Quform 2.4.0 Released

Quform version 2.4.0 is now available, grab it by going to Forms → Settings → License & Updates → Check for updates, it’s also available for download on CodeCanyon.

In this update we have addresses several security issues relating to users being able to add unfiltered HTML when they did not have the WordPress capability unfiltered_html. These were not serious issues as only administrators (or users that the administrator gave permissions to) were able to do this. Now, when users without the unfiltered_html capability use the form builder, they will not be able to enter <script> or <style> tags into any part of the form. Users with the unfiltered_html capability (i.e. administrators) will be able to add any HTML without restriction. Be aware that if an administrator creates a form containing <script> or <style> tags, and the form is later edited by a user without the unfiltered_html capability these tags will be stripped. To avoid this, we recommend that you do not add <script> or <style> tags in the form builder, but instead use the fields at Forms → Settings → Custom CSS & JS.

Changelog

• Added style selectors for the HTML element
• Added Persian plugin translation
• Added data sanitization to all form builder settings
• Fixed an issue where users without the ‘unfiltered_html’ capability could add unfiltered HTML
• Fixed an issue with the Excel 2007 entry export if the ZipArchive class is not available
• Fixed an issue where existing logic rules would stop working when the value of a dependant option was changed
• Fixed the form Position setting not saving properly