Commit 1709b7dd authored by lucha's avatar lucha
Browse files

[auto] plugin: event-list 0.7.9

parent 4f8f1748
......@@ -78,10 +78,11 @@ class EL_Admin_Categories {
if(!$is_disabled) {
// delete categories
$slug_array = explode(', ', $_GET['slug']);
$slug_array = array_map('sanitize_title_for_query', $slug_array);
$num_affected_events = $this->db->remove_category_in_events($slug_array);
if($this->categories->remove_categories($slug_array, false)) {
$out .= '<div id="message" class="updated">
<p><strong>'.sprintf(__('Category "%s" deleted.','event-list'), $_GET['slug']);
<p><strong>'.sprintf(__('Category "%s" deleted.','event-list'), implode(', ', $slug_array));
if($num_affected_events > 0) {
$out .= '<br />'.sprintf(__('This Category was also removed from %d events.','event-list'), $num_affected_events);
}
......@@ -89,7 +90,7 @@ class EL_Admin_Categories {
</div>';
}
else {
$out .= '<div id="message" class="error below-h2"><p><strong>'.sprintf(__('Error while deleting category "%s"','event-list'), $_GET['slug']).'.</strong></p></div>';
$out .= '<div id="message" class="error below-h2"><p><strong>'.sprintf(__('Error while deleting category "%s"','event-list'), implode(', ', $slug_array)).'.</strong></p></div>';
}
}
}
......
......@@ -48,8 +48,10 @@ class EL_Admin_Main {
break;
case 'delete':
if(isset($_GET['id'])) {
$error = !$this->db->delete_events(explode(',', $_GET['id']));
$this->redirect('deleted', $error, array('id' => $_GET['id']));
$id_array = explode(',', $_GET['id']);
$id_array = array_map('absint', $id_array);
$error = !$this->db->delete_events($id_array);
$this->redirect('deleted', $error, array('id' => implode(',', $id_array)));
}
break;
// proceed with header if a bulk action was triggered (required due to "noheader" attribute for all action above)
......@@ -110,7 +112,7 @@ class EL_Admin_Main {
private function show_page_header($action, $editview=false) {
if($editview) {
$duplicate_link = add_query_arg(array('id'=>$_GET['id'], 'action'=>'copy'), '?page=el_admin_new');
$duplicate_link = add_query_arg(array('id'=>absint($_GET['id']), 'action'=>'copy'), '?page=el_admin_new');
$header = __('Edit Event','event-list').' <a href="'.$duplicate_link.'" class="add-new-h2">'.__('Duplicate','event-list').'</a>';
}
else {
......@@ -188,9 +190,9 @@ class EL_Admin_Main {
$num_deleted = count(explode(',', $_GET['id']));
$plural = ($num_deleted > 1) ? 's' : '';
if(!$error)
$this->show_update_message($num_deleted.' Event'.$plural.' deleted (id'.$plural.': '.$_GET['id'].').');
$this->show_update_message($num_deleted.' Event'.$plural.' deleted (id'.$plural.': '.htmlentities($_GET['id']).').');
else
$this->show_error_message('Error while deleting '.$num_deleted.' Event'.$plural.'.');
$this->show_error_message('Error: Deleting failed (Event id'.$plural.': '.htmlentities($_GET['id']).')!');
break;
}
}
......
......@@ -30,7 +30,7 @@ class EL_Admin_New {
$this->options = &EL_Options::get_instance();
$this->categories = &EL_Categories::get_instance();
$this->is_new = !(isset($_GET['action']) && ('edit' === $_GET['action'] || 'added' === $_GET['action'] || 'modified' === $_GET['action']));
$this->is_duplicate = $this->is_new && isset($_GET['id']) && is_numeric($_GET['id']);
$this->is_duplicate = $this->is_new && isset($_GET['id']) && intval($_GET['id']) > 0;
}
public function show_new() {
......@@ -40,7 +40,7 @@ class EL_Admin_New {
$out = '<div class="wrap">
<div id="icon-edit-pages" class="icon32"><br /></div><h2>'.__('Add New Event','event-list').'</h2>';
if($this->is_duplicate) {
$out .= '<span style="color:silver">('.sprintf(__('Duplicate of event id:%d','event-list'), $_GET['id']).')</span>';
$out .= '<span style="color:silver">('.sprintf(__('Duplicate of event id:%d','event-list'), absint($_GET['id'])).')</span>';
}
$out .= $this->edit_event();
$out .= '</div>';
......@@ -72,7 +72,7 @@ class EL_Admin_New {
}
else {
// set event data and existing date
$event = $this->db->get_event($_GET['id']);
$event = $this->db->get_event(absint($_GET['id']));
$start_date = strtotime($event->start_date);
$end_date = strtotime($event->end_date);
}
......@@ -98,7 +98,7 @@ class EL_Admin_New {
else {
$out .= '
<input type="hidden" name="action" value="edited" />
<input type="hidden" name="id" value="'.$_GET['id'].'" />';
<input type="hidden" name="id" value="'.absint($_GET['id']).'" />';
}
$out .= '
<table class="form-table">
......
