WordPress.org

Ready to get started?Download WordPress

Forums

Calendar
Dollar sign in event description interpreted as PHP variable (5 posts)

  1. sunriseweb
    Member
    Posted 1 year ago #

    If a dollar sign ($) is included in the event description then it doesn't display properly on the event hover when the calendar is inserted via the shortcode on a page or post. The $ is interpreted as a PHP variable as per this post.

    To fix this I changed line 2325 of the plugin to replace '$' with '/$' after stripslashes.

    $details = '<span class="calnk"><a href="'.$linky.'" '.$style.'>' . stripslashes($event->event_title) . '<span '.$style.'>' . $header_details . '' . str_replace('$','\$',stripslashes($event->event_desc)) . '</span></a></span>';

    PS - Great plugin!

    http://wordpress.org/extend/plugins/calendar/

  2. talos
    Member
    Posted 1 year ago #

    I've come across the same issue. Although I'm not exactly sure what caused the bug (I updated wordpress and the calendar plugin around the same time). I noticed that the descriptions with dollar amounts in them ($10 etc.) would not display on the mouse-hover popup.

    The fix required a slightly different modification:

    $details = '<span class="calnk"><a href="'.$linky.'" '.$style.'>' . stripslashes($event->event_title) . '<span '.$style.'>' . $header_details . '' . stripslashes(str_replace('$','&#36',$event->event_desc)) . '</span></a></span>';

    Same thing other than using '&#36' rather than '\$' . Somehow the escaped dollar symbol '\$' didn't want to take. Replacing the dollar symbol with the html entity code solves it.

  3. Kieran O'Shea
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for letting me know about this, I'll look to get it changed in the next released incremental version.

  4. sunriseweb
    Member
    Posted 11 months ago #

    Just downloaded Calendar v1.3.3 - alas but problem still exists :-(

  5. Kieran O'Shea
    Member
    Plugin Author

    Posted 11 months ago #

    I'm aware of that, I had to get 1.3.3 out as a rush job due to the need to fix an XSS vulnerability. 1.3.4 will have more conventional fixes in it, the dollar sign among them :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic