WordPress.org
Get WordPress

Plugin Directory

Changeset 3478176


Ignore:
Timestamp:
03/09/2026 01:37:46 PM (3 weeks ago)
Author:
redscar
Message:

Apply modifications to 6.15.17.1

Location:
the-events-calendar/tags/6.15.17.1
Files:
12 edited

Legend:

Unmodified
Added
Removed

  • the-events-calendar/tags/6.15.17.1/changelog.md

    r3469629 r3478176  
    11# Changelog
     2
     3### [6.15.17.1] 2026-03-09
     4
     5* Security - Strengthen file type and location checks during aggregator imports. [SVUL-54]
    26
    37### [6.15.17] 2026-02-25

  • the-events-calendar/tags/6.15.17.1/common/vendor/vendor-prefixed/autoload.php

    r3469629 r3478176  
    2020require_once __DIR__ . '/composer/autoload_real.php';
    2121
    22 return ComposerAutoloaderInit32e50cbf9d69b270942f12dec8f66cd8::getLoader();
     22return ComposerAutoloaderInit3e6cb64ce382810755e1ea0de130a8b7::getLoader();

  • the-events-calendar/tags/6.15.17.1/common/vendor/vendor-prefixed/composer/autoload_real.php

    r3469629 r3478176  
    33// autoload_real.php @generated by Composer
    44
    5 class ComposerAutoloaderInit32e50cbf9d69b270942f12dec8f66cd8
     5class ComposerAutoloaderInit3e6cb64ce382810755e1ea0de130a8b7
    66{
    77    private static $loader;
     
    2525        require __DIR__ . '/platform_check.php';
    2626
    27         spl_autoload_register(array('ComposerAutoloaderInit32e50cbf9d69b270942f12dec8f66cd8', 'loadClassLoader'), true, true);
     27        spl_autoload_register(array('ComposerAutoloaderInit3e6cb64ce382810755e1ea0de130a8b7', 'loadClassLoader'), true, true);
    2828        self::$loader = $loader = new \TEC\Common\Composer\Autoload\ClassLoader(\dirname(__DIR__));
    29         spl_autoload_unregister(array('ComposerAutoloaderInit32e50cbf9d69b270942f12dec8f66cd8', 'loadClassLoader'));
     29        spl_autoload_unregister(array('ComposerAutoloaderInit3e6cb64ce382810755e1ea0de130a8b7', 'loadClassLoader'));
    3030
    3131        require __DIR__ . '/autoload_static.php';
    32         call_user_func(\TEC\Common\Composer\Autoload\ComposerStaticInit32e50cbf9d69b270942f12dec8f66cd8::getInitializer($loader));
     32        call_user_func(\TEC\Common\Composer\Autoload\ComposerStaticInit3e6cb64ce382810755e1ea0de130a8b7::getInitializer($loader));
    3333
    3434        $loader->setClassMapAuthoritative(true);

  • the-events-calendar/tags/6.15.17.1/common/vendor/vendor-prefixed/composer/autoload_static.php

    r3469629 r3478176  
    55namespace TEC\Common\Composer\Autoload;
    66
    7 class ComposerStaticInit32e50cbf9d69b270942f12dec8f66cd8
     7class ComposerStaticInit3e6cb64ce382810755e1ea0de130a8b7
    88{
    99    public static $prefixLengthsPsr4 = array (
     
    585585    {
    586586        return \Closure::bind(function () use ($loader) {
    587             $loader->prefixLengthsPsr4 = ComposerStaticInit32e50cbf9d69b270942f12dec8f66cd8::$prefixLengthsPsr4;
    588             $loader->prefixDirsPsr4 = ComposerStaticInit32e50cbf9d69b270942f12dec8f66cd8::$prefixDirsPsr4;
    589             $loader->classMap = ComposerStaticInit32e50cbf9d69b270942f12dec8f66cd8::$classMap;
     587            $loader->prefixLengthsPsr4 = ComposerStaticInit3e6cb64ce382810755e1ea0de130a8b7::$prefixLengthsPsr4;
     588            $loader->prefixDirsPsr4 = ComposerStaticInit3e6cb64ce382810755e1ea0de130a8b7::$prefixDirsPsr4;
     589            $loader->classMap = ComposerStaticInit3e6cb64ce382810755e1ea0de130a8b7::$classMap;
    590590
    591591        }, null, ClassLoader::class);

  • the-events-calendar/tags/6.15.17.1/readme.txt

    r3469629 r3478176  
    44Tags: events, calendar, event, schedule, organizer
    55Donate link: https://evnt.is/29
    6 Stable tag: 6.15.17
     6Stable tag: 6.15.17.1
    77Requires at least: 6.7
    88Tested up to: 6.9
     
    233233== Changelog ==
    234234
     235= [6.15.17.1] 2026-03-09 =
     236
     237* Security - Strengthen file type and location checks during aggregator imports. [SVUL-54]
     238
    235239= [6.15.17] 2026-02-25 =
    236240

  • the-events-calendar/tags/6.15.17.1/src/Tribe/Aggregator/Record/CSV.php

    r3292585 r3478176  
    310310     *
    311311     * @since 4.6.15
     312     * @since 6.15.17.1 Strengthen file type and location checks during aggregator imports.
    312313     *
    313314     * @return bool|false|string Either the absolute path to the CSV file or `false` on failure.
     
    318319        } else {
    319320            $file_path = realpath( $this->meta['file'] );
     321        }
     322
     323        if ( $file_path ) {
     324            // Only allow CSV files — reject any other extension to prevent file disclosure.
     325            $filetype = wp_check_filetype( $file_path );
     326            if ( empty( $filetype['ext'] ) || 'csv' !== strtolower( $filetype['ext'] ) ) {
     327                return false;
     328            }
     329
     330            // Restrict the file to the WordPress uploads directory to prevent path traversal.
     331            $upload_info  = wp_upload_dir();
     332            $uploads_base = realpath( $upload_info['basedir'] );
     333            if ( false === $uploads_base || 0 !== strpos( $file_path, trailingslashit( $uploads_base ) ) ) {
     334                return false;
     335            }
    320336        }
    321337

  • the-events-calendar/tags/6.15.17.1/src/Tribe/Main.php

    r3469629 r3478176  
    4141        const VENUE_POST_TYPE     = 'tribe_venue';
    4242        const ORGANIZER_POST_TYPE = 'tribe_organizer';
    43         const VERSION             = '6.15.17';
     43        const VERSION             = '6.15.17.1';
    4444
    4545        /**

  • the-events-calendar/tags/6.15.17.1/the-events-calendar.php

    r3469629 r3478176  
    33 * Plugin Name: The Events Calendar
    44 * Description: The Events Calendar is a carefully crafted, extensible plugin that lets you easily share your events. Beautiful. Solid. Awesome.
    5  * Version: 6.15.17
     5 * Version: 6.15.17.1
    66 * Requires at least: 6.7
    77 * Requires PHP: 7.4

  • the-events-calendar/tags/6.15.17.1/vendor/composer/installed.php

    r3469629 r3478176  
    22    'root' => array(
    33        'name' => 'the-events-calendar/the-events-calendar',
    4         'pretty_version' => 'dev-release/M26.banette',
    5         'version' => 'dev-release/M26.banette',
    6         'reference' => 'fa99c3a26df2970065245a1bfacf3985c8e9235f',
     4        'pretty_version' => 'dev-release/M26.blaziken',
     5        'version' => 'dev-release/M26.blaziken',
     6        'reference' => '5daf5c19ecea7a934f7ae292542d9678f1386a58',
    77        'type' => 'wordpress-plugin',
    88        'install_path' => __DIR__ . '/../../',
     
    1212    'versions' => array(
    1313        'the-events-calendar/the-events-calendar' => array(
    14             'pretty_version' => 'dev-release/M26.banette',
    15             'version' => 'dev-release/M26.banette',
    16             'reference' => 'fa99c3a26df2970065245a1bfacf3985c8e9235f',
     14            'pretty_version' => 'dev-release/M26.blaziken',
     15            'version' => 'dev-release/M26.blaziken',
     16            'reference' => '5daf5c19ecea7a934f7ae292542d9678f1386a58',
    1717            'type' => 'wordpress-plugin',
    1818            'install_path' => __DIR__ . '/../../',
Note: See TracChangeset for help on using the changeset viewer.