Calendar - Version 1.3.4

Version Description

Enabled short codes for displaying the calendar in posts/pages
Enabled use of calendar short codes in the text widgets to permit multiple calendar widget instances via short codes
Fixed dollar sign not displaying properly in event descriptions
Removed references to deprecated MySQL functions, switching instead to wpdb prepare functions

Release Info

Developer	KieranOShea
Plugin	Calendar
Version	1.3.4
Comparing to
See all releases

Code changes from version 1.3.3 to 1.3.4

Files changed (2) hide show

calendar.php +160 -67
readme.txt +10 -11

calendar.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: http://www.kieranoshea.com
5	Description: This plugin allows you to display a calendar of all your events and appointments as a page on your site.
6	Author: Kieran O'Shea
7	Author URI: http://www.kieranoshea.com
8	- Version: 1.3.3
9	*/
10
11	/* Copyright 2008 Kieran O'Shea (email : kieran@kieranoshea.com)
	@@ -61,13 +61,9 @@ add_action('widgets_init', 'widget_init_calendar_today');
61	add_action('widgets_init', 'widget_init_calendar_upcoming');
62	add_action('widgets_init', 'widget_init_events_calendar');
63
64	- // ~~Before~~ ~~we get on with~~ the ~~functions,~~ ~~we need to define the initial style used for Calendar~~
65	-
66	- // ~~Function to~~
67	- function call_caldav()
68	- {
69	-
70	- }
71
72	// Function to deal with events posted by a user when that user is deleted
73	function deal_with_deleted_user($id)
	@@ -75,7 +71,21 @@ function deal_with_deleted_user($id)
75	global $wpdb;
76
77	// Do the query
78	- $wpdb->get_results("UPDATE ".WP_CALENDAR_TABLE." SET event_author=".$wpdb->get_var("SELECT MIN(ID) FROM ".$wpdb->prefix."users",0,0)." WHERE event_author="~~.mysql_escape_string($~~id));














79	}
80
81	// Function to provide time with WordPress offset, localy replaces time()
	@@ -301,6 +311,25 @@ function calendar_add_javascript()
301	}
302
303	// Function to deal with loading the calendar into pages



















304	function calendar_insert($content)
305	{
306	if (preg_match('/\{CALENDAR*.+\}/',$content))
	@@ -422,21 +451,23 @@ function check_calendar()
422	.calendar-heading {
423	height:25px;
424	text-align:center;
425	- border:1px solid #D6DED5;
426	background-color:#E4EBE3;
427	}
428	.calendar-next {
429	- width:25%;
430	text-align:center;

431	}
432	.calendar-prev {
433	- width:25%;
434	text-align:center;

435	}
436	.calendar-month {
437	- width:50%;
438	text-align:center;
439	font-weight:bold;

440	}
441	.normal-day-heading {
442	text-align:center;
	@@ -501,6 +532,9 @@ function check_calendar()
501	border:1px #D6DED5 solid;
502	margin:0;
503	}



