Plugin Directory


Ignore:
Location:
custom-field-suite/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • custom-field-suite/trunk/cfs.php

    r3042177 r3080330  
    33Plugin Name: Custom Field Suite
    44Description: Visually add custom fields to your WordPress edit pages.
    5 Version: 2.6.5
     5Version: 2.6.6
    66Author: Matt Gibbs
    77Text Domain: cfs
     
    2222
    2323        // setup variables
    24         define( 'CFS_VERSION', '2.6.5' );
     24        define( 'CFS_VERSION', '2.6.6' );
    2525        define( 'CFS_DIR', dirname( __FILE__ ) );
    2626        define( 'CFS_URL', plugins_url( '', __FILE__ ) );
  • custom-field-suite/trunk/includes/form.php

    r3042177 r3080330  
    377377                        echo '</div>';
    378378                    }
    379                     echo '<div class="cfs-tab-content cfs-tab-content-' . $field->name . '">';
     379                    echo '<div class="cfs-tab-content cfs-tab-content-' . esc_attr( $field->name ) . '">';
    380380
    381381                    if ( ! empty( $field->notes ) ) {
     
    386386    ?>
    387387
    388         <div class="field field-<?php echo $field->name; ?>" data-type="<?php echo $field->type; ?>" data-name="<?php echo $field->name; ?>"">
     388        <div class="field field-<?php echo esc_attr( $field->name ); ?>" data-type="<?php echo esc_attr( $field->type ); ?>" data-name="<?php echo esc_attr( $field->name ); ?>"">
    389389            <?php if ( 'loop' == $field->type ) : ?>
    390390            <a href="javascript:;" class="cfs_loop_toggle" title="<?php esc_html_e( 'Toggle row visibility', 'cfs' ); ?>"></a>
     
    399399            <?php endif; ?>
    400400
    401             <div class="cfs_<?php echo $field->type; ?>">
     401            <div class="cfs_<?php echo esc_attr( $field->type ); ?>">
    402402
    403403    <?php
  • custom-field-suite/trunk/readme.txt

    r3042177 r3080330  
    33Tags: custom fields, fields, postmeta, relationship, repeater, file upload
    44Requires at least: 5.0
    5 Tested up to: 6.4.3
     5Tested up to: 6.5.2
    66Stable tag: trunk
    77License: GPLv2
     
    4747== Changelog ==
    4848
     49= 2.6.6 =
     50* Even more sanitization (props wp.org team)
     51
    4952= 2.6.5 =
    5053* Extra sanitization to prevent XSS via admin-imported field groups (props WordFence)
  • custom-field-suite/trunk/templates/field_html.php

    r3042177 r3080330  
    3333                                        </div>
    3434                                    </label>
    35                                     <input type="text" name="cfs[fields][<?php echo $field->weight; ?>][label]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->label ); ?>" />
     35                                    <input type="text" name="cfs[fields][<?php echo (int) $field->weight; ?>][label]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->label ); ?>" />
    3636                                </td>
    3737                                <td class="field_name">
     
    4444                                        </div>
    4545                                    </label>
    46                                     <input type="text" name="cfs[fields][<?php echo $field->weight; ?>][name]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->name ); ?>" />
     46                                    <input type="text" name="cfs[fields][<?php echo (int) $field->weight; ?>][name]" value="<?php echo empty( $field->id ) ? '' : esc_attr( $field->name ); ?>" />
    4747                                </td>
    4848                                <td class="field_type">
    4949                                    <label><?php _e( 'Field Type', 'cfs' ); ?></label>
    50                                     <select name="cfs[fields][<?php echo $field->weight; ?>][type]">
     50                                    <select name="cfs[fields][<?php echo (int) $field->weight; ?>][type]">
    5151                                        <?php foreach ( CFS()->fields as $type ) : ?>
    5252                                        <?php $selected = ($type->name == $field->type) ? ' selected' : ''; ?>
    53                                         <option value="<?php echo $type->name; ?>"<?php echo $selected; ?>><?php echo $type->label; ?></option>
     53                                        <option value="<?php echo esc_attr( $type->name ); ?>"<?php echo $selected; ?>><?php echo esc_html( $type->label ); ?></option>
    5454                                        <?php endforeach; ?>
    5555                                    </select>
     
    6060                </tr>
    6161
    62                 <?php CFS()->fields[ $field->type ]->options_html( $field->weight, $field ); ?>
     62                <?php CFS()->fields[ $field->type ]->options_html( (int) $field->weight, $field ); ?>
    6363
    6464                <tr class="field_notes">
     
    7272                    </td>
    7373                    <td>
    74                         <textarea name="cfs[fields][<?php echo $field->weight; ?>][notes]"><?php echo esc_textarea( $field->notes ); ?></textarea>
     74                        <textarea name="cfs[fields][<?php echo (int) $field->weight; ?>][notes]"><?php echo esc_textarea( $field->notes ); ?></textarea>
    7575                    </td>
    7676                </tr>
Note: See TracChangeset for help on using the changeset viewer.