Calendar - Version 1.3.11

Version Description

Fixed reported XSS issues with category name and event title

Release Info

Developer	KieranOShea
Plugin	Calendar
Version	1.3.11
Comparing to
See all releases

Code changes from version 1.3.10 to 1.3.11

Files changed (3) hide show

calendar.php +10 -10
calendar.pot +1 -1
readme.txt +5 -2

calendar.php CHANGED Viewed

	@@ -7,7 +7,7 @@ Author: Kieran O'Shea
7	Author URI: http://www.kieranoshea.com
8	Text Domain: calendar
9	Domain Path: /languages
10	- Version: 1.3.10
11	*/
12
13	/* Copyright 2008 Kieran O'Shea (email : kieran@kieranoshea.com)
	@@ -843,7 +843,7 @@ function wp_events_display_list(){
843	?>
844	<tr class="<?php echo $class; ?>">
845	<th scope="row"><?php echo stripslashes($event->event_id); ?></th>
846	- <td><?php echo stripslashes($event->event_title); ?></td>
847	<td><?php echo stripslashes($event->event_begin); ?></td>
848	<td><?php echo stripslashes($event->event_end); ?></td>
849	<td><?php if ($event->event_time == '00:00:00') { echo __('N/A','calendar'); } else { echo stripslashes($event->event_time); } ?></td>
	@@ -870,7 +870,7 @@ function wp_events_display_list(){
870	$sql = $wpdb->prepare("SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=%d",$event->event_category);
871	$this_cat = $wpdb->get_row($sql);
872	?>
873	- <td style="background-color:<?php echo stripslashes($this_cat->category_colour);?>;"><?php echo stripslashes($this_cat->category_name); ?></td>
874	<?php unset($this_cat); ?>
875	<td><a href="<?php echo bloginfo('wpurl') ?>/wp-admin/admin.php?page=calendar&action=edit&event_id=<?php echo stripslashes($event->event_id);?>" class='edit'><?php echo __('Edit','calendar'); ?></a></td>
876	<td><a href="
	@@ -969,7 +969,7 @@ function wp_events_edit_form($mode='add', $event_id=false)
969	echo 'selected="selected"';
970	}
971	}
972	- echo '>'.stripslashes($cat->category_name).'</option>
973	';
974	}
975	?>
	@@ -1255,7 +1255,7 @@ if ( $action == 'add' )
1255	else
1256	{
1257	?>
1258	- <div class="error"><p><strong><?php _e('Error','calendar'); ?>:</strong> <?php _e('The URL entered must either be prefixed with http:// or be completely blank','calendar'); ?></p></div>
1259	<?php
1260	}
1261	// The title must be at least one character in length and no more than 30
	@@ -2126,7 +2126,7 @@ function manage_categories()
2126	?>
2127	<tr class="<?php echo $class; ?>">
2128	<th scope="row"><?php echo stripslashes($category->category_id); ?></th>
2129	- <td><?php echo stripslashes($category->category_name); ?></td>
2130	<td style="background-color:<?php echo stripslashes($category->category_colour); ?>;"> </td>
2131	<td><a href="<?php echo bloginfo('wpurl') ?>/wp-admin/admin.php?page=calendar-categories&mode=edit&category_id=<?php echo stripslashes($category->category_id);?>" class='edit'><?php echo __('Edit','calendar'); ?></a></td>
2132	<?php
	@@ -2501,7 +2501,7 @@ function draw_event($event)
2501	$style = 'style="background-color:'.stripslashes($cat_details->category_colour).';"';
2502	}
2503
2504	- $header_details = '<span class="event-title" '.$style.'>'.stripslashes($event->event_title).'</span><br />
2505	<span class="event-title-break"></span><br />';
2506	if ($event->event_time != "00:00:00")
2507	{
	@@ -2521,7 +2521,7 @@ function draw_event($event)
2521
2522	$linky = apply_filters('modify_calendar_link', $linky, $event);
2523
2524	- $details = '<span class="calnk"><a href="'.$linky.'" '.$style.'>' . stripslashes($event->event_title) . '<span '.$style.'>' . $header_details . '' . stripslashes($event->event_desc) . '</span></a></span>';
2525
2526	return $details;
2527	}
	@@ -3025,7 +3025,7 @@ function calendar($cat_list = '')
3025	foreach($cat_details as $cat_detail)
3026	{
3027	$calendar_body .= '<tr><td style="background-color:'.$cat_detail->category_colour.'; width:20px; height:20px;" class="cat-key-cell"></td>
3028	- <td class="cat-key-cell"> '.$cat_detail->category_name.'</td></tr>';
3029	}
3030	$calendar_body .= '</table>
3031	';
	@@ -3068,7 +3068,7 @@ function minical_draw_events($events,$day_of_week = '')
3068	foreach($events as $event)
3069	{
3070	if ($event->event_time == '00:00:00') { $the_time = __('all day','calendar'); } else { $the_time = __('at','calendar').' '.date(get_option('time_format'), strtotime(stripslashes($event->event_time))); }
3071	- $output .= '* <strong>'.$event->event_title.'</strong> '.$the_time.'<br />';
3072	}
3073	// The tail
3074	$output .= '</span></a></span>';


7	Author URI: http://www.kieranoshea.com
8	Text Domain: calendar
9	Domain Path: /languages
10	+ Version: 1.3.11
11	*/
12
13	/* Copyright 2008 Kieran O'Shea (email : kieran@kieranoshea.com)

843	?>
844	<tr class="<?php echo $class; ?>">
845	<th scope="row"><?php echo stripslashes($event->event_id); ?></th>
846	+ <td><?php echo htmlspecialchars(stripslashes($event->event_title)); ?></td>
847	<td><?php echo stripslashes($event->event_begin); ?></td>
848	<td><?php echo stripslashes($event->event_end); ?></td>
849	<td><?php if ($event->event_time == '00:00:00') { echo __('N/A','calendar'); } else { echo stripslashes($event->event_time); } ?></td>

870	$sql = $wpdb->prepare("SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=%d",$event->event_category);
871	$this_cat = $wpdb->get_row($sql);
872	?>
873	+ <td style="background-color:<?php echo stripslashes($this_cat->category_colour);?>;"><?php echo htmlspecialchars(stripslashes($this_cat->category_name)); ?></td>
874	<?php unset($this_cat); ?>
875	<td><a href="<?php echo bloginfo('wpurl') ?>/wp-admin/admin.php?page=calendar&action=edit&event_id=<?php echo stripslashes($event->event_id);?>" class='edit'><?php echo __('Edit','calendar'); ?></a></td>
876	<td><a href="

969	echo 'selected="selected"';
970	}
971	}
972	+ echo '>'.htmlspecialchars(stripslashes($cat->category_name)).'</option>
973	';
974	}
975	?>

1255	else
1256	{
1257	?>
1258	+ <div class="error"><p><strong><?php _e('Error','calendar'); ?>:</strong> <?php _e('The URL entered must either be prefixed with http(s):// or be completely blank','calendar'); ?></p></div>
1259	<?php
1260	}
1261	// The title must be at least one character in length and no more than 30

2126	?>
2127	<tr class="<?php echo $class; ?>">
2128	<th scope="row"><?php echo stripslashes($category->category_id); ?></th>
2129	+ <td><?php echo htmlspecialchars(stripslashes($category->category_name)); ?></td>
2130	<td style="background-color:<?php echo stripslashes($category->category_colour); ?>;"> </td>
2131	<td><a href="<?php echo bloginfo('wpurl') ?>/wp-admin/admin.php?page=calendar-categories&mode=edit&category_id=<?php echo stripslashes($category->category_id);?>" class='edit'><?php echo __('Edit','calendar'); ?></a></td>
2132	<?php

2501	$style = 'style="background-color:'.stripslashes($cat_details->category_colour).';"';
2502	}
2503
2504	+ $header_details = '<span class="event-title" '.$style.'>'.htmlspecialchars(stripslashes($event->event_title)).'</span><br />
2505	<span class="event-title-break"></span><br />';
2506	if ($event->event_time != "00:00:00")
2507	{

2521
2522	$linky = apply_filters('modify_calendar_link', $linky, $event);
2523
2524	+ $details = '<span class="calnk"><a href="'.$linky.'" '.$style.'>' . htmlspecialchars(stripslashes($event->event_title)) . '<span '.$style.'>' . $header_details . '' . htmlspecialchars(stripslashes($event->event_desc)) . '</span></a></span>';
2525
2526	return $details;
2527	}

3025	foreach($cat_details as $cat_detail)
3026	{
3027	$calendar_body .= '<tr><td style="background-color:'.$cat_detail->category_colour.'; width:20px; height:20px;" class="cat-key-cell"></td>
3028	+ <td class="cat-key-cell"> '.htmlspecialchars($cat_detail->category_name).'</td></tr>';
3029	}
3030	$calendar_body .= '</table>
3031	';

3068	foreach($events as $event)
3069	{
3070	if ($event->event_time == '00:00:00') { $the_time = __('all day','calendar'); } else { $the_time = __('at','calendar').' '.date(get_option('time_format'), strtotime(stripslashes($event->event_time))); }
3071	+ $output .= '* <strong>'.htmlspecialchars(stripslashes($event->event_title)).'</strong> '.$the_time.'<br />';
3072	}
3073	// The tail
3074	$output .= '</span></a></span>';

calendar.pot CHANGED Viewed

	@@ -239,7 +239,7 @@ msgstr ""
239
240	#: calendar.php:1231 calendar.php:1396
241	msgid ""
242	- "The URL entered must either be prefixed with http:// or be completely blank"
243	msgstr ""
244
245	#: calendar.php:1242 calendar.php:1407


239
240	#: calendar.php:1231 calendar.php:1396
241	msgid ""
242	+ "The URL entered must either be prefixed with http(s):// or be completely blank"
243	msgstr ""
244
245	#: calendar.php:1242 calendar.php:1407

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: KieranOShea
3	Donate link: http://www.kieranoshea.com
4	Tags: calendar, dates, times, events
5	Requires at least: 4.3.1
6	- Tested up to: 4.~~9.4~~
7	- Stable tag: 1.3.10
8
9	A simple but effective Calendar plugin for WordPress that allows you to
10	manage your events and appointments and display them to the world.
	@@ -227,6 +227,9 @@ You've not called wp_head() in your theme's header and/or wp_footer() in your th
227
228	== Changelog ==
229



230	= 1.3.10 =
231	* Validated performance and compatability with latest version of WordPress
232	* Fixed bug with mouse hover box which caused longer titles to wrap in an unpleasant fashion


3	Donate link: http://www.kieranoshea.com
4	Tags: calendar, dates, times, events
5	Requires at least: 4.3.1
6	+ Tested up to: 5.0
7	+ Stable tag: 1.3.11
8
9	A simple but effective Calendar plugin for WordPress that allows you to
10	manage your events and appointments and display them to the world.

227
228	== Changelog ==
229
230	+ = 1.3.11 =
231	+ * Fixed reported XSS issues with category name and event title
232	+
233	= 1.3.10 =
234	* Validated performance and compatability with latest version of WordPress
235	* Fixed bug with mouse hover box which caused longer titles to wrap in an unpleasant fashion