504	.calendar-date-switcher select {
505	border:1px #D6DED5 solid;
506	margin:0;
	@@ -798,7 +832,7 @@ function wp_events_display_list(){
798	</td>
799	<td><?php $e = get_userdata($event->event_author); echo $e->display_name; ?></td>
800	<?php
801	- $sql = "SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id="~~.mysql_escape_string($~~event->event_category);
802	$this_cat = $wpdb->get_row($sql);
803	?>
804	<td style="background-color:<?php echo stripslashes($this_cat->category_colour);?>;"><?php echo stripslashes($this_cat->category_name); ?></td>
	@@ -837,7 +871,7 @@ function wp_events_edit_form($mode='add', $event_id=false)
837	}
838	else
839	{
840	- $data = $wpdb->get_results("SELECT * FROM " . WP_CALENDAR_TABLE . " WHERE event_id='~~" . mysql_escape_string($event_id) . "~~' LIMIT 1");
841	if ( empty($data) )
842	{
843	echo "<div class=\"error\"><p>".__("An event with that ID couldn't be found",'calendar')."</p></div>";
	@@ -1214,14 +1248,11 @@ if ( $action == 'add' )
1214	}
1215	if (isset($start_date_ok) && isset($end_date_ok) && isset($time_ok) && isset($url_ok) && isset($title_ok) && isset($recurring_ok))
1216	{
1217	- $sql = "INSERT INTO " . WP_CALENDAR_TABLE . " SET event_title='" . ~~mysql_escape_string($~~title)
1218	- . "', event_desc='" . mysql_escape_string($desc) . "', event_begin='" . mysql_escape_string($begin)
1219	- . "', event_end='" . mysql_escape_string($end) . "', event_time='" . mysql_escape_string($time_to_use) . "', event_recur='" . mysql_escape_string($recur) . "', event_repeats='" . mysql_escape_string($repeats) . "', event_author=".$current_user->ID.", event_category=".mysql_escape_string($category).", event_link='".mysql_escape_string($linky)."'";
1220
1221	$wpdb->get_results($sql);
1222
1223	- $sql = "SELECT event_id FROM " . WP_CALENDAR_TABLE . " WHERE event_title='" . ~~mysql_escape_string($title)~~ . "'"
1224	- . " AND event_desc='" . mysql_escape_string($desc) . "' AND event_begin='" . mysql_escape_string($begin) . "' AND event_end='" . mysql_escape_string($end) . "' AND event_recur='" . mysql_escape_string($recur) . "' AND event_repeats='" . mysql_escape_string($repeats) . "' LIMIT 1";
1225	$result = $wpdb->get_results($sql);
1226
1227	if ( empty($result) \|\| empty($result[0]->event_id) )
	@@ -1381,14 +1412,9 @@ elseif ( $action == 'edit_save' )
1381	}
1382	if (isset($start_date_ok) && isset($end_date_ok) && isset($time_ok) && isset($url_ok) && isset($title_ok) && isset($recurring_ok))
1383	{
1384	- $sql = "UPDATE " . WP_CALENDAR_TABLE . " SET event_title='" . ~~mysql_escape_string($~~title)
1385	- . "', event_desc='" . mysql_escape_string($desc) . "', event_begin='" . mysql_escape_string($begin)
1386	- . "', event_end='" . mysql_escape_string($end) . "', event_time='" . mysql_escape_string($time_to_use) . "', event_recur='" . mysql_escape_string($recur) . "', event_repeats='" . mysql_escape_string($repeats) . "', event_author=".$current_user->ID . ", event_category=".mysql_escape_string($category).", event_link='".mysql_escape_string($linky)."' WHERE event_id='" . mysql_escape_string($event_id) . "'";
1387	-
1388	$wpdb->get_results($sql);
1389	-
1390	- $sql = "SELECT event_id FROM " . WP_CALENDAR_TABLE . " WHERE event_title='" . mysql_escape_string($title) . "'"
1391	- . " AND event_desc='" . mysql_escape_string($desc) . "' AND event_begin='" . mysql_escape_string($begin) . "' AND event_end='" . mysql_escape_string($end) . "' AND event_recur='" . mysql_escape_string($recur) . "' AND event_repeats='" . mysql_escape_string($repeats) . "' LIMIT 1";
1392	$result = $wpdb->get_results($sql);
1393
1394	if ( empty($result) \|\| empty($result[0]->event_id) )
	@@ -1407,7 +1433,7 @@ elseif ( $action == 'edit_save' )
1407	else
1408	{
1409	// The form is going to be rejected due to field validation issues, so we preserve the users entries here
1410	- $users_entries->event_title = $title;
1411	$users_entries->event_desc = $desc;
1412	$users_entries->event_begin = $begin;
1413	$users_entries->event_end = $end;
	@@ -1436,10 +1462,10 @@ elseif ( $action == 'delete' )
1436	}
1437	else
1438	{
1439	- $sql = "DELETE FROM " . WP_CALENDAR_TABLE . " WHERE event_id='" ~~. mysql_escape_string($~~event_id) ~~. "'"~~;
1440	$wpdb->get_results($sql);
1441
1442	- $sql = "SELECT event_id FROM " . WP_CALENDAR_TABLE . " WHERE event_id='" ~~. mysql_escape_string($~~event_id) ~~. "'"~~;
1443	$result = $wpdb->get_results($sql);
1444
1445	if ( empty($result) \|\| empty($result[0]->event_id) )
	@@ -1514,19 +1540,19 @@ function edit_calendar_config()
1514	else if ($_POST['permissions'] == 'admin') { $new_perms = 'manage_options'; }
1515	else { $new_perms = 'manage_options'; }
1516
1517	- $calendar_style = ~~mysql_escape_string(~~$_POST['style']);
1518	- $display_upcoming_days = ~~mysql_escape_string(~~$_POST['display_upcoming_days']);
1519
1520	- if (~~mysql_escape_string(~~$_POST['display_author']) == 'on')
1521	- {
1522	- $disp_author = 'true';
1523	- }
1524	else
1525	- {
1526	- $disp_author = 'false';
1527	- }
1528
1529	- if (~~mysql_escape_string(~~$_POST['display_jump']) == 'on')
1530	{
1531	$disp_jump = 'true';
1532	}
	@@ -1535,7 +1561,7 @@ function edit_calendar_config()
1535	$disp_jump = 'false';
1536	}
1537
1538	- if (~~mysql_escape_string(~~$_POST['display_todays']) == 'on')
1539	{
1540	$disp_todays = 'true';
1541	}
	@@ -1544,7 +1570,7 @@ function edit_calendar_config()
1544	$disp_todays = 'false';
1545	}
1546
1547	- if (~~mysql_escape_string(~~$_POST['display_upcoming']) == 'on')
1548	{
1549	$disp_upcoming = 'true';
1550	}
	@@ -1553,27 +1579,38 @@ function edit_calendar_config()
1553	$disp_upcoming = 'false';
1554	}
1555
1556	- if (~~mysql_escape_string(~~$_POST['enable_categories']) == 'on')
1557	{
1558	$enable_categories = 'true';
1559	}
1560	else
1561	{
1562	- $enable_categories = 'false';
1563	}
1564
1565	- $~~wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value =~~ '~~".$new_perms."~~' ~~WHERE~~ ~~config_item=~~'~~can_manage_events~~'");
1566	- $~~wpdb->get_results("UPDATE~~ ~~" . WP_CALENDAR_CONFIG_TABLE . " SET config_value~~ = '~~".$calendar_style."~~' ~~WHERE config_item='calendar_style'")~~;
1567	- ~~$wpdb->get_results("UPDATE~~ " ~~. WP_CALENDAR_CONFIG_TABLE . " SET config_value = '".$disp_author."' WHERE config_item='display_author'");~~
1568	- $~~wpdb->get_results("UPDATE~~ ~~" . WP_CALENDAR_CONFIG_TABLE . " SET config_value~~ = '~~".$disp_jump."~~' ~~WHERE config_item='display_jump'")~~;
1569	- ~~$wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '".$disp_todays."' WHERE config_item='display_todays'");~~
1570	- ~~$wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '".$disp_upcoming."' WHERE config_item='display_upcoming'");~~
1571	- $wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '~~".$display_upcoming_days."~~' WHERE config_item='~~display_upcoming_days~~'");
1572	- $wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '~~".$enable_categories."~~' WHERE config_item='~~enable_categories~~'");











