deploy: c65a1ba

joedolson · Jan 6, 2025 · f14cf05 · f14cf05
1 parent 5ee842d
commit f14cf05
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 22 deletions.
diff --git a/includes_general-utilities.php.html b/includes_general-utilities.php.html
@@ -343,9 +343,9 @@
 		return true; // If this is not a valid URL, consider it to be external.
 	}
 
-	$url   = parse_url( $link );
+	$url   = wp_parse_url( $link );
 	$host  = $url['host'];
-	$site  = parse_url( get_option( 'siteurl' ) );
+	$site  = wp_parse_url( get_option( 'siteurl' ) );
 	$known = $site['host'];
 
 	if ( false === strpos( $host, $known ) ) {

diff --git a/mc_filter_api_args.html b/mc_filter_api_args.html
@@ -157,7 +157,7 @@ <h5>Parameters:</h5>
 
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line66">line 66</a>
+        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line65">line 65</a>
     </li></ul></dd>
 
 

diff --git a/mc_ical_attributes.html b/mc_ical_attributes.html
@@ -157,7 +157,7 @@ <h5>Parameters:</h5>
 
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line315">line 315</a>
+        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line314">line 314</a>
     </li></ul></dd>
 
 

diff --git a/mc_ical_download_from.html b/mc_ical_download_from.html
@@ -157,7 +157,7 @@ <h5>Parameters:</h5>
 
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line279">line 279</a>
+        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line278">line 278</a>
     </li></ul></dd>
 
 

diff --git a/mc_ical_download_to.html b/mc_ical_download_to.html
@@ -157,7 +157,7 @@ <h5>Parameters:</h5>
 
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line290">line 290</a>
+        <a href="my-calendar-api.php.html">my-calendar-api.php</a>, <a href="my-calendar-api.php.html#line289">line 289</a>
     </li></ul></dd>
 
 

diff --git a/my-calendar-api.php.html b/my-calendar-api.php.html
@@ -56,9 +56,9 @@
 			 */
 			$api_key = apply_filters( 'mc_api_key', true );
 			if ( $api_key ) {
-				$format = ( isset( $_REQUEST['my-calendar-api'] ) ) ? $_REQUEST['my-calendar-api'] : 'json';
-				$format = ( isset( $_REQUEST['mc-api'] ) ) ? $_REQUEST['mc-api'] : $format;
-				$from   = ( isset( $_REQUEST['from'] ) ) ? $_REQUEST['from'] : current_time( 'Y-m-d' );
+				$format = ( isset( $_REQUEST['my-calendar-api'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['my-calendar-api'] ) ) : 'json';
+				$format = ( isset( $_REQUEST['mc-api'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['mc-api'] ) ) : $format;
+				$from   = ( isset( $_REQUEST['from'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['from'] ) ): current_time( 'Y-m-d' );
 				$range  = '+ 7 days';
 				/**
 				 * Default date for API 'to' parameter. Default '+ 7 days'.
@@ -69,15 +69,14 @@
 				 *
 				 * @return {string}
 				 */
-				$adjust = apply_filters( 'mc_api_auto_date', $range );
-				$to     = ( isset( $_REQUEST['to'] ) ) ? $_REQUEST['to'] : mc_date( 'Y-m-d', strtotime( $adjust ) );
-				// sanitization is handled elsewhere.
-				$category = ( isset( $_REQUEST['mcat'] ) ) ? $_REQUEST['mcat'] : '';
-				$ltype    = ( isset( $_REQUEST['ltype'] ) ) ? $_REQUEST['ltype'] : '';
-				$lvalue   = ( isset( $_REQUEST['lvalue'] ) ) ? $_REQUEST['lvalue'] : '';
-				$author   = ( isset( $_REQUEST['author'] ) ) ? $_REQUEST['author'] : '';
-				$host     = ( isset( $_REQUEST['host'] ) ) ? $_REQUEST['host'] : '';
-				$search   = ( isset( $_REQUEST['search'] ) ) ? $_REQUEST['search'] : '';
+				$adjust   = apply_filters( 'mc_api_auto_date', $range );
+				$to       = ( isset( $_REQUEST['to'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['to'] ) ) : mc_date( 'Y-m-d', strtotime( $adjust ) );
+				$category = ( isset( $_REQUEST['mcat'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['mcat'] ) ) : '';
+				$ltype    = ( isset( $_REQUEST['ltype'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['ltype'] ) ) : '';
+				$lvalue   = ( isset( $_REQUEST['lvalue'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['lvalue'] ) ) : '';
+				$author   = ( isset( $_REQUEST['author'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['author'] ) ) : '';
+				$host     = ( isset( $_REQUEST['host'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['host'] ) ) : '';
+				$search   = ( isset( $_REQUEST['search'] ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['search'] ) ) : '';
 				$args     = array(
 					'from'     => $from,
 					'to'       => $to,
@@ -99,7 +98,7 @@
 				 *
 				 * @return {array}
 				 */
-				$args   = apply_filters( 'mc_filter_api_args', $args, map_deep( $_REQUEST, 'sanitize_text_field' ) );
+				$args   = apply_filters( 'mc_filter_api_args', $args, map_deep( wp_unslash( $_REQUEST ), 'sanitize_text_field' ) );
 				$data   = my_calendar_events( $args );
 				$output = mc_format_api( $data, $format );
 				echo wp_kses_post( $output );

diff --git a/my-calendar-settings.php.html b/my-calendar-settings.php.html
@@ -411,7 +411,7 @@
 	$options['display_card']   = array_map( 'sanitize_text_field', $card );
 	$options['display_mini']   = array_map( 'sanitize_text_field', $mini );
 	$options['views']          = array_map( 'sanitize_text_field', $views );
-	$options['gmap_api_key']   = ( ! empty( $post['mc_gmap_api_key'] ) ) ? strip_tags( $post['mc_gmap_api_key'] ) : '';
+	$options['gmap_api_key']   = ( ! empty( $post['mc_gmap_api_key'] ) ) ? wp_strip_all_tags( $post['mc_gmap_api_key'] ) : '';
 	$options['show_weekends']  = ( ! empty( $post['mc_show_weekends'] ) &amp;&amp; 'on' === $post['mc_show_weekends'] ) ? 'true' : 'false';
 	$options['convert']        = ( ! empty( $post['mc_convert'] ) ) ? $post['mc_convert'] : 'false';
 
@@ -466,7 +466,7 @@
 		// If POST is set, change the sanitizing for settings in this group.
 		$post[ $key ] = isset( $_POST[ $key ] ) ? wp_kses_post( $_POST[ $key ] ) : $value;
 	}
-	$options['heading_text']        = isset( $_POST['mc_heading_text'] ) ? wp_kses_post( $_POST['mc_heading_text'] ) : $post['mc_heading_text'];
+	$options['heading_text']        = isset( $_POST['mc_heading_text'] ) ? wp_kses_post( wp_unslash( $_POST['mc_heading_text'] ) ) : $post['mc_heading_text'];
 	$options['notime_text']         = $post['mc_notime_text'];
 	$options['hosted_by']           = $post['mc_hosted_by'];
 	$options['posted_by']           = $post['mc_posted_by'];
@@ -505,7 +505,7 @@
 	$options['event_mail_to']      = $post['mc_event_mail_to'];
 	$options['event_mail_from']    = $post['mc_event_mail_from'];
 	$options['event_mail_subject'] = $post['mc_event_mail_subject'];
-	$options['event_mail_message'] = ( 'true' === $options['html_email'] &amp;&amp; isset( $_POST['mc_event_mail_message'] ) ) ? wp_kses_post( $_POST['mc_event_mail_message'] ) : $post['mc_event_mail_message'];
+	$options['event_mail_message'] = ( 'true' === $options['html_email'] &amp;&amp; isset( wp_unslash( $_POST['mc_event_mail_message'] ) ) ) ? wp_kses_post( $_POST['mc_event_mail_message'] ) : $post['mc_event_mail_message'];
 	$options['event_mail_bcc']     = $post['mc_event_mail_bcc'];
 
 	mc_update_options( $options );