Events Manager - Version 5.8.1.3

Version Description

  • fixed escaping error in bookings admin table introduced in 5.8.1.3
Download this release

Release Info

Developer netweblogic
Plugin Icon 128x128 Events Manager
Version 5.8.1.3
Comparing to
See all releases

Code changes from version 5.8.1.2 to 5.8.1.3

classes/em-bookings-table.php CHANGED
@@ -450,13 +450,13 @@ class EM_Bookings_Table{
450
foreach($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking){
451
$row = $this->get_row($EM_Ticket_Booking);
452
foreach( $row as $row_cell ){
453
- ?><td><?php echo esc_html($row_cell); ?></td><?php
454
}
455
}
456
}else{
457
$row = $this->get_row($EM_Booking);
458
foreach( $row as $row_cell ){
459
- ?><td><?php echo esc_html($row_cell); ?></td><?php
460
}
461
}
462
?>
@@ -538,7 +538,7 @@ class EM_Bookings_Table{
538
if( $csv || $EM_Booking->is_no_user() ){
539
$val = $EM_Booking->get_person()->get_name();
540
}else{
541
- $val = '<a href="'.esc_url(add_query_arg(array('person_id'=>$EM_Booking->person_id, 'event_id'=>null), $EM_Booking->get_event()->get_bookings_url())).'">'. $EM_Booking->person->get_name() .'</a>';
542
}
543
}elseif($col == 'first_name'){
544
$val = esc_html($EM_Booking->get_person()->first_name);
@@ -582,6 +582,10 @@ class EM_Bookings_Table{
582
}elseif( $col == 'booking_comment' ){
583
$val = $csv ? $EM_Booking->booking_comment : esc_html($EM_Booking->booking_comment);
584
}
585
//use this
586
$val = apply_filters('em_bookings_table_rows_col_'.$col, $val, $EM_Booking, $this, $csv, $object);
587
$cols[] = apply_filters('em_bookings_table_rows_col', $val, $col, $EM_Booking, $this, $csv, $object); //deprecated, use the above filter instead for better performance
450
foreach($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking){
451
$row = $this->get_row($EM_Ticket_Booking);
452
foreach( $row as $row_cell ){
453
+ ?><td><?php echo $row_cell; ?></td><?php
454
}
455
}
456
}else{
457
$row = $this->get_row($EM_Booking);
458
foreach( $row as $row_cell ){
459
+ ?><td><?php echo $row_cell; ?></td><?php
460
}
461
}
462
?>
538
if( $csv || $EM_Booking->is_no_user() ){
539
$val = $EM_Booking->get_person()->get_name();
540
}else{
541
+ $val = '<a href="'.esc_url(add_query_arg(array('person_id'=>$EM_Booking->person_id, 'event_id'=>null), $EM_Booking->get_event()->get_bookings_url())).'">'. esc_html($EM_Booking->person->get_name()) .'</a>';
542
}
543
}elseif($col == 'first_name'){
544
$val = esc_html($EM_Booking->get_person()->first_name);
582
}elseif( $col == 'booking_comment' ){
583
$val = $csv ? $EM_Booking->booking_comment : esc_html($EM_Booking->booking_comment);
584
}
585
+ //escape all HTML if destination is HTML or not defined
586
+ if( $csv == 'html' || empty($csv) ){
587
+ if( !in_array($col, array('user_name', 'event_name', 'actions')) ) $val = esc_html($val);
588
+ }
589
//use this
590
$val = apply_filters('em_bookings_table_rows_col_'.$col, $val, $EM_Booking, $this, $csv, $object);
591
$cols[] = apply_filters('em_bookings_table_rows_col', $val, $col, $EM_Booking, $this, $csv, $object); //deprecated, use the above filter instead for better performance
events-manager.php CHANGED
@@ -1,7 +1,7 @@
1
<?php
2
/*
3
Plugin Name: Events Manager
4
- Version: 5.8.1.2
5
Plugin URI: http://wp-events-plugin.com
6
Description: Event registration and booking management for WordPress. Recurring events, locations, google maps, rss, ical, booking registration and more!
7
Author: Marcus Sykes
1
<?php
2
/*
3
Plugin Name: Events Manager
4
+ Version: 5.8.1.3
5
Plugin URI: http://wp-events-plugin.com
6
Description: Event registration and booking management for WordPress. Recurring events, locations, google maps, rss, ical, booking registration and more!
7
Author: Marcus Sykes
readme.txt CHANGED
@@ -99,6 +99,8 @@ See our [FAQ](http://wp-events-plugin.com/documentation/faq/) page, which is upd
99
6. Manage attendees with various booking reports
100
101
== Changelog ==
102
103
= 5.8.1.2 =
104
* security release fixing a potential stored XSS vulnerability (disclosure pending, props to Luigi Gubello for responsible disclosure)
99
6. Manage attendees with various booking reports
100
101
== Changelog ==
102
+ = 5.8.1.3 =
103
+ * fixed escaping error in bookings admin table introduced in 5.8.1.3
104
105
= 5.8.1.2 =
106
* security release fixing a potential stored XSS vulnerability (disclosure pending, props to Luigi Gubello for responsible disclosure)