1573
1574	// Check to see if we are replacing the original style
1575	if (isset($_POST['reset_styles'])) {
1576	- if (~~mysql_escape_string(~~$_POST['reset_styles']) == 'on')
1577	{
1578	$wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '".$initial_style."' WHERE config_item='calendar_style'");
1579	}
	@@ -1693,6 +1730,23 @@ function edit_calendar_config()
1693	}
1694	}
1695	}

















1696	$subscriber_selected = '';
1697	$contributor_selected = '';
1698	$author_selected = '';
	@@ -1796,6 +1850,17 @@ function edit_calendar_config()
1796	</td>
1797	</tr>
1798	<tr>











1799	<td style="vertical-align:top;"><legend><?php _e('Configure the stylesheet for Calendar','calendar'); ?></legend></td>
1800	<td><textarea name="style" rows="10" cols="60" tabindex="2"><?php echo $calendar_style; ?></textarea><br />
1801	<input type="checkbox" name="reset_styles" /> <?php _e('Tick this box if you wish to reset the Calendar style to default','calendar'); ?></td>
	@@ -1858,28 +1923,28 @@ function manage_categories()
1858	<?php
1859	} else {
1860	// Proceed with the save
1861	- $sql = "INSERT INTO " . WP_CALENDAR_CATEGORIES_TABLE . " SET category_name='~~".mysql_escape_string($_POST[~~'~~category_name'])."'~~, category_colour='"~~.mysql_escape_string($~~_POST['category_colour'])~~."'"~~;
1862	$wpdb->get_results($sql);
1863	echo "<div class=\"updated\"><p><strong>".__('Category added successfully','calendar')."</strong></p></div>";
1864	}
1865	}
1866	else if (isset($_GET['mode']) && isset($_GET['category_id']) && $_GET['mode'] == 'delete')
1867	{
1868	- if (wp_verify_nonce($_GET['_wpnonce'],'calendar-category_delete_'~~.mysql_escape_string($~~_GET['category_id'])) == false) {
1869	?>
1870	<div class="error"><p><strong><?php _e('Error','calendar'); ?>:</strong> <?php _e("Security check failure, try deleting the category again",'calendar'); ?></p></div>
1871	<?php
1872	} else {
1873	- $sql = "DELETE FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id="~~.mysql_escape_string($~~_GET['category_id']);
1874	$wpdb->get_results($sql);
1875	- $sql = "UPDATE " . WP_CALENDAR_TABLE . " SET event_category=1 WHERE event_category="~~.mysql_escape_string($~~_GET['category_id']);
1876	$wpdb->get_results($sql);
1877	echo "<div class=\"updated\"><p><strong>".__('Category deleted successfully','calendar')."</strong></p></div>";
1878	}
1879	}
1880	else if (isset($_GET['mode']) && isset($_GET['category_id']) && $_GET['mode'] == 'edit' && !isset($_POST['mode']))
1881	{
1882	- $sql = "SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id="~~.intval(mysql_escape_string($~~_GET['category_id']));
1883	$cur_cat = $wpdb->get_row($sql);
1884	?>
1885	<div class="wrap">
	@@ -1910,13 +1975,13 @@ function manage_categories()
1910	}
1911	else if (isset($_POST['mode']) && isset($_POST['category_id']) && isset($_POST['category_name']) && isset($_POST['category_colour']) && $_POST['mode'] == 'edit')
1912	{
1913	- if (wp_verify_nonce($_POST['_wpnonce'],'calendar-category_edit_'~~.mysql_escape_string($~~_POST['category_id'])) == false) {
1914	?>
1915	<div class="error"><p><strong><?php _e('Error','calendar'); ?>:</strong> <?php _e("Security check failure, try editing the category again",'calendar'); ?></p></div>
1916	<?php
1917	} else {
1918	// Proceed with the save
1919	- $sql = "UPDATE " . WP_CALENDAR_CATEGORIES_TABLE . " SET category_name='~~".mysql_escape_string($_POST[~~'~~category_name'])."'~~, category_colour='"~~.mysql_escape_string($~~_POST['category_colour']~~)."' WHERE category_id=".mysql_escape_string($~~_POST['category_id']);
1920	$wpdb->get_results($sql);
1921	echo "<div class=\"updated\"><p><strong>".__('Category edited successfully','calendar')."</strong></p></div>";
1922	}
	@@ -2357,7 +2422,7 @@ function draw_event($event)
2357	$style = '';
2358	if ($show_cat == 'true')
2359	{
2360	- $sql = "SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id="~~.mysql_escape_string($~~event->event_category);
2361	$cat_details = $wpdb->get_row($sql);
2362	$style = 'style="background-color:'.stripslashes($cat_details->category_colour).';"';
2363	}
	@@ -2644,7 +2709,7 @@ function calendar($cat_list = '')
2644
2645	// Again nasty code to map permalinks into something
2646	// databases can understand. This will be cleaned up
2647	- $c_year = ~~mysql_escape_string~~($_GET['yr']);
2648	if ($_GET['month'] == 'jan') { $t_month = 1; }
2649	else if ($_GET['month'] == 'feb') { $t_month = 2; }
2650	else if ($_GET['month'] == 'mar') { $t_month = 3; }
	@@ -2879,9 +2944,23 @@ function calendar($cat_list = '')
2879	';
2880	}
2881
2882	- // A little link to yours truly~~. See the README if you wish to remove this~~
2883	- $~~calendar_body~~ ~~.= '<div class~~=~~"kjo-link"~~ ~~style="visibility:visible !important;display:block !important;"><p>~~'~~.__(~~'~~Calendar developed and supported by ', 'calendar').'<a href="http://www.kieranoshea.com">Kieran O\'Shea</a></p></div>~~










2884	';




2885
2886	// Phew! After that bit of string building, spit it all out.
2887	// The actual printing is done by the calling function.
	@@ -2951,7 +3030,7 @@ calendar'),__('August','calendar'),__('September','calendar'),__('October','cale
2951
2952	// Again nasty code to map permalinks into something
2953	// databases can understand. This will be cleaned up
2954	- $c_year = ~~mysql_escape_string~~($_GET['yr']);
2955	if ($_GET['month'] == 'jan') { $t_month = 1; }
2956	else if ($_GET['month'] == 'feb') { $t_month = 2; }
2957	else if ($_GET['month'] == 'mar') { $t_month = 3; }
	@@ -3093,9 +3172,23 @@ calendar'),__('August','calendar'),__('September','calendar'),__('October','cale
3093	$calendar_body .= '</table>
3094	';
3095
3096	- // A little link to yours truly~~. See the README if you wish to remove this~~
3097	- $~~calendar_body~~ ~~.= '<div class~~=~~"kjo-link"~~ ~~style="visibility:visible !important;display:block !important;"><p>~~'~~.__(~~'~~Calendar by ', 'calendar').'<a href="http://www.kieranoshea.com">Kieran O\'Shea</a></p></div>~~










3098	';




3099
3100	// Closing div
3101	$calendar_body .= '</div>


5	Description: This plugin allows you to display a calendar of all your events and appointments as a page on your site.
6	Author: Kieran O'Shea
7	Author URI: http://www.kieranoshea.com
8	+ Version: 1.3.4
9	*/
10
11	/* Copyright 2008 Kieran O'Shea (email : kieran@kieranoshea.com)

61	add_action('widgets_init', 'widget_init_calendar_upcoming');
62	add_action('widgets_init', 'widget_init_events_calendar');
63
64	+ // Add the short code
65	+ add_shortcode( 'calendar', 'calendar_shortcode_insert' );
66	+ add_filter('widget_text', 'do_shortcode');




67
68	// Function to deal with events posted by a user when that user is deleted
69	function deal_with_deleted_user($id)

71	global $wpdb;
72
73	// Do the query
74	+ $wpdb->get_results($wpdb->prepare("UPDATE ".WP_CALENDAR_TABLE." SET event_author=".$wpdb->get_var("SELECT MIN(ID) FROM ".$wpdb->prefix."users",0,0)." WHERE event_author=%d",$id));
75	+ }
76	+
77	+ // Function to display a warning on the admin panel if the calendar plugin is mising setup
78	+ add_action( 'admin_notices', 'calendar_setup_incomplete_warning' );
79	+ function calendar_setup_incomplete_warning() {
80	+ global $wpdb;
81	+ $incomplete_check = $wpdb->get_results("SELECT config_value FROM " . WP_CALENDAR_CONFIG_TABLE . " WHERE config_item='show_attribution_link'");
82	+ if (empty($incomplete_check) && !(isset($_GET['page']) && $_GET['page'] == 'calendar-config')) {
83	+ $args = array( 'page' => 'calendar-config');
84	+ $url = add_query_arg( $args, admin_url( 'admin.php' ) );
85	+ ?>
86	+ <div class="update-nag"><p><strong><?php _e('Warning','calendar'); ?>:</strong> <?php _e("Calendar setup incomplete. Go to the <a href=\"$url\">calendar plugin settings</a> to complete setup.",'calendar'); ?></p></div>
87	+ <?php
88	+ }
89	}
90
91	// Function to provide time with WordPress offset, localy replaces time()

311	}
312
313	// Function to deal with loading the calendar into pages
314	+ function calendar_shortcode_insert($atts) {
315	+ $a = shortcode_atts( array(
316	+ 'categories' => '',
317	+ 'type' => ''
318	+ ), $atts );
319	+ if ($a['categories'] == '') {
320	+ if ($a['type'] == 'mini') {
321	+ return minical();
322	+ } else {
323	+ return calendar();
324	+ }
325	+ } else {
326	+ if ($a['type'] == 'mini') {
327	+ return minical();
328	+ } else {
329	+ return calendar( $a['categories'] );
330	+ }
331	+ }
332	+ }
333	function calendar_insert($content)
334	{
335	if (preg_match('/\{CALENDAR*.+\}/',$content))

451	.calendar-heading {
452	height:25px;
453	text-align:center;

454	background-color:#E4EBE3;
455	}
456	.calendar-next {
457	+ width:20%;
458	text-align:center;
459	+ border:none;
460	}
461	.calendar-prev {
462	+ width:20%;
463	text-align:center;
464	+ border:none;
465	}
466	.calendar-month {
467	+ width:60%;
468	text-align:center;
469	font-weight:bold;
470	+ border:none;
471	}
472	.normal-day-heading {
473	text-align:center;

532	border:1px #D6DED5 solid;
533	margin:0;
534	}
535	+ .calendar-date-switcher input[type=submit] {
536	+ padding:3px 10px;
537	+ }
538	.calendar-date-switcher select {
539	border:1px #D6DED5 solid;
540	margin:0;

832	</td>
833	<td><?php $e = get_userdata($event->event_author); echo $e->display_name; ?></td>
834	<?php
835	+ $sql = $wpdb->prepare("SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=%d",$event->event_category);
836	$this_cat = $wpdb->get_row($sql);
837	?>
838	<td style="background-color:<?php echo stripslashes($this_cat->category_colour);?>;"><?php echo stripslashes($this_cat->category_name); ?></td>

871	}
872	else
873	{
874	+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . WP_CALENDAR_TABLE . " WHERE event_id='%d' LIMIT 1",$event_id));
875	if ( empty($data) )
876	{
877	echo "<div class=\"error\"><p>".__("An event with that ID couldn't be found",'calendar')."</p></div>";

1248	}
1249	if (isset($start_date_ok) && isset($end_date_ok) && isset($time_ok) && isset($url_ok) && isset($title_ok) && isset($recurring_ok))
1250	{
1251	+ $sql = $wpdb->prepare("INSERT INTO " . WP_CALENDAR_TABLE . " SET event_title='%s', event_desc='%s', event_begin='%s', event_end='%s', event_time='%s', event_recur='%s', event_repeats='%s', event_author=%d, event_category=%d, event_link='%s'",$title,$desc,$begin,$end,$time_to_use,$recur,$repeats,$current_user->ID,$category,$linky);


1252
1253	$wpdb->get_results($sql);
1254
1255	+ $sql = $wpdb->prepare("SELECT event_id FROM " . WP_CALENDAR_TABLE . " WHERE event_title='%s' AND event_desc='%s' AND event_begin='%s' AND event_end='%s' AND event_recur='%s' AND event_repeats='%s' LIMIT 1",$title,$desc,$begin,$end,$recur,$repeats);

1256	$result = $wpdb->get_results($sql);
1257
1258	if ( empty($result) \|\| empty($result[0]->event_id) )

1412	}
1413	if (isset($start_date_ok) && isset($end_date_ok) && isset($time_ok) && isset($url_ok) && isset($title_ok) && isset($recurring_ok))
1414	{
1415	+ $sql = $wpdb->prepare("UPDATE " . WP_CALENDAR_TABLE . " SET event_title='%s', event_desc='%s', event_begin='%s', event_end='%s', event_time='%s', event_recur='%s', event_repeats='%s', event_author=%d, event_category=%d, event_link='%s' WHERE event_id='%s'",$title,$desc,$begin,$end,$time_to_use,$recur,$repeats,$current_user->ID,$category,$linky,$event_id);



1416	$wpdb->get_results($sql);
1417	+ $sql = $wpdb->prepare("SELECT event_id FROM " . WP_CALENDAR_TABLE . " WHERE event_title='%s' AND event_desc='%s' AND event_begin='%s' AND event_end='%s' AND event_recur='%s' AND event_repeats='%s' LIMIT 1",$title,$desc,$begin,$end,$recur,$repeats);