......@@ -45,7 +45,7 @@ class EL_Event_Table extends WP_List_Table {
case 'date' :
return $this->format_event_date($item->start_date, $item->end_date, $item->time);
case 'details' :
return $this->db->truncate(wpautop('<div>'.$item->details.'</div>'), 100);
return $this->db->truncate('<div>'.wpautop($item->details).'</div>', 100);
case 'pub_user' :
return get_userdata($item->pub_user)->user_login;
case 'pub_date' :
......@@ -277,11 +277,6 @@ class EL_Event_Table extends WP_List_Table {
}
// event time
if('' !== $start_time) {
// set time format if a known format is available, else only show the text
$date_array = date_parse($start_time);
if(empty($date_array['errors']) && is_numeric($date_array['hour']) && is_numeric($date_array['minute'])) {
$start_time = mysql2date(get_option('time_format'), $start_time);
}
$out .= '<br />
<span class="time">'.esc_html($start_time).'</span>';
}
......
......@@ -4,7 +4,7 @@
jQuery(document).ready(function($) {
// Read required config data from hidden field json_for_js
var json = $("#json_for_js").val();
var conf = eval('(' + json + ')');
var conf = JSON.parse(json);
// Show or hide end_date
if ($("#start_date").val() == $("#end_date").val()) {
......
......@@ -3,7 +3,7 @@
Plugin Name: Event List
Plugin URI: http://wordpress.org/extend/plugins/event-list/
Description: Manage your events and show them in a list view on your site.
Version: 0.7.8
Version: 0.7.9
Author: mibuthu
Author URI: http://wordpress.org/extend/plugins/event-list/
Text Domain: event-list
......@@ -84,7 +84,7 @@ class Event_List {
}
else {
// use fork of wordpress function load_plugin_textdomain (see wp-includes/l10n.php) to prefer language files included in plugin (wp-content/plugins/event-list/languages/) and additionally from language dir
$locale = apply_filters('plugin_locale', is_admin() ? get_user_locale() : get_locale(), $domain);
$locale = apply_filters('plugin_locale', is_callable('get_user_locale') ? get_user_locale() : get_locale(), $domain);
$mofile = $domain.'-'.$locale.'.mo';
load_textdomain($domain, WP_PLUGIN_DIR.'/'.$el_lang_path.'/'.$mofile);
load_textdomain($domain, WP_LANG_DIR.'/plugins/'.$mofile);
......
......@@ -316,7 +316,10 @@ class EL_Categories {
}
public function get_category_data($slug) {
return $this->cat_array[$slug];
if(isset($this->cat_array[$slug])) {
return $this->cat_array[$slug];
}
return false;
}
/**
......
......@@ -61,13 +61,13 @@ class EL_Db {
if('upcoming' === $date_filter && is_numeric($num_events) && 0 < $num_events) {
$sql .= ' LIMIT '.$num_events;
}
return $wpdb->get_results($sql);
return $this->convert_events_timeformat($wpdb->get_results($sql));
}
public function get_event( $id ) {
global $wpdb;
$sql = 'SELECT * FROM '.$this->table.' WHERE id = '.$id.' LIMIT 1';
return $wpdb->get_row( $sql );
return $this->convert_event_timeformat($wpdb->get_row($sql));
}
public function get_distinct_event_data($search_string, $date_filter, $cat_filter, $order='asc') {
......@@ -113,7 +113,7 @@ class EL_Db {
}
//time
if( !isset( $event_data['time'] ) ) { $sqldata['time'] = ''; }
else { $sqldata['time'] = stripslashes($event_data['time']); }
else { $sqldata['time'] = $this->validate_time($event_data['time']); }
//title
if( !isset( $event_data['title'] ) || $event_data['title'] === '' ) { return false; }
$sqldata['title'] = stripslashes( $event_data['title'] );
......@@ -205,6 +205,32 @@ class EL_Db {
return false;
}
private function validate_time($timestring) {
// Try to extract a correct time from the provided text
$timestamp = strtotime(stripslashes($timestring));
// Return a standard time format if the conversion was successful
if($timestamp) {
return date('H:i:s', $timestamp);
}
// Else return the given text
return $timestring;
}
private function convert_events_timeformat($events) {
foreach($events as $event) {
$this->convert_event_timeformat($event);
}
return $events;
}
private function convert_event_timeformat($event) {
$timestamp = strtotime($event->time);
if($timestamp) {
$event->time = date_i18n(get_option('time_format'), $timestamp);
}
return $event;
}
private function get_sql_filter_string($date_filter=null, $cat_filter=null) {
$sql_filter_string = '';
// date filter
......@@ -332,7 +358,7 @@ class EL_Db {
$openingTag = array_pop($tags);
if($openingTag != $tagName) {
// Not properly nested tag found: trigger a warning and add the not matching opening tag again
trigger_error('Not properly nested tag found (last opening tag: '.$openingTag.', closing tag: '.$tagName.')', E_USER_WARNING);
trigger_error('Not properly nested tag found (last opening tag: '.$openingTag.', closing tag: '.$tagName.')', E_USER_NOTICE);
$tags[] = $openingTag;
}
else {
......
