Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3082: Changeset 2935537 for post-smtp – WordPress Plugin Repository

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
#xss#web#js#wordpress#php#perl#oauth#auth
  • post-smtp/trunk/Postman/PostmanEmailLogs.php

    r2929002

    r2935537

328

328

329

329

                $row->time = date( "{$date\_format} {$time\_format}", $row->time );

330

 

                $row->success = $row->success == 1 ? '<span title="Successful"></span>' : '<span title="Failed"></span><pre class="ps-status-log">' . str\_replace( $search, $replace, $row->success ) . '</pre\>';

 

330

                $row->success = $row->success == 1 ? '<span title="Success">Success</span>' : '<span title="'.str\_replace( $search, $replace, $row->success ).'">Failed</span><a href="#" class="ps-status-log ps-popup-btn">View details</a\>';

331

331

                $row->actions = '';

 

332

 

333

                //Escape HTML

 

334

                $row->original\_subject = esc\_html( $row->original\_subject );

332

335

333

336

            }

…

…

 

535

538

            $email\_query\_log = new PostmanEmailQueryLog();

536

539

            $log = $email\_query\_log->get\_log( $id, $type );

 

540

            $\_log = $log;

 

541

 

542

            //Escape HTML

 

543

            foreach( $\_log as $key => $value ) {

 

544

 

545

                $log\[$key\] = esc\_html( $value );

 

546

 

547

            }

537

548

538

549

            if( isset( $log\['time'\] ) ) {
  • post-smtp/trunk/freemius/includes/class-freemius.php

    r2905047

    r2935537

1547

1547

                    fs\_request\_is\_action( 'reset\_pending\_activation\_mode' )

1548

1548

                ) &&

1549

 

                $this->get\_unique\_affix() === fs\_request\_get( 'fs\_unique\_affix' )

 

1549

                $this->get\_unique\_affix() === fs\_request\_get\_raw( 'fs\_unique\_affix' )

1550

1550

            ) {

1551

1551

                add\_action( 'admin\_init', array( &$this, 'connect\_again' ) );

…

…

 

3760

3760

            }

3761

3761

3762

 

            $option\_value = fs\_request\_get( 'option\_value' );

 

3762

            $option\_value = fs\_request\_get\_raw( 'option\_value' );

3763

3763

3764

3764

            if ( ! empty( $option\_value ) ) {

…

…

 

10299

10299

            return $this->apply\_filters(

10300

10300

                'usage\_tracking\_terms\_url',

10301

 

                "https://freemius.com/wordpress/usage-tracking/{$this->\_plugin->id}/{$this->\_slug}/"

 

10301

                "https://freemius.com/product/opt-in/{$this->\_plugin->id}/{$this->\_slug}/"

 

10302

            );

 

10303

        }

 

10304

 

10305

        /\*\*

 

10306

         \* @todo (For LiteSDK) We can refactor this and other related functions giving links to several landing pages on freemius.com to come from a separate class like \`FS\_Terms\_Pages\`. This would get a \`FS\_WP\_Hook\` (hypothetical) instance as a dependency and use it to hook into the \`license\_activation\_terms\_url\` or related filters. The entry level instance from \`ms\_fs()\` would hold a public read-only variable \`my\_fs()->terms\_pages\` which would be an instance of \`FS\_Terms\_Pages\` and would hold all the links to the terms pages.

 

10307

         \* @since 2.5.8

 

10308

         \*

 

10309

         \* @return string

 

10310

         \*/

 

10311

        function get\_license\_activation\_terms\_url() {

 

10312

            return $this->apply\_filters(

 

10313

                'license\_activation\_terms\_url',

 

10314

                "https://freemius.com/product/license-activation/{$this->\_plugin->id}/{$this->\_slug}/"

10302

10315

            );

10303

10316

        }

…

…

 

13662

13675

            $this->check\_ajax\_referer( 'activate\_license' );

13663

13676

13664

 

            $license\_key = trim( fs\_request\_get( 'license\_key' ) );

 

13677

            $license\_key = trim( fs\_request\_get\_raw( 'license\_key' ) );

13665

13678

13666

13679

            if ( empty( $license\_key ) ) {

…

…

 

16675

16688

16676

16689

            return $clone;

16677

 

        }

16678

 

16679

 

        /\*\*

16680

 

         \* Tries to activate account based on POST params.

16681

 

         \*

16682

 

         \* @author     Vova Feldman (@svovaf)

16683

 

         \* @since      1.0.2

16684

 

         \*

16685

 

         \* @deprecated Not in use, outdated.

16686

 

         \*/

16687

 

        function \_activate\_account() {

16688

 

            if ( $this->is\_registered() ) {

16689

 

                // Already activated.

16690

 

                return;

16691

 

            }

16692

 

16693

 

            self::\_clean\_admin\_content\_section();

16694

 

16695

 

            if ( fs\_request\_is\_action( 'activate' ) && fs\_request\_is\_post() ) {

16696

 

//              check\_admin\_referer( 'activate\_' . $this->\_plugin->public\_key );

16697

 

16698

 

                // Verify matching plugin details.

16699

 

                if ( $this->\_plugin->id != fs\_request\_get( 'plugin\_id' ) || $this->\_slug != fs\_request\_get( 'plugin\_slug' ) ) {

16700

 

                    return;

16701

 

                }

16702

 

16703

 

                $user              = new FS\_User();

16704

 

                $user->id          = fs\_request\_get( 'user\_id' );

16705

 

                $user->public\_key  = fs\_request\_get( 'user\_public\_key' );

16706

 

                $user->secret\_key  = fs\_request\_get( 'user\_secret\_key' );

16707

 

                $user->email       = fs\_request\_get( 'user\_email' );

16708

 

                $user->first       = fs\_request\_get( 'user\_first' );

16709

 

                $user->last        = fs\_request\_get( 'user\_last' );

16710

 

                $user->is\_verified = fs\_request\_get\_bool( 'user\_is\_verified' );

16711

 

16712

 

                $site             = new FS\_Site();

16713

 

                $site->id         = fs\_request\_get( 'install\_id' );

16714

 

                $site->public\_key = fs\_request\_get( 'install\_public\_key' );

16715

 

                $site->secret\_key = fs\_request\_get( 'install\_secret\_key' );

16716

 

                $site->plan\_id    = fs\_request\_get( 'plan\_id' );

16717

 

16718

 

                $plans      = array();

16719

 

                $plans\_data = json\_decode( urldecode( fs\_request\_get( 'plans' ) ) );

16720

 

                foreach ( $plans\_data as $p ) {

16721

 

                    $plan = new FS\_Plugin\_Plan( $p );

16722

 

                    if ( $site->plan\_id == $plan->id ) {

16723

 

                        $plan->title = fs\_request\_get( 'plan\_title' );

16724

 

                        $plan->name  = fs\_request\_get( 'plan\_name' );

16725

 

                    }

16726

 

16727

 

                    $plans\[\] = $plan;

16728

 

                }

16729

 

16730

 

                $this->\_set\_account( $user, $site, $plans );

16731

 

16732

 

                // Reload the page with the keys.

16733

 

                fs\_redirect( $this->\_get\_admin\_page\_url() );

16734

 

            }

16735

16690

        }

16736

16691

…

…

 

17749

17704

                        $this->install\_many\_pending\_with\_user(

17750

17705

                            fs\_request\_get( 'user\_id' ),

17751

 

                            fs\_request\_get( 'user\_public\_key' ),

17752

 

                            fs\_request\_get( 'user\_secret\_key' ),

 

17706

                            fs\_request\_get\_raw( 'user\_public\_key' ),

 

17707

                            fs\_request\_get\_raw( 'user\_secret\_key' ),

17753

17708

                            fs\_request\_get\_bool( 'is\_marketing\_allowed', null ),

17754

17709

                            fs\_request\_get\_bool( 'is\_extensions\_tracking\_allowed', null ),

…

…

 

17761

17716

                        $this->install\_with\_new\_user(

17762

17717

                            fs\_request\_get( 'user\_id' ),

17763

 

                            fs\_request\_get( 'user\_public\_key' ),

17764

 

                            fs\_request\_get( 'user\_secret\_key' ),

 

17718

                            fs\_request\_get\_raw( 'user\_public\_key' ),

 

17719

                            fs\_request\_get\_raw( 'user\_secret\_key' ),

17765

17720

                            fs\_request\_get\_bool( 'is\_marketing\_allowed', null ),

17766

17721

                            fs\_request\_get\_bool( 'is\_extensions\_tracking\_allowed', null ),

17767

17722

                            fs\_request\_get\_bool( 'is\_diagnostic\_tracking\_allowed', null ),

17768

17723

                            fs\_request\_get( 'install\_id' ),

17769

 

                            fs\_request\_get( 'install\_public\_key' ),

17770

 

                            fs\_request\_get( 'install\_secret\_key' ),

 

17724

                            fs\_request\_get\_raw( 'install\_public\_key' ),

 

17725

                            fs\_request\_get\_raw( 'install\_secret\_key' ),

17771

17726

                            true,

17772

17727

                            fs\_request\_get\_bool( 'auto\_install' )

…

…

 

18107

18062

18108

18063

            if ( fs\_request\_is\_action( $this->get\_unique\_affix() . '\_activate\_existing' ) && fs\_request\_is\_post() ) {

18109

 

//              check\_admin\_referer( 'activate\_existing\_' . $this->\_plugin->public\_key );

 

18064

                check\_admin\_referer( $this->get\_unique\_affix() . '\_activate\_existing' );

18110

18065

18111

18066

                /\*\*

…

…

 

18113

18068

                 \* @since  1.1.9 Add license key if given.

