Commit 78587bde authored by Kevin Stover's avatar Kevin Stover

Merge branch 'release/v2.8.11'

parents 60ac3df5 f4862cb0
......@@ -3,8 +3,8 @@
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
Requires at least: 3.8
Tested up to: 4.0
Stable tag: 2.8.9
Tested up to: 4.0.1
Stable tag: 2.8.11
License: GPLv2 or later
Forms created with a simple drag and drop interface. Contact forms, Email collection forms, or any other form you want on your WordPress site.
......
......@@ -37,7 +37,7 @@ class NF_Notification_Success_Message extends NF_Notification_Base_Type
)
);
?>
<tr>
<!-- <tr>
<th scope="row"><label for="success_message_loc"><?php _e( 'Location', 'ninja-forms' ); ?></label></th>
<td>
<select name="settings[success_message_loc]">
......@@ -50,7 +50,7 @@ class NF_Notification_Success_Message extends NF_Notification_Base_Type
?>
</select>
</td>
</tr>
</tr> -->
<tr>
<th scope="row"><label for="success_msg"><?php _e( 'Message', 'ninja-forms' ); ?></label></th>
<td>
......
......@@ -453,7 +453,7 @@ class NF_Subs_CPT {
$user_value = Ninja_Forms()->sub( $sub_id )->get_field( $field_id );
$args['field_id'] = $field_id;
$args['user_value'] = htmlentities($user_value);
$args['user_value'] = ninja_forms_esc_html_deep( $user_value );
$args['field'] = $field;
call_user_func_array( $edit_value_function, $args );
......@@ -954,7 +954,7 @@ class NF_Subs_CPT {
$edit_value_function = 'nf_field_text_edit_sub_value';
}
$args['field_id'] = $field_id;
$args['user_value'] = wp_kses_post( $user_value );
$args['user_value'] = nf_wp_kses_post_deep( $user_value );
$args['field'] = $field;
call_user_func_array( $edit_value_function, $args );
......@@ -1094,7 +1094,7 @@ class NF_Subs_CPT {
return $sub_id;
foreach ( $_POST['fields'] as $field_id => $user_value ) {
$user_value = wp_kses_post( apply_filters( 'nf_edit_sub_user_value', $user_value, $field_id, $sub_id ) );
$user_value = nf_wp_kses_post_deep( apply_filters( 'nf_edit_sub_user_value', $user_value, $field_id, $sub_id ) );
Ninja_Forms()->sub( $sub_id )->update_field( $field_id, $user_value );
}
......
......@@ -31,7 +31,7 @@ function ninja_forms_inner_custom_box() {
$post_id = ! empty( $_REQUEST['post'] ) ? absint( $_REQUEST['post'] ) : 0;
// Use nonce for verification
wp_nonce_field( plugin_basename(__FILE__), 'ninja_forms_nonce' );
wp_nonce_field( 'ninja_forms_append_form', 'nf_append_form' );
// The actual fields for data entry
?>
......@@ -57,7 +57,7 @@ function ninja_forms_inner_custom_box() {
/* When the post is saved, saves our custom data */
function ninja_forms_save_postdata( $post_id ) {
global $wpdb;
if(isset($_POST['ninja_forms_nonce'])){
if(isset($_POST['nf_append_form'])){
// verify if this is an auto save routine.
// If it is our form has not been submitted, so we dont want to do anything
if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE )
......@@ -66,20 +66,16 @@ function ninja_forms_save_postdata( $post_id ) {
// verify this came from the our screen and with proper authorization,
// because save_post can be triggered at other times
if ( !wp_verify_nonce( $_POST['ninja_forms_nonce'], plugin_basename(__FILE__) ) )
if ( !wp_verify_nonce( $_POST['nf_append_form'], 'ninja_forms_append_form' ) )
return $post_id;
// Check permissions
if ( 'page' == $_POST['post_type'] )
{
if ( !current_user_can( 'edit_page', $post_id ) )
return $post_id;
}
else
{
if ( !current_user_can( 'edit_post', $post_id ) )
return $post_id;
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_page', $post_id ) )
return $post_id;
} else {
if ( !current_user_can( 'edit_post', $post_id ) )
return $post_id;
}
// OK, we're authenticated: we need to find and save the data
......
......@@ -284,6 +284,13 @@ function ninja_forms_esc_html_deep( $value ){
return $value;
}
function nf_wp_kses_post_deep( $value ){
$value = is_array( $value ) ?
array_map( 'nf_wp_kses_post_deep', $value ) :
wp_kses_post($value);
return $value;
}
function ninja_forms_strip_tags_deep($value ){
$value = is_array($value) ?
array_map('ninja_forms_strip_tags_deep', $value) :
......
