From a5f9bb91b2cf88ef305bc04f4ff625293f8dda50 Mon Sep 17 00:00:00 2001 From: Steve Sutton Date: Fri, 8 Jun 2018 09:00:37 -0400 Subject: [PATCH] Fix issue with wp_editor setup in smarty template Need to escape quotes. --- index.php | 6 +- readme.txt | 3 + views/admin/contacts/edit.html | 18 ++-- views/admin/member/contacts--POS_OLD.html | 106 +++++++++++----------- views/admin/profile/index.html | 18 ++-- 5 files changed, 77 insertions(+), 74 deletions(-) diff --git a/index.php b/index.php index 79aba5b..277b28a 100644 --- a/index.php +++ b/index.php @@ -3,7 +3,7 @@ * Plugin Name: GLM Members Database Contacts * Plugin URI: http://www.gaslightmedia.com/ * Description: Gaslight Media Members Database. - * Version: 1.1.7 + * Version: 1.1.8 * Author: Gaslight Media * Author URI: http://www.gaslightmedia.com/ * License: GPL2 @@ -19,7 +19,7 @@ * @package glmMembersDatabaseContacts * @author Gaslight Media * @license http://www.gaslightmedia.com Gaslightmedia - * @version 1.1.7 + * @version 1.1.8 */ // Check that we're being called by WordPress. @@ -39,7 +39,7 @@ if (!defined('ABSPATH')) { * version when there's a change in the database!! Use the * version nunmber of that release for the DB version. */ -define('GLM_MEMBERS_CONTACTS_PLUGIN_VERSION', '1.1.7'); +define('GLM_MEMBERS_CONTACTS_PLUGIN_VERSION', '1.1.8'); define('GLM_MEMBERS_CONTACTS_PLUGIN_DB_VERSION', '0.0.3'); // This is the minimum version of the GLM Members DB plugin require for this plugin. diff --git a/readme.txt b/readme.txt index 77e20b8..a28fa6d 100644 --- a/readme.txt +++ b/readme.txt @@ -27,6 +27,9 @@ e.g. == Changelog == += 1.1.8 = +* Fix smarty issue with wp_editor and unescaped content. + = 1.1.7 = * Fixes for problem with contacts list not always displaying the correct list for the contact user type. diff --git a/views/admin/contacts/edit.html b/views/admin/contacts/edit.html index 9755165..aea182f 100644 --- a/views/admin/contacts/edit.html +++ b/views/admin/contacts/edit.html @@ -77,7 +77,7 @@

Add New Contact

{else} {if $newEmailError != ''} -

NOTE: Your new E-Mail address was not valid. Please see below.

+

NOTE: Your new E-Mail address was not valid. Please see below.

{else} {if $contactUpdated}

Contact Updated

{/if} {/if} @@ -245,21 +245,21 @@
The E-Mail address you submitted contained invalid characters. {$new_email} Please check the address and submit again. - + {/if} {if $newEmailError == 'BAD_FORMAT'}
- The E-Mail address you submitted is formatted incorrectly. An example of a correctly formatted E-Mail address is "name@domain.com". + The E-Mail address you submitted is formatted incorrectly. An example of a correctly formatted E-Mail address is "name@domain.com". Please check the address and submit again. - + {/if} {if $newEmailError == 'IN_USE'}
- The E-Mail address you submitted is already in use for this site. + The E-Mail address you submitted is already in use for this site. You may only change your address to one that is not currently in use. - + {/if} -
To change your E-Mail address, enter your new address here. This address must not be used by any other contact or user in this site. +
To change your E-Mail address, enter your new address here. This address must not be used by any other contact or user in this site. @@ -320,7 +320,7 @@ Position/Responsibilities: {php} - wp_editor('{$contactInfo.fieldData.descr}', 'glm_descr', array( + wp_editor('{$contactInfo.fieldData.descr|escape:quotes}', 'glm_descr', array( 'quicktags' => false, 'media_buttons' => false, 'wpautop' => false, @@ -536,7 +536,7 @@ Notes: {php} - wp_editor('{$contactInfo.fieldData.notes}', 'glm_notes', array( + wp_editor('{$contactInfo.fieldData.notes|escape:quotes}', 'glm_notes', array( 'quicktags' => false, 'media_buttons' => false, 'wpautop' => false, diff --git a/views/admin/member/contacts--POS_OLD.html b/views/admin/member/contacts--POS_OLD.html index 3c8249f..4d90702 100644 --- a/views/admin/member/contacts--POS_OLD.html +++ b/views/admin/member/contacts--POS_OLD.html @@ -9,7 +9,7 @@
  • Other roles were assigned to the associated system user so that system user has not been removed.
    • {/if} -{/if} +{/if} {if $haveMember} {if $option == 'list'} @@ -18,7 +18,7 @@ Add New {$terms.term_member_cap} Contact {/if}
    - List Filters:   + List Filters:   Show Archived      Search @@ -47,7 +47,7 @@ {$c.lname}, {$c.fname} {else} {$c.lname}, {$c.fname} - {/if} + {/if} {$c.active.name} {$c.contact_type.name} @@ -63,29 +63,29 @@ {/if} - + {elseif $option == 'edit' && !$contactID}

    ERROR: Specified contact not found!

