ofco/medicalalert-web-reloaded
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merged in feature/Plugin-updates (pull request #19)

Browse Source 
Updated plugins

* Updated plugins
This commit is contained in:
Tony Volpe
2024-01-10 21:13:38 +00:00
parent 768ebbdc75
commit 14f187dd80
168 changed files with 9219 additions and 9861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

450
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/assets/scripts/dtx.js
View File

@@ -1,226 +1,226 @@
var $ = jQuery.noConflict(),
dtx = {
queue: [],
init: function() {
var $inputs = $('input.dtx-pageload[data-dtx-value]');
if ($inputs.length) {
// If this is any of our built-in shortcodes, see if there's any that can be duplicated via client side
$inputs.each(function(i, el) {
var $input = $(el),
raw_value = $input.attr('data-dtx-value'),
v = decodeURIComponent(raw_value).split(' ');
if (v.length) {
var tag = v[0],
atts = {};
if (v.length > 1) {
for (var x = 1; x < v.length; x++) {
var att = v[x].split('=');
if (att.length === 2) {
var key = att[0];
atts[key] = att[1].split("'").join('');
}
}
}
var value = '';
switch (tag) {
case 'CF7_GET':
value = dtx.get(atts);
break;
case 'CF7_referrer':
value = dtx.referrer(atts);
break;
case 'CF7_URL':
value = dtx.current_url(atts);
break;
case 'CF7_get_cookie':
value = dtx.get_cookie(atts);
break;
case 'CF7_guid':
value = dtx.guid();
break;
case 'CF7_get_current_var':
if (dtx.validKey(atts, 'key') && atts.key == 'url') {
value = dtx.current_url(atts);
} else {
return; // Do nothing, current page variables are safe to cache, just use the value that was calculated by server
}
break;
case 'CF7_get_post_var': // Current post variables are safe to cache
case 'CF7_get_custom_field': // Meta data is safe to cache
case 'CF7_get_taxonomy': // Terms are safe to cache
case 'CF7_get_attachment': // Media attachment info is safe to cache
case 'CF7_bloginfo': // Site info is safe to cache
case 'CF7_get_theme_option': // Theme options are safe to cache
return; // Do nothing, just use the value that was calculated by server
default:
if (tag) {
// Queue the requests for an AJAX call at the end of init
dtx.queue.push({ 'value': raw_value, 'multiline': $input.is('textarea') });
}
return; // Don't continue after queuing it for AJAX
}
dtx.set($input, value);
}
});
if (dtx.queue.length) {
setTimeout(function() { // Set timeout to force it async
$.ajax({
type: 'POST',
url: dtx_obj.ajax_url,
dataType: 'json', // only accept strict JSON objects
data: {
'action': 'wpcf7dtx',
'shortcodes': dtx.queue
},
cache: false,
error: function(xhr, status, error) {
console.error('[CF7 DTX AJAX ERROR]', error, status, xhr);
},
success: function(data, status, xhr) {
if (typeof(data) == 'object' && data.length) {
$.each(data, function(i, obj) {
var $inputs = $('.wpcf7 form input.dtx-pageload[data-dtx-value="' + obj.raw_value + '"]');
if ($inputs.length) {
dtx.set($inputs, obj.value);
$inputs.addClass('dtx-ajax-loaded');
}
});
}
}
});
}, 10);
}
}
},
/**
* Check if Key Exists in Object
*/
validKey: function(obj, key) {
return obj.hasOwnProperty(key) && typeof(obj[key]) == 'string' && obj[key].trim();
},
/**
* Maybe Obfuscate Value
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-attribute-obfuscate/
*/
obfuscate: function(value, atts) {
value = value.trim();
if (dtx.validKey(atts, 'obfuscate') && atts.obfuscate) {
var o = '';
for (var i = 0; i < value.length; i++) {
o += '&#' + value.codePointAt(i) + ';';
}
return o;
}
return value;
},
/**
* Set Value for Form Field
*/
set: function($input, value) {
$input.attr('value', value).addClass('dtx-loaded');
},
/**
* Get Value form URL Query by Key
*
* @see @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-php-get-variables/
*/
get: function(atts) {
if (dtx.validKey(atts, 'key')) {
var query = window.location.search;
if (query) {
query = new URLSearchParams(query);
return dtx.obfuscate(query.get(atts.key).trim(), atts);
}
}
return '';
},
/**
* Get Referrering URL
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-referrer-url/
*/
referrer: function(atts) {
return dtx.obfuscate(document.referrer, atts);
},
/**
* Get Current URL or Part
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-current-url/
*/
current_url: function(atts) {
if (atts.hasOwnProperty('part')) {
var parts = [
'scheme', // e.g. `http`
'host',
'port',
'path',
'query', // after the question mark ?
'fragment' // after the pound sign #
];
if (parts.includes(atts.part)) {
// return part of the url
switch (atts.part) {
case 'scheme':
return dtx.obfuscate(window.location.protocol.replace(':', ''), atts);
case 'host':
return dtx.obfuscate(window.location.host, atts);
case 'port':
return dtx.obfuscate(window.location.port, atts);
case 'path':
return dtx.obfuscate(window.location.pathname, atts);
case 'query':
return dtx.obfuscate(window.location.search.replace('?', ''), atts);
case 'fragment':
return dtx.obfuscate(window.location.hash.replace('#', ''), atts);
default:
break;
}
}
} else {
return dtx.obfuscate(window.location.href, atts); // Return the full url
}
return '';
},
/**
* Get Cookie Value
*
* @since 3.3.0
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-cookie/
*/
get_cookie: function(atts) {
if (atts.hasOwnProperty('key') && typeof(atts.key) == 'string' && atts.key.trim() != '') {
var keyValue = document.cookie.match('(^|;) ?' + atts.key.trim() + '=([^;]*)(;|$)');
return keyValue ? dtx.obfuscate(keyValue[2], atts) : '';
}
return '';
},
/**
* Generate a random GUID (globally unique identifier)
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-guid/
*/
guid: function() {
if (typeof(window.crypto) != 'undefined' && typeof(window.crypto.getRandomValues) != 'undefined') {
return ([1e7] + -1e3 + -4e3 + -8e3 + -1e11).replace(/[018]/g, c =>
(c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16)
).toUpperCase();
}
console.warn('[CF7 DTX] Cryptographically secure PRNG is not available for generating GUID value');
var d = new Date().getTime(), //Timestamp
d2 = ((typeof performance !== 'undefined') && performance.now && (performance.now() * 1000)) || 0; //Time in microseconds since page-load or 0 if unsupported
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16; //random number between 0 and 16
if (d > 0) { //Use timestamp until depleted
r = (d + r) % 16 | 0;
d = Math.floor(d / 16);
} else { //Use microseconds since page-load if supported
r = (d2 + r) % 16 | 0;
d2 = Math.floor(d2 / 16);
}
return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16).toUpperCase();
}).toUpperCase();;
}
};
var $ = jQuery.noConflict(),
dtx = {
queue: [],
init: function() {
var $inputs = $('input.dtx-pageload[data-dtx-value]');
if ($inputs.length) {
// If this is any of our built-in shortcodes, see if there's any that can be duplicated via client side
$inputs.each(function(i, el) {
var $input = $(el),
raw_value = $input.attr('data-dtx-value'),
v = decodeURIComponent(raw_value).split(' ');
if (v.length) {
var tag = v[0],
atts = {};
if (v.length > 1) {
for (var x = 1; x < v.length; x++) {
var att = v[x].split('=');
if (att.length === 2) {
var key = att[0];
atts[key] = att[1].split("'").join('');
}
}
}
var value = '';
switch (tag) {
case 'CF7_GET':
value = dtx.get(atts);
break;
case 'CF7_referrer':
value = dtx.referrer(atts);
break;
case 'CF7_URL':
value = dtx.current_url(atts);
break;
case 'CF7_get_cookie':
value = dtx.get_cookie(atts);
break;
case 'CF7_guid':
value = dtx.guid();
break;
case 'CF7_get_current_var':
if (dtx.validKey(atts, 'key') && atts.key == 'url') {
value = dtx.current_url(atts);
} else {
return; // Do nothing, current page variables are safe to cache, just use the value that was calculated by server
}
break;
case 'CF7_get_post_var': // Current post variables are safe to cache
case 'CF7_get_custom_field': // Meta data is safe to cache
case 'CF7_get_taxonomy': // Terms are safe to cache
case 'CF7_get_attachment': // Media attachment info is safe to cache
case 'CF7_bloginfo': // Site info is safe to cache
case 'CF7_get_theme_option': // Theme options are safe to cache
return; // Do nothing, just use the value that was calculated by server
default:
if (tag) {
// Queue the requests for an AJAX call at the end of init
dtx.queue.push({ 'value': raw_value, 'multiline': $input.is('textarea') });
}
return; // Don't continue after queuing it for AJAX
}
dtx.set($input, value);
}
});
if (dtx.queue.length) {
setTimeout(function() { // Set timeout to force it async
$.ajax({
type: 'POST',
url: dtx_obj.ajax_url,
dataType: 'json', // only accept strict JSON objects
data: {
'action': 'wpcf7dtx',
'shortcodes': dtx.queue
},
cache: false,
error: function(xhr, status, error) {
console.error('[CF7 DTX AJAX ERROR]', error, status, xhr);
},
success: function(data, status, xhr) {
if (typeof(data) == 'object' && data.length) {
$.each(data, function(i, obj) {
var $inputs = $('.wpcf7 form input.dtx-pageload[data-dtx-value="' + obj.raw_value + '"]');
if ($inputs.length) {
dtx.set($inputs, obj.value);
$inputs.addClass('dtx-ajax-loaded');
}
});
}
}
});
}, 10);
}
}
},
/**
* Check if Key Exists in Object
*/
validKey: function(obj, key) {
return obj.hasOwnProperty(key) && typeof(obj[key]) == 'string' && obj[key].trim();
},
/**
* Maybe Obfuscate Value
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-attribute-obfuscate/
*/
obfuscate: function(value, atts) {
value = value.trim();
if (dtx.validKey(atts, 'obfuscate') && atts.obfuscate) {
var o = '';
for (var i = 0; i < value.length; i++) {
o += '&#' + value.codePointAt(i) + ';';
}
return o;
}
return value;
},
/**
* Set Value for Form Field
*/
set: function($input, value) {
$input.attr('value', value).addClass('dtx-loaded');
},
/**
* Get Value form URL Query by Key
*
* @see @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-php-get-variables/
*/
get: function(atts) {
if (dtx.validKey(atts, 'key')) {
var query = window.location.search;
if (query) {
query = new URLSearchParams(query);
return dtx.obfuscate(query.get(atts.key).trim(), atts);
}
}
return '';
},
/**
* Get Referrering URL
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-referrer-url/
*/
referrer: function(atts) {
return dtx.obfuscate(document.referrer, atts);
},
/**
* Get Current URL or Part
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-current-url/
*/
current_url: function(atts) {
if (atts.hasOwnProperty('part')) {
var parts = [
'scheme', // e.g. `http`
'host',
'port',
'path',
'query', // after the question mark ?
'fragment' // after the pound sign #
];
if (parts.includes(atts.part)) {
// return part of the url
switch (atts.part) {
case 'scheme':
return dtx.obfuscate(window.location.protocol.replace(':', ''), atts);
case 'host':
return dtx.obfuscate(window.location.host, atts);
case 'port':
return dtx.obfuscate(window.location.port, atts);
case 'path':
return dtx.obfuscate(window.location.pathname, atts);
case 'query':
return dtx.obfuscate(window.location.search.replace('?', ''), atts);
case 'fragment':
return dtx.obfuscate(window.location.hash.replace('#', ''), atts);
default:
break;
}
}
} else {
return dtx.obfuscate(window.location.href, atts); // Return the full url
}
return '';
},
/**
* Get Cookie Value
*
* @since 3.3.0
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-cookie/
*/
get_cookie: function(atts) {
if (atts.hasOwnProperty('key') && typeof(atts.key) == 'string' && atts.key.trim() != '') {
var keyValue = document.cookie.match('(^|;) ?' + atts.key.trim() + '=([^;]*)(;|$)');
return keyValue ? dtx.obfuscate(keyValue[2], atts) : '';
}
return '';
},
/**
* Generate a random GUID (globally unique identifier)
*
* @see https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-guid/
*/
guid: function() {
if (typeof(window.crypto) != 'undefined' && typeof(window.crypto.getRandomValues) != 'undefined') {
return ([1e7] + -1e3 + -4e3 + -8e3 + -1e11).replace(/[018]/g, c =>
(c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16)
).toUpperCase();
}
console.warn('[CF7 DTX] Cryptographically secure PRNG is not available for generating GUID value');
var d = new Date().getTime(), //Timestamp
d2 = ((typeof performance !== 'undefined') && performance.now && (performance.now() * 1000)) || 0; //Time in microseconds since page-load or 0 if unsupported
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16; //random number between 0 and 16
if (d > 0) { //Use timestamp until depleted
r = (d + r) % 16 | 0;
d = Math.floor(d / 16);
} else { //Use microseconds since page-load if supported
r = (d2 + r) % 16 | 0;
d2 = Math.floor(d2 / 16);
}
return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16).toUpperCase();
}).toUpperCase();;
}
};
$(document).ready(dtx.init);

