• Resolved Ov3rfly

    (@ov3rfly)


    Bug in security fix in function column_edit_hidden_fields() in 5.9.0 causes incomplete/invalid output of hidden field HTML and also causes PHP warning:

    PHP Warning:  Undefined variable $html in .../wp-content/plugins/event-post/eventpost.php on line 2941

    Current code:

    function column_edit_hidden_fields($post_id, $set){
    	$event = $this->retreive($post_id);
    	$html .= '<div class="hidden">';
    	if ($event != false){
    		foreach($this->quick_edit_fields[$set] as $fieldname=>$fieldlabel){
    			$html ='<span class="inline-edit-value '.$fieldname.'">'.esc_attr($event->$fieldname).'</span>';
    		}
    		$html = '</div>';
    	}
    	echo wp_kses($html, $this->kses_tags);
    }
    

    Suggested fix, all three lines with $html are affected:

    function column_edit_hidden_fields($post_id, $set){
    	$event = $this->retreive($post_id);
    	$html = '<div class="hidden">';
    	if ($event != false){
    		foreach($this->quick_edit_fields[$set] as $fieldname=>$fieldlabel){
    			$html .= '<span class="inline-edit-value '.$fieldname.'">'.esc_attr($event->$fieldname).'</span>';
    		}
    	}
    	$html .= '</div>';
    	echo wp_kses($html, $this->kses_tags);
    }
    

    Event post 5.9.2, WordPress 6.4.3, PHP 8.1.x

Viewing 1 replies (of 1 total)
  • Thread Starter Ov3rfly

    (@ov3rfly)

    Bug has obviously been fixed with Event post 5.9.3

Viewing 1 replies (of 1 total)
  • The topic ‘Bug in security fix in function column_edit_hidden_fields’ is closed to new replies.