diff --git a/change_log.txt b/change_log.txt index 7500988..7e43117 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,3 +1,70 @@ +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1.6 + - Added 'svg-painter' to list of no conflict scripts + - Updated GFForms::get_admin_icon_b64() method to support a $color parameter for fetching the SVG icon in different colors + $white_icon = GFForms::get_admin_icon_b64( '#fff' ); + +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1.5 + - Fixed a rare fatal error on some servers. + +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1.4 + - Fixed a fatal error caused by a conflict with some themes. + - Fixed a XSS vulnerability. + +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1.3 + - Fixed an issue with the capability required to export forms. + +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1.2 + - Fixed issue where tabbing through Date field would skip the next field in the tabindex + +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1.1 + - Fixed an issue with validation of the address field when the option to use values from another field is enabled and activated. + +------------------------------------------------------------------------------------------------------------------- +Version 1.9.1 + - Added $failed_validation_page as a 3rd parameter to the gform_validation filter. + - Added GFCommon::has_merge_tag() method to determine if a string contains a GF merge tag. + - Added $from, $from_name, $bcc and $reply_to to the gform_after_email action. + - Added the 'gform_export_lines' to allow the csv entry export lines to be filtered just before sending to the browser. Use this filter to fix an issue on Excel for Mac e.g.: + add_filter( 'gform_export_lines', 'fix_csv_entry_export'); + function fix_csv_entry_export ( $lines ) { + return mb_convert_encoding( $lines, 'UTF-16LE', 'UTF-8' ); + } + - Added conditional logic setting to Post Category field. + - Added the 'gform_product_info_name_include_field_label' filter to enable the inclusion of the field label in the product name for radio and select type Product fields. + add_filter( 'gform_product_info_name_include_field_label', '__return_true' ); + - Added the Description Placement field setting which overrides the form setting. Only available when the Label Placement form setting is set to Top. + - Added the label placement and sub-label placement field settings in the Form Editor. The options to hide labels and sub-labels are currently hidden by default. Use the gform_enable_field_label_visibility_settings filter to display the options. + add_filter("gform_enable_field_label_visibility_settings", "__return_true"); + - Updated page label to be wrapped in a to allow targeted styling when “Steps” is selected as “Progress Indicator”. + - Updated confirmation URL validation to bypass URLs that contain merge tags; this supports using a merge tag as the redirect value. + - Fixed issue where extra call to wp_print_scripts was causing issues and removing broke New Form modal. + - Fixed an issue with the No Duplicates validation for multi-input Email, Date and Time fields. + - Fixed issue whith entry limit where trashed entries were taken into account. + - Fixed an issue with logging of file uploads. + - Fixed an issue with plain text format notifications where values of some fields are missing from the merge tag output. + - Fixed issue with font size on mobile devices. + - Fixed issue with conditional logic on mobile devices. + - Fixed a fatal error in the Captcha field when the Really Simple Captcha plugin is installed and active. + - Fixed a fatal error in the merge tag for the Post Category field using the Multi Select field type. + - Fixed a fatal error under PHP 5.2 for single value field types. + - Fixed an issue with the single file upload field where the list of allowed file types is ignored on form submission. + - Fixed an issue with the the Dynamic Population setting for the date, email and time fields in the Form Editor. + - Fixed an issue with email validation when the email confirmation setting is enabled. + - Removed the No Duplicates setting from the Password field. + - Removed unused private functions GFCommon::get_logic_event() and GFCommon::hex2rgb(). + - Removed the gform_enable_field_label_placement_settings filter. + - AF: Added some additional logging to Payment Add-On Framework. + - API: Added GFAPI::submit_form(). Sends input values through the complete form submission process. Supports field validation, notifications, confirmations, multiple-pages and save & continue. + - API: Added POST /forms/[ID]/submissions endpoint to the Web API to handle form submissions. Sends form input values through the complete form submission process. Supports field validation, notifications, confirmations, multiple-pages and save & continue. + - API: Added support for simple CORS requests in the Web API. Use the allowed_http_origin WordPress filter to activate. e.g. + add_filter( 'allowed_http_origin', '__return_true' ); + ------------------------------------------------------------------------------------------------------------------- Version 1.9 diff --git a/common.php b/common.php index eab25f6..f70e67b 100644 --- a/common.php +++ b/common.php @@ -886,7 +886,7 @@ public static function replace_variables( $text, $form, $lead, $url_encode = fal $post_url = get_bloginfo( 'wpurl' ) . '/wp-admin/post.php?action=edit&post=' . rgar( $lead, 'post_id' ); $text = str_replace( '{post_edit_url}', $url_encode ? urlencode( $post_url ) : $post_url, $text ); - $text = self::replace_variables_prepopulate( $text, $url_encode, $lead ); + $text = self::replace_variables_prepopulate( $text, $url_encode, $lead, $esc_html ); // hook allows for custom merge tags $text = apply_filters( 'gform_replace_merge_tags', $text, $form, $lead, $url_encode, $esc_html, $nl2br, $format ); @@ -947,10 +947,17 @@ public static function get_ul_classes( $form ){ } - public static function replace_variables_prepopulate( $text, $url_encode = false, $entry = false ) { + public static function replace_variables_prepopulate( $text, $url_encode = false, $entry = false, $esc_html = false ) { //embed url - $text = str_replace( '{embed_url}', $url_encode ? urlencode( RGFormsModel::get_current_page_url() ) : RGFormsModel::get_current_page_url(), $text ); + $current_page_url = RGFormsModel::get_current_page_url(); + if ( $esc_html ) { + $current_page_url = esc_html( $current_page_url ); + } + if ( $url_encode ) { + $current_page_url = urlencode( $current_page_url ); + } + $text = str_replace( '{embed_url}', $current_page_url, $text ); $local_timestamp = self::get_local_timestamp( time() ); @@ -986,10 +993,24 @@ public static function replace_variables_prepopulate( $text, $url_encode = false } //user agent - $text = str_replace( '{user_agent}', $url_encode ? urlencode( RGForms::get( 'HTTP_USER_AGENT', $_SERVER ) ) : RGForms::get( 'HTTP_USER_AGENT', $_SERVER ), $text ); + $user_agent = RGForms::get( 'HTTP_USER_AGENT', $_SERVER ); + if ( $esc_html ) { + $user_agent = esc_html( $user_agent ); + } + if ( $url_encode ) { + $user_agent = urlencode( $user_agent ); + } + $text = str_replace( '{user_agent}', $user_agent, $text ); //referrer - $text = str_replace( '{referer}', $url_encode ? urlencode( RGForms::get( 'HTTP_REFERER', $_SERVER ) ) : RGForms::get( 'HTTP_REFERER', $_SERVER ), $text ); + $referer = RGForms::get( 'HTTP_REFERER', $_SERVER ); + if ( $esc_html ) { + $referer = esc_html( $referer ); + } + if ( $url_encode ) { + $referer = urlencode( $referer ); + } + $text = str_replace( '{referer}', $referer, $text ); //logged in user info global $userdata, $wp_version, $current_user; @@ -1006,7 +1027,7 @@ public static function replace_variables_prepopulate( $text, $url_encode = false $text = str_replace( $full_tag, $value, $text ); } - $text = apply_filters( 'gform_replace_merge_tags', $text, false, false, $url_encode, false, false, false ); + $text = apply_filters( 'gform_replace_merge_tags', $text, false, $entry, $url_encode, false, false, false ); return $text; } @@ -1628,13 +1649,17 @@ private static function send_email( $from, $to, $bcc, $reply_to, $subject, $mess } else { GFCommon::log_error( 'GFCommon::send_email(): The mail message was passed off to WordPress for processing, but WordPress was unable to send the message.' ); } + + if ( has_filter( 'phpmailer_init' ) ) { + GFCommon::log_debug( __METHOD__ . '(): The WordPress phpmailer_init hook has been detected, usually used by SMTP plugins, it can impact mail delivery.' ); + } } else { GFCommon::log_debug( 'GFCommon::send_email(): Aborting. The gform_pre_send_email hook was used to set the abort_email parameter to true.' ); } self::add_emails_sent(); - do_action( 'gform_after_email', $is_success, $to, $subject, $message, $headers, $attachments, $message_format ); + do_action( 'gform_after_email', $is_success, $to, $subject, $message, $headers, $attachments, $message_format, $from, $from_name, $bcc, $reply_to ); } public static function add_emails_sent() { @@ -2426,32 +2451,6 @@ public static function get_product_fields_by_type( $form, $types, $product_id ) return $_product_fields[ $key ]; } - private static function get_logic_event( $field, $event ) { - _deprecated_function( 'GFCommon::get_logic_event', '1.9', 'GF_Field::get_logic_event' ); - - $is_form_editor = GFCommon::is_form_editor(); - $is_entry_detail = GFCommon::is_entry_detail(); - $is_admin = $is_form_editor || $is_entry_detail; - - if ( empty( $field->conditionalLogicFields ) || $is_admin ) { - return ''; - } - - switch ( $event ) { - case 'keyup' : - return "onchange='gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ");' onkeyup='clearTimeout(__gf_timeout_handle); __gf_timeout_handle = setTimeout(\"gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ")\", 300);'"; - break; - - case 'click' : - return "onclick='gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ");'"; - break; - - case 'change' : - return "onchange='gf_apply_rules(" . $field->formId . ',' . GFCommon::json_encode( $field->conditionalLogicFields ) . ");'"; - break; - } - } - /** * @deprecated * @@ -2691,30 +2690,6 @@ public static function get_math_captcha( $field, $pos ) { return $field->get_math_captcha( $pos ); } - private static function hex2rgb( $color ) { - if ( $color[0] == '#' ) { - $color = substr( $color, 1 ); - } - - if ( strlen( $color ) == 6 ) { - list( $r, $g, $b ) = array( - $color[0] . $color[1], - $color[2] . $color[3], - $color[4] . $color[5], - ); - } elseif ( strlen( $color ) == 3 ) { - list( $r, $g, $b ) = array( $color[0] . $color[0], $color[1] . $color[1], $color[2] . $color[2] ); - } else { - return false; - } - - $r = hexdec( $r ); - $g = hexdec( $g ); - $b = hexdec( $b ); - - return array( $r, $g, $b ); - } - /** * @param GF_Field $field * @param $value @@ -2799,6 +2774,11 @@ public static function get_product_fields( $form, $lead, $use_choice_text = fals } $products[ $id ]['name'] = ! $use_choice_text ? $name : RGFormsModel::get_choice_text( $field, $name ); + $include_field_label = apply_filters( 'gform_product_info_name_include_field_label', false ); + if ( $field->inputType == ( 'radio' || 'select' ) && $include_field_label ) { + $products[ $id ]['name'] = $field->label . " ({$products[$id]['name']})"; + } + $products[ $id ]['price'] = $price; $products[ $id ]['quantity'] = $quantity; $products[ $id ]['options'] = array(); @@ -4102,6 +4082,10 @@ public static function is_entry_detail_view(){ public static function is_entry_detail_edit(){ return GFForms::get_page() == 'entry_detail_edit'; } + + public static function has_merge_tag( $string ) { + return preg_match( '/{.+}/', $string ); + } } class GFCategoryWalker extends Walker { diff --git a/css/formsmain.css b/css/formsmain.css index b330c17..361d514 100644 --- a/css/formsmain.css +++ b/css/formsmain.css @@ -4,7 +4,7 @@ Gravity Forms Front End Form Styles Version 1.9 http: //www.gravityforms.com -updated: January 28, 2015 1:28 PM +updated: February 5, 2015 12:25 PM Gravity Forms is a Rocketgenius project copyright 2008-2015 Rocketgenius Inc. @@ -2239,6 +2239,10 @@ body .gform_wrapper img.delete_list_item { margin-left: 0 !important; margin-right: 0 !important; } + + body .gform_wrapper ul li.gfield[style="display: none;"] { + display:none !important; + } body .gform_wrapper .ginput_container, body .gform_wrapper div.ginput_complex, @@ -2450,7 +2454,7 @@ body .gform_wrapper img.delete_list_item { @media all and (max-device-width: 480px) { body .gform_wrapper { - font-size: 2.60em; + font-size: inherit; } body .gform_wrapper .gfield_checkbox li input[type=checkbox], diff --git a/css/preview.css b/css/preview.css index fa974a9..c1f340b 100644 --- a/css/preview.css +++ b/css/preview.css @@ -4,7 +4,7 @@ preview.css Gravity Forms Form Preview Styles http://www.gravityforms.com -updated: January 28, 2015 1:28 PM +updated: February 5, 2015 12:15 PM Gravity Forms is a Rocketgenius project copyright 2008-2015 Rocketgenius Inc. @@ -108,6 +108,7 @@ div#preview_form_container { position: relative; padding: 0.750em 1.50em; border-radius: 4px; + -webkit-appearance: none !important; } .gform_wrapper.gf_browser_ie .gform_footer input.button, diff --git a/export.php b/export.php index f0d1999..7107dce 100644 --- a/export.php +++ b/export.php @@ -348,7 +348,7 @@ public static function import_form_page() { public static function export_form_page() { - if ( ! GFCommon::current_user_can_any( 'gravityforçms_edit_forms' ) ) { + if ( ! GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) { wp_die( 'You do not have permission to access this page' ); } @@ -760,11 +760,7 @@ public static function start_export( $form ) { $lines = utf8_encode( $lines ); } - if ( function_exists( 'mb_convert_encoding' ) ) { - // Convert the contents to UTF-16LE which has wider support than UTF-8. - // This fixes an issue with special characters in Excel for Mac. - $lines = mb_convert_encoding( $lines, 'UTF-16LE', 'UTF-8' ); - } + $lines = apply_filters( 'gform_export_lines', $lines ); echo $lines; diff --git a/form_detail.php b/form_detail.php index 4c0684d..7e4abba 100644 --- a/form_detail.php +++ b/form_detail.php @@ -1879,63 +1879,62 @@ class="bulk-choice"> $label_placement_form_setting_label = __( 'Top aligned', 'gravityforms' ); } - $enable_label_placement_settings = apply_filters( 'gform_enable_field_label_placement_settings', false ); + $enable_label_visiblity_settings = apply_filters( 'gform_enable_field_label_visibility_settings', false ); - if ( $enable_label_placement_settings ) { - $description_placement_form_setting = rgar( $form, 'descriptionPlacement' ); - $description_placement_form_setting_label = $description_placement_form_setting == 'above' ? $description_placement_form_setting_label = __( 'Above inputs', 'gravityforms' ) : $description_placement_form_setting_label = __( 'Below inputs', 'gravityforms' ); - ?> -
  • - - - - -
  • - -
  • -
  • + + + + +
  • + + +
  • + + +
  • + +