diff --git a/google-calendar-events.php b/google-calendar-events.php index ab61cce5..612db956 100644 --- a/google-calendar-events.php +++ b/google-calendar-events.php @@ -23,7 +23,7 @@ $this_plugin_constants = [ 'SIMPLE_CALENDAR_VERSION' => 'PACKAGE_VERSION', 'SIMPLE_CALENDAR_FULLCALENDAR_VERSION' => '1.2.2', - 'SIMPLE_CALENDAR_GOOGLE_CALENDAR_PRO_VERSION' => '1.1.3', + 'SIMPLE_CALENDAR_GOOGLE_CALENDAR_PRO_VERSION' => '1.2.0', 'SIMPLE_CALENDAR_MAIN_FILE' => __FILE__, 'SIMPLE_CALENDAR_URL' => $this_plugin_dir, 'SIMPLE_CALENDAR_ASSETS' => $this_plugin_dir . 'assets/', diff --git a/includes/feeds/admin/google-admin.php b/includes/feeds/admin/google-admin.php index 75a702db..413a9c03 100644 --- a/includes/feeds/admin/google-admin.php +++ b/includes/feeds/admin/google-admin.php @@ -381,7 +381,9 @@ public function test_api_key_connection($google_calendar_id) */ public function process_meta($post_id) { - $calendar_id = isset($_POST['_google_calendar_id']) ? base64_encode(trim($_POST['_google_calendar_id'])) : ''; + $calendar_id = isset($_POST['_google_calendar_id']) + ? base64_encode(sanitize_text_field($_POST['_google_calendar_id'])) + : ''; update_post_meta($post_id, '_google_calendar_id', $calendar_id); $search_query = isset($_POST['_google_events_search_query']) @@ -392,7 +394,10 @@ public function process_meta($post_id) $recurring = isset($_POST['_google_events_recurring']) ? sanitize_key($_POST['_google_events_recurring']) : 'show'; update_post_meta($post_id, '_google_events_recurring', $recurring); - $max_results = isset($_POST['_google_events_max_results']) ? absint($_POST['_google_events_max_results']) : '2500'; + $max_results_sanitize = isset($_POST['_google_events_max_results']) + ? sanitize_text_field($_POST['_google_events_max_results']) + : '2500'; + $max_results = absint($max_results_sanitize); update_post_meta($post_id, '_google_events_max_results', $max_results); $this->test_api_key_connection($calendar_id); diff --git a/package.json b/package.json index d0f3a540..543ffe6c 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "google-calendar-events", "title": "Simple Calendar", "description": "Add Google Calendar events to your WordPress site.", - "version": "3.2.6", + "version": "3.2.7", "license": "GPLv2+", "homepage": "https://simplecalendar.io", "repository": { diff --git a/readme.txt b/readme.txt index ab04d2a7..076e6539 100644 --- a/readme.txt +++ b/readme.txt @@ -97,6 +97,9 @@ We'd love your help! Here's a few things you can do: == Changelog == += 3.2.7 = +* Fix: Cross Site Scripting (XSS) vulnerability. + = 3.2.6 = * Fix: CSRF vulnerability for bulk actions. * Dev: Update dependencies Carbon, Dayjs and TailwindCSS.