Skip to content

Commit 7e96de4

Browse files
spivurnospivurno
committed
gw-cache-buster.php: Improved escaping of query parameters output in AJAX URL.
1 parent f38e371 commit 7e96de4

File tree

1 file changed

+15
-15
lines changed

1 file changed

+15
-15
lines changed

gravity-forms/gw-cache-buster.php

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
* Plugin URI: https://gravitywiz.com/cache-busting-with-gravity-forms/
1010
* Description: Bypass your website cache when loading a Gravity Forms form.
1111
* Author: Gravity Wiz
12-
* Version: 0.2
12+
* Version: 0.3
1313
* Author URI: https://gravitywiz.com
1414
*/
1515
class GW_Cache_Buster {
@@ -135,17 +135,18 @@ public function shortcode( $markup, $attributes, $content ) {
135135
</style>
136136
</div>
137137
<?php
138-
// Store current URL parameters and include them in AJAX call
139-
// This preserves dynamic form population
140-
$params = array();
141-
$exclude_params = array( 'action', 'form_id', 'atts' ); // Exclude parameters that may clash
142-
foreach ( $_GET as $k => $v ) {
143-
if ( ! in_array( $k, $exclude_params, true ) ) {
144-
$params[ $k ] = sprintf( '%s=%s', $k, $_GET[ $k ] );
145-
}
146-
}
147-
$params = ( count( $params ) > 0 ) ? '&' . join( '&', $params ) : '';
148-
$lang = null;
138+
// Include original query parameters (with some exclusions) in the AJAX call to preserve dynamic population via query string.
139+
$exclude_params = array( 'action', 'form_id', 'atts' );
140+
$ajax_url = remove_query_arg( $exclude_params, add_query_arg( $_GET, admin_url( 'admin-ajax.php' ) ) );
141+
$ajax_url = add_query_arg(
142+
array(
143+
'action' => 'gfcb_get_form',
144+
'form_id' => $form_id
145+
),
146+
$ajax_url
147+
);
148+
149+
$lang = null;
149150
if ( class_exists( 'Gravity_Forms_Multilingual' ) ) {
150151
global $sitepress;
151152
$lang = $sitepress->get_current_language();
@@ -154,7 +155,7 @@ public function shortcode( $markup, $attributes, $content ) {
154155
<script type="text/javascript">
155156
( function ( $ ) {
156157
var formId = '<?php echo $form_id; ?>';
157-
$.post( '<?php echo admin_url( 'admin-ajax.php' ); ?>?action=gfcb_get_form&form_id=<?php echo $form_id, $params; ?>', {
158+
$.post( '<?php echo $ajax_url; ?>', {
158159
action: 'gfcb_get_form',
159160
form_id: '<?php echo $form_id; ?>',
160161
atts: '<?php echo json_encode( $attributes ); ?>',
@@ -175,8 +176,7 @@ public function shortcode( $markup, $attributes, $content ) {
175176
// Form has been rendered. Trigger post render to initialize scripts.
176177
jQuery( document ).trigger( 'gform_post_render', [ formId, 1 ] );
177178
} );
178-
} );
179-
} ( jQuery ) );
179+
} ) ( jQuery);
180180
</script>
181181

182182
<?php

0 commit comments

Comments
 (0)