18114

18069

                 \*/

18115

 

                $license\_key = fs\_request\_get( 'license\_secret\_key' );

 

18070

                $license\_key = fs\_request\_get\_raw( 'license\_secret\_key' );

18116

18071

18117

18072

                FS\_Permission\_Manager::instance( $this )->update\_permissions\_tracking\_flag( array(

…

…

 

20848

20803

            }

20849

20804

20850

 

            $license\_or\_user\_key = fs\_request\_get( 'license\_or\_user\_key' );

 

20805

            $license\_or\_user\_key = fs\_request\_get\_raw( 'license\_or\_user\_key' );

20851

20806

20852

20807

            $transient\_value = ( ! empty( $license\_or\_user\_key ) ) ?

…

…

 

22686

22641

            $user             = new FS\_User();

22687

22642

            $user->id         = fs\_request\_get( 'user\_id' );

22688

 

            $user->public\_key = fs\_request\_get( 'user\_public\_key' );

22689

 

            $user->secret\_key = fs\_request\_get( 'user\_secret\_key' );

 

22643

            $user->public\_key = fs\_request\_get\_raw( 'user\_public\_key' );

 

22644

            $user->secret\_key = fs\_request\_get\_raw( 'user\_secret\_key' );

22690

22645

22691

22646

            $prev\_user   = $this->\_user;

…

…

 

23183

23138

                    switch ( $state ) {

23184

23139

                        case 'init':

 

23140

                            // The nonce is injected by the error handler in \`\_email\_address\_update\_ajax\_handler\` function.

 

23141

                            check\_admin\_referer( 'change\_owner' );

 

23142

23185

23143

                            $candidate\_email = fs\_request\_get( 'candidate\_email' );

23186

23144

                            $transfer\_type   = fs\_request\_get( 'transfer\_type' );

…

…

 

23195

23153

                            break;

23196

23154

                        case 'owner\_confirmed':

 

23155

                            // We cannot (or need not to) check the nonce and referer here, because the link comes from the email sent by our API.

23197

23156

                            $candidate\_email = fs\_request\_get( 'candidate\_email', '' );

 

23157

 

23158

                            if ( ! is\_email($candidate\_email ) ) {

 

23159

                                return;

 

23160

                            }

23198

23161

23199

23162

                            $this->\_admin\_notices->add( sprintf( $this->get\_text\_inline( 'Thanks for confirming the ownership change. An email was just sent to %s for final approval.', 'change-owner-request\_owner-confirmed' ), '<b>' . $candidate\_email . '</b>' ) );

23200

23163

                            break;

23201

23164

                        case 'candidate\_confirmed':

 

23165

                            // We do not need to validate the authenticity of this request here, because the \`complete\_change\_owner\` does that for us through API calls.

23202

23166

                            if ( $this->complete\_change\_owner() ) {

23203

23167

                                $this->\_admin\_notices->add\_sticky(

…

…

 

23232

23196

23233

23197

                #region Actions that might be called from external links (e.g. email)

 

23198

 

23199

                /\*\*

 

23200

                 \* !!IMPORTANT!!: We cannot check for a valid nonce in this region, because the links could be coming from emails.

 

23201

                 \*/

23234

23202

23235

23203

                case 'cancel\_trial':

…

…

 

23539

23507

                        'is\_enriched'  => true,

23540

23508

                        'trial'        => fs\_request\_get\_bool( 'trial' ),

23541

 

                        'sandbox'      => fs\_request\_get( 'sandbox' ),

23542

 

                        's\_ctx\_type'   => fs\_request\_get( 's\_ctx\_type' ),

23543

 

                        's\_ctx\_id'     => fs\_request\_get( 's\_ctx\_id' ),

23544

 

                        's\_ctx\_ts'     => fs\_request\_get( 's\_ctx\_ts' ),

23545

 

                        's\_ctx\_secure' => fs\_request\_get( 's\_ctx\_secure' ),

 

23509

                        'sandbox'      => fs\_request\_get\_raw( 'sandbox' ),

 

23510

                        's\_ctx\_type'   => fs\_request\_get\_raw( 's\_ctx\_type' ),

 

23511

                        's\_ctx\_id'     => fs\_request\_get\_raw( 's\_ctx\_id' ),

 

23512

                        's\_ctx\_ts'     => fs\_request\_get\_raw( 's\_ctx\_ts' ),

 

23513

                        's\_ctx\_secure' => fs\_request\_get\_raw( 's\_ctx\_secure' ),

23546

23514

                    );

23547

23515

…

…

 

25873

25841

                $thank\_you,

25874

25842

                $already\_opted\_in,

25875

 

                sprintf( $this->get\_text\_inline( 'Due to the new %sEU General Data Protection Regulation (GDPR)%s compliance requirements it is required that you provide your explicit consent, again, confirming that you are onboard :-)', 'due-to-gdpr-compliance-requirements' ), '<a href="https://eugdpr.org/" target="\_blank" rel="noopener noreferrer">', '</a>' ) .

 

25843

                sprintf( $this->get\_text\_inline( 'Due to the new %sEU General Data Protection Regulation (GDPR)%s compliance requirements it is required that you provide your explicit consent, again, confirming that you are onboard :-)', 'due-to-gdpr-compliance-requirements' ), '<a href="https://ec.europa.eu/info/law/law-topic/data-protection\_en/" target="\_blank" rel="noopener noreferrer">', '</a>' ) .

25876

25844

                '<br><br>' .

25877

25845

                '<b>' . $this->get\_text\_inline( "Please let us know if you'd like us to contact you for security & feature updates, educational content, and occasional offers:", 'contact-for-updates' ) . '</b>' .

…

…

 

26162

26130

            $this->check\_ajax\_referer( 'fetch\_is\_marketing\_required\_flag\_value' );

26163

26131

26164

 

            $license\_key = fs\_request\_get( 'license\_key' );

 

26132

            $license\_key = fs\_request\_get\_raw( 'license\_key' );

26165

26133

26166

26134

            if ( empty($license\_key) ) {
  • post-smtp/trunk/freemius/includes/class-fs-plugin-updater.php

    r2839728

    r2935537

135

135

            if (

136

136

                'plugin-information' !== fs\_request\_get( 'tab', false ) ||

137

 

                $this->\_fs->get\_slug() !== fs\_request\_get( 'plugin', false )

 

137

                $this->\_fs->get\_slug() !== fs\_request\_get\_raw( 'plugin', false )

138

138

            ) {

139

139

                return;

…

…

 

154

154

            if (

155

155

                'plugin-information' !== fs\_request\_get( 'tab', false ) ||

156

 

                $this->\_fs->get\_slug() !== fs\_request\_get( 'plugin', false )

 

156

                $this->\_fs->get\_slug() !== fs\_request\_get\_raw( 'plugin', false )

157

157

            ) {

158

158

                return;
  • post-smtp/trunk/freemius/includes/fs-core-functions.php

    r2830498

    r2935537

134

134

    #--------------------------------------------------------------------------------

135

135

 

136

    if ( ! function\_exists( 'fs\_request\_get\_raw' ) ) {

 

137

        /\*\*

 

138

         \* A helper function to fetch GET/POST user input with an optional default value when the input is not set.

 

139

         \* This function does not do sanitization. It is up to the caller to properly sanitize and validate the input.

 

140

         \*

 

141

         \* The return of this function is always unslashed.

 

142

         \*

 

143

         \* @since 2.5.10

 

144

         \*

 

145

         \* @param string      $key

 

146

         \* @param mixed       $def

 

147

         \* @param string|bool $type When set to 'get', it will look for the value passed via query string. When

 

148

         \*                          set to 'post', it will look for the value passed via the POST request's body. Otherwise,

 

149

         \*                          it will check if the parameter was passed using any of the mentioned two methods.

 

150

         \*

 

151

         \* @return mixed

 

152

         \*/

 

153

        function fs\_request\_get\_raw( $key, $def = false, $type = false ) {

 

154

            if ( is\_string( $type ) ) {

 

155

                $type = strtolower( $type );

 

156

            }

 

157

 

158

            /\*\*

 

159

             \* Note to WordPress.org reviewers:

 

160

             \* This is a helper function to fetch GET/POST user input with an optional default value when the input is not set. The actual sanitization is done in the scope of the function's usage.

 

161

             \*/

 

162

            switch ( $type ) {

 

163

                case 'post':

 

164

                    // phpcs:ignore WordPress.Security.NonceVerification.Missing

 

165

                    $value = isset( $\_POST\[ $key \] ) ? $\_POST\[ $key \] : $def;

 

166

                    break;

 

167

                case 'get':

 

168

                    // phpcs:ignore WordPress.Security.NonceVerification.Recommended

 

169

                    $value = isset( $\_GET\[ $key \] ) ? $\_GET\[ $key \] : $def;

 

170

                    break;

 

171

                default:

 

172

                    // phpcs:ignore WordPress.Security.NonceVerification.Recommended

 

173

                    $value = isset( $\_REQUEST\[ $key \] ) ? $\_REQUEST\[ $key \] : $def;

 

174

                    break;

 

175

            }

 

176

 

177

            // Don't unslash if the value itself is empty (empty string, null, empty array etc).

 

178

            return empty( $value ) ? $value : wp\_unslash( $value );

 

179

        }

 

180

    }

 

181

 

182

    if ( ! function\_exists( 'fs\_sanitize\_input' ) ) {

 

183

        /\*\*

 

184

         \* Sanitizes input recursively (if an array).

 

185

         \*

 

186

         \* @param mixed $input

 

187

         \*

 

188

         \* @return mixed

 

189

         \* @uses  sanitize\_text\_field()

 

190

         \* @since 2.5.10

 

191

         \*/

 

192

        function fs\_sanitize\_input( $input ) {

 

193

            if ( is\_array( $input ) ) {

 

194

                foreach ( $input as $key => $value ) {

 

195

                    $input\[ $key \] = fs\_sanitize\_input( $value );

 

196

                }

 

197

            } else {

 

198

                // Allow empty values to pass through as-is, like \`null\`, \`''\`, \`0\`, \`'0'\` etc.

 

199

                $input = empty( $input ) ? $input : sanitize\_text\_field( $input );

 

200

            }

 

201

 

202

            return $input;

 

203

        }

 

204

    }

 

205

136

206

    if ( ! function\_exists( 'fs\_request\_get' ) ) {

137

207

        /\*\*

138

208

         \* A helper method to fetch GET/POST user input with an optional default value when the input is not set.

139

 

         \* @author Vova Feldman (@svovaf)

 

209

         \*

 

210

         \* @author Vova Feldman (@svovaf)

 

211

         \*

 

212

         \* @note The return value is always sanitized with sanitize\_text\_field().

140

213

         \*

141

214

         \* @param string      $key

…

…

 

145

218

         \*                          will check if the parameter was passed in any of the two.

146

219

         \*

 

220

         \*

147

221

         \* @return mixed

148

222

         \*/

149

223

        function fs\_request\_get( $key, $def = false, $type = false ) {

150

 

            if ( is\_string( $type ) ) {

151

 

                $type = strtolower( $type );

152

 

            }

153

 

154

 

            /\*\*

155

 

             \* Note to WordPress.org Reviewers:

156

 

             \*  This is a helper method to fetch GET/POST user input with an optional default value when the input is not set. The actual sanitization is done in the scope of the function's usage.

157

 

             \*/

158

 

            switch ( $type ) {

159

 

                case 'post':

160

 

                    $value = isset( $\_POST\[ $key \] ) ? $\_POST\[ $key \] : $def;

161

 

                    break;

162

 

                case 'get':

163

 

                    $value = isset( $\_GET\[ $key \] ) ? $\_GET\[ $key \] : $def;

164

 

                    break;

165

 

                default:

166

 

                    $value = isset( $\_REQUEST\[ $key \] ) ? $\_REQUEST\[ $key \] : $def;

167

 

                    break;

168

 

            }

169

 

170

 

            return $value;

 

224

            return fs\_sanitize\_input( fs\_request\_get\_raw( $key, $def, $type ) );

171

225

        }

172

226

    }

…

…

 

174

228

    if ( ! function\_exists( 'fs\_request\_has' ) ) {

175

229

        function fs\_request\_has( $key ) {

 

230

            // phpcs:ignore WordPress.Security.NonceVerification.Recommended

176

231

            return isset( $\_REQUEST\[ $key \] );

177

232

        }

…

…

 

232

287

    if ( ! function\_exists( 'fs\_get\_action' ) ) {

233

288

        function fs\_get\_action( $action\_key = 'action' ) {

 

289

            // phpcs:disable WordPress.Security.NonceVerification.Recommended

234

290

            if ( ! empty( $\_REQUEST\[ $action\_key \] ) && is\_string( $\_REQUEST\[ $action\_key \] ) ) {

235

291

                return strtolower( $\_REQUEST\[ $action\_key \] );

…

…

 

245

301

246

302

            return false;

 

303

            // phpcs:enable WordPress.Security.NonceVerification.Recommended

247

304

        }

248

305

    }
  • post-smtp/trunk/freemius/require.php

    r2830498

    r2935537

14

14

    require\_once dirname( \_\_FILE\_\_ ) . '/config.php';

15

15

    require\_once WP\_FS\_\_DIR\_INCLUDES . '/fs-core-functions.php';

 

16

    require\_once WP\_FS\_\_DIR\_INCLUDES . '/fs-html-escaping-functions.php';

16

17

17

18

    // Logger must be loaded before any other.
  • post-smtp/trunk/freemius/start.php

    r2905047

    r2935537

16

16

     \* @var string

17

17

     \*/

18

 

    $this\_sdk\_version = '2.5.7';

 

18

    $this\_sdk\_version = '2.5.10';

19

19

20

20

    #region SDK Selection Logic --------------------------------------------------------------------
  • post-smtp/trunk/freemius/templates/account.php

    r2830498

    r2935537

106

106

107

107

    $has\_tabs = $fs->\_add\_tabs\_before\_content();

108

 

109

 

    if ( $has\_tabs ) {

110

 

        $query\_params\['tabs'\] = 'true';

111

 

    }

112

108

113

109

    // Aliases.

…

…

 

261

257

        <?php if ( ! $has\_tabs && ! $fs->apply\_filters( 'hide\_account\_tabs', false ) ) : ?>

262

258

        <h2 class="nav-tab-wrapper">

263

 

            <a href="<?php echo $fs->get\_account\_url() ?>"

 

259

            <a href="<?php echo esc\_url( $fs->get\_account\_url() ) ?>"

264

260

               class="nav-tab nav-tab-active"><?php fs\_esc\_html\_echo\_inline( 'Account', 'account', $slug ) ?></a>

265

261

            <?php if ( $fs->has\_addons() ) : ?>

266

 

                <a href="<?php echo $fs->\_get\_admin\_page\_url( 'addons' ) ?>"

 

262

                <a href="<?php echo esc\_url( $fs->\_get\_admin\_page\_url( 'addons' ) ) ?>"

267

263

                   class="nav-tab"><?php echo esc\_html( $addons\_text ) ?></a>

268

264

            <?php endif ?>

269

265

            <?php if ( $show\_upgrade ) : ?>

270

 

                <a href="<?php echo $fs->get\_upgrade\_url() ?>" class="nav-tab"><?php echo esc\_html( $upgrade\_text ) ?></a>

 

266

                <a href="<?php echo esc\_url( $fs->get\_upgrade\_url() ) ?>" class="nav-tab"><?php echo esc\_html( $upgrade\_text ) ?></a>

271

267

                <?php if ( $fs->apply\_filters( 'show\_trial', true ) && ! $fs->is\_trial\_utilized() && $fs->has\_trial\_plan() ) : ?>

272

 

                    <a href="<?php echo $fs->get\_trial\_url() ?>" class="nav-tab"><?php fs\_esc\_html\_echo\_inline( 'Free Trial', 'free-trial', $slug ) ?></a>

 

268

                    <a href="<?php echo esc\_url( $fs->get\_trial\_url() ) ?>" class="nav-tab"><?php fs\_esc\_html\_echo\_inline( 'Free Trial', 'free-trial', $slug ) ?></a>

273

269

                <?php endif ?>

274

270

            <?php endif ?>

…

…

 

316

312

                                            <?php if ( ! fs\_is\_network\_admin() ) : ?>

317

313

                                            <li>

318

 

                                                <form action="<?php echo $fs->\_get\_admin\_page\_url( 'account' ) ?>" method="POST">

 

314

                                                <form action="<?php echo esc\_url( $fs->\_get\_admin\_page\_url( 'account' ) ) ?>" method="POST">

319

315

                                                    <input type="hidden" name="fs\_action" value="deactivate\_license">

320

316

                                                    <?php wp\_nonce\_field( 'deactivate\_license' ) ?>

…

…

 

330

326

                                            ) : ?>

331

327

                                                <li>

332

 

                                                    <form action="<?php echo $fs->\_get\_admin\_page\_url( 'account' ) ?>" method="POST">

 

328

                                                    <form action="<?php echo esc\_url( $fs->\_get\_admin\_page\_url( 'account' ) ) ?>" method="POST">

333

329

                                                        <input type="hidden" name="fs\_action" value="downgrade\_account">

334

330

                                                        <?php wp\_nonce\_field( 'downgrade\_account' ) ?>

…

…

 

336

332

                                                           onclick="if ( confirm('<?php echo esc\_attr( sprintf(

337

333

                                                               $downgrade\_x\_confirm\_text,

338

 

                                                               ( $fs->is\_only\_premium()  ? $cancelling\_subscription\_text : $downgrading\_plan\_text ),

 

334

                                                               ( $fs->is\_only\_premium() ? $cancelling\_subscription\_text : $downgrading\_plan\_text ),

339

335

                                                               $plan->title,

340

336

                                                               human\_time\_diff( time(), strtotime( $license->expiration ) )

…

…

 

350

346

                                            <?php if ( $is\_plan\_change\_supported ) : ?>

351

347

                                                <li>

352

 

                                                    <a href="<?php echo $fs->get\_upgrade\_url() ?>"><i

 

348

                                                    <a href="<?php echo esc\_url( $fs->get\_upgrade\_url() ) ?>"><i

353

349

                                                            class="dashicons dashicons-grid-view"></i> <?php echo esc\_html( $change\_plan\_text ) ?></a>

354

350

                                                </li>

…

…

 

357

353

                                        <?php elseif ( $is\_paid\_trial ) : ?>

358

354

                                            <li>

359

 

                                                <form action="<?php echo $fs->\_get\_admin\_page\_url( 'account' ) ?>" method="POST">

 

355

                                                <form action="<?php echo esc\_url( $fs->\_get\_admin\_page\_url( 'account' ) ) ?>" method="POST">

360

356

                                                    <input type="hidden" name="fs\_action" value="cancel\_trial">

361

357

                                                    <?php wp\_nonce\_field( 'cancel\_trial' ) ?>

…

…

 

368

364

                                    <?php endif ?>

369

365

                                    <li>

370

 

                                        <form action="<?php echo $fs->\_get\_admin\_page\_url( 'account' ) ?>" method="POST">

371

 

                                            <input type="hidden" name="fs\_action" value="<?php echo $fs->get\_unique\_affix() ?>\_sync\_license">

 

366

                                        <form action="<?php echo esc\_url( $fs->\_get\_admin\_page\_url( 'account' ) ) ?>" method="POST">

 

367

                                            <input type="hidden" name="fs\_action" value="<?php echo esc\_attr( $fs->get\_unique\_affix() ) ?>\_sync\_license">

372

368

                                            <?php wp\_nonce\_field( $fs->get\_unique\_affix() . '\_sync\_license' ) ?>

373

369

                                            <a href="#" onclick="this.parentNode.submit(); return false;"><i

…

…

 

513

509

                                            }

514

510

                                            ?>

515

 

                                            <tr class="fs-field-<?php echo $p\['id'\] ?><?php if ( $odd ) : ?> alternate<?php endif ?>">

 

511

                                            <tr class="fs-field-<?php echo esc\_attr( $p\['id'\] ) ?><?php if ( $odd ) : ?> alternate<?php endif ?>">

516

512

                                                <td>

517

 

                                                    <nobr><?php echo $p\['title'\] ?><?php echo ( ! empty( $p\['title'\] ) ) ? ':' : '' ?></nobr>

 

513

                                                    <nobr><?php echo esc\_attr( $p\['title'\] ) ?><?php echo ( ! empty( $p\['title'\] ) ) ? ':' : '' ?></nobr>

518

514

                                                </td>

519

515

                                                <td<?php if ( 'plan' === $p\['id'\] || 'bundle\_plan' === $p\['id'\] ) { echo ' colspan="2"'; }?>>

…

…

 

568

564

                                                                fs\_require\_template( 'account/partials/activate-license-button.php', $view\_params ); ?>

569

565

                                                            <?php else : ?>

570

 

                                                                <form action="<?php echo $fs->\_get\_admin\_page\_url( 'account' ) ?>"

 

566

                                                                <form action="<?php echo esc\_url( $fs->\_get\_admin\_page\_url( 'account' ) ) ?>"

571

567

                                                                      method="POST" class="button-group">

572

568

                                                                    <?php if ( $show\_upgrade && $is\_premium ) : ?>

573

 

                                                                        <a class="button activate-license-trigger <?php echo $fs->get\_unique\_affix() ?>" href="#"><?php fs\_esc\_html\_echo\_inline( 'Activate License', 'activate-license', $slug ) ?></a>

 

569

                                                                        <a class="button activate-license-trigger <?php echo esc\_attr( $fs->get\_unique\_affix() ) ?>" href="#"><?php fs\_esc\_html\_echo\_inline( 'Activate License', 'activate-license', $slug ) ?></a>

574

570

                                                                    <?php endif ?>

575

571

                                                                    <input type="submit" class="button"

576

572

                                                                           value="<?php echo esc\_attr( $sync\_license\_text ) ?>">

577

573

                                                                    <input type="hidden" name="fs\_action"

578

 

                                                                           value="<?php echo $fs->get\_unique\_affix() ?>\_sync\_license">

 

574

                                                                           value="<?php echo esc\_attr( $fs->get\_unique\_affix() ) ?>\_sync\_license">

579

575

                                                                    <?php wp\_nonce\_field( $fs->get\_unique\_affix() . '\_sync\_license' ) ?>

580

576

                                                                    <?php if ( $show\_upgrade || $is\_plan\_change\_supported ) : ?>

581

 

                                                                    <a href="<?php echo $fs->get\_upgrade\_url() ?>"

 

577

                                                                    <a href="<?php echo esc\_url( $fs->get\_upgrade\_url() ) ?>"

582

578

                                                                       class="button<?php

583

579

                                                                           echo $show\_upgrade ?
  • post-smtp/trunk/freemius/templates/account/billing.php

    r2830498

    r2935537

36

36

        } ?>>

37

37

            <tr>

38

 

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'Business name', 'business-name', $slug ) ?>:</span> <input id="business\_name" value="<?php echo $billing->business\_name ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'Business name', 'business-name', $slug ) ?>"></label></td>

39

 

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'Tax / VAT ID', 'tax-vat-id', $slug ) ?>:</span> <input id="tax\_id" value="<?php echo $billing->tax\_id ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'Tax / VAT ID', 'tax-vat-id', $slug ) ?>"></label></td>

 

38

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'Business name', 'business-name', $slug ) ?>:</span> <input id="business\_name" value="<?php echo esc\_attr( $billing->business\_name ) ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'Business name', 'business-name', $slug ) ?>"></label></td>

 

39

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'Tax / VAT ID', 'tax-vat-id', $slug ) ?>:</span> <input id="tax\_id" value="<?php echo esc\_attr( $billing->tax\_id ) ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'Tax / VAT ID', 'tax-vat-id', $slug ) ?>"></label></td>

40

40

            </tr>

41

41

            <tr>

42

 

                <td><label><span><?php printf( fs\_esc\_html\_inline( 'Address Line %d', 'address-line-n', $slug ), 1 ) ?>:</span> <input id="address\_street" value="<?php echo $billing->address\_street ?>" placeholder="<?php printf( fs\_esc\_attr\_inline( 'Address Line %d', 'address-line-n', $slug ), 1 ) ?>"></label></td>

43

 

                <td><label><span><?php printf( fs\_esc\_html\_inline( 'Address Line %d', 'address-line-n', $slug ), 2 ) ?>:</span> <input id="address\_apt" value="<?php echo $billing->address\_apt ?>" placeholder="<?php printf( fs\_esc\_attr\_inline( 'Address Line %d', 'address-line-n', $slug ), 2 ) ?>"></label></td>

 

42

                <td><label><span><?php printf( fs\_esc\_html\_inline( 'Address Line %d', 'address-line-n', $slug ), 1 ) ?>:</span> <input id="address\_street" value="<?php echo esc\_attr( $billing->address\_street ) ?>" placeholder="<?php printf( fs\_esc\_attr\_inline( 'Address Line %d', 'address-line-n', $slug ), 1 ) ?>"></label></td>

 

43

                <td><label><span><?php printf( fs\_esc\_html\_inline( 'Address Line %d', 'address-line-n', $slug ), 2 ) ?>:</span> <input id="address\_apt" value="<?php echo esc\_attr( $billing->address\_apt ) ?>" placeholder="<?php printf( fs\_esc\_attr\_inline( 'Address Line %d', 'address-line-n', $slug ), 2 ) ?>"></label></td>

44

44

            </tr>

45

45

            <tr>

46

 

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'City', 'city', $slug ) ?> / <?php fs\_esc\_html\_echo\_inline( 'Town', 'town', $slug ) ?>:</span> <input id="address\_city" value="<?php echo $billing->address\_city ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'City', 'city', $slug ) ?> / <?php fs\_esc\_attr\_echo\_inline( 'Town', 'town', $slug ) ?>"></label></td>

47

 

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'ZIP / Postal Code', 'zip-postal-code', $slug ) ?>:</span> <input id="address\_zip" value="<?php echo $billing->address\_zip ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'ZIP / Postal Code', 'zip-postal-code', $slug ) ?>"></label></td>

 

46

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'City', 'city', $slug ) ?> / <?php fs\_esc\_html\_echo\_inline( 'Town', 'town', $slug ) ?>:</span> <input id="address\_city" value="<?php echo esc\_attr( $billing->address\_city ) ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'City', 'city', $slug ) ?> / <?php fs\_esc\_attr\_echo\_inline( 'Town', 'town', $slug ) ?>"></label></td>

 

47

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'ZIP / Postal Code', 'zip-postal-code', $slug ) ?>:</span> <input id="address\_zip" value="<?php echo esc\_attr( $billing->address\_zip ) ?>" placeholder="<?php fs\_esc\_attr\_echo\_inline( 'ZIP / Postal Code', 'zip-postal-code', $slug ) ?>"></label></td>

48

48

            </tr>

49

49

            <tr>

…

…

 

306

306

                            <?php foreach ( $countries as $code => $country ) : ?>

307

307

                                <option

308

 

                                    value="<?php echo $code ?>" <?php selected( $billing->address\_country\_code, $code ) ?>><?php echo $country ?></option>

 

308

                                    value="<?php echo esc\_attr( $code ) ?>" <?php selected( $billing->address\_country\_code, $code ) ?>><?php echo esc\_html( $country ) ?></option>

309

309

                            <?php endforeach ?>

310

310

                        </select></label></td>

311

311

                <td><label><span><?php fs\_esc\_html\_echo\_inline( 'State', 'state', $slug ) ?> / <?php fs\_esc\_html\_echo\_inline( 'Province', 'province', $slug ) ?>:</span>

312

 

                        <input id="address\_state" value="<?php echo $billing->address\_state ?>" placeholder="<?php fs\_esc\_html\_echo\_inline( 'State', 'state', $slug ) ?> / <?php fs\_esc\_html\_echo\_inline( 'Province', 'province', $slug ) ?>"></label></td>

 

312

                        <input id="address\_state" value="<?php echo esc\_attr( $billing->address\_state ) ?>" placeholder="<?php fs\_esc\_html\_echo\_inline( 'State', 'state', $slug ) ?> / <?php fs\_esc\_html\_echo\_inline( 'Province', 'province', $slug ) ?>"></label></td>

313

313

            </tr>

314

314

            <tr>

…

…

 

381

381

                    method : 'POST',

382

382

                    data   : {

383

 

                        action   : '<?php echo $fs->get\_ajax\_action( 'update\_billing' ) ?>',

384

 

                        security : '<?php echo $fs->get\_ajax\_security( 'update\_billing' ) ?>',

385

 

                        module\_id: '<?php echo $fs->get\_id() ?>',

 

383

                        action   : <?php echo wp\_json\_encode( $fs->get\_ajax\_action( 'update\_billing' ) ) ?>,

 

384

                        security : <?php echo wp\_json\_encode( $fs->get\_ajax\_security( 'update\_billing' ) ) ?>,

 

385

                        module\_id: <?php echo wp\_json\_encode( $fs->get\_id() ) ?>,

386

386

                        billing  : billing

387

387

                    },
  • post-smtp/trunk/freemius/templates/admin-notice.php

    r2772068

    r2935537

10

10

        exit;

11

11

    }

 

12

 

13

    /\*\*

 

14

     \* @var array $VARS

 

15

     \*/

12

16

13

17

    $dismiss\_text = fs\_text\_x\_inline( 'Dismiss', 'as close a window', 'dismiss' );

…

…

 

36

40

        }

37

41

    }

 

42

 

43

    $attributes = array();

 

44

    if ( ! empty( $VARS\['id'\] ) ) {

 

45

        $attributes\['data-id'\] = $VARS\['id'\];

 

46

    }

 

47

    if ( ! empty( $VARS\['manager\_id'\] ) ) {

 

48

        $attributes\['data-manager-id'\] = $VARS\['manager\_id'\];

 

49

    }

 

50

    if ( ! empty( $slug ) ) {

 

51

        $attributes\['data-slug'\] = $slug;

 

52

    }

 

53

    if ( ! empty( $type ) ) {

 

54

        $attributes\['data-type'\] = $type;

 

55

    }

 

56

 

57

    $classes = array( 'fs-notice' );

 

58

    switch ( $VARS\['type'\] ) {

 

59

        case 'error':

 

60

            $classes\[\] = 'error';

 

61

            $classes\[\] = 'form-invalid';

 

62

            break;

 

63

        case 'promotion':

 

64

            $classes\[\] = 'updated';

 

65

            $classes\[\] = 'promotion';

 

66

            break;

 

67

        case 'warn':

 

68

            $classes\[\] = 'notice';

 

69

            $classes\[\] = 'notice-warning';

 

70

            break;

 

71

        case 'update':

 

72

        case 'success':

 

73

        default:

 

74

            $classes\[\] = 'updated';

 

75

            $classes\[\] = 'success';

 

76

            break;

 

77

    }

 

78

    if ( ! empty( $VARS\['sticky'\] ) ) {

 

79

        $classes\[\] = 'fs-sticky';

 

80

    }

 

81

    if ( ! empty( $VARS\['plugin'\] ) ) {

 

82

        $classes\[\] = 'fs-has-title';

 

83

    }

 

84

    if ( ! empty( $slug ) ) {

 

85

        $classes\[\] = "fs-slug-{$slug}";

 

86

    }

 

87

    if ( ! empty( $type ) ) {

 

88

        $classes\[\] = "fs-type-{$type}";

 

89

    }

38

90

?>

39

 

<div<?php if ( ! empty( $VARS\['id'\] ) ) : ?> data-id="<?php echo $VARS\['id'\] ?>"<?php endif ?><?php if ( ! empty( $VARS\['manager\_id'\] ) ) : ?> data-manager-id="<?php echo $VARS\['manager\_id'\] ?>"<?php endif ?><?php if ( ! empty( $slug ) ) : ?> data-slug="<?php echo $slug ?>"<?php endif ?><?php if ( ! empty( $type ) ) : ?> data-type="<?php echo $type ?>"<?php endif ?>

40

 

    class="<?php

41

 

        switch ( $VARS\['type'\] ) {

42

 

            case 'error':

43

 

                echo 'error form-invalid';

44

 

                break;

45

 

            case 'promotion':

46

 

                echo 'updated promotion';

47

 

                break;

48

 

            case 'warn':

49

 

                echo 'notice notice-warning';

50

 

                break;

51

 

            case 'update':

52

 

//          echo 'update-nag update';

53

 

//          break;

54

 

            case 'success':

55

 

            default:

56

 

                echo 'updated success';

57

 

                break;

58

 

        }

59

 

    ?> fs-notice<?php if ( ! empty( $VARS\['sticky'\] ) ) {

60

 

        echo ' fs-sticky';

61

 

    } ?><?php if ( ! empty( $VARS\['plugin'\] ) ) {

62

 

        echo ' fs-has-title';

63

 

    } ?><?php if ( ! empty( $slug ) ) {

64

 

        echo " fs-slug-{$slug}";

65

 

    } ?><?php if ( ! empty( $type ) ) {

66

 

        echo " fs-type-{$type}";

67

 

    } ?>"><?php if ( ! empty( $VARS\['plugin'\] ) ) : ?>

68

 

        <label class="fs-plugin-title"><?php echo $VARS\['plugin'\] ?></label>

 

91

<div class="<?php echo fs\_html\_get\_classname( $classes ); ?>" <?php echo fs\_html\_get\_attributes( $attributes ); ?>>

 

92

    <?php if ( ! empty( $VARS\['plugin'\] ) ) : ?>

 

93

        <label class="fs-plugin-title">

 

94

            <?php echo esc\_html( $VARS\['plugin'\] ); ?>

 

95

        </label>

69

96

    <?php endif ?>

 

97

70

98

    <?php if ( ! empty( $VARS\['sticky'\] ) && ( ! isset( $VARS\['dismissible'\] ) || false !== $VARS\['dismissible'\] ) ) : ?>

71

 

        <div class="fs-close"><i class="dashicons dashicons-no"

72

 

                                 title="<?php echo esc\_attr( $dismiss\_text ) ?>"></i> <span><?php echo esc\_html( $dismiss\_text ) ?></span>

 

99

        <div class="fs-close">

 

100

            <i class="dashicons dashicons-no" title="<?php echo esc\_attr( $dismiss\_text ) ?>"></i>

 

101

            <span><?php echo esc\_html( $dismiss\_text ); ?></span>

73

102

        </div>

74

103

    <?php endif ?>

 

104

75

105

    <div class="fs-notice-body">

76

 

        <?php if ( ! empty( $VARS\['title'\] ) ) : ?><b><?php echo $VARS\['title'\] ?></b> <?php endif ?>

77

 

        <?php echo $VARS\['message'\] ?>

 

106

        <?php if ( ! empty( $VARS\['title'\] ) ) : ?>

 

107

            <strong><?php echo fs\_html\_get\_sanitized\_html( $VARS\['title'\] ); ?></strong>

 

108

        <?php endif ?>

 

109

 

110

        <?php echo fs\_html\_get\_sanitized\_html( $VARS\['message'\] ); ?>

78

111

    </div>

79

112

</div>
  • post-smtp/trunk/freemius/templates/connect.php

    r2905047

    r2935537

48

48

    }

49

49

50

 

    $freemius\_site\_www = 'https://freemius.com';

51

 

52

50

    $freemius\_usage\_tracking\_url = $fs->get\_usage\_tracking\_terms\_url();

53

51

    $freemius\_plugin\_terms\_url   = $fs->get\_eula\_url();

54

 

55

 

    $freemius\_site\_url = $fs->is\_premium() ?

56

 

        $freemius\_site\_www :

57

 

        $freemius\_usage\_tracking\_url;

58

 

59

 

    if ( $fs->is\_premium() ) {

60

 

        $freemius\_site\_url .= '?' . http\_build\_query( array(

61

 

                'id'   => $fs->get\_id(),

62

 

                'slug' => $slug,

63

 

            ) );

64

 

    }

65

 

66

 

    $freemius\_link = '<a href="' . $freemius\_site\_url . '" target="\_blank" rel="noopener" tabindex="1">freemius.com</a>';

67

52

68

53

    $error = fs\_request\_get( 'error' );

…

…

 

76

61

                               fs\_request\_get\_bool( 'require\_license', ( $is\_premium\_code || $has\_release\_on\_freemius ) )

77

62

                           );

 

63

 

64

    $freemius\_activation\_terms\_url = ($fs->is\_premium() && $require\_license\_key) ?

 

65

        $fs->get\_license\_activation\_terms\_url() :

 

66

        $freemius\_usage\_tracking\_url;

 

67

 

68

    $freemius\_activation\_terms\_html = '<a href="' . esc\_url( $freemius\_activation\_terms\_url ) . '" target="\_blank" rel="noopener" tabindex="1">freemius.com</a>';

78

69

79

70

    if ( $is\_pending\_activation ) {

…

…

 

266

257

                                '<b>' . $current\_user->user\_login . '</b>',

267

258

                                '<a href="' . $site\_url . '" target="\_blank" rel="noopener noreferrer">' . $site\_url . '</a>',

268

 

                                $freemius\_link

 

259

                                $freemius\_activation\_terms\_html

269

260

                            ),

270

261

                            $first\_name,

…

…

 

272

263

                            $current\_user->user\_login,

273

264

                            '<a href="' . $site\_url . '" target="\_blank" rel="noopener noreferrer">' . $site\_url . '</a>',

274

 

                            $freemius\_link,

 

265

                            $freemius\_activation\_terms\_html,

275

266

                            true

276

267

                        );

…

…

 

375

366

                <form action="" method="POST">

376

367

                    <input type="hidden" name="fs\_action"

377

 

                           value="<?php echo $fs->get\_unique\_affix() ?>\_activate\_existing">

378

 

                    <?php wp\_nonce\_field( 'activate\_existing\_' . $fs->get\_public\_key() ) ?>

 

368

                           value="<?php echo esc\_attr( $fs->get\_unique\_affix() . '\_activate\_existing' ) ?>">

 

369

                    <?php wp\_nonce\_field( $fs->get\_unique\_affix() . '\_activate\_existing' ) ?>

379

370

                    <input type="hidden" name="is\_extensions\_tracking\_allowed" value="1">

380

371

                    <input type="hidden" name="is\_diagnostic\_tracking\_allowed" value="1">

…

…

 

386

377

                    <?php unset( $optin\_params\['sites'\]); ?>

387

378

                    <?php foreach ( $optin\_params as $name => $value ) : ?>

388

 

                        <input type="hidden" name="<?php echo $name ?>" value="<?php echo esc\_attr( $value ) ?>">

 

379

                        <input type="hidden" name="<?php echo esc\_attr( $name ) ?>" value="<?php echo esc\_attr( $value ) ?>">

389

380

                    <?php endforeach ?>

390

381

                    <input type="hidden" name="is\_extensions\_tracking\_allowed" value="1">

…

…

 

397

388

            <?php endif ?>

398

389

            <?php if ( $require\_license\_key ) : ?>

399

 

                <a id="license\_issues\_link" href="<?php echo $fs->apply\_filters( 'known\_license\_issues\_url', 'https://freemius.com/help/documentation/wordpress-sdk/license-activation-issues/' ) ?>" target="\_blank"><?php fs\_esc\_html\_echo\_inline( 'License issues?', 'license-issues', $slug ) ?></a>

 

390

                <a id="license\_issues\_link"

 

391

                   href="<?php echo esc\_url( $fs->apply\_filters( 'known\_license\_issues\_url', 'https://freemius.com/help/documentation/wordpress-sdk/license-activation-issues/' ) ) ?>"

 

392

                   target="\_blank"><?php fs\_esc\_html\_echo\_inline( 'License issues?', 'license-issues', $slug ) ?></a>

400

393

            <?php endif ?>

401

394

…

…

 

422

415

                        <a class="fs-trigger wp-core-ui" href="#" tabindex="1" style="color: inherit;"><?php echo sprintf(

423

416

                                fs\_esc\_html\_inline( 'For delivery of security & feature updates, and license management, %s needs to', 'license-sync-disclaimer', $slug ) . '<b class="fs-arrow"></b>',

424

 

                                sprintf( '<nobr class="button-link" style="color: inherit;">%s</nobr>', $fs->get\_plugin\_title() )

 

417

                                sprintf( '<nobr class="button-link" style="color: inherit;">%s</nobr>', esc\_html( $fs->get\_plugin\_title() ) )

425

418

                            ) ?></a>

426

419

                    <?php else : ?>

427

420

                        <a class="fs-trigger wp-core-ui" href="#" tabindex="1" style="color: inherit;"><?php printf(

428

421

                                fs\_esc\_html\_inline( 'This will allow %s to', 'this-will-allow-x', $slug ) . '<b class="fs-arrow"></b>',

429

 

                                sprintf( '<nobr class="button-link" style="color: inherit;">%s</nobr>', $fs->get\_plugin\_title() )

 

422

                                sprintf( '<nobr class="button-link" style="color: inherit;">%s</nobr>', esc\_html( $fs->get\_plugin\_title() ) )

430

423

                            ) ?></a>

431

424

                    <?php endif ?>

…

…

 

452

445

        </div>

453

446

        <div class="fs-terms">

454

 

            <a class="fs-tooltip-trigger<?php echo is\_rtl() ? ' rtl' : '' ?>" href="<?php echo $freemius\_site\_url ?>" target="\_blank" rel="noopener" tabindex="1">Powered by Freemius<?php if ( $require\_license\_key ) : ?> <span class="fs-tooltip" style="width: 170px"><?php echo $fs->get\_text\_inline( 'Freemius is our licensing and software updates engine', 'permissions-extensions\_desc' ) ?></span><?php endif ?></a>

 

447

            <a class="fs-tooltip-trigger<?php echo is\_rtl() ? ' rtl' : '' ?>" href="<?php echo esc\_url( $freemius\_activation\_terms\_url ) ?>" target="\_blank" rel="noopener" tabindex="1">Powered by Freemius<?php if ( $require\_license\_key ) : ?> <span class="fs-tooltip" style="width: 170px"><?php echo esc\_html( $fs->get\_text\_inline( 'Freemius is our licensing and software updates engine', 'permissions-extensions\_desc' ) ) ?></span><?php endif ?></a>

455

448

            &nbsp;&nbsp;-&nbsp;&nbsp;

456

449

            <a href="https://freemius.com/privacy/" target="\_blank" rel="noopener"

457

450

               tabindex="1"><?php fs\_esc\_html\_echo\_inline( 'Privacy Policy', 'privacy-policy', $slug ) ?></a>

458

451

            &nbsp;&nbsp;-&nbsp;&nbsp;

459

 

            <a href="<?php echo $require\_license\_key ? $freemius\_plugin\_terms\_url : $freemius\_usage\_tracking\_url ?>" target="\_blank" rel="noopener" tabindex="1"><?php $require\_license\_key ? fs\_echo\_inline( 'License Agreement', 'license-agreement', $slug ) : fs\_echo\_inline( 'Terms of Service', 'tos', $slug ) ?></a>

 

452

            <?php if ($require\_license\_key) : ?>

 

453

                <a href="<?php echo esc\_url( $freemius\_plugin\_terms\_url ) ?>" target="\_blank" rel="noopener" tabindex="1"><?php fs\_echo\_inline( 'License Agreement', 'license-agreement', $slug ) ?></a>

 

454

            <?php else : ?>

 

455

                <a href="<?php echo esc\_url( $freemius\_usage\_tracking\_url ) ?>" target="\_blank" rel="noopener" tabindex="1"><?php fs\_echo\_inline( 'Terms of Service', 'tos', $slug ) ?></a>

 

456

            <?php endif; ?>

460

457

        </div>

461

458

    </div>
  • post-smtp/trunk/freemius/templates/forms/affiliation.php

    r2830498

    r2935537

88

88

    $module\_id                   = $fs->get\_id();

89

89

    $affiliate\_program\_terms\_url = "https://freemius.com/plugin/{$module\_id}/{$slug}/legal/affiliate-program/";

 

90

 

91

    $has\_tabs = $fs->\_add\_tabs\_before\_content();

90

92

?>

91

93

<div id="fs\_affiliation\_content\_wrapper" class="wrap">

…

…

 

501

503

    </div>

502

504

<?php

 

505

    if ( $has\_tabs ) {

 

506

        $fs->\_add\_tabs\_after\_content();

 

507

    }

 

508

503

509

    $params = array(

504

510

        'page'           => 'affiliation',
  • post-smtp/trunk/freemius/templates/forms/optout.php

    r2839728

    r2935537

119

119

    $form\_id = "fs\_opt\_out\_{$fs->get\_id()}";

120

120

?>

121

 

<div id="<?php echo $form\_id ?>"

 

121

<div id="<?php echo esc\_attr( $form\_id ) ?>"

122

122

     class="fs-modal fs-modal-opt-out"

123

 

     data-plugin-id="<?php echo $fs->get\_id() ?>"

124

 

     data-action="<?php echo $fs->get\_ajax\_action( $ajax\_action ) ?>"

125

 

     data-security="<?php echo $fs->get\_ajax\_security( $ajax\_action ) ?>"

 

123

     data-plugin-id="<?php echo esc\_attr( $fs->get\_id() ) ?>"

 

124

     data-action="<?php echo esc\_attr( $fs->get\_ajax\_action( $ajax\_action ) ) ?>"

 

125

     data-security="<?php echo esc\_attr(  $fs->get\_ajax\_security( $ajax\_action ) ) ?>"

126

126

     style="display: none">

127

127

    <div class="fs-modal-dialog">

…

…

 

146

146

        <?php foreach ( $permission\_groups as $i => $permission\_group ) : ?>

147

147

            <?php if ( ! empty( $permission\_group\[ 'prompt' \] ) ) : ?>

148

 

                <div class="fs-<?php echo $permission\_group\[ 'id' \] ?>-opt-out fs-opt-out-disclaimer" data-group-id="<?php echo $permission\_group\[ 'id' \] ?>" style="display: none">

 

148

                <div class="fs-<?php echo esc\_attr( $permission\_group\[ 'id' \] ) ?>-opt-out fs-opt-out-disclaimer" data-group-id="<?php echo esc\_attr( $permission\_group\[ 'id' \] ) ?>" style="display: none">

149

149

                    <div class="fs-modal-body">

150

150

                        <div class="fs-modal-panel active">

151

151

                            <div class="notice notice-error inline opt-out-error-message"><p></p></div>

152

152

                            <?php foreach ( $permission\_group\[ 'prompt' \] as $p ) : ?>

 

153

                                <?php // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>

153

154

                                <p><?php echo $p ?></p>

154

155

                            <?php endforeach ?>

…

…

 

171

172

        $( document ).ready(function() {

172

173

            FS.OptOut(

173

 

                '<?php echo $fs->get\_id() ?>',

174

 

                '<?php echo $slug ?>',

175

 

                '<?php echo $fs->get\_module\_type() ?>',

 

174

                <?php echo wp\_json\_encode( $fs->get\_id() ) ?>,

 

175

                <?php echo wp\_json\_encode( $slug ) ?>,

 

176

                <?php echo wp\_json\_encode( $fs->get\_module\_type() ) ?>,

176

177

                <?php echo $fs->is\_registered( true ) ? 'true' : 'false' ?>,

177

178

                <?php echo $fs->is\_tracking\_allowed() ? 'true' : 'false' ?>,

178

 

                '<?php echo esc\_js( $reconnect\_url ) ?>'

 

179

                <?php echo wp\_json\_encode( $reconnect\_url ) ?>

179

180

            );

180

181

        });
  • post-smtp/trunk/freemius/templates/gdpr-optin-js.php

    r2830498

    r2935537

30

30

                    cursor         = $this.css( 'cursor' ),

31

31

                    $products      = $gdprOptinNotice.find( 'span\[data-plugin-id\]' ),

32

 

                    pluginIDs      = \[\];

 

32

                    pluginIDs      = \[\],

 

33

                    ajaxUrl        = <?php echo Freemius::ajax\_url() ?>;

33

34

34

35

                if ( $products.length > 0 ) {

…

…

 

39

40

40

41

                $.ajax({

41

 

                    url       : <?php echo Freemius::ajax\_url() ?> + '?' + $.param({

 

42

                        url      : ajaxUrl + (ajaxUrl.includes('?') ? '&' : '?') + $.param({

42

43

                        action   : '<?php echo $fs->get\_ajax\_action( 'gdpr\_optin\_action' ) ?>',

43

44

                        security : '<?php echo $fs->get\_ajax\_security( 'gdpr\_optin\_action' ) ?>',
  • post-smtp/trunk/freemius/templates/partials/network-activation.php

    r2830498

    r2935537

62

62

            <?php foreach ( $sites as $site ) : ?>

63

63

                <tr<?php if ( ! empty( $site\['license\_id'\] ) ) {

64

 

                    echo ' data-license-id="' . $site\['license\_id'\] . '"';

 

64

                    echo ' data-license-id="' . esc\_attr( $site\['license\_id'\] ) . '"';

65

65

                } ?>>

66

66

                    <?php if ( $require\_license\_key ) : ?>

67

67

                        <td><input type="checkbox" value="true" /></td>

68

68

                    <?php endif ?>

69

 

                    <td class="blog-id"><span><?php echo $site\['blog\_id'\] ?></span>.</td>

 

69

                    <td class="blog-id"><span><?php echo esc\_html( $site\['blog\_id'\] ) ?></span>.</td>

70

70

                    <td width="600"><span><?php

71

71

                        $url = str\_replace( 'http://', '', str\_replace( 'https://', '', $site\['url'\] ) );

72

 

                        echo $url;

 

72

                        echo esc\_html( $url );

73

73

                        ?></span>

74

74

                        <?php foreach ($site\_props as $prop) : ?>

75

 

                            <input class="<?php echo $prop ?>" type="hidden" value="<?php echo esc\_attr($site\[$prop\]) ?>" />

 

75

                            <input class="<?php echo esc\_attr( $prop ) ?>" type="hidden" value="<?php echo esc\_attr($site\[$prop\]) ?>" />

76

76

                        <?php endforeach ?>

77

77

                    </td>
  • post-smtp/trunk/freemius/templates/plugin-info/description.php

    r2839728

    r2935537

57

57

            <?php $i = 0;

58

58

                foreach ( $screenshots as $s => $url ) : ?>

59

 

                    <?php

60

 

                    // Relative URLs are replaced with WordPress.org base URL

61

 

                    // therefore we need to set absolute URLs.

62

 

                    $url = 'http' . ( WP\_FS\_\_IS\_HTTPS ? 's' : '' ) . ':' . $url;

63

 

                    ?>

64

59

                    <li class="<?php echo ( 0 === $i % 2 ) ? 'odd' : 'even' ?>">

65

60

                        <style>
  • post-smtp/trunk/freemius/templates/plugin-info/screenshots.php

    r2749024

    r2935537

23

23

    <?php $i = 0;

24

24

        foreach ( $screenshots as $s => $url ) : ?>

25

 

            <?php

26

 

            // Relative URLs are replaced with WordPress.org base URL

27

 

            // therefore we need to set absolute URLs.

28

 

            $url = 'http' . ( WP\_FS\_\_IS\_HTTPS ? 's' : '' ) . ':' . $url;

29

 

            ?>

30

25

            <li>

31

26

                <a href="<?php echo $url ?>" title="<?php echo esc\_attr( sprintf( fs\_text\_inline( 'Click to view full-size screenshot %d', 'view-full-size-x', $plugin->slug ), $i ) ) ?>"><img src="<?php echo $url ?>"></a>
  • post-smtp/trunk/freemius/templates/tabs-capture-js.php

    r2830498

    r2935537

43

43

                    aboveTabsHtml = settingHtml.substr(0, tabsPosition);

44

44

45

 

                    var tabsHtml = $('.wrap .nav-tab-wrapper').clone().wrap('<div>').parent().html();

 

45

                    var tabsHtml = $('.wrap .nav-tab-wrapper').clone().wrap('<div>').parent().html(),

 

46

                        ajaxUrl  = <?php echo Freemius::ajax\_url() ?>;

46

47

47

48

                    $.ajax({

48

 

                        url        : <?php echo Freemius::ajax\_url() ?> + '?' + $.param({

 

49

                            url      : ajaxUrl + (ajaxUrl.includes('?') ? '&' : '?') + $.param({

49

50

                            action   : '<?php echo $fs->get\_ajax\_action( 'store\_tabs' ) ?>',

50

51

                            security : '<?php echo $fs->get\_ajax\_security( 'store\_tabs' ) ?>',
  • post-smtp/trunk/postman-smtp.php

    r2929002

    r2935537

7

7

 \* Plugin URI: https://wordpress.org/plugins/post-smtp/

8

8

 \* Description: Email not reliable? Post SMTP is the first and only WordPress SMTP plugin to implement OAuth 2.0 for Gmail, Hotmail and Yahoo Mail. Setup is a breeze with the Configuration Wizard and integrated Port Tester. Enjoy worry-free delivery even if your password changes!

9

 

 \* Version: 2.5.7

 

9

 \* Version: 2.5.8-beta.1

10

10

 \* Author: Post SMTP

11

11

 \* Text Domain: post-smtp

…

…

 

103

103

define( 'POST\_SMTP\_PATH', \_\_DIR\_\_ );

104

104

define( 'POST\_SMTP\_URL', plugins\_url('', POST\_SMTP\_BASE ) );

105

 

define( 'POST\_SMTP\_VER', '2.5.7' );

 

105

define( 'POST\_SMTP\_VER', '2.5.8' );

106

106

define( 'POST\_SMTP\_DB\_VERSION', '1.0.1' );

107

107

define( 'POST\_SMTP\_ASSETS', plugin\_dir\_url( \_\_FILE\_\_ ) . 'assets/' );
  • post-smtp/trunk/readme.txt

    r2933433

    r2935537

94

94

\*\*Advanced Email Delivery and Logs Extension\*\*

95

95

With the \[Advanced Email Delivery and Logs Extension\](https://postmansmtp.com/extensions/advanced-email-delivery/), boost your email efficiency and improve deliverability. Also, implement effective email quota management and streamlined log storage for optimal email communication.

96

 

97

96

\= Post SMTP Membership Plans =

98

97

\[Post SMTP membership plans\](https://postmansmtp.com/membership-plan/) offer access to all pro extensions along with other benefits including 1-year extension updates and support, Email Reporting, Logging, and Tracking, all other SMTP Services and a 30-day money-back guarantee.

…

…

 

305

304

\== Changelog ==

306

305

 

306

\= 2.5.8 - 2023-07-06 =

 

307

\*\*IMPROVEMENTS\*\*

 

308

 

309

\* Added function to escape backend email content popup HTML.

 

310

\* Added Failed/success labels for better visibility.

 

311

\* Displayed error message on hover and in the popup to simplify the interface and UX in the log section.

 

312

\* Updated Feedback SDK to the latest version

 

313

 

314

\*\*FIXES\*\*

 

315

 

316

\* Fix: Pagination was getting reset on resending emails.

 

317

307

318

\= 2.5.7 - 2023-06-21 =

308

319

\*\*IMPROVEMENTS\*\*
  • post-smtp/trunk/script/postman-email-logs.js

    r2919441

    r2935537

90

90

            \` );

91

91

92

 

            if( data\['success'\] == '<span title="Successful"></span>' ) {

 

92

            if( data\['success'\] == '<span title="Success">Success</span>' ) {

93

93

94

94

                jQuery( status ).addClass( 'ps-email-log-status-success' );

…

…

 

320

320

                if( response.success === true ) {

321

321

322

 

                    logsDT.ajax.reload();

 

322

                    logsDT.ajax.reload( null, false );

323

323

324

324

                }

…

…

 

510

510

511

511

                    alert( response.message );

512

 

                    logsDT.ajax.reload();

 

512

                    logsDT.ajax.reload( null, false );

513

513

514

514

                }

…

…

 

558

558

559

559

                    alert( response.message );

560

 

                    logsDT.ajax.reload();

 

560

                    logsDT.ajax.reload( null, false );

561

561

562

562

                }

…

…

 

564

564

565

565

                    alert( response.message );

566

 

                    logsDT.ajax.reload();

 

566

                    logsDT.ajax.reload( null, false );

567

567

568

568

                }

…

…

 

574

574

    } );

575

575

 

576

 

577

    jQuery( document ).on( 'click', '.ps-status-log', function( e ) {

 

578

 

579

        e.preventDefault();

 

580

        var \_details = jQuery( this ).siblings( 'span' ).attr( 'title' );

 

581

        jQuery( '.ps-popup-container' ).html( \`<h1>Details</h1>${\_details}\` );

 

582

 

583

    } );

 

584

576

585

})
  • post-smtp/trunk/style/postman.css

    r2919441

    r2935537

1334

1334

    color: #fff;

1335

1335

    font-weight: 600;

1336

 

    height: 9px;

1337

 

    width: 9px;

1338

 

    border-radius: 50px;

 

1336

    border-radius: 25px;

1339

1337

    display: inline-block;

1340

1338

    margin-right: 5px;

1341

1339

    cursor: pointer;

1342

 

}

1343

 

 

1340

    padding: 2px 10px;

 

1341

}

1344

1342

1345

1343

.ps-email-log-status-success span {

…

…

 

1543

1541

    display: inline-block;

1544

1542

    font-family: inherit;

1545

 

}

 

1543

    margin-left: 5px;

 

1544

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907