Skip to content
This repository was archived by the owner on Mar 1, 2024. It is now read-only.

Commit 642ef1d

Browse files
author
bestwebsoft
committed
V3.52 - The Japanese language file is updated. We fixed the bug related to XSS attack.
git-svn-id: https://plugins.svn.wordpress.org/contact-form-plugin/trunk@755567 b8457f37-d9ea-0310-8a92-e5e31aec5664
1 parent 61afa7b commit 642ef1d

File tree

4 files changed

+212
-212
lines changed

4 files changed

+212
-212
lines changed

Diff for: contact_form.php

+51-16
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
Plugin URI: http://bestwebsoft.com/plugin/
55
Description: Plugin for Contact Form.
66
Author: BestWebSoft
7-
Version: 3.51
7+
Version: 3.52
88
Author URI: http://bestwebsoft.com/
99
License: GPLv2 or later
1010
*/
@@ -380,7 +380,7 @@ function cntctfrm_admin_menu() {
380380
// Register settings for plugin
381381
if( ! function_exists( 'cntctfrm_settings' ) ) {
382382
function cntctfrm_settings() {
383-
global $cntctfrm_options, $cntctfrm_option_defaults;
383+
global $cntctfrm_options, $cntctfrm_option_defaults, $wpdb;
384384

385385
$cntctfrm_option_defaults = array(
386386
'cntctfrm_user_email' => 'admin',
@@ -474,6 +474,31 @@ function cntctfrm_settings() {
474474
$cntctfrm_options['cntctfrm_send_copy_label']['en'] = __( "Send me a copy", 'contact_form' );
475475

476476
update_option( 'cntctfrm_options', $cntctfrm_options );
477+
478+
// create db table of fields list
479+
$sql = "CREATE TABLE IF NOT EXISTS `" . $wpdb->prefix . "cntctfrm_field` (
480+
id int NOT NULL AUTO_INCREMENT,
481+
name CHAR(100) NOT NULL,
482+
UNIQUE KEY id (id)
483+
);";
484+
require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
485+
dbDelta( $sql );
486+
$fields = array( 'display_address_field',
487+
'display_phone_field',
488+
'attachment',
489+
'attachment_explanations',
490+
'send_copy',
491+
'display_sent_from',
492+
'display_date_time',
493+
'display_coming_from',
494+
'display_user_agent'
495+
);
496+
foreach ( $fields as $key => $value ) {
497+
$db_row = $wpdb->get_row( "SELECT * FROM " . $wpdb->prefix . "cntctfrm_field WHERE `name` = '" . $value . "'", ARRAY_A );
498+
if ( !isset( $db_row ) || empty( $db_row ) ) {
499+
$wpdb->insert( $wpdb->prefix . "cntctfrm_field", array( 'name' => $value ), array( '%s' ) );
500+
}
501+
}
477502
}
478503
}
479504

@@ -821,8 +846,6 @@ function cntctfrm_settings_page() {
821846
<input type="checkbox" id="cntctfrm_display_address_field" name="cntctfrm_display_address_field" value="1" <?php if($cntctfrm_options['cntctfrm_display_address_field'] == '1') echo "checked=\"checked\" "; ?>/> <?php _e( "Address", 'contact_form' ); ?><br />
822847
<input type="checkbox" id="cntctfrm_display_phone_field" name="cntctfrm_display_phone_field" value="1" <?php if($cntctfrm_options['cntctfrm_display_phone_field'] == '1') echo "checked=\"checked\" "; ?>/> <?php _e( "Phone", 'contact_form' ); ?><br />
823848
<input type="checkbox" id="cntctfrm_attachment" name="cntctfrm_attachment" value="1" <?php if($cntctfrm_options['cntctfrm_attachment'] == '1') echo "checked=\"checked\" "; ?>/> <?php _e( "Attachment block", 'contact_form' ); ?> <span class="cntctfrm_info">(<?php echo __( "Users can attach the following file formats", 'contact_form' ) . ": html, txt, css, gif, png, jpeg, jpg, tiff, bmp, ai, eps, ps, rtf, pdf, doc, docx, xls, zip, rar, wav, mp3, ppt"; ?>)</span><br />
824-
<input type="checkbox" id="cntctfrm_attachment_explanations" name="cntctfrm_attachment_explanations" value="1" <?php if( $cntctfrm_options['cntctfrm_attachment_explanations'] == '1' && $cntctfrm_options['cntctfrm_attachment'] == '1' ) echo "checked=\"checked\" "; ?>/> <?php echo __( "Tips below the Attachment block", 'contact_form' ); ?><br />
825-
<input type="checkbox" id="cntctfrm_send_copy" name="cntctfrm_send_copy" value="1" <?php if($cntctfrm_options['cntctfrm_send_copy'] == '1') echo "checked=\"checked\" "; ?>/> <?php _e( "Send me a copy block", 'contact_form' ); ?> <br />
826849
<?php $all_plugins = get_plugins();
827850
if ( is_multisite() ) {
828851
$active_plugins = (array) array_keys( get_site_option( 'active_sitewide_plugins', array() ) );
@@ -844,6 +867,18 @@ function cntctfrm_settings_page() {
844867
<?php } ?>
845868
</td>
846869
</tr>
870+
<tr valign="top" class="cntctfrm_additions_block <?php if($cntctfrm_options['cntctfrm_additions_options'] == '0') echo "cntctfrm_hidden"; ?>">
871+
<th scope="row" style="width:200px;"><?php echo __( "Display tips below the Attachment block", 'contact_form' ); ?></th>
872+
<td colspan="2">
873+
<input type="checkbox" id="cntctfrm_attachment_explanations" name="cntctfrm_attachment_explanations" value="1" <?php if( $cntctfrm_options['cntctfrm_attachment_explanations'] == '1' && $cntctfrm_options['cntctfrm_attachment'] == '1' ) echo "checked=\"checked\" "; ?>/>
874+
</td>
875+
</tr>
876+
<tr valign="top" class="cntctfrm_additions_block <?php if($cntctfrm_options['cntctfrm_additions_options'] == '0') echo "cntctfrm_hidden"; ?>">
877+
<th scope="row" style="width:200px;"><?php _e( "Display 'Send me a copy' block", 'contact_form' ); ?> </th>
878+
<td colspan="2">
879+
<input type="checkbox" id="cntctfrm_send_copy" name="cntctfrm_send_copy" value="1" <?php if($cntctfrm_options['cntctfrm_send_copy'] == '1') echo "checked=\"checked\" "; ?>/>
880+
</td>
881+
</tr>
847882
<tr valign="top" class="cntctfrm_additions_block <?php if($cntctfrm_options['cntctfrm_additions_options'] == '0') echo "cntctfrm_hidden"; ?>">
848883
<th scope="row" style="width:200px;"><?php _e( "Required fields", 'contact_form' ); ?></th>
849884
<td colspan="2">
@@ -1286,12 +1321,12 @@ function cntctfrm_display_form( $atts = array( 'lang' => 'en' ) ) {
12861321
$page_url = ( isset( $_SERVER["HTTPS"] ) && $_SERVER["HTTPS"] == "on" ? "https://" : "http://" ).$_SERVER["SERVER_NAME"].strip_tags( $_SERVER["REQUEST_URI"] );
12871322

12881323
// If contact form submited
1289-
$name = isset( $_POST['cntctfrm_contact_name'] ) ? $_POST['cntctfrm_contact_name'] : "";
1290-
$address = isset( $_POST['cntctfrm_contact_address'] ) ? $_POST['cntctfrm_contact_address'] : "";
1291-
$email = isset( $_POST['cntctfrm_contact_email'] ) ? stripslashes( $_POST['cntctfrm_contact_email'] ) : "";
1292-
$subject = isset( $_POST['cntctfrm_contact_subject'] ) ? $_POST['cntctfrm_contact_subject'] : "";
1293-
$message = isset( $_POST['cntctfrm_contact_message'] ) ? $_POST['cntctfrm_contact_message'] : "";
1294-
$phone = isset( $_POST['cntctfrm_contact_phone'] ) ? $_POST['cntctfrm_contact_phone'] : "";
1324+
$name = isset( $_POST['cntctfrm_contact_name'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_name'] ) : "";
1325+
$address = isset( $_POST['cntctfrm_contact_address'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_address'] ) : "";
1326+
$email = isset( $_POST['cntctfrm_contact_email'] ) ? htmlspecialchars( stripslashes( $_POST['cntctfrm_contact_email'] ) ) : "";
1327+
$subject = isset( $_POST['cntctfrm_contact_subject'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_subject'] ) : "";
1328+
$message = isset( $_POST['cntctfrm_contact_message'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_message'] ) : "";
1329+
$phone = isset( $_POST['cntctfrm_contact_phone'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_phone'] ) : "";
12951330

12961331
$name = strip_tags( preg_replace ( '/<[^>]*>/', '', preg_replace ( '/<script.*<\/[^>]*>/', '', $name ) ) );
12971332
$address = strip_tags( preg_replace ( '/<[^>]*>/', '', preg_replace ( '/<script.*<\/[^>]*>/', '', $address ) ) );
@@ -1456,12 +1491,12 @@ function cntctfrm_check_form() {
14561491
// Error messages array
14571492
$error_message = array();
14581493

1459-
$name = isset( $_POST['cntctfrm_contact_name'] ) ? $_POST['cntctfrm_contact_name'] : "";
1460-
$address = isset( $_POST['cntctfrm_contact_address'] ) ? $_POST['cntctfrm_contact_address'] : "";
1461-
$email = isset( $_POST['cntctfrm_contact_email'] ) ? stripslashes( $_POST['cntctfrm_contact_email'] ) : "";
1462-
$subject = isset( $_POST['cntctfrm_contact_subject'] ) ? $_POST['cntctfrm_contact_subject'] : "";
1463-
$message = isset( $_POST['cntctfrm_contact_message'] ) ? $_POST['cntctfrm_contact_message'] : "";
1464-
$phone = isset( $_POST['cntctfrm_contact_phone'] ) ? $_POST['cntctfrm_contact_phone'] : "";
1494+
$name = isset( $_POST['cntctfrm_contact_name'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_name'] ) : "";
1495+
$address = isset( $_POST['cntctfrm_contact_address'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_address'] ) : "";
1496+
$email = isset( $_POST['cntctfrm_contact_email'] ) ? htmlspecialchars( stripslashes( $_POST['cntctfrm_contact_email'] ) ) : "";
1497+
$subject = isset( $_POST['cntctfrm_contact_subject'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_subject'] ) : "";
1498+
$message = isset( $_POST['cntctfrm_contact_message'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_message'] ) : "";
1499+
$phone = isset( $_POST['cntctfrm_contact_phone'] ) ? htmlspecialchars( $_POST['cntctfrm_contact_phone'] ) : "";
14651500

14661501
$name = strip_tags( preg_replace ( '/<[^>]*>/', '', preg_replace ( '/<script.*<\/[^>]*>/', '', $name ) ) );
14671502
$address = strip_tags( preg_replace ( '/<[^>]*>/', '', preg_replace ( '/<script.*<\/[^>]*>/', '', $address ) ) );

Diff for: languages/contact_form-ja.mo

12.1 KB
Binary file not shown.

0 commit comments

Comments
 (0)