My Calendar - Version 2.5.16

Version Description

  • Bug fix: Event deletion action executed when individual instance deleted from front-end
  • Updates: due to esc_sql function changes in WordPress 4.8.3
Download this release

Release Info

Developer joedolson
Plugin Icon 128x128 My Calendar
Version 2.5.16
Comparing to
See all releases

Code changes from version 2.5.15 to 2.5.16

Files changed (8) hide show
  1. my-calendar-event-manager.php +22 -8
  2. my-calendar-events.php +0 -1
  3. my-calendar-limits.php +6 -6
  4. my-calendar-locations.php +1 -1
  5. my-calendar-print.php +5 -3
  6. my-calendar-shortcodes.php +1 -1
  7. my-calendar.php +2 -2
  8. readme.txt +7 -2
my-calendar-event-manager.php CHANGED
@@ -127,13 +127,23 @@ function mc_create_event_post( $data, $event_id ) {
127
  do_action( 'mc_update_event_post', $post_id, $_POST, $data, $event_id );
128
  wp_publish_post( $post_id );
129
  }
 
130
  return $post_id;
131
  }
132
 
 
 
 
 
 
 
 
 
 
 
133
  function mc_update_event( $field, $data, $event, $type = '%d' ) {
134
  global $wpdb;
135
  $field = sanitize_key( $field );
136
- $type = esc_sql( $type );
137
  $result = $wpdb->query( $wpdb->prepare( "UPDATE " . my_calendar_table() . " SET $field = $type WHERE event_id=$type", $data, $event ) );
138
 
139
  return $result;
@@ -172,7 +182,7 @@ function manage_my_calendar() {
172
  <p><strong><?php _e( 'Delete Event', 'my-calendar' ); ?>
173
  :</strong> <?php _e( 'Are you sure you want to delete this event?', 'my-calendar' ); ?>
174
  <input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-nonce' ); ?>"/>
175
- <input type="hidden" value="delete" name="event_action"/>
176
  <?php if ( ! empty( $_GET['date'] ) ) { ?>
177
  <input type="hidden" name="event_instance" value="<?php echo (int) $_GET['date']; ?>"/>
178
  <?php } ?>
@@ -181,8 +191,7 @@ function manage_my_calendar() {
181
  <?php } ?>
182
 
183
  <input type="hidden" name="event_id" value="<?php echo $event_id; ?>"/>
184
- <input type="submit" name="submit" class="button-secondary delete"
185
- value="<?php _e( 'Delete', 'my-calendar' );
186
  echo " &quot;" . stripslashes( $result[0]['event_title'] ) . "&quot; $instance_date"; ?>"/>
187
  </form>
188
  </div><?php
@@ -675,6 +684,7 @@ function mc_delete_event( $event_id ) {
675
  if ( empty( $event_id ) ) {
676
  $message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( "You can't delete an event if you haven't submitted an event id", 'my-calendar' ) . "</p></div>";
677
  } else {
 
678
  $post_id = mc_get_data( 'event_post', $event_id );
679
  if ( empty( $_POST['event_instance'] ) ) {
680
  $sql = "DELETE FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
@@ -684,13 +694,18 @@ function mc_delete_event( $event_id ) {
684
  $sql = "SELECT event_id FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
685
  $result = $mcdb->get_results( $sql );
686
  } else {
687
- $delete = "DELETE FROM " . my_calendar_event_table() . " WHERE occur_id = " . (int) $_POST['event_instance'];
688
- $result = $mcdb->get_results( $delete );
 
689
  }
690
  if ( empty( $result ) || empty( $result[0]->event_id ) ) {
691
  mc_delete_cache();
692
  // do an action using the event_id
693
- do_action( 'mc_delete_event', $event_id, $post_id );
 
 
 
 
694
  $message = "<div class='updated'><p>" . __( 'Event deleted successfully', 'my-calendar' ) . "</p></div>";
695
  } else {
696
  $message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( 'Despite issuing a request to delete, the event still remains in the database. Please investigate.', 'my-calendar' ) . "</p></div>";
@@ -2436,7 +2451,6 @@ function mc_update_instance( $event_instance, $event_id, $update = array() ) {
2436
  function mc_update_data( $event_id, $field, $value, $format = '%d' ) {
2437
  global $wpdb;
2438
  $data = array( $field => $value );
2439
- $format = esc_sql( $format );
2440
  $formats = ( $format );
2441
  $result = $wpdb->update(
2442
  my_calendar_table(),
127
  do_action( 'mc_update_event_post', $post_id, $_POST, $data, $event_id );
128
  wp_publish_post( $post_id );
129
  }
130
+
131
  return $post_id;
132
  }
133
 
134
+ /**
135
+ * Update a single field in an event.
136
+ *
137
+ * @param $field string database column
138
+ * @param $data mixed value to be saved
139
+ * @param $event mixed string/integer could be integer or string
140
+ * @param $type string signifier representing data type of $event
141
+ *
142
+ * @return database result
143
+ */
144
  function mc_update_event( $field, $data, $event, $type = '%d' ) {
145
  global $wpdb;
146
  $field = sanitize_key( $field );
 
147
  $result = $wpdb->query( $wpdb->prepare( "UPDATE " . my_calendar_table() . " SET $field = $type WHERE event_id=$type", $data, $event ) );
148
 
149
  return $result;
182
  <p><strong><?php _e( 'Delete Event', 'my-calendar' ); ?>
183
  :</strong> <?php _e( 'Are you sure you want to delete this event?', 'my-calendar' ); ?>
184
  <input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-nonce' ); ?>"/>
185
+ <input type="hidden" value="delete" name="event_action" />
186
  <?php if ( ! empty( $_GET['date'] ) ) { ?>
187
  <input type="hidden" name="event_instance" value="<?php echo (int) $_GET['date']; ?>"/>
188
  <?php } ?>
191
  <?php } ?>
192
 
193
  <input type="hidden" name="event_id" value="<?php echo $event_id; ?>"/>
194
+ <input type="submit" name="submit" class="button-secondary delete" value="<?php _e( 'Delete', 'my-calendar' );
 
195
  echo " &quot;" . stripslashes( $result[0]['event_title'] ) . "&quot; $instance_date"; ?>"/>
196
  </form>
197
  </div><?php
684
  if ( empty( $event_id ) ) {
685
  $message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( "You can't delete an event if you haven't submitted an event id", 'my-calendar' ) . "</p></div>";
686
  } else {
687
+ $instance = false;
688
  $post_id = mc_get_data( 'event_post', $event_id );
689
  if ( empty( $_POST['event_instance'] ) ) {
690
  $sql = "DELETE FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
694
  $sql = "SELECT event_id FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
695
  $result = $mcdb->get_results( $sql );
696
  } else {
697
+ $delete = "DELETE FROM " . my_calendar_event_table() . " WHERE occur_id = " . (int) $_POST['event_instance'];
698
+ $result = $mcdb->get_results( $delete );
699
+ $instance = true;
700
  }
701
  if ( empty( $result ) || empty( $result[0]->event_id ) ) {
702
  mc_delete_cache();
703
  // do an action using the event_id
704
+ if ( $instance ) {
705
+ do_action( 'mc_delete_event_instance', $event_id, $post_id, (int) $_POST['event_instance'] );
706
+ } else {
707
+ do_action( 'mc_delete_event', $event_id, $post_id );
708
+ }
709
  $message = "<div class='updated'><p>" . __( 'Event deleted successfully', 'my-calendar' ) . "</p></div>";
710
  } else {
711
  $message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( 'Despite issuing a request to delete, the event still remains in the database. Please investigate.', 'my-calendar' ) . "</p></div>";
2451
  function mc_update_data( $event_id, $field, $value, $format = '%d' ) {
2452
  global $wpdb;
2453
  $data = array( $field => $value );
 
2454
  $formats = ( $format );
2455
  $result = $wpdb->update(
2456
  my_calendar_table(),
my-calendar-events.php CHANGED
@@ -289,7 +289,6 @@ function mc_get_data( $field, $id ) {
289
  if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
290
  $mcdb = mc_remote_db();
291
  }
292
- $field = esc_sql( $field );
293
  $sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_table() . " WHERE event_id = %d", $id );
294
  $result = $mcdb->get_var( $sql );
295
 
289
  if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
290
  $mcdb = mc_remote_db();
291
  }
 
292
  $sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_table() . " WHERE event_id = %d", $id );
293
  $result = $mcdb->get_var( $sql );
294
 
my-calendar-limits.php CHANGED
@@ -131,7 +131,7 @@ function mc_select_author( $author, $type = 'event' ) {
131
  }
132
  $i ++;
133
  } else {
134
- $key = esc_sql( trim( $key ) );
135
  $author = get_user_by( 'login', $key ); // get author by username
136
  $author_id = $author->ID;
137
  if ( $i == 1 ) {
@@ -150,7 +150,7 @@ function mc_select_author( $author, $type = 'event' ) {
150
  if ( is_numeric( $author ) ) {
151
  $select_author = ( $type == 'all' ) ? " WHERE $data = $author" : " event_author = $author AND";
152
  } else {
153
- $author = esc_sql( trim( $author ) );
154
  $author = get_user_by( 'login', $author ); // get author by username
155
 
156
  if ( is_object( $author ) ) {
@@ -201,7 +201,7 @@ function mc_select_host( $host, $type = 'event' ) {
201
  }
202
  $i ++;
203
  } else {
204
- $key = esc_sql( trim( $key ) );
205
  $host = get_user_by( 'login', $key ); // get host by username
206
  $host_id = $host->ID;
207
  if ( $i == 1 ) {
@@ -220,7 +220,7 @@ function mc_select_host( $host, $type = 'event' ) {
220
  if ( is_numeric( $host ) ) {
221
  $select_host = ( $type == 'all' ) ? " WHERE $data = $host" : " event_host = $host AND";
222
  } else {
223
- $host = esc_sql( trim( $host ) );
224
  $host = get_user_by( 'login', $host ); // get author by username
225
 
226
  if ( is_object( $host ) ) {
@@ -302,9 +302,9 @@ function mc_limit_string( $type = '', $ltype = '', $lvalue = '' ) {
302
  ) ) ) {
303
  if ( $current_location != 'all' && $current_location != '' ) {
304
  if ( is_numeric( $current_location ) ) {
305
- $limit_string = esc_sql( $location_type ) . ' = ' . intval( $current_location ) . ' AND';
306
  } else {
307
- $limit_string = esc_sql( $location_type ) . " = '" . esc_sql( $current_location ) . "' AND";
308
  }
309
  }
310
  }
131
  }
132
  $i ++;
133
  } else {
134
+ $key = trim( $key );
135
  $author = get_user_by( 'login', $key ); // get author by username
136
  $author_id = $author->ID;
137
  if ( $i == 1 ) {
150
  if ( is_numeric( $author ) ) {
151
  $select_author = ( $type == 'all' ) ? " WHERE $data = $author" : " event_author = $author AND";
152
  } else {
153
+ $author = trim( $author );
154
  $author = get_user_by( 'login', $author ); // get author by username
155
 
156
  if ( is_object( $author ) ) {
201
  }
202
  $i ++;
203
  } else {
204
+ $key = trim( $key );
205
  $host = get_user_by( 'login', $key ); // get host by username
206
  $host_id = $host->ID;
207
  if ( $i == 1 ) {
220
  if ( is_numeric( $host ) ) {
221
  $select_host = ( $type == 'all' ) ? " WHERE $data = $host" : " event_host = $host AND";
222
  } else {
223
+ $host = trim( $host );
224
  $host = get_user_by( 'login', $host ); // get author by username
225
 
226
  if ( is_object( $host ) ) {
302
  ) ) ) {
303
  if ( $current_location != 'all' && $current_location != '' ) {
304
  if ( is_numeric( $current_location ) ) {
305
+ $limit_string = $location_type . ' = ' . intval( $current_location ) . ' AND';
306
  } else {
307
+ $limit_string = $location_type . " = '" . esc_sql( $current_location ) . "' AND";
308
  }
309
  }
310
  }
my-calendar-locations.php CHANGED
@@ -616,7 +616,7 @@ function mc_location_data( $field, $id ) {
616
  if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
617
  $mcdb = mc_remote_db();
618
  }
619
- $field = esc_sql( $field );
620
  $sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_locations_table() . " WHERE location_id = %d", $id );
621
  $result = $mcdb->get_var( $sql );
622
 
616
  if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
617
  $mcdb = mc_remote_db();
618
  }
619
+ $field = $field;
620
  $sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_locations_table() . " WHERE location_id = %d", $id );
621
  $result = $mcdb->get_var( $sql );
622
 
my-calendar-print.php CHANGED
@@ -60,12 +60,14 @@ echo $head;
60
  }
61
  }
62
 
63
- $add = array_map( 'esc_sql', $_GET );
64
  unset( $add['cid'] );
65
  unset( $add['feed'] );
66
  unset( $add['href'] );
67
- $return_url = mc_build_url( $add, array( 'feed', 'cid', 'href' ), $return_url );
68
- echo "<p class='return'><a href='$return_url'>" . __( 'Return to calendar', 'my-calendar' ) . "</a></p>";
 
 
69
  echo '
70
  </body>
71
  </html>';
60
  }
61
  }
62
 
63
+ $add = array_map( 'esc_html', $_GET );
64
  unset( $add['cid'] );
65
  unset( $add['feed'] );
66
  unset( $add['href'] );
67
+ $return_url = apply_filters( 'mc_return_to_calendar', mc_build_url( $add, array( 'feed', 'cid', 'href' ), $return_url ), $add );
68
+ if ( $return_url ) {
69
+ echo "<p class='return'><a href='$return_url'>" . __( 'Return to calendar', 'my-calendar' ) . "</a></p>";
70
+ }
71
  echo '
72
  </body>
73
  </html>';
my-calendar-shortcodes.php CHANGED
@@ -24,7 +24,7 @@ function my_calendar_insert( $atts, $content = null ) {
24
  ), $atts, 'my_calendar' ) );
25
  if ( $format != 'mini' ) {
26
  if ( isset( $_GET['format'] ) ) {
27
- $format = esc_sql( $_GET['format'] );
28
  }
29
  }
30
  global $user_ID;
24
  ), $atts, 'my_calendar' ) );
25
  if ( $format != 'mini' ) {
26
  if ( isset( $_GET['format'] ) ) {
27
+ $format = $_GET['format'];
28
  }
29
  }
30
  global $user_ID;
my-calendar.php CHANGED
@@ -7,7 +7,7 @@ Author: Joseph C Dolson
7
  Author URI: http://www.joedolson.com
8
  Text Domain: my-calendar
9
  Domain Path: lang
10
- Version: 2.5.15
11
  */
12
  /* Copyright 2009-2017 Joe Dolson (email : joe@joedolson.com)
13
 
@@ -30,7 +30,7 @@ if ( ! defined( 'ABSPATH' ) ) {
30
  } // Exit if accessed directly
31
 
32
  global $mc_version, $wpdb;
33
- $mc_version = '2.5.15';
34
 
35
  register_activation_hook( __FILE__, 'mc_plugin_activated' );
36
  register_deactivation_hook( __FILE__, 'mc_plugin_deactivated' );
7
  Author URI: http://www.joedolson.com
8
  Text Domain: my-calendar
9
  Domain Path: lang
10
+ Version: 2.5.16
11
  */
12
  /* Copyright 2009-2017 Joe Dolson (email : joe@joedolson.com)
13
 
30
  } // Exit if accessed directly
31
 
32
  global $mc_version, $wpdb;
33
+ $mc_version = '2.5.16';
34
 
35
  register_activation_hook( __FILE__, 'mc_plugin_activated' );
36
  register_deactivation_hook( __FILE__, 'mc_plugin_deactivated' );
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: joedolson
3
  Donate link: http://www.joedolson.com/donate/
4
  Tags: calendar, dates, times, event, events, scheduling, schedule, event manager, event calendar, class, concert, venue, location, box office, tickets, registration
5
  Requires at least: 4.4
6
- Tested up to: 4.8
7
- Stable tag: 2.5.15
8
  Text domain: my-calendar
9
  License: GPLv2 or later
10
 
@@ -83,6 +83,11 @@ Translating my plug-ins is always appreciated. Visit <a href="https://translate.
83
 
84
  == Changelog ==
85
 
 
 
 
 
 
86
  = 2.5.15 =
87
 
88
  * Bug fix: Jumpbox rendered October as January due to unneeded character replacement
3
  Donate link: http://www.joedolson.com/donate/
4
  Tags: calendar, dates, times, event, events, scheduling, schedule, event manager, event calendar, class, concert, venue, location, box office, tickets, registration
5
  Requires at least: 4.4
6
+ Tested up to: 4.9
7
+ Stable tag: 2.5.16
8
  Text domain: my-calendar
9
  License: GPLv2 or later
10
 
83
 
84
  == Changelog ==
85
 
86
+ = 2.5.16 =
87
+
88
+ * Bug fix: Event deletion action executed when individual instance deleted from front-end
89
+ * Updates: due to esc_sql function changes in WordPress 4.8.3
90
+
91
  = 2.5.15 =
92
 
93
  * Bug fix: Jumpbox rendered October as January due to unneeded character replacement