:</label> <input class="ccf-width250" name="objects[<?php echo $forms[$i]->id; ?>][values][form_pages]" type="text" value="<?php echo $forms[$i]->form_pages; ?>" /></li> 
     565                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This lets you process your forms through alternate scripts. If you use a service like InfusionSoft or Aweber, set this to be the same form action as the code provided to you by that service, otherwise leave this blank.", 'custom-contact-forms'); ?>">(?)</a> Form Action:</label> <input class="ccf-width250" type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_action]" value="<?php echo esc_attr($forms[$i]->form_action); ?>" /></li> 
     566                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("Insert the page id's that your form will be used on. This will make it so the plugin will only load JS and CSS files on these select pages. This will improve your site's load time.", 'custom-contact-forms'); ?>">(?)</a> Form Pages:</label> <input class="ccf-width250" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_pages]" type="text" value="<?php echo esc_attr($forms[$i]->form_pages); ?>" /></li> 
    567567                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("If you want to show this form to only certain types of users, you can uncheck boxes accordingly. To show this form to anyone, check all the boxes. This will only take effect if 'Form Access Capabilities' is enabled in general settings.", 'custom-contact-forms'); ?>">(?)</a> Form Access:</label>  
    568568                                    <ul><?php 
     
    571571                            foreach ($roles as $role) { 
    572572                                ?> 
    573                                  <li><input type="checkbox" <?php if (parent::formHasRole($access_array, $role)) { echo 'checked="checked"'; } ?> name="objects[<?php echo $forms[$i]->id; ?>][values][form_access][]" value="<?php echo $role; ?>" />  
    574                                 <?php echo $role; ?> 
     573                                 <li><input type="checkbox" <?php if (parent::formHasRole($access_array, $role)) { echo 'checked="checked"'; } ?> name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_access][]" value="<?php echo esc_attr($role); ?>" />  
     574                                <?php echo esc_html($role); ?> 
    575575                                </li> 
    576576                                <?php 
    577577                            } 
    578                             ?></ul><input name="objects[<?php echo $forms[$i]->id; ?>][values][form_access_update]" type="hidden" value="1" /> 
     578                            ?></ul><input name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_access_update]" type="hidden" value="1" /> 
    579579                                </li> 
    580580                                <li></li> 
     
    584584                            <span>Successful Submission</span> 
    585585                            <ul> 
    586                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("If this is filled out, users will be sent to this thank you page when they successfully fill out this form. If it is left blank, a popover showing the form's 'success message' will be displayed on form success.", 'custom-contact-forms'); ?>">(?)</a> Custom Success URL:</label> <input class="ccf-width250" type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][form_thank_you_page]" value="<?php echo $forms[$i]->form_thank_you_page; ?>" /></li> 
    587                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This will be displayed as the header in a popover when the form is filled out successfully when no custom success page is specified; if left blank it will use the default specified in general settings.", 'custom-contact-forms'); ?>">(?)</a> Success Message Title:</label> <input class="ccf-width250" type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][form_success_title]" value="<?php echo $forms[$i]->form_success_title; ?>" /></li> 
    588                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This will be displayed in a popover when the form is filled out successfully when no custom success page is specified; if left blank it will use the default specified in general settings.", 'custom-contact-forms'); ?>">(?)</a> Success Message:</label> <textarea name="objects[<?php echo $forms[$i]->id; ?>][values][form_success_message]"><?php echo $forms[$i]->form_success_message; ?></textarea></li> 
     586                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("If this is filled out, users will be sent to this thank you page when they successfully fill out this form. If it is left blank, a popover showing the form's 'success message' will be displayed on form success.", 'custom-contact-forms'); ?>">(?)</a> Custom Success URL:</label> <input class="ccf-width250" type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_thank_you_page]" value="<?php echo esc_attr($forms[$i]->form_thank_you_page); ?>" /></li> 
     587                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This will be displayed as the header in a popover when the form is filled out successfully when no custom success page is specified; if left blank it will use the default specified in general settings.", 'custom-contact-forms'); ?>">(?)</a> Success Message Title:</label> <input class="ccf-width250" type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_success_title]" value="<?php echo esc_attr($forms[$i]->form_success_title); ?>" /></li> 
     588                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This will be displayed in a popover when the form is filled out successfully when no custom success page is specified; if left blank it will use the default specified in general settings.", 'custom-contact-forms'); ?>">(?)</a> Success Message:</label> <textarea name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][form_success_message]"><?php echo esc_attr($forms[$i]->form_success_message); ?></textarea></li> 
    589589                            </ul> 
    590590                             
    591591                            <span>Customization</span> 
    592592                            <ul> 
    593                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This text will display on the form submit button.", 'custom-contact-forms'); ?>">(?)</a> Button Text:</label> <input class="ccf-width250" type="text" name="objects[<?php echo $forms[$i]->id; ?>][values][submit_button_text]" value="<?php echo $forms[$i]->submit_button_text; ?>" /></li> 
    594                                 <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This field allows you to insert HTML directly after the starting <form> tag.", 'custom-contact-forms'); ?>">(?)</a> Custom Code:</label> <textarea name="objects[<?php echo $forms[$i]->id; ?>][values][custom_code]"><?php echo $forms[$i]->custom_code; ?></textarea></li> 
     593                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This text will display on the form submit button.", 'custom-contact-forms'); ?>">(?)</a> Button Text:</label> <input class="ccf-width250" type="text" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][submit_button_text]" value="<?php echo esc_attr($forms[$i]->submit_button_text); ?>" /></li> 
     594                                <li><label><a href="javascript:void(0)" class="toollink" title="<?php _e("This field allows you to insert HTML directly after the starting <form> tag.", 'custom-contact-forms'); ?>">(?)</a> Custom Code:</label> <textarea name="objects[<?php echo esc_attr($forms[$i]->id); ?>][values][custom_code]"><?php echo esc_attr($forms[$i]->custom_code); ?></textarea></li> 
    595595                            </ul> 
    596596                        </div> 
     
    602602                              <?php _e("Add A Field:", 'custom-contact-forms'); ?> 
    603603                              </span></label></p> 
    604                               <select class="onObject<?php echo $forms[$i]->id; ?> attach-object field-dropdown objectTypeForm" name="objects[<?php echo $forms[$i]->id; ?>][attach]"> 
     604                              <select class="onObject<?php echo esc_attr($forms[$i]->id); ?> attach-object field-dropdown objectTypeForm" name="objects[<?php echo esc_attr($forms[$i]->id); ?>][attach]"> 
    605605                                <?php echo $add_fields; ?> 
    606606                              </select> <input class="attach-button" type="button" value="<?php _e('Attach', 'custom-contact-forms'); ?>" /> 
     
    619619                $attached_fields = parent::getAttachedFieldsArray($forms[$i]->id); 
    620620                 
    621                     echo '<ul class="onObject'.$forms[$i]->id.' sortable field-list ccfsort" id="'.$form->form_slug . '">'; 
     621                    echo '<ul class="onObject' . esc_attr($forms[$i]->id) . ' sortable field-list ccfsort" id="' . esc_attr($form->form_slug) . '">'; 
    622622                    foreach($attached_fields as $attached_field) { 
    623623                        $this_field = parent::selectField($attached_field, ''); 
    624624                        ?> 
    625                         <li class="field<?php echo $this_field->id; ?> ui-state-default"><span>&times;</span> <?php 
    626       echo $this_field->field_slug;?> (<?php echo $this_field->field_type;?>)</li> 
     625                        <li class="field<?php echo esc_attr($this_field->id); ?> ui-state-default"><span>&times;</span> <?php 
     626      echo esc_html($this_field->field_slug);?> (<?php echo esc_html($this_field->field_type);?>)</li> 
    627627                        <?php 
    628628                    } 
     
    630630              ?> 
    631631                              <input class="attached-update-button" type="button" value="<?php _e('Save Field Configuration', 'custom-contact-forms'); ?>" /> 
    632                         <img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-field-config-form-<?php echo $forms[$i]->id; ?>" /> 
     632                        <img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-field-config-form-<?php echo esc_attr($forms[$i]->id); ?>" /> 
    633633                             
    634634                            </div> 
     
    675675                  </span></h3> 
    676676                <div class="inside"> 
    677                   <form id="ccf-create-field" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     677                  <form id="ccf-create-field" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    678678                  <input type="hidden" name="selected_tab" value="fields" /> 
    679679                    <ul class="left"> 
     
    802802                <?php _e("Manage User Fields", 'custom-contact-forms'); ?> 
    803803              </h3> 
    804               <form class="ccf-edit-ajax" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     804              <form class="ccf-edit-ajax" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    805805              <input type="hidden" name="selected_tab" value="fields" /> 
    806806              <table class="widefat post" id="manage-fields" cellspacing="0"> 
     
    826826             
    827827            ?> 
    828                 <tr class="row-field-<?php echo $fields[$i]->id; ?> <?php if ($z % 2 == 1) echo ' ccf-evenrow'; ?>"> 
    829                     <td><input class="object-check" type="checkbox" value="1" name="objects[<?php echo $fields[$i]->id; ?>][object_do]" /></td> 
    830                     <td><input type="text" name="objects[<?php echo $fields[$i]->id; ?>][values][field_slug]" class="ccf-width125" maxlength="50" value="<?php echo $fields[$i]->field_slug; ?>" /></td> 
    831                     <td><input type="text" name="objects[<?php echo $fields[$i]->id; ?>][values][field_label]" class="ccf-width200" maxlength="100" value="<?php echo $fields[$i]->field_label; ?>" /></td> 
    832                     <td><select name="objects[<?php echo $fields[$i]->id; ?>][values][field_type]"> 
     828                <tr class="row-field-<?php echo esc_attr($fields[$i]->id); ?> <?php if ($z % 2 == 1) echo ' ccf-evenrow'; ?>"> 
     829                    <td><input class="object-check" type="checkbox" value="1" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][object_do]" /></td> 
     830                    <td><input type="text" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_slug]" class="ccf-width125" maxlength="50" value="<?php echo esc_attr($fields[$i]->field_slug); ?>" /></td> 
     831                    <td><input type="text" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_label]" class="ccf-width200" maxlength="100" value="<?php echo esc_attr($fields[$i]->field_label); ?>" /></td> 
     832                    <td><select name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_type]"> 
    833833                        <?php echo $field_types; ?> 
    834834                      </select></td> 
    835                     <td><input type="text" name="objects[<?php echo $fields[$i]->id; ?>][values][field_value]" maxlength="50" class="ccf-width100" value="<?php echo $fields[$i]->field_value; ?>" /></td> 
    836                     <td><select name="objects[<?php echo $fields[$i]->id; ?>][values][field_required]"> 
     835                    <td><input type="text" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_value]" maxlength="50" class="ccf-width100" value="<?php echo esc_attr($fields[$i]->field_value); ?>" /></td> 
     836                    <td><select name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_required]"> 
    837837                        <option value="1"> 
    838838                        <?php _e("Yes", 'custom-contact-forms'); ?> 
     
    842842                        </option> 
    843843                      </select></td> 
    844                     <td><input type="hidden" class="object-type" name="objects[<?php echo $fields[$i]->id; ?>][object_type]" value="field" /> 
    845                       <input type="hidden" class="object-id" name="objects[<?php echo $fields[$i]->id; ?>][object_id]" value="<?php echo $fields[$i]->id; ?>" /> 
     844                    <td><input type="hidden" class="object-type" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][object_type]" value="field" /> 
     845                      <input type="hidden" class="object-id" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][object_id]" value="<?php echo esc_attr($fields[$i]->id); ?>" /> 
    846846                      <input type="button" class="single-save" value="<?php _e('Save', 'custom-contact-forms'); ?>" />  
    847847                      <input type="button" class="single-delete" value="<?php _e('Delete', 'custom-contact-forms'); ?>" /> 
    848848                      <input type="button" class="fields-options-expand-link" value="<?php _e('Options', 'custom-contact-forms'); ?>"> 
    849                       <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-field-<?php echo $fields[$i]->id; ?>" /></div> 
     849                      <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-field-<?php echo esc_attr($fields[$i]->id); ?>" /></div> 
    850850                    </td> 
    851851                  </tr> 
    852852                  <?php $show_field_options = ($fields[$i]->field_type == 'Radio' || $fields[$i]->field_type == 'Dropdown' || $fields[$i]->field_type == 'Checkbox') ? true : false; ?> 
    853                   <tr class="row-field-<?php echo $fields[$i]->id; ?> <?php if ($z % 2 == 1) echo 'ccf-evenrow'; ?>"> 
     853                  <tr class="row-field-<?php echo esc_attr($fields[$i]->id); ?> <?php if ($z % 2 == 1) echo 'ccf-evenrow'; ?>"> 
    854854                    <td class="fields-extra-options ccf-hide" colspan="8"> 
    855855                      <div class="one"> 
     
    858858                        <?php _e("Field Instructions:", 'custom-contact-forms'); ?> 
    859859                        </label> 
    860                         <textarea class="ccf-width250" name="objects[<?php echo $fields[$i]->id; ?>][values][field_instructions]"><?php echo $fields[$i]->field_instructions; ?></textarea> 
     860                        <textarea class="ccf-width250" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_instructions]"><?php echo esc_attr($fields[$i]->field_instructions); ?></textarea> 
    861861                      </div> 
    862862                      <div class="two"> 
     
    865865                        <?php _e("Field Error:", 'custom-contact-forms'); ?> 
    866866                        </label> 
    867                         <textarea class="ccf-width250" name="objects[<?php echo $fields[$i]->id; ?>][values][field_error]"><?php echo $fields[$i]->field_error; ?></textarea>  
     867                        <textarea class="ccf-width250" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_error]"><?php echo esc_attr($fields[$i]->field_error); ?></textarea>  
    868868                      </div> 
    869869                      <div class="three"> 
     
    872872                        <?php _e("Field Class:", 'custom-contact-forms'); ?> 
    873873                        </label> 
    874                         <input type="text" class="ccf-width75" name="objects[<?php echo $fields[$i]->id; ?>][values][field_class]" value="<?php echo $fields[$i]->field_class; ?>" /> 
     874                        <input type="text" class="ccf-width75" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_class]" value="<?php echo esc_attr($fields[$i]->field_class); ?>" /> 
    875875                        <br /> 
    876876                        <?php if ($fields[$i]->field_type != 'Dropdown' && $fields[$i]->field_type != 'Radio' && $fields[$i]->field_type != 'Checkbox') { ?> 
     