......@@ -21,9 +21,10 @@ function updateUrlParameter(url, paramName, paramVal, sc_id) {
urlArray = oldParams.split("&");
for(i=0; i<urlArray.length; i++) {
if(urlArray[i].split("=")[0] == "event_id"+sc_id) {
// do nothing
// do nothing:
continue;
}
else if(urlArray[i].split("=")[0] == paramName) {
if(urlArray[i].split("=")[0] == paramName) {
newParams += seperator + paramName + "=" + paramVal;
paramNameAdded = true;
}
......
......@@ -101,17 +101,17 @@ class SC_Event_List {
$a['actual_date'] = $this->get_actual_date($a);
$a['actual_cat'] = $this->get_actual_cat($a);
if(isset($_GET['event_id'.$a['sc_id']])) {
$a['event_id'] = (int)$_GET['event_id'.$a['sc_id']];
$a['event_id'] = absint($_GET['event_id'.$a['sc_id']]);
}
elseif('all' != $a['initial_event_id'] && !isset($_GET['date'.$a['sc_id']]) && !isset($_GET['cat'.$a['sc_id']])) {
$a['event_id'] = (int)$a['initial_event_id'];
$a['event_id'] = intval($a['initial_event_id']);
}
else {
$a['event_id'] = null;
}
// fix sc_id_for_url if required
if(!is_numeric($a['sc_id_for_url'])) {
$a['sc_id_for_url'] = $a['sc_id'];
$a['sc_id_for_url'] = intval($a['sc_id']);
}
$out = '
......@@ -215,16 +215,10 @@ class SC_Event_List {
$out .= '</h3></div>';
// event time
if('' != $event->time && $this->is_visible($a['show_starttime'])) {
// set time format if a known format is available, else only show the text
$date_array = date_parse($event->time);
$time = $event->time;
if(empty($date_array['errors']) && is_numeric($date_array['hour']) && is_numeric($date_array['minute'])) {
$time = mysql2date(get_option('time_format'), $event->time);
}
if('' == $this->options->get('el_html_tags_in_time')) {
$time = esc_attr($time);
$event->time = esc_attr($event->time);
}
$out .= '<span class="event-time">'.$time.'</span>';
$out .= '<span class="event-time">'.$event->time.'</span>';
}
// event location
if('' != $event->location && $this->is_visible($a['show_location'])) {
......
......@@ -3,8 +3,8 @@ Contributors: mibuthu, clhunsen
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=W54LNZMWF9KW2
Tags: event, events, list, listview, calendar, schedule, shortcode, page, category, categories, filter, admin, attribute, widget, sidebar, feed, rss
Requires at least: 3.8
Tested up to: 4.7
Stable tag: 0.7.8
Tested up to: 4.8
Stable tag: 0.7.9
Plugin URI: http://wordpress.org/extend/plugins/event-list
Licence: GPLv2
License URI: http://www.gnu.org/licenses/gpl-2.0.html
......@@ -82,6 +82,13 @@ Another possibility would be to call the wordpress function "do_shortcode()".
== Changelog ==
= 0.7.9 (2017-06-12) =
* fixed security vulnerability reported by wordpress
* fixed / improved time handling and sorting according to time (fixed sorting will only work in new or modified events)
* fixed problem with locale handling in older wordpress versions
* fixed url when going back from event details page to event list page with a drowdown filter
* fixed HTML format issue in admin event table (with not properly nested tag warning)
= 0.7.8 (2017-03-17) =
* improved datepicker style in new/edit event view
* show datepicker in correct language
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment