Merge pull request #109 from Codeinwp/development

Escape form fields

inc/PhpFormBuilder.php

@@ -303,7 +303,7 @@ function build_form( $echo = true ) {
 
 				case 'textarea':
 					$element = 'textarea';
-					$end     = ' class="form-control" placeholder="'.$val['placeholder'].'">' . $val['value'] . '</textarea>';
+					$end     = ' class="form-control" placeholder="'.$val['placeholder'].'">' . esc_attr( $val['value'] ) . '</textarea>';
 					break;
 
 				case 'select':
@@ -381,10 +381,10 @@ function build_form( $echo = true ) {
 
 					/* don't add a placeholder attribute for input type=hidden */
 					if( !empty($val['type']) && ($val['type'] == 'hidden' ) ) {
-						$end .= ' class="form-control" type="' . $val['type'] . '" value="' . $val['value'] . '"';
+						$end .= ' class="form-control" type="' . $val['type'] . '" value="' . esc_attr ( $val['value'] ) . '"';
 					}
 					else {
-						$end .= ' class="form-control" type="' . $val['type'] . '" value="' . $val['value'] . '" placeholder="' . $val['placeholder'] . '"';
+						$end .= ' class="form-control" type="' . $val['type'] . '" value="' . esc_attr ( $val['value'] ) . '" placeholder="' . $val['placeholder'] . '"';
 					}
 					$end .= $val['checked'] ? ' checked' : '';
 					$end .= $this->field_close();

pirate-forms.php

@@ -3,7 +3,7 @@
 Plugin Name: Free & Simple Contact Form Plugin - PirateForms
 Plugin URI: http://themeisle.com/plugins/pirate-forms/
 Description: Easily creates a nice looking, simple contact form on your WP site.
-Version: 1.0.18
+Version: 1.1.0
 Author: Themeisle
 Author URI: http://themeisle.com
 Text Domain: pirate-forms
@@ -17,7 +17,7 @@
 }
 
 /* Important constants */
-define( 'PIRATE_FORMS_VERSION', '1.0.0' );
+define( 'PIRATE_FORMS_VERSION', '1.1.0' );
 define( 'PIRATE_FORMS_URL', plugin_dir_url( __FILE__ ) );
 define( 'PIRATE_FORMS_PATH', plugin_dir_path( __FILE__ ) );