    878878                        <?php _e('Max Length:', 'custom-contact-forms'); ?> 
    879879                        </label> 
    880                         <input type="text" class="ccf-width75" name="objects[<?php echo $fields[$i]->id; ?>][values][field_maxlength]" value="<?php echo $fields[$i]->field_maxlength; ?>" /> 
     880                        <input type="text" class="ccf-width75" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_maxlength]" value="<?php echo esc_attr($fields[$i]->field_maxlength); ?>" /> 
    881881                        <br /> 
    882882                        <?php } ?> 
     
    884884                        <label for="field_max_upload_size"><a href="javascript:void(0)" class="toollink" title="<?php _e('If a user tries to upload a file greater than the value in this field, an error will be shown. Upload size is in KB. If this is left blank or set to 0, then there will be no maximum file size for this field.', 'custom-contact-forms'); ?>">(?)</a> 
    885885                        <?php _e("Max Upload Size:", 'custom-contact-forms'); ?></label> 
    886                         <input type="text" class="ccf-width75" name="objects[<?php echo $fields[$i]->id; ?>][values][field_max_upload_size]" value="<?php echo $fields[$i]->field_max_upload_size; ?>" /><?php _e('KB', 'custom-contact-forms'); ?> 
     886                        <input type="text" class="ccf-width75" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_max_upload_size]" value="<?php echo esc_attr($fields[$i]->field_max_upload_size); ?>" /><?php _e('KB', 'custom-contact-forms'); ?> 
    887887                        <br /> 
    888888                        <label for="field_allowed_file_extensions"><a href="javascript:void(0)" class="toollink" title="<?php _e('If a user tries to upload a file with an extension not in this list, an error will be shown. If this is left blank, then all file extensions will be accepted. Separate file extensions with a comma. Ex: doc, jpg, jpeg, bmp, gif, txt', 'custom-contact-forms'); ?>">(?)</a> 
    889889                        <?php _e("Allowed File Extensions:", 'custom-contact-forms'); ?></label> 
    890                         <input type="text" class="ccf-width75" name="objects[<?php echo $fields[$i]->id; ?>][values][field_allowed_file_extensions]" value="<?php $exts = unserialize($fields[$i]->field_allowed_file_extensions); echo (!empty($exts)) ? @implode(', ', $exts) : ''; ?>" /> 
     890                        <input type="text" class="ccf-width75" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_allowed_file_extensions]" value="<?php $exts = unserialize($fields[$i]->field_allowed_file_extensions); echo (!empty($exts)) ? esc_attr(@implode(', ', $exts)) : ''; ?>" /> 
    891891                      <?php } ?> 
    892892                      </div> 
     
    900900                              <?php _e("Add A Field Option:", 'custom-contact-forms'); ?> 
    901901                              </span></label></p> 
    902                               <select class="onObject<?php echo $fields[$i]->id; ?> attach-object field-option-dropdown objectTypeField" name="objects[<?php echo $fields[$i]->id; ?>][attach]"> 
     902                              <select class="onObject<?php echo esc_attr($fields[$i]->id); ?> attach-object field-option-dropdown objectTypeField" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][attach]"> 
    903903                                <?php 
    904904                                $options = parent::selectAllFieldOptions(); 
    905905                                foreach ($options as $option) { 
    906906                                    ?> 
    907                                     <option value="<?php echo $option->id; ?>"><?php echo $option->option_slug; ?></option> 
     907                                    <option value="<?php echo esc_attr($option->id); ?>"><?php echo esc_attr($option->option_slug); ?></option> 
    908908                                    <?php 
    909909                                } 
     
    924924                $attached_options = parent::getAttachedFieldOptionsArray($fields[$i]->id); 
    925925                 
    926                     echo '<ul class="onObject'.$fields[$i]->id.' sortable field-option-list ccfsort" id="'.$field->field_slug . '">'; 
     926                    echo '<ul class="onObject'.esc_attr($fields[$i]->id).' sortable field-option-list ccfsort" id="'.esc_attr($field->field_slug) . '">'; 
    927927                    foreach($attached_options as $attached_option) { 
    928928                        $this_option = parent::selectFieldOption($attached_option, ''); 
    929929                        ?> 
    930                         <li class="field<?php echo $this_option->id; ?> ui-state-default"><span>&times;</span> <?php 
    931       echo $this_option->option_slug;?></li> 
     930                        <li class="field<?php echo esc_attr($this_option->id); ?> ui-state-default"><span>&times;</span> <?php 
     931      echo esc_html($this_option->option_slug);?></li> 
    932932                        <?php 
    933933                    } 
     
    935935              ?> 
    936936                              <input class="attached-update-button" type="button" value="<?php _e('Save Option Configuration', 'custom-contact-forms'); ?>" /> 
    937                         <img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-field-config-field-<?php echo $fields[$i]->id; ?>" /> 
     937                        <img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-field-config-field-<?php echo esc_attr($fields[$i]->id); ?>" /> 
    938938                             
    939939                            </div></div> 
     
    969969                <?php _e("Manage Fixed Fields", 'custom-contact-forms'); ?> 
    970970              </h3> 
    971               <form class="ccf-edit-ajax" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     971              <form class="ccf-edit-ajax" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    972972              <input type="hidden" name="selected_tab" value="fields" /> 
    973973              <table class="widefat post" id="manage-fixed-fields" cellspacing="0"> 
     
    992992             
    993993            ?> 
    994                   <tr class="row-field-<?php echo $fields[$i]->id; ?> <?php if ($z % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    995                     <td><input class="object-check" type="checkbox" value="1" name="objects[<?php echo $fields[$i]->id  ; ?>][object_do]" /></td> 
    996                     <td><?php echo $fields[$i]->field_slug; ?></td> 
     994                  <tr class="row-field-<?php echo esc_attr($fields[$i]->id); ?> <?php if ($z % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     995                    <td><input class="object-check" type="checkbox" value="1" name="objects[<?php echo esc_attr($fields[$i]->id ); ?>][object_do]" /></td> 
     996                    <td><?php echo esc_attr($fields[$i]->field_slug); ?></td> 
    997997                    <td><?php if ($fields[$i]->field_slug == 'resetButton') { _e('None', 'custom-contact-forms'); } else { ?> 
    998                       <input type="text" name="objects[<?php echo $fields[$i]->id; ?>][values][field_label]" maxlength="100" value="<?php echo $fields[$i]->field_label; ?>" /> 
     998                      <input type="text" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_label]" maxlength="100" value="<?php echo esc_attr($fields[$i]->field_label); ?>" /> 
    999999                      <?php } ?></td> 
    1000                     <td><?php echo $fields[$i]->field_type; ?> 
     1000                    <td><?php echo esc_attr($fields[$i]->field_type); ?> 
    10011001                    <td><?php if ($fields[$i]->field_type != 'Checkbox') { ?> 
    1002                       <input type="text" name="objects[<?php echo $fields[$i]->id; ?>][values][field_value]" class="ccf-width75" maxlength="50" value="<?php echo $fields[$i]->field_value; ?>" /> 
     1002                      <input type="text" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_value]" class="ccf-width75" maxlength="50" value="<?php echo esc_attr($fields[$i]->field_value); ?>" /> 
    10031003                      <?php } else { 
    1004             echo $fields[$i]->field_value; 
     1004            echo esc_attr($fields[$i]->field_value); 
    10051005            ?> 
    10061006                      <?php } ?> 
    10071007                    </td> 
    10081008                    <td><?php if ($fields[$i]->field_slug == 'fixedEmail' || $fields[$i]->field_slug == 'emailSubject' || $fields[$i]->field_slug == 'fixedWebsite' || $fields[$i]->field_slug == 'usaStates' || $fields[$i]->field_slug == 'datePicker' || $fields[$i]->field_slug == 'allCountries') { ?> 
    1009                       <select name="objects[<?php echo $fields[$i]->id; ?>][values][field_required]"> 
     1009                      <select name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_required]"> 
    10101010                        <option value="1"> 
    10111011                        <?php _e("Yes", 'custom-contact-forms'); ?> 
     
    10251025                    </td> 
    10261026                    <td> 
    1027                         <input type="hidden" class="object-type" name="objects[<?php echo $fields[$i]->id; ?>][object_type]" value="field" /> 
    1028                       <input type="hidden" class="object-id" name="objects[<?php echo $fields[$i]->id; ?>][object_id]" value="<?php echo $fields[$i]->id; ?>" /> 
     1027                        <input type="hidden" class="object-type" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][object_type]" value="field" /> 
     1028                      <input type="hidden" class="object-id" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][object_id]" value="<?php echo esc_attr($fields[$i]->id); ?>" /> 
    10291029                      <input type="button" class="single-save" value="<?php _e('Save', 'custom-contact-forms'); ?>" />  
    10301030                      <input type="button" class="fixed-fields-options-expand-link" value="<?php _e('Options', 'custom-contact-forms'); ?>"> 
    1031                       <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-field-<?php echo $fields[$i]->id; ?>" /></div> 
     1031                      <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-field-<?php echo esc_attr($fields[$i]->id); ?>" /></div> 
    10321032                    </td> 
    10331033                  </tr> 
    1034                   <tr class="row-field-<?php echo $fields[$i]->id; ?> <?php if ($z % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     1034                  <tr class="row-field-<?php echo esc_attr($fields[$i]->id); ?> <?php if ($z % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    10351035                    <td class="fixed-fields-extra-options ccf-hide" colspan="8"> 
    10361036                      <?php if ($fields[$i]->field_slug == 'resetButton') { ?> 
     
    10391039                        <?php _e("Field Class:", 'custom-contact-forms'); ?> 
    10401040                        </label> 
    1041                         <input type="text" class="ccf-width75" name="objects[<?php echo $fields[$i]->id; ?>][values][field_class]" value="<?php echo $fields[$i]->field_class; ?>" /> 
     1041                        <input type="text" class="ccf-width75" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_class]" value="<?php echo esc_attr($fields[$i]->field_class); ?>" /> 
    10421042                         
    10431043                      <?php } else { ?> 
     
    10471047                        <?php _e("Field Instructions:", 'custom-contact-forms'); ?> 
    10481048                        </label> 
    1049                         <textarea class="ccf-width250" name="objects[<?php echo $fields[$i]->id; ?>][values][field_instructions]"><?php echo $fields[$i]->field_instructions; ?></textarea> 
     1049                        <textarea class="ccf-width250" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_instructions]"><?php echo esc_attr($fields[$i]->field_instructions); ?></textarea> 
    10501050                      </div> 
    10511051                      <div class="two"> 
     
    10541054                        <?php _e("Field Error:", 'custom-contact-forms'); ?> 
    10551055                        </label> 
    1056                         <textarea class="ccf-width250" name="objects[<?php echo $fields[$i]->id; ?>][values][field_error]"><?php echo $fields[$i]->field_error; ?></textarea>  
     1056                        <textarea class="ccf-width250" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_error]"><?php echo esc_attr($fields[$i]->field_error); ?></textarea>  
    10571057                      </div> 
    10581058                      <div class="three"> 
     
    10621062                        <?php _e("Field Class:", 'custom-contact-forms'); ?> 
    10631063                        </label> 
    1064                         <input type="text" class="ccf-width75" name="objects[<?php echo $fields[$i]->id; ?>][values][field_class]" value="<?php echo $fields[$i]->field_class; ?>" /> 
     1064                        <input type="text" class="ccf-width75" name="objects[<?php echo esc_attr($fields[$i]->id); ?>][values][field_class]" value="<?php echo esc_attr($fields[$i]->field_class); ?>" /> 
    10651065                         
    10661066                        <br /> 
     
    10701070                        <?php _e("Max Length:", 'custom-contact-forms'); ?> 
    10711071                        </label> 
    1072                         <input type="text" class="ccf-width50" name="objects[<?php echo $i; ?>][values][field_maxlength]" value="<?php echo $fields[$i]->field_maxlength; ?>" /> 
     1072                        <input type="text" class="ccf-width50" name="objects[<?php echo $i; ?>][values][field_maxlength]" value="<?php echo esc_attr($fields[$i]->field_maxlength); ?>" /> 
    10731073                        <?php } ?> 
    10741074                      </div> 
     
    11071107                  </span></h3> 
    11081108                <div class="inside"> 
    1109                       <form class="ccf-edit-ajax" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     1109                      <form class="ccf-edit-ajax" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    11101110                      <input type="hidden" name="selected_tab" value="field-options" /> 
    11111111                      <table cellpadding="0" cellspacing="0"> 
     
    11371137                foreach ($options as $option) { 
    11381138                ?> 
    1139                         <tr class="row-field_option-<?php echo $option->id; ?> <?php if ($i % 2 == 1) echo 'evenrow-field-options'; ?>"> 
    1140                             <td><input type="checkbox" class="object-check" name="objects[<?php echo $option->id; ?>][object_do]" value="1" /> </td> 
    1141                             <td><input type="text" maxlength="20" name="<?php ?>objects[<?php echo $option->id; ?>][values][option_slug]" value="<?php echo $option->option_slug; ?>" class="ccf-width50" /></td> 
    1142                             <td><input type="text" name="objects[<?php echo $option->id; ?>][values][option_label]" value="<?php echo $option->option_label; ?>" class="ccf-width100" /></td> 
    1143                             <td><input type="text" name="objects[<?php echo $option->id; ?>][values][option_value]" value="<?php echo $option->option_value; ?>" class="ccf-width100" /></td> 
    1144                             <td><select name="objects[<?php echo $option->id; ?>][values][option_dead]"><option value="0"><?php _e('No', 'custom-contact-forms'); ?></option><option <?php if ($option->option_dead == 1) echo 'selected="selected"'; ?> value="1"><?php _e('Yes', 'custom-contact-forms'); ?></option></select></td> 
     1139                        <tr class="row-field_option-<?php echo esc_attr($option->id); ?> <?php if ($i % 2 == 1) echo 'evenrow-field-options'; ?>"> 
     1140                            <td><input type="checkbox" class="object-check" name="objects[<?php echo esc_attr($option->id); ?>][object_do]" value="1" /> </td> 
     1141                            <td><input type="text" maxlength="20" name="<?php ?>objects[<?php echo esc_attr($option->id); ?>][values][option_slug]" value="<?php echo esc_attr($option->option_slug); ?>" class="ccf-width50" /></td> 
     1142                            <td><input type="text" name="objects[<?php echo esc_attr($option->id); ?>][values][option_label]" value="<?php echo esc_attr($option->option_label); ?>" class="ccf-width100" /></td> 
     1143                            <td><input type="text" name="objects[<?php echo esc_attr($option->id); ?>][values][option_value]" value="<?php echo esc_attr($option->option_value); ?>" class="ccf-width100" /></td> 
     1144                            <td><select name="objects[<?php echo esc_attr($option->id); ?>][values][option_dead]"><option value="0"><?php _e('No', 'custom-contact-forms'); ?></option><option <?php if ($option->option_dead == 1) echo 'selected="selected"'; ?> value="1"><?php _e('Yes', 'custom-contact-forms'); ?></option></select></td> 
    11451145                            <td> 
    1146                                 <input type="hidden" class="object-type" name="objects[<?php echo $option->id; ?>][object_type]" value="field_option" /> 
    1147                                 <input type="hidden" class="object-id" name="objects[<?php echo $option->id; ?>][object_id]" value="<?php echo $option->id; ?>" /> 
     1146                                <input type="hidden" class="object-type" name="objects[<?php echo esc_attr($option->id); ?>][object_type]" value="field_option" /> 
     1147                                <input type="hidden" class="object-id" name="objects[<?php echo esc_attr($option->id); ?>][object_id]" value="<?php echo esc_attr($option->id); ?>" /> 
    11481148                                <input type="button" class="single-save" value="<?php _e('Save', 'custom-contact-forms'); ?>" />  
    11491149                                <input type="button" class="single-delete" value="<?php _e('Delete', 'custom-contact-forms'); ?>" /> 
    1150                                 <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-field_option-<?php echo $option->id; ?>" /></div> 
     1150                                <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-field_option-<?php echo esc_attr($option->id); ?>" /></div> 
    11511151                            </td> 
    11521152                        </tr> 
     
