Plugin Directory


Ignore:
Location:
contact-form-7-dynamic-text-extension/trunk
Files:
3 added
9 edited

Legend:

Unmodified
Added
Removed
  • contact-form-7-dynamic-text-extension/trunk/assets/scripts/dtx.min.js

    r2968460 r3019572  
    1 /*! Do not edit, this file is generated automatically - 2023-09-18 14:09:50 EDT */
     1/*! Do not edit, this file is generated automatically - 2024-01-09 15:01:30 MST */
    22var $=jQuery.noConflict(),dtx={queue:[],init:function(){var e=$("input.dtx-pageload[data-dtx-value]");e.length&&(e.each(function(e,t){var r=$(t),a=r.attr("data-dtx-value"),o=decodeURIComponent(a).split(" ");if(o.length){var n=o[0],c={};if(1<o.length)for(var u=1;u<o.length;u++){var i=o[u].split("="),d;2===i.length&&(c[i[0]]=i[1].split("'").join(""))}var s="";switch(n){case"CF7_GET":s=dtx.get(c);break;case"CF7_referrer":s=dtx.referrer(c);break;case"CF7_URL":s=dtx.current_url(c);break;case"CF7_get_cookie":s=dtx.get_cookie(c);break;case"CF7_guid":s=dtx.guid();break;case"CF7_get_current_var":if(!dtx.validKey(c,"key")||"url"!=c.key)return;s=dtx.current_url(c);break;case"CF7_get_post_var":case"CF7_get_custom_field":case"CF7_get_taxonomy":case"CF7_get_attachment":case"CF7_bloginfo":case"CF7_get_theme_option":return;default:return void(n&&dtx.queue.push({value:a,multiline:r.is("textarea")}))}dtx.set(r,s)}}),dtx.queue.length)&&setTimeout(function(){$.ajax({type:"POST",url:dtx_obj.ajax_url,dataType:"json",data:{action:"wpcf7dtx",shortcodes:dtx.queue},cache:!1,error:function(e,t,r){},success:function(e,t,r){"object"==typeof e&&e.length&&$.each(e,function(e,t){var r=$('.wpcf7 form input.dtx-pageload[data-dtx-value="'+t.raw_value+'"]');r.length&&(dtx.set(r,t.value),r.addClass("dtx-ajax-loaded"))})}})},10)},validKey:function(e,t){return e.hasOwnProperty(t)&&"string"==typeof e[t]&&e[t].trim()},obfuscate:function(e,t){if(e=e.trim(),dtx.validKey(t,"obfuscate")&&t.obfuscate){for(var r="",a=0;a<e.length;a++)r+="&#"+e.codePointAt(a)+";";return r}return e},set:function(e,t){e.attr("value",t).addClass("dtx-loaded")},get:function(e){if(dtx.validKey(e,"key")){var t=window.location.search;if(t)return t=new URLSearchParams(t),dtx.obfuscate(t.get(e.key).trim(),e)}return""},referrer:function(e){return dtx.obfuscate(document.referrer,e)},current_url:function(e){if(!e.hasOwnProperty("part"))return dtx.obfuscate(window.location.href,e);var t;if(["scheme","host","port","path","query","fragment"].includes(e.part))switch(e.part){case"scheme":return dtx.obfuscate(window.location.protocol.replace(":",""),e);case"host":return dtx.obfuscate(window.location.host,e);case"port":return dtx.obfuscate(window.location.port,e);case"path":return dtx.obfuscate(window.location.pathname,e);case"query":return dtx.obfuscate(window.location.search.replace("?",""),e);case"fragment":return dtx.obfuscate(window.location.hash.replace("#",""),e)}return""},get_cookie:function(e){var t;return e.hasOwnProperty("key")&&"string"==typeof e.key&&""!=e.key.trim()&&(t=document.cookie.match("(^|;) ?"+e.key.trim()+"=([^;]*)(;|$)"))?dtx.obfuscate(t[2],e):""},guid:function(){var r,a;return(void 0!==window.crypto&&void 0!==window.crypto.getRandomValues?([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,e=>(e^crypto.getRandomValues(new Uint8Array(1))[0]&15>>e/4).toString(16)):(r=(new Date).getTime(),a="undefined"!=typeof performance&&performance.now&&1e3*performance.now()||0,"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(e){var t=16*Math.random();return 0<r?(t=(r+t)%16|0,r=Math.floor(r/16)):(t=(a+t)%16|0,a=Math.floor(a/16)),("x"===e?t:3&t|8).toString(16).toUpperCase()}))).toUpperCase()}};$(document).ready(dtx.init);
  • contact-form-7-dynamic-text-extension/trunk/assets/scripts/tag-generator.min.js

    r2968460 r3019572  
    1 /*! Do not edit, this file is generated automatically - 2023-09-18 14:09:50 EDT */
     1/*! Do not edit, this file is generated automatically - 2024-01-09 15:01:30 MST */
    22!function(n){"use strict";"undefined"!=typeof wpcf7&&null!==wpcf7&&(window.wpcf7dtx=window.wpcf7dtx||{},wpcf7dtx.taggen={},wpcf7dtx.taggen.escapeRegExp=function(e){return e.replace(/([.*+?^=!:${}()|\[\]\/\\])/g,"\\$1")},wpcf7dtx.taggen.replaceAll=function(e,t,n,a){var c;return null!=e&&"string"==typeof e&&""!==e.trim()&&-1<e.indexOf(t)?(c=new RegExp(wpcf7dtx.taggen.escapeRegExp(t),"g"),a&&(c=new RegExp(t,"g")),e.replace(c,n)):e},wpcf7dtx.taggen.updateOption=function(e){var e=n(e.currentTarget),t=encodeURIComponent(wpcf7dtx.taggen.replaceAll(e.val(),"'","&#39;"));e.siblings('input[type="hidden"].option').val(t)},n(function(){n("form.tag-generator-panel .dtx-option").on("change keyup click",wpcf7dtx.taggen.updateOption),n('.contact-form-editor-panel #tag-generator-list a.thickbox.button[href*="inlineId=tag-generator-panel-dynamic_"]').each(function(){var e=n(this),t=e.text();e.addClass("dtx-form-tag"),"dynamic drop-down menu"!=t&&"dynamic checkboxes"!=t&&"dynamic radio buttons"!=t||e.attr("href",e.attr("href").replace("height=500","height=750"))})}))}(jQuery);
  • contact-form-7-dynamic-text-extension/trunk/changelog.txt

    r2968460 r3019572  
    11== Changelog ==
     2
     3= 4.2.0 =
     4
     5* Security Update: ** Please be sure to review this doc, as you may need to adjust the settings: https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access **
     6* Feature: Added Settings Screen with Allow Lists
     7* Feature: Added Form Scanner
     8* Feature: Added Allow List key validation in CF7 Form Validator
    29
    310= 4.1.0 =
  • contact-form-7-dynamic-text-extension/trunk/contact-form-7-dynamic-text-extension.php

    r2968460 r3019572  
    55 * Plugin URI: https://sevenspark.com/goods/contact-form-7-dynamic-text-extension
    66 * Description: This plugin extends Contact Form 7 by adding dynamic form fields that accept any shortcode to generate default values and placeholder text. Requires Contact Form 7.
    7  * Version: 4.1.0
     7 * Version: 4.2.0
    88 * Author: SevenSpark, AuRise Creative
    99 * Author URI: https://sevenspark.com
     
    1515
    1616/*
    17     Copyright 2010-2023 Chris Mavricos, SevenSpark <https://sevenspark.com>
    18     Copyright 2022-2023 Tessa Watkins, AuRise Creative <https://aurisecreative.com>
     17    Copyright 2010-2024 Chris Mavricos, SevenSpark <https://sevenspark.com>
     18    Copyright 2022-2024 Tessa Watkins, AuRise Creative <https://aurisecreative.com>
    1919
    2020    This program is free software; you can redistribute it and/or modify
     
    3333
    3434// Define current version
    35 define('WPCF7DTX_VERSION', '4.1.0');
     35define('WPCF7DTX_VERSION', '4.2.0');
    3636
    3737// Define root directory
     
    4040// Define root file
    4141defined('WPCF7DTX_FILE') || define('WPCF7DTX_FILE', __FILE__);
     42
     43define( 'WPCF7DTX_DATA_ACCESS_KB_URL', 'https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access' );
    4244
    4345/**
  • contact-form-7-dynamic-text-extension/trunk/includes/admin.php

    r2968460 r3019572  
    11<?php
     2
     3// Include the Settings Page & Update Check
     4include_once( 'admin/settings.php' );
     5include_once( 'admin/update-check.php' );
    26
    37/**
  • contact-form-7-dynamic-text-extension/trunk/includes/shortcodes.php

    r2968460 r3019572  
    215215        'obfuscate' => ''
    216216    ), array_change_key_case((array)$atts, CASE_LOWER)));
     217
     218    // If this key can't be accessed
     219    if( !wpcf7dtx_post_meta_key_access_is_allowed( $key ) ){
     220        // Trigger a warning if a denied key is in use
     221        wpcf7dtx_access_denied_alert( $key, 'post_meta' );
     222        return '';
     223    }
     224
    217225    $post_id = wpcf7dtx_get_post_id($post_id);
    218226    $key = apply_filters('wpcf7dtx_sanitize', $key, 'text');
     
    344352    ), array_change_key_case((array)$atts, CASE_LOWER)));
    345353    if (is_user_logged_in()) {
     354
     355        // If this key can't be accessed
     356        if( !wpcf7dtx_user_data_access_is_allowed( $key ) ){
     357            // Trigger a warning if a denied key is in use
     358            wpcf7dtx_access_denied_alert( $key, 'user_data' );
     359            return '';
     360        }
     361
    346362        $user = wp_get_current_user();
    347363        return apply_filters('wpcf7dtx_escape', $user->get($key), $obfuscate);
  • contact-form-7-dynamic-text-extension/trunk/includes/utilities.php

    r2968460 r3019572  
    662662    return $default;
    663663}
     664
     665
     666/**
     667 * Check if admin has allowed access to a specific post meta key
     668 *
     669 * @since 4.2.0
     670 *
     671 * @param string $meta_key The post meta key to test
     672 *
     673 * @return bool True if this key can be accessed, false otherwise
     674 */
     675function wpcf7dtx_post_meta_key_access_is_allowed($meta_key)
     676{
     677
     678    // Get the DTX Settings
     679    $settings = wpcf7dtx_get_settings();get_option('cf7dtx_settings', []);
     680
     681    // Has access to all metadata been enabled?
     682    if( isset($settings['post_meta_allow_all']) && $settings['post_meta_allow_all'] === 'enabled' ){
     683        return true;
     684    }
     685
     686    // If not, check the Allow List
     687
     688    $allowed_keys;
     689
     690    // No key list from settings
     691    if( !isset($settings['post_meta_allow_keys'] ) || !is_string($settings['post_meta_allow_keys'])){
     692        $allowed_keys = [];
     693    }
     694    // Extract allowed keys from setting text area
     695    else{
     696        // $allowed_keys = preg_split('/\r\n|\r|\n/', $settings['post_meta_allow_keys']);
     697        $allowed_keys = wpcf7dtx_parse_allowed_keys( $settings['post_meta_allow_keys'] );
     698    }
     699
     700    // Allow custom filters
     701    $allowed_keys = apply_filters( 'wpcf7dtx_post_meta_key_allow_list', $allowed_keys );
     702
     703    // Check if the key is in the allow list
     704    if( in_array( $meta_key, $allowed_keys ) ){
     705        return true; // The key is allowed
     706    }
     707
     708    // Everything is disallowed by default
     709    return false;
     710
     711}
     712
     713
     714/**
     715 * Check if admin has allowed access to a specific user data
     716 *
     717 * @since 4.2.0
     718 *
     719 * @param string $key The user data key to test
     720 *
     721 * @return bool True if this key can be accessed, false otherwise
     722 */
     723function wpcf7dtx_user_data_access_is_allowed( $key )
     724{
     725
     726    // Get the DTX Settings
     727    $settings = wpcf7dtx_get_settings(); //get_option('cf7dtx_settings', []);
     728
     729    // Has access to all metadata been enabled?
     730    if( isset($settings['user_data_allow_all']) && $settings['user_data_allow_all'] === 'enabled' ){
     731        return true;
     732    }
     733
     734    // If not, check the Allow List
     735
     736    $allowed_keys;
     737
     738    // No key list from settings
     739    if( !isset($settings['user_data_allow_keys'] ) || !is_string($settings['user_data_allow_keys'])){
     740        $allowed_keys = [];
     741    }
     742    // Extract allowed keys from setting text area
     743    else{
     744        // $allowed_keys = preg_split('/\r\n|\r|\n/', $settings['user_data_allow_keys']);
     745        $allowed_keys = wpcf7dtx_parse_allowed_keys($settings['user_data_allow_keys']);
     746    }
     747
     748    // Allow custom filters
     749    $allowed_keys = apply_filters( 'wpcf7dtx_user_data_key_allow_list', $allowed_keys );
     750
     751    // Check if the key is in the allow list
     752    if( in_array( $key, $allowed_keys ) ){
     753        return true; // The key is allowed
     754    }
     755
     756
     757    // Everything is disallowed by default
     758    return false;
     759
     760}
     761
     762
     763/**
     764 * Take the string saved in the options array from the allow list textarea and parse it into an array by newlines.
     765 * Also strip whitespace
     766 *
     767 * @param string $allowlist The string of allowed keys stored in the DB
     768 *
     769 * @return array Array of allowed keys
     770 */
     771function wpcf7dtx_parse_allowed_keys( $allowlist ){
     772    // Split by newlines
     773    $keys = wpcf7dtx_split_newlines( $allowlist );
     774    // Trim whitespace
     775    $keys = array_map( 'trim' , $keys );
     776    return $keys;
     777}
     778
     779/**
     780 * Used to parse strings stored in the database that are from text areas with one element per line into an array of strings
     781 *
     782 * @param string $str The multi-line string to be parsed into an array
     783 *
     784 * @return array Array of parsed strings
     785 */
     786function wpcf7dtx_split_newlines( $str ){
     787    return preg_split('/\r\n|\r|\n/', $str);
     788}
     789
     790/**
     791 * Gets the CF7 DTX settings field from the WP options table.  Returns an empty array if option has not previously been set
     792 *
     793 * @return array The settings array
     794 */
     795function wpcf7dtx_get_settings(){
     796    return get_option('cf7dtx_settings', []);
     797}
     798
     799/**
     800 * Updates the CF7 DTX settings in the WP options table
     801 *
     802 * @param array $settings The settings array
     803 *
     804 */
     805function wpcf7dtx_update_settings($settings){
     806    update_option( 'cf7dtx_settings', $settings );
     807}
     808
     809
     810/**
     811 * Outputs a useful PHP Warning message to users on how to allow-list denied meta and user keys
     812 *
     813 * @param string $key The post meta or user key to which access is currently denied
     814 * @param string $type Either 'post_meta' or 'user_data', used to display an appropriate message to the user
     815 */
     816function wpcf7dtx_access_denied_alert( $key, $type ){
     817
     818    // Only check on the front end
     819    if( is_admin() || wp_doing_ajax() || wp_is_json_request() ) return;
     820
     821    $shortcode = '';
     822    $list_name = '';
     823
     824    switch( $type ){
     825        case 'post_meta':
     826            $shortcode = 'CF7_get_custom_field';
     827            $list_name = __('Meta Key Allow List', 'contact-form-7-dynamic-text-extension');
     828            break;
     829        case 'user_data':
     830            $shortcode = 'CF7_get_current_user';
     831            $list_name = __('User Data Key Allow List', 'contact-form-7-dynamic-text-extension');
     832            break;
     833        default:
     834    }
     835
     836    $settings_page_url = admin_url('admin.php?page=cf7dtx_settings');
     837
     838    $msg = sprintf(
     839        __('CF7 DTX: Access denied to key: "%1$s" in dynamic contact form shortcode: [%2$s].  Please add this key to the %3$s at %4$s','contact-form-7-dynamic-text-extension'),
     840        $key,
     841        $shortcode,
     842        $list_name,
     843        $settings_page_url
     844    );
     845
     846    trigger_error( $msg, E_USER_WARNING );
     847}
     848
     849
     850/**
     851 * Helper function to output array and object data
     852 */
     853/*
     854function dtxpretty ($var, $print=true, $privobj=false) {
     855
     856    $type = gettype($var);
     857
     858    if( $privobj && $type === 'object' ){
     859        $p = '<pre>'.print_r($var, true).'</pre>';
     860    }
     861    else {
     862        $p = '<pre>'.$type . ' ' . json_encode(
     863            $var,
     864            JSON_UNESCAPED_SLASHES |
     865            JSON_UNESCAPED_UNICODE |
     866            JSON_PRETTY_PRINT |
     867            JSON_PARTIAL_OUTPUT_ON_ERROR |
     868            JSON_INVALID_UTF8_SUBSTITUTE
     869            ).'</pre>';
     870    }
     871    if( $print ) {
     872        echo $p;
     873    }
     874    return $p;
     875}
     876*/
  • contact-form-7-dynamic-text-extension/trunk/includes/validation.php

    r2968460 r3019572  
    3434
    3535/**
     36 * Add DTX Error Code to Config Validator
     37 *
     38 * @since 5.0.0
     39 *
     40 * @param array $error_codes A sequential array of available error codes in Contact Form 7.
     41 *
     42 * @return array A modified sequential array of available error codes in Contact Form 7.
     43 */
     44function wpcf7dtx_config_validator_available_error_codes($error_codes)
     45{
     46    $dtx_errors = array('dtx_disallowed');
     47    return array_merge($error_codes, $dtx_errors);
     48}
     49add_filter('wpcf7_config_validator_available_error_codes', 'wpcf7dtx_config_validator_available_error_codes');
     50
     51/**
    3652 * Validate DTX Form Fields
    3753 *
     
    168184function wpcf7dtx_validate($validator)
    169185{
     186    // Check for sensitive form tags
     187    $manager = WPCF7_FormTagsManager::get_instance();
     188    $contact_form = $validator->contact_form();
     189    $form = $contact_form->prop('form');
     190    if (wpcf7_autop_or_not()) {
     191        $form = $manager->replace_with_placeholders($form);
     192        $form = wpcf7_autop($form);
     193        $form = $manager->restore_from_placeholders($form);
     194    }
     195    $form = $manager->replace_all($form);
     196    $tags = $manager->get_scanned_tags();
     197    foreach ($tags as $tag) {
     198        /** @var WPCF7_FormTag $tag */
     199
     200        // Only validate DTX formtags
     201        if (in_array($tag->basetype, array_merge(
     202            array('dynamictext', 'dynamichidden'), // Deprecated DTX form tags
     203            array_keys(wpcf7dtx_config()) // DTX form tags
     204        ))) {
     205            // Check value for sensitive data
     206            $default = $tag->get_option('defaultvalue', '', true);
     207            if (!$default) {
     208                $default = $tag->get_default_option(strval(reset($tag->values)));
     209            }
     210            if (
     211                !empty($value = trim(wpcf7_get_hangover($tag->name, $default))) && // Has value
     212                ($result = wpcf7dtx_validate_sensitive_value($value))['status'] // Has sensitive data
     213            ) {
     214                $validator->add_error('form.body', 'dtx_disallowed', array(
     215                    'message' => sprintf(
     216                        __('[%1$s %2$s]: Access to key "%3$s" in shortcode "%4$s" is disallowed by default. To allow access, add "%3$s" to the %5$s Allow List.', 'contact-form-7-dynamic-text-extension'),
     217                        esc_html($tag->basetype),
     218                        esc_html($tag->name),
     219                        esc_html($result['key']),
     220                        esc_html($result['shortcode']),
     221                        esc_html($result['shortcode'] == 'CF7_get_current_user' ? __('User Data Key', 'contact-form-7-dynamic-text-extension') : __('Meta Key', 'contact-form-7-dynamic-text-extension'))
     222                    ),
     223                    'link' => wpcf7dtx_get_admin_settings_screen_url()
     224                ));
     225            }
     226
     227            // Check placeholder for sensitive data
     228            if (
     229                ($tag->has_option('placeholder') || $tag->has_option('watermark')) && // Using placeholder
     230                !empty($placeholder = trim(html_entity_decode(urldecode($tag->get_option('placeholder', '', true)), ENT_QUOTES))) && // Has value
     231                ($result = wpcf7dtx_validate_sensitive_value($placeholder))['status'] // Has sensitive data
     232            ) {
     233                $validator->add_error('form.body', 'dtx_disallowed', array(
     234                    'message' => sprintf(
     235                        __('[%1$s %2$s]: Access to key "%3$s" in shortcode "%4$s" is disallowed by default. To allow access, add "%3$s" to the %5$s Allow List.', 'contact-form-7-dynamic-text-extension'),
     236                        esc_html($tag->basetype),
     237                        esc_html($tag->name),
     238                        esc_html($result['key']),
     239                        esc_html($result['shortcode']),
     240                        esc_html($result['shortcode'] == 'CF7_get_current_user' ? __('User Data Key', 'contact-form-7-dynamic-text-extension') : __('Meta Key', 'contact-form-7-dynamic-text-extension'))
     241                    ),
     242                    'link' => wpcf7dtx_get_admin_settings_screen_url()
     243                ));
     244            }
     245        }
     246    }
     247
     248    // Validate email address
    170249    if (!$validator->is_valid()) {
    171250        $contact_form = null;
     
    232311}
    233312add_action('wpcf7_config_validator_validate', 'wpcf7dtx_validate');
     313
     314/**
     315 * Validate Field Value for Sensitive Data
     316 *
     317 * @since 5.0.0
     318 *
     319 * @see https://developer.wordpress.org/reference/functions/get_bloginfo/#description
     320 *
     321 * @param string $content The string to validate.
     322 *
     323 * @return array An associative array with keys `status` (bool), `shortcode` (string), and `key` (string).
     324 * The value of `status` is true if the content is a shortcode that is attempting to access sensitive data. False
     325 * otherwise. The value of `shortcode` is the the shortcode that is making the attempt if `status` is true. The
     326 * value of `key` is the shortcode's `key` attribute of the attempt being made if `status` is true.
     327 */
     328function wpcf7dtx_validate_sensitive_value($content)
     329{
     330    $r = array(
     331        'status' => false,
     332        'shortcode' => '',
     333        'key' => ''
     334    );
     335
     336    // Parse the attributes.  [0] is the shortcode name. ['key'] is the key attribute
     337    $atts = shortcode_parse_atts($content);
     338   
     339    // If we can't extract the atts, or the shortcode or `key` is not an att, don't validate
     340    if( !is_array($atts) || !array_key_exists('key', $atts) || !array_key_exists('0', $atts) ) return $r;
     341   
     342    // Find the key and shortcode in question
     343    $key = sanitize_text_field($atts['key']);
     344    $shortcode = sanitize_text_field($atts['0']);
     345
     346    // If the shortcode or key value does not exist, don't validate
     347    if( empty($shortcode) || empty($key) ) return $r;
     348
     349    $allowed = true;
     350    switch( $shortcode ){
     351        case 'CF7_get_custom_field':
     352            $allowed = wpcf7dtx_post_meta_key_access_is_allowed( $key );
     353            break;
     354        case 'CF7_get_current_user':
     355            $allowed = wpcf7dtx_user_data_access_is_allowed( $key );
     356            break;
     357        default:
     358
     359    }
     360
     361    if( !$allowed ){
     362        $r['status'] = true;
     363        $r['shortcode'] = $shortcode;
     364        $r['key'] = $key;
     365    }
     366
     367    return $r;
     368
     369}
  • contact-form-7-dynamic-text-extension/trunk/readme.txt

    r2968460 r3019572  
    33Donate link: https://just1voice.com/donate/
    44Tags: Contact Form 7, autofill, prepopulate, input, form field, contact form, text, hidden, input, dynamic, GET, POST, title, slug, auto-fill, pre-populate
    5 Tested up to: 6.3
    6 Stable tag: 4.1.0
     5Tested up to: 6.4.2
     6Stable tag: 4.2.0
    77
    88This plugin provides additional form tags for the Contact Form 7 plugin. It allows dynamic generation of content for text-based input fields like text, hidden, and email, checkboxes, radio buttons, and drop-down selections using any shortcode.
     
    199199Retrieve custom fields from the current post/page. Just set the custom field as the key in the shortcode.
    200200
     201Note: You must add any meta keys that you want to allow access to to the allow list in your admin panel > Contact > Dynamic Text Extension > Meta Key Allow List.  [More Information](https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access)
     202
    201203The dynamic value input becomes: `CF7_get_custom_field key='my_custom_field'`
    202204
     
    238240Dynamic value: `CF7_get_current_user key='user_displayname'`
    239241CF7 Tag: `[dynamictext dynamicname "CF7_get_current_user"]`
     242
     243Note: You must add any user keys that you want to allow access to to the allow list in your admin panel > Contact > Dynamic Text Extension > User Data Key Allow List.  [More Information](https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access)
    240244
    241245Valid values for `key` include:
     
    377381== Upgrade Notice ==
    378382
    379 = 4.1.0 =
     383= 4.2.0 =
    380384Extend functionality without losing your work!
    381385
    382386== Changelog ==
     387
     388= 4.2.0 =
     389
     390* Security Update: ** Please be sure to review this doc, as you may need to adjust the settings: https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access **
     391* Feature: Added Settings Screen with Allow Lists
     392* Feature: Added Form Scanner
     393* Feature: Added Allow List key validation in CF7 Form Validator
    383394
    384395= 4.1.0 =
Note: See TracChangeset for help on using the changeset viewer.