Merge branch 'release/2.5.6'

BracketSpaceWorker · BracketSpaceWorker · commit bb0caa7777b1 · 2024-06-01T19:05:20.000Z
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,7 @@
+# Directories
+/.wordpress-org export-ignore
+/.github export-ignore
+
+# Files
+/.gitattributes export-ignore
+/.gitignore export-ignore
diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml
@@ -136,6 +136,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: pack
     steps:
+      - name: Checkout
+        uses: actions/checkout@v2
       - name: Setup variables
         id: vars
         run: |
diff --git a/advanced-cron-manager.php b/advanced-cron-manager.php
@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Advanced Cron Manager
  * Description: View, pause, remove, edit and add WP Cron events.
- * Version: 2.5.5
+ * Version: 2.5.6
  * Author: BracketSpace
  * Author URI: https://bracketspace.com
  * License: GPL3
@@ -11,7 +11,7 @@
  * @package advanced-cron-manager
  */
 
-$plugin_version = '2.5.5';
+$plugin_version = '2.5.6';
 $plugin_file    = __FILE__;
 
 /**
diff --git a/assets/src/js/event-actions.js b/assets/src/js/event-actions.js
@@ -22,12 +22,13 @@
 
 				// if data is type of array, we send it as JSON anyway,
 				// change characters to make it look like associative array
-				 if ( data.type === 'array' ) {
-					 formattedData = `(${data.type}) ` + JSON.stringify(JSON.parse(data.msg), null, 2)
-						 .replace(/\{/g, '[')
-						 .replace(/}/g, ']')
-						 .replace(/:/g, ' =>')
-				 }
+				if ( data.type === 'array' ) {
+					formattedData = `(${data.type}) ` + JSON.stringify(JSON.parse(data.msg), null, 2)
+						.replace(/\{/g, '[')
+						.replace(/}/g, ']')
+						.replace(/:/g, ' =>')
+				}
+
 				arr.push(formattedData);
 
 			} else {
diff --git a/inc/AdminScreen.php b/inc/AdminScreen.php
@@ -295,7 +295,7 @@ public static function prepare_event_arguments( $event ) {
 			} else {
 				$parsed_args[] = array(
 					'type' => gettype( $arg ),
-					'msg'  => $arg,
+					'msg'  => wp_filter_nohtml_kses( sanitize_text_field( html_entity_decode( $arg ) ) ),
 				);
 			}
 
diff --git a/inc/Cron/EventsActions.php b/inc/Cron/EventsActions.php
@@ -87,7 +87,7 @@ public function insert() {
 		if ( ! empty( $data['arguments'] ) ) {
 			foreach ( $data['arguments'] as $arg_raw ) {
 				if ( ! empty( $arg_raw ) ) {
-					$args[] = sanitize_text_field( $arg_raw );
+					$args[] = wp_filter_nohtml_kses( sanitize_text_field( html_entity_decode( $arg_raw ) ) );
 				}
 			}
 		}
diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Tags: cron, wpcron, tool, manager, crontrol
 Requires at least: 3.6
 Requires PHP: 5.3
 Tested up to: 6.4
-Stable tag: 2.5.5
+Stable tag: 2.5.6
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -101,6 +101,9 @@ Yes! We're offering a [custom plugin development](https://bracketspace.com/custo
 
 == Changelog ==
 
+= 2.5.6 =
+* [Fixed] Security vulnerability.
+
 = 2.5.5 =
 * [Added] Custom schedules availability info.
 

Original file line number	Diff line number	Diff line change
`@@ -295,7 +295,7 @@ public static function prepare_event_arguments( $event ) {`
`295`	`295`	`} else {`
`296`	`296`	`$parsed_args[] = array(`
`297`	`297`	`'type' => gettype( $arg ),`
`298`		`- 'msg' => $arg,`
	`298`	`+ 'msg' => wp_filter_nohtml_kses( sanitize_text_field( html_entity_decode( $arg ) ) ),`
`299`	`299`	`);`
`300`	`300`	`}`
`301`	`301`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ public function insert() {`
`87`	`87`	`if ( ! empty( $data['arguments'] ) ) {`
`88`	`88`	`foreach ( $data['arguments'] as $arg_raw ) {`
`89`	`89`	`if ( ! empty( $arg_raw ) ) {`
`90`		`- $args[] = sanitize_text_field( $arg_raw );`
	`90`	`+ $args[] = wp_filter_nohtml_kses( sanitize_text_field( html_entity_decode( $arg_raw ) ) );`
`91`	`91`	`}`
`92`	`92`	`}`
`93`	`93`	`}`