    12321232                    <?php _e("Use this manager to create styles for your forms. Each field is already filled out with nice look defaults. It is recommended you simply input a slug and click create to see the defaults before you start changing values.", 'custom-contact-forms'); ?> 
    12331233                  </p> 
    1234                   <form id="ccf-create-style" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     1234                  <form id="ccf-create-style" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    12351235                  <input type="hidden" name="selected_tab" value="styles" /> 
    12361236                    <ul class="style_left"> 
     
    13691369                        <?php _e("(ex: 000000 or black)", 'custom-contact-forms'); ?> 
    13701370                      </li> 
     1371                      <li> 
     1372                        <label for="form_borderwidth"> 
     1373                        <?php _e("Form Width:", 'custom-contact-forms'); ?> 
     1374                        </label> 
     1375                        <input type="text" maxlength="20" value="100%" class="ccf-width75" name="object[form_width]" /> 
     1376                        <?php _e("(ex: 100px or 50%)", 'custom-contact-forms'); ?> 
     1377                      </li> 
     1378                      <li> 
     1379                        <label for="input_width"> 
     1380                        <?php _e("Field Border Color:", 'custom-contact-forms'); ?> 
     1381                        </label> 
     1382                        <input type="text" maxlength="20" value="999999" class="ccf-width75 colorfield" name="object[field_bordercolor]" /> 
     1383                        <?php _e("(ex: 100px or 100%)", 'custom-contact-forms'); ?> 
     1384                      </li> 
    13711385                    </ul> 
    13721386                    <ul class="style_right"> 
    1373                       <li> 
    1374                         <label for="input_width"> 
    1375                         <?php _e("Field Border Color:", 'custom-contact-forms'); ?> 
    1376                         </label> 
    1377                         <input type="text" maxlength="20" value="999999" class="ccf-width75 colorfield" name="object[field_bordercolor]" /> 
    1378                         <?php _e("(ex: 100px or 100%)", 'custom-contact-forms'); ?> 
    1379                       </li> 
     1387                       
    13801388                      <li> 
    13811389                        <label for="form_borderstyle"> 
     
    14001408                        <?php _e("(ex: 1px)", 'custom-contact-forms'); ?> 
    14011409                      </li> 
    1402                       <li> 
    1403                         <label for="form_borderwidth"> 
    1404                         <?php _e("Form Width:", 'custom-contact-forms'); ?> 
    1405                         </label> 
    1406                         <input type="text" maxlength="20" value="100%" class="ccf-width75" name="object[form_width]" /> 
    1407                         <?php _e("(ex: 100px or 50%)", 'custom-contact-forms'); ?> 
    1408                       </li> 
     1410                     
    14091411                      <li> 
    14101412                        <label for="form_borderwidth"> 
     
    14271429                        <input type="text" maxlength="20" value="30px" class="ccf-width75" name="object[submit_height]" /> 
    14281430                        <?php _e("(ex: 100px or 30%)", 'custom-contact-forms'); ?> 
     1431                      </li> 
     1432                      <li> 
     1433                        <label for="submit_background"> 
     1434                        <?php _e("Button Background:", 'custom-contact-forms'); ?> 
     1435                        </label> 
     1436                        <input type="text" maxlength="200" value="http://" class="ccf-width175" name="object[submit_background]" /> 
     1437                        <?php _e("(any URL)", 'custom-contact-forms'); ?> 
     1438                      </li> 
     1439                      <li> 
     1440                        <label for="submit_background_repeat"> 
     1441                        <?php _e("Button Background Repeat:", 'custom-contact-forms'); ?> 
     1442                        </label> 
     1443                        <select name="objects[<?php echo esc_attr($style->id); ?>][values][submit_background_repeat]"> 
     1444                            <option value="no-repeat">No Repeat</option> 
     1445                            <option value="repeat-x">Repeat X</option> 
     1446                            <option value="repeat-y">Repeat Y</option> 
     1447                            <option value="repeat">Repeat Both</option> 
     1448                        </select> 
    14291449                      </li> 
    14301450                      <li> 
     
    15271547                <?php _e("Manage Form Styles", 'custom-contact-forms'); ?> 
    15281548              </h3> 
    1529               <form class="ccf-edit-ajax" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     1549              <form class="ccf-edit-ajax" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    15301550              <input type="hidden" name="selected_tab" value="styles" /> 
    15311551              <table class="widefat post" id="manage-styles" cellspacing="0"> 
     
    15461566            foreach ($styles as $style) { 
    15471567            ?> 
    1548                   <tr class="row-style-<?php echo $style->id; ?> <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    1549                      <td> <label><input type="checkbox" class="object-check" value="1" name="objects[<?php echo $style->id; ?>][object_do]" />  
     1568                  <tr class="row-style-<?php echo esc_attr($style->id); ?> <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     1569                     <td> <label><input type="checkbox" class="object-check" value="1" name="objects[<?php echo esc_attr($style->id); ?>][object_do]" />  
    15501570                        * <?php _e("Slug:", 'custom-contact-forms'); ?> 
    15511571                        </label> 
    1552                         <input type="text" maxlength="30" value="<?php echo $style->style_slug; ?>" name="objects[<?php echo $style->id; ?>][values][style_slug]" /> 
     1572                        <input type="text" maxlength="30" value="<?php echo esc_attr($style->style_slug); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][style_slug]" /> 
    15531573                        <br /> 
    15541574                        <label> 
    15551575                        <?php _e("Font Family:", 'custom-contact-forms'); ?> 
    15561576                        </label> 
    1557                         <input type="text" maxlength="120" value="<?php echo $style->form_fontfamily; ?>" name="objects[<?php echo $style->id; ?>][values][form_fontfamily]" /> 
     1577                        <input type="text" maxlength="120" value="<?php echo esc_attr($style->form_fontfamily); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_fontfamily]" /> 
    15581578                        <br /> 
    15591579                        <label> 
     
    15621582                        <?php _e("Color:", 'custom-contact-forms'); ?> 
    15631583                        </label> 
    1564                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->textarea_backgroundcolor; ?>" name="objects[<?php echo $style->id; ?>][values][textarea_backgroundcolor]" /> 
     1584                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->textarea_backgroundcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][textarea_backgroundcolor]" /> 
    15651585                        <br /> 
    15661586                        <label> 
     
    15691589                        <?php _e("Border Color:", 'custom-contact-forms'); ?> 
    15701590                        </label> 
    1571                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->success_popover_bordercolor; ?>" name="objects[<?php echo $style->id; ?>][values][success_popover_bordercolor]" /> 
     1591                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->success_popover_bordercolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][success_popover_bordercolor]" /> 
    15721592                        <br /> 
    15731593                        <label> 
     
    15761596                        <?php _e("Font Color:", 'custom-contact-forms'); ?> 
    15771597                        </label> 
    1578                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->tooltip_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][tooltip_fontcolor]" /> 
     1598                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->tooltip_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][tooltip_fontcolor]" /> 
    15791599                        <br /> 
    1580                         <input type="button" class="single-save" value="<?php _e('Save', 'custom-contact-forms'); ?>" /> <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-style-<?php echo $style->id; ?>" /></div><br /> 
     1600                        <label> 
     1601                        <?php _e("Button Background", 'custom-contact-forms'); ?><br /> 
     1602                        <?php _e("Repeat:", 'custom-contact-forms'); ?> 
     1603                        </label> 
     1604                        <select name="objects[<?php echo esc_attr($style->id); ?>][values][submit_background_repeat]"> 
     1605                            <option <?php selected('no-repeat', $style->submit_background_repeat); ?> value="no-repeat">No Repeat</option> 
     1606                            <option <?php selected('repeat-x', $style->submit_background_repeat); ?> value="repeat-x">Repeat X</option> 
     1607                            <option <?php selected('repeat-y', $style->submit_background_repeat); ?> value="repeat-y">Repeat Y</option> 
     1608                            <option <?php selected('repeat', $style->submit_background_repeat); ?> value="repeat">Repeat Both</option> 
     1609                        </select> 
     1610                        <br /> 
     1611                        <input type="button" class="single-save" value="<?php _e('Save', 'custom-contact-forms'); ?>" /> <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-style-<?php echo esc_attr($style->id); ?>" /></div><br /> 
    15811612                        <input type="button" class="single-delete" value="<?php _e('Delete', 'custom-contact-forms'); ?>" /> 
    1582                         <input class="object-type" type="hidden" name="objects[<?php echo $style->id; ?>][object_type]" value="style" /> 
    1583                         <input class="object-id" name="objects[<?php echo $style->id; ?>][object_id]" type="hidden" value="<?php echo $style->id; ?>" /> 
     1613                        <input class="object-type" type="hidden" name="objects[<?php echo esc_attr($style->id); ?>][object_type]" value="style" /> 
     1614                        <input class="object-id" name="objects[<?php echo esc_attr($style->id); ?>][object_id]" type="hidden" value="<?php echo esc_attr($style->id); ?>" /> 
    15841615                      </td> 
    15851616                      <td><label> 
    15861617                        <?php _e("Form Width:", 'custom-contact-forms'); ?> 
    15871618                        </label> 
    1588                         <input type="text" maxlength="20" value="<?php echo $style->form_width; ?>" name="objects[<?php echo $style->id; ?>][values][form_width]" /> 
     1619                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->form_width); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_width]" /> 
    15891620                        <br /> 
    15901621                        <label> 
    15911622                        <?php _e("Text Field Width:", 'custom-contact-forms'); ?> 
    15921623                        </label> 
    1593                         <input type="text" maxlength="20" value="<?php echo $style->input_width; ?>" name="objects[<?php echo $style->id; ?>][values][input_width]" /> 
     1624                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->input_width); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][input_width]" /> 
    15941625                        <br /> 
    15951626                        <label> 
    15961627                        <?php _e("Textarea Width:", 'custom-contact-forms'); ?> 
    15971628                        </label> 
    1598                         <input type="text" maxlength="20" value="<?php echo $style->textarea_width; ?>" name="objects[<?php echo $style->id; ?>][values][textarea_width]" /> 
     1629                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->textarea_width); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][textarea_width]" /> 
    15991630                        <br /> 
    16001631                        <label> 
    16011632                        <?php _e("Textarea Height:", 'custom-contact-forms'); ?> 
    16021633                        </label> 
    1603                         <input type="text" maxlength="20" value="<?php echo $style->textarea_height; ?>" name="objects[<?php echo $style->id; ?>][values][textarea_height]" /> 
     1634                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->textarea_height); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][textarea_height]" /> 
    16041635                        <br /> 
    16051636                        <label> 
    16061637                        <?php _e("Dropdown Width:", 'custom-contact-forms'); ?> 
    16071638                        </label> 
    1608                         <input type="text" maxlength="20" value="<?php echo $style->dropdown_width; ?>" name="objects[<?php echo $style->id; ?>][values][dropdown_width]" /> 
     1639                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->dropdown_width); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][dropdown_width]" /> 
    16091640                        <br /> 
    16101641                        <label> 
    16111642                        <?php _e("Label Margin:", 'custom-contact-forms'); ?> 
    16121643                        </label> 
    1613                         <input type="text" maxlength="20" value="<?php echo $style->label_margin; ?>" name="objects[<?php echo $style->id; ?>][values][label_margin]" /> 
     1644                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->label_margin); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][label_margin]" /> 
    16141645                        <br /> 
    16151646                        <label> 
     
    16181649                        <?php _e("Height:", 'custom-contact-forms'); ?> 
    16191650                        </label> 
    1620                         <input type="text" maxlength="20" value="<?php echo $style->success_popover_height; ?>" name="objects[<?php echo $style->id; ?>][values][success_popover_height]" /> 
     1651                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->success_popover_height); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][success_popover_height]" /> 
     1652                        <br /> 
     1653 
     1654                        <label> 
     1655                        <?php _e("Button Background:", 'custom-contact-forms'); ?> 
     1656                        </label> 
     1657                        <input type="text" maxlength="200" value="<?php echo esc_attr($style->submit_background); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][submit_background]" /> 
    16211658                        <br /> 
    16221659                      </td> 
     