1418	$result = $wpdb->get_results($sql);
1419
1420	if ( empty($result) \|\| empty($result[0]->event_id) )

1433	else
1434	{
1435	// The form is going to be rejected due to field validation issues, so we preserve the users entries here
1436	+ $users_entries->event_title = $title;
1437	$users_entries->event_desc = $desc;
1438	$users_entries->event_begin = $begin;
1439	$users_entries->event_end = $end;

1462	}
1463	else
1464	{
1465	+ $sql = $wpdb->prepare("DELETE FROM " . WP_CALENDAR_TABLE . " WHERE event_id='%s'",$event_id);
1466	$wpdb->get_results($sql);
1467
1468	+ $sql = $wpdb->prepare("SELECT event_id FROM " . WP_CALENDAR_TABLE . " WHERE event_id='%s'",$event_id);
1469	$result = $wpdb->get_results($sql);
1470
1471	if ( empty($result) \|\| empty($result[0]->event_id) )

1540	else if ($_POST['permissions'] == 'admin') { $new_perms = 'manage_options'; }
1541	else { $new_perms = 'manage_options'; }
1542
1543	+ $calendar_style = $_POST['style']; // Escape done in query below
1544	+ $display_upcoming_days = $_POST['display_upcoming_days']; // Escape done in query below
1545
1546	+ if ($_POST['display_author'] == 'on')
1547	+ {
1548	+ $disp_author = 'true';
1549	+ }
1550	else
1551	+ {
1552	+ $disp_author = 'false';
1553	+ }
1554
1555	+ if ($_POST['display_jump'] == 'on')
1556	{
1557	$disp_jump = 'true';
1558	}

1561	$disp_jump = 'false';
1562	}
1563
1564	+ if ($_POST['display_todays'] == 'on')
1565	{
1566	$disp_todays = 'true';
1567	}

1570	$disp_todays = 'false';
1571	}
1572
1573	+ if ($_POST['display_upcoming'] == 'on')
1574	{
1575	$disp_upcoming = 'true';
1576	}

1579	$disp_upcoming = 'false';
1580	}
1581
1582	+ if ($_POST['enable_categories'] == 'on')
1583	{
1584	$enable_categories = 'true';
1585	}
1586	else
1587	{
1588	+ $enable_categories = 'false';
1589	}
1590
1591	+ if ($_POST['show_attribution_link'] == 'on') {
1592	+ $show_attribution_link = 'true';
1593	+ } else {
1594	+ $show_attribution_link = 'false';
1595	+ }
1596	+
1597	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='can_manage_events'",$new_perms));
1598	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='calendar_style'",$calendar_style));
1599	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='display_author'",$disp_author));
1600	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='display_jump'",$disp_jump));
1601	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='display_todays'",$disp_todays));
1602	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='display_upcoming'",$disp_upcoming));
1603	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%d' WHERE config_item='display_upcoming_days'",$display_upcoming_days));
1604	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='enable_categories'",$enable_categories));
1605	+ $attribution_present = $wpdb->get_results("SELECT config_value FROM " . WP_CALENDAR_CONFIG_TABLE . " WHERE config_item='show_attribution_link'");
1606	+ if (empty($attribution_present)) {
1607	+ $wpdb->get_results("INSERT INTO " . WP_CALENDAR_CONFIG_TABLE . " SET config_item='show_attribution_link', config_value='false'");
1608	+ }
1609	+ $wpdb->get_results($wpdb->prepare("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '%s' WHERE config_item='show_attribution_link'",$show_attribution_link));
1610
1611	// Check to see if we are replacing the original style
1612	if (isset($_POST['reset_styles'])) {
1613	+ if ($_POST['reset_styles'] == 'on')
1614	{
1615	$wpdb->get_results("UPDATE " . WP_CALENDAR_CONFIG_TABLE . " SET config_value = '".$initial_style."' WHERE config_item='calendar_style'");
1616	}

1730	}
1731	}
1732	}
1733	+ $configs = $wpdb->get_results("SELECT config_value FROM " . WP_CALENDAR_CONFIG_TABLE . " WHERE config_item='show_attribution_link'");
1734	+ $yes_show_attribution_link = '';
1735	+ $no_show_attribution_link = '';
1736	+ if (!empty($configs))
1737	+ {
1738	+ foreach ($configs as $config)
1739	+ {
1740	+ if ($config->config_value == 'true')
1741	+ {
1742	+ $yes_show_attribution_link = 'selected="selected"';
1743	+ }
1744	+ else
1745	+ {
1746	+ $no_show_attribution_link = 'selected="selected"';
1747	+ }
1748	+ }
1749	+ }
1750	$subscriber_selected = '';
1751	$contributor_selected = '';
1752	$author_selected = '';

1850	</td>
1851	</tr>
1852	<tr>
1853	+ <td><legend><?php _e('Enable attribution link?','calendar'); ?></legend></td>
1854	+ <td> <select name="show_attribution_link">
1855	+ <?php if ($yes_show_attribution_link == '' && $yes_show_attribution_link == '') { ?>
1856	+ <option value="on" selected="selected"></option>
1857	+ <?php } ?>
1858	+ <option value="on" <?php echo $yes_show_attribution_link ?>><?php _e('Yes','calendar') ?></option>
1859	+ <option value="off" <?php echo $no_show_attribution_link ?>><?php _e('No','calendar') ?></option>
1860	+ </select>
1861	+ </td>
1862	+ </tr>
1863	+ <tr>
1864	<td style="vertical-align:top;"><legend><?php _e('Configure the stylesheet for Calendar','calendar'); ?></legend></td>
1865	<td><textarea name="style" rows="10" cols="60" tabindex="2"><?php echo $calendar_style; ?></textarea><br />
1866	<input type="checkbox" name="reset_styles" /> <?php _e('Tick this box if you wish to reset the Calendar style to default','calendar'); ?></td>

1923	<?php
1924	} else {
1925	// Proceed with the save
1926	+ $sql = $wpdb->prepare("INSERT INTO " . WP_CALENDAR_CATEGORIES_TABLE . " SET category_name='%s', category_colour='%s'",$_POST['category_name'],$_POST['category_colour']);
1927	$wpdb->get_results($sql);
1928	echo "<div class=\"updated\"><p><strong>".__('Category added successfully','calendar')."</strong></p></div>";
1929	}
1930	}
1931	else if (isset($_GET['mode']) && isset($_GET['category_id']) && $_GET['mode'] == 'delete')
1932	{
1933	+ if (wp_verify_nonce($_GET['_wpnonce'],'calendar-category_delete_'.$_GET['category_id']) == false) {
1934	?>
1935	<div class="error"><p><strong><?php _e('Error','calendar'); ?>:</strong> <?php _e("Security check failure, try deleting the category again",'calendar'); ?></p></div>
1936	<?php
1937	} else {
1938	+ $sql = $wpdb->prepare("DELETE FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=%d",$_GET['category_id']);
1939	$wpdb->get_results($sql);
1940	+ $sql = $wpdb->prepare("UPDATE " . WP_CALENDAR_TABLE . " SET event_category=1 WHERE event_category=%d",$_GET['category_id']);
1941	$wpdb->get_results($sql);
1942	echo "<div class=\"updated\"><p><strong>".__('Category deleted successfully','calendar')."</strong></p></div>";
1943	}
1944	}
1945	else if (isset($_GET['mode']) && isset($_GET['category_id']) && $_GET['mode'] == 'edit' && !isset($_POST['mode']))
1946	{
1947	+ $sql = $wpdb->prepare("SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=%d",$_GET['category_id']);
1948	$cur_cat = $wpdb->get_row($sql);
1949	?>
1950	<div class="wrap">

1975	}
1976	else if (isset($_POST['mode']) && isset($_POST['category_id']) && isset($_POST['category_name']) && isset($_POST['category_colour']) && $_POST['mode'] == 'edit')
1977	{
1978	+ if (wp_verify_nonce($_POST['_wpnonce'],'calendar-category_edit_'.$_POST['category_id']) == false) {
1979	?>
1980	<div class="error"><p><strong><?php _e('Error','calendar'); ?>:</strong> <?php _e("Security check failure, try editing the category again",'calendar'); ?></p></div>
1981	<?php
1982	} else {
1983	// Proceed with the save
1984	+ $sql = $wpdb->prepare("UPDATE " . WP_CALENDAR_CATEGORIES_TABLE . " SET category_name='%s', category_colour='%s' WHERE category_id=%d",$_POST['category_name'],$_POST['category_colour'],$_POST['category_id']);
1985	$wpdb->get_results($sql);
1986	echo "<div class=\"updated\"><p><strong>".__('Category edited successfully','calendar')."</strong></p></div>";
1987	}

2422	$style = '';
2423	if ($show_cat == 'true')
2424	{
2425	+ $sql = $wpdb->prepare("SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=%d",$event->event_category);
2426	$cat_details = $wpdb->get_row($sql);
2427	$style = 'style="background-color:'.stripslashes($cat_details->category_colour).';"';
2428	}

2709
2710	// Again nasty code to map permalinks into something
2711	// databases can understand. This will be cleaned up
2712	+ $c_year = $wpdb->prepare("%d",$_GET['yr']);
2713	if ($_GET['month'] == 'jan') { $t_month = 1; }
2714	else if ($_GET['month'] == 'feb') { $t_month = 2; }
2715	else if ($_GET['month'] == 'mar') { $t_month = 3; }

2944	';
2945	}
2946
2947	+ // A little link to yours truly
2948	+ $link_approved = 'false';
2949	+ $link_approved_results = $wpdb->get_results("SELECT config_value FROM " . WP_CALENDAR_CONFIG_TABLE . " WHERE config_item='show_attribution_link'");
2950	+ foreach ($link_approved_results as $link_approved_item)
2951	+ {
2952	+ if ($link_approved_item->config_value == 'true')
2953	+ {
2954	+ $link_approved = 'true';
2955	+ }
2956	+ }
2957	+ if ($link_approved == 'true') {
2958	+ $linkback_url = '<div class="kjo-link" style="visibility:visible !important;display:block !important;"><p>'.__('Calendar developed and supported by ', 'calendar').'<a href="http://www.kieranoshea.com">Kieran O\'Shea</a></p></div>
2959	';
2960	+ } else {
2961	+ $linkback_url = '';
2962	+ }
2963	+ $calendar_body .= $linkback_url;
2964
2965	// Phew! After that bit of string building, spit it all out.
2966	// The actual printing is done by the calling function.

