Event List - Version 0.7.9

Version Description

(2017-06-12) = * fixed security vulnerability reported by wordpress * fixed / improved time handling and sorting according to time (fixed sorting will only work in new or modified events) * fixed problem with locale handling in older wordpress versions * fixed url when going back from event details page to event list page with a drowdown filter * fixed HTML format issue in admin event table (with not properly nested tag warning)

Download this release

Release Info

Developer	mibuthu
Plugin	Event List
Version	0.7.9
Comparing to
See all releases

Code changes from version 0.7.8 to 0.7.9

Files changed (11) hide show

admin/includes/admin-categories.php +3 -2
admin/includes/admin-main.php +7 -5
admin/includes/admin-new.php +4 -4
admin/includes/event_table.php +1 -6
admin/js/admin_new.js +1 -1
event-list.php +2 -2
includes/categories.php +4 -1
includes/db.php +30 -4
includes/js/filterbar.js +3 -2
includes/sc_event-list.php +5 -11
readme.txt +9 -2

admin/includes/admin-categories.php CHANGED Viewed

	@@ -78,10 +78,11 @@ class EL_Admin_Categories {
78	if(!$is_disabled) {
79	// delete categories
80	$slug_array = explode(', ', $_GET['slug']);

81	$num_affected_events = $this->db->remove_category_in_events($slug_array);
82	if($this->categories->remove_categories($slug_array, false)) {
83	$out .= '<div id="message" class="updated">
84	- <p><strong>'.sprintf(__('Category "%s" deleted.','event-list'), ~~$_GET[~~'~~slug~~']);
85	if($num_affected_events > 0) {
86	$out .= '<br />'.sprintf(__('This Category was also removed from %d events.','event-list'), $num_affected_events);
87	}
	@@ -89,7 +90,7 @@ class EL_Admin_Categories {
89	</div>';
90	}
91	else {
92	- $out .= '<div id="message" class="error below-h2"><p><strong>'.sprintf(__('Error while deleting category "%s"','event-list'), ~~$_GET[~~'~~slug~~']).'.</strong></p></div>';
93	}
94	}
95	}


78	if(!$is_disabled) {
79	// delete categories
80	$slug_array = explode(', ', $_GET['slug']);
81	+ $slug_array = array_map('sanitize_title_for_query', $slug_array);
82	$num_affected_events = $this->db->remove_category_in_events($slug_array);
83	if($this->categories->remove_categories($slug_array, false)) {
84	$out .= '<div id="message" class="updated">
85	+ <p><strong>'.sprintf(__('Category "%s" deleted.','event-list'), implode(', ', $slug_array));
86	if($num_affected_events > 0) {
87	$out .= '<br />'.sprintf(__('This Category was also removed from %d events.','event-list'), $num_affected_events);
88	}

90	</div>';
91	}
92	else {
93	+ $out .= '<div id="message" class="error below-h2"><p><strong>'.sprintf(__('Error while deleting category "%s"','event-list'), implode(', ', $slug_array)).'.</strong></p></div>';
94	}
95	}
96	}

admin/includes/admin-main.php CHANGED Viewed

	@@ -48,8 +48,10 @@ class EL_Admin_Main {
48	break;
49	case 'delete':
50	if(isset($_GET['id'])) {
51	- $~~error~~ = ~~!$this->db->delete_events(~~explode(',', $_GET['id']));
52	- $~~this->redirect('deleted',~~ ~~$error,~~ ~~array~~('id' => $~~_GET['id']~~));


