diff --git a/mlw_quizmaster2.php b/mlw_quizmaster2.php index 242550b1d..97e9fe400 100644 --- a/mlw_quizmaster2.php +++ b/mlw_quizmaster2.php @@ -473,7 +473,8 @@ public function qsm_admin_scripts_style( $hook ) { } } // load admin JS after all dependencies are loaded - wp_enqueue_script( 'qsm_admin_js', plugins_url( 'js/qsm-admin.js', __FILE__ ), array( 'jquery', 'backbone', 'underscore', 'wp-util', 'jquery-ui-sortable', 'jquery-touch-punch', 'qsm-jquery-multiselect-js' ), $this->version, true ); + /** Fixed wpApiSettings is not defined js error by using 'wp-api-request' core script to allow the use of localized version of wpApiSettings. **/ + wp_enqueue_script( 'qsm_admin_js', plugins_url( 'js/qsm-admin.js', __FILE__ ), array( 'jquery', 'backbone', 'underscore', 'wp-util', 'jquery-ui-sortable', 'jquery-touch-punch', 'qsm-jquery-multiselect-js', 'wp-api-request' ), $this->version, true ); wp_enqueue_style( 'jquer-multiselect-css', QSM_PLUGIN_CSS_URL . '/jquery.multiselect.min.css', array(), $this->version ); wp_enqueue_script( 'qsm-jquery-multiselect-js', QSM_PLUGIN_JS_URL . '/jquery.multiselect.min.js', array( 'jquery' ), $this->version, true ); wp_enqueue_script( 'micromodal_script', plugins_url( 'js/micromodal.min.js', __FILE__ ), array( 'jquery', 'qsm_admin_js' ), $this->version, true ); diff --git a/php/classes/class-qsm-contact-manager.php b/php/classes/class-qsm-contact-manager.php index 35cd74e38..d644d84b4 100644 --- a/php/classes/class-qsm-contact-manager.php +++ b/php/classes/class-qsm-contact-manager.php @@ -353,6 +353,25 @@ public static function save_fields( $quiz_id, $fields ) { $fields[ $i ]['label'] = $label; $mlwQuizMasterNext->pluginHelper->qsm_register_language_support( $label, "quiz_contact_field_text-{$i}-{$quiz_id}" ); $mlwQuizMasterNext->pluginHelper->qsm_register_language_support( $placeholder, "quiz_contact_field_placeholder-{$i}-{$quiz_id}" ); + + // Validate allowed domains + if ( ! empty( $fields[ $i ]['allowdomains'] ) ) { + $allowdomains = explode( ',', $fields[ $i ]['allowdomains'] ); + // Trim domains + $allowdomains = array_map( 'trim', $allowdomains ); + // filter domain + $allowdomains = array_filter( $allowdomains, function( $allowdomain ) { + /** + * full domain name may not exceed a total length of 253 ASCII characters + * The domain name consists of valid labels (1-63 characters of letters, digits, + * or hyphens) followed by a dot. The domain ends with a valid TLD + * (2-63 characters of letters). + */ + return preg_match( '/^([a-zA-Z0-9-]{1,63}\.)+[a-zA-Z]{2,63}$/', $allowdomain ) && ( strlen( $allowdomain ) <= 253 ); + } ); + + $fields[ $i ]['allowdomains'] = implode( ',', $allowdomains ); + } if ( ! empty( $fields[ $i ]['options'] ) ) { $options = sanitize_text_field( wp_unslash( $fields[ $i ]['options'] ) ); $fields[ $i ]['options'] = $options; diff --git a/php/classes/class-qsm-emails.php b/php/classes/class-qsm-emails.php index ffd3599ff..7565c5bf4 100644 --- a/php/classes/class-qsm-emails.php +++ b/php/classes/class-qsm-emails.php @@ -40,6 +40,10 @@ public static function send_emails( $transient_id ) { foreach ( $emails as $index => $email ) { $email_subject = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $email['subject'], "quiz-email-subject-{$index}-{$response_data['quiz_id']}" ); + + // kses converts ampersands to & core.trac.wordpress.org/ticket/11311. + $email_subject = str_replace( '&', '&', $email_subject ); + $email_content = $mlwQuizMasterNext->pluginHelper->qsm_language_support( $email['content'], "quiz-email-content-{$index}-{$response_data['quiz_id']}" ); // Checks if any conditions are present. Else, send it always. if ( ! empty( $email['conditions'] ) ) { diff --git a/readme.txt b/readme.txt index d78e51d99..9766b60ce 100644 --- a/readme.txt +++ b/readme.txt @@ -163,6 +163,11 @@ This is usually a theme conflict. You can [checkout out our common conflict solu 18. Database == Changelog == += 9.0.5 ( Beta ) = +* Fixed: Quiz contact form email allow domains validation +* Fixed: wpApiSettings JS error +* Fixed: Email subject converts & to & + = 9.0.4 ( June 10, 2024 ) = * Enhancement: Improved HTML code management on the result page