2
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/assets/scripts/dtx.min.js vendored
View File

@@ -1,2 +1,2 @@
/*! Do not edit, this file is generated automatically - 2023-09-18 14:09:50 EDT */
/*! Do not edit, this file is generated automatically - 2024-01-09 15:01:30 MST */
var $=jQuery.noConflict(),dtx={queue:[],init:function(){var e=$("input.dtx-pageload[data-dtx-value]");e.length&&(e.each(function(e,t){var r=$(t),a=r.attr("data-dtx-value"),o=decodeURIComponent(a).split(" ");if(o.length){var n=o[0],c={};if(1<o.length)for(var u=1;u<o.length;u++){var i=o[u].split("="),d;2===i.length&&(c[i[0]]=i[1].split("'").join(""))}var s="";switch(n){case"CF7_GET":s=dtx.get(c);break;case"CF7_referrer":s=dtx.referrer(c);break;case"CF7_URL":s=dtx.current_url(c);break;case"CF7_get_cookie":s=dtx.get_cookie(c);break;case"CF7_guid":s=dtx.guid();break;case"CF7_get_current_var":if(!dtx.validKey(c,"key")||"url"!=c.key)return;s=dtx.current_url(c);break;case"CF7_get_post_var":case"CF7_get_custom_field":case"CF7_get_taxonomy":case"CF7_get_attachment":case"CF7_bloginfo":case"CF7_get_theme_option":return;default:return void(n&&dtx.queue.push({value:a,multiline:r.is("textarea")}))}dtx.set(r,s)}}),dtx.queue.length)&&setTimeout(function(){$.ajax({type:"POST",url:dtx_obj.ajax_url,dataType:"json",data:{action:"wpcf7dtx",shortcodes:dtx.queue},cache:!1,error:function(e,t,r){},success:function(e,t,r){"object"==typeof e&&e.length&&$.each(e,function(e,t){var r=$('.wpcf7 form input.dtx-pageload[data-dtx-value="'+t.raw_value+'"]');r.length&&(dtx.set(r,t.value),r.addClass("dtx-ajax-loaded"))})}})},10)},validKey:function(e,t){return e.hasOwnProperty(t)&&"string"==typeof e[t]&&e[t].trim()},obfuscate:function(e,t){if(e=e.trim(),dtx.validKey(t,"obfuscate")&&t.obfuscate){for(var r="",a=0;a<e.length;a++)r+="&#"+e.codePointAt(a)+";";return r}return e},set:function(e,t){e.attr("value",t).addClass("dtx-loaded")},get:function(e){if(dtx.validKey(e,"key")){var t=window.location.search;if(t)return t=new URLSearchParams(t),dtx.obfuscate(t.get(e.key).trim(),e)}return""},referrer:function(e){return dtx.obfuscate(document.referrer,e)},current_url:function(e){if(!e.hasOwnProperty("part"))return dtx.obfuscate(window.location.href,e);var t;if(["scheme","host","port","path","query","fragment"].includes(e.part))switch(e.part){case"scheme":return dtx.obfuscate(window.location.protocol.replace(":",""),e);case"host":return dtx.obfuscate(window.location.host,e);case"port":return dtx.obfuscate(window.location.port,e);case"path":return dtx.obfuscate(window.location.pathname,e);case"query":return dtx.obfuscate(window.location.search.replace("?",""),e);case"fragment":return dtx.obfuscate(window.location.hash.replace("#",""),e)}return""},get_cookie:function(e){var t;return e.hasOwnProperty("key")&&"string"==typeof e.key&&""!=e.key.trim()&&(t=document.cookie.match("(^|;) ?"+e.key.trim()+"=([^;]*)(;|$)"))?dtx.obfuscate(t[2],e):""},guid:function(){var r,a;return(void 0!==window.crypto&&void 0!==window.crypto.getRandomValues?([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,e=>(e^crypto.getRandomValues(new Uint8Array(1))[0]&15>>e/4).toString(16)):(r=(new Date).getTime(),a="undefined"!=typeof performance&&performance.now&&1e3*performance.now()||0,"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(e){var t=16*Math.random();return 0<r?(t=(r+t)%16|0,r=Math.floor(r/16)):(t=(a+t)%16|0,a=Math.floor(a/16)),("x"===e?t:3&t|8).toString(16).toUpperCase()}))).toUpperCase()}};$(document).ready(dtx.init);

2
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/assets/scripts/tag-generator.min.js vendored
View File

@@ -1,2 +1,2 @@
/*! Do not edit, this file is generated automatically - 2023-09-18 14:09:50 EDT */
/*! Do not edit, this file is generated automatically - 2024-01-09 15:01:30 MST */
!function(n){"use strict";"undefined"!=typeof wpcf7&&null!==wpcf7&&(window.wpcf7dtx=window.wpcf7dtx||{},wpcf7dtx.taggen={},wpcf7dtx.taggen.escapeRegExp=function(e){return e.replace(/([.*+?^=!:${}()|\[\]\/\\])/g,"\\$1")},wpcf7dtx.taggen.replaceAll=function(e,t,n,a){var c;return null!=e&&"string"==typeof e&&""!==e.trim()&&-1<e.indexOf(t)?(c=new RegExp(wpcf7dtx.taggen.escapeRegExp(t),"g"),a&&(c=new RegExp(t,"g")),e.replace(c,n)):e},wpcf7dtx.taggen.updateOption=function(e){var e=n(e.currentTarget),t=encodeURIComponent(wpcf7dtx.taggen.replaceAll(e.val(),"'","&#39;"));e.siblings('input[type="hidden"].option').val(t)},n(function(){n("form.tag-generator-panel .dtx-option").on("change keyup click",wpcf7dtx.taggen.updateOption),n('.contact-form-editor-panel #tag-generator-list a.thickbox.button[href*="inlineId=tag-generator-panel-dynamic_"]').each(function(){var e=n(this),t=e.text();e.addClass("dtx-form-tag"),"dynamic drop-down menu"!=t&&"dynamic checkboxes"!=t&&"dynamic radio buttons"!=t||e.attr("href",e.attr("href").replace("height=500","height=750"))})}))}(jQuery);

429
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/changelog.txt
View File

@@ -1,211 +1,218 @@
== Changelog ==
= 4.1.0 =
* Feature: Looks for a `dtx.php` file in the `wp_content` directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)
* Feature: Looks for a `dtx.php` file in the current active theme's directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)
* Feature: Looks for a `dtx.php` file in the current active theme's parent directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)
* Fix: addressed user reported bug, [see support thread](https://wordpress.org/support/topic/fatal-error-v4-0-3/)
= 4.0.3 =
* Feature: Added `exclusive` option to checkbox tag generator
* Fix: addressed bug that put all dynamic checkbox/radio options into one
* Fix: addressed bug in frontend validator for multiple selected values
= 4.0.2 =
* Fix: addressed bug that put all dynamic select options into one, [see support thread](https://wordpress.org/support/topic/dynamic-select-get-option-values-from-shortcode/)
* Update: sanitizing and escaping filters now accept `none` as value for `$type` to bypass. Use with caution.
= 4.0.1 =
* Fix: addressed bug that prevented translation for cache compatibility description
= 4.0.0 =
* Major: modified function names
* Major: deprecated `dynamictext` and `dynamichidden` form tags in favor of `dynamic_text` and `dynamic_hidden`. For more information, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_email` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-email/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_url` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-url/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_tel` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-tel/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_number` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-number/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_range` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-range/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_textarea` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-textarea/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_select` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-select/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_radio` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-radio/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_date` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-date/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_submit` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-submit/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dtx_hide_blank` form tag attribute for `dynamic_select`. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-select/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dtx_disable_blank` form tag attribute for `dynamic_select`. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-select/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: added mail validation for `dynamic_email` and `dynamic_hidden` for backend configuration. For more information, see the [FAQ](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/frequently-asked-questions/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: added the Akismet feature to DTX text, email, and URL form tags.
* Update: adjusted how queued values were sent for cache compatibility mode to allow for multiline values in textareas
* Removed unused utility functions
= 3.5.4 =
* Fix: Updated JavaScript to prevent cacheable fields from making unnecessary AJAX requests
= 3.5.3 =
* Update: removed the use of sessions, [see support thread](https://wordpress.org/support/topic/add-option-to-disable-session-data/)
= 3.5.2 =
* Fix: Updated the `CF7_URL` shortcode to only use `network_home_url()` for multisite installs that do not use subdomains, and use `home_url()` for all others to [maybe address this support thread](https://wordpress.org/support/topic/cf7_url-return-only-domain-and-not-subdomain/)
* Fix: Removed a lingering debug call
= 3.5.1 =
* Fix: fixed bug so tag generator for dynamic fields work on "Add New Contact Form" page of Contact Form 7
* Updated: Updated text in tag generator for cache compatible checkbox and added link to documentation
= 3.5.0 =
* Feature: Added the `dtx_pageload` form tag attribute for cache compatibility. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tag-attribute-after-page-load/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Fix: Updated to be compatible with WordPress version 6.3
* Fix: Addressed a bug where `scheme` in `CF7_URL part='scheme'` was incorrectly sanitizing as URL instead of text
* Fix: Fixed `wp_kses()` in tag generator that stripped out link opening in new tab
* Update: `CF7_get_current_var` utilizes PHP session variables where appropriate
* Update: All JavaScript assets will load with the `defer` strategy in the footer in [WordPress 6.3](https://make.wordpress.org/core/2023/07/14/registering-scripts-with-async-and-defer-attributes-in-wordpress-6-3/)
= 3.4.0 =
* Feature: Feature: Added the `CF7_get_current_var` shortcode, [see support thread for user request](https://wordpress.org/support/topic/wrong-page-title-7/). For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-current-variables/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Fix: Updated the `CF7_URL` shortcode to no longer check for ports since that's handled in `network_home_url()` function, [see support thread](https://wordpress.org/support/topic/version-3-3-0-breaking/)
= 3.3.0 =
* Feature: Added the `CF7_get_cookie` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-cookie/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added the `CF7_get_taxonomy` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-taxonomy/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added the `CF7_get_theme_option` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-theme-option/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added `wpcf7dtx_sanitize` filter that sanitizes attribute values in built-in shortcodes
* Feature: Added `wpcf7dtx_escape` filter that escapes values in built-in shortcodes
* Feature: Added `wpcf7dtx_allow_protocols` filter to customize allowed protocols in escaping URLs in built-in shortcodes
* Fix: Updated how plugin gets dynamic value in form tags, now uses `wpcf7dtx_get_dynamic()` function
* Fix: Added case-insensitive ID in `CF7_get_post_var`
* Fix: Sanitizes post variable keys as keys in `wpcf7dtx_get_post_var()`
* Fix: Updated `wpcf7dtx_get_post_id()` to pull from "the loop" if `$post` is unavailable and now used consistently across built-in shortcodes
* Fix: Updated tag markup to be compatible with Contact Form 7 version 5.6 Beta for successful form validation, [see support thread](https://wordpress.org/support/topic/required-field-no-error-is-output-when-validating-when-field-is-empty/)
* Fix: Updated the `CF7_URL` shortcode to use `network_home_url()`, [see support thread](https://wordpress.org/support/topic/current-url-not-working/)
* Fix: Updated GUID function to return appropriately escaped values
* Fix: Updated all existing built-in shortcodes to use the the sanitizing, escaping, and obfuscating shortcodes, [see support thread](https://wordpress.org/support/topic/cant-get-obfuscate-to-work/)
* Fix: Marked compatible with WordPress core version 6.2.
= 3.2 =
* Feature: Add optional 'part' parameter to CF7_URL shortcode to retrieve Host, Query, or Path from current URL
* Updated minimum PHP requirement to 7.4 moving forward
* Update branding assets
* Update Tested Up To to 6.1.1
* Plugin will now be jointly maintained by [SevenSpark](https://sevenspark.com/) and [AuRise Creative](https://aurisecreative.com)
= 3.1.3 =
* Fix: Fixed the syntax error that reappeared in 3.1.2.
= 3.1.2 =
**Release Date: January 27, 2023**
* Fix: updated the text domain to match the plugin slug
* Fix: updated all of the translated strings to match
= 3.1.1 =
**Release Date: January 26, 2023**
* Fix: Fixed the syntax error: Parse error: syntax error, unexpected `)` in /wp-content/plugins/contact-form-7-dynamic-text extension/includes/admin.php on line 212
= 3.1.0 =
**Release Date: January 25, 2023**
* Feature: Added the `CF7_get_attachment` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-media-attachment/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added the `CF7_guid` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-guid/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme).
* Feature: Added the dynamic placeholder option to the dynamic form tags that allows you to specify dynamic or static placeholder content while also setting dynamic values. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-attribute-placeholder/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added a "required" dynamic hidden tag (e.g., `[dynamichidden* ...]`). It is identical to the original dynamic hidden tag (as in the field is not actually validated as required because it is hidden); it just doesn't break your website if you use it. This feature was requested by a user.
* Feature: Added the `obfuscate` attribute to all included shortcodes
= 3.0.0 =
**Release Date: January 17, 2023**
* Major: Plugin was adopted by AuRise Creative
* Major: All functions use the `wpcf7dtx_` prefix
* Feature: Added a `post_id` key for the `CF7_get_post_var` shortcode so you can specify a different post
* Feature: Updated the `CF7_get_current_user` shortcode to be able to pull data from user metadata too
* Feature: Added the "obfuscate" option to `CF7_get_custom_field` shortcode
* Feature: Added the "placeholder" checkbox option to the `dynamictext` tag
* Fix: Added additional validation for post ID input
* Fix: Added additional validation for the `key` attribute in the `CF7_GET` and `CF7_POST` shortcodes
* Fix: Shortcode keys are normalized into lowercase before processing
* Security: Sanitizing URLs for the `CF7_URL` and `CF7_referrer` shortcode outputs
* Feature/Security: Added a `allowed_protocols` attribute to the `CF7_URL` and `CF7_referrer` shortcodes that defaults to `http,https`
= 2.0.3 =
* Security: [Fix Reflected XSS](https://web.archive.org/web/20230121180428/https://sevenspark.com/docs/cf7-dtx-security-2019-07-24)
= 2.0.2.1 =
* Update changelog properly for 2.0.2 changes:
= 2.0.2 =
* Update deprecated `get_currentuserinfo()` function to `wp_get_current_user()`
* Update deprecated functions from `WPCF7_add_shortcode` to `WPCF7_add_formtag` and class from `WPCF7_Shortcode` to `WPCF7_FormTag` to comply with CF7 4.6 changes
= 2.0.1 =
* Hook change to guarantee the plugin only runs when Contact Form 7 is present in the admin (avoids errors if Contact Form 7 is disabled, or if there is a plugin sequencing issue)
= 2.0 =
* Complete rewrite for Compatibility with Contact Form 7 v4
= 1.2 =
* Compatibility update for Contact Form 7 v3.9
= 1.1.0.2 =
* Updated to work with Contact Form 7 v3.7.x
= 1.1.0.1 =
* Removed undefined variable warning
= 1.1 =
* Updated for compatibility with Contact Form 7 v3.6
* Added Referrer shortcode
= 1.0.4.2 =
* Fixed a bug that created repeating square brackets around dynamic text values in cases where the form doesn't validate and JavaScript is deactivated.
= 1.0.4.1 =
* Removed trailing whitespace to fix "Headers already sent" errors
= 1.0.4 =
* Added Current User Info shortcode
* Added Post Custom Field shortcode (with obfuscation support)
* Added Hidden Field capability
= 1.0.3 =
* Added $_POST shortcode
* Added current post/page variable shortcode
* Added current URL shortcode
= 1.0.2 =
* Fixed administrative control panel dependency issue
= 1.0.1 =
* Fixed dependency issue.
== Changelog ==
= 4.2.0 =
* Security Update: ** Please be sure to review this doc, as you may need to adjust the settings: https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access **
* Feature: Added Settings Screen with Allow Lists
* Feature: Added Form Scanner
* Feature: Added Allow List key validation in CF7 Form Validator
= 4.1.0 =
* Feature: Looks for a `dtx.php` file in the `wp_content` directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)
* Feature: Looks for a `dtx.php` file in the current active theme's directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)
* Feature: Looks for a `dtx.php` file in the current active theme's parent directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)
* Fix: addressed user reported bug, [see support thread](https://wordpress.org/support/topic/fatal-error-v4-0-3/)
= 4.0.3 =
* Feature: Added `exclusive` option to checkbox tag generator
* Fix: addressed bug that put all dynamic checkbox/radio options into one
* Fix: addressed bug in frontend validator for multiple selected values
= 4.0.2 =
* Fix: addressed bug that put all dynamic select options into one, [see support thread](https://wordpress.org/support/topic/dynamic-select-get-option-values-from-shortcode/)
* Update: sanitizing and escaping filters now accept `none` as value for `$type` to bypass. Use with caution.
= 4.0.1 =
* Fix: addressed bug that prevented translation for cache compatibility description
= 4.0.0 =
* Major: modified function names
* Major: deprecated `dynamictext` and `dynamichidden` form tags in favor of `dynamic_text` and `dynamic_hidden`. For more information, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_email` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-email/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_url` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-url/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_tel` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-tel/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_number` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-number/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_range` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-range/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_textarea` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-textarea/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_select` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-select/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_radio` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-radio/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_date` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-date/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dynamic_submit` form tag. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-submit/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dtx_hide_blank` form tag attribute for `dynamic_select`. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-select/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: introduced `dtx_disable_blank` form tag attribute for `dynamic_select`. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tags/dynamic-select/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: added mail validation for `dynamic_email` and `dynamic_hidden` for backend configuration. For more information, see the [FAQ](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/frequently-asked-questions/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: added the Akismet feature to DTX text, email, and URL form tags.
* Update: adjusted how queued values were sent for cache compatibility mode to allow for multiline values in textareas
* Removed unused utility functions
= 3.5.4 =
* Fix: Updated JavaScript to prevent cacheable fields from making unnecessary AJAX requests
= 3.5.3 =
* Update: removed the use of sessions, [see support thread](https://wordpress.org/support/topic/add-option-to-disable-session-data/)
= 3.5.2 =
* Fix: Updated the `CF7_URL` shortcode to only use `network_home_url()` for multisite installs that do not use subdomains, and use `home_url()` for all others to [maybe address this support thread](https://wordpress.org/support/topic/cf7_url-return-only-domain-and-not-subdomain/)
* Fix: Removed a lingering debug call
= 3.5.1 =
* Fix: fixed bug so tag generator for dynamic fields work on "Add New Contact Form" page of Contact Form 7
* Updated: Updated text in tag generator for cache compatible checkbox and added link to documentation
= 3.5.0 =
* Feature: Added the `dtx_pageload` form tag attribute for cache compatibility. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/form-tag-attribute-after-page-load/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Fix: Updated to be compatible with WordPress version 6.3
* Fix: Addressed a bug where `scheme` in `CF7_URL part='scheme'` was incorrectly sanitizing as URL instead of text
* Fix: Fixed `wp_kses()` in tag generator that stripped out link opening in new tab
* Update: `CF7_get_current_var` utilizes PHP session variables where appropriate
* Update: All JavaScript assets will load with the `defer` strategy in the footer in [WordPress 6.3](https://make.wordpress.org/core/2023/07/14/registering-scripts-with-async-and-defer-attributes-in-wordpress-6-3/)
= 3.4.0 =
* Feature: Feature: Added the `CF7_get_current_var` shortcode, [see support thread for user request](https://wordpress.org/support/topic/wrong-page-title-7/). For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-current-variables/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Fix: Updated the `CF7_URL` shortcode to no longer check for ports since that's handled in `network_home_url()` function, [see support thread](https://wordpress.org/support/topic/version-3-3-0-breaking/)
= 3.3.0 =
* Feature: Added the `CF7_get_cookie` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-cookie/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added the `CF7_get_taxonomy` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-taxonomy/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added the `CF7_get_theme_option` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-theme-option/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added `wpcf7dtx_sanitize` filter that sanitizes attribute values in built-in shortcodes
* Feature: Added `wpcf7dtx_escape` filter that escapes values in built-in shortcodes
* Feature: Added `wpcf7dtx_allow_protocols` filter to customize allowed protocols in escaping URLs in built-in shortcodes
* Fix: Updated how plugin gets dynamic value in form tags, now uses `wpcf7dtx_get_dynamic()` function
* Fix: Added case-insensitive ID in `CF7_get_post_var`
* Fix: Sanitizes post variable keys as keys in `wpcf7dtx_get_post_var()`
* Fix: Updated `wpcf7dtx_get_post_id()` to pull from "the loop" if `$post` is unavailable and now used consistently across built-in shortcodes
* Fix: Updated tag markup to be compatible with Contact Form 7 version 5.6 Beta for successful form validation, [see support thread](https://wordpress.org/support/topic/required-field-no-error-is-output-when-validating-when-field-is-empty/)
* Fix: Updated the `CF7_URL` shortcode to use `network_home_url()`, [see support thread](https://wordpress.org/support/topic/current-url-not-working/)
* Fix: Updated GUID function to return appropriately escaped values
* Fix: Updated all existing built-in shortcodes to use the the sanitizing, escaping, and obfuscating shortcodes, [see support thread](https://wordpress.org/support/topic/cant-get-obfuscate-to-work/)
* Fix: Marked compatible with WordPress core version 6.2.
= 3.2 =
* Feature: Add optional 'part' parameter to CF7_URL shortcode to retrieve Host, Query, or Path from current URL
* Updated minimum PHP requirement to 7.4 moving forward
* Update branding assets
* Update Tested Up To to 6.1.1
* Plugin will now be jointly maintained by [SevenSpark](https://sevenspark.com/) and [AuRise Creative](https://aurisecreative.com)
= 3.1.3 =
* Fix: Fixed the syntax error that reappeared in 3.1.2.
= 3.1.2 =
**Release Date: January 27, 2023**
* Fix: updated the text domain to match the plugin slug
* Fix: updated all of the translated strings to match
= 3.1.1 =
**Release Date: January 26, 2023**
* Fix: Fixed the syntax error: Parse error: syntax error, unexpected `)` in /wp-content/plugins/contact-form-7-dynamic-text extension/includes/admin.php on line 212
= 3.1.0 =
**Release Date: January 25, 2023**
* Feature: Added the `CF7_get_attachment` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-media-attachment/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added the `CF7_guid` shortcode. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-shortcode-guid/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme).
* Feature: Added the dynamic placeholder option to the dynamic form tags that allows you to specify dynamic or static placeholder content while also setting dynamic values. For usage details, see the [knowledge base](https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/shortcodes/dtx-attribute-placeholder/?utm_source=wordpress.org&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=readme)
* Feature: Added a "required" dynamic hidden tag (e.g., `[dynamichidden* ...]`). It is identical to the original dynamic hidden tag (as in the field is not actually validated as required because it is hidden); it just doesn't break your website if you use it. This feature was requested by a user.
* Feature: Added the `obfuscate` attribute to all included shortcodes
= 3.0.0 =
**Release Date: January 17, 2023**
* Major: Plugin was adopted by AuRise Creative
* Major: All functions use the `wpcf7dtx_` prefix
* Feature: Added a `post_id` key for the `CF7_get_post_var` shortcode so you can specify a different post
* Feature: Updated the `CF7_get_current_user` shortcode to be able to pull data from user metadata too
* Feature: Added the "obfuscate" option to `CF7_get_custom_field` shortcode
* Feature: Added the "placeholder" checkbox option to the `dynamictext` tag
* Fix: Added additional validation for post ID input
* Fix: Added additional validation for the `key` attribute in the `CF7_GET` and `CF7_POST` shortcodes
* Fix: Shortcode keys are normalized into lowercase before processing
* Security: Sanitizing URLs for the `CF7_URL` and `CF7_referrer` shortcode outputs
* Feature/Security: Added a `allowed_protocols` attribute to the `CF7_URL` and `CF7_referrer` shortcodes that defaults to `http,https`
= 2.0.3 =
* Security: [Fix Reflected XSS](https://web.archive.org/web/20230121180428/https://sevenspark.com/docs/cf7-dtx-security-2019-07-24)
= 2.0.2.1 =
* Update changelog properly for 2.0.2 changes:
= 2.0.2 =
* Update deprecated `get_currentuserinfo()` function to `wp_get_current_user()`
* Update deprecated functions from `WPCF7_add_shortcode` to `WPCF7_add_formtag` and class from `WPCF7_Shortcode` to `WPCF7_FormTag` to comply with CF7 4.6 changes
= 2.0.1 =
* Hook change to guarantee the plugin only runs when Contact Form 7 is present in the admin (avoids errors if Contact Form 7 is disabled, or if there is a plugin sequencing issue)
= 2.0 =
* Complete rewrite for Compatibility with Contact Form 7 v4
= 1.2 =
* Compatibility update for Contact Form 7 v3.9
= 1.1.0.2 =
* Updated to work with Contact Form 7 v3.7.x
= 1.1.0.1 =
* Removed undefined variable warning
= 1.1 =
* Updated for compatibility with Contact Form 7 v3.6
* Added Referrer shortcode
= 1.0.4.2 =
* Fixed a bug that created repeating square brackets around dynamic text values in cases where the form doesn't validate and JavaScript is deactivated.
= 1.0.4.1 =
* Removed trailing whitespace to fix "Headers already sent" errors
= 1.0.4 =
* Added Current User Info shortcode
* Added Post Custom Field shortcode (with obfuscation support)
* Added Hidden Field capability
= 1.0.3 =
* Added $_POST shortcode
* Added current post/page variable shortcode
* Added current URL shortcode
= 1.0.2 =
* Fixed administrative control panel dependency issue
= 1.0.1 =
* Fixed dependency issue.

