Merge branch 'dev'

WPChill · Mar 23, 2022 · 5dc3b8a · 5dc3b8a
2 parents a872b0b + 5d052d3
commit 5dc3b8a
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 15 deletions.
diff --git a/includes/class-rsvp-admin.php b/includes/class-rsvp-admin.php
@@ -101,7 +101,7 @@ public function submenu_pages() {
 				'RSVP Export',
 				'RSVP Export',
 				'publish_posts',
-				'rsvp-admin-export',
+				'rsvp-admin-export/' . wp_create_nonce( 'rsvp-export-attendees' ),
 				array( $rsvp_helper, 'rsvp_admin_export' )
 			);
 			add_submenu_page(
@@ -249,7 +249,7 @@ public function rsvp_admin_guest() {
 					$attendeeId = $wpdb->insert_id;
 				}
 				if ( isset( $_POST['associatedAttendees'] ) && is_array( $_POST['associatedAttendees'] ) ) {
-					foreach ( array_map( 'sanitize_text_field', array_map( 'wp_unslash', $_POST['associatedAttendees'] ) ) as $aid ) {
+					foreach ( array_map( 'sanitize_text_field', array_map( 'wp_unslash', $_POST['associatedAttendees'] ) ) as $aid ) { //phpcs:ignore
 						if ( is_numeric( $aid ) && ( $aid > 0 ) ) {
 							$wpdb->insert(
 								ASSOCIATED_ATTENDEES_TABLE,

diff --git a/includes/class-rsvp-helper.php b/includes/class-rsvp-helper.php
@@ -28,7 +28,7 @@ function __construct() {
 		add_action( 'admin_init', array( $this, 'bulk_delete_attendees' ) );
 		add_action( 'admin_init', array( $this, 'bulk_delete_questions' ) );
 
-		add_action( 'init', array( $this, 'rsvp_admin_export' ) );
+		add_action( 'admin_init', array( $this, 'rsvp_admin_export' ) );
 
 	}
 
@@ -209,8 +209,13 @@ public function get_custom_questions() {
 	 */
 	public function rsvp_admin_export() {
 
-		if ( ( isset( $_GET['page'] ) && ( strToLower( sanitize_text_field( wp_unslash( $_GET['page'] ) ) ) == 'rsvp-admin-export' ) ) ||
-			 ( isset( $_POST['rsvp-bulk-action'] ) && ( 'export' === strToLower( sanitize_text_field( wp_unslash( $_POST['rsvp-bulk-action'] ) ) ) ) ) ) {
+		if ( isset( $_GET['page'] ) ) {
+
+			$page = explode( '/', strToLower( sanitize_text_field( wp_unslash( $_GET['page'] ) ) ) );
+
+			if ( 'rsvp-admin-export' !== $page[0] || ! wp_verify_nonce( $page[1], 'rsvp-export-attendees' ) ) {
+				return;
+			}
 
 			global $wpdb;
 
@@ -677,9 +682,9 @@ public function update_questions_order() {
 	public function bulk_delete_attendees() {
 
 		if( isset( $_GET['rsvp-bulk-action'] ) && -1 != $_GET['rsvp-bulk-action'] ){
-			$rsvp_bulk_action = $_GET['rsvp-bulk-action'];
+			$rsvp_bulk_action = sanitize_text_field( wp_unslash( $_GET['rsvp-bulk-action'] ) );
 		}elseif( isset( $_GET['rsvp-bulk-action2'] ) && -1 != $_GET['rsvp-bulk-action2'] ){
-			$rsvp_bulk_action = $_GET['rsvp-bulk-action2'];
+			$rsvp_bulk_action = sanitize_text_field( wp_unslash($_GET['rsvp-bulk-action2'] ) );
 		}else{
 			$rsvp_bulk_action = false;
 		}
@@ -711,9 +716,9 @@ public function bulk_delete_attendees() {
 	public function bulk_delete_questions() {
 
 		if( isset( $_GET['rsvp-bulk-action'] ) && -1 != $_GET['rsvp-bulk-action'] ){
-			$rsvp_bulk_action = $_GET['rsvp-bulk-action'];
+			sanitize_text_field( wp_unslash( $rsvp_bulk_action = $_GET['rsvp-bulk-action'] ) );
 		}elseif( isset( $_GET['rsvp-bulk-action2'] ) && -1 != $_GET['rsvp-bulk-action2'] ){
-			$rsvp_bulk_action = $_GET['rsvp-bulk-action2'];
+			sanitize_text_field( wp_unslash( $rsvp_bulk_action = $_GET['rsvp-bulk-action2'] ) );
 		}else{
 			$rsvp_bulk_action = false;
 		}

diff --git a/languages/rsvp.pot b/languages/rsvp.pot
@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv3.
 msgid ""
 msgstr ""
-"Project-Id-Version: RSVP 2.7.6\n"
+"Project-Id-Version: RSVP 2.7.7\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/rsvp\n"
 "POT-Creation-Date: 2022-01-12 12:04:13+00:00\n"
 "MIME-Version: 1.0\n"

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "rsvp",
   "main": "Gruntfile.js",
-  "version": "2.7.6,
+  "version": "2.7.7,
   "author": "WPChill",
   "license": "GPL v3",
   "repository": "https://github.com/WPChill/rsvp",

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Tags: rsvp, event, event management, attendee management, event planning, weddin
 Requires at least: 5.6
 Tested up to: 5.9
 Requires PHP: 5.6
-Stable tag: 2.7.6
+Stable tag: 2.7.7
 License: GPLv3 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -93,6 +93,10 @@ For example if you have a page that is /rsvp for domain example.com your URL mig
 
 == Changelog ==
 
+= 2.7.7 - 23.03.2022 =
+* Fixed: Security exploit
+* Fixed: Sanitizations
+
 = 2.7.6 - 21.03.2022 =
 * Fixed: Sorting attendees no longer logs out the user (https://github.com/WPChill/rsvp/issues/76)
 * Changed: Moved upsell in "Events" page under the table. (https://github.com/WPChill/rsvp/issues/55)

diff --git a/wp-rsvp.php b/wp-rsvp.php
@@ -2,13 +2,13 @@
 /**
  * @package rsvp
  * @author WPChill
- * @version 2.7.6
+ * @version 2.7.7
  * Plugin Name: RSVP
  * Text Domain: rsvp-plugin
  * Plugin URI: http://wordpress.org/extend/plugins/rsvp/
  * Description: This plugin allows guests to RSVP to an event.  It was made initially for weddings but could be used for other things.
  * Author: WPChill
- * Version: 2.7.6
+ * Version: 2.7.7
  * Author URI: https://wpchill.com
  * License: GPLv3
  * Copyright 2010-2020      Mike de Libero      [email protected]