Headline
CVE-2014-125035: Whitespace/code cleanup · mrbobbybryant/Jobs-Plugin@b8a5671
A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability.
@@ -1,14 +1,14 @@ <?php <?php
/** * Adds a meta box to the post editing screen */ function hrm_custom_meta() { add_meta_box( 'hrm_meta’, __( 'Job Listing’, ‘hrm-jobs’ ), 'hrm_meta_callback’, ‘job’ add_meta_box( 'hrm_meta’, __( 'Job Listing’, ‘hrm-jobs’ ), 'hrm_meta_callback’, ‘job’ ); } add_action( 'add_meta_boxes’, ‘hrm_custom_meta’ ); @@ -25,24 +25,24 @@ function hrm_meta_callback( $post ) { <div class="meta-th"> <label for="job-id" class="hrm-row-title"><?php _e( 'Job ID’, ‘hrm-textdomain’ )?></label> </div> <div class="meta-td"> <input type="text" name="job-id" id="job-id" value="<?php if ( isset ( $hrm_stored_meta[‘job-id’] ) ) echo $hrm_stored_meta[‘job-id’][0]; ?>" /> <div class="meta-td"> <input type="text" name="job-id" id="job-id" value="<?php if ( isset ( $hrm_stored_meta[‘job-id’] ) ) echo esc_attr( $hrm_stored_meta[‘job-id’][0] ); ?>" /> </div> </div> <div class="meta-row"> <div class="meta-th"> <label for="date_listed" class="wpdt-row-title"><?php _e( 'Date Listed’, ‘hrm-textdomain’ )?></label> </div> <div class="meta-td"> <input type="text" size="10" class="wpdt-row-content datepicker" name="date_listed" id="date_listed" value="<?php if ( isset ( $hrm_stored_meta[‘date_listed’] ) ) echo $hrm_stored_meta[‘date_listed’][0]; ?>" /> <input type="text" size="10" class="wpdt-row-content datepicker" name="date_listed" id="date_listed" value="<?php if ( isset ( $hrm_stored_meta[‘date_listed’] ) ) echo esc_attr( $hrm_stored_meta[‘date_listed’][0] ); ?>" /> </div> </div> <div class="meta-row"> <div class="meta-th"> <label for="application_deadline" class="wpdt-row-title"><?php _e( 'Application Deadline’, ‘hrm-textdomain’ )?></label> </div> <div class="meta-td"> <input type="text" size="10" class="wpdt-row-content datepicker" name="application_deadline" id="application_deadline" value="<?php if ( isset ( $hrm_stored_meta[‘application_deadline’] ) ) echo $hrm_stored_meta[‘application_deadline’][0]; ?>" /> <input type="text" size="10" class="wpdt-row-content datepicker" name="application_deadline" id="application_deadline" value="<?php if ( isset ( $hrm_stored_meta[‘application_deadline’] ) ) echo esc_attr( $hrm_stored_meta[‘application_deadline’][0] ); ?>" /> </div> </div> <div class="meta-row"> @@ -54,7 +54,7 @@ function hrm_meta_callback( $post ) {
$content = get_post_meta( $post->ID, 'principle_duties’, true ); $editor_id = 'principle_duties’; $settings = array( $settings = array( ‘textarea_rows’ => 5, );
@@ -68,15 +68,15 @@ function hrm_meta_callback( $post ) { <label for="minimum-requirements" class="wpdt-row-title"><?php _e( 'Minimum Requirements’, ‘hrm-textdomain’ )?></label> </div> <div class="meta-td"> <textarea name="minimum-requirements" class ="hrm-textarea" id="minimum-requirements"><?php if ( isset ( $hrm_stored_meta[‘minimum-requirements’] ) ) echo $hrm_stored_meta[‘minimum-requirements’][0]; ?></textarea> <textarea name="minimum-requirements" class ="hrm-textarea" id="minimum-requirements"><?php if ( isset ( $hrm_stored_meta[‘minimum-requirements’] ) ) echo esc_attr( $hrm_stored_meta[‘minimum-requirements’][0] ); ?></textarea> </div> </div> <div class="meta-row"> <div class="meta-th"> <label for="preferred-requirements" class="wpdt-row-title"><?php _e( 'Preferred Requirements’, ‘hrm-textdomain’ )?></label> </div> <div class="meta-td"> <textarea name="preferred-requirements" class ="hrm-textarea" id="preferred-requirements"><?php if ( isset ( $hrm_stored_meta[‘preferred-requirements’] ) ) echo $hrm_stored_meta[‘preferred-requirements’][0]; ?></textarea> <textarea name="preferred-requirements" class ="hrm-textarea" id="preferred-requirements"><?php if ( isset ( $hrm_stored_meta[‘preferred-requirements’] ) ) echo esc_attr( $hrm_stored_meta[‘preferred-requirements’][0] ); ?></textarea> </div> </div> <div class="meta-row"> @@ -99,17 +99,17 @@ function hrm_meta_callback( $post ) { * Saves the custom meta input */ function hrm_meta_save( $post_id ) {
// Checks save status $is_autosave = wp_is_post_autosave( $post_id ); $is_revision = wp_is_post_revision( $post_id ); $is_valid_nonce = ( isset( $_POST[ ‘hrm_nonce’ ] ) && wp_verify_nonce( $_POST[ ‘hrm_nonce’ ], basename( __FILE__ ) ) ) ? ‘true’ : 'false’;
// Exits script depending on save status if ( $is_autosave || $is_revision || !$is_valid_nonce ) { return; }
// Checks for input and sanitizes/saves if needed if( isset( $_POST[ ‘job-id’ ] ) ) { update_post_meta( $post_id, 'job-id’, sanitize_text_field( $_POST[ ‘job-id’ ] ) ); @@ -122,7 +122,7 @@ function hrm_meta_save( $post_id ) { if( isset( $_POST[ ‘minimum-requirements’ ] ) ) { update_post_meta( $post_id, 'minimum-requirements’, sanitize_text_field( $_POST[ ‘minimum-requirements’ ] ) ); }
if( isset( $_POST[ ‘date_listed’ ] ) ) { update_post_meta( $post_id, 'date_listed’, sanitize_text_field( $_POST[ ‘date_listed’ ] ) ); } @@ -145,15 +145,15 @@ function hrm_meta_save( $post_id ) { * Change Placeholder text in Default title field. */ function change_default_title( $title ){
$screen = get_current_screen();
if ( ‘job’ == $screen->post_type ){ $title = "Enter Job Title Here"; }
return $title; }
add_filter( 'enter_title_here’, ‘change_default_title’ );