10
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension.php
View File

@@ -4,7 +4,7 @@
* Plugin Name: Contact Form 7 - Dynamic Text Extension
* Plugin URI: https://sevenspark.com/goods/contact-form-7-dynamic-text-extension
* Description: This plugin extends Contact Form 7 by adding dynamic form fields that accept any shortcode to generate default values and placeholder text. Requires Contact Form 7.
* Version: 4.1.0
* Version: 4.2.0
* Author: SevenSpark, AuRise Creative
* Author URI: https://sevenspark.com
* License: GPL2
@@ -14,8 +14,8 @@
*/
/*
Copyright 2010-2023 Chris Mavricos, SevenSpark <https://sevenspark.com>
Copyright 2022-2023 Tessa Watkins, AuRise Creative <https://aurisecreative.com>
Copyright 2010-2024 Chris Mavricos, SevenSpark <https://sevenspark.com>
Copyright 2022-2024 Tessa Watkins, AuRise Creative <https://aurisecreative.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2, as
@@ -32,7 +32,7 @@
*/
// Define current version
define('WPCF7DTX_VERSION', '4.1.0');
define('WPCF7DTX_VERSION', '4.2.0');
// Define root directory
defined('WPCF7DTX_DIR') || define('WPCF7DTX_DIR', __DIR__);
@@ -40,6 +40,8 @@ defined('WPCF7DTX_DIR') || define('WPCF7DTX_DIR', __DIR__);
// Define root file
defined('WPCF7DTX_FILE') || define('WPCF7DTX_FILE', __FILE__);
define( 'WPCF7DTX_DATA_ACCESS_KB_URL', 'https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access' );
/**
* Initialise Plugin
*

4
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/includes/admin.php
View File

@@ -1,5 +1,9 @@
<?php
// Include the Settings Page & Update Check
include_once( 'admin/settings.php' );
include_once( 'admin/update-check.php' );
/**
* Admin Scripts and Styles
*

770
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/includes/admin/settings.php Normal file
View File

@@ -0,0 +1,770 @@
<?php
/**
* Class CF7DTX_Plugin_Settings
*
* Configure the plugin settings page.
*/
class CF7DTX_Plugin_Settings {
/**
* Capability required by the user to access the My Plugin menu entry.
*
* @var string $capability
*/
private $capability = 'manage_options';
private $sections;
private $fields;
private $num_forms_to_scan = 20;
/**
* The Plugin Settings constructor.
*/
function __construct($sections, $fields) {
add_action( 'admin_init', [$this, 'settings_init'] );
add_action( 'admin_menu', [$this, 'options_page'] );
$this->sections = $sections;
$this->fields = $fields;
}
/**
* Register the settings and all fields.
*/
function settings_init() : void {
// Register a new setting this page.
register_setting( 'cf7dtx_settings', 'cf7dtx_settings' );
foreach( $this->sections as $section_id => $section ){
// Register a new section.
add_settings_section(
$section_id,
$section['title'],
[$this, 'render_section'],
'cf7dtx_settings',
);
}
/* Register All The Fields. */
foreach( $this->fields as $field ) {
// Register a new field in the main section.
add_settings_field(
$field['id'], /* ID for the field. Only used internally. To set the HTML ID attribute, use $args['label_for']. */
$field['label'], /* Label for the field. */
[$this, 'render_field'], /* The name of the callback function. */
'cf7dtx_settings', /* The menu page on which to display this field. */
$field['section'], /* The section of the settings page in which to show the box. */
[
'label_for' => $field['id'], /* The ID of the field. */
'class' => 'cf7dtx_row', /* The class of the field. */
'field' => $field, /* Custom data for the field. */
]
);
}
}
/**
* Add a subpage to the WordPress Settings menu.
*/
function options_page() : void {
add_submenu_page(
'wpcf7', /* Parent Menu Slug */
'Contact Form 7 - Dynamic Text Extension', /* Page Title */
'Dynamic Text Extension', /* Menu Title */
$this->capability, /* Capability */
'cf7dtx_settings', /* Menu Slug */
[$this, 'render_options_page'], /* Callback */
);
}
/**
* Render the settings page.
*/
function render_options_page() : void {
// check user capabilities
if ( ! current_user_can( $this->capability ) ) {
return;
}
if( isset( $_GET['dismiss-access-keys-notice'] )){
wpcf7dtx_set_update_access_scan_check_status('notice_dismissed');
?>
<div class="notice notice-success dtx-notice">
<p><?php _e('Notice Dismissed. You can run the scan any time from the CF7 DTX settings page', 'contact-form-7-dynamic-text-extension'); ?></p>
<p><?php $this->render_back_to_settings_button(); ?></p>
</div>
<?php
return;
}
if( isset( $_GET['scan-meta-keys'] )){
if( isset( $_POST['save-allows'] )){
$r = $this->handle_save_allows();
?>
<div class="wrap">
<h1><?php _e('DTX: Keys Added To Allow List', 'contact-form-7-dynamic-text-extension'); ?></h1>
<?php $this->render_allow_keys_submission($r); ?>
</div>
<?php
}
else{
$offset = isset( $_GET['offset'] ) ? $_GET['offset'] : 0;
$results = wpcf7dtx_scan_forms_for_access_keys( $this->num_forms_to_scan, $offset );
?>
<div class="wrap">
<h1><?php _e('DTX: Form Shortcode Scan Results', 'contact-form-7-dynamic-text-extension'); ?></h1>
<?php $this->render_scan_results($results); ?>
</div>
<?php
}
}
else{
// add error/update messages
// check if the user have submitted the settings
// WordPress will add the "settings-updated" $_GET parameter to the url
if ( isset( $_GET['settings-updated'] ) ) {
// add settings saved message with the class of "updated"
add_settings_error( 'cf7dtx_messages', 'cf7dtx_message', __( 'Settings Saved', 'contact-form-7-dynamic-text-extension' ), 'updated' );
}
// show error/update messages
settings_errors( 'cf7dtx_messages' );
?>
<div class="wrap">
<h1><?php echo esc_html( get_admin_page_title() ); ?></h1>
<form action="options.php" method="post">
<?php
/* output security fields for the registered setting "cf7dtx" */
settings_fields( 'cf7dtx_settings' );
/* output setting sections and their fields */
/* (sections are registered for "cf7dtx", each field is registered to a specific section) */
do_settings_sections( 'cf7dtx_settings' );
/* output save settings button */
submit_button( 'Save Settings' );
?>
</form>
<a href="<?php echo wpcf7dtx_get_admin_scan_screen_url(); ?>">Scan Forms for Post Meta and User Data Keys</a>
</div>
<?php
}
}
/**
* Render a settings field.
*
* @param array $args Args to configure the field.
*/
function render_field( array $args ) : void {
$field = $args['field'];
// Get the value of the setting we've registered with register_setting()
$options = get_option( 'cf7dtx_settings' );
switch ( $field['type'] ) {
case "text": {
?>
<input
type="text"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="<?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?>"
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "checkbox": {
?>
<input
type="checkbox"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="1"
<?php echo isset( $options[ $field['id'] ] ) ? ( checked( $options[ $field['id'] ], 1, false ) ) : ( '' ); ?>
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "textarea": {
?>
<textarea
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
style="width:400px; height:200px;"
><?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?></textarea>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "select": {
?>
<select
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
>
<?php foreach( $field['options'] as $key => $option ) { ?>
<option value="<?php echo $key; ?>"
<?php echo isset( $options[ $field['id'] ] ) ? ( selected( $options[ $field['id'] ], $key, false ) ) : ( '' ); ?>
>
<?php echo $option; ?>
</option>
<?php } ?>
</select>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "password": {
?>
<input
type="password"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="<?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?>"
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "wysiwyg": {
wp_editor(
isset( $options[ $field['id'] ] ) ? $options[ $field['id'] ] : '',
$field['id'],
array(
'textarea_name' => 'cf7dtx_settings[' . $field['id'] . ']',
'textarea_rows' => 5,
)
);
break;
}
case "email": {
?>
<input
type="email"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="<?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?>"
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "url": {
?>
<input
type="url"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="<?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?>"
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "color": {
?>
<input
type="color"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="<?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?>"
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
case "date": {
?>
<input
type="date"
id="<?php echo esc_attr( $field['id'] ); ?>"
name="cf7dtx_settings[<?php echo esc_attr( $field['id'] ); ?>]"
value="<?php echo isset( $options[ $field['id'] ] ) ? esc_attr( $options[ $field['id'] ] ) : ''; ?>"
>
<p class="description">
<?php esc_html_e( $field['description'], 'cf7dtx_settings' ); ?>
</p>
<?php
break;
}
}
}
/**
* Render a section on a page, with an ID and a text label.
*
* @since 1.0.0
*
* @param array $args {
* An array of parameters for the section.
*
* @type string $id The ID of the section.
* }
*/
function render_section( array $args ) : void {
?>
<p id="<?php echo esc_attr( $args['id'] ); ?>"><?php echo $this->sections[$args['id']]['description']; ?></p>
<?php
}
function render_scan_results( $results ){
// No forms are using the shortcodes in question
if( !count($results['forms']) ){
wpcf7dtx_set_update_access_scan_check_status( 'intervention_not_required' );
echo '<div class="notice notice-success dtx-notice"><p>'.__('Scan complete. No keys detected.', 'contact-form-7-dynamic-text-extension').'</p></div>';
$this->render_back_to_settings_button();
return;
}
// Check if we need to scan another batch
if( $results['forms_scanned'] === $this->num_forms_to_scan ){
$offset = isset( $_GET['offset'] ) ? $_GET['offset'] : 0;
$next_offset = $offset + $this->num_forms_to_scan;
echo '<div class="notice notice-warning dtx-notice"><p>';
echo sprintf(
__( '%1$s forms scanned. There may be more forms to scan.', 'contact-form-7-dynamic-text-extension' ),
$results['forms_scanned'],
);
echo ' ';
echo '<a href="'.wpcf7dtx_get_admin_scan_screen_url($next_offset).'">'.sprintf(
__( 'Scan %1$s more forms', 'contact-form-7-dynamic-text-extension' ),
$this->num_forms_to_scan
).'</a>';
echo '</p></div>';
}
$settings = wpcf7dtx_get_settings();
$already_allowed_meta_keys = wpcf7dtx_parse_allowed_keys(wpcf7dtx_array_has_key('post_meta_allow_keys', $settings));
$already_allowed_user_keys = wpcf7dtx_parse_allowed_keys(wpcf7dtx_array_has_key('user_data_allow_keys', $settings));
// Check the results ahead of time to see if all of the keys are already in the allow list - if so, nothing to do
$forms = $results['forms'];
$all_keys_allowed = true;
foreach( $forms as $form_id => $r ){
if( count($r['meta_keys'])){
foreach( $r['meta_keys'] as $key ){
if( !in_array( $key, $already_allowed_meta_keys ) ){
$all_keys_allowed = false;
break;
}
}
if( $all_keys_allowed === false ) break;
}
if( count($r['user_keys'])){
foreach( $r['user_keys'] as $key ){
if( !in_array( $key, $already_allowed_user_keys ) ){
$all_keys_allowed = false;
break;
}
}
if( $all_keys_allowed === false ) break;
}
}
if( $all_keys_allowed ){
wpcf7dtx_set_update_access_scan_check_status( 'intervention_completed' );
}
?>
<style>
.postbox,
.dtx-notice{
max-width:600px;
box-sizing:border-box;
}
.postbox-header{
padding:1em;
}
.postbox-header h2{
font-size:14px;
margin:0;
}
.key-disabled{
opacity:.8;
}
</style>
<div>
<?php if( $all_keys_allowed ): ?>
<div class="notice notice-success dtx-notice">
<p><?php
echo sprintf(
__('Scan of %1$s forms complete. All keys detected are already on allow list. No action necessary for these forms.', 'contact-form-7-dynamic-text-extension'),
$results['forms_scanned'],
); ?></p>
</div>
<?php else: ?>
<div class="notice notice-error dtx-notice" style="width:600px; box-sizing:border-box;">
<p><strong><?php _e('Shortcodes accessing potentially sensitive Post Meta or User Data were detected in the forms listed below.', 'contact-form-7-dynamic-text-extension'); ?></strong></p>
<p><?php _e('Only keys on the allow list will return their value when accessed. Attempting to access keys that are not on the allow list via DTX shortcodes will return an empty string and throw a warning message.', 'contact-form-7-dynamic-text-extension'); ?></p>
<p><?php _e('Review the keys below and confirm that you want to allow access, then select meta and/or user keys to add them to the relevant allow list. Any keys for sensitive data should be removed by editing your contact form.', 'contact-form-7-dynamic-text-extension'); ?></p>
<p><?php _e('Note that keys which are already in the allow list are displayed but marked as already selected.', 'contact-form-7-dynamic-text-extension'); ?></p>
<p><a href="<?php echo WPCF7DTX_DATA_ACCESS_KB_URL; ?>" target="_blank"><?php _e('More Information', 'contact-form-7-dynamic-text-extension' ); ?></a></p>
</div>
<?php endif; ?>
<form action="admin.php?page=cf7dtx_settings&scan-meta-keys" method="post">
<?php
settings_fields( 'cf7dtx_settings' );
foreach( $results['forms'] as $form_id => $r ){
?>
<div class="postbox" >
<div class="postbox-header">
<h2><?php echo $r['title']; ?></h2>
<a href="<?php echo $r['admin_url'];?>" target="_blank">View form</a>
</div>
<div class="inside">
<?php if( count($r['meta_keys']) ): ?>
<h4>Meta Keys</h3>
<div>
<?php foreach( $r['meta_keys'] as $key ){
$already_allowed = in_array( $key, $already_allowed_meta_keys );
$name = "dtx_meta_key/$key";
?>
<div>
<label <?php if( $already_allowed ) echo 'class="key-disabled" title="Already in Allow List"'; ?>>
<input
name="<?php echo $name;?>"
id="<?php echo $name;?>"
type="checkbox"
value="1"
<?php if( $already_allowed ) echo 'checked="checked" disabled'; ?> />
<?php echo $key; ?>
</label>
</div>
<?php
}
?>
</div>
<?php endif; ?>
<?php if( count($r['user_keys']) ): ?>
<h4>User Data Keys</h3>
<div>
<?php foreach( $r['user_keys'] as $key ){
$name = "dtx_user_key/$key";
$already_allowed = in_array( $key, $already_allowed_user_keys );
?>
<div>
<label <?php if( $already_allowed ) echo 'class="key-disabled" title="Already in Allow List"'; ?>>
<input
name="<?php echo $name; ?>"
id="<?php echo $name; ?>"
type="checkbox"
value="1"
<?php if( $already_allowed ) echo 'checked="checked" disabled'; ?> />
<?php echo $key; ?>
</label>
</div>
<?php
}
?>
</div>
<?php endif; ?>
</div>
</div>
<?php
}
?>
<?php if( !$all_keys_allowed ) submit_button( __('Add Selected Keys to Allow Lists', 'contact-form-7-dynamic-text-extension'), 'primary', 'save-allows' ); ?>
</form>
<?php $this->render_back_to_settings_button(); ?>
</div>
<?php
}
function handle_save_allows(){
$user_keys = [];
$meta_keys = [];
// Find saved keys
foreach( $_POST as $key => $val ){
if( str_starts_with( $key, 'dtx_meta_key' ) ){
$parts = explode( '/', $key);
$meta_keys[] = $parts[1];
}
else if( str_starts_with( $key, 'dtx_user_key' )){
$parts = explode( '/', $key);
$user_keys[] = $parts[1];
}
}
// Add those keys in options
$settings = wpcf7dtx_get_settings();
// Meta Data
if( count( $meta_keys ) ){
// Get already saved values
$post_meta_allow_keys = isset( $settings['post_meta_allow_keys'] ) ? wpcf7dtx_parse_allowed_keys($settings['post_meta_allow_keys']) : [];
// Merge with new values
$new = array_unique( array_merge( $post_meta_allow_keys, $meta_keys ));
$settings['post_meta_allow_keys'] = implode( PHP_EOL, $new );
}
// User Data
if( count( $user_keys ) ){
// Get already saved values
$user_data_allow_keys = isset( $settings['user_data_allow_keys'] ) ? wpcf7dtx_parse_allowed_keys($settings['user_data_allow_keys']) : [];
// Merge with new values
$new = array_unique( array_merge( $user_data_allow_keys, $user_keys ));
$settings['user_data_allow_keys'] = implode( PHP_EOL, $new );
}
// Update with new settings
wpcf7dtx_update_settings( $settings );
// Mark as intervention complete
wpcf7dtx_set_update_access_scan_check_status( 'intervention_completed' );
return [
'user' => $user_keys,
'meta' => $meta_keys,
];
}
function render_allow_keys_submission( $r ){
?>
<?php if( count($r['meta'])): ?>
<p><?php _e('Meta Keys Added','contact-form-7-dynamic-text-extension'); ?>: <?php echo implode(', ',$r['meta']); ?></p>
<?php endif; ?>
<?php if( count( $r['user'])): ?>
<p><?php _e('User Data Keys Added','contact-form-7-dynamic-text-extension'); ?>: <?php echo implode(', ', $r['user']); ?></p>
<?php endif; ?>
<?php if( !count($r['meta']) && !count($r['user'])): ?>
<p><?php _e('No Keys Selected', 'contact-form-7-dynamic-text-extension'); ?></p>
<?php endif; ?>
<?php
$this->render_back_to_settings_button();
}
function render_back_to_settings_button(){
?>
<a href="<?php echo wpcf7dtx_get_admin_settings_screen_url(); ?>">&laquo; <?php _e('Back to Settings', 'contact-form-7-dynamic-text-extension'); ?></a>
<?php
}
}
$sections = [
'post_meta_access' => [
'title' => __('Post Meta Access', 'contact-form-7-dynamic-text-extension'),
'description' => __('Control which post metadata the CF7 DTX shortcodes (CF7_get_custom_field) can access. By default, all metadata is protected, so you can open up access through these settings. Keep in mind that users with Contributor+ credentials can add shortcodes and therefore access this data, so make sure not to expose anything sensitive.').
' <a href="'.WPCF7DTX_DATA_ACCESS_KB_URL.'" target="_blank">'. __('More Information', 'contact-form-7-dynamic-text-extension' ).'</a>',
],
'user_data_access' => [
'title' => __('User Data Access', 'contact-form-7-dynamic-text-extension'),
'description' => __('Control which user data the CF7 DTX shortcodes (CF7_get_current_user) can access. By default, all user data is protected, so you can open up access through these settings. Keep in mind that users with Contributor+ credentials can add shortcodes and therefore access this data, so make sure not to expose anything sensitive.').
' <a href="'.WPCF7DTX_DATA_ACCESS_KB_URL.'" target="_blank">'. __('More Information', 'contact-form-7-dynamic-text-extension' ).'</a>',
],
];
/**
* Array of fields that should be displayed in the settings page.
*
* @var array $fields
*/
$fields = [
[
'id' => 'post_meta_allow_keys',
'label' => __('Meta Key Allow List', 'contact-form-7-dynamic-text-extension'),
'description' => __('Allow access to these specific post metadata keys. Enter one per line.', 'contact-form-7-dynamic-text-extension'),
'type' => 'textarea',
'section' => 'post_meta_access',
],
[
'id' => 'post_meta_allow_all',
'label' => __('Allow Access to All Post Metadata', 'contact-form-7-dynamic-text-extension'),
'description' => __('**Use with caution.** Should only be enabled if all authorized users with editor privileges (Contributor+) are trusted and should have access to this data. All metadata from any post (including custom post types) will be accessible via the CF7_get_custom_field shortcode. If in doubt, use the Allow List to allow only specific keys.', 'contact-form-7-dynamic-text-extension'),
'type' => 'select',
'options' => [
'disabled' => __( 'Disabled - Only Allow Access to Meta Key Allow List', 'contact-form-7-dynamic-text-extension' ),
'enabled' => __( 'Enabled - Allow Access to All Post Metadata', 'contact-form-7-dynamic-text-extension' ),
],
'section' => 'post_meta_access',
],
[
'id' => 'user_data_allow_keys',
'label' => __('User Data Key Allow List', 'contact-form-7-dynamic-text-extension'),
'description' => __('Allow access to these specific user data keys. Enter one per line.', 'contact-form-7-dynamic-text-extension'),
'type' => 'textarea',
'section' => 'user_data_access',
],
[
'id' => 'user_data_allow_all',
'label' => __('Allow Access to All User Data', 'contact-form-7-dynamic-text-extension'),
'description' => __('**Use with caution.** Should only be enabled if all authorized users with editor privileges (Contributor+) are trusted and should have access to this data. All of the current user\'s data fields will be accessible via the CF7_get_current_user shortcode. If in doubt, use the Allow List to allow only specific keys.', 'contact-form-7-dynamic-text-extension'),
'type' => 'select',
'options' => [
'disabled' => __( 'Disabled - Only Allow Access to User Data Key Allow List', 'contact-form-7-dynamic-text-extension' ),
'enabled' => __( 'Enabled - Allow Access to User Data', 'contact-form-7-dynamic-text-extension' ),
],
'section' => 'user_data_access',
],
];
new CF7DTX_Plugin_Settings($sections, $fields);
function wpcf7dtx_get_admin_scan_screen_url($offset=0){
$path = 'admin.php?page=cf7dtx_settings&scan-meta-keys';
if( $offset ){
$path.= '&offset='.$offset;
}
return admin_url($path);
}
function wpcf7dtx_get_admin_settings_screen_url(){
return admin_url('admin.php?page=cf7dtx_settings');
}
/**
* Search all CF7 forms for
*/
function wpcf7dtx_scan_forms_for_access_keys( $num, $offset=0){
$found = [
'forms' => [],
];
$forms = [];
if( function_exists('wpcf7_contact_form') ){
$cf7forms = get_posts([
'post_type' => 'wpcf7_contact_form',
// 'numberposts' => $numposts, // sanity check
'posts_per_page' => $num,
'offset' => $offset,
]);
$found['forms_scanned'] = count($cf7forms);
// Loop through forms
foreach( $cf7forms as $form ){
// Search for the custom fields shortcode
if( str_contains($form->post_content, 'CF7_get_custom_field') ||
str_contains($form->post_content, 'CF7_get_current_user')
){
$cf7 = wpcf7_contact_form( $form->ID );
$forms[$form->ID] = [
'title' => $cf7->title(),
'meta_keys' => [],
'user_keys' => [],
'admin_url' => admin_url( "admin.php?page=wpcf7&post={$form->ID}&action=edit" ),
];
$tags = $cf7->scan_form_tags();
// Check each tag
foreach( $tags as $tag ){
// Find dynamic tags
if( str_starts_with( $tag->type, 'dynamic' ) ){
// Check each value
foreach( $tag->values as $val ){
// Find CF7_get_custom_field
if( str_starts_with( $val, 'CF7_get_custom_field' )){
// Parse out the shortcode atts
$atts = shortcode_parse_atts($val);
if( $atts ){
// Grab the meta key
$meta_key = $atts['key'];
// Add meta key to the list
if( $meta_key ){
$forms[$form->ID]['meta_keys'][] = $meta_key;
}
}
}
// Find CF7_get_current_user
if( str_starts_with( $val, 'CF7_get_current_user' )){
// Parse out the shortcode atts
$atts = shortcode_parse_atts($val);
if( $atts ){
// Grab user data key
$key = $atts['key'];
if( $key ){
$forms[$form->ID]['user_keys'][] = $key;
}
}
}
}
}
}
}
}
}
$found['forms'] = $forms;
return $found;
}

97
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/includes/admin/update-check.php Normal file
View File

@@ -0,0 +1,97 @@
<?php
add_action( 'plugins_loaded', 'wpcf7dtx_update_check' );
function wpcf7dtx_update_check(){
if( WPCF7DTX_VERSION !== get_option( 'cf7dtx_version', '' ) ){
// Update the database version with the current plugin version
update_option( 'cf7dtx_version', WPCF7DTX_VERSION );
// Run the update handler
add_action('admin_init', 'wpcf7dtx_update');
}
}
function wpcf7dtx_update(){
// v4.2.0 will scan for meta and user keys that should be allow-listed and display an admin alert
wpcf7dtx_v4_2_0_access_scan_check();
// Future update processes would go here
}
/*** 4.2.0 - Security Access ***/
function wpcf7dtx_v4_2_0_access_scan_check(){
$op = 'cf7dtx_v4_2_0_access_scan_check_status';
$status = get_option( $op, '' );
// Status values:
// intervention_required - show a notice to the admin
// intervention_not_required - we can ignore
// intervention_completed - no need to show notice any longer
// notice_dismissed - alert was dismissed by user
// If we've never checked before
if( $status === '' ){
// Run a scan - 20 by default. If they have more than 20 forms, we'll alert regardless.
// For less than 20 forms, we'll only alert if we detect an issue
$num_to_scan = 20;
$r = wpcf7dtx_scan_forms_for_access_keys( $num_to_scan );
$found = count($r['forms']);
$scanned = $r['forms_scanned'];
// If keys were found, or if we scanned the max number (so there are likely more to be scanned)
if( $found || $scanned === $num_to_scan ){
// We'll show a notice to the user
$status = 'intervention_required';
}
else{
// No keys need to be allow-listed, no need to show the user a list
$status = 'intervention_not_required';
}
wpcf7dtx_set_update_access_scan_check_status( $status );
}
}
add_action('admin_notices', 'wpcf7dtx_access_keys_notice');
/**
* Display an admin notice if there are unresolved issues with accessing disallowed keys via DTX shortcodes
*/
function wpcf7dtx_access_keys_notice(){
// Don't show this notice on the Scan Results screen to avoid confusion
if( isset($_GET['page']) && $_GET['page'] === 'cf7dtx_settings' && ( isset( $_GET['scan-meta-keys']) || isset($_GET['dismiss-access-keys-notice']))) return;
// If this user is not an administrator, don't do anything. Only admins should see this.
$user = wp_get_current_user();
if ( !in_array( 'administrator', (array) $user->roles ) ) return;
// If the status doesn't require intervention, don't do anything
$status = get_option( 'cf7dtx_v4_2_0_access_scan_check_status', '' );
if( $status !== 'intervention_required' ){
return;
}
?>
<div class="notice notice-error">
<p>
<?php _e('CF7 DTX: Shortcode data access requires allow-listing.', 'contact-form-7-dynamic-text-extension'); ?>
<a href="<?php echo wpcf7dtx_get_admin_settings_screen_url(); ?>"><?php _e('Edit Settings', 'contact-form-7-dynamic-text-extension' ); ?></a>
|
<a href="<?php echo wpcf7dtx_get_admin_scan_screen_url(); ?>"><?php _e('Scan &amp; Resolve', 'contact-form-7-dynamic-text-extension' ); ?></a>
|
<a href="<?php echo WPCF7DTX_DATA_ACCESS_KB_URL; ?>" target="_blank"><?php _e('More Information', 'contact-form-7-dynamic-text-extension' ); ?></a>
<?php if( isset($_GET['page']) && $_GET['page'] === 'cf7dtx_settings' ): ?>
| <a href="<?php echo admin_url('admin.php?page=cf7dtx_settings&dismiss-access-keys-notice'); ?>"><?php _e('Dismiss', 'contact-form-7-dynamic-text-extension' ); ?></a>
<?php endif; ?>
</p>
</div>
<?php
}
function wpcf7dtx_set_update_access_scan_check_status( $status ){
update_option( 'cf7dtx_v4_2_0_access_scan_check_status', $status );
}

16
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/includes/shortcodes.php
View File

@@ -214,6 +214,14 @@ function wpcf7dtx_get_custom_field($atts = array())
'post_id' => '',
'obfuscate' => ''
), array_change_key_case((array)$atts, CASE_LOWER)));
// If this key can't be accessed
if( !wpcf7dtx_post_meta_key_access_is_allowed( $key ) ){
// Trigger a warning if a denied key is in use
wpcf7dtx_access_denied_alert( $key, 'post_meta' );
return '';
}
$post_id = wpcf7dtx_get_post_id($post_id);
$key = apply_filters('wpcf7dtx_sanitize', $key, 'text');
if ($post_id && $key) {
@@ -343,6 +351,14 @@ function wpcf7dtx_get_current_user($atts = array())
'obfuscate' => ''
), array_change_key_case((array)$atts, CASE_LOWER)));
if (is_user_logged_in()) {
// If this key can't be accessed
if( !wpcf7dtx_user_data_access_is_allowed( $key ) ){
// Trigger a warning if a denied key is in use
wpcf7dtx_access_denied_alert( $key, 'user_data' );
return '';
}
$user = wp_get_current_user();
return apply_filters('wpcf7dtx_escape', $user->get($key), $obfuscate);
}

213
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/includes/utilities.php
View File

@@ -661,3 +661,216 @@ function wpcf7dtx_array_has_key($key, $array = array(), $default = '')
}
return $default;
}
/**
* Check if admin has allowed access to a specific post meta key
*
* @since 4.2.0
*
* @param string $meta_key The post meta key to test
*
* @return bool True if this key can be accessed, false otherwise
*/
function wpcf7dtx_post_meta_key_access_is_allowed($meta_key)
{
// Get the DTX Settings
$settings = wpcf7dtx_get_settings();get_option('cf7dtx_settings', []);
// Has access to all metadata been enabled?
if( isset($settings['post_meta_allow_all']) && $settings['post_meta_allow_all'] === 'enabled' ){
return true;
}
// If not, check the Allow List
$allowed_keys;
// No key list from settings
if( !isset($settings['post_meta_allow_keys'] ) || !is_string($settings['post_meta_allow_keys'])){
$allowed_keys = [];
}
// Extract allowed keys from setting text area
else{
// $allowed_keys = preg_split('/\r\n|\r|\n/', $settings['post_meta_allow_keys']);
$allowed_keys = wpcf7dtx_parse_allowed_keys( $settings['post_meta_allow_keys'] );
}
// Allow custom filters
$allowed_keys = apply_filters( 'wpcf7dtx_post_meta_key_allow_list', $allowed_keys );
// Check if the key is in the allow list
if( in_array( $meta_key, $allowed_keys ) ){
return true; // The key is allowed
}
// Everything is disallowed by default
return false;
}
/**
* Check if admin has allowed access to a specific user data
*
* @since 4.2.0
*
* @param string $key The user data key to test
*
* @return bool True if this key can be accessed, false otherwise
*/
function wpcf7dtx_user_data_access_is_allowed( $key )
{
// Get the DTX Settings
$settings = wpcf7dtx_get_settings(); //get_option('cf7dtx_settings', []);
// Has access to all metadata been enabled?
if( isset($settings['user_data_allow_all']) && $settings['user_data_allow_all'] === 'enabled' ){
return true;
}
// If not, check the Allow List
$allowed_keys;
// No key list from settings
if( !isset($settings['user_data_allow_keys'] ) || !is_string($settings['user_data_allow_keys'])){
$allowed_keys = [];
}
// Extract allowed keys from setting text area
else{
// $allowed_keys = preg_split('/\r\n|\r|\n/', $settings['user_data_allow_keys']);
$allowed_keys = wpcf7dtx_parse_allowed_keys($settings['user_data_allow_keys']);
}
// Allow custom filters
$allowed_keys = apply_filters( 'wpcf7dtx_user_data_key_allow_list', $allowed_keys );
// Check if the key is in the allow list
if( in_array( $key, $allowed_keys ) ){
return true; // The key is allowed
}
// Everything is disallowed by default
return false;
}
/**
* Take the string saved in the options array from the allow list textarea and parse it into an array by newlines.
* Also strip whitespace
*
* @param string $allowlist The string of allowed keys stored in the DB
*
* @return array Array of allowed keys
*/
function wpcf7dtx_parse_allowed_keys( $allowlist ){
// Split by newlines
$keys = wpcf7dtx_split_newlines( $allowlist );
// Trim whitespace
$keys = array_map( 'trim' , $keys );
return $keys;
}
/**
* Used to parse strings stored in the database that are from text areas with one element per line into an array of strings
*
* @param string $str The multi-line string to be parsed into an array
*
* @return array Array of parsed strings
*/
function wpcf7dtx_split_newlines( $str ){
return preg_split('/\r\n|\r|\n/', $str);
}
/**
* Gets the CF7 DTX settings field from the WP options table. Returns an empty array if option has not previously been set
*
* @return array The settings array
*/
function wpcf7dtx_get_settings(){
return get_option('cf7dtx_settings', []);
}
/**
* Updates the CF7 DTX settings in the WP options table
*
* @param array $settings The settings array
*
*/
function wpcf7dtx_update_settings($settings){
update_option( 'cf7dtx_settings', $settings );
}
/**
* Outputs a useful PHP Warning message to users on how to allow-list denied meta and user keys
*
* @param string $key The post meta or user key to which access is currently denied
* @param string $type Either 'post_meta' or 'user_data', used to display an appropriate message to the user
*/
function wpcf7dtx_access_denied_alert( $key, $type ){
// Only check on the front end
if( is_admin() || wp_doing_ajax() || wp_is_json_request() ) return;
$shortcode = '';
$list_name = '';
switch( $type ){
case 'post_meta':
$shortcode = 'CF7_get_custom_field';
$list_name = __('Meta Key Allow List', 'contact-form-7-dynamic-text-extension');
break;
case 'user_data':
$shortcode = 'CF7_get_current_user';
$list_name = __('User Data Key Allow List', 'contact-form-7-dynamic-text-extension');
break;
default:
}
$settings_page_url = admin_url('admin.php?page=cf7dtx_settings');
$msg = sprintf(
__('CF7 DTX: Access denied to key: "%1$s" in dynamic contact form shortcode: [%2$s]. Please add this key to the %3$s at %4$s','contact-form-7-dynamic-text-extension'),
$key,
$shortcode,
$list_name,
$settings_page_url
);
trigger_error( $msg, E_USER_WARNING );
}
/**
* Helper function to output array and object data
*/
/*
function dtxpretty ($var, $print=true, $privobj=false) {
$type = gettype($var);
if( $privobj && $type === 'object' ){
$p = '<pre>'.print_r($var, true).'</pre>';
}
else {
$p = '<pre>'.$type . ' ' . json_encode(
$var,
JSON_UNESCAPED_SLASHES |
JSON_UNESCAPED_UNICODE |
JSON_PRETTY_PRINT |
JSON_PARTIAL_OUTPUT_ON_ERROR |
JSON_INVALID_UTF8_SUBSTITUTE
).'</pre>';
}
if( $print ) {
echo $p;
}
return $p;
}
*/

602
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/includes/validation.php
View File

@@ -1,233 +1,369 @@
<?php
/**
* Add Frontend Validation Messages
*
* @since 4.0.0
*
* @param array An associative array of messages
*
* @return array A modified associative array of messages
*/
function wpcf7dtx_messages($messages)
{
return array_merge($messages, array(
'dtx_invalid_email' => array(
'description' => __('There is a field with an invalid email address', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid email address.', 'contact-form-7-dynamic-text-extension')
),
'dtx_invalid_tel' => array(
'description' => __('There is a field with an invalid phone number', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid phone number.', 'contact-form-7-dynamic-text-extension')
),
'dtx_invalid_number' => array(
'description' => __('There is a field with an invalid number', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid number.', 'contact-form-7-dynamic-text-extension')
),
'dtx_invalid_date' => array(
'description' => __('There is a field with an invalid date', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid date.', 'contact-form-7-dynamic-text-extension')
),
));
}
add_filter('wpcf7_messages', 'wpcf7dtx_messages');
/**
* Validate DTX Form Fields
*
* Frontend validation for DTX form tags
*
* @param WPCF7_Validation $result the current validation result object
* @param WPCF7_FormTag $tag the current form tag being filtered for validation
*
* @return WPCF7_Validation a possibly modified validation result object
*/
function wpcf7dtx_validation_filter($result, $tag)
{
$type = str_replace(array('dynamic_', 'dynamic'), '', $tag->basetype);
if (empty($tag->name) || in_array($type, array('hidden', 'submit', 'reset'))) {
return $result; // Bail early for tags without names or if a specific type
}
// Get the value
$user_value = wpcf7dtx_array_has_key($tag->name, $_POST);
if (is_array($user_value)) {
$selection_count = count($user_value);
if (!wpcf7_form_tag_supports($tag->type, 'selectable-values')) {
// Field passed selectable values when it's doesn't support them
$result->invalidate($tag, wpcf7_get_message('validation_error'));
return $result;
} elseif ($selection_count > 1) {
if (!wpcf7_form_tag_supports($tag->type, 'multiple-controls-container')) {
// Field passed multiple values when it's doesn't support them
$result->invalidate($tag, wpcf7_get_message('validation_error'));
return $result;
}
foreach ($user_value as $selection) {
// Validate each selected choice
$result = wpcf7dtx_validate_value($result, sanitize_textarea_field(strval($selection)), $tag, $type);
if (!$result->is_valid($tag->name)) {
return $result; // Return early if any are invalid
}
}
return $result;
}
$user_value = sanitize_text_field(strval(implode(' ', $user_value)));
} elseif ($type == 'textarea') {
$user_value = sanitize_textarea_field(strval($user_value));
} else {
$user_value = sanitize_text_field(strval($user_value));
}
// Validate and return
return wpcf7dtx_validate_value($result, $user_value, $tag, $type);
}
/**
* Validate Single Value
*
* @param WPCF7_Validation $result the current validation result object
* @param string $value the current value being validated, sanitized
* @param WPCF7_FormTag $tag the current form tag being filtered for validation
* @param string $type Optional. The type of the current form tag. Default is blank for lookup.
*
* @return WPCF7_Validation a possibly modified validation result object
*/
function wpcf7dtx_validate_value($result, $value, $tag, $type = '')
{
$type = $type ? $type : str_replace(array('dynamic_', 'dynamic'), '', $tag->basetype);
// Validate required fields for value
if ($tag->is_required() && empty($value)) {
$result->invalidate($tag, wpcf7_get_message('invalid_required'));
return $result;
}
// Validate value by type
if (!empty($value)) {
switch ($type) {
case 'email':
if (!wpcf7_is_email($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_email'));
return $result;
}
break;
case 'tel':
if (!wpcf7_is_tel($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_tel'));
return $result;
}
break;
case 'number':
case 'range':
if (!wpcf7_is_number($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_number'));
return $result;
}
break;
case 'date':
if (!wpcf7_is_date($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_date'));
return $result;
}
break;
}
// Finish validating text-based inputs
$maxlength = $tag->get_maxlength_option();
$minlength = $tag->get_minlength_option();
if ($maxlength && $minlength && $maxlength < $minlength) {
$maxlength = $minlength = null;
}
$code_units = wpcf7_count_code_units($value);
if (false !== $code_units) {
if ($maxlength && $maxlength < $code_units) {
$result->invalidate($tag, wpcf7_get_message('invalid_too_long'));
return $result;
} elseif ($minlength && $code_units < $minlength) {
$result->invalidate($tag, wpcf7_get_message('invalid_too_short'));
return $result;
}
}
}
return $result;
}
/**
* Backend Mail Configuration Validation
*
* Validate dynamic form tags used in mail configuration.
*
* @since 4.0.0
*
* @param WPCF7_ConfigValidator
*
* @return void
*/
function wpcf7dtx_validate($validator)
{
if (!$validator->is_valid()) {
$contact_form = null;
$form_tags = null;
foreach ($validator->collect_error_messages() as $component => $errors) {
$components = explode('.', $component);
if (count($components) === 2 && strpos($components[0], 'mail') === 0 && in_array($components[1], array('sender', 'recipient', 'additional_headers'))) {
foreach ($errors as $error) {
// Focus on email fields that flag the invalid mailbox syntax warning, have to test link because code isn't sent and message could be in any language
if (strpos(wpcf7dtx_array_has_key('link', $error), 'invalid-mailbox-syntax') !== false) {
if (is_null($contact_form)) {
$contact_form = $validator->contact_form();
}
if (is_null($form_tags)) {
$form_tags = wpcf7_scan_form_tags();
}
$raw_value = $contact_form->prop($components[0])[$components[1]];
foreach ($form_tags as $tag) {
if (!empty($tag->name)) {
// Check if this form tag is in the raw value
$form_tag = '[' . $tag->name . ']';
if (strpos($raw_value, $form_tag) !== false && in_array($tag->basetype, array_keys(wpcf7dtx_config()))) {
$validator->remove_error($component, 'invalid_mailbox_syntax'); // Remove error, this is ours to handle now
$utm_source = urlencode(home_url());
if (!in_array($tag->basetype, array('dynamic_hidden', 'dynamic_email'))) {
$validator->add_error($component, 'invalid_mailbox_syntax', array(
'message' => __('Only email, dynamic email, hidden, or dynamic hidden form tags can be used for email addresses.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-invalid_mailbox_syntax#valid-form-tags', $utm_source))
));
} else {
$dynamic_value = wpcf7dtx_get_dynamic(false, $tag); // Get the dynamic value of this tag
if (empty($dynamic_value) && $tag->basetype == 'dynamic_hidden') {
$validator->add_error($component, 'maybe_empty', array(
'message' => __('The dynamic hidden form tag must have a default value.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-maybe_empty#maybe-empty', $utm_source))
));
} elseif (empty($dynamic_value) && !$tag->is_required()) {
$validator->add_error($component, 'maybe_empty', array(
'message' => __('The dynamic form tag must be required or have a default value.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-maybe_empty#maybe-empty', $utm_source))
));
} elseif (!empty($dynamic_value)) {
if (!wpcf7_is_email($dynamic_value)) {
$validator->add_error($component, 'invalid_mailbox_syntax', array(
'message' => __('The default dynamic value does not result in a valid email address.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-invalid_mailbox_syntax#invalid-email-address', $utm_source))
));
} elseif ($component[1] == 'sender' && !wpcf7_is_email_in_site_domain($dynamic_value)) {
$validator->add_error($component, 'email_not_in_site_domain', array(
'message' => __('The dynamic email address for the sender does not belong to the site domain.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-email_not_in_site_domain#invalid-site-domain', $utm_source))
));
}
}
}
}
}
}
}
}
}
}
}
}
add_action('wpcf7_config_validator_validate', 'wpcf7dtx_validate');
<?php
/**
* Add Frontend Validation Messages
*
* @since 4.0.0
*
* @param array An associative array of messages
*
* @return array A modified associative array of messages
*/
function wpcf7dtx_messages($messages)
{
return array_merge($messages, array(
'dtx_invalid_email' => array(
'description' => __('There is a field with an invalid email address', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid email address.', 'contact-form-7-dynamic-text-extension')
),
'dtx_invalid_tel' => array(
'description' => __('There is a field with an invalid phone number', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid phone number.', 'contact-form-7-dynamic-text-extension')
),
'dtx_invalid_number' => array(
'description' => __('There is a field with an invalid number', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid number.', 'contact-form-7-dynamic-text-extension')
),
'dtx_invalid_date' => array(
'description' => __('There is a field with an invalid date', 'contact-form-7-dynamic-text-extension'),
'default' => __('Please enter a valid date.', 'contact-form-7-dynamic-text-extension')
),
));
}
add_filter('wpcf7_messages', 'wpcf7dtx_messages');
/**
* Add DTX Error Code to Config Validator
*
* @since 5.0.0
*
* @param array $error_codes A sequential array of available error codes in Contact Form 7.
*
* @return array A modified sequential array of available error codes in Contact Form 7.
*/
function wpcf7dtx_config_validator_available_error_codes($error_codes)
{
$dtx_errors = array('dtx_disallowed');
return array_merge($error_codes, $dtx_errors);
}
add_filter('wpcf7_config_validator_available_error_codes', 'wpcf7dtx_config_validator_available_error_codes');
/**
* Validate DTX Form Fields
*
* Frontend validation for DTX form tags
*
* @param WPCF7_Validation $result the current validation result object
* @param WPCF7_FormTag $tag the current form tag being filtered for validation
*
* @return WPCF7_Validation a possibly modified validation result object
*/
function wpcf7dtx_validation_filter($result, $tag)
{
$type = str_replace(array('dynamic_', 'dynamic'), '', $tag->basetype);
if (empty($tag->name) || in_array($type, array('hidden', 'submit', 'reset'))) {
return $result; // Bail early for tags without names or if a specific type
}
// Get the value
$user_value = wpcf7dtx_array_has_key($tag->name, $_POST);
if (is_array($user_value)) {
$selection_count = count($user_value);
if (!wpcf7_form_tag_supports($tag->type, 'selectable-values')) {
// Field passed selectable values when it's doesn't support them
$result->invalidate($tag, wpcf7_get_message('validation_error'));
return $result;
} elseif ($selection_count > 1) {
if (!wpcf7_form_tag_supports($tag->type, 'multiple-controls-container')) {
// Field passed multiple values when it's doesn't support them
$result->invalidate($tag, wpcf7_get_message('validation_error'));
return $result;
}
foreach ($user_value as $selection) {
// Validate each selected choice
$result = wpcf7dtx_validate_value($result, sanitize_textarea_field(strval($selection)), $tag, $type);
if (!$result->is_valid($tag->name)) {
return $result; // Return early if any are invalid
}
}
return $result;
}
$user_value = sanitize_text_field(strval(implode(' ', $user_value)));
} elseif ($type == 'textarea') {
$user_value = sanitize_textarea_field(strval($user_value));
} else {
$user_value = sanitize_text_field(strval($user_value));
}
// Validate and return
return wpcf7dtx_validate_value($result, $user_value, $tag, $type);
}
/**
* Validate Single Value
*
* @param WPCF7_Validation $result the current validation result object
* @param string $value the current value being validated, sanitized
* @param WPCF7_FormTag $tag the current form tag being filtered for validation
* @param string $type Optional. The type of the current form tag. Default is blank for lookup.
*
* @return WPCF7_Validation a possibly modified validation result object
*/
function wpcf7dtx_validate_value($result, $value, $tag, $type = '')
{
$type = $type ? $type : str_replace(array('dynamic_', 'dynamic'), '', $tag->basetype);
// Validate required fields for value
if ($tag->is_required() && empty($value)) {
$result->invalidate($tag, wpcf7_get_message('invalid_required'));
return $result;
}
// Validate value by type
if (!empty($value)) {
switch ($type) {
case 'email':
if (!wpcf7_is_email($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_email'));
return $result;
}
break;
case 'tel':
if (!wpcf7_is_tel($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_tel'));
return $result;
}
break;
case 'number':
case 'range':
if (!wpcf7_is_number($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_number'));
return $result;
}
break;
case 'date':
if (!wpcf7_is_date($value)) {
$result->invalidate($tag, wpcf7_get_message('dtx_invalid_date'));
return $result;
}
break;
}
// Finish validating text-based inputs
$maxlength = $tag->get_maxlength_option();
$minlength = $tag->get_minlength_option();
if ($maxlength && $minlength && $maxlength < $minlength) {
$maxlength = $minlength = null;
}
$code_units = wpcf7_count_code_units($value);
if (false !== $code_units) {
if ($maxlength && $maxlength < $code_units) {
$result->invalidate($tag, wpcf7_get_message('invalid_too_long'));
return $result;
} elseif ($minlength && $code_units < $minlength) {
$result->invalidate($tag, wpcf7_get_message('invalid_too_short'));
return $result;
}
}
}
return $result;
}
/**
* Backend Mail Configuration Validation
*
* Validate dynamic form tags used in mail configuration.
*
* @since 4.0.0
*
* @param WPCF7_ConfigValidator
*
* @return void
*/
function wpcf7dtx_validate($validator)
{
// Check for sensitive form tags
$manager = WPCF7_FormTagsManager::get_instance();
$contact_form = $validator->contact_form();
$form = $contact_form->prop('form');
if (wpcf7_autop_or_not()) {
$form = $manager->replace_with_placeholders($form);
$form = wpcf7_autop($form);
$form = $manager->restore_from_placeholders($form);
}
$form = $manager->replace_all($form);
$tags = $manager->get_scanned_tags();
foreach ($tags as $tag) {
/** @var WPCF7_FormTag $tag */
// Only validate DTX formtags
if (in_array($tag->basetype, array_merge(
array('dynamictext', 'dynamichidden'), // Deprecated DTX form tags
array_keys(wpcf7dtx_config()) // DTX form tags
))) {
// Check value for sensitive data
$default = $tag->get_option('defaultvalue', '', true);
if (!$default) {
$default = $tag->get_default_option(strval(reset($tag->values)));
}
if (
!empty($value = trim(wpcf7_get_hangover($tag->name, $default))) && // Has value
($result = wpcf7dtx_validate_sensitive_value($value))['status'] // Has sensitive data
) {
$validator->add_error('form.body', 'dtx_disallowed', array(
'message' => sprintf(
__('[%1$s %2$s]: Access to key "%3$s" in shortcode "%4$s" is disallowed by default. To allow access, add "%3$s" to the %5$s Allow List.', 'contact-form-7-dynamic-text-extension'),
esc_html($tag->basetype),
esc_html($tag->name),
esc_html($result['key']),
esc_html($result['shortcode']),
esc_html($result['shortcode'] == 'CF7_get_current_user' ? __('User Data Key', 'contact-form-7-dynamic-text-extension') : __('Meta Key', 'contact-form-7-dynamic-text-extension'))
),
'link' => wpcf7dtx_get_admin_settings_screen_url()
));
}
// Check placeholder for sensitive data
if (
($tag->has_option('placeholder') || $tag->has_option('watermark')) && // Using placeholder
!empty($placeholder = trim(html_entity_decode(urldecode($tag->get_option('placeholder', '', true)), ENT_QUOTES))) && // Has value
($result = wpcf7dtx_validate_sensitive_value($placeholder))['status'] // Has sensitive data
) {
$validator->add_error('form.body', 'dtx_disallowed', array(
'message' => sprintf(
__('[%1$s %2$s]: Access to key "%3$s" in shortcode "%4$s" is disallowed by default. To allow access, add "%3$s" to the %5$s Allow List.', 'contact-form-7-dynamic-text-extension'),
esc_html($tag->basetype),
esc_html($tag->name),
esc_html($result['key']),
esc_html($result['shortcode']),
esc_html($result['shortcode'] == 'CF7_get_current_user' ? __('User Data Key', 'contact-form-7-dynamic-text-extension') : __('Meta Key', 'contact-form-7-dynamic-text-extension'))
),
'link' => wpcf7dtx_get_admin_settings_screen_url()
));
}
}
}
// Validate email address
if (!$validator->is_valid()) {
$contact_form = null;
$form_tags = null;
foreach ($validator->collect_error_messages() as $component => $errors) {
$components = explode('.', $component);
if (count($components) === 2 && strpos($components[0], 'mail') === 0 && in_array($components[1], array('sender', 'recipient', 'additional_headers'))) {
foreach ($errors as $error) {
// Focus on email fields that flag the invalid mailbox syntax warning, have to test link because code isn't sent and message could be in any language
if (strpos(wpcf7dtx_array_has_key('link', $error), 'invalid-mailbox-syntax') !== false) {
if (is_null($contact_form)) {
$contact_form = $validator->contact_form();
}
if (is_null($form_tags)) {
$form_tags = wpcf7_scan_form_tags();
}
$raw_value = $contact_form->prop($components[0])[$components[1]];
foreach ($form_tags as $tag) {
if (!empty($tag->name)) {
// Check if this form tag is in the raw value
$form_tag = '[' . $tag->name . ']';
if (strpos($raw_value, $form_tag) !== false && in_array($tag->basetype, array_keys(wpcf7dtx_config()))) {
$validator->remove_error($component, 'invalid_mailbox_syntax'); // Remove error, this is ours to handle now
$utm_source = urlencode(home_url());
if (!in_array($tag->basetype, array('dynamic_hidden', 'dynamic_email'))) {
$validator->add_error($component, 'invalid_mailbox_syntax', array(
'message' => __('Only email, dynamic email, hidden, or dynamic hidden form tags can be used for email addresses.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-invalid_mailbox_syntax#valid-form-tags', $utm_source))
));
} else {
$dynamic_value = wpcf7dtx_get_dynamic(false, $tag); // Get the dynamic value of this tag
if (empty($dynamic_value) && $tag->basetype == 'dynamic_hidden') {
$validator->add_error($component, 'maybe_empty', array(
'message' => __('The dynamic hidden form tag must have a default value.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-maybe_empty#maybe-empty', $utm_source))
));
} elseif (empty($dynamic_value) && !$tag->is_required()) {
$validator->add_error($component, 'maybe_empty', array(
'message' => __('The dynamic form tag must be required or have a default value.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-maybe_empty#maybe-empty', $utm_source))
));
} elseif (!empty($dynamic_value)) {
if (!wpcf7_is_email($dynamic_value)) {
$validator->add_error($component, 'invalid_mailbox_syntax', array(
'message' => __('The default dynamic value does not result in a valid email address.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-invalid_mailbox_syntax#invalid-email-address', $utm_source))
));
} elseif ($component[1] == 'sender' && !wpcf7_is_email_in_site_domain($dynamic_value)) {
$validator->add_error($component, 'email_not_in_site_domain', array(
'message' => __('The dynamic email address for the sender does not belong to the site domain.', 'contact-form-7-dynamic-text-extension'),
'link' => esc_url(sprintf('https://aurisecreative.com/docs/contact-form-7-dynamic-text-extension/configuration-errors/?utm_source=%s&utm_medium=link&utm_campaign=contact-form-7-dynamic-text-extension&utm_content=config-error-email_not_in_site_domain#invalid-site-domain', $utm_source))
));
}
}
}
}
}
}
}
}
}
}
}
}
add_action('wpcf7_config_validator_validate', 'wpcf7dtx_validate');
/**
* Validate Field Value for Sensitive Data
*
* @since 5.0.0
*
* @see https://developer.wordpress.org/reference/functions/get_bloginfo/#description
*
* @param string $content The string to validate.
*
* @return array An associative array with keys `status` (bool), `shortcode` (string), and `key` (string).
* The value of `status` is true if the content is a shortcode that is attempting to access sensitive data. False
* otherwise. The value of `shortcode` is the the shortcode that is making the attempt if `status` is true. The
* value of `key` is the shortcode's `key` attribute of the attempt being made if `status` is true.
*/
function wpcf7dtx_validate_sensitive_value($content)
{
$r = array(
'status' => false,
'shortcode' => '',
'key' => ''
);
// Parse the attributes. [0] is the shortcode name. ['key'] is the key attribute
$atts = shortcode_parse_atts($content);
// If we can't extract the atts, or the shortcode or `key` is not an att, don't validate
if( !is_array($atts) || !array_key_exists('key', $atts) || !array_key_exists('0', $atts) ) return $r;
// Find the key and shortcode in question
$key = sanitize_text_field($atts['key']);
$shortcode = sanitize_text_field($atts['0']);
// If the shortcode or key value does not exist, don't validate
if( empty($shortcode) || empty($key) ) return $r;
$allowed = true;
switch( $shortcode ){
case 'CF7_get_custom_field':
$allowed = wpcf7dtx_post_meta_key_access_is_allowed( $key );
break;
case 'CF7_get_current_user':
$allowed = wpcf7dtx_user_data_access_is_allowed( $key );
break;
default:
}
if( !$allowed ){
$r['status'] = true;
$r['shortcode'] = $shortcode;
$r['key'] = $key;
}
return $r;
}

