• Resolved mumbomedia

    (@mumbomedia)


    A client of us coouldn’t change the value of the “To”-field.
    So I debug it and found the cause of this issue.

    In deprecated/includes/admin/save.php:23 each item of $_POST which doesn’t start with an underscore will be passed through esc_html.

    But this is what the contents of $_POST look like

    notification_id: '22'
    settings: array (
      'name' => 'E-Mail',
      'type' => 'email',
      'from_name' => 'Name of the Form',
      'from_address' => 'field_62',
      'to' => 'test@example.com',
      'email_subject' => 'email subject',
      'email_message' => '[ninja_forms_all_fields]',
      'attach_csv' => '0',
      'email_format' => 'html',
      'reply_to' => '',
      'cc' => '',
      'bcc' => '',
      'redirect_url' => '',
      'success_msg' => '',
    )

    As you see settings is an array and when passed through esc_html it become to ‘Array’. Therefore the content of $_POST[‘settings’] are ignored.

    After altering the foreach-loop to

    foreach ( $_POST as $key => $val ) {
    				if ( substr($key, 0, 1) != '_') {
    					if($key != 'settings'){
    						$data_array[$key] = esc_html($val);
    					}
    					else{
    						$data_array[$key] = $val;
    					}
    				}
    			}

    the settings are saved as expected.

    If you want to have my fixed version please contact me and I will send the file to you asap.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.