53	}
54	break;
55	// proceed with header if a bulk action was triggered (required due to "noheader" attribute for all action above)
	@@ -110,7 +112,7 @@ class EL_Admin_Main {
110
111	private function show_page_header($action, $editview=false) {
112	if($editview) {
113	- $duplicate_link = add_query_arg(array('id'~~=>$~~_GET['id'], 'action'=>'copy'), '?page=el_admin_new');
114	$header = __('Edit Event','event-list').' <a href="'.$duplicate_link.'" class="add-new-h2">'.__('Duplicate','event-list').'</a>';
115	}
116	else {
	@@ -188,9 +190,9 @@ class EL_Admin_Main {
188	$num_deleted = count(explode(',', $_GET['id']));
189	$plural = ($num_deleted > 1) ? 's' : '';
190	if(!$error)
191	- $this->show_update_message($num_deleted.' Event'.$plural.' deleted (id'.$plural.': '.$_GET['id'].').');
192	else
193	- $this->show_error_message('Error ~~while~~ ~~deleting~~ '.$~~num_deleted~~.' ~~Event~~'~~.$plural~~.'.');
194	break;
195	}
196	}


48	break;
49	case 'delete':
50	if(isset($_GET['id'])) {
51	+ $id_array = explode(',', $_GET['id']);
52	+ $id_array = array_map('absint', $id_array);
53	+ $error = !$this->db->delete_events($id_array);
54	+ $this->redirect('deleted', $error, array('id' => implode(',', $id_array)));
55	}
56	break;
57	// proceed with header if a bulk action was triggered (required due to "noheader" attribute for all action above)

112
113	private function show_page_header($action, $editview=false) {
114	if($editview) {
115	+ $duplicate_link = add_query_arg(array('id'=>absint($_GET['id']), 'action'=>'copy'), '?page=el_admin_new');
116	$header = __('Edit Event','event-list').' <a href="'.$duplicate_link.'" class="add-new-h2">'.__('Duplicate','event-list').'</a>';
117	}
118	else {

190	$num_deleted = count(explode(',', $_GET['id']));
191	$plural = ($num_deleted > 1) ? 's' : '';
192	if(!$error)
193	+ $this->show_update_message($num_deleted.' Event'.$plural.' deleted (id'.$plural.': '.htmlentities($_GET['id']).').');
194	else
195	+ $this->show_error_message('Error: Deleting failed (Event id'.$plural.': '.htmlentities($_GET['id']).')!');
196	break;
197	}
198	}

admin/includes/admin-new.php CHANGED Viewed

	@@ -30,7 +30,7 @@ class EL_Admin_New {
30	$this->options = &EL_Options::get_instance();
31	$this->categories = &EL_Categories::get_instance();
32	$this->is_new = !(isset($_GET['action']) && ('edit' === $_GET['action'] \|\| 'added' === $_GET['action'] \|\| 'modified' === $_GET['action']));
33	- $this->is_duplicate = $this->is_new && isset($_GET['id']) && ~~is_numeric~~($_GET['id']);
34	}
35
36	public function show_new() {
	@@ -40,7 +40,7 @@ class EL_Admin_New {
40	$out = '<div class="wrap">
41	<div id="icon-edit-pages" class="icon32"><br /></div><h2>'.__('Add New Event','event-list').'</h2>';
42	if($this->is_duplicate) {
43	- $out .= '<span style="color:silver">('.sprintf(__('Duplicate of event id:%d','event-list'), $_GET['id']).')</span>';
44	}
45	$out .= $this->edit_event();
46	$out .= '</div>';
	@@ -72,7 +72,7 @@ class EL_Admin_New {
72	}
73	else {
74	// set event data and existing date
75	- $event = $this->db->get_event($_GET['id']);
76	$start_date = strtotime($event->start_date);
77	$end_date = strtotime($event->end_date);
78	}
	@@ -98,7 +98,7 @@ class EL_Admin_New {
98	else {
99	$out .= '
100	<input type="hidden" name="action" value="edited" />
101	- <input type="hidden" name="id" value="'.$_GET['id'].'" />';
102	}
103	$out .= '
104	<table class="form-table">


30	$this->options = &EL_Options::get_instance();
31	$this->categories = &EL_Categories::get_instance();
32	$this->is_new = !(isset($_GET['action']) && ('edit' === $_GET['action'] \|\| 'added' === $_GET['action'] \|\| 'modified' === $_GET['action']));
33	+ $this->is_duplicate = $this->is_new && isset($_GET['id']) && intval($_GET['id']) > 0;
34	}
35
36	public function show_new() {

40	$out = '<div class="wrap">
41	<div id="icon-edit-pages" class="icon32"><br /></div><h2>'.__('Add New Event','event-list').'</h2>';
42	if($this->is_duplicate) {
43	+ $out .= '<span style="color:silver">('.sprintf(__('Duplicate of event id:%d','event-list'), absint($_GET['id'])).')</span>';
44	}
45	$out .= $this->edit_event();
46	$out .= '</div>';

72	}
73	else {
74	// set event data and existing date
75	+ $event = $this->db->get_event(absint($_GET['id']));
76	$start_date = strtotime($event->start_date);
77	$end_date = strtotime($event->end_date);
78	}

98	else {
99	$out .= '
100	<input type="hidden" name="action" value="edited" />
101	+ <input type="hidden" name="id" value="'.absint($_GET['id']).'" />';
102	}
103	$out .= '
104	<table class="form-table">

admin/includes/event_table.php CHANGED Viewed

	@@ -45,7 +45,7 @@ class EL_Event_Table extends WP_List_Table {
45	case 'date' :
46	return $this->format_event_date($item->start_date, $item->end_date, $item->time);
47	case 'details' :
48	- return $this->db->truncate(~~wpautop(~~'<div>'.$item->details.'</div>'), 100);
49	case 'pub_user' :
50	return get_userdata($item->pub_user)->user_login;
51	case 'pub_date' :
	@@ -277,11 +277,6 @@ class EL_Event_Table extends WP_List_Table {
277	}
278	// event time
279	if('' !== $start_time) {
280	- // set time format if a known format is available, else only show the text
281	- $date_array = date_parse($start_time);
282	- if(empty($date_array['errors']) && is_numeric($date_array['hour']) && is_numeric($date_array['minute'])) {
283	- $start_time = mysql2date(get_option('time_format'), $start_time);
284	- }
285	$out .= '<br />
286	<span class="time">'.esc_html($start_time).'</span>';
287	}


45	case 'date' :
46	return $this->format_event_date($item->start_date, $item->end_date, $item->time);
47	case 'details' :
48	+ return $this->db->truncate('<div>'.wpautop($item->details).'</div>', 100);
49	case 'pub_user' :
50	return get_userdata($item->pub_user)->user_login;
51	case 'pub_date' :

277	}
278	// event time
279	if('' !== $start_time) {





280	$out .= '<br />
281	<span class="time">'.esc_html($start_time).'</span>';
282	}

admin/js/admin_new.js CHANGED Viewed

	@@ -4,7 +4,7 @@
4	jQuery(document).ready(function($) {
5	// Read required config data from hidden field json_for_js
6	var json = $("#json_for_js").val();
7	- var conf = ~~eval~~(~~'(' +~~ json ~~+ '~~)');
8
9	// Show or hide end_date
10	if ($("#start_date").val() == $("#end_date").val()) {


4	jQuery(document).ready(function($) {
5	// Read required config data from hidden field json_for_js
6	var json = $("#json_for_js").val();
7	+ var conf = JSON.parse(json);
8
9	// Show or hide end_date
10	if ($("#start_date").val() == $("#end_date").val()) {

event-list.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Event List
4	Plugin URI: http://wordpress.org/extend/plugins/event-list/
5	Description: Manage your events and show them in a list view on your site.
6	- Version: 0.7.8
7	Author: mibuthu
8	Author URI: http://wordpress.org/extend/plugins/event-list/
9	Text Domain: event-list
	@@ -84,7 +84,7 @@ class Event_List {
84	}
85	else {
86	// use fork of wordpress function load_plugin_textdomain (see wp-includes/l10n.php) to prefer language files included in plugin (wp-content/plugins/event-list/languages/) and additionally from language dir
87	- $locale = apply_filters('plugin_locale', ~~is_admin~~() ? get_user_locale() : get_locale(), $domain);
88	$mofile = $domain.'-'.$locale.'.mo';
89	load_textdomain($domain, WP_PLUGIN_DIR.'/'.$el_lang_path.'/'.$mofile);
90	load_textdomain($domain, WP_LANG_DIR.'/plugins/'.$mofile);


3	Plugin Name: Event List
4	Plugin URI: http://wordpress.org/extend/plugins/event-list/
5	Description: Manage your events and show them in a list view on your site.
6	+ Version: 0.7.9
7	Author: mibuthu
8	Author URI: http://wordpress.org/extend/plugins/event-list/
9	Text Domain: event-list

84	}
85	else {
86	// use fork of wordpress function load_plugin_textdomain (see wp-includes/l10n.php) to prefer language files included in plugin (wp-content/plugins/event-list/languages/) and additionally from language dir
87	+ $locale = apply_filters('plugin_locale', is_callable('get_user_locale') ? get_user_locale() : get_locale(), $domain);
88	$mofile = $domain.'-'.$locale.'.mo';
89	load_textdomain($domain, WP_PLUGIN_DIR.'/'.$el_lang_path.'/'.$mofile);
90	load_textdomain($domain, WP_LANG_DIR.'/plugins/'.$mofile);

includes/categories.php CHANGED Viewed

	@@ -316,7 +316,10 @@ class EL_Categories {
316	}
317
318	public function get_category_data($slug) {
319	- ~~return~~ $this->cat_array[$slug];



320	}
321
322	/**


316	}
317
318	public function get_category_data($slug) {
319	+ if(isset($this->cat_array[$slug])) {
320	+ return $this->cat_array[$slug];
321	+ }
322	+ return false;
323	}
324
325	/**

includes/db.php CHANGED Viewed

	@@ -61,13 +61,13 @@ class EL_Db {
61	if('upcoming' === $date_filter && is_numeric($num_events) && 0 < $num_events) {
62	$sql .= ' LIMIT '.$num_events;
63	}
64	- return $wpdb->get_results($sql);
65	}
66
67	public function get_event( $id ) {
68	global $wpdb;
69	$sql = 'SELECT * FROM '.$this->table.' WHERE id = '.$id.' LIMIT 1';
70	- return $wpdb->get_row( $sql );
71	}
72
73	public function get_distinct_event_data($search_string, $date_filter, $cat_filter, $order='asc') {
	@@ -113,7 +113,7 @@ class EL_Db {
113	}
114	//time
115	if( !isset( $event_data['time'] ) ) { $sqldata['time'] = ''; }
116	- else { $sqldata['time'] = ~~stripslashes~~($event_data['time']); }
117	//title
118	if( !isset( $event_data['title'] ) \|\| $event_data['title'] === '' ) { return false; }
119	$sqldata['title'] = stripslashes( $event_data['title'] );
	@@ -205,6 +205,32 @@ class EL_Db {
205	return false;
206	}
207


























208	private function get_sql_filter_string($date_filter=null, $cat_filter=null) {
209	$sql_filter_string = '';
210	// date filter
	@@ -332,7 +358,7 @@ class EL_Db {
332	$openingTag = array_pop($tags);
333	if($openingTag != $tagName) {
334	// Not properly nested tag found: trigger a warning and add the not matching opening tag again
335	- trigger_error('Not properly nested tag found (last opening tag: '.$openingTag.', closing tag: '.$tagName.')', ~~E_USER_WARNING~~);
336	$tags[] = $openingTag;
337	}
338	else {


61	if('upcoming' === $date_filter && is_numeric($num_events) && 0 < $num_events) {
62	$sql .= ' LIMIT '.$num_events;
63	}
64	+ return $this->convert_events_timeformat($wpdb->get_results($sql));
65	}
66
67	public function get_event( $id ) {
68	global $wpdb;
69	$sql = 'SELECT * FROM '.$this->table.' WHERE id = '.$id.' LIMIT 1';
70	+ return $this->convert_event_timeformat($wpdb->get_row($sql));
71	}
72
73	public function get_distinct_event_data($search_string, $date_filter, $cat_filter, $order='asc') {

113	}
114	//time
115	if( !isset( $event_data['time'] ) ) { $sqldata['time'] = ''; }
116	+ else { $sqldata['time'] = $this->validate_time($event_data['time']); }
117	//title
118	if( !isset( $event_data['title'] ) \|\| $event_data['title'] === '' ) { return false; }
119	$sqldata['title'] = stripslashes( $event_data['title'] );

205	return false;
206	}
207
208	+ private function validate_time($timestring) {
209	+ // Try to extract a correct time from the provided text
210	+ $timestamp = strtotime(stripslashes($timestring));
211	+ // Return a standard time format if the conversion was successful
212	+ if($timestamp) {
213	+ return date('H:i:s', $timestamp);
214	+ }
215	+ // Else return the given text
216	+ return $timestring;
217	+ }
218	+
219	+ private function convert_events_timeformat($events) {
220	+ foreach($events as $event) {
221	+ $this->convert_event_timeformat($event);
222	+ }
223	+ return $events;
224	+ }
225	+
226	+ private function convert_event_timeformat($event) {
227	+ $timestamp = strtotime($event->time);
228	+ if($timestamp) {
229	+ $event->time = date_i18n(get_option('time_format'), $timestamp);
230	+ }
231	+ return $event;
232	+ }
233	+
234	private function get_sql_filter_string($date_filter=null, $cat_filter=null) {
235	$sql_filter_string = '';
236	// date filter

358	$openingTag = array_pop($tags);
359	if($openingTag != $tagName) {
360	// Not properly nested tag found: trigger a warning and add the not matching opening tag again
361	+ trigger_error('Not properly nested tag found (last opening tag: '.$openingTag.', closing tag: '.$tagName.')', E_USER_NOTICE);
362	$tags[] = $openingTag;
363	}
364	else {

includes/js/filterbar.js CHANGED Viewed

	@@ -21,9 +21,10 @@ function updateUrlParameter(url, paramName, paramVal, sc_id) {
21	urlArray = oldParams.split("&");
22	for(i=0; i<urlArray.length; i++) {
23	if(urlArray[i].split("=")[0] == "event_id"+sc_id) {
24	- // do nothing

25	}
26	- ~~else~~ if(urlArray[i].split("=")[0] == paramName) {
27	newParams += seperator + paramName + "=" + paramVal;
28	paramNameAdded = true;
29	}


21	urlArray = oldParams.split("&");
22	for(i=0; i<urlArray.length; i++) {
23	if(urlArray[i].split("=")[0] == "event_id"+sc_id) {
24	+ // do nothing:
25	+ continue;
26	}
27	+ if(urlArray[i].split("=")[0] == paramName) {
28	newParams += seperator + paramName + "=" + paramVal;
29	paramNameAdded = true;
30	}

includes/sc_event-list.php CHANGED Viewed

	@@ -101,17 +101,17 @@ class SC_Event_List {
101	$a['actual_date'] = $this->get_actual_date($a);
102	$a['actual_cat'] = $this->get_actual_cat($a);
103	if(isset($_GET['event_id'.$a['sc_id']])) {
104	- $a['event_id'] = (~~int)~~$_GET['event_id'.$a['sc_id']];
105	}
106	elseif('all' != $a['initial_event_id'] && !isset($_GET['date'.$a['sc_id']]) && !isset($_GET['cat'.$a['sc_id']])) {
107	- $a['event_id'] = (~~int)~~$a['initial_event_id'];
108	}
109	else {
110	$a['event_id'] = null;
111	}
112	// fix sc_id_for_url if required
113	if(!is_numeric($a['sc_id_for_url'])) {
114	- $a['sc_id_for_url'] = $a['sc_id'];
115	}
116
117	$out = '
	@@ -215,16 +215,10 @@ class SC_Event_List {
215	$out .= '</h3></div>';
216	// event time
217	if('' != $event->time && $this->is_visible($a['show_starttime'])) {
218	- // set time format if a known format is available, else only show the text
219	- $date_array = date_parse($event->time);
220	- $time = $event->time;
221	- if(empty($date_array['errors']) && is_numeric($date_array['hour']) && is_numeric($date_array['minute'])) {
222	- $time = mysql2date(get_option('time_format'), $event->time);
223	- }
224	if('' == $this->options->get('el_html_tags_in_time')) {
225	- $time = esc_attr($time);
226	}
227	- $out .= '<span class="event-time">'.$time.'</span>';
228	}
229	// event location
230	if('' != $event->location && $this->is_visible($a['show_location'])) {


101	$a['actual_date'] = $this->get_actual_date($a);
102	$a['actual_cat'] = $this->get_actual_cat($a);
103	if(isset($_GET['event_id'.$a['sc_id']])) {
104	+ $a['event_id'] = absint($_GET['event_id'.$a['sc_id']]);
105	}
106	elseif('all' != $a['initial_event_id'] && !isset($_GET['date'.$a['sc_id']]) && !isset($_GET['cat'.$a['sc_id']])) {
107	+ $a['event_id'] = intval($a['initial_event_id']);
108	}
109	else {
110	$a['event_id'] = null;
111	}
112	// fix sc_id_for_url if required
113	if(!is_numeric($a['sc_id_for_url'])) {
114	+ $a['sc_id_for_url'] = intval($a['sc_id']);
115	}
116
117	$out = '

215	$out .= '</h3></div>';
216	// event time
217	if('' != $event->time && $this->is_visible($a['show_starttime'])) {






218	if('' == $this->options->get('el_html_tags_in_time')) {
219	+ $event->time = esc_attr($event->time);
220	}
221	+ $out .= '<span class="event-time">'.$event->time.'</span>';
222	}
223	// event location
224	if('' != $event->location && $this->is_visible($a['show_location'])) {

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: mibuthu, clhunsen
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=W54LNZMWF9KW2
4	Tags: event, events, list, listview, calendar, schedule, shortcode, page, category, categories, filter, admin, attribute, widget, sidebar, feed, rss
5	Requires at least: 3.8
6	- Tested up to: 4.7
7	- Stable tag: 0.7.8
8	Plugin URI: http://wordpress.org/extend/plugins/event-list
9	Licence: GPLv2
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -82,6 +82,13 @@ Another possibility would be to call the wordpress function "do_shortcode()".
82
83	== Changelog ==
84







85	= 0.7.8 (2017-03-17) =
86	* improved datepicker style in new/edit event view
87	* show datepicker in correct language


3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=W54LNZMWF9KW2
4	Tags: event, events, list, listview, calendar, schedule, shortcode, page, category, categories, filter, admin, attribute, widget, sidebar, feed, rss
5	Requires at least: 3.8
6	+ Tested up to: 4.8
7	+ Stable tag: 0.7.9
8	Plugin URI: http://wordpress.org/extend/plugins/event-list
9	Licence: GPLv2
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html

82
83	== Changelog ==
84
85	+ = 0.7.9 (2017-06-12) =
86	+ * fixed security vulnerability reported by wordpress
87	+ * fixed / improved time handling and sorting according to time (fixed sorting will only work in new or modified events)
88	+ * fixed problem with locale handling in older wordpress versions
89	+ * fixed url when going back from event details page to event list page with a drowdown filter
90	+ * fixed HTML format issue in admin event table (with not properly nested tag warning)
91	+
92	= 0.7.8 (2017-03-17) =
93	* improved datepicker style in new/edit event view
94	* show datepicker in correct language