    16241661                        <?php _e("Label Width:", 'custom-contact-forms'); ?> 
    16251662                        </label> 
    1626                         <input type="text" maxlength="20" value="<?php echo $style->label_width; ?>" name="objects[<?php echo $style->id; ?>][values][label_width]" /> 
     1663                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->label_width); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][label_width]" /> 
    16271664                        <br /> 
    16281665                        <label> 
    16291666                        <?php _e("Button Width:", 'custom-contact-forms'); ?> 
    16301667                        </label> 
    1631                         <input type="text" maxlength="20" value="<?php echo $style->submit_width; ?>" name="objects[<?php echo $style->id; ?>][values][submit_width]" /> 
     1668                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->submit_width); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][submit_width]" /> 
    16321669                        <br /> 
    16331670                        <label> 
    16341671                        <?php _e("Button Height:", 'custom-contact-forms'); ?> 
    16351672                        </label> 
    1636                         <input type="text" maxlength="20" value="<?php echo $style->submit_height; ?>" name="objects[<?php echo $style->id; ?>][values][submit_height]" /> 
     1673                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->submit_height); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][submit_height]" /> 
    16371674                        <br /> 
    16381675                        <label> 
    16391676                        <?php _e("Field Background Color:", 'custom-contact-forms'); ?> 
    16401677                        </label> 
    1641                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->field_backgroundcolor; ?>" name="objects[<?php echo $style->id; ?>][values][field_backgroundcolor]" /> 
     1678                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->field_backgroundcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][field_backgroundcolor]" /> 
    16421679                        <br /> 
    16431680                        <label> 
    16441681                        <?php _e("Title Margin:", 'custom-contact-forms'); ?> 
    16451682                        </label> 
    1646                         <input type="text" maxlength="20" value="<?php echo $style->title_margin; ?>" name="objects[<?php echo $style->id; ?>][values][title_margin]" /> 
     1683                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->title_margin); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][title_margin]" /> 
    16471684                        <br /> 
    16481685                        <label> 
     
    16511688                        <?php _e("Title Font Size:", 'custom-contact-forms'); ?> 
    16521689                        </label> 
    1653                         <input type="text" maxlength="20" value="<?php echo $style->success_popover_title_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][success_popover_title_fontsize]" /> 
     1690                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->success_popover_title_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][success_popover_title_fontsize]" /> 
    16541691                        <label> 
    16551692                        <?php _e("Form Background Color:", 'custom-contact-forms'); ?> 
    16561693                        </label> 
    1657                         <input type="text" class="colorfield" maxlength="20" value="<?php echo $style->form_backgroundcolor; ?>" name="objects[<?php echo $style->id; ?>][values][form_backgroundcolor]" /> 
     1694                        <input type="text" class="colorfield" maxlength="20" value="<?php echo esc_attr($style->form_backgroundcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_backgroundcolor]" /> 
    16581695                      </td> 
    16591696                      <td><label> 
    16601697                        <?php _e("Title Font Size:", 'custom-contact-forms'); ?> 
    16611698                        </label> 
    1662                         <input type="text" maxlength="20" value="<?php echo $style->title_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][title_fontsize]" /> 
     1699                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->title_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][title_fontsize]" /> 
    16631700                        <br /> 
    16641701                        <label> 
    16651702                        <?php _e("Label Font Size:", 'custom-contact-forms'); ?> 
    16661703                        </label> 
    1667                         <input type="text" maxlength="20" value="<?php echo $style->label_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][label_fontsize]" /> 
     1704                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->label_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][label_fontsize]" /> 
    16681705                        <br /> 
    16691706                        <label> 
    16701707                        <?php _e("Field Font Size:", 'custom-contact-forms'); ?> 
    16711708                        </label> 
    1672                         <input type="text" maxlength="20" value="<?php echo $style->field_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][field_fontsize]" /> 
     1709                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->field_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][field_fontsize]" /> 
    16731710                        <br /> 
    16741711                        <label> 
    16751712                        <?php _e("Button Font Size:", 'custom-contact-forms'); ?> 
    16761713                        </label> 
    1677                         <input type="text" maxlength="20" value="<?php echo $style->submit_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][submit_fontsize]" /> 
     1714                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->submit_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][submit_fontsize]" /> 
    16781715                        <br /> 
    16791716                        <label> 
    16801717                        <?php _e("Form Padding:", 'custom-contact-forms'); ?> 
    16811718                        </label> 
    1682                         <input type="text" maxlength="20" value="<?php echo $style->form_padding; ?>" name="objects[<?php echo $style->id; ?>][values][form_padding]" /> 
     1719                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->form_padding); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_padding]" /> 
    16831720                        <br /> 
    16841721                        <label> 
     
    16871724                        <?php _e("Font Size:", 'custom-contact-forms'); ?> 
    16881725                        </label> 
    1689                         <input type="text" maxlength="20" value="<?php echo $style->success_popover_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][success_popover_fontsize]" /> 
     1726                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->success_popover_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][success_popover_fontsize]" /> 
    16901727                        <br /> 
    16911728                        <label> 
     
    16941731                        <?php _e("Background Color:", 'custom-contact-forms'); ?> 
    16951732                        </label> 
    1696                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->tooltip_backgroundcolor; ?>" name="objects[<?php echo $style->id; ?>][values][tooltip_backgroundcolor]" /> 
     1733                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->tooltip_backgroundcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][tooltip_backgroundcolor]" /> 
    16971734                      </td> 
    16981735                      <td><label> 
    16991736                        <?php _e("Title Font Color:", 'custom-contact-forms'); ?> 
    17001737                        </label> 
    1701                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->title_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][title_fontcolor]" /> 
     1738                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->title_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][title_fontcolor]" /> 
    17021739                        <br /> 
    17031740                        <label> 
    17041741                        <?php _e("Label Font Color:", 'custom-contact-forms'); ?> 
    17051742                        </label> 
    1706                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->label_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][label_fontcolor]" /> 
     1743                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->label_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][label_fontcolor]" /> 
    17071744                        <br /> 
    17081745                        <label> 
    17091746                        <?php _e("Field Font Color:", 'custom-contact-forms'); ?> 
    17101747                        </label> 
    1711                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->field_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][field_fontcolor]" /> 
     1748                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->field_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][field_fontcolor]" /> 
    17121749                        <br /> 
    17131750                        <label> 
    17141751                        <?php _e("Button Font Color:", 'custom-contact-forms'); ?> 
    17151752                        </label> 
    1716                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->submit_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][submit_fontcolor]" /> 
     1753                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->submit_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][submit_fontcolor]" /> 
    17171754                        <br /> 
    17181755                        <label> 
    17191756                        <?php _e("Form Margin:", 'custom-contact-forms'); ?> 
    17201757                        </label> 
    1721                         <input type="text" maxlength="20" value="<?php echo $style->form_margin; ?>" name="objects[<?php echo $style->id; ?>][values][form_margin]" /> 
     1758                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->form_margin); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_margin]" /> 
    17221759                        <br /> 
    17231760                        <label> 
     
    17261763                        <?php _e("Font Color:", 'custom-contact-forms'); ?> 
    17271764                        </label> 
    1728                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->success_popover_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][success_popover_fontcolor]" /> 
     1765                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->success_popover_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][success_popover_fontcolor]" /> 
    17291766                        <br /> 
    17301767                        <label> 
    17311768                        <?php _e("Tooltip Font Size:", 'custom-contact-forms'); ?> 
    17321769                        </label> 
    1733                         <input type="text" maxlength="20" value="<?php echo $style->tooltip_fontsize; ?>" name="objects[<?php echo $style->id; ?>][values][tooltip_fontsize]" /> 
     1770                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->tooltip_fontsize); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][tooltip_fontsize]" /> 
    17341771                      </td> 
    17351772                      <td><label> 
    17361773                        <?php _e("Form Border Style:", 'custom-contact-forms'); ?> 
    17371774                        </label> 
    1738                         <select name="objects[<?php echo $style->id; ?>][values][form_borderstyle]"> 
    1739                           <?php echo str_replace('<option>'.$style->form_borderstyle.'</option>', '<option selected="selected">'.$style->form_borderstyle.'</option>', $border_style_options); ?> 
     1775                        <select name="objects[<?php echo esc_attr($style->id); ?>][values][form_borderstyle]"> 
     1776                          <?php echo str_replace('<option>'.esc_attr($style->form_borderstyle).'</option>', '<option selected="selected">'.esc_attr($style->form_borderstyle).'</option>', $border_style_options); ?> 
    17401777                        </select> 
    17411778                        <br /> 
     
    17431780                        <?php _e("Form Border Width:", 'custom-contact-forms'); ?> 
    17441781                        </label> 
    1745                         <input type="text" maxlength="20" value="<?php echo $style->form_borderwidth; ?>" name="objects[<?php echo $style->id; ?>][values][form_borderwidth]" /> 
     1782                        <input type="text" maxlength="20" value="<?php echo esc_attr($style->form_borderwidth); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_borderwidth]" /> 
    17461783                        <br /> 
    17471784                        <label> 
    17481785                        <?php _e("Form Border Color:", 'custom-contact-forms'); ?> 
    17491786                        </label> 
    1750                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->form_bordercolor; ?>" name="objects[<?php echo $style->id; ?>][values][form_bordercolor]" /> 
     1787                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->form_bordercolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][form_bordercolor]" /> 
    17511788                        <br /> 
    17521789                        <label> 
    17531790                        <?php _e("Field Border Color:", 'custom-contact-forms'); ?> 
    17541791                        </label> 
    1755                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->field_bordercolor; ?>" name="objects[<?php echo $style->id; ?>][values][field_bordercolor]" /> 
     1792                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->field_bordercolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][field_bordercolor]" /> 
    17561793                        <br /> 
    17571794                        <label> 
    17581795                        <?php _e("Field Border Style:", 'custom-contact-forms'); ?> 
    17591796                        </label> 
    1760                         <select name="objects[<?php echo $style->id; ?>][values][field_borderstyle]"> 
    1761                           <?php echo str_replace('<option>'.$style->field_borderstyle.'</option>', '<option selected="selected">'.$style->field_borderstyle.'</option>', $border_style_options); ?> 
     1797                        <select name="objects[<?php echo esc_attr($style->id); ?>][values][field_borderstyle]"> 
     1798                          <?php echo str_replace('<option>'.esc_attr($style->field_borderstyle).'</option>', '<option selected="selected">'.esc_attr($style->field_borderstyle).'</option>', $border_style_options); ?> 
    17621799                        </select> 
    17631800                        <br /> 
     
    17671804                        <?php _e("Title Font Color:", 'custom-contact-forms'); ?> 
    17681805                        </label> 
    1769                         <input class="colorfield" type="text" maxlength="20" value="<?php echo $style->success_popover_title_fontcolor; ?>" name="objects[<?php echo $style->id; ?>][values][success_popover_title_fontcolor]" /> 
     1806                        <input class="colorfield" type="text" maxlength="20" value="<?php echo esc_attr($style->success_popover_title_fontcolor); ?>" name="objects[<?php echo esc_attr($style->id); ?>][values][success_popover_title_fontcolor]" /> 
    17701807                        <br /> 
    17711808                        <label> 
    17721809                        <?php _e("Field Border Roundness:", 'custom-contact-forms'); ?> 
    17731810                        </label> 
    1774                         <input name="objects[<?php echo $style->id; ?>][values][field_borderround]" value="<?php echo $style->field_borderround; ?>" type="text" maxlength="20" /> 
     1811                        <input name="objects[<?php echo esc_attr($style->id); ?>][values][field_borderround]" value="<?php echo esc_attr($style->field_borderround); ?>" type="text" maxlength="20" /> 
    17751812                         
    17761813                      </td> 
     
    18051842                  </span></h3> 
    18061843                <div class="inside"> 
    1807                   <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     1844                  <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    18081845                  <input type="hidden" name="selected_tab" value="support" /> 
    18091846                    <ul> 
     
    18181855                        <?php _e("Your Email:", 'custom-contact-forms'); ?> 
    18191856                        </label> 
    1820                         <input id="email" type="text" value="<?php echo get_option('admin_email'); ?>" name="email" maxlength="100" /> 
     1857                        <input id="email" type="text" value="<?php echo esc_attr(get_option('admin_email')); ?>" name="email" maxlength="100" /> 
    18211858                      </li> 
    18221859                    </ul> 
     
    18911928&lt;input type=&quot;hidden&quot; name=&quot;success_message&quot; value=&quot;<?php _e("Thank you for filling out our form!", 'custom-contact-forms'); ?>&quot; /&gt; 
    18921929&lt;input type=&quot;hidden&quot; name=&quot;thank_you_page&quot; value=&quot;http://www.google.com&quot; /&gt; 
    1893 &lt;input type=&quot;hidden&quot; name=&quot;destination_email&quot; value=&quot;<?php echo $admin_options['default_to_email']; ?>&quot; /&gt; 
     1930&lt;input type=&quot;hidden&quot; name=&quot;destination_email&quot; value=&quot;<?php echo esc_attr($admin_options['default_to_email']); ?>&quot; /&gt; 
    18941931&lt;input type=&quot;hidden&quot; name=&quot;required_fields&quot; value=&quot;field_name1, field_name2&quot; /&gt; 
    18951932 
     
    19702007                  <?php _e("Saved Form Submissions", 'custom-contact-forms'); ?> 
    19712008                  </span></h3> 
    1972               <form class="ccf-edit-ajax" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     2009              <form class="ccf-edit-ajax" method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    19732010              <table class="widefat post" id="form-submissions-table" cellspacing="0"> 
    19742011                <thead> 
     
    19882025            $data = new CustomContactFormsUserData(array('form_id' => $data_object->data_formid, 'data_time' => $data_object->data_time, 'form_page' => $data_object->data_formpage, 'encoded_data' => $data_object->data_value));   
    19892026            ?> 
    1990                   <tr class="row-form_submission-<?php echo $data_object->id; ?> submission-top <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    1991                     <td><input type="checkbox" class="object-check" value="1" name="objects[<?php echo $data_object->id; ?>][object_do]" /></td> 
    1992                     <td><?php echo date('F d, Y h:i:s A', $data->getDataTime()); ?></td> 
     2027                  <tr class="row-form_submission-<?php echo esc_attr($data_object->id); ?> submission-top <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     2028                    <td><input type="checkbox" class="object-check" value="1" name="objects[<?php echo esc_attr($data_object->id); ?>][object_do]" /></td> 
     2029                    <td><?php echo esc_html(date('F d, Y h:i:s A', $data->getDataTime())); ?></td> 
    19932030                    <td><?php 
    19942031            if ($data->getFormID() > 0) { 
    19952032            $data_form = parent::selectForm($data->getFormID()); 
    19962033            $this_form = (!empty($data_form->form_slug)) ? $data_form->form_slug : '-'; 
    1997             echo $this_form; 
     2034            echo esc_html($this_form); 
    19982035            } else 
    19992036            _e('Custom HTML Form', 'custom-contact-forms'); 
    20002037            ?> 
    20012038                    </td> 
    2002                     <td><?php echo $data->getFormPage(); ?> </td> 
    2003                     <td><?php echo $data->getFormID(); ?> </td> 
     2039                    <td><?php echo esc_html($data->getFormPage()); ?> </td> 
     2040                    <td><?php echo esc_html($data->getFormID()); ?> </td> 
    20042041                    <td class="ccf-alignright"> 
    20052042                        <input type="button" class="submission-content-expand-button" value="<?php _e('Expand', 'custom-contact-forms'); ?>" /> 
    20062043                        <input type="button" class="single-delete" value="<?php _e('Delete', 'custom-contact-forms'); ?>" /> 
    2007                       <input class="object-id" type="hidden" name="objects[<?php echo $data_object->id; ?>][object_id]" value="<?php echo $data_object->id; ?>" /> 
    2008                       <input type="hidden" class="object-type" name="objects[<?php echo $data_object->id; ?>][object_type]" value="form_submission" /> 
    2009                       <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-form_submission-<?php echo $data_object->id; ?>" /></div> 
     2044                      <input class="object-id" type="hidden" name="objects[<?php echo esc_attr($data_object->id); ?>][object_id]" value="<?php echo esc_attr($data_object->id); ?>" /> 
     2045                      <input type="hidden" class="object-type" name="objects[<?php echo esc_attr($data_object->id); ?>][object_type]" value="form_submission" /> 
     2046                      <div class="loading-img-container"><img src="<?php echo plugins_url(); ?>/custom-contact-forms/images/wpspin_light.gif" width="16" height="16" class="ccf-hide loading-img-inner-form_submission-<?php echo esc_attr($data_object->id); ?>" /></div> 
    20102047                     </td> 
    20112048                  </tr> 
    2012                   <tr class="ccf-hide row-form_submission-<?php echo $data_object->id; ?> submission-content <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
     2049                  <tr class="ccf-hide row-form_submission-<?php echo esc_attr($data_object->id); ?> submission-content <?php if ($i % 2 == 0) echo 'ccf-evenrow'; ?>"> 
    20132050                    <td colspan="6"><ul> 
    20142051                        <?php 
     
    20172054            ?> 
    20182055                        <li> 
    2019                           <div><?php echo $item_key; ?></div> 
     2056                          <div><?php echo esc_html($item_key); ?></div> 
    20202057                          <p><?php echo $data->parseUserData($item_value); ?></p> 
    20212058                        </li> 
     
    21222159                  </span></h3> 
    21232160                <div class="inside"> 
    2124                   <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     2161                  <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    21252162                    <ul class="gleft"> 
    21262163                      <li> 
     
    21442181                        <?php _e("Default Email:", 'custom-contact-forms'); ?> 
    21452182                        </label> 
    2146                         <input name="settings[default_to_email]" value="<?php echo $admin_options['default_to_email']; ?>" type="text" maxlength="100" /> 
     2183                        <input name="settings[default_to_email]" value="<?php echo esc_attr($admin_options['default_to_email']); ?>" type="text" maxlength="100" /> 
    21472184                      </li> 
    21482185                      <li class="descrip"> 
     
    21692206                        <?php _e("Default From Email:", 'custom-contact-forms'); ?> 
    21702207                        </label> 
    2171                         <input name="settings[default_from_email]" value="<?php echo $admin_options['default_from_email']; ?>" type="text" maxlength="100" /> 
     2208                        <input name="settings[default_from_email]" value="<?php echo esc_attr($admin_options['default_from_email']); ?>" type="text" maxlength="100" /> 
    21722209                      </li> 
    21732210                      <li class="descrip"> 
     
    21782215                        <?php _e("Default From Name:", 'custom-contact-forms'); ?> 
    21792216                        </label> 
    2180                         <input name="settings[default_from_name]" value="<?php echo $admin_options['default_from_name']; ?>" type="text" maxlength="100" /> 
     2217                        <input name="settings[default_from_name]" value="<?php echo esc_attr($admin_options['default_from_name']); ?>" type="text" maxlength="100" /> 
    21812218                      </li> 
    21822219                      <li class="descrip"> 
     
    21872224                        <?php _e("Default Email Subject:", 'custom-contact-forms'); ?> 
    21882225                        </label> 
    2189                         <input name="settings[default_form_subject]" value="<?php echo $admin_options['default_form_subject']; ?>" type="text" /> 
     2226                        <input name="settings[default_form_subject]" value="<?php echo esc_attr($admin_options['default_form_subject']); ?>" type="text" /> 
    21902227                      </li> 
    21912228                      <li class="descrip"> 
     
    22372274                        <?php _e("This lets you switch the form code between HTML and XHTML.", 'custom-contact-forms'); ?> 
    22382275                      </li> 
     2276                       
     2277                      <li> 
     2278                        <label for="recaptcha_public_key"> 
     2279                        <?php _e("reCaptcha Public Key:", 'custom-contact-forms'); ?> 
     2280                        </label> 
     2281                        <input name="settings[recaptcha_public_key]" value="<?php echo esc_attr( $admin_options['recaptcha_public_key'] ); ?>" type="text" /> 
     2282                      </li> 
     2283                      <li class="descrip"> 
     2284                        <?php _e( 'This key comes from <a href="http://google.com/recaptcha">reCaptcha</a> and allows you to use the recaptcha fixed field.', 'custom-contact-forms' ); ?> 
     2285                      </li> 
     2286                       
     2287                      <li> 
     2288                        <label for="recaptcha_private_key"> 
     2289                        <?php _e("reCaptcha Private Key:", 'custom-contact-forms'); ?> 
     2290                        </label> 
     2291                        <input name="settings[recaptcha_private_key]" value="<?php echo esc_attr( $admin_options['recaptcha_private_key'] ); ?>" type="text" /> 
     2292                      </li> 
     2293                      <li class="descrip"> 
     2294                        <?php _e( 'This key comes from <a href="http://google.com/recaptcha">reCaptcha</a> and allows you to use the recaptcha fixed field.', 'custom-contact-forms' ); ?> 
     2295                      </li> 
    22392296                       
    22402297                    </ul> 
     
    22442301                        <?php _e("Default Form Success Message Title:", 'custom-contact-forms'); ?> 
    22452302                        </label> 
    2246                         <input name="settings[form_success_message_title]" value="<?php echo $admin_options['form_success_message_title']; ?>" type="text"/> 
     2303                        <input name="settings[form_success_message_title]" value="<?php echo esc_attr($admin_options['form_success_message_title']); ?>" type="text"/> 
    22472304                      </li> 
    22482305                      <li class="descrip"> 
     
    22542311                        <?php _e("Default Form Success Message:", 'custom-contact-forms'); ?> 
    22552312                        </label> 
    2256                         <input name="settings[form_success_message]" value="<?php echo $admin_options['form_success_message']; ?>" type="text"/> 
     2313                        <input name="settings[form_success_message]" value="<?php echo esc_attr($admin_options['form_success_message']); ?>" type="text"/> 
    22572314                      </li> 
    22582315                      <li class="descrip"> 
     
    22632320                        <?php _e("Default Form Error Header:", 'custom-contact-forms'); ?> 
    22642321                        </label> 
    2265                         <input name="settings[default_form_error_header]" value="<?php echo $admin_options['default_form_error_header']; ?>" type="text" /> 
     2322                        <input name="settings[default_form_error_header]" value="<?php echo esc_attr($admin_options['default_form_error_header']); ?>" type="text" /> 
    22662323                      </li> 
    22672324                      <li class="descrip"> 
     
    23192376                        <?php _e("Default Permissions Error:", 'custom-contact-forms'); ?> 
    23202377                        </label> 
    2321                         <input name="settings[default_form_bad_permissions]" value="<?php echo $admin_options['default_form_bad_permissions']; ?>" type="text" /> 
     2378                        <input name="settings[default_form_bad_permissions]" value="<?php echo esc_attr($admin_options['default_form_bad_permissions']); ?>" type="text" /> 
    23222379                      </li> 
    23232380                      <li class="descrip"> 
     
    23442401                        <?php _e("Maximum File Upload Size:", 'custom-contact-forms'); ?> 
    23452402                        </label> 
    2346                         <input name="settings[max_file_upload_size]" class="ccf-width75" type="text" value="<?php echo $admin_options['max_file_upload_size']; ?>" /> <?php _e("MB"); ?> 
     2403                        <input name="settings[max_file_upload_size]" class="ccf-width75" type="text" value="<?php echo esc_attr($admin_options['max_file_upload_size']); ?>" /> <?php _e("MB"); ?> 
    23472404                           
    23482405                      </li> 
     
    23892446                  </span></h3> 
    23902447                <div class="inside"> 
    2391                     <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     2448                    <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    23922449                    <p><?php _e("There are two ways you can send emails: using the PHP mail() function or using SMTP (secure/insecure). If you choose to use the PHP mail() function you can ignore all the other options. For some people Wordpress's default way of sending mail does not work; if for some reason your mail is being sent you should try the SMTP option.", 'custom-contact-forms'); ?></p> 
    23932450                    <label for="mail_function"><?php _e("* Send My Emails Using the Following:", 'custom-contact-forms'); ?></label> 
     
    23982455                    <div> 
    23992456                        <ul class="left"> 
    2400                             <li><label for="smtp_host"><?php _e("SMTP Host:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_host]" value="<?php echo $admin_options['smtp_host']; ?>" /></li> 
    2401                             <li><label for="smtp_port"><?php _e("SMTP Port:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_port]" value="<?php echo $admin_options['smtp_port']; ?>" /></li> 
     2457                            <li><label for="smtp_host"><?php _e("SMTP Host:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_host]" value="<?php echo esc_attr($admin_options['smtp_host']); ?>" /></li> 
     2458                            <li><label for="smtp_port"><?php _e("SMTP Port:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_port]" value="<?php echo esc_attr($admin_options['smtp_port']); ?>" /></li> 
    24022459                            <li><label for="smtp_encryption"><?php _e("Encryption:", 'custom-contact-forms'); ?></label> <select name="mail_config[smtp_encryption]"> 
    24032460                            <option value="none"><?php _e("None", 'custom-contact-forms'); ?></option> 
     
    24082465                        <ul class="right"> 
    24092466                            <li><label for="smtp_authentication"><?php _e("SMTP Authentication:", 'custom-contact-forms'); ?></label> <select name="mail_config[smtp_authentication]"><option value="0"><?php _e("None Needed", 'custom-contact-forms'); ?></option><option <?php if ($admin_options['smtp_authentication'] == 1) echo 'selected="selected"'; ?> value="1"><?php _e("Use SMTP Username/Password", 'custom-contact-forms'); ?></option></select></li> 
    2410                             <li><label for="smtp_username"><?php _e("SMTP Username:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_username]" value="<?php echo $admin_options['smtp_username']; ?>" /></li> 
    2411                             <li><label for="smtp_password"><?php _e("SMTP Password:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_password]" value="<?php echo $admin_options['smtp_password']; ?>" /></li> 
     2467                            <li><label for="smtp_username"><?php _e("SMTP Username:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_username]" value="<?php echo esc_attr($admin_options['smtp_username']); ?>" /></li> 
     2468                            <li><label for="smtp_password"><?php _e("SMTP Password:", 'custom-contact-forms'); ?></label> <input class="ccf-width125" type="text" size="10" name="mail_config[smtp_password]" value="<?php echo esc_attr($admin_options['smtp_password']); ?>" /></li> 
    24122469                        </ul> 
    24132470                    </div> 
     
    24212478                  </span></h3> 
    24222479                <div class="inside"> 
    2423                   <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     2480                  <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    24242481                   
    24252482                  <div class="left"> 
     
    24272484                      <?php _e("Preforming this export will create a file of the form  
    24282485                        ccf-export-xxxx.sql on your web server. The file created contains SQL that  
    2429                         will recreate all the plugin data on any Wordpress installation. After Custom Contact Forms creates the export file, you will be prompted to download it. You can use this file as a backup in case your Wordpress database gets ruined.", 'custom-contact-forms'); ?> 
     2486                        will recreate all the plugin data on any Wordpress installation. After Custom Contact Forms creates the export file, you will be prompted to download it. You can use this file as a backup in case your Wordpress database gets ruined. Unfortunately, this export will not contain an files uploaded via your forms.", 'custom-contact-forms'); ?> 
    24302487                    </p> 
    24312488                    <input type="submit" name="ccf_export" value="<?php _e("Export All CCF Plugin Content", 'custom-contact-forms'); ?>" />  
     
    24352492                        <input type="submit" name="ccf_export_all_csv" value="<?php _e('Export All Saved Form Submissions to CSV', 'custom-contact-forms'); ?>" /> 
    24362493                  </div> 
    2437                   <div class="divider"></div> 
     2494                  <div class="divider ccf-clear"></div> 
    24382495                  <p><?php _e("You can also export only submissions from certain forms in to CSV format. This CSV export will probably more useful to you because it will contain the name of fields as well as the values. This export works best on forms that have fields that have remained completely constant throughout submission.", 'custom-contact-forms'); ?></p> 
    24392496                        <label for="csv_form_id">Form ID:</label> <input id="csv_form_id" type="text" size="5" name="csv_form_id" /> <input type="submit" name="ccf_export_form_csv" value="<?php _e("Export This Form's Submissions to CSV", 'custom-contact-forms'); ?>" /> 
     
    24472504                  </span></h3> 
    24482505                <div class="inside"> 
    2449                   <form method="post" enctype="multipart/form-data" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 
     2506                  <form method="post" enctype="multipart/form-data" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"> 
    24502507                     
    24512508                    <p> 
     
    25182575    } 
    25192576} 
    2520 ?> 
  • custom-contact-forms/trunk/custom-contact-forms-front.php

    r521490 r569013  
    1515        function frontInit() { 
    1616            ccf_utils::startSession(); 
    17             //print_r($_SESSION); 
    1817            $this->processForms(); 
    1918        } 
     
    113112            $admin_options = parent::getAdminOptions(); 
    114113            if ($admin_options['enable_form_access_manager'] == 1 && !$this->userCanViewForm($this_form)) 
    115                 return $admin_options['default_form_bad_permissions']; 
     114                return esc_html($admin_options['default_form_bad_permissions']); 
    116115             
    117116            return $this->getFormCode($this_form); 
     
    127126            if (!empty($errors)) { 
    128127                $admin_options = parent::getAdminOptions(); 
    129                 $out = '<div id="custom-contact-forms-errors"><p>'.$admin_options['default_form_error_header'].'</p><ul>' . "\n"; 
     128                $out = '<div id="custom-contact-forms-errors"><p>'.esc_html($admin_options['default_form_error_header']).'</p><ul>' . "\n"; 
    130129                //$errors = $this->getAllFormErrors(); 
    131130                foreach ($errors as $error) { 
    132                     $out .= '<li>'.$error.'</li>' . "\n"; 
    133                 } 
    134                 $err_link = (!empty($this->error_return)) ? '<p><a href="'.$this->error_return.'" title="'.__('Go Back', 'custom-contact-forms').'">&lt; ' . __('Go Back to Form.', 'custom-contact-forms') . '</a></p>' : ''; 
     131                    $out .= '<li>'.esc_html($error).'</li>' . "\n"; 
     132                } 
     133                $err_link = (!empty($this->error_return)) ? '<p><a href="'.esc_attr($this->error_return).'" title="'.__('Go Back', 'custom-contact-forms').'">&lt; ' . __('Go Back to Form.', 'custom-contact-forms') . '</a></p>' : ''; 
    135134                $this->emptyFormErrors(); 
    136135                return $out . '</ul>' . "\n" . $err_link . '</div>'; 
     
    152151                ?> 
    153152                <style type="text/css"> 
    154                     <!-- 
    155                     #ccf-form-success { z-index:10000; border-color:#<?php echo parent::formatStyle($style->success_popover_bordercolor); ?>; height:<?php $style->success_popover_height; ?>; } 
    156                     #ccf-form-success div { background-color:#<?php echo parent::formatStyle($style->success_popover_bordercolor); ?>; } 
    157                     #ccf-form-success div h5 { color:#<?php echo parent::formatStyle($style->success_popover_title_fontcolor); ?>; font-size:<?php echo $style->success_popover_title_fontsize; ?>; } 
    158                     #ccf-form-success div a { color:#<?php echo parent::formatStyle($style->success_popover_title_fontcolor); ?>; } 
    159                     #ccf-form-success p { font-size:<?php echo $style->success_popover_fontsize; ?>; color:#<?php echo parent::formatStyle($style->success_popover_fontcolor); ?>; } 
    160                     --> 
     153                    #ccf-form-success { z-index:10000; border-color:#<?php echo esc_attr(parent::formatStyle($style->success_popover_bordercolor)); ?>; height:<?php echo esc_attr($style->success_popover_height); ?>; } 
     154                    #ccf-form-success div { background-color:#<?php echo esc_attr(parent::formatStyle($style->success_popover_bordercolor)); ?>; } 
     155                    #ccf-form-success div h5 { color:#<?php echo esc_attr(parent::formatStyle($style->success_popover_title_fontcolor)); ?>; font-size:<?php echo esc_attr($style->success_popover_title_fontsize); ?>; } 
     156                    #ccf-form-success div a { color:#<?php echo esc_attr(parent::formatStyle($style->success_popover_title_fontcolor)); ?>; } 
     157                    #ccf-form-success p { font-size:<?php echo esc_attr($style->success_popover_fontsize); ?>; color:#<?php echo esc_attr(parent::formatStyle($style->success_popover_fontcolor)); ?>; } 
    161158                </style> 
    162159                <?php 
     
    165162            <div id="ccf-form-success"> 
    166163                <div> 
    167                     <h5><?php echo $success_title; ?></h5> 
     164                    <h5><?php echo esc_html($success_title); ?></h5> 
    168165                    <a href="javascript:void(0)" class="close">&times;</a> 
    169166                </div> 
    170                 <p><?php echo $success_message; ?></p> 
     167                <p><?php echo esc_html($success_message); ?></p> 
    171168                 
    172169            </div> 
     
    206203            $form_styles = ''; 
    207204            $style_class = (!$is_widget_form) ? ' customcontactform' : ' customcontactform-sidebar'; 
    208             $form_id = 'form-' . $form->id . '-'.$form_key; 
     205            $form_id = esc_attr('form-' . $form->id . '-'.$form_key); 
    209206            if ($form->form_style != 0) { 
    210207                $style = parent::selectStyle($form->form_style, ''); 
     
    217214            //$out .= '<form id="'.$form_id.'" method="'.$form_method.'" action="'.$action.'" class="'.$style_class.'">' . "\n"; 
    218215            $out .= ccf_utils::decodeOption($form->custom_code, 1, 1) . "\n"; 
    219             if (!empty($form_title) && !$is_widget_form) $out .= '<h4 id="h4-' . $form->id . '-' . $form_key . '">' . $form_title . '</h4>' . "\n"; 
     216            if (!empty($form_title) && !$is_widget_form) $out .= '<h4 id="h4-' . esc_attr($form->id) . '-' . $form_key . '">' . esc_html($form_title) . '</h4>' . "\n"; 
    220217            $fields = parent::getAttachedFieldsArray($form->id); 
    221218            $hiddens = ''; 
     
    228225                $input_id = 'id="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'-'.$form_key.'"'; 
    229226                $field_value = ccf_utils::decodeOption($field->field_value, 1, 1); 
    230                 $instructions = (empty($field->field_instructions)) ? '' : 'title="' . $field->field_instructions . $req_long . '" '; 
     227                $instructions = (empty($field->field_instructions)) ? '' : 'title="' . esc_attr($field->field_instructions) . $req_long . '" '; 
    231228                $tooltip_class = (empty($field->field_instructions)) ? '' : 'ccf-tooltip-field'; 
    232229                if ($admin_options['enable_widget_tooltips'] == 0 && $is_widget_form) $instructions = ''; 
     
    236233                } if ($field->field_slug == 'captcha') { 
    237234                    $out .= '<div>' . "\n" . $this->getCaptchaCode($field, $form->id) . "\n" . '</div>' . "\n"; 
     235                } elseif ( $field->field_slug == 'recaptcha' ) { 
     236                    $out .= '<div>' . "\n" . $this->getReCaptchaCode( $field, $form->id ) . "\n" . '</div>' . "\n"; 
    238237                } elseif ($field->field_slug == 'usaStates') { 
    239238                    $field->field_value = $field_value; 
     
    246245                    $out .= '<div>' . "\n" . $this->getCountriesCode($field, $form->id) . "\n" . '</div>' . "\n"; 
    247246                } elseif ($field->field_slug == 'resetButton') { 
    248                     $add_reset = ' <input type="reset" '.$instructions.' class="reset-button '.$field->field_class.' '.$tooltip_class.'" value="' . $field->field_value . '" />'; 
     247                    $add_reset = ' <input type="reset" '.$instructions.' class="reset-button '.$field->field_class.' '.$tooltip_class.'" value="' . esc_attr($field->field_value) . '" />'; 
    249248                } elseif ($field->field_type == 'Text') { 
    250                     $maxlength = (empty($field->field_maxlength) or $field->field_maxlength <= 0) ? '' : ' maxlength="'.$field->field_maxlength.'"'; 
    251                     $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<input class="'.$field->field_class.' '.$tooltip_class.'" '.$instructions.' '.$input_id.' type="text" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'"'.$maxlength.''.$code_type.'>'."\n".'</div>' . "\n"; 
     249                    $maxlength = (empty($field->field_maxlength) or $field->field_maxlength <= 0) ? '' : ' maxlength="'.esc_attr($field->field_maxlength).'"'; 
     250                    $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<input class="'.esc_attr($field->field_class).' '.$tooltip_class.'" '.$instructions.' '.$input_id.' type="text" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'"'.$maxlength.''.$code_type.'>'."\n".'</div>' . "\n"; 
    252251                } elseif ($field->field_type == 'File') { 
    253252                    $file_upload_form = ' enctype="multipart/form-data" '; 
    254                     $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<input class="'.$field->field_class.' '.$tooltip_class.'" '.$instructions.' '.$input_id.' type="file" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'"'.$code_type.'>'."\n".'</div>' . "\n"; 
     253                    $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<input class="'.esc_attr($field->field_class).' '.$tooltip_class.'" '.$instructions.' '.$input_id.' type="file" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'"'.$code_type.'>'."\n".'</div>' . "\n"; 
    255254                } elseif ($field->field_type == 'Date') { 
    256255                    $maxlength = (empty($field->field_maxlength) or $field->field_maxlength <= 0) ? '' : ' maxlength="'.$field->field_maxlength.'"'; 
    257                     $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<input class="'.$field->field_class.' ccf-datepicker '.$tooltip_class.'" '.$instructions.' '.$input_id.' type="text" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'"'.$maxlength.''.$code_type.'>'."\n".'</div>' . "\n"; 
     256                    $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<input class="'.esc_attr($field->field_class).' ccf-datepicker '.$tooltip_class.'" '.$instructions.' '.$input_id.' type="text" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'"'.$maxlength.''.$code_type.'>'."\n".'</div>' . "\n"; 
    258257                } elseif ($field->field_type == 'Hidden') { 
    259258                    $hiddens .= '<input type="hidden" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.$field_value.'" '.$input_id.''.$code_type.'>' . "\n"; 
    260                 } /*elseif ($field->field_type == 'Checkbox') { 
    261                     $out .= '<div>'."\n".'<input class="'.$field->field_class.' '.$tooltip_class.'" '.$instructions.' type="checkbox" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.ccf_utils::decodeOption($field->field_value, 1, 1).'" '.$input_id.''.$code_type.'> '."\n".'<label class="checkbox" for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">' . $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'</div>' . "\n"; 
    262                 }*/ elseif ($field->field_type == 'Textarea') { 
    263                     $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<textarea class="'.$field->field_class.' '.$tooltip_class.'" '.$instructions.' '.$input_id.' rows="5" cols="40" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'.$field_value.'</textarea>'."\n".'</div>' . "\n"; 
     259                } elseif ($field->field_type == 'Textarea') { 
     260                    $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<textarea class="'.esc_attr($field->field_class).' '.$tooltip_class.'" '.$instructions.' '.$input_id.' rows="5" cols="40" name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'.$field_value.'</textarea>'."\n".'</div>' . "\n"; 
    264261                } elseif ($field->field_type == 'Dropdown') { 
    265262                    $field_options = ''; 
     
    268265                        $option = parent::selectFieldOption($option_id); 
    269266                        $option_sel = (($field_value == $option->option_label || $field_value == $option->option_value) && !empty($field_value)) ? ' selected="selected"' : ''; 
    270                         $option_value = (!empty($option->option_value)) ? ' value="' . $option->option_value . '"' : ''; 
     267                        $option_value = (!empty($option->option_value)) ? ' value="' . esc_attr($option->option_value) . '"' : ''; 
    271268                        // Weird way of marking a state dead. TODO: Find another way. 
    272269                        $option_value = ($option->option_dead == 1) ? ' value="' . CCF_DEAD_STATE_VALUE . '"' : $option_value; 
    273                         $field_options .= '<option'.$option_sel.''.$option_value.'>' . $option->option_label . '</option>' . "\n"; 
     270                        $field_options .= '<option'.$option_sel.''.$option_value.'>' . esc_attr($option->option_label) . '</option>' . "\n"; 
    274271                    } 
    275272                    if (!empty($options)) { 
    276                         if (!$is_widget_form) $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<select '.$instructions.' '.$input_id.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" class="'.$field->field_class.' '.$tooltip_class.'">'."\n".$field_options.'</select>'."\n".'</div>' . "\n"; 
    277                         else  $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<select class="'.$field->field_class.' '.$tooltip_class.'" '.$instructions.' '.$input_id.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'."\n".$field_options.'</select>'."\n".'</div>' . "\n"; 
     273                        if (!$is_widget_form) $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<select '.$instructions.' '.$input_id.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" class="'.esc_attr($field->field_class).' '.$tooltip_class.'">'."\n".$field_options.'</select>'."\n".'</div>' . "\n"; 
     274                        else  $out .= '<div>'."\n".'<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>'."\n".'<select class="'.esc_attr($field->field_class).' '.$tooltip_class.'" '.$instructions.' '.$input_id.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'."\n".$field_options.'</select>'."\n".'</div>' . "\n"; 
    278275                    } 
    279276                } elseif ($field->field_type == 'Radio') { 
     
    283280                        $option = parent::selectFieldOption($option_id); 
    284281                        $option_sel = (($field_value == $option->option_label || $field_value == $option->option_value) && !empty($field_value)) ? ' checked="checked"' : ''; 
    285                         $field_options .= '<div><input'.$option_sel.' class="'.$field->field_class.' '.$tooltip_class.'" type="radio" '.$instructions.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.ccf_utils::decodeOption($option->option_value, 1, 1).'"'.$code_type.'> <label class="select" for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">' . ccf_utils::decodeOption($option->option_label, 1, 1) . '</label></div>' . "\n"; 
     282                        $field_options .= '<div><input'.$option_sel.' class="'.esc_attr($field->field_class).' '.$tooltip_class.'" type="radio" '.$instructions.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'" value="'.ccf_utils::decodeOption($option->option_value, 1, 1).'"'.$code_type.'> <label class="select" for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">' . ccf_utils::decodeOption($option->option_label, 1, 1) . '</label></div>' . "\n"; 
    286283                    } 
    287284                    $field_label = (!empty($field->field_label)) ? '<label for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">'. $req .ccf_utils::decodeOption($field->field_label, 1, 1).'</label>' : ''; 
     
    295292                        $field_value_array = (!is_array($field_value)) ? array() : $field_value; 
    296293                        $option_sel = (in_array($option->option_label, $field_value_array) || in_array($option->option_value, $field_value_array)) ? ' checked="checked"' : ''; 
    297                         $check_value = (empty($option->option_value)) ? $option->option_label : ccf_utils::decodeOption($option->option_value, 1, 1); 
    298                         $field_options .= '<div><input'.$option_sel.' class="'.$field->field_class.' '.$tooltip_class.'" type="checkbox" '.$instructions.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'['.$z.']" value="'.$check_value.'"'.$code_type.'> <label class="select" for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">' . ccf_utils::decodeOption($option->option_label, 1, 1) . '</label></div>' . "\n"; 
     294                        $check_value = (empty($option->option_value)) ? esc_html($option->option_label) : ccf_utils::decodeOption($option->option_value, 1, 1); 
     295                        $field_options .= '<div><input'.$option_sel.' class="'.esc_attr($field->field_class).' '.$tooltip_class.'" type="checkbox" '.$instructions.' name="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'['.$z.']" value="'.$check_value.'"'.$code_type.'> <label class="select" for="'.ccf_utils::decodeOption($field->field_slug, 1, 1).'">' . ccf_utils::decodeOption($option->option_label, 1, 1) . '</label></div>' . "\n"; 
    299296                        $z++; 
    300297                    } 
     
