Merge branch 'release/1.9.1.6'

change_log.txt

@@ -1,3 +1,70 @@
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1.6
+    - Added 'svg-painter' to list of no conflict scripts
+    - Updated GFForms::get_admin_icon_b64() method to support a $color parameter for fetching the SVG icon in different colors
+        $white_icon = GFForms::get_admin_icon_b64( '#fff' );
+
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1.5
+    - Fixed a rare fatal error on some servers.
+
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1.4
+    - Fixed a fatal error caused by a conflict with some themes.
+    - Fixed a XSS vulnerability.
+
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1.3
+    - Fixed an issue with the capability required to export forms.
+
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1.2
+    - Fixed issue where tabbing through Date field would skip the next field in the tabindex
+
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1.1
+    - Fixed an issue with validation of the address field when the option to use values from another field is enabled and activated.
+
+-------------------------------------------------------------------------------------------------------------------
+Version 1.9.1
+    - Added $failed_validation_page as a 3rd parameter to the gform_validation filter.
+    - Added GFCommon::has_merge_tag() method to determine if a string contains a GF merge tag.
+    - Added $from, $from_name, $bcc and $reply_to to the gform_after_email action.
+    - Added the 'gform_export_lines' to allow the csv entry export lines to be filtered just before sending to the browser. Use this filter to fix an issue on Excel for Mac e.g.:
+    	add_filter( 'gform_export_lines', 'fix_csv_entry_export');
+            function fix_csv_entry_export ( $lines ) {
+                return mb_convert_encoding( $lines, 'UTF-16LE', 'UTF-8' );
+            }
+    - Added conditional logic setting to Post Category field.
+    - Added the 'gform_product_info_name_include_field_label' filter to enable the inclusion of the field label in the product name for radio and select type Product fields.
+        add_filter( 'gform_product_info_name_include_field_label', '__return_true' );
+    - Added the Description Placement field setting which overrides the form setting. Only available when the Label Placement form setting is set to Top.
+    - Added the label placement and sub-label placement field settings in the Form Editor. The options to hide labels and sub-labels are currently hidden by default. Use the gform_enable_field_label_visibility_settings filter to display the options.
+        add_filter("gform_enable_field_label_visibility_settings", "__return_true");
+    - Updated page label to be wrapped in a <span> to allow targeted styling when “Steps” is selected as “Progress Indicator”.
+    - Updated confirmation URL validation to bypass URLs that contain merge tags; this supports using a merge tag as the redirect value.
+    - Fixed issue where extra call to wp_print_scripts was causing issues and removing broke New Form modal.
+    - Fixed an issue with the No Duplicates validation for multi-input Email, Date and Time fields.
+	- Fixed issue whith entry limit where trashed entries were taken into account.
+    - Fixed an issue with logging of file uploads.
+    - Fixed an issue with plain text format notifications where values of some fields are missing from the merge tag output.
+	- Fixed issue with font size on mobile devices.
+	- Fixed issue with conditional logic on mobile devices.
+    - Fixed a fatal error in the Captcha field when the Really Simple Captcha plugin is installed and active.
+    - Fixed a fatal error in the merge tag for the Post Category field using the Multi Select field type.
+    - Fixed a fatal error under PHP 5.2 for single value field types.
+    - Fixed an issue with the single file upload field where the list of allowed file types is ignored on form submission.
+    - Fixed an issue with the the Dynamic Population setting for the date, email and time fields in the Form Editor.
+    - Fixed an issue with email validation when the email confirmation setting is enabled.
+    - Removed the No Duplicates setting from the Password field.
+    - Removed unused private functions GFCommon::get_logic_event() and GFCommon::hex2rgb().
+    - Removed the gform_enable_field_label_placement_settings filter.
+    - AF: Added some additional logging to Payment Add-On Framework.
+	- API: Added GFAPI::submit_form(). Sends input values through the complete form submission process. Supports field validation, notifications, confirmations, multiple-pages and save & continue.
+    - API: Added POST /forms/[ID]/submissions endpoint to the Web API to handle form submissions. Sends form input values through the complete form submission process. Supports field validation, notifications, confirmations, multiple-pages and save & continue.
+    - API: Added support for simple CORS requests in the Web API. Use the allowed_http_origin WordPress filter to activate. e.g.
+        add_filter( 'allowed_http_origin', '__return_true' );
+
 -------------------------------------------------------------------------------------------------------------------
 Version 1.9
 

common.php

@@ -886,7 +886,7 @@ public static function replace_variables( $text, $form, $lead, $url_encode = fal
 		$post_url = get_bloginfo( 'wpurl' ) . '/wp-admin/post.php?action=edit&post=' . rgar( $lead, 'post_id' );
 		$text     = str_replace( '{post_edit_url}', $url_encode ? urlencode( $post_url ) : $post_url, $text );
 
-		$text = self::replace_variables_prepopulate( $text, $url_encode, $lead );
+		$text = self::replace_variables_prepopulate( $text, $url_encode, $lead, $esc_html );
 
 		// hook allows for custom merge tags
 		$text = apply_filters( 'gform_replace_merge_tags', $text, $form, $lead, $url_encode, $esc_html, $nl2br, $format );
@@ -947,10 +947,17 @@ public static function get_ul_classes( $form ){
 	}
 
 
-	public static function replace_variables_prepopulate( $text, $url_encode = false, $entry = false ) {
+	public static function replace_variables_prepopulate( $text, $url_encode = false, $entry = false, $esc_html = false ) {
 
 		//embed url
-		$text = str_replace( '{embed_url}', $url_encode ? urlencode( RGFormsModel::get_current_page_url() ) : RGFormsModel::get_current_page_url(), $text );
+		$current_page_url = RGFormsModel::get_current_page_url();
+		if ( $esc_html ) {
+			$current_page_url = esc_html( $current_page_url );
+		}
+		if ( $url_encode ) {
+			$current_page_url = urlencode( $current_page_url );
+		}
+		$text = str_replace( '{embed_url}', $current_page_url, $text );
 
 		$local_timestamp = self::get_local_timestamp( time() );
 
@@ -986,10 +993,24 @@ public static function replace_variables_prepopulate( $text, $url_encode = false
 		}
 
 		//user agent
-		$text = str_replace( '{user_agent}', $url_encode ? urlencode( RGForms::get( 'HTTP_USER_AGENT', $_SERVER ) ) : RGForms::get( 'HTTP_USER_AGENT', $_SERVER ), $text );
+		$user_agent = RGForms::get( 'HTTP_USER_AGENT', $_SERVER );
+		if ( $esc_html ) {
+			$user_agent = esc_html( $user_agent );
+		}
+		if ( $url_encode ) {
+			$user_agent = urlencode( $user_agent );
+		}
+		$text = str_replace( '{user_agent}', $user_agent, $text );
 
 		//referrer
-		$text = str_replace( '{referer}', $url_encode ? urlencode( RGForms::get( 'HTTP_REFERER', $_SERVER ) ) : RGForms::get( 'HTTP_REFERER', $_SERVER ), $text );
+		$referer = RGForms::get( 'HTTP_REFERER', $_SERVER );
+		if ( $esc_html ) {
+			$referer = esc_html( $referer );
+		}
+		if ( $url_encode ) {
+			$referer = urlencode( $referer );
+		}
+		$text = str_replace( '{referer}',  $referer, $text );
 
 		//logged in user info
 		global $userdata, $wp_version, $current_user;
@@ -1006,7 +1027,7 @@ public static function replace_variables_prepopulate( $text, $url_encode = false
 			$text = str_replace( $full_tag, $value, $text );
 		}
 
-		$text = apply_filters( 'gform_replace_merge_tags', $text, false, false, $url_encode, false, false, false );
+		$text = apply_filters( 'gform_replace_merge_tags', $text, false, $entry, $url_encode, false, false, false );
 
 		return $text;
 	}
@@ -1628,13 +1649,17 @@ private static function send_email( $from, $to, $bcc, $reply_to, $subject, $mess
 			} else {
 				GFCommon::log_error( 'GFCommon::send_email(): The mail message was passed off to WordPress for processing, but WordPress was unable to send the message.' );
 			}
+
+			if ( has_filter( 'phpmailer_init' ) ) {
+				GFCommon::log_debug( __METHOD__ . '(): The WordPress phpmailer_init hook has been detected, usually used by SMTP plugins, it can impact mail delivery.' );
+			}
 		} else {
 			GFCommon::log_debug( 'GFCommon::send_email(): Aborting. The gform_pre_send_email hook was used to set the abort_email parameter to true.' );
 		}
 
 		self::add_emails_sent();
 
-		do_action( 'gform_after_email', $is_success, $to, $subject, $message, $headers, $attachments, $message_format );
+		do_action( 'gform_after_email', $is_success, $to, $subject, $message, $headers, $attachments, $message_format, $from, $from_name, $bcc, $reply_to );
 	}
 
 	public static function add_emails_sent() {
@@ -2426,32 +2451,6 @@ public static function get_product_fields_by_type( $form, $types, $product_id )
 		return $_product_fields[ $key ];
 	}
 
-	private static function get_logic_event( $field, $event ) {
-		_deprecated_function( 'GFCommon::get_logic_event', '1.9', 'GF_Field::get_logic_event' );
-
-		$is_form_editor = GFCommon::is_form_editor();
-		$is_entry_detail = GFCommon::is_entry_detail();
-		$is_admin = $is_form_editor || $is_entry_detail;
-
-		if ( empty( $field->conditionalLogicFields ) || $is_admin ) {
-			return '';
-		}
-
-		switch ( $event ) {
-			case 'keyup' :
-				return "onchange='gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ");' onkeyup='clearTimeout(__gf_timeout_handle); __gf_timeout_handle = setTimeout(\"gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ")\", 300);'";
-				break;
-
-			case 'click' :
-				return "onclick='gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ");'";
-				break;
-
-			case 'change' :
-				return "onchange='gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ");'";
-				break;
-		}
-	}
-
 	/**
 	 * @deprecated
 	 *
@@ -2691,30 +2690,6 @@ public static function get_math_captcha( $field, $pos ) {
 		return $field->get_math_captcha( $pos );
 	}
 
-	private static function hex2rgb( $color ) {
-		if ( $color[0] == '#' ) {
-			$color = substr( $color, 1 );
-		}
-
-		if ( strlen( $color ) == 6 ) {
-			list( $r, $g, $b ) = array(
-				$color[0] . $color[1],
-				$color[2] . $color[3],
-				$color[4] . $color[5],
-			);
-		} elseif ( strlen( $color ) == 3 ) {
-			list( $r, $g, $b ) = array( $color[0] . $color[0], $color[1] . $color[1], $color[2] . $color[2] );
-		} else {
-			return false;
-		}
-
-		$r = hexdec( $r );
-		$g = hexdec( $g );
-		$b = hexdec( $b );
-
-		return array( $r, $g, $b );
-	}
-
 	/**
 	 * @param GF_Field $field
 	 * @param          $value
@@ -2799,6 +2774,11 @@ public static function get_product_fields( $form, $lead, $use_choice_text = fals
 							}
 
 							$products[ $id ]['name']     = ! $use_choice_text ? $name : RGFormsModel::get_choice_text( $field, $name );
+							$include_field_label = apply_filters( 'gform_product_info_name_include_field_label', false );
+							if ( $field->inputType == ( 'radio' || 'select' ) && $include_field_label ) {
+								$products[ $id ]['name'] = $field->label . " ({$products[$id]['name']})";
+							}
+
 							$products[ $id ]['price']    = $price;
 							$products[ $id ]['quantity'] = $quantity;
 							$products[ $id ]['options']  = array();
@@ -4102,6 +4082,10 @@ public static function is_entry_detail_view(){
 	public static function is_entry_detail_edit(){
 		return GFForms::get_page() == 'entry_detail_edit';
 	}
+
+	public static function has_merge_tag( $string ) {
+		return preg_match( '/{.+}/', $string );
+	}
 }
 
 class GFCategoryWalker extends Walker {

css/formsmain.css

@@ -4,7 +4,7 @@
 Gravity Forms Front End Form Styles
 Version 1.9
 http: //www.gravityforms.com
-updated: January 28, 2015 1:28 PM
+updated: February 5, 2015 12:25 PM
 
 Gravity Forms is a Rocketgenius project
 copyright 2008-2015 Rocketgenius Inc.
@@ -2239,6 +2239,10 @@ body .gform_wrapper img.delete_list_item {
 		margin-left: 0 !important;
 		margin-right: 0 !important;
 	}
+
+	body .gform_wrapper ul li.gfield[style="display: none;"] {
+		display:none !important;
+	}
 
 	body .gform_wrapper .ginput_container,
 	body .gform_wrapper div.ginput_complex,
@@ -2450,7 +2454,7 @@ body .gform_wrapper img.delete_list_item {
 @media all and (max-device-width: 480px) { 
 
 	body .gform_wrapper {
-		font-size: 2.60em;
+		font-size: inherit;
 	}
 
 	body .gform_wrapper .gfield_checkbox li input[type=checkbox],

css/preview.css

@@ -4,7 +4,7 @@
 preview.css
 Gravity Forms Form Preview Styles
 http://www.gravityforms.com
-updated: January 28, 2015 1:28 PM
+updated: February 5, 2015 12:15 PM
 
 Gravity Forms is a Rocketgenius project
 copyright 2008-2015 Rocketgenius Inc.
@@ -108,6 +108,7 @@ div#preview_form_container {
     position: relative;
     padding: 0.750em 1.50em;
     border-radius: 4px;
+    -webkit-appearance: none !important;
 }
 
 .gform_wrapper.gf_browser_ie .gform_footer input.button,

export.php

@@ -348,7 +348,7 @@ public static function import_form_page() {
 
 	public static function export_form_page() {
 
-		if ( ! GFCommon::current_user_can_any( 'gravityforçms_edit_forms' ) ) {
+		if ( ! GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
 			wp_die( 'You do not have permission to access this page' );
 		}
 
@@ -760,11 +760,7 @@ public static function start_export( $form ) {
 				$lines = utf8_encode( $lines );
 			}
 
-			if ( function_exists( 'mb_convert_encoding' ) ) {
-				// Convert the contents to UTF-16LE which has wider support than UTF-8.
-				// This fixes an issue with special characters in Excel for Mac.
-				$lines = mb_convert_encoding( $lines, 'UTF-16LE', 'UTF-8' );
-			}
+			$lines = apply_filters( 'gform_export_lines', $lines );
 
 			echo $lines;