Headline
CVE-2023-5125: index.php in formget-contact-form/trunk – WordPress Plugin Repository
The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘formget’ shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
1<?php2/*3 Plugin Name: FormGet Contact Form4 Plugin URI: https://www.formget.com/formget/5 Description: FormGet is an online form builder that helps you in creating beautiful contact forms, multi-page forms, payment forms, and several other types of forms easily. Simply drag and drop the required fields to start creating your first form.6 Version: 5.5.57 Author: FormGet8 Author URI: https://www.formget.com/formget/9 */10require 'mailget.php’;1112/**13 * MailGet Panel Ajax calling14 */15function formget_mailget_ajax() {16 $mg_obj = new mailget();17 add_action('wp_ajax_formget_mailget_display_contact_lists’, array($mg_obj, ‘formget_mailget_display_contact_lists’));18 add_action('wp_ajax_formget_mailget_save_contact_list_id’, array($mg_obj, ‘formget_mailget_save_contact_list_id’));19 add_action('wp_ajax_formget_mailget_save_options’, array($mg_obj, ‘formget_mailget_save_options’));2021 /**22 * Form ajax23 */24 add_action('wp_ajax_formget_mailget_form_action’, array($mg_obj, ‘formget_mailget_form_action’));25 add_action('wp_ajax_nopriv_formget_mailget_form_action’, array($mg_obj, ‘formget_mailget_form_action’));26}2728add_action('init’, ‘formget_mailget_ajax’);2930/**31 * Notice to show “Create form” on page other than formget setting 32 */33function formget_mailget_admin_notice() {34 $fg_iframe_form = get_option(‘fg_embed_code’);35 $string = “sideBar";36 $para = “?admin_nag_ignore=0&page=” . $_GET[‘page’];37 $pos = strpos($fg_iframe_form, $string);38 if ($pos == false) {39 global $current_user;40 $user_id = $current_user->ID;41 /* Check that the user hasn’t already clicked to ignore the message */42 if (!get_user_meta($user_id, ‘formget_mailget_admin_ignore_notice’)) {43 ?>44 <div class="fg_trial-notify updated below-h2">45 <p class="fg_division_note">46 Welcome to FormGet - You’re almost ready to create your form <a class="fg_button_prime click_notice” href=’<?php echo admin_url(‘admin.php?page=cf_page’); ?>’>Click to Create.</a><?php printf(__(‘<a class="fg_hide_notice fg_button_prime", href="%1$s">Hide Notice</a>’), $para); ?>47 </p>48 </div>49 <?php50 }51 }52}5354function formget_tracking_notice() {55 global $current_user;56 $user_id = $current_user->ID;5758 /* Check that the user hasn’t already clicked to ignore the message */59 if (!get_user_meta($user_id, ‘formget_tracking_ignore_notice’)) {60 ?>61 <div class="updated um-admin-notice"><p>Allow FormGet to send you setup guide? Opt-in to our newsletter and we will immediately e-mail you a setup guide along with 20% discount which you can use to purchase the FormGet extension bundle.</p><p><a href="<?php echo admin_url(‘admin.php?page=cf_page&fg_page_tracking=allow_tracking’); ?>" class="button button-primary">Allow Sending</a> <a href="<?php echo admin_url(‘admin.php?page=cf_page&fg_page_tracking=hide_tracking’); ?>" class="button-secondary">Do not allow </a></p></div>62 <?php63 }64}6566//if (isset($_GET[‘page’]) && $_GET[‘page’] != ‘cf_page’) {67// add_action('admin_notices’, ‘formget_mailget_admin_notice’);68// add_action('admin_notices’, ‘formget_tracking_notice’);69//}7071function formget_mailget_admin_nag_ignore() {72 global $current_user;73 $user_id = $current_user->ID;74 /* If user clicks to ignore the notice, add that to their user meta */75 if (isset($_GET[‘admin_nag_ignore’]) && ‘0’ == $_GET[‘admin_nag_ignore’]) {76 add_user_meta($user_id, 'formget_mailget_admin_ignore_notice’, 'true’, true);77 }7879 if (isset($_GET[“fg_page_tracking”]) && $_GET[“fg_page_tracking”] == “hide_tracking”) {80 add_user_meta($user_id, 'formget_tracking_ignore_notice’, 'true’, true);81 }82 if (isset($_GET[“fg_page_tracking”]) && $_GET[“fg_page_tracking”] == “allow_tracking”) {83 $email = get_option(“admin_email”);84 if (isset($email) && $email != “”) {85 $mg_api_key = “EsT96nYTlxED";86 require_once(‘inc/mailget_curl.php’);87 $list_arr = array();88 $mg_obj = new mailget_curl($mg_api_key);89 $mg_arr = array(array(90 ‘name’ => “",91 ‘email’ => sanitize_email($email),92 ‘get_date’ => date(‘j-m-y’),93 ‘ip’ => '’94 )95 );96 $curt_status = $mg_obj->curl_data($mg_arr, “Ijc1OTcxMyI_3D", ‘single’);97 }98 add_user_meta($user_id, 'formget_tracking_ignore_notice’, 'true’, true);99 }100}101102add_action('admin_init’, ‘formget_mailget_admin_nag_ignore’);103104/**105 * To delete data from table on deactivation of plugin106 */107function formget_mailget_delete_user_entry() {108 global $current_user;109 $user_id = $current_user->ID;110 delete_user_meta($user_id, 'formget_mailget_admin_ignore_notice’, 'true’, true);111 delete_user_meta($user_id, 'formget_tracking_ignore_notice’, 'true’, true);112}113114register_deactivation_hook(__FILE__, ‘formget_mailget_delete_user_entry’);115116117/**118 * css loaded for dashboard page119 */120if (is_admin() && isset($_GET[‘page’])) {121122 function formget_mailget_add_style() {123 wp_enqueue_style('form1_style1_sheet’, plugins_url('css/fgstyle.css’, __FILE__));124 wp_enqueue_style('mg_admin_stylesheet’, plugins_url('css/mgstyle.css’, __FILE__));125 }126127 add_action(“admin_head", “formget_mailget_add_style”);128129 function formget_mailget_wordpress_style() {130 wp_enqueue_style('stylesheet_menu’, admin_url(‘load-styles.php?c=1&dir=ltr&load=admin-bar,wp-admin,buttons,wp-auth-check&’));131 wp_enqueue_style('style_menu’, admin_url(‘css/colors-fresh.min.css’));132 }133134 add_action('admin_head’, ‘formget_mailget_wordpress_style’);135}136137138/**139 * menu & submenu function called140 */141add_action('admin_menu’, ‘formget_mailget_menu_page’);142143function formget_mailget_menu_page() {144add_menu_page('cf’, 'Form Builder’, 'manage_options’, 'cf_page’, '’, plugins_url('image/pabbly-favicon.png’, __FILE__), 109);145 add_submenu_page('cf_page’, 'Create Form’, 'Create Form’, 'manage_options’, 'c_f’, ‘fg_create_form’);146 add_submenu_page('cf_page’, 'Embed Code’, 'Embed Code’, 'manage_options’, 'embed_tab’, ‘fg_embed_code’);147 add_submenu_page('cf_page’, 'Help’, 'Help’, 'manage_options’, 'help_tab’, ‘fg_help_tab’);148 add_submenu_page('cf_page’, 'Upgrade’, 'Upgrade’, 'manage_options’, 'gopro_tab’, ‘fg_gopro_tab’);149 remove_submenu_page('cf_page’, ‘cf_page’);150}151152//function formget_mailget_submenu_dashboard() {153// echo “<h2 class=’heading’>FormGet Powerful Extension</h2><h4 class=’heading’>These extensions will enhance the functionality of your form. Select the Extension that best fits your needs.</h4><hr/>";154// echo formget_mailget_extension_list();155//}156157158function fg_create_form() {159 ?>160 <div id="fg_content1">161 <div class="fg_group1” id="pn_content">162 <div class="fg_section section-text"> 163 <div class="outer_iframe_div” id="outer_iframe_div">164 <div class="inner_iframe_div” id="inner_iframe_div">165 <iframe src="https://forms.pabbly.com/home” class="fbuild-iframe” name="iframe" id="iframebox" style="width:100%; height:900px; border:1px solid #dfdfdf; align:center;" >166 </iframe>167 </div>168 </div>169 </div>170 </div>171 </div>172173<?php174}175176function fg_embed_code() {177 global $wpdb;178 ?>179 <div id="fg_content1">180 <div class="fg_group1" id="pn_content">181 <div id="fg_of_container" class="fg_wrap"> 182 <form id="fg_ofform" action="" method="POST">183 <div id="fg_content1">184 <div class="fg_group11" id="pn_displaysetting">185186 <div class="fg_section section-text">187 <h3 class="fg_heading">Embed the code of sliding form. (To get the sliding form code, Click on Contact Form Builder tab-> Go to you form Settings-> Embed & Share -> Embed Sliding Form -> Copy & paste the code below.</h3>188 <div class="option">189 <div class="fg_controls" style="height:auto; padding-bottom: 10px;">190 <textarea name="content[html]" cols="60" rows="10" class="regular-text" id="fg_content_html" style="width:900px"><?php echo esc_html(formget_mailget_show_embed_code()); ?></textarea> 191 <p class="fg_info"><b>Select the page in which you want to show “Contact Us” tab. By default it is visible on every page.</b><p>192 <?php193 $page_title = $wpdb->get_results(“SELECT post_title, id FROM $wpdb->posts WHERE (post_type = ‘page’ AND post_status = ‘publish’)");194 $val = get_option(‘fg_checked_page_id’);195 if (!empty($val) && in_array(“home1", $val)) {196 ?>197 <input id="fg_selected_box” type="checkbox” name="checkbox" value="home1" checked>198 <?php } else {199 ?>200 <input id="fg_selected_box" type="checkbox" name="checkbox" value="home1">201 <?php202 }203 echo “Home” . “<br/>";204205 foreach ($page_title as $title) {206 $fg_list_page_id = get_option(‘fg_checked_page_id’);207 ?>208 <input id="fg_selected_box” type="checkbox" name="checkbox" value="<?php echo $title->id; ?>" 209 <?php210 if (!empty($fg_list_page_id)) {211 foreach ($fg_list_page_id as $list) {212 if ($list == $title->id) {213 ?>214 checked215 <?php216 }217 }218 }219 ?> >220221 <?php222 echo esc_html($title->post_title);223 echo “<br>";224 }225 ?>226 <div id="submit-form” class="fg_embed_code_save " > Save </div> 227 <div id="loader_img" align="center" style="margin-left:110px; display:none;">228 <img src="<?php echo esc_url(plugins_url('image/ajax-loader.gif’, __FILE__)); ?>">229 </div>230231 </div>232233 </div>234 </div>235236 </div>237 </div>238 </form>239 </div>240 </div>241 </div>242<?php }243244function fg_help_tab() {245 ?>246 <div class="fg_group1" id="pn_template">247 <div id="help_txt">248 <iframe src="https://www.formget.com/resources/" name="iframe" id="ext-iframe" style="width:100%; height:900px; overflow-y:scroll;" >249 </iframe>250 </div>251 </div>252<?php }253254function fg_gopro_tab() {255 ?>256 <div class="fg_group1" id="pn_gopro">257 <div class="fg_section section-text">258 <!-- <h3 class="fg_heading">Check Pricing…</h3>–>259 <iframe src="https://www.pabbly.com/form-builder/pricing/" name="iframe" id="ext-iframe" style="width:100%; height:900px; overflow-y:scroll;" >260 </iframe>261 </div>262 </div>263<?php }264265/**266 * mailget menu function call for setting page267 */268function formget_mailget_mg_setting_page() {269 $mg_obj = new mailget();270 $mg_obj->formget_mailget_interface();271}272273/**274 * Extension menu function call for setting page 275 */276function formget_mailget_extension_list() {277 $extensions = array(278 array(‘img_path’ => plugins_url("image/bundle.png", __FILE__),279 ‘ext_title’ => 'FormGet Extensions Bundle’,280 ‘ext_desc’ => 'Extensions bundle gives you access to all FormGet extensions at one single price. This extension bundle includes more than 30 different extensions and several integration.’,281 ‘ext_url’ => ‘https://www.formget.com/app/extension/fg_extension/all-1’),282 array(‘img_path’ => plugins_url("image/custom.png", __FILE__),283 ‘ext_title’ => 'Custom Branding’,284 ‘ext_desc’ => 'This extensions allows you to remove and edit any FormGet branding from your forms. It allows you to quickly transform your FormGet form into your own branded form.’,285 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/formcapabilities-custombranding’),286 array(‘img_path’ => plugins_url("image/paypal.png", __FILE__),287 ‘ext_title’ => 'PayPal’,288 ‘ext_desc’ => 'The PayPal Extension helps you to collect online payments through your forms. It accept credit card payments through forms instantly.’,289 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/payment-paypal’),290 array(‘img_path’ => plugins_url("image/email.png", __FILE__),291 ‘ext_title’ => 'Email Notification’,292 ‘ext_desc’ => 'With this extension whenever a user fills out the form you will recieve an email notification notifying you about the form submission. This way you wont miss any of the form entries.’,293 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/notification-emailnotification’),294 array(‘img_path’ => plugins_url("image/mailc.jpg", __FILE__),295 ‘ext_title’ => 'MailChimp’,296 ‘ext_desc’ => 'The MailChimp Extension helps you to store form messages on MailChimp mailing list. Thus help in collecting leads.’,297 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/thirdparty-mailchimp’),298 array(‘img_path’ => plugins_url(“image/aweber.jpg", __FILE__),299 ‘ext_title’ => ‘Aweber’,300 ‘ext_desc’ => ‘The Aweber Extension helps you to store your collected leads through forms on your Aweber mailing list.’,301 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/thirdparty-aweber’),302 array(‘img_path’ => plugins_url(“image/logical.jpg", __FILE__),303 ‘ext_title’ => 'Logical Forms’,304 ‘ext_desc’ => ‘The Logical Forms Extension helps you to create form with condition logics that apply to form fields.’,305 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/formcapabilities-logicalforms’),306 array(‘img_path’ => plugins_url(“image/form_scheduler_icon.png", __FILE__),307 ‘ext_title’ => 'Form Scheduler’,308 ‘ext_desc’ => 'The Form Scheduler Extension helps you to schedule your form on the basis of - specific date or total submissions.’,309 ‘ext_url’ => ‘https://www.formget.com/app/single_extension/pricing/formcapabilities-formentrylimit’)310 );311 $list = '’;312 foreach ($extensions as $extension) {313314 $list .="<div class=’block-content’>315 <div class=’block-left’><img src=’” . $extension[‘img_path’] . "’ class=’entension-image’></div>316 <div class=’block-right’>317 <h3>” . $extension[‘ext_title’] . “</h3>318 <a href=’” . $extension[‘ext_url’] . "’ target=’_blank’ class=’view’>View Extension</a>319 <p class=’details’>” . $extension[‘ext_desc’] . "</p> 320 </div>321 </div>";322 }323 return $list;324}325326/**327 * script included for both formget & mailget328 */329function formget_mailget_embeded_script() {330 wp_enqueue_script('embeded_script’, plugins_url('js/fg_script.js’, __FILE__), array(‘jquery’),’’,true);331 wp_localize_script('embeded_script’, 'script_call’, array(‘ajaxurl’ => admin_url(‘admin-ajax.php’), ‘aj_nonce’ => wp_create_nonce(‘script-nonce’)));332 wp_enqueue_script('mg_script’, plugins_url('js/mg_script.js’, __FILE__), array(‘jquery’),’’,true);333 wp_localize_script('mg_script’, 'mg_option’, array(‘ajaxurl’ => admin_url(‘admin-ajax.php’), ‘mg_option_nonce’ => wp_create_nonce(‘mg_option_nonce’)));334}335336if (isset($_GET[‘page’])) {337 add_action('init’, ‘formget_mailget_embeded_script’);338}339340/**341 * Ajax called at time of saving embed code342 */343function formget_mailget_text_ajax_process_request() {344 if (!check_ajax_referer('script-nonce’, ‘aj_nonce’) && !is_user_logged_in() && !current_user_can(‘manage_options’)) {345 return;346 }347 $new_input = array();348 $text_value = $_POST[‘value’];349 // $val = $_POST[‘value_hide’];350 if (isset($_POST[‘page_id’]) && !empty($_POST[‘page_id’])) {351 foreach ($_POST[‘page_id’] as $key => $val) {352 $new_input[$key] = ( isset($_POST[‘page_id’][$key]) ) ?353 sanitize_text_field($val) :354 '’;355 }356 $page_id = $new_input;357 } else {358 $page_id = '’;359 }360 //echo $val;361 $pos = strpos($text_value, “sideBar”);362 if ($pos == true || trim($text_value) == ‘’) {363 //update_option('fg_hide_video’, $val);364 update_option('fg_embed_code’, $text_value);365 update_option('fg_checked_page_id’, $page_id);366 //print_r($page_id);367 echo 1;368 } else {369 echo “Please enter valid Sliding Form code";370 }371 die();372}373374add_action('wp_ajax_request_response’, ‘formget_mailget_text_ajax_process_request’);375376/**377 * to show saved embed code in dashboard378 */379function formget_mailget_show_embed_code() {380 global $wpdb;381 $fg_iframe_form = get_option(‘fg_embed_code’);382 $string = “sideBar";383 $pos = strpos($fg_iframe_form, $string);384 if ($pos == true) {385 echo stripslashes($fg_iframe_form);386 }387}388389/**390 * To dispaly sliding form at front-end391 */392if (!function_exists(‘formget_mailget_embeded_code’)) {393394 function formget_mailget_embeded_code() {395 //$title = get_the_title();396 $postid = get_the_ID();397 $fg_list_page_id = get_option(‘fg_checked_page_id’);398 global $wpdb;399 $fg_iframe_form = get_option(‘fg_embed_code’);400 $string = “sideBar";401 $pos = strpos($fg_iframe_form, $string);402 if (!empty($fg_list_page_id)) {403 foreach ($fg_list_page_id as $key) {404 if ($postid == $key) {405 if ($pos == true) {406 echo stripslashes($fg_iframe_form);407 }408 } else {409 if (is_front_page() && $key == “home1”) {410 if ($pos == true) {411 echo stripslashes($fg_iframe_form);412 }413 }414 }415 }416 } else {417 if ($pos == true) {418 echo stripslashes($fg_iframe_form);419 }420 }421 }422423}424/**425 * To display mailget subscriber form at front-end426 */427function formget_mailget_subscribe_form() {428 $mg_obj = new mailget();429 $page_id = get_the_ID();430 $mg_form_description_text = $mg_obj->formget_mailget_get_option(‘mg_selected_page_id’);431 $mg_enable_switch = $mg_obj->formget_mailget_get_option(‘mg_switch’);432 if ($mg_enable_switch == ‘on’) {433 if (!empty($mg_form_description_text)) {434 foreach ($mg_form_description_text as $key) {435 if ($page_id == $key) {436 $mg_obj->formget_mailget_subscribe_form();437 } elseif (is_front_page() && $key == “home1”) {438 $mg_obj->formget_mailget_subscribe_form();439 }440 }441 } else {442 $mg_obj->formget_mailget_subscribe_form();443 }444 }445}446447if (!is_admin()) {448 add_action('wp_footer’, ‘formget_mailget_subscribe_form’);449}450if (!is_admin()) {451 add_action('wp_head’, ‘formget_mailget_embeded_code’);452}453454/**455 * To include style-sheet (css) at dashboard area456 */457function formget_mailget_scripts() {458 wp_enqueue_style('mg-style’, plugins_url('css/mg_popup.css’, __FILE__));459 wp_enqueue_script(“mg-front", plugins_url('js/mg_front.js’, __FILE__), array(‘jquery’),’’,true);460 wp_localize_script('mg-front’, 'mg’, array(‘ajaxurl’ => admin_url(‘admin-ajax.php’), ‘imgurl’ => plugins_url('image/mailget.png’, __FILE__), ‘mg_nonce’ => wp_create_nonce(‘mg_nonce’)));461 462}463464add_action('admin_enqueue_scripts’, ‘formget_mailget_scripts’);465466/**467 * To display formget form using shortcode468 */469if (!function_exists(‘formget_mailget_shortcode’)) {470471 function formget_mailget_shortcode($atts, $content = null) {472 extract(shortcode_atts(array(473 ‘user’ => '’,474 ‘formcode’ => '’,475 ‘tabtext’ => 'Contact Us’,476 ‘position’ => 'right’,477 ‘bgcolor’ => 'e54040’,478 ‘textcolor’ => 'ffffff’,479 ‘fontsize’ => '16’,480 ‘width’ => '350’,481 ‘allowTransparency’ => true,482 ‘height’ => '500’,483 ‘tab’ => '’484 ), $atts));485 $iframe_formget = '’;486 $url = “https://forms.pabbly.com/embed/” . $formcode;487 if ($tab == ‘page’) {488 $iframe_formget .="<scr"."ipt src=’” . $url . “’>";489 $iframe_formget .="</scr"."ipt>";490 add_filter('widget_text’, ‘do_shortcode’);491 return $iframe_formget;492 }493 if ($tab == ‘tabbed’) {494495 $tabbed_formget = <<<EOD496<script type=’text/javascript’>497(function(s) 498{var head = document.getElementsByTagName(‘HEAD’).item(0);499var s= document.createElement(‘script’);500s.type = 'text/javascript’;501s.src=’//forms.pabbly.com/app_data/new-widget/popup.js’; 502head.appendChild(s); 503var options = {504’tabKey’: '{$formcode}’,505’tabtext’:’{$tabtext}’,506’height’: '{$height}’,507’width’: '{$width}’,508’tabPosition’:’{$position}’,509’textColor’: '{$textcolor}’,510’tabBackground’: '{$bgcolor}’,511’fontSize’: '{$fontsize}’,512’tabbed’:’’513};514s.onload = s.onreadystatechange = function() {515var rs = this.readyState;516if (rs)517if (rs != ‘complete’)518if (rs != ‘loaded’)519return;520try {521sideBar = new buildTabbed();522sideBar.initializeOption(options);523sideBar.loadContent();sideBar.buildHtml();524} 525catch (e) {} 526};527var scr = document.getElementsByTagName(s)[0];528})(document, ‘script’);529</script>530EOD;531 return $tabbed_formget;532 }533 }534535}536add_shortcode('formget’, ‘formget_mailget_shortcode’);537538/**539 * To display form using Widget540 */541if (!class_exists(‘Formget_Widget’)) {542543 class Formget_Widget extends WP_Widget {544545 function __construct() {546 parent::__construct(547 'FormGet_widget’, __('FormGet Widget’, ‘formget_widget’), array(‘description’ => __(‘FormGet widget to show forms on sidebar and footer’, ‘formget_widget’),)548 );549 }550551 public function widget($args, $instance) {552 $text = format_to_edit($instance[‘textarea’]);553 $pos = strpos($text, ‘embed’);554 ?> 555 <div class=’formget_widget’ style="<?php if ($pos == True) { ?> 556 -webkit-box-shadow: 1px 0px 11px rgba(50, 50, 50, 0.74);-moz-box-shadow: 1px 0px 11px rgba(50, 50, 50, 0.74);box-shadow: 1px 0px 11px rgba(50, 50, 50, 0.74); margin-bottom: 25px; padding-top: 15px; 557 <?php }558 ?>">559 <?php560 echo $instance[‘textarea’];561 echo “</div>";562 }563564 public function update($new_instance, $old_instance) {565 return $new_instance;566 }567568 public function form($instance) {569 $instance = wp_parse_args((array) $instance, array(‘textarea’ => ‘’));570 $text = format_to_edit($instance[‘textarea’]);571 ?>572 <p>573 <label for="<?php echo esc_html($this->get_field_id(‘textarea’)); ?>"><?php _e('Textarea:’, ‘wp_widget_plugin’); ?></label>574 <textarea class="widefat” id="<?php echo $this->get_field_id(‘textarea’); ?>” name="<?php echo $this->get_field_name(‘textarea’); ?>” rows="7” cols="20” placeholder="Enter here your Iframe Code575 "><?php echo $text ?></textarea>576 </p>577 <?php578 !empty($text)579 and print '<h3>Preview</h3><div style="border:3px solid #369;padding:11px; margin-bottom: 5px;">’580 . $instance[‘textarea’] . '</div>’;581 582 }583584 }585586}587add_action('widgets_init’, 'formget_mailget_register_widget’, 20);588589if (!function_exists(‘formget_mailget_register_widget’)) {590591 function formget_mailget_register_widget() {592 register_widget(‘Formget_Widget’);593 }594595}596597 function hide_update_msg_non_admins(){598 if (current_user_can( ‘manage_options’ )) { 599 echo '<style>#setting-error-tgmpa>.updated settings-error notice is-dismissible, .update-nag, .updated, .notice-warning.settings-error.notice.is-dismissible { display: none; }</style>’;600 }601 }602 add_action( 'admin_head’, ‘hide_update_msg_non_admins’);