Skip to content
Permalink
Browse files Browse the repository at this point in the history
V3.82 - Security Exploit was fixed. The French language file is updated.
git-svn-id: https://plugins.svn.wordpress.org/contact-form-plugin/trunk@961828 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
bestwebsoft committed Aug 7, 2014
1 parent d1fc811 commit 4d531f7
Show file tree
Hide file tree
Showing 49 changed files with 7,573 additions and 8,077 deletions.
71 changes: 51 additions & 20 deletions bws_menu/bws_menu.php
@@ -1,7 +1,7 @@
<?php
/*
* Function for displaying BestWebSoft menu
* Version: 1.3.4
* Version: 1.3.7
*/

if ( ! function_exists( 'bws_add_menu_render' ) ) {
Expand Down Expand Up @@ -259,6 +259,23 @@ function bws_add_menu_render() {
'download' => 'http://bestwebsoft.com/plugin/email-queue/?k=e345e1b6623f0dca119bc2d9433b130b&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
'wp_install' => '/wp-admin/plugin-install.php?tab=search&s=Email+Queue+BestWebSoft&plugin-search-input=Search+Plugins',
'settings' => 'admin.php?page=mlq_settings'
),
'limit-attempts/limit-attempts.php' => array(
'name' => 'Limit Attempts',
'description' => 'Allows you to limit rate of login attempts by the ip, and create whitelist and blacklist.',
'link' => 'http://bestwebsoft.com/plugin/limit-attempts/?k=b14e1697ee4d008abcd4bd34d492573a&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
'download' => 'http://bestwebsoft.com/plugin/limit-attempts/?k=b14e1697ee4d008abcd4bd34d492573a&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
'wp_install' => '/wp-admin/plugin-install.php?tab=search&s=Limit+Attempts+BestWebSoft&plugin-search-input=Search+Plugins',
'settings' => 'admin.php?page=limit-attempts.php',
'pro_version' => 'limit-attempts-pro/limit-attempts-pro.php'
),
'job-board/job-board.php' => array(
'name' => 'Job board',
'description' => 'Allows to create a job-board page on your site.',
'link' => 'http://bestwebsoft.com/plugin/job-board/?k=b0c504c9ce6edd6692e04222af3fed6f&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
'download' => 'http://bestwebsoft.com/plugin/job-board/?k=b0c504c9ce6edd6692e04222af3fed6f&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
'wp_install' => '/wp-admin/plugin-install.php?tab=search&type=term&s=Job+board+BestWebSoft&plugin-search-input=Search+Plugins',
'settings' => 'admin.php?page=job-board.php'
)
);
$bws_plugins_pro = array(
Expand Down Expand Up @@ -359,6 +376,13 @@ function bws_add_menu_render() {
'link' => 'http://bestwebsoft.com/plugin/sender-pro/?k=dc5d1a87bdc8aeab2de40ffb99b38054&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
'purchase' => 'http://bestwebsoft.com/plugin/sender-pro/?k=dc5d1a87bdc8aeab2de40ffb99b38054&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#purchase',
'settings' => 'admin.php?page=sndrpr_settings'
),
'limit-attempts-pro/limit-attempts-pro.php' => array(
'name' => 'Limit Attempts Pro',
'description' => 'Allows you to limit rate of login attempts by the ip, and create whitelist and blacklist.',
'link' => 'http://bestwebsoft.com/plugin/limit-attempts-pro/?k=9d42cdf22c7fce2c4b6b447e6a2856e0&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
'purchase' => 'http://bestwebsoft.com/plugin/limit-attempts-pro/?k=9d42cdf22c7fce2c4b6b447e6a2856e0&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#purchase',
'settings' => 'admin.php?page=limit-attempts-pro.php',
)
);