......@@ -792,7 +792,7 @@ function nf_deprecate_success_message_filter( $message, $n_id ) {
add_filter( 'nf_success_msg', 'nf_deprecate_success_message_filter', 10, 2 );
// Remove any references to "admin email" or "user email" from our imported forms.
// Remove any references to "admin email" from our imported forms.
function nf_deprecate_form_import( $form ) {
if ( isset ( $form['data']['admin_mailto'] ) )
unset( $form['data']['admin_mailto'] );
......@@ -815,4 +815,20 @@ function nf_deprecate_form_import( $form ) {
return $form;
}
add_filter( 'ninja_forms_before_import_form', 'nf_deprecate_form_import' );
\ No newline at end of file
add_filter( 'ninja_forms_before_import_form', 'nf_deprecate_form_import' );
// Remove any references to "user email" from our imported forms.
function nf_deprecate_field_import( $data ) {
if ( isset ( $data['send_email'] ) )
unset ( $data['send_email'] );
if ( isset ( $data['from_email'] ) )
unset ( $data['from_email'] );
if ( isset ( $data['replyto_email'] ) )
unset ( $data['replyto_email'] );
return $data;
}
add_filter( 'nf_before_import_field', 'nf_deprecate_field_import' );
\ No newline at end of file
......@@ -16,6 +16,10 @@ function ninja_forms_import_form( $file ){
unset ( $form['notifications'] );
$form = apply_filters( 'ninja_forms_before_import_form', $form );
// Remove our last_sub setting. This is our starting seq_num.
if ( isset ( $form['data']['last_sub'] ) )
unset( $form['data']['last_sub'] );
$form['data'] = serialize( $form['data'] ) ;
$wpdb->insert( NINJA_FORMS_TABLE_NAME, $form );
......@@ -25,6 +29,7 @@ function ninja_forms_import_form( $file ){
if(is_array($form_fields)){
for ($x=0; $x < count( $form_fields ); $x++) {
$form_fields[$x]['form_id'] = $form_id;
$form_fields[$x]['data'] = apply_filters( 'nf_before_import_field', $form_fields[$x]['data'], $form_fields[$x]['id'] );
$form_fields[$x]['data'] = serialize( $form_fields[$x]['data'] );
$old_field_id = $form_fields[$x]['id'];
$form_fields[$x]['id'] = NULL;
......
......@@ -30,7 +30,7 @@ function ninja_forms_field_shortcode( $atts ){
} else {
$value = '';
}
return wp_kses_post( $value );
return nf_wp_kses_post_deep( $value );
}
add_shortcode( 'ninja_forms_field', 'ninja_forms_field_shortcode' );
......
......@@ -3,7 +3,7 @@
Plugin Name: Ninja Forms
Plugin URI: http://ninjaforms.com/
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
Version: 2.8.10
Version: 2.8.11
Author: The WP Ninjas
Author URI: http://ninjaforms.com
Text Domain: ninja-forms
......@@ -263,7 +263,7 @@ class Ninja_Forms {
// Plugin version
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
define( 'NF_PLUGIN_VERSION', '2.8.10' );
define( 'NF_PLUGIN_VERSION', '2.8.11' );
// Plugin Folder Path
if ( ! defined( 'NF_PLUGIN_DIR' ) )
......
......@@ -3,7 +3,7 @@ Contributors: kstover, jameslaws, wpnzach, daveshine, mordauk, bftrick, helgathe
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
Requires at least: 3.8
Tested up to: 4.0.1
Stable tag: 2.8.10
Stable tag: 2.8.11
License: GPLv2 or later
Forms created with a simple drag and drop interface. Contact forms, Email collection forms, or any other form you want on your WordPress site.
......@@ -74,16 +74,14 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
== Upgrade Notice ==
= 2.8.10 (2 December 2014) =
*Security Update:*
* This version includes a fix for a potential security vulnerability for admin users.
= 2.8.11 (8 December 2014) =
*Bugs:*
* Fixed a bug that can throw JS errors if multiple forms are on the same page.
* Fixed typos in the welcome screen.
* Fixed a bug that could cause submissions to view improperly.
* Appending forms to a post or page from the post/page edit screen should now work properly in all instances.
* Importing form from versions previous to 2.8 should no longer create a phantom email.
* Importing or duplicating a form that has submissions shouldn't cause the sequential numbers for the new form to start with the same number.
== Requested Features ==
......@@ -91,6 +89,15 @@ If you have any feature requests, please feel free to visit [ninjaforms.com](htt
== Changelog ==
= 2.8.11 (8 December 2014) =
*Bugs:*
* Fixed a bug that could cause submissions to view improperly.
* Appending forms to a post or page from the post/page edit screen should now work properly in all instances.
* Importing form from versions previous to 2.8 should no longer create a phantom email.
* Importing or duplicating a form that has submissions shouldn't cause the sequential numbers for the new form to start with the same number.
= 2.8.10 (2 December 2014) =
*Security Update:*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment