WordPress.org
Get WordPress

Plugin Directory

Changeset 3085036


Ignore:
Timestamp:
05/11/2024 07:35:30 PM (23 months ago)
Author:
wpkube
Message:

trunk 20240511

Location:
simple-basic-contact-form/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • simple-basic-contact-form/trunk/readme.txt

    r3080546 r3085036  
    145145
    146146== Changelog ==
     147
     148**20240511**
     149
     150* Fixed security issues
    147151
    148152**20240502**

  • simple-basic-contact-form/trunk/simple-basic-contact-form.php

    r3080542 r3085036  
    1010    Requires at least: 4.1
    1111    Tested up to: 6.5
    12     Version: 20240502
     12    Version: 20240511
    1313    Requires PHP: 5.2
    1414    Text Domain: scf
     
    3939
    4040$scf_wp_vers = '4.1';
    41 $scf_version = '20240502';
     41$scf_version = '20240511';
    4242$scf_plugin  = esc_html__('Simple Basic Contact Form', 'scf');
    4343$scf_options = get_option('scf_options');
     
    541541
    542542    $topic   = (isset($_POST['scf_subject']) && !empty($_POST['scf_subject'])) ? sanitize_text_field( stripslashes(strip_tags(trim($_POST['scf_subject'])))) : $subject;   
     543    $topic = strip_shortcodes( $topic );
    543544    $topic = str_replace( '[simple_contact_form_date]', current_time( get_option( 'date_format' ) ), $topic );
    544545
    545546    $name    = isset($_POST['scf_name']) ? sanitize_text_field( stripslashes(strip_tags(trim($_POST['scf_name']))) ) : '';
     547    $name = strip_shortcodes( $name );
    546548    $topic = str_replace( '{name}', $name, $topic );
    547549
    548550    $message = isset($_POST['scf_message']) ? sanitize_text_field( stripslashes(trim($_POST['scf_message'])) ) : '';
     551    $message = strip_shortcodes( $message );
    549552
    550553    $email   = isset($_POST['scf_email']) ? sanitize_text_field($_POST['scf_email']) : '';
     554    $email = strip_shortcodes( $email );
    551555
    552556    $agent   = isset($_SERVER['HTTP_USER_AGENT']) ? sanitize_text_field($_SERVER['HTTP_USER_AGENT']) : esc_html__('[ undefined ]', 'scf');
     557    $agent = sanitize_text_field( $agent );
    553558
    554559    $form    = isset($_SERVER['HTTP_REFERER']) ? sanitize_text_field($_SERVER['HTTP_REFERER']) : esc_html__('[ undefined ]', 'scf');
     560    $form = sanitize_text_field( $form );
    555561
    556562    $host    = isset($_SERVER['REMOTE_ADDR']) ? sanitize_text_field(gethostbyaddr($_SERVER['REMOTE_ADDR'])) : esc_html__('[ undefined ]', 'scf');
     563    $host = sanitize_text_field( $host );
    557564
    558565    $from    = !empty($recipfrom) ? $recipfrom : $email;
Note: See TracChangeset for help on using the changeset viewer.