diff --git a/includes_general-utilities.php.html b/includes_general-utilities.php.html
index 1dae56ab..3c51dfa4 100644
--- a/includes_general-utilities.php.html
+++ b/includes_general-utilities.php.html
@@ -71,7 +71,7 @@
function mc_tweet_approval( $previous_status, $new_status ) {
if ( function_exists( 'wpt_post_to_service' ) && isset( $_POST['mc_twitter'] ) && trim( $_POST['mc_twitter'] ) !== '' ) {
if ( ( 0 === (int) $previous_status || 2 === (int) $previous_status ) && 1 === (int) $new_status ) {
- wpt_post_to_service( stripslashes( $_POST['mc_twitter'] ) );
+ wpt_post_to_service( esc_html( stripslashes( $_POST['mc_twitter'] ) ) );
}
}
}
@@ -118,23 +118,32 @@
if ( $event_id ) {
$url = admin_url( 'admin.php?page=my-calendar&mode=edit&event_id=' . $event_id );
$event = mc_get_first_event( $event_id );
- $content = '<p><strong>' . strip_tags( $event->event_title, mc_strip_tags() ) . '</strong><br />' . $event->event_begin . ' @ ' . $event->event_time . '</p>';
+ ?>
+ <p>
+ <strong><?php echo esc_html( strip_tags( $event->event_title, mc_strip_tags() ) ); ?></strong><br />
+ <?php echo esc_html( $event->event_begin ); ?> @ <?php echo esc_html( $event->event_time ); ?>
+ </p>
+ <?php
if ( ! mc_is_recurring( $event ) ) {
- $recur = mc_event_recur_string( $event, $event->event_begin );
- $content .= wpautop( $recur );
+ $recur = mc_event_recur_string( $event, $event->event_begin );
+ ?>
+ <p><?php echo esc_html( $recur ); ?></p>
+ <?php
}
$elabel = '';
if ( property_exists( $event, 'location' ) && is_object( $event->location ) ) {
$elabel = $event->location->location_label;
}
if ( '' !== $elabel ) {
- // Translators: Name of event location.
- $content .= '<p>' . sprintf( __( '<strong>Location:</strong> %s', 'my-calendar' ), strip_tags( $elabel, mc_strip_tags() ) ) . '</p>';
+ ?>
+ <p>
+ <strong><?php esc_html_e( 'Location:', 'my-calendar' ); ?></strong><?php echo esc_html( strip_tags( $elabel, mc_strip_tags() ) ); ?>
+ </p>
+ <?php
}
- // Translators: Event URL.
- $content .= '<p>' . sprintf( __( '<a href="%s">Edit event</a>.', 'my-calendar' ), $url ) . '</p>';
-
- echo $content;
+ ?>
+ <p><a href="<?php echo esc_url( $url ); ?>"><?php esc_html_e( 'Edit event', 'my-calendar' ); ?></a></p>';
+ <?php
}
}
diff --git a/mc_custom_sidebar_panels.html b/mc_custom_sidebar_panels.html
index eec1d272..3aa7a465 100644
--- a/mc_custom_sidebar_panels.html
+++ b/mc_custom_sidebar_panels.html
@@ -134,7 +134,7 @@ Parameters:
Source:
diff --git a/mc_custom_user_select.html b/mc_custom_user_select.html
index f1c56d71..fa4672bf 100644
--- a/mc_custom_user_select.html
+++ b/mc_custom_user_select.html
@@ -206,7 +206,7 @@ Parameters:
Source:
diff --git a/mc_debug.html b/mc_debug.html
index 3b41514e..53a4009d 100644
--- a/mc_debug.html
+++ b/mc_debug.html
@@ -157,7 +157,7 @@ Parameters:
Source:
diff --git a/mc_filter_%7Btype%7D.html b/mc_filter_%7Btype%7D.html
index bbe5724f..2402c76b 100644
--- a/mc_filter_%7Btype%7D.html
+++ b/mc_filter_%7Btype%7D.html
@@ -160,7 +160,7 @@ Parameters:
Source:
diff --git a/mcs_submission_permissions.html b/mcs_submission_permissions.html
index b355bd0c..dbfd8d97 100644
--- a/mcs_submission_permissions.html
+++ b/mcs_submission_permissions.html
@@ -134,7 +134,7 @@ Parameters:
Source:
diff --git a/my-calendar-event-editor.php.html b/my-calendar-event-editor.php.html
index 6f8f7d25..8d2dfe60 100644
--- a/my-calendar-event-editor.php.html
+++ b/my-calendar-event-editor.php.html
@@ -1174,7 +1174,7 @@
} else {
echo '
<div class="event_description">
- <label for="content">' . __( 'Event Description', 'my-calendar' ) . '</label>';
+ <label for="content">' . esc_html__( 'Event Description', 'my-calendar' ) . '</label>';
if ( user_can_richedit() ) {
wp_editor( $value, 'content', array( 'textarea_rows' => 20 ) );
} else {
@@ -1439,7 +1439,7 @@
*/
$return = apply_filters( 'mc_show_block', $return, $data, $field, $has_data );
if ( true === $display ) {
- echo $return;
+ echo wp_kses( $return, mc_kses_elements() );
}
return $return;
@@ -1535,14 +1535,14 @@
*
* @return {string}
*/
- echo apply_filters( 'mc_before_event_form', '', $event_id );
+ echo wp_kses( apply_filters( 'mc_before_event_form', '', $event_id ), mc_kses_elements() );
$action = add_query_arg( $query_args, admin_url( 'admin.php?page=my-calendar' ) );
$group_id = ( ! empty( $data->event_group_id ) && 'copy' !== $mode ) ? $data->event_group_id : mc_group_id();
$event_author = ( 'edit' !== $mode ) ? $user_ID : $data->event_author;
?>
<form id="my-calendar" method="post" action="<?php echo esc_url( $action ); ?>">
<div>
- <input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-nonce' ); ?>" />
+ <input type="hidden" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( 'my-calendar-nonce' ) ); ?>" />
<?php
if ( isset( $_GET['ref'] ) ) {
echo '<input type="hidden" name="ref" value="' . esc_url( $_GET['ref'] ) . '" />';
@@ -1569,7 +1569,7 @@
$post_id = false;
}
?>
- <input type="hidden" name="event_nonce_name" value="<?php echo wp_create_nonce( 'event_nonce' ); ?>" />
+ <input type="hidden" name="event_nonce_name" value="<?php echo esc_attr( wp_create_nonce( 'event_nonce' ) ); ?>" />
</div>
<div class="ui-sortable meta-box-sortables event-primary">
@@ -1597,7 +1597,7 @@
mc_show_notice( $notice, true, false, 'warning' );
}
}
- echo mc_controls( $mode, $has_data, $data );
+ echo wp_kses( mc_controls( $mode, $has_data, $data ), mc_kses_elements() );
?>
</div>
<?php
@@ -1618,7 +1618,7 @@
<legend class="screen-reader-text"><?php esc_html_e( 'Event', 'my-calendar' ); ?></legend>
<p>
<label for="e_title"><?php esc_html_e( 'Event Title', 'my-calendar' ); ?></label><br/>
- <input type="text" id="e_title" name="event_title" size="50" maxlength="255" value="<?php echo ( $has_data ) ? stripslashes( esc_attr( $data->event_title ) ) : ''; ?>" />
+ <input type="text" id="e_title" name="event_title" size="50" maxlength="255" value="<?php echo ( $has_data ) ? esc_attr( wp_unslash( $data->event_title ) ) : ''; ?>" />
</p>
<?php
if ( is_object( $data ) && 1 === (int) $data->event_flagged ) {
@@ -1697,13 +1697,13 @@
*
* @return {string}
*/
- echo apply_filters( 'mc_datetime_inputs', '', $has_data, $data, 'admin' );
+ echo wp_kses( apply_filters( 'mc_datetime_inputs', '', $has_data, $data, 'admin' ), mc_kses_elements() );
if ( 'edit' !== $mode ) {
- $span_checked = '';
+ $span_checked = false;
if ( $has_data && '1' === $data->event_span ) {
- $span_checked = ' checked="checked"';
+ $span_checked = true;
} elseif ( $has_data && '0' === $data->event_span ) {
- $span_checked = '';
+ $span_checked = false;
}
?>
<p class="event_span">
@@ -1715,7 +1715,7 @@
<legend>
<?php
// Translators: placeholder for number of occurrences added.
- printf( __( 'Event Copy %1$s', 'my-calendar' ), '<span class="number_of">2</span>' );
+ printf( esc_html__( 'Event Copy %1$s', 'my-calendar' ), '<span class="number_of">2</span>' );
?>
</legend>
<?php
@@ -1728,7 +1728,7 @@
</li>
</ol>
<p class="event_span checkboxes">
- <input type="checkbox" value="1" id="e_span" name="event_span"<?php echo $span_checked; ?> />
+ <input type="checkbox" value="1" id="e_span" name="event_span"<?php checked( $span_checked, true ); ?> />
<label for="e_span"><?php esc_html_e( 'These are one multi-day event.', 'my-calendar' ); ?></label>
</p>
<?php
@@ -1792,7 +1792,7 @@
<div class="postbox">
<h2><?php esc_html_e( 'Event Custom Fields', 'my-calendar' ); ?></h2>
<div class="inside">
- <?php echo $custom_fields; ?>
+ <?php echo wp_kses( $custom_fields, mc_kses_elements() ); ?>
</div>
</div>
</div>
@@ -1809,7 +1809,7 @@
<fieldset class="locations">
<legend class='screen-reader-text'><?php esc_html_e( 'Event Location', 'my-calendar' ); ?></legend>
<?php
- echo mc_event_location_dropdown_block( $data );
+ echo wp_kses( mc_event_location_dropdown_block( $data ), mc_kses_elements() );
mc_show_block( 'event_location', $has_data, $data );
?>
</fieldset>
@@ -1825,7 +1825,7 @@
<div class="postbox">
<div class="inside">
<div class='mc-controls footer'>
- <?php echo mc_controls( $mode, $has_data, $data, 'footer' ); ?>
+ <?php echo wp_kses( mc_controls( $mode, $has_data, $data, 'footer' ), mc_kses_elements() ); ?>
</div>
</div>
</div>
@@ -2919,7 +2919,7 @@
* @param string $context rendering context [not used].
*/
function mc_repeatable_datetime_input( $form, $has_data, $data, $context = 'admin' ) {
- echo mc_get_repeatable_datetime_input( $form, $has_data, $data, $context = 'admin' );
+ echo wp_kses( mc_get_repeatable_datetime_input( $form, $has_data, $data, $context = 'admin' ), mc_kses_elements() );
}
/**
diff --git a/my-calendar.php.html b/my-calendar.php.html
index b36790d6..54f5a702 100644
--- a/my-calendar.php.html
+++ b/my-calendar.php.html
@@ -42,7 +42,6 @@
* Text Domain: my-calendar
* License: GPL-2.0+
* License URI: http://www.gnu.org/license/gpl-2.0.txt
- * Domain Path: lang
* Version: 3.5.21
*/
@@ -163,7 +162,7 @@
}
require __DIR__ . '/vendor/autoload.php';
-require __DIR__ . '/action-scheduler/action-scheduler.php';
+require __DIR__ . '/vendor/action-scheduler/action-scheduler.php';
require __DIR__ . '/includes/date-utilities.php';
require __DIR__ . '/includes/general-utilities.php';
require __DIR__ . '/includes/event-utilities.php';