- by Bastien HoSecurity: Fix Cross Site Scripting, reported by Peter Thaleikis
- by Bastien HoSecurity: Fix vulnerability to XSS inshortcode Ensure that date is well formated in
A calendar of events 2024DecS M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 shortcodeA calendar of events 2024DecS M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 - by Bastien HoSecurity: Fix vulnerability to local file inclusion
- by Bastien HoFixed a bug that display html as string in event calendar blocks Fixed javascript warning in event map block
- by Bastien HoSecurity: Fix authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Uses bulk_edit_posts hook, fixes lack of verification in bulk edit Escape some outputs Fix missing jQuery dependency in timeline-block Misc: De-index not existing "Event-post front" and "Event-post admin" blocks Add main global EventPost object for JS variables Allows to skip deprecation error Adds instructions for translators Limit number of tags in plugin README Now requires WordPress 6.3
- by Bastien HoFix quick edit fields
- by Bastien HoFix call of Wp_Query in EventPost\Children Fix display of hours in timepicker for AM/PM format Fix saving of timeline schemas settings Use wp_json_encode instead of json_encode Use rawurlencode instead of urlencode Adds instructions for translators
- by Bastien HoFix doing_it_wrong calls in legacy widgets Escape HTML & outputs
- by Bastien HoSecurity: Fixes XSS vuln in event metadata (https://patchstack.com/database/report-preview/8edeb59a-59e6-42aa-8ed4-5f79cdedf820) Features: Adds "Completed" event status Misc: Refactor source of blocks with wordpress-scripts Improves WordPress's PHPCS compliance Fix deprecated gmt_offset Mark legacy widgets as deprecated Fix warnings in PHP8+
- by Bastien HoFix December month on native datepicker
- by Bastien HoDissociate event description from post excerpt Remove double line breaks and   in description
- by Bastien HoFix undefined variable in price and text-price Now when excerpt is empty, the text body is used Use relative URLS in rewrite rules Fix attempt to assign property start on null Fix read property "time_start" on bool