    - + {elseif $newContactExists} - -

    NOTE: The Email address or username for this contact is already in use. Please check if they already are a contact in this system.

    + +

    NOTE: The Email address or username for this contact is already in use. Please check if they already are a contact in this system.

    {elseif $misMatchedWpUsers} - +

    - NOTE: - The Email address for this contact is already in use by an existing system user but the username is in use by a different - system user. As such we are unable to match this request to a specific existing system user. We suggest you determine what + NOTE: + The Email address for this contact is already in use by an existing system user but the username is in use by a different + system user. As such we are unable to match this request to a specific existing system user. We suggest you determine what the "Username" is for the existing Wordpress user with the Email address you requested. Please call for assistance if needed. -

    - + + {elseif $newContactCreated} - -

    New Contact Created: {$contactInfo.fieldData.fname} {$contactInfo.fieldData.lname} - {$contactInfo.fieldData.email}

    - {if $usernameChangedToWP || $usingExistingWPContact} + +

    New Contact Created: {$contactInfo.fieldData.fname} {$contactInfo.fieldData.lname} - {$contactInfo.fieldData.email}

    + {if $usernameChangedToWP || $usingExistingWPContact}

    NOTE:

      {/if} @@ -97,7 +97,7 @@
    • The username was changed to match the username of the system user found with the specified Email address.
    • The username for this contact is: {$contactInfo.fieldData.username}
      • {/if} - {if $usernameChangedToWP || $usingExistingWPContact} + {if $usernameChangedToWP || $usingExistingWPContact}
    {/if} @@ -109,9 +109,9 @@ {if $option == 'create' || $option == 'edit'} Return to Contact List - + {if $option == 'create'} -

    Add New Contact

    +

    Add New Contact

    {else} {if $contactUpdated}

    Contact Updated

    {/if} Delete this Contact @@ -123,7 +123,7 @@

    WARNING:

    - Clicking the "Delete this Contact" button above will + Clicking the "Delete this Contact" button above will delete all of the data and images associated with this contact.

    @@ -133,14 +133,14 @@

    This contact may instead be "Archived" rather than deleted using the "Contact Display:" pick-list. When archived, the contact is not displayed on the front-end - of the Web site, any login assoicated with this contact is deactivated, and the contact will not show on contact lists unless "Archived" is selected. + of the Web site, any login assoicated with this contact is deactivated, and the contact will not show on contact lists unless "Archived" is selected. Unlike delete, an archived contact may be changed back to normal use.

    Edit Contact

    {/if} - - + + @@ -155,7 +155,7 @@ {/if} - + @@ -171,7 +171,7 @@ - + @@ -229,7 +229,7 @@ - {if $option == 'create'} + {if $option == 'create'} - - {if $option == 'create'} + + {if $option == 'create'}
    Contact For:
    Created: {$contactInfo.fieldData.create_time.datetime}
    Last Updated: {$contactInfo.fieldData.modify_time.datetime}
    Email Address: @@ -242,8 +242,8 @@ {/if}
    Login Username: @@ -260,12 +260,12 @@ {if $option == 'create'} - Save this password. + Save this password.
    A randomly generated password has been supplied. You may change this as desired. There is no way to view a password once it's set. However, a user may recover a password using their Email address at the login page. {else} -
    NOTE: Enter a password here only if you need to change it. +
    NOTE: Enter a password here only if you need to change it. {/if}
    The password must be at least 8 characters and include at least one number, one letter, and at least one special character. (# . - _ , $ % & !) @@ -297,7 +297,7 @@     		Position/Responsibilities: {php} - wp_editor('{$contactInfo.fieldData.descr}', 'glm_descr', array( + wp_editor('{$contactInfo.fieldData.descr|escape:quotes}', 'glm_descr', array( 'quicktags' => false, 'media_buttons' => false, 'wpautop' => false, @@ -319,13 +319,13 @@ - + - +
    Delete Image
    {$contactInfo.fieldData.image}

    Show Large Image

    {/if} @@ -476,8 +476,8 @@

    * Required

    - - + + {/if} {else} @@ -485,7 +485,7 @@ - + @@ -500,7 +500,7 @@ @@ -534,25 +534,25 @@
    Contact For:{$contactInfo.fieldData.ref_type.name} - {$memberData.name}
    Active:{$contactInfo.fieldData.active.name}
    Created:{$contactInfo.fieldData.create_time.datetime}
    Created:{$contactInfo.fieldData.create_time.datetime}
    Last Updated:{$contactInfo.fieldData.modify_time.datetime}
    First Name:{$contactInfo.fieldData.fname}
    Last Name:{$contactInfo.fieldData.lname}
    {if $contactInfo.fieldData.image} - {/if} + {/if}
    Address Line 1:{$contactInfo.fieldData.addr1}