WordPress.org
Get WordPress

Plugin Directory

Changeset 3422486


Ignore:
Timestamp:
12/18/2025 05:12:30 AM (3 months ago)
Author:
lbell
Message:

Refix

Location:
pretty-google-calendar/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • pretty-google-calendar/trunk/init/shortcode.php

    r3422453 r3422486  
    2929  $pgcalSettings = $args;
    3030  $pgcalSettings["id_hash"] = preg_replace('/[\W]/', '', $pgcalSettings["id_hash"]);
     31
     32  // Include public-facing global settings needed by the frontend.
     33  // The Google API key is intended for client-side use to render public
     34  // calendars; embed it directly in the inline settings so anonymous
     35  // visitors don't rely on an AJAX endpoint to retrieve it.
     36  if ( isset($globalSettings['google_api']) ) {
     37    $pgcalSettings['google_api'] = $globalSettings['google_api'];
     38  }
    3139
    3240  wp_enqueue_script('fullcalendar');

  • pretty-google-calendar/trunk/pretty-google-calendar.php

    r3422453 r3422486  
    44Plugin URI: https://github.com/lbell/pretty-google-calendar
    55Description: Google Calendars that aren't ugly.
    6 Version: 2.0.1
     6Version: 2.0.2
    77Author: LBell
    88Author URI: http://lorenbell.com
     
    2727
    2828
    29 define('PGCAL_VER', "2.0.1");
     29define('PGCAL_VER', "2.0.2");
    3030define('PGCAL_DIR', plugin_dir_path(__FILE__)); // Trailing slash
    3131define('PGCAL_TEMPLATE_DIR', PGCAL_DIR . 'templates/');

  • pretty-google-calendar/trunk/public/js/pgcal.js

    r3422453 r3422486  
    3131
    3232async function pgcal_render_calendar(pgcalSettings, ajaxurl, ajaxNonce) {
    33   const globalSettings = await pgcalFetchGlobals(ajaxurl, ajaxNonce);
     33  // If the shortcode already embedded the public `google_api` key, use it
     34  // directly and skip the AJAX fetch (which is now admin-only). Otherwise
     35  // attempt to fetch globals via AJAX (admin-only usage).
     36  let globalSettings = {};
     37  if (pgcalSettings && pgcalSettings['google_api']) {
     38    globalSettings = { 'google_api': pgcalSettings['google_api'] };
     39  } else {
     40    globalSettings = await pgcalFetchGlobals(ajaxurl, ajaxNonce);
     41  }
    3442
    3543  // console.log(globalSettings["google_api"]); // DEBUG

  • pretty-google-calendar/trunk/readme.txt

    r3422453 r3422486  
    66Requires at least: 3.0
    77Tested up to: 6.9
    8 Stable tag: 2.0.1
     8Stable tag: 2.0.2
    99License: GPLv2 or later
    1010License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    151151
    152152== Changelog ==
     153= 2.0.2 =
     154
     155- Fixed: Prevent unauthorized disclosure of the Google API (CVE-2025-12898)
     156
    153157= 2.0.1 =
    154158
    155159- Tested: WordPress 6.9
    156 - Fixed: Prevent unauthorized disclosure of the Google API (CVE-2025-12898)
    157160
    158161= 2.0.0 =
Note: See TracChangeset for help on using the changeset viewer.