Changeset 3415391

Timestamp:

12/09/2025 12:36:22 PM (2 months ago)

Author:

mailerlite

Message:

updated to 1.7.16

Location:

official-mailerlite-sign-up-forms/trunk

Files:

• mailerlite.php (modified) (2 diffs)
• readme.txt (modified) (1 diff)
• src/Controllers/AdminController.php (modified) (1 diff)
• src/Views/CustomForm.php (modified) (2 diffs)

official-mailerlite-sign-up-forms/trunk/mailerlite.php

@@ -4 +4 @@
  * Plugin URI: https://mailerlite.com
  * Description: Official MailerLite Signup forms plugin for WordPress. Ability to embed MailerLite webforms and create custom ones just with few clicks.
- * Version: 1.7.15
+ * Version: 1.7.16
  * Author: MailerLite
  * Author URI: https://www.mailerlite.com
@@ -35 +35 @@
 define( 'MAILERLITE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
 
-define( 'MAILERLITE_VERSION', '1.7.15' );
+define( 'MAILERLITE_VERSION', '1.7.16' );
 
 define( 'MAILERLITE_PHP_VERSION', '7.2.5' );

official-mailerlite-sign-up-forms/trunk/readme.txt

@@ -130 +130 @@
 
 == Changelog ==
+= 1.7.16 =
+* Security fixes
+
 = 1.7.15 =
 * Update plugin URI

official-mailerlite-sign-up-forms/trunk/src/Controllers/AdminController.php

@@ -222 +222 @@
                         $form_data = [
                             'title'           => $rolePermission->canEdit('form_title') ? $form_title : $form->data['form_title'],
-                            'description'     => $rolePermission->canEdit('form_description') ? wpautop( $form_description, true ) : $form->data['description'],
-                            'success_message' => $rolePermission->canEdit('success_message') ? wpautop( $success_message, true ) : $form->data['success_message'],
+                            'description'     => wp_kses_post( $rolePermission->canEdit('form_description') ? wpautop( $form_description, true ) : $form->data['description'] ),
+                            'success_message' => wp_kses_post( $rolePermission->canEdit('success_message') ? wpautop( $success_message, true ) : $form->data['success_message'] ),
                             'button'          => $rolePermission->canEdit('button_name') ? $button_name : $form->data['button'],
                             'please_wait'     => $rolePermission->canEdit('please_wait') ? $please_wait : $form->data['please_wait'],

official-mailerlite-sign-up-forms/trunk/src/Views/CustomForm.php

@@ -36 +36 @@
                             <div class="mailerlite-form-title"><h3><?php echo $form_data['title']; ?></h3></div>
                         <?php } ?>
-                        <div class="mailerlite-form-description"><?php echo stripslashes( $form_data['description'] ); ?></div>
+                        <div class="mailerlite-form-description"><?php echo wp_kses_post( stripslashes( $form_data['description'] ) ); ?></div>
                         <div class="mailerlite-form-inputs">
                             <?php foreach ( $form_data['fields'] as $key => $field ): ?>
@@ -92 +92 @@
                         <div class="mailerlite-form-response">
                             <?php if ( ! empty( $form_data['success_message'] ) ) { ?>
-                                <h4><?php echo $form_data['success_message'] ?></h4>
+                                <h4><?php echo wp_kses_post( $form_data['success_message'] ); ?></h4>
                             <?php } else { ?>
                                 <h4><?php _e( 'Thank you for signing up!', 'mailerlite' ); ?></h4>