3030
3031	// Again nasty code to map permalinks into something
3032	// databases can understand. This will be cleaned up
3033	+ $c_year = $wpdb->prepare("%s",$_GET['yr']);
3034	if ($_GET['month'] == 'jan') { $t_month = 1; }
3035	else if ($_GET['month'] == 'feb') { $t_month = 2; }
3036	else if ($_GET['month'] == 'mar') { $t_month = 3; }

3172	$calendar_body .= '</table>
3173	';
3174
3175	+ // A little link to yours truly
3176	+ $link_approved = 'false';
3177	+ $link_approved_results = $wpdb->get_results("SELECT config_value FROM " . WP_CALENDAR_CONFIG_TABLE . " WHERE config_item='show_attribution_link'");
3178	+ foreach ($link_approved_results as $link_approved_item)
3179	+ {
3180	+ if ($link_approved_item->config_value == 'true')
3181	+ {
3182	+ $link_approved = 'true';
3183	+ }
3184	+ }
3185	+ if ($link_approved == 'true') {
3186	+ $linkback_url = '<div class="kjo-link" style="visibility:visible !important;display:block !important;"><p>'.__('Calendar by ', 'calendar').'<a href="http://www.kieranoshea.com">Kieran O\'Shea</a></p></div>
3187	';
3188	+ } else {
3189	+ $linkback_url = '';
3190	+ }
3191	+ $calendar_body .= $linkback_url;
3192
3193	// Closing div
3194	$calendar_body .= '</div>

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: KieranOShea
3	Donate link: http://www.kieranoshea.com
4	Tags: calendar, dates, times, events
5	- Requires at least: 2.0
6	- Tested up to: 3.5.1
7	- Stable tag: 1.3.3
8
9	A simple but effective Calendar plugin for WordPress that allows you to
10	manage your events and appointments and display them to the world.
	@@ -127,16 +127,9 @@ Uninstalling:
127	= Where can I get support for the plugin? =
128
129	Support is only available on [Kieran O'Shea's forum](http://www.kieranoshea.com/forum/viewtopic.php?f=13&t=10 "Kieran O'Shea's forum").
130	- Regrettably e-mail support became too ~~cumberome~~ to manage and so now all support and bug report e-mails for calendar will be ignored. All
131	such queries will be answered promptly on the forums, although please make sure you search first before asking your question.
132
133	- = Can I remove the link to your site? =
134	-
135	- Yes, you may do this, but please be aware that support will not be provided
136	- to those who choose to remove the link. When you ask your support question
137	- you will be asked for the URL to your blog and the presence of the link will
138	- be checked before support will be provided.
139	-
140	== Screenshots ==
141
142	1. Calendar being used on a blog page
	@@ -151,6 +144,12 @@ Uninstalling:
151
152	== Changelog ==
153






154	= 1.3.3 =
155	* Fixed XSS security issue (thanks to Charlie Eriksen via Secunia SVCRP for the report)
156


2	Contributors: KieranOShea
3	Donate link: http://www.kieranoshea.com
4	Tags: calendar, dates, times, events
5	+ Requires at least: 4.3.1
6	+ Tested up to: 4.3.1
7	+ Stable tag: 1.3.4
8
9	A simple but effective Calendar plugin for WordPress that allows you to
10	manage your events and appointments and display them to the world.

127	= Where can I get support for the plugin? =
128
129	Support is only available on [Kieran O'Shea's forum](http://www.kieranoshea.com/forum/viewtopic.php?f=13&t=10 "Kieran O'Shea's forum").
130	+ Regrettably e-mail support became too cumbersome to manage and so now all support and bug report e-mails for calendar will be ignored. All
131	such queries will be answered promptly on the forums, although please make sure you search first before asking your question.
132







133	== Screenshots ==
134
135	1. Calendar being used on a blog page

144
145	== Changelog ==
146
147	+ = 1.3.4 =
148	+ * Enabled short codes for displaying the calendar in posts/pages
149	+ * Enabled use of calendar short codes in the text widgets to permit multiple calendar widget instances via short codes
150	+ * Fixed dollar sign not displaying properly in event descriptions
151	+ * Removed references to deprecated MySQL functions, switching instead to wpdb prepare functions
152	+
153	= 1.3.3 =
154	* Fixed XSS security issue (thanks to Charlie Eriksen via Secunia SVCRP for the report)
155