    304301            } 
    305302            if (!empty($file_upload_form)) 
    306                 $out = '<input type="hidden" name="MAX_FILE_SIZE" value="'.($admin_options['max_file_upload_size'] * 1000 * 1000).'" />' . "\n" . $out; 
    307             $out = '<form id="'.$form_id.'" method="'.$form_method.'" action="'.$action.'" class="'.$style_class.'"'.$file_upload_form.'>' . "\n" . $out; 
    308             $submit_text = (!empty($form->submit_button_text)) ? ccf_utils::decodeOption($form->submit_button_text, 1, 0) : 'Submit'; 
    309             $out .= '<input name="form_page" value="'.$_SERVER['REQUEST_URI'].'" type="hidden"'.$code_type.'>'."\n".'<input type="hidden" name="fid" value="'.$form->id.'"'.$code_type.'>'."\n".$hiddens."\n".'<input type="submit" id="submit-' . $form->id . '-'.$form_key.'" class="submit" value="' . $submit_text . '" name="customcontactforms_submit"'.$code_type.'>'; 
     303                $out = '<input type="hidden" name="MAX_FILE_SIZE" value="'.(intval($admin_options['max_file_upload_size']) * 1000 * 1000).'" />' . "\n" . $out; 
     304            $out = '<form id="'.$form_id.'" method="'.esc_attr($form_method).'" action="'.esc_url($action).'" class="'.esc_attr($style_class).'"'.$file_upload_form.'>' . "\n" . $out; 
     305            $submit_text = (!empty($form->submit_button_text)) ? ccf_utils::decodeOption($form->submit_button_text, 1, 0) : __('Submit', 'custom-contact-forms'); 
     306            $out .= '<input name="form_page" value="'.esc_url($_SERVER['REQUEST_URI']).'" type="hidden"'.$code_type.'>'."\n".'<input type="hidden" name="fid" value="'.esc_attr($form->id).'"'.$code_type.'>'."\n".$hiddens."\n".'<input type="submit" id="submit-' . esc_attr($form->id) . '-'.$form_key.'" class="submit" value="' . $submit_text . '" name="customcontactforms_submit"'.$code_type.'>'; 
    310307            if (!empty($add_reset)) $out .= $add_reset; 
    311308            $out .= "\n" . '</form>'; 
     
    313310            if ($form->form_style != 0) { 
    314311                $no_border = array('', '0', '0px', '0%', '0pt', '0em'); 
    315                 $round_border = (!in_array($style->field_borderround, $no_border)) ? '-moz-border-radius:'.$style->field_borderround.'; -khtml-border-radius:'.$style->field_borderround.'; -webkit-border-radius:'.$style->field_borderround.'; ' : ''; 
     312                $round_border = (!in_array($style->field_borderround, $no_border)) ? '-moz-border-radius:'.esc_attr($style->field_borderround).'; -khtml-border-radius:'.esc_attr($style->field_borderround).'; -webkit-border-radius:'.esc_attr($style->field_borderround).'; ' : ''; 
    316313                $round_border_none = '-moz-border-radius:0px; -khtml-border-radius:0px; -webkit-border-radius:0px; '; 
    317314                $form_styles .= '<style type="text/css">' . "\n"; 
    318                 $form_styles .= '#' . $form_id . " { width: ".$style->form_width."; text-align:left; padding:".$style->form_padding."; margin:".$style->form_margin."; border:".$style->form_borderwidth." ".$style->form_borderstyle." #".parent::formatStyle($style->form_bordercolor)."; background-color:#".parent::formatStyle($style->form_backgroundcolor)."; font-family:".$style->form_fontfamily."; } \n"; 
     315                $form_styles .= '#' . $form_id . " { width: ".esc_attr($style->form_width)."; text-align:left; padding:".esc_attr($style->form_padding)."; margin:".esc_attr($style->form_margin)."; border:".esc_attr($style->form_borderwidth)." ".esc_attr($style->form_borderstyle)." #".esc_attr(parent::formatStyle($style->form_bordercolor))."; background-color:#".esc_attr(parent::formatStyle($style->form_backgroundcolor))."; font-family:".esc_attr($style->form_fontfamily)."; } \n"; 
    319316                $form_styles .= '#' . $form_id . " div { margin-bottom:6px; background-color:inherit; }\n"; 
    320317                $form_styles .= '#' . $form_id . " div div { margin:0; background-color:inherit; padding:0; }\n"; 
    321                 $form_styles .= '#' . $form_id . " h4 { padding:0; background-color:inherit; margin:".$style->title_margin." ".$style->title_margin." ".$style->title_margin." 0; color:#".parent::formatStyle($style->title_fontcolor)."; font-size:".$style->title_fontsize."; } \n"; 
    322                 $form_styles .= '#' . $form_id . " label { padding:0; background-color:inherit; margin:".$style->label_margin." ".$style->label_margin." ".$style->label_margin." 0; display:block; color:#".parent::formatStyle($style->label_fontcolor)."; width:".$style->label_width."; font-size:".$style->label_fontsize."; } \n"; 
     318                $form_styles .= '#' . $form_id . " h4 { padding:0; background-color:inherit; margin:".esc_attr($style->title_margin)." ".esc_attr($style->title_margin)." ".esc_attr($style->title_margin)." 0; color:#".esc_attr(parent::formatStyle($style->title_fontcolor))."; font-size:".esc_attr($style->title_fontsize)."; } \n"; 
     319                $form_styles .= '#' . $form_id . " label { padding:0; background-color:inherit; margin:".esc_attr($style->label_margin)." ".esc_attr($style->label_margin)." ".esc_attr($style->label_margin)." 0; display:block; color:#".esc_attr(parent::formatStyle($style->label_fontcolor))."; width:".esc_attr($style->label_width)."; font-size:".esc_attr($style->label_fontsize)."; } \n"; 
    323320                $form_styles .= '#' . $form_id . " div div input { margin-bottom:2px; line-height:normal; }\n"; 
    324321                $form_styles .= '#' . $form_id . " input[type=checkbox] { margin:0; }\n"; 
    325322                $form_styles .= '#' . $form_id . " label.checkbox, #" . $form_id . " label.radio, #" . $form_id . " label.select { display:inline; } \n"; 
    326                 $form_styles .= '#' . $form_id . " input[type=text], #" . $form_id . " select { ".$round_border." color:#".parent::formatStyle($style->field_fontcolor)."; margin:0; width:".$style->input_width."; font-size:".$style->field_fontsize."; background-color:#".parent::formatStyle($style->field_backgroundcolor)."; border:1px ".$style->field_borderstyle." #".parent::formatStyle($style->field_bordercolor)."; } \n"; 
    327                 $form_styles .= '#' . $form_id . " select { ".$round_border_none." width:".$style->dropdown_width."; }\n"; 
    328                 $form_styles .= '#' . $form_id . " .submit { color:#".parent::formatStyle($style->submit_fontcolor)."; width:".$style->submit_width."; height:".$style->submit_height."; font-size:".$style->submit_fontsize."; } \n"; 
    329                 $form_styles .= '#' . $form_id . " .reset-button { color:#".parent::formatStyle($style->submit_fontcolor)."; width:".$style->submit_width."; height:".$style->submit_height."; font-size:".$style->submit_fontsize."; } \n"; 
    330                 $form_styles .= '#' . $form_id . " textarea { ".$round_border." color:#".parent::formatStyle($style->field_fontcolor)."; width:".$style->textarea_width."; margin:0; background-color:#".parent::formatStyle($style->textarea_backgroundcolor)."; font-family:".$style->form_fontfamily."; height:".$style->textarea_height."; font-size:".$style->field_fontsize."; border:1px ".$style->field_borderstyle." #".parent::formatStyle($style->field_bordercolor)."; } \n"; 
    331                 $form_styles .= '.ccf-tooltip { background-color:#'.parent::formatStyle($style->tooltip_backgroundcolor).'; font-family:'.$style->form_fontfamily.'; font-color:#'.parent::formatStyle($style->tooltip_fontcolor).'; font-size:'.$style->tooltip_fontsize.'; }' . "\n";  
     323                $form_styles .= '#' . $form_id . " input[type=text], #" . $form_id . " select { ".$round_border." color:#".esc_attr(parent::formatStyle($style->field_fontcolor))."; margin:0; width:".esc_attr($style->input_width)."; font-size:".esc_attr($style->field_fontsize)."; background-color:#".esc_attr(parent::formatStyle($style->field_backgroundcolor))."; border:1px ".esc_attr($style->field_borderstyle)." #".esc_attr(parent::formatStyle($style->field_bordercolor))."; } \n"; 
     324                $form_styles .= '#' . $form_id . " select { ".$round_border_none." width:".esc_attr($style->dropdown_width)."; }\n"; 
     325                $form_styles .= '#' . $form_id . " .submit { color:#".esc_attr(parent::formatStyle($style->submit_fontcolor))."; width:".esc_attr($style->submit_width)."; height:".esc_attr($style->submit_height)."; font-size:".esc_attr($style->submit_fontsize)."; } \n"; 
     326                if (!empty($style->submit_background)) $form_styles .= '#' . $form_id . " .submit { background:url(" . esc_attr($style->submit_background) . ") " . esc_attr($style->submit_background_repeat) . " top left; border:0; }"; 
     327                $form_styles .= '#' . $form_id . " .reset-button { color:#".esc_attr(parent::formatStyle($style->submit_fontcolor))."; width:".esc_attr($style->submit_width)."; height:".esc_attr($style->submit_height)."; font-size:".esc_attr($style->submit_fontsize)."; } \n"; 
     328                $form_styles .= '#' . $form_id . " textarea { ".$round_border." color:#".esc_attr(parent::formatStyle($style->field_fontcolor))."; width:".esc_attr($style->textarea_width)."; margin:0; background-color:#".esc_attr(parent::formatStyle($style->textarea_backgroundcolor))."; font-family:".esc_attr($style->form_fontfamily)."; height:".esc_attr($style->textarea_height)."; font-size:".esc_attr($style->field_fontsize)."; border:1px ".esc_attr($style->field_borderstyle)." #".esc_attr(parent::formatStyle($style->field_bordercolor))."; } \n"; 
     329                $form_styles .= '.ccf-tooltip { background-color:#'.esc_attr(parent::formatStyle($style->tooltip_backgroundcolor)).'; font-family:'.esc_attr($style->form_fontfamily).'; font-color:#'.esc_attr(parent::formatStyle($style->tooltip_fontcolor)).'; font-size:'.esc_attr($style->tooltip_fontsize).'; }' . "\n";  
    332330                $form_styles .= '</style>' . "\n"; 
    333331            } 
     
    470468                            else $this->setFormError('captcha', $field->field_error); 
    471469                        } 
     470                    } elseif ( $field->field_slug == 'recaptcha' ) { 
     471                        require_once( CCF_BASE_PATH . 'modules/recaptcha/recaptchalib.php' ); 
     472                         
     473                        $resp = recaptcha_check_answer( $admin_options['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field'] ); 
     474                         
     475                        if ( ! $resp->is_valid ) { 
     476                            if ( empty( $field->field_error ) ) 
     477                                $this->setFormError( 'recaptcha', __( 'You copied the text from the captcha field incorrectly.', 'custom-contact-forms' ) ); 
     478                            else $this->setFormError( 'recaptcha', $field->field_error ); 
     479                        } 
     480                         
    472481                    } elseif ($field->field_slug == 'fixedEmail' && $field->field_required == 1 && !empty($_POST['fixedEmail'])) { 
    473482                        if (!$this->validEmail($_POST['fixedEmail'])) { 
     
    587596                        $mail->Send(); 
    588597                    } if (!empty($form->form_thank_you_page)) { 
    589                         ccf_utils::redirect($form->form_thank_you_page); 
     598                        ccf_utils::redirect(str_replace('&amp;', '&', $form->form_thank_you_page)); 
    590599                    } 
    591600                    $this->current_form = $form->id; 
     
    610619            <div><label for="captcha'.$form_id.'">* '.$field_object->field_label.'</label> <input class="'.$field_object->field_class.' '.$tooltip_class.'" type="text" '.$instructions.' name="captcha" id="captcha'.$form_id.'" maxlength="20"'.$code_type.'></div>'; 
    611620            return $out; 
     621        } 
     622         
     623        function getReCaptchaCode( $field_object, $form_id ) { 
     624            ccf_utils::load_module( 'extra_fields/recaptcha_field.php' ); 
     625            $admin_options = parent::getAdminOptions(); 
     626            $recaptcha_field = new ccf_recaptcha_field( $admin_options['recaptcha_public_key'], $field_object->field_label, $field_object->field_slug, $field_object->field_class, $field_object->field_value, $field_object->field_instructions ); 
     627            return "\n" . $recaptcha_field->getCode(); 
    612628        } 
    613629         
     
    670686    } 
    671687} 
    672 ?> 
  • custom-contact-forms/trunk/custom-contact-forms-utils.php

    r418408 r569013  
    6666            $GLOBALS['ccf_tables_array'] = array(CCF_FORMS_TABLE, CCF_FIELDS_TABLE, CCF_STYLES_TABLE, CCF_USER_DATA_TABLE, CCF_FIELD_OPTIONS_TABLE); 
    6767            $GLOBALS['ccf_fixed_fields'] = array('customcontactforms_submit' => '',  
    68                             'fid' => '',  
     68                            'fid' => '', 
     69                            'recaptcha_challenge_field' => '', 
     70                            'recaptcha_response_field' => '', 
    6971                            'fixedEmail' => __("Use this field if you want the plugin to throw an error on fake emails.", 'custom-contact-forms'),  
    7072                            'fixedWebsite' => __("This field will throw an error on invalid website addresses.", 'custom-contact-forms'),  
     
    7274                            'form_page' => '',  
    7375                            'captcha' => __("This field requires users to type numbers in an image preventing spam.", 'custom-contact-forms'),  
     76                            'recaptcha' => __( 'This field requires users to enter text from an image using reCaptcha. reCaptcha is a free anti-bot service that helps digitize books. This will only work if you specify reCaptcha public and private keys in general settings.', 'custom-contact-forms' ),  
    7477                            'ishuman' => __("This field requires users to check a box to prove they aren't a spam bot.", 'custom-contact-forms'), 
    7578                            'usaStates' => __("This is a dropdown field showing each state in the US. If you want a state initially selected, enter it in 'Initial Value.'", 'custom-contact-forms'), 
  • custom-contact-forms/trunk/custom-contact-forms.php

    r521490 r569013  
    44    Plugin URI: http://taylorlovett.com/wordpress-plugins 
    55    Description: Guaranteed to be 1000X more customizable and intuitive than Fast Secure Contact Forms or Contact Form 7. Customize every aspect of your forms without any knowledge of CSS: borders, padding, sizes, colors. Ton's of great features. Required fields, form submissions saved to database, captchas, tooltip popovers, unlimited fields/forms/form styles, import/export, use a custom thank you page or built-in popover with a custom success message set for each form. 
    6     Version: 5.0.0.1 
     6    Version: 5.1.0.0 
    77    Author: Taylor Lovett 
    88    Author URI: http://www.taylorlovett.com 
     
    2828    along with this program.  If not, see <http://www.gnu.org/licenses/>. 
    2929*/ 
    30 $old_error_settings = error_reporting(); 
    31 //error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_USER_DEPRECATED); 
     30 
     31load_plugin_textdomain( 'custom-contact-forms', false, dirname( plugin_basename( __FILE__ ) ) . '/lang/' ); 
     32 
    3233require_once('custom-contact-forms-utils.php'); 
    3334new ccf_utils(); 
     
    5455            'remember_field_values' => 0, 'enable_widget_tooltips' => 1, 'mail_function' => 'default', 'form_success_message_title' => __('Successful Form Submission', 'custom-contact-forms'), 'form_success_message' => __('Thank you for filling out our web form. We will get back to you ASAP.', 'custom-contact-forms'), 'enable_jquery' => 1, 'code_type' => 'XHTML', 
    5556            'show_install_popover' => 0, 'email_form_submissions' => 1, 'enable_dashboard_widget' => 1, 'admin_ajax' => 1, 'smtp_host' => '', 'smtp_encryption' => 'none', 'smtp_authentication' => 0, 'smtp_username' => '', 'smtp_password' => '', 'smtp_port' => '', 'default_form_error_header' => __('You filled out the form incorrectly.', 'custom-contact-forms'),  
    56             'default_form_bad_permissions' => __("You don't have the proper permissions to view this form.", 'custom-contact-forms'), 'enable_form_access_manager' => 0, 'dashboard_access' => 2, 'form_page_inclusion_only' => 0, 'max_file_upload_size' => 10); // default general settings 
     57            'default_form_bad_permissions' => __("You don't have the proper permissions to view this form.", 'custom-contact-forms'), 'enable_form_access_manager' => 0, 'dashboard_access' => 2, 'form_page_inclusion_only' => 0, 'max_file_upload_size' => 10, 'recaptcha_public_key' => '', 'recaptcha_private_key' => '' ); // default general settings 
    5758            $customcontactOptions = get_option($this->getAdminOptionsName()); 
    5859            if (!empty($customcontactOptions)) { 
     
    6263            update_option($this->getAdminOptionsName(), $customcontactAdminOptions); 
    6364            return $customcontactAdminOptions; 
     65        } 
     66         
     67        function langHandle() { 
     68            if (function_exists('load_plugin_textdomain')) { 
     69                load_plugin_textdomain('custom-contact-forms', false, dirname(plugin_basename(__FILE__)) . '/lang'); 
     70            } 
    6471        } 
    6572    } 
     
    133140} 
    134141add_action('widgets_init', 'CCFWidgetInit'); 
    135 error_reporting($old_error_settings); 
    136 ?> 
  • custom-contact-forms/trunk/js/custom-contact-forms-admin-ajax.js

    r521490 r569013  
    22/** {{{ http://code.activestate.com/recipes/414334/ (r1) */ 
    33// This is Javascript, not PHP! 
     4 
     5function is_int(value){  
     6  if((parseFloat(value) == parseInt(value)) && !isNaN(value)){ 
     7      return true; 
     8  } else {  
     9      return false; 
     10  }  
     11} 
    412 
    513function js_array_to_php_array (a) 
     
    917    for (var key in a) 
    1018    { 
    11         ++ total; 
    12         a_php = a_php + "s:" + 
    13                 String(key).length + ":\"" + String(key) + "\";s:" + 
    14                 String(a[key]).length + ":\"" + String(a[key]) + "\";"; 
    15     } 
     19        if (is_int(key)) { 
     20            ++ total; 
     21            a_php = a_php + "s:" + 
     22                    String(key).length + ":\"" + String(key) + "\";s:" + 
     23                    String(a[key]).length + ":\"" + String(a[key]) + "\";"; 
     24        } 
     25    } 
    1626    a_php = "a:" + total + ":{" + a_php + "}"; 
    1727    return a_php; 
    1828} 
    19  
    2029 
    2130function print_r(x, max, sep, l) { 
     
    217226     
    218227    $j(".single-delete").click(function () { 
     228            if (confirm(ccfLang.delete_confirm)) { 
    219229        var single_delete = $j(this); 
    220230        var object_type = single_delete.parent().find(".object-type").attr("value"); 
     
    258268            }                
    259269        }); 
    260         return false; 
     270            } 
     271        return false; 
    261272    }); 
    262273     
  • custom-contact-forms/trunk/js/custom-contact-forms.js

    r390266 r569013  
    11// Custom Contact Forms plugin javascript 
     2var RecaptchaOptions = { 
     3    theme : 'custom', 
     4    custom_theme_widget: 'recaptcha_widget' 
     5}; 
     6 
    27$j = jQuery.noConflict(); 
    38$j(document).ready(function(){ 
  • custom-contact-forms/trunk/modules/db/custom-contact-forms-activate-db.php

    r521367 r569013  
    158158            if (!$this->columnExists('success_popover_fontsize', CCF_STYLES_TABLE)) 
    159159                $wpdb->query("ALTER TABLE `" . CCF_STYLES_TABLE . "` ADD `success_popover_fontsize` VARCHAR( 20 ) NOT NULL DEFAULT '12px'"); 
     160             
     161            if (!$this->columnExists('submit_background', CCF_STYLES_TABLE)) 
     162                $wpdb->query("ALTER TABLE `" . CCF_STYLES_TABLE . "` ADD `submit_background` VARCHAR ( 200 ) NOT NULL"); 
     163            if (!$this->columnExists('submit_background_repeat', CCF_STYLES_TABLE)) 
     164                $wpdb->query("ALTER TABLE `" . CCF_STYLES_TABLE . "` ADD `submit_background_repeat` VARCHAR ( 25 ) NOT NULL"); 
     165             
    160166            if (!$this->columnExists('success_popover_title_fontsize', CCF_STYLES_TABLE)) 
    161167                $wpdb->query("ALTER TABLE `" . CCF_STYLES_TABLE . "` ADD `success_popover_title_fontsize` VARCHAR( 20 ) NOT NULL DEFAULT '1.3em'"); 
     
    186192            if (!$this->columnExists('field_error', CCF_FIELDS_TABLE)) 
    187193                $wpdb->query("ALTER TABLE `" . CCF_FIELDS_TABLE . "` ADD `field_error` VARCHAR( 300 ) NOT NULL"); 
     194             
    188195            if (!$this->columnExists('form_access', CCF_FORMS_TABLE)) { 
    189196                $wpdb->query("ALTER TABLE `" . CCF_FORMS_TABLE . "` ADD `form_access` TEXT NOT NULL"); 
     
    221228        function insertFixedFields() { 
    222229            $captcha = array('field_slug' => 'captcha', 'field_label' => __('Type the numbers.', 'custom-contact-forms'), 'field_type' => 'Text', 'field_value' => '', 'field_maxlength' => '100', 'user_field' => 0, 'field_instructions' => __('Type the numbers displayed in the image above.', 'custom-contact-forms')); 
     230            $recaptcha = array('field_slug' => 'recaptcha', 'field_label' => '', 'field_type' => 'Text', 'field_value' => '', 'field_maxlength' => '100', 'user_field' => 0, 'field_instructions' => __('Type the numbers displayed in the image above.', 'custom-contact-forms')); 
    223231            $ishuman = array('field_slug' => 'ishuman', 'field_label' => __('Check if you are human.', 'custom-contact-forms'), 'field_type' => 'Checkbox', 'field_value' => '1', 'field_maxlength' => '0', 'user_field' => 0, 'field_instructions' => __('This helps us prevent spam.', 'custom-contact-forms')); 
    224232            $fixedEmail = array('field_slug' => 'fixedEmail', 'field_required' => 1, 'field_label' => __('Your Email', 'custom-contact-forms'), 'field_type' => 'Text', 'field_value' => '', 'field_maxlength' => '100', 'user_field' => 0, 'field_instructions' => __('Please enter your email address.', 'custom-contact-forms')); 
     
    230238            if (!$this->fieldSlugExists('captcha')) 
    231239                $this->insertField($captcha, true); 
     240            if (!$this->fieldSlugExists('recaptcha')) 
     241                $this->insertField($recaptcha, true); 
    232242            if (!$this->fieldSlugExists('usaStates')) 
    233243                $this->insertField($states, true); 
  • custom-contact-forms/trunk/modules/extra_fields/countries_field.php

    r479356 r569013  
    1818            } else { 
    1919                $instructions_attr = ' title="'.$field_instructions.'" '; 
    20                 $tooltip_class = 'ccf_tooltip_field'; 
     20                $tooltip_class = 'ccf-tooltip-field'; 
    2121            } 
    2222            $this->field_code .= '<select name="allCountries" class="'.$tooltip_class.' ' . $class_attr . '" ' . $id_attr . $instructions_attr . '>' . "\n"; 
  • custom-contact-forms/trunk/modules/extra_fields/languages_field.php

    r479356 r569013  
    1818            } else { 
    1919                $instructions_attr = ' title="'.$field_instructions.'" '; 
    20                 $tooltip_class = 'ccf_tooltip_field'; 
     20                $tooltip_class = 'ccf-tooltip-field'; 
    2121            } 
    2222            $this->field_code .= '<select name="alllanguages" class="'.$tooltip_class.' ' . $class_attr . '" ' . $id_attr . $instructions_attr . '>' . "\n"; 
  • custom-contact-forms/trunk/modules/extra_fields/states_field.php

    r479356 r569013  
    1818            } else { 
    1919                $instructions_attr = ' title="'.$field_instructions.'" '; 
    20                 $tooltip_class = 'ccf_tooltip_field'; 
     20                $tooltip_class = 'ccf-tooltip-field'; 
    2121            } 
    2222            $this->field_code .= '<select name="usaStates" class="'.$tooltip_class.' ' . $class_attr . '" ' . $id_attr . $instructions_attr . '>' . "\n"; 
  • custom-contact-forms/trunk/modules/usage_popover/custom-contact-forms-usage-popover.php

    r521367 r569013  
    374374          <a name="pop-import-export"></a></h3> 
    375375        <p> 
    376           <?php _e('Import/export is a new feature that allows you to transfer forms, fields, field options, styles and everything else saved by the plugin between Wordpress installations. Clicking the Export All button will create a .SQL file for download. With the .SQL export file you can use the importer within the CCF plugin admin page to import the .SQL file. The built-in importer is completely safe as long as you only import files that have been generated by the CCF exporter.  
     376          <?php _e('Import/export is a new feature that allows you to transfer forms, fields, field options, styles and everything else saved by the plugin (except file uploads) between Wordpress installations. Clicking the Export All button will create a .SQL file for download. With the .SQL export file you can use the importer within the CCF plugin admin page to import the .SQL file. The built-in importer is completely safe as long as you only import files that have been generated by the CCF exporter.  
    377377                            You can also use PHPMyAdmin or any other MySQL database administration tool to run the import file. Importing a .SQL file will never overwrite any existing data.  
    378378                            It is strongly recommended that you import CCF .SQL files using the built-in importer with in the admin panel due to the added complexity of importing using alterative methods. 
  • custom-contact-forms/trunk/readme.txt

    r521490 r569013  
    44Tags: contact form, web form, custom contact form, custom forms, captcha form, contact fields, form mailers 
    55Requires at least: 2.8.1 
    6 Tested up to: 3.3.1 
    7 Stable tag: 5.0.0.1 
    8  
    9 Gauranteed to be the most customizable and intuitive contact form plugin for Wordpress. 
     6Tested up to: 3.4.1 
     7Stable tag: 5.1.0.0 
     8 
     9A customizable and intuitive contact form plugin for Wordpress. 
    1010 
    1111== Description == 
    1212 
    13 Guaranteed to be 1000X more customizable and intuitive than Fast Secure Contact Forms or Contact Form 7. Customize every aspect of your forms without any knowledge of CSS: borders, padding, sizes, colors. Ton's of great features. Required fields, captchas, tooltip popovers, unlimited fields/forms/form styles, use a custom thank you page or built-in popover with a custom success message set for each form. 
     13Customize every aspect of your forms without any knowledge of CSS: borders, padding, sizes, colors. Ton's of great features. Required fields, captchas, tooltip popovers, unlimited fields/forms/form styles, use a custom thank you page or built-in popover with a custom success message set for each form. 
    1414 
    1515Special Features: 
    1616------------------ 
    17 Custom Contact Forms 5.0 will revolutionize the idea of a Wordpress plugin. 
    18  
     17 
     18*   __NEW__ ReCaptcha added for spam prevention 
    1919*   __NEW__ Rearrange fields with a drag-and-drop interface 
    2020*   __NEW__ Export form submissions to .CSV 
     
    6565Restrictions/Requirements: 
    6666------------------------- 
    67 *   Works with Wordpress 2.8.1+ 
    68 *   PHP 5 
     67*   Works with Wordpress 3.0+ 
    6968*   PHP register_globals and safe_mode should be set to "Off" (this is done in your php.ini file) 
    7069*   Your theme must call wp_head() and wp_footer() 
     
    144143 
    145144== Changelog == 
     145 
     146= 5.1.0.0 = 
     147*   custom-contact-forms-admin.php 
     148*   custom-contact-forms-front.php 
     149*   images/help.png 
     150*   images/audio.png 
     151*   images/recaptcha-logo-white.png 
     152*   images/refresh.png 
     153*   modules/usage_popover/custom-contact-forms-usage-popover.php 
     154*   modules/db/custom-contact-forms-activate-db.php 
     155*   modules/extra_fields/states_field.php 
     156*   modules/extra_fields/languages_field.php 
     157*   modules/extra_fields/recaptcha_field.php 
     158*   modules/extra_fields/countries_field.php 
     159*   modules/recaptcha 
     160*   modules/recaptcha/recaptchalib.php 
     161*   custom-contact-forms-utils.php 
     162*   readme.txt 
     163*   js/custom-contact-forms.js 
     164*   js/custom-contact-forms-admin-ajax.js 
     165*   custom-contact-forms.php 
     166*   css/custom-contact-forms.css 
     167 
    146168 
    147169= 5.0.0.1 = 
Note: See TracChangeset for help on using the changeset viewer.