Commit 1d9c6ea0 authored by KR Moorhouse's avatar KR Moorhouse

Merged develop. Resolved merge conflicts.

parents 5fca97bc 6e346bdf
Pipeline #761 passed with stage
in 47 seconds
......@@ -4,7 +4,7 @@
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
Requires at least: 4.7
Tested up to: 4.9
Stable tag: 3.3.17
Stable tag: 3.3.18
License: GPLv2 or later
With a simple drag and drop interface you can create contact forms, email subscription forms, order forms, payment forms, and any other type of form for your WordPress site.
......
......@@ -71,4 +71,10 @@
.jBox-content {
overflow: hidden !important;
}
\ No newline at end of file
}
@media screen and ( max-width: 782px ) {
.tablenav.top .actions, .tablenav .view-switch {
display:block;
}
}
File mode changed from 100755 to 100644
......@@ -265,7 +265,7 @@ class Ninja_Forms {
// Plugin version
if ( ! defined( 'NF_PLUGIN_VERSION' ) )
define( 'NF_PLUGIN_VERSION', '3.3.17' );
define( 'NF_PLUGIN_VERSION', '3.3.18' );
// Plugin Folder Path
if ( ! defined( 'NF_PLUGIN_DIR' ) )
......
......@@ -89,7 +89,10 @@ class NF_Admin_CPT_DownloadAllSubmissions extends NF_Step_Processing {
}
$export .= NF_Database_Models_Submission::export( $this->args['form_id'], $sub_ids, TRUE );
if( 1 < $this->step ) {
$export = substr( $export, strpos( $export, PHP_EOL ) + 1 );
$stack = explode( apply_filters( 'nf_sub_csv_terminator', "\n" ), $export );
array_shift($stack);
$stack = implode( apply_filters( 'nf_sub_csv_terminator', "\n" ), $stack );
$export = $stack;
}
fwrite( $myfile, $export );
......
......@@ -91,8 +91,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
unset( $views[ 'mine' ] );
unset( $views[ 'publish' ] );
// If the Form ID is not empty...
if( ! empty( $_GET[ 'form_id' ] ) ) {
// If the Form ID is not empty and IS a number...
if( ! empty( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) {
// ...populate the rest of the query string.
$form_id = '&form_id=' . $_GET[ 'form_id' ] . '&nf_form_filter&paged=1';
} else {
......@@ -157,7 +157,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
*/
public function change_columns()
{
$form_id = ( isset( $_GET['form_id'] ) ) ? $_GET['form_id'] : FALSE;
// if the form_id isset and ID a number
$form_id = ( isset( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : FALSE;
if( ! $form_id ) return array();
......@@ -201,6 +202,10 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
*/
public function custom_columns( $column, $sub_id )
{
global $post_type;
if ( 'nf_sub' !== $post_type ) return false;
$sub = Ninja_Forms()->form()->get_sub( $sub_id );
switch( $column ){
......@@ -250,20 +255,36 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
$form_options = apply_filters( 'ninja_forms_submission_filter_form_options', $form_options );
asort($form_options);
if( isset( $_GET[ 'form_id' ] ) ) {
// make sure form_id isset and is a number
if( isset( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) {
$form_selected = $_GET[ 'form_id' ];
} else {
$form_selected = 0;
}
if( isset( $_GET[ 'begin_date' ] ) ) {
$begin_date = $_GET[ 'begin_date' ];
// check for bad characters(possible xss vulnerability)
$beg_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'begin_date' ]);
if ( 1 !== count( array_unique( str_split( $beg_date_sep ) ) ) ) {// We got bad data.
$begin_date = '';
} else {
$begin_date = $_GET[ 'begin_date' ];
}
} else {
$begin_date = '';
}
if( isset( $_GET[ 'end_date' ] ) ) {
$end_date = $_GET[ 'end_date' ];
// check for bad characters(possible xss vulnerability)
$end_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'end_date' ]);
if ( 1 !== count( array_unique( str_split( $end_date_sep ) ) ) ) {// We got bad data.
