Events Manager - Version 5.8.1.3

Version Description

  • fixed escaping error in bookings admin table introduced in 5.8.1.3
Download this release

Release Info

Developer netweblogic
Plugin Icon 128x128 Events Manager
Version 5.8.1.3
Comparing to
See all releases

Code changes from version 5.8.1.2 to 5.8.1.3

Files changed (3) hide show
  1. classes/em-bookings-table.php +7 -3
  2. events-manager.php +1 -1
  3. readme.txt +2 -0
classes/em-bookings-table.php CHANGED
@@ -450,13 +450,13 @@ class EM_Bookings_Table{
450
  foreach($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking){
451
  $row = $this->get_row($EM_Ticket_Booking);
452
  foreach( $row as $row_cell ){
453
- ?><td><?php echo esc_html($row_cell); ?></td><?php
454
  }
455
  }
456
  }else{
457
  $row = $this->get_row($EM_Booking);
458
  foreach( $row as $row_cell ){
459
- ?><td><?php echo esc_html($row_cell); ?></td><?php
460
  }
461
  }
462
  ?>
@@ -538,7 +538,7 @@ class EM_Bookings_Table{
538
  if( $csv || $EM_Booking->is_no_user() ){
539
  $val = $EM_Booking->get_person()->get_name();
540
  }else{
541
- $val = '<a href="'.esc_url(add_query_arg(array('person_id'=>$EM_Booking->person_id, 'event_id'=>null), $EM_Booking->get_event()->get_bookings_url())).'">'. $EM_Booking->person->get_name() .'</a>';
542
  }
543
  }elseif($col == 'first_name'){
544
  $val = esc_html($EM_Booking->get_person()->first_name);
@@ -582,6 +582,10 @@ class EM_Bookings_Table{
582
  }elseif( $col == 'booking_comment' ){
583
  $val = $csv ? $EM_Booking->booking_comment : esc_html($EM_Booking->booking_comment);
584
  }
 
 
 
 
585
  //use this
586
  $val = apply_filters('em_bookings_table_rows_col_'.$col, $val, $EM_Booking, $this, $csv, $object);
587
  $cols[] = apply_filters('em_bookings_table_rows_col', $val, $col, $EM_Booking, $this, $csv, $object); //deprecated, use the above filter instead for better performance
450
  foreach($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking){
451
  $row = $this->get_row($EM_Ticket_Booking);
452
  foreach( $row as $row_cell ){
453
+ ?><td><?php echo $row_cell; ?></td><?php
454
  }
455
  }
456
  }else{
457
  $row = $this->get_row($EM_Booking);
458
  foreach( $row as $row_cell ){
459
+ ?><td><?php echo $row_cell; ?></td><?php
460
  }
461
  }
462
  ?>
538
  if( $csv || $EM_Booking->is_no_user() ){
539
  $val = $EM_Booking->get_person()->get_name();
540
  }else{
541
+ $val = '<a href="'.esc_url(add_query_arg(array('person_id'=>$EM_Booking->person_id, 'event_id'=>null), $EM_Booking->get_event()->get_bookings_url())).'">'. esc_html($EM_Booking->person->get_name()) .'</a>';
542
  }
543
  }elseif($col == 'first_name'){
544
  $val = esc_html($EM_Booking->get_person()->first_name);
582
  }elseif( $col == 'booking_comment' ){
583
  $val = $csv ? $EM_Booking->booking_comment : esc_html($EM_Booking->booking_comment);
584
  }
585
+ //escape all HTML if destination is HTML or not defined
586
+ if( $csv == 'html' || empty($csv) ){
587
+ if( !in_array($col, array('user_name', 'event_name', 'actions')) ) $val = esc_html($val);
588
+ }
589
  //use this
590
  $val = apply_filters('em_bookings_table_rows_col_'.$col, $val, $EM_Booking, $this, $csv, $object);
591
  $cols[] = apply_filters('em_bookings_table_rows_col', $val, $col, $EM_Booking, $this, $csv, $object); //deprecated, use the above filter instead for better performance
events-manager.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Events Manager
4
- Version: 5.8.1.2
5
  Plugin URI: http://wp-events-plugin.com
6
  Description: Event registration and booking management for WordPress. Recurring events, locations, google maps, rss, ical, booking registration and more!
7
  Author: Marcus Sykes
1
  <?php
2
  /*
3
  Plugin Name: Events Manager
4
+ Version: 5.8.1.3
5
  Plugin URI: http://wp-events-plugin.com
6
  Description: Event registration and booking management for WordPress. Recurring events, locations, google maps, rss, ical, booking registration and more!
7
  Author: Marcus Sykes
readme.txt CHANGED
@@ -99,6 +99,8 @@ See our [FAQ](http://wp-events-plugin.com/documentation/faq/) page, which is upd
99
  6. Manage attendees with various booking reports
100
 
101
  == Changelog ==
 
 
102
 
103
  = 5.8.1.2 =
104
  * security release fixing a potential stored XSS vulnerability (disclosure pending, props to Luigi Gubello for responsible disclosure)
99
  6. Manage attendees with various booking reports
100
 
101
  == Changelog ==
102
+ = 5.8.1.3 =
103
+ * fixed escaping error in bookings admin table introduced in 5.8.1.3
104
 
105
  = 5.8.1.2 =
106
  * security release fixing a potential stored XSS vulnerability (disclosure pending, props to Luigi Gubello for responsible disclosure)