17
wp/wp-content/plugins/contact-form-7-dynamic-text-extension/readme.txt
View File

@@ -2,8 +2,8 @@
Contributors: sevenspark, tessawatkinsllc
Donate link: https://just1voice.com/donate/
Tags: Contact Form 7, autofill, prepopulate, input, form field, contact form, text, hidden, input, dynamic, GET, POST, title, slug, auto-fill, pre-populate
Tested up to: 6.3
Stable tag: 4.1.0
Tested up to: 6.4.2
Stable tag: 4.2.0
This plugin provides additional form tags for the Contact Form 7 plugin. It allows dynamic generation of content for text-based input fields like text, hidden, and email, checkboxes, radio buttons, and drop-down selections using any shortcode.
@@ -198,6 +198,8 @@ Learn more and see examples from [the DTX Knowledge base](https://aurisecreative
Retrieve custom fields from the current post/page. Just set the custom field as the key in the shortcode.
Note: You must add any meta keys that you want to allow access to to the allow list in your admin panel > Contact > Dynamic Text Extension > Meta Key Allow List. [More Information](https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access)
The dynamic value input becomes: `CF7_get_custom_field key='my_custom_field'`
And the tag looks like this: `[dynamictext dynamicname "CF7_get_custom_field key='my_custom_field'"]`
@@ -238,6 +240,8 @@ Get data about the current logged-in user.
Dynamic value: `CF7_get_current_user key='user_displayname'`
CF7 Tag: `[dynamictext dynamicname "CF7_get_current_user"]`
Note: You must add any user keys that you want to allow access to to the allow list in your admin panel > Contact > Dynamic Text Extension > User Data Key Allow List. [More Information](https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access)
Valid values for `key` include:
* `ID`
@@ -376,11 +380,18 @@ Please check out the [FAQ on our website](https://aurisecreative.com/docs/contac
== Upgrade Notice ==
= 4.1.0 =
= 4.2.0 =
Extend functionality without losing your work!
== Changelog ==
= 4.2.0 =
* Security Update: ** Please be sure to review this doc, as you may need to adjust the settings: https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access **
* Feature: Added Settings Screen with Allow Lists
* Feature: Added Form Scanner
* Feature: Added Allow List key validation in CF7 Form Validator
= 4.1.0 =
* Feature: Looks for a `dtx.php` file in the `wp_content` directory to maybe load custom shortcodes, [see support thread](https://wordpress.org/support/topic/how-to-avoid-custom-shortcodes-being-overwritten-on-updates/)