Title: Bug in security fix in function column_edit_hidden_fields
Last modified: March 25, 2024

---

# Bug in security fix in function column_edit_hidden_fields

 *  Resolved [Ov3rfly](https://wordpress.org/support/users/ov3rfly/)
 * (@ov3rfly)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/bug-in-security-fix-in-function-column_edit_hidden_fields/)
 * Bug in security fix in function `column_edit_hidden_fields()` in 5.9.0 causes
   incomplete/invalid output of hidden field HTML and also causes PHP warning:
 *     ```wp-block-code
       PHP Warning:  Undefined variable $html in .../wp-content/plugins/event-post/eventpost.php on line 2941
       ```
   
 * Current code:
 *     ```wp-block-code
       function column_edit_hidden_fields($post_id, $set){
       	$event = $this->retreive($post_id);
       	$html .= '<div class="hidden">';
       	if ($event != false){
       		foreach($this->quick_edit_fields[$set] as $fieldname=>$fieldlabel){
       			$html ='<span class="inline-edit-value '.$fieldname.'">'.esc_attr($event->$fieldname).'</span>';
       		}
       		$html = '</div>';
       	}
       	echo wp_kses($html, $this->kses_tags);
       }
       ```
   
 * Suggested fix, all three lines with `$html` are affected:
 *     ```wp-block-code
       function column_edit_hidden_fields($post_id, $set){
       	$event = $this->retreive($post_id);
       	$html = '<div class="hidden">';
       	if ($event != false){
       		foreach($this->quick_edit_fields[$set] as $fieldname=>$fieldlabel){
       			$html .= '<span class="inline-edit-value '.$fieldname.'">'.esc_attr($event->$fieldname).'</span>';
       		}
       	}
       	$html .= '</div>';
       	echo wp_kses($html, $this->kses_tags);
       }
       ```
   
 * Event post 5.9.2, WordPress 6.4.3, PHP 8.1.x

Viewing 1 replies (of 1 total)

 *  Thread Starter [Ov3rfly](https://wordpress.org/support/users/ov3rfly/)
 * (@ov3rfly)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/bug-in-security-fix-in-function-column_edit_hidden_fields/#post-17537511)
 * Bug has obviously been fixed with Event post 5.9.3

Viewing 1 replies (of 1 total)

The topic ‘Bug in security fix in function column_edit_hidden_fields’ is closed 
to new replies.

 * ![](https://ps.w.org/event-post/assets/icon.svg?rev=2678301)
 * [Event post](https://wordpress.org/plugins/event-post/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/event-post/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/event-post/)
 * [Active Topics](https://wordpress.org/support/plugin/event-post/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/event-post/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/event-post/reviews/)

## Tags

 * [html](https://wordpress.org/support/topic-tag/html/)
 * [invalid](https://wordpress.org/support/topic-tag/invalid/)
 * [php](https://wordpress.org/support/topic-tag/php/)
 * [warning](https://wordpress.org/support/topic-tag/warning/)

 * 1 reply
 * 1 participant
 * Last reply from: [Ov3rfly](https://wordpress.org/support/users/ov3rfly/)
 * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/bug-in-security-fix-in-function-column_edit_hidden_fields/#post-17537511)
 * Status: resolved