Expand Down Expand Up @@ -491,8 +515,8 @@ function bws_add_menu_render() {
if ( ( isset( $_REQUEST['bwsmn_form_submit'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit' ) ) ||
( isset( $_REQUEST['bwsmn_form_submit_custom_email'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit_custom_email' ) ) ) {
if ( isset( $_REQUEST['bwsmn_form_email'] ) ) {
$bwsmn_form_email = trim( $_REQUEST['bwsmn_form_email'] );
if ( $bwsmn_form_email == "" || !preg_match( "/^((?:[a-z0-9']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})[, ]*)+$/i", $bwsmn_form_email ) ) {
$bwsmn_form_email = esc_html( trim( $_REQUEST['bwsmn_form_email'] ) );
if ( $bwsmn_form_email == "" || ! is_email( $bwsmn_form_email ) ) {
$error = __( "Please enter a valid email address.", 'bestwebsoft' );
} else {
$email = $bwsmn_form_email;
Expand All @@ -514,19 +538,24 @@ function bws_add_menu_render() {
foreach ( $system_info['system_info'] as $key => $value ) {
$message_text .= '<tr><td>'. $key .'</td><td>'. $value .'</td></tr>';
}
$message_text .= '</table>
<h4>Active Plugins</h4>
<table>';
foreach ( $system_info['active_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
$message_text .= '</table>';
if ( ! empty( $system_info['active_plugins'] ) ) {
$message_text .= '<h4>Active Plugins</h4>
<table>';
foreach ( $system_info['active_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
}
$message_text .= '</table>';
}
$message_text .= '</table>
<h4>Inactive Plugins</h4>
<table>';
foreach ( $system_info['inactive_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
if ( ! empty( $system_info['inactive_plugins'] ) ) {
$message_text .= '<h4>Inactive Plugins</h4>
<table>';
foreach ( $system_info['inactive_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
}
$message_text .= '</table>';
}
$message_text .= '</table></body></html>';
$message_text .= '</body></html>';
$result = wp_mail( $email, 'System Info From ' . $home_url, $message_text, $headers );
if ( $result != true )
$error = __( "Sorry, email message could not be delivered.", 'bestwebsoft' );
Expand Down Expand Up @@ -874,12 +903,14 @@ function bws_add_menu_render() {
<table class="bws_system_info">
<thead><tr><th><?php _e( 'Active Plugins', 'bestwebsoft' ); ?></th><th></th></tr></thead>
<tbody>
<?php foreach ( $system_info['active_plugins'] as $key => $value ) { ?>
<tr>
<td scope="row"><?php echo $key; ?></td>
<td scope="row"><?php echo $value; ?></td>
</tr>
<?php } ?>
<?php if ( ! empty( $system_info['active_plugins'] ) ) {
foreach ( $system_info['active_plugins'] as $key => $value ) { ?>
<tr>
<td scope="row"><?php echo $key; ?></td>
<td scope="row"><?php echo $value; ?></td>
</tr>
<?php }
} ?>
</tbody>
</table>
<table class="bws_system_info">
Expand Down
Binary file added bws_menu/icons/job-board.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added bws_menu/icons/limit-attempts.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
49 changes: 26 additions & 23 deletions contact_form.php
Expand Up @@ -4,7 +4,7 @@
Plugin URI: http://bestwebsoft.com/plugin/
Description: Plugin for Contact Form.
Author: BestWebSoft
Version: 3.81
Version: 3.82
Author URI: http://bestwebsoft.com/
License: GPLv2 or later
*/
Expand Down Expand Up @@ -114,7 +114,8 @@ function cntctfrm_admin_init() {
function cntctfrm_settings() {
global $wpmu, $cntctfrm_options, $cntctfrm_option_defaults, $wpdb, $bws_plugin_info, $cntctfrm_plugin_info;
$cntctfrm_db_version = "1.0";

$cntctfrm_plugin_info = get_plugin_data( __FILE__ );

$cntctfrm_option_defaults = array(
'plugin_option_version' => $cntctfrm_plugin_info["Version"],
'plugin_db_version' => $cntctfrm_db_version,
Expand Down Expand Up @@ -407,10 +408,10 @@ function cntctfrm_settings_page() {
/* Save data for settings page */
if ( isset( $_POST['cntctfrm_form_submit'] ) && check_admin_referer( plugin_basename(__FILE__), 'cntctfrm_nonce_name' ) ) {
$cntctfrm_options_submit['cntctfrm_user_email'] = $_POST['cntctfrm_user_email'];
$cntctfrm_options_submit['cntctfrm_custom_email'] = stripslashes( $_POST['cntctfrm_custom_email'] );
$cntctfrm_options_submit['cntctfrm_custom_email'] = stripslashes( esc_html( $_POST['cntctfrm_custom_email'] ) );
$cntctfrm_options_submit['cntctfrm_select_email'] = $_POST['cntctfrm_select_email'];
$cntctfrm_options_submit['cntctfrm_from_email'] = $_POST['cntctfrm_from_email'];
$cntctfrm_options_submit['cntctfrm_custom_from_email'] = stripslashes( $_POST['cntctfrm_custom_from_email'] );
$cntctfrm_options_submit['cntctfrm_custom_from_email'] = stripslashes( esc_html( $_POST['cntctfrm_custom_from_email'] ) );
$cntctfrm_options_submit['cntctfrm_additions_options'] = isset( $_POST['cntctfrm_additions_options']) ? $_POST['cntctfrm_additions_options'] : 0;
if ( 0 == $cntctfrm_options_submit['cntctfrm_additions_options'] ) {
$cntctfrm_options_submit['cntctfrm_attachment'] = 0;
Expand Down Expand Up @@ -493,7 +494,7 @@ function cntctfrm_settings_page() {
} else {