$end_date = '';
} else {
$end_date = $_GET[ 'end_date' ];
}
} else {
$end_date = '';
}
......@@ -282,7 +303,8 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
$vars = &$query->query_vars;
$form_id = ( ! empty( $_GET['form_id'] ) ) ? $_GET['form_id'] : 0;
// make sure form_id is not empty and is a number
$form_id = ( ! empty( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : 0;
$vars = $this->table_filter_by_form( $vars, $form_id );
......@@ -294,7 +316,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
public function search( $pieces ) {
global $typenow;
// filter to select search query
if ( is_search() && is_admin() && $typenow == 'nf_sub' && isset ( $_GET['s'] ) ) {
if ( isset ( $_GET['s'] ) && $typenow == 'nf_sub' && is_search() && is_admin() ) {
global $wpdb;
$keywords = explode(' ', get_query_var('s'));
......@@ -394,7 +416,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
$sub_ids = WPN_Helper::esc_html($_REQUEST['post']);
}
Ninja_Forms()->form( $_REQUEST['form_id'] )->export_subs( $sub_ids );
Ninja_Forms()->form( absint( $_REQUEST['form_id'] ) )->export_subs( $sub_ids );
}
if (isset ($_REQUEST['download_file']) && !empty($_REQUEST['download_file'])) {
......@@ -515,7 +537,7 @@ final class NF_Admin_Menus_Submissions extends NF_Abstracts_Submenu
// Include submissions on the end_date.
$end_date = date( 'm/d/Y', strtotime( '+1 day', strtotime( $end_date ) ) );
if ( ! isset ( $vars['date_query'] ) ) {
$vars['date_query'] = array(
......
......@@ -65,7 +65,13 @@ final class NF_Dispatcher
$ip_address = $_SERVER[ 'LOCAL_ADDR' ];
}
$host_name = gethostbyaddr( $ip_address );
// If we have a valid IP Address...
if ( filter_var( $ip_address, FILTER_VALIDATE_IP ) ) {
// Get the hostname.
$host_name = gethostbyaddr( $ip_address );
} else {
$host_name = 'unknown';
}
if ( is_multisite() ) {
$multisite_enabled = 1;
......
<script id="tmpl-nf-field-number" type="text/template">
<input id="nf-field-{{{ data.id }}}" name="nf-field-{{{ data.id }}}" aria-invalid="false" aria-describedby="nf-error-{{{ data.id }}}" class="{{{ data.renderClasses() }}} nf-element"
<input id="nf-field-{{{ data.id }}}" name="nf-field-{{{ data.id }}}" aria-invalid="false" aria-describedby="nf-error-{{{ data.id }}}" class="{{{ data.renderClasses() }}} nf-element"
aria-labelledby="nf-label-field-{{{ data.id }}}"
{{{ data.maybeRequired() }}}
type="number" value="{{{ data.value }}}" min="{{{ data.num_min }}}" max="{{{ data.num_max }}}" step="{{{ data.num_step }}}" {{{ data.renderPlaceholder() }}}>
type="number" value="<# if(data.default && data.default <=data.num_max && data.default >= data.num_min) {print(data.default)} #>" min="{{{ data.num_min }}}" max="{{{ data.num_max }}}" step="{{{ data.num_step }}}" {{{ data.renderPlaceholder() }}}>
</script>
......@@ -3,7 +3,7 @@
Plugin Name: Ninja Forms
Plugin URI: http://ninjaforms.com/
Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
Version: 3.3.17
Version: 3.3.18
Author: The WP Ninjas
Author URI: http://ninjaforms.com
Text Domain: ninja-forms
......@@ -57,7 +57,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
/**
* @since 3.0
*/
const VERSION = '3.3.17';
const VERSION = '3.3.18';
const WP_MIN_VERSION = '4.7';
......
......@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
Requires at least: 4.7
Tested up to: 4.9
Stable tag: 3.3.17
Stable tag: 3.3.18
License: GPLv2 or later
Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
......@@ -111,21 +111,36 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
== Upgrade Notice ==
= 3.3.17 (16 October 2018) =
= 3.3.18 (14 November 2018) =
*Bugs:*
*Security:*
* Pressing the tab key while in the delete a form modal should now shift focus to the delete button.
* Resolved an issue that could have caused some display issues on the dashboard due to cached scripts.
* Patched a redirect XSS vulnerability using code injection on our submissions page.
*Changes:*
*Bugs:*
* Updated several of our product images on the apps & integrations tab of the dashboard.
* Our in-app marketing feed will now fetch from a remote site for more swift product updates.
* [Ninja Shop](https://getninjashop.com/?utm_medium=dashboard_banner&utm_source=ninja-forms&utm_campaign=Awareness) has arrived!
* Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
* Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
* Resolved an issue that sometimes caused error log entries related to an invalid IP.
* The form selector on the submissions page should now be visible on mobile devices.
* Resolved an issue that sometimes caused CSV exports to have multiple header rows.
== Changelog ==
= 3.3.18 (14 November 2018) =
*Security:*
* Patched a redirect XSS vulnerability using code injection on our submissions page.
*Bugs:*
* Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
* Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
* Resolved an issue that sometimes caused error log entries related to an invalid IP.
* The form selector on the submissions page should now be visible on mobile devices.
* Resolved an issue that sometimes caused CSV exports to have multiple header rows.
= 3.3.17 (16 October 2018) =
*Bugs:*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment