Event Tickets - Version 4.10.7.2

Version Description

Download this release

Release Info

Developer ModernTribe
Plugin Icon 128x128 Event Tickets
Version 4.10.7.2
Comparing to
See all releases

Code changes from version 4.10.7.1 to 4.10.7.2

Files changed (12) hide show
  1. common/lang/tribe-common-de_DE.mo +0 -0
  2. common/vendor/autoload.php +1 -1
  3. common/vendor/autoload_52.php +1 -1
  4. common/vendor/composer/autoload_real.php +4 -4
  5. common/vendor/composer/autoload_real_52.php +3 -3
  6. common/vendor/composer/autoload_static.php +5 -5
  7. common/vendor/composer/installed.json +4 -4
  8. event-tickets.php +1 -1
  9. lang/event-tickets-de_DE.mo +0 -0
  10. readme.txt +6 -2
  11. src/Tribe/Attendees.php +63 -5
  12. src/Tribe/Main.php +1 -1
common/lang/tribe-common-de_DE.mo CHANGED
Binary file
common/vendor/autoload.php CHANGED
@@ -4,4 +4,4 @@
4
 
5
  require_once __DIR__ . '/composer/autoload_real.php';
6
 
7
- return ComposerAutoloaderInitaa5baeeefffea4a39599636bced70b56::getLoader();
4
 
5
  require_once __DIR__ . '/composer/autoload_real.php';
6
 
7
+ return ComposerAutoloaderInitcdfe53637e1610513a9b1a9ae5f296bc::getLoader();
common/vendor/autoload_52.php CHANGED
@@ -4,4 +4,4 @@
4
 
5
  require_once dirname(__FILE__) . '/composer'.'/autoload_real_52.php';
6
 
7
- return ComposerAutoloaderInit5b25f7c48d1b95cee4ff5d2e1061e8c6::getLoader();
4
 
5
  require_once dirname(__FILE__) . '/composer'.'/autoload_real_52.php';
6
 
7
+ return ComposerAutoloaderInit32022c19e449559ac17925161f9a331a::getLoader();
common/vendor/composer/autoload_real.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  // autoload_real.php @generated by Composer
4
 
5
- class ComposerAutoloaderInitaa5baeeefffea4a39599636bced70b56
6
  {
7
  private static $loader;
8
 
@@ -19,15 +19,15 @@ class ComposerAutoloaderInitaa5baeeefffea4a39599636bced70b56
19
  return self::$loader;
20
  }
21
 
22
- spl_autoload_register(array('ComposerAutoloaderInitaa5baeeefffea4a39599636bced70b56', 'loadClassLoader'), true, true);
23
  self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24
- spl_autoload_unregister(array('ComposerAutoloaderInitaa5baeeefffea4a39599636bced70b56', 'loadClassLoader'));
25
 
26
  $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
27
  if ($useStaticLoader) {
28
  require_once __DIR__ . '/autoload_static.php';
29
 
30
- call_user_func(\Composer\Autoload\ComposerStaticInitaa5baeeefffea4a39599636bced70b56::getInitializer($loader));
31
  } else {
32
  $map = require __DIR__ . '/autoload_namespaces.php';
33
  foreach ($map as $namespace => $path) {
2
 
3
  // autoload_real.php @generated by Composer
4
 
5
+ class ComposerAutoloaderInitcdfe53637e1610513a9b1a9ae5f296bc
6
  {
7
  private static $loader;
8
 
19
  return self::$loader;
20
  }
21
 
22
+ spl_autoload_register(array('ComposerAutoloaderInitcdfe53637e1610513a9b1a9ae5f296bc', 'loadClassLoader'), true, true);
23
  self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24
+ spl_autoload_unregister(array('ComposerAutoloaderInitcdfe53637e1610513a9b1a9ae5f296bc', 'loadClassLoader'));
25
 
26
  $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
27
  if ($useStaticLoader) {
28
  require_once __DIR__ . '/autoload_static.php';
29
 
30
+ call_user_func(\Composer\Autoload\ComposerStaticInitcdfe53637e1610513a9b1a9ae5f296bc::getInitializer($loader));
31
  } else {
32
  $map = require __DIR__ . '/autoload_namespaces.php';
33
  foreach ($map as $namespace => $path) {
common/vendor/composer/autoload_real_52.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  // autoload_real_52.php generated by xrstf/composer-php52
4
 
5
- class ComposerAutoloaderInit5b25f7c48d1b95cee4ff5d2e1061e8c6 {
6
  private static $loader;
7
 
8
  public static function loadClassLoader($class) {
@@ -19,9 +19,9 @@ class ComposerAutoloaderInit5b25f7c48d1b95cee4ff5d2e1061e8c6 {
19
  return self::$loader;
20
  }
21
 
22
- spl_autoload_register(array('ComposerAutoloaderInit5b25f7c48d1b95cee4ff5d2e1061e8c6', 'loadClassLoader'), true /*, true */);
23
  self::$loader = $loader = new xrstf_Composer52_ClassLoader();
24
- spl_autoload_unregister(array('ComposerAutoloaderInit5b25f7c48d1b95cee4ff5d2e1061e8c6', 'loadClassLoader'));
25
 
26
  $vendorDir = dirname(dirname(__FILE__));
27
  $baseDir = dirname($vendorDir);
2
 
3
  // autoload_real_52.php generated by xrstf/composer-php52
4
 
5
+ class ComposerAutoloaderInit32022c19e449559ac17925161f9a331a {
6
  private static $loader;
7
 
8
  public static function loadClassLoader($class) {
19
  return self::$loader;
20
  }
21
 
22
+ spl_autoload_register(array('ComposerAutoloaderInit32022c19e449559ac17925161f9a331a', 'loadClassLoader'), true /*, true */);
23
  self::$loader = $loader = new xrstf_Composer52_ClassLoader();
24
+ spl_autoload_unregister(array('ComposerAutoloaderInit32022c19e449559ac17925161f9a331a', 'loadClassLoader'));
25
 
26
  $vendorDir = dirname(dirname(__FILE__));
27
  $baseDir = dirname($vendorDir);
common/vendor/composer/autoload_static.php CHANGED
@@ -4,7 +4,7 @@
4
 
5
  namespace Composer\Autoload;
6
 
7
- class ComposerStaticInitaa5baeeefffea4a39599636bced70b56
8
  {
9
  public static $prefixLengthsPsr4 = array (
10
  'T' =>
@@ -70,10 +70,10 @@ class ComposerStaticInitaa5baeeefffea4a39599636bced70b56
70
  public static function getInitializer(ClassLoader $loader)
71
  {
72
  return \Closure::bind(function () use ($loader) {
73
- $loader->prefixLengthsPsr4 = ComposerStaticInitaa5baeeefffea4a39599636bced70b56::$prefixLengthsPsr4;
74
- $loader->prefixDirsPsr4 = ComposerStaticInitaa5baeeefffea4a39599636bced70b56::$prefixDirsPsr4;
75
- $loader->prefixesPsr0 = ComposerStaticInitaa5baeeefffea4a39599636bced70b56::$prefixesPsr0;
76
- $loader->classMap = ComposerStaticInitaa5baeeefffea4a39599636bced70b56::$classMap;
77
 
78
  }, null, ClassLoader::class);
79
  }
4
 
5
  namespace Composer\Autoload;
6
 
7
+ class ComposerStaticInitcdfe53637e1610513a9b1a9ae5f296bc
8
  {
9
  public static $prefixLengthsPsr4 = array (
10
  'T' =>
70
  public static function getInitializer(ClassLoader $loader)
71
  {
72
  return \Closure::bind(function () use ($loader) {
73
+ $loader->prefixLengthsPsr4 = ComposerStaticInitcdfe53637e1610513a9b1a9ae5f296bc::$prefixLengthsPsr4;
74
+ $loader->prefixDirsPsr4 = ComposerStaticInitcdfe53637e1610513a9b1a9ae5f296bc::$prefixDirsPsr4;
75
+ $loader->prefixesPsr0 = ComposerStaticInitcdfe53637e1610513a9b1a9ae5f296bc::$prefixesPsr0;
76
+ $loader->classMap = ComposerStaticInitcdfe53637e1610513a9b1a9ae5f296bc::$classMap;
77
 
78
  }, null, ClassLoader::class);
79
  }
common/vendor/composer/installed.json CHANGED
@@ -35,13 +35,13 @@
35
  "authors": [
36
  {
37
  "name": "Neuman Vong",
38
- "role": "Developer",
39
- "email": "neuman+pear@twilio.com"
40
  },
41
  {
42
  "name": "Anant Narayanan",
43
- "role": "Developer",
44
- "email": "anant@php.net"
45
  }
46
  ],
47
  "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
35
  "authors": [
36
  {
37
  "name": "Neuman Vong",
38
+ "email": "neuman+pear@twilio.com",
39
+ "role": "Developer"
40
  },
41
  {
42
  "name": "Anant Narayanan",
43
+ "email": "anant@php.net",
44
+ "role": "Developer"
45
  }
46
  ],
47
  "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
event-tickets.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Event Tickets
4
  Plugin URI: http://m.tri.be/1acb
5
  Description: Event Tickets allows you to sell basic tickets and collect RSVPs from any post, page, or event.
6
- Version: 4.10.7.1
7
  Author: Modern Tribe, Inc.
8
  Author URI: http://m.tri.be/28
9
  License: GPLv2 or later
3
  Plugin Name: Event Tickets
4
  Plugin URI: http://m.tri.be/1acb
5
  Description: Event Tickets allows you to sell basic tickets and collect RSVPs from any post, page, or event.
6
+ Version: 4.10.7.2
7
  Author: Modern Tribe, Inc.
8
  Author URI: http://m.tri.be/28
9
  License: GPLv2 or later
lang/event-tickets-de_DE.mo CHANGED
Binary file
readme.txt CHANGED
@@ -4,7 +4,7 @@ Contributors: ModernTribe, brianjessee, camwynsp, paulkim, sc0ttkclark, aguseo,
4
  Tags: RSVP, events, tickets, event management, calendar, ticket sales, community, registration, api, dates, date, posts, workshop, conference, meeting, seminar, concert, summit, ticket integration, event ticketing
5
  Requires at least: 4.7
6
  Tested up to: 5.2
7
- Stable tag: 4.10.7.1
8
  Requires PHP: 5.6
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -117,9 +117,13 @@ Currently, the following add-ons are available for Event Tickets:
117
 
118
  == Changelog ==
119
 
 
 
 
 
120
  = [4.10.7.1] 2019-08-27 =
121
 
122
- * Fix - Resolve JS console warnings from `tooltip.js` in `tribe-common` by adding missing `tribe` var when the var is not setup on the current page already [133207]
123
 
124
  = [4.10.7] 2019-08-22 =
125
 
4
  Tags: RSVP, events, tickets, event management, calendar, ticket sales, community, registration, api, dates, date, posts, workshop, conference, meeting, seminar, concert, summit, ticket integration, event ticketing
5
  Requires at least: 4.7
6
  Tested up to: 5.2
7
+ Stable tag: 4.10.7.2
8
  Requires PHP: 5.6
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
117
 
118
  == Changelog ==
119
 
120
+ = [4.10.7.2] 2019-09-03 =
121
+
122
+ * Fix - Prevent formulas from being exported when exporting attendees to CSV [133550]
123
+
124
  = [4.10.7.1] 2019-08-27 =
125
 
126
+ * Fix - Resolve JS console warnings from `tooltip.js` in `tribe-common` by adding missing `tribe` var when the var is not setup on the current page already [133207]
127
 
128
  = [4.10.7] 2019-08-22 =
129
 
src/Tribe/Attendees.php CHANGED
@@ -553,6 +553,46 @@ class Tribe__Tickets__Attendees {
553
  return array_filter( $rows );
554
  }
555
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
556
  /**
557
  * Checks if the user requested a CSV export from the attendees list.
558
  * If so, generates the download and finishes the execution.
@@ -565,18 +605,36 @@ class Tribe__Tickets__Attendees {
565
  return;
566
  }
567
 
568
- if ( ! wp_verify_nonce( $_GET['attendees_csv_nonce'], 'attendees_csv_nonce' ) || ! $this->user_can( 'edit_posts', $_GET['event_id'] ) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
569
  return;
570
  }
571
 
 
 
 
 
 
 
572
  /**
573
  * Allow for filtering and modifying the list of attendees that will be exported via CSV for a given event.
574
  *
575
- * @param array $items The array of attendees that will be exported in this CSV file.
576
- * @param int $event_id The ID of the event these attendees are associated with.
577
  */
578
- $items = apply_filters( 'tribe_events_tickets_attendees_csv_items', $this->generate_filtered_list( $_GET['event_id'] ), $_GET['event_id'] );
579
- $event = get_post( $_GET['event_id'] );
580
 
581
  if ( ! empty( $items ) ) {
582
  $charset = get_option( 'blog_charset' );
553
  return array_filter( $rows );
554
  }
555
 
556
+ /**
557
+ * Sanitize rows for CSV usage.
558
+ *
559
+ * @since 4.10.7.2
560
+ *
561
+ * @param array $rows Rows to be sanitized.
562
+ *
563
+ * @return array Sanitized rows.
564
+ */
565
+ public function sanitize_csv_rows( array $rows ) {
566
+ foreach ( $rows as &$row ) {
567
+ $row = array_map( [ $this, 'sanitize_csv_value' ], $row );
568
+ }
569
+
570
+ return $rows;
571
+ }
572
+
573
+ /**
574
+ * Sanitize a value for CSV usage.
575
+ *
576
+ * @since 4.10.7.2
577
+ *
578
+ * @param mixed $value Value to be sanitized.
579
+ *
580
+ * @return string Sanitized value.
581
+ */
582
+ public function sanitize_csv_value( $value ) {
583
+ if (
584
+ 0 === mb_strpos( $value, '=' )
585
+ || 0 === mb_strpos( $value, '+' )
586
+ || 0 === mb_strpos( $value, '-' )
587
+ || 0 === mb_strpos( $value, '@' )
588
+ ) {
589
+ // Prefix the value with a single quote to prevent formula from being processed.
590
+ $value = '\'' . $value;
591
+ }
592
+
593
+ return $value;
594
+ }
595
+
596
  /**
597
  * Checks if the user requested a CSV export from the attendees list.
598
  * If so, generates the download and finishes the execution.
605
  return;
606
  }
607
 
608
+ $event_id = absint( $_GET['event_id'] );
609
+
610
+ // Verify event ID is a valid integer and the nonce is accepted.
611
+ if ( empty( $event_id ) || ! wp_verify_nonce( $_GET['attendees_csv_nonce'], 'attendees_csv_nonce' ) ) {
612
+ return;
613
+ }
614
+
615
+ $event = get_post( $event_id );
616
+
617
+ // Verify event exists and current user has access to it.
618
+ if (
619
+ ! $event instanceof WP_Post
620
+ || ! $this->user_can( 'edit_posts', $event_id )
621
+ ) {
622
  return;
623
  }
624
 
625
+ // Generate filtered list of attendees.
626
+ $items = $this->generate_filtered_list( $event_id );
627
+
628
+ // Sanitize items for CSV usage.
629
+ $items = $this->sanitize_csv_rows( $items );
630
+
631
  /**
632
  * Allow for filtering and modifying the list of attendees that will be exported via CSV for a given event.
633
  *
634
+ * @param array $items The array of attendees that will be exported in this CSV file.
635
+ * @param int $event_id The ID of the event these attendees are associated with.
636
  */
637
+ $items = apply_filters( 'tribe_events_tickets_attendees_csv_items', $items, $event_id );
 
638
 
639
  if ( ! empty( $items ) ) {
640
  $charset = get_option( 'blog_charset' );
src/Tribe/Main.php CHANGED
@@ -4,7 +4,7 @@ class Tribe__Tickets__Main {
4
  /**
5
  * Current version of this plugin
6
  */
7
- const VERSION = '4.10.7.1';
8
 
9
  /**
10
  * Min required The Events Calendar version
4
  /**
5
  * Current version of this plugin
6
  */
7
+ const VERSION = '4.10.7.2';
8
 
9
  /**
10
  * Min required The Events Calendar version