Changes in custom-field-suite/trunk [3042177:3080330]
- Location:
- custom-field-suite/trunk
- Files:
-
- 4 edited
-
cfs.php (modified) (2 diffs)
-
includes/form.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
-
templates/field_html.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
custom-field-suite/trunk/cfs.php
r3042177 r3080330 3 3 Plugin Name: Custom Field Suite 4 4 Description: Visually add custom fields to your WordPress edit pages. 5 Version: 2.6. 55 Version: 2.6.6 6 6 Author: Matt Gibbs 7 7 Text Domain: cfs … … 22 22 23 23 // setup variables 24 define( 'CFS_VERSION', '2.6. 5' );24 define( 'CFS_VERSION', '2.6.6' ); 25 25 define( 'CFS_DIR', dirname( __FILE__ ) ); 26 26 define( 'CFS_URL', plugins_url( '', __FILE__ ) ); -
custom-field-suite/trunk/includes/form.php
r3042177 r3080330 377 377 echo '</div>'; 378 378 } 379 echo '<div class="cfs-tab-content cfs-tab-content-' . $field->name. '">';379 echo '<div class="cfs-tab-content cfs-tab-content-' . esc_attr( $field->name ) . '">'; 380 380 381 381 if ( ! empty( $field->notes ) ) { … … 386 386 ?> 387 387 388 <div class="field field-<?php echo $field->name; ?>" data-type="<?php echo $field->type; ?>" data-name="<?php echo $field->name; ?>"">388 <div class="field field-<?php echo esc_attr( $field->name ); ?>" data-type="<?php echo esc_attr( $field->type ); ?>" data-name="<?php echo esc_attr( $field->name ); ?>""> 389 389 <?php if ( 'loop' == $field->type ) : ?> 390 390 <a href="javascript:;" class="cfs_loop_toggle" title="<?php esc_html_e( 'Toggle row visibility', 'cfs' ); ?>"></a> … … 399 399 <?php endif; ?> 400 400 401 <div class="cfs_<?php echo $field->type; ?>">401 <div class="cfs_<?php echo esc_attr( $field->type ); ?>"> 402 402 403 403 <?php -
custom-field-suite/trunk/readme.txt
r3042177 r3080330 3 3 Tags: custom fields, fields, postmeta, relationship, repeater, file upload 4 4 Requires at least: 5.0 5 Tested up to: 6. 4.35 Tested up to: 6.5.2 6 6 Stable tag: trunk 7 7 License: GPLv2 … … 47 47 == Changelog == 48 48 49 = 2.6.6 = 50 * Even more sanitization (props wp.org team) 51 49 52 = 2.6.5 = 50 53 * Extra sanitization to prevent XSS via admin-imported field groups (props WordFence) -
custom-field-suite/trunk/templates/field_html.php
r3042177 r3080330 33 33 </div> 34 34 </label> 35 <input type="text" name="cfs[fields][<?php echo $field->weight; ?>][label]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->label ); ?>" />35 <input type="text" name="cfs[fields][<?php echo (int) $field->weight; ?>][label]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->label ); ?>" /> 36 36 </td> 37 37 <td class="field_name"> … … 44 44 </div> 45 45 </label> 46 <input type="text" name="cfs[fields][<?php echo $field->weight; ?>][name]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->name ); ?>" />46 <input type="text" name="cfs[fields][<?php echo (int) $field->weight; ?>][name]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->name ); ?>" /> 47 47 </td> 48 48 <td class="field_type"> 49 49 <label><?php _e( 'Field Type', 'cfs' ); ?></label> 50 <select name="cfs[fields][<?php echo $field->weight; ?>][type]">50 <select name="cfs[fields][<?php echo (int) $field->weight; ?>][type]"> 51 51 <?php foreach ( CFS()->fields as $type ) : ?> 52 52 <?php $selected = ($type->name == $field->type) ? ' selected' : ''; ?> 53 <option value="<?php echo $type->name; ?>"<?php echo $selected; ?>><?php echo $type->label; ?></option>53 <option value="<?php echo esc_attr( $type->name ); ?>"<?php echo $selected; ?>><?php echo esc_html( $type->label ); ?></option> 54 54 <?php endforeach; ?> 55 55 </select> … … 60 60 </tr> 61 61 62 <?php CFS()->fields[ $field->type ]->options_html( $field->weight, $field ); ?>62 <?php CFS()->fields[ $field->type ]->options_html( (int) $field->weight, $field ); ?> 63 63 64 64 <tr class="field_notes"> … … 72 72 </td> 73 73 <td> 74 <textarea name="cfs[fields][<?php echo $field->weight; ?>][notes]"><?php echo esc_textarea( $field->notes ); ?></textarea>74 <textarea name="cfs[fields][<?php echo (int) $field->weight; ?>][notes]"><?php echo esc_textarea( $field->notes ); ?></textarea> 75 75 </td> 76 76 </tr>
Note: See TracChangeset
for help on using the changeset viewer.