$cntctfrm_options_submit['cntctfrm_mail_method'] = $_POST['cntctfrm_mail_method'];
$cntctfrm_options_submit['cntctfrm_from_field'] = $_POST['cntctfrm_from_field'];
$cntctfrm_options_submit['cntctfrm_from_field'] = stripslashes( esc_html( $_POST['cntctfrm_from_field'] ) );
$cntctfrm_options_submit['cntctfrm_select_from_field'] = $_POST['cntctfrm_select_from_field'];
$cntctfrm_options_submit['cntctfrm_display_name_field'] = isset( $_POST['cntctfrm_display_name_field']) ? 1 : 0;
$cntctfrm_options_submit['cntctfrm_display_address_field'] = isset( $_POST['cntctfrm_display_address_field']) ? 1 : 0;
Expand Down Expand Up @@ -563,7 +564,7 @@ function cntctfrm_settings_page() {
$cntctfrm_options_submit['cntctfrm_required_subject_field'] = isset( $_POST['cntctfrm_required_subject_field']) ? 1 : 0;
$cntctfrm_options_submit['cntctfrm_required_message_field'] = isset( $_POST['cntctfrm_required_message_field']) ? 1 : 0;

$cntctfrm_options_submit['cntctfrm_required_symbol'] = isset( $_POST['cntctfrm_required_symbol']) ? $_POST['cntctfrm_required_symbol'] : '*';
$cntctfrm_options_submit['cntctfrm_required_symbol'] = isset( $_POST['cntctfrm_required_symbol']) ? stripslashes( esc_html( $_POST['cntctfrm_required_symbol'] ) ) : '*';
$cntctfrm_options_submit['cntctfrm_html_email'] = isset( $_POST['cntctfrm_html_email']) ? 1 : 0;
$cntctfrm_options_submit['cntctfrm_site_name_parameter'] = $_POST['cntctfrm_site_name_parameter'];
$cntctfrm_options_submit['cntctfrm_display_add_info'] = isset( $_POST['cntctfrm_display_add_info']) ? 1 : 0;
Expand Down Expand Up @@ -667,13 +668,13 @@ function cntctfrm_settings_page() {
}
}
$cntctfrm_options_submit['cntctfrm_action_after_send'] = $_POST['cntctfrm_action_after_send'];
$cntctfrm_options_submit['cntctfrm_redirect_url'] = $_POST['cntctfrm_redirect_url'];
$cntctfrm_options_submit['cntctfrm_redirect_url'] = esc_url( $_POST['cntctfrm_redirect_url'] );
}
$cntctfrm_options = array_merge( $cntctfrm_options, $cntctfrm_options_submit );

if ( 0 == $cntctfrm_options_submit['cntctfrm_action_after_send']
&& ( "" == trim( $cntctfrm_options_submit['cntctfrm_redirect_url'] )
|| ! preg_match( '@^(?:http://)?([^/]+)@i', trim( $cntctfrm_options_submit['cntctfrm_redirect_url'] ) ) ) ) {
|| ! filter_var( $cntctfrm_options_submit['cntctfrm_redirect_url'], FILTER_VALIDATE_URL) ) ) {
$error .=__( "If the 'Redirect to page' option is selected then the URL field should be in the following format", 'contact_form' )." <code>http://your_site/your_page</code>";
$cntctfrm_options['cntctfrm_action_after_send'] = 1;
}
Expand All @@ -686,13 +687,14 @@ function cntctfrm_settings_page() {
$error .= __( "Such user does not exist. Settings are not saved.", 'contact_form' );
}
} else {
if ( "" == $cntctfrm_options_submit['cntctfrm_custom_email'] || ! preg_match( "/^((?:[a-z0-9_']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})[, ]*)+$/i", trim( $cntctfrm_options_submit['cntctfrm_custom_email'] ) ) ){
$error .= __( "Please enter a valid email address in the 'FROM' field. Settings are not saved.", 'contact_form' );
if ( "" == $cntctfrm_options_submit['cntctfrm_custom_email']
|| ! is_email( trim( $cntctfrm_options_submit['cntctfrm_custom_email'] ) ) ) {
$error .= __( "Please enter a valid email address in the 'Use this email address' field. Settings are not saved.", 'contact_form' );
}
}
if ( 'custom' == $cntctfrm_options_submit['cntctfrm_from_email'] ) {
if ( "" == $cntctfrm_options_submit['cntctfrm_custom_from_email']
&& ! preg_match( "/^((?:[a-z0-9_']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})[, ]*)+$/i", trim( $cntctfrm_options_submit['cntctfrm_custom_from_email'] ) ) ) {
|| ! is_email( trim( $cntctfrm_options_submit['cntctfrm_custom_from_email'] ) ) ) {
$error .= __( "Please enter a valid email address in the 'FROM' field. Settings are not saved.", 'contact_form' );
}
}
Expand Down Expand Up @@ -740,14 +742,14 @@ function cntctfrm_settings_page() {
if ( isset( $_GET['action'] ) && 'go_pro' == $_GET['action'] ) {
global $wpmu, $bstwbsftwppdtplgns_options;

$bws_license_key = ( isset( $_POST['bws_license_key'] ) ) ? trim( $_POST['bws_license_key'] ) : "";
$bws_license_key = ( isset( $_POST['bws_license_key'] ) ) ? trim( esc_html( $_POST['bws_license_key'] ) ) : "";

if ( isset( $_POST['bws_license_submit'] ) && check_admin_referer( plugin_basename( __FILE__ ), 'bws_license_nonce_name' ) ) {
if ( '' != $bws_license_key ) {
if ( strlen( $bws_license_key ) != 18 ) {
$error = __( "Wrong license key", 'contact_form' );
} else {
$bws_license_plugin = trim( $_POST['bws_license_plugin'] );
$bws_license_plugin = stripslashes( esc_html( $_POST['bws_license_plugin'] ) );
if ( isset( $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] ) && $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['time'] < ( time() + (24 * 60 * 60) ) ) {
$bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] = $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] + 1;
} else {
Expand Down Expand Up @@ -1175,7 +1177,7 @@ function cntctfrm_settings_page() {
<?php foreach ( $lang_codes as $key => $val ) {
if ( in_array( $key, $cntctfrm_options['cntctfrm_language'] ) )
continue;
echo '<option value="' . esc_attr( $key ) . '"> ' . esc_html ( $val ) . '</option>';
echo '<option value="' . esc_attr( $key ) . '"> ' . esc_html( $val ) . '</option>';
} ?>
</select>
<input type="button" class="button-primary" id="cntctfrm_add_language_button" value="<?php _e( 'Add a language', 'contact_form' ); ?>" />
Expand Down Expand Up @@ -1821,9 +1823,9 @@ function cntctfrm_display_form( $atts = array( 'lang' => 'en' ) ) {

$content .= '<div style="text-align: left; padding-top: 8px;">';
if ( isset( $atts['id'] ) )
$content .= '<input type="hidden" value="' . $atts['id'] . '" name="cntctfrmmlt_shortcode_id">';
$content .= '<input type="hidden" value="' . esc_attr( $atts['id'] ) . '" name="cntctfrmmlt_shortcode_id">';
$content .= '<input type="hidden" value="send" name="cntctfrm_contact_action"><input type="hidden" value="Version: 3.30" />
<input type="hidden" value="' . $lang . '" name="cntctfrm_language">
<input type="hidden" value="' . esc_attr( $lang ) . '" name="cntctfrm_language">
<input type="submit" value="'. $cntctfrm_options['cntctfrm_submit_label'][ $lang ] . '" style="cursor: pointer; margin: 0pt; text-align: center;margin-bottom:10px;" />
</div>
</form>';
Expand Down Expand Up @@ -1943,7 +1945,8 @@ function cntctfrm_check_form() {
unset( $error_message['error_name'] );
if ( 1 == $cntctfrm_options['cntctfrm_display_address_field'] && 1 == $cntctfrm_options['cntctfrm_required_address_field'] && "" != $address )
unset( $error_message['error_address'] );
if ( 1 == $cntctfrm_options['cntctfrm_required_email_field'] && "" != $email && preg_match( "/^(?:[a-z0-9_']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})$/i", trim( stripslashes( $email ) ) ) )
if ( 1 == $cntctfrm_options['cntctfrm_required_email_field'] && "" != $email &&
is_email( trim( stripslashes( $email ) ) ) )
unset( $error_message['error_email'] );
if ( 1 == $cntctfrm_options['cntctfrm_display_phone_field'] && 1 == $cntctfrm_options['cntctfrm_required_phone_field'] && "" != $phone )
unset( $error_message['error_phone'] );
Expand Down Expand Up @@ -2390,7 +2393,7 @@ function cntctfrm_admin_head() {
wp_enqueue_style( 'cntctfrm_stylesheet', plugins_url( 'css/style.css', __FILE__ ) );

if ( 3.5 > $wp_version )
wp_enqueue_script( 'cntctfrm_script', plugins_url( 'js/script_wp_before_3.5.js', __FILE__ ) );
wp_enqueue_script( 'cntctfrm_script', plugins_url( 'js/script_wp_before_3.5.js', __FILE__ ) );
else
wp_enqueue_script( 'cntctfrm_script', plugins_url( 'js/script.js', __FILE__ ) );

Expand Down Expand Up @@ -2535,12 +2538,13 @@ function cntctfrm_plugin_banner() {
if ( 'plugins.php' == $hook_suffix ) {
global $cntctfrm_plugin_info;
$banner_array = array(
array( 'lmtttmpts_hide_banner_on_plugin_page', 'limit-attempts/limit-attempts.php', '1.0.2' ),
array( 'sndr_hide_banner_on_plugin_page', 'sender/sender.php', '0.5' ),
array( 'srrl_hide_banner_on_plugin_page', 'user-role/user-role.php', '1.4' ),
array( 'pdtr_hide_banner_on_plugin_page', 'updater/updater.php', '1.12' ),
array( 'cntctfrmtdb_hide_banner_on_plugin_page', 'contact-form-to-db/contact_form_to_db.php', '1.2' ),
array( 'cntctfrmmlt_hide_banner_on_plugin_page', 'contact-form-multi/contact-form-multi.php', '1.0.7' ),
array( 'gglmps_hide_banner_on_plugin_page', 'bws-google-maps/bws-google-maps.php', '1.2' ),
array( 'cntctfrmmlt_hide_banner_on_plugin_page', 'contact-form-multi/contact-form-multi.php', '1.0.7' ),
array( 'gglmps_hide_banner_on_plugin_page', 'bws-google-maps/bws-google-maps.php', '1.2' ),
array( 'fcbkbttn_hide_banner_on_plugin_page', 'facebook-button-plugin/facebook-button-plugin.php', '2.29' ),
array( 'twttr_hide_banner_on_plugin_page', 'twitter-plugin/twitter.php', '2.34' ),
array( 'pdfprnt_hide_banner_on_plugin_page', 'pdf-print/pdf-print.php', '1.7.1' ),
Expand All @@ -2550,7 +2554,7 @@ function cntctfrm_plugin_banner() {
array( 'cntctfrm_for_ctfrmtdb_hide_banner_on_plugin_page', 'contact-form-plugin/contact_form.php', '3.62' ),
array( 'cntctfrm_hide_banner_on_plugin_page', 'contact-form-plugin/contact_form.php', '3.47' ),
array( 'cptch_hide_banner_on_plugin_page', 'captcha/captcha.php', '3.8.4' ),
array( 'gllr_hide_banner_on_plugin_page', 'gallery-plugin/gallery-plugin.php', '3.9.1' )
array( 'gllr_hide_banner_on_plugin_page', 'gallery-plugin/gallery-plugin.php', '3.9.1' )
);
if ( ! $cntctfrm_plugin_info )
$cntctfrm_plugin_info = get_plugin_data( __FILE__ );
Expand Down Expand Up @@ -2672,5 +2676,4 @@ function cntctfrm_delete_options() {

add_action( 'admin_notices', 'cntctfrm_plugin_banner');

register_uninstall_hook( __FILE__, 'cntctfrm_delete_options' );
?>
register_uninstall_hook( __FILE__, 'cntctfrm_delete_options' );
Binary file modified languages/contact_form-af_ZA.mo
Binary file not shown.

0 comments on commit 4d531f7

Please sign in to comment.