My Calendar - Version 2.5.16

Version Description

  • Bug fix: Event deletion action executed when individual instance deleted from front-end
  • Updates: due to esc_sql function changes in WordPress 4.8.3
Download this release

Release Info

Developer joedolson
Plugin Icon 128x128 My Calendar
Version 2.5.16
Comparing to
See all releases

Code changes from version 2.5.15 to 2.5.16

my-calendar-event-manager.php CHANGED
@@ -127,13 +127,23 @@ function mc_create_event_post( $data, $event_id ) {
127
do_action( 'mc_update_event_post', $post_id, $_POST, $data, $event_id );
128
wp_publish_post( $post_id );
129
}
130
return $post_id;
131
}
132
133
function mc_update_event( $field, $data, $event, $type = '%d' ) {
134
global $wpdb;
135
$field = sanitize_key( $field );
136
- $type = esc_sql( $type );
137
$result = $wpdb->query( $wpdb->prepare( "UPDATE " . my_calendar_table() . " SET $field = $type WHERE event_id=$type", $data, $event ) );
138
139
return $result;
@@ -172,7 +182,7 @@ function manage_my_calendar() {
172
<p><strong><?php _e( 'Delete Event', 'my-calendar' ); ?>
173
:</strong> <?php _e( 'Are you sure you want to delete this event?', 'my-calendar' ); ?>
174
<input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-nonce' ); ?>"/>
175
- <input type="hidden" value="delete" name="event_action"/>
176
<?php if ( ! empty( $_GET['date'] ) ) { ?>
177
<input type="hidden" name="event_instance" value="<?php echo (int) $_GET['date']; ?>"/>
178
<?php } ?>
@@ -181,8 +191,7 @@ function manage_my_calendar() {
181
<?php } ?>
182
183
<input type="hidden" name="event_id" value="<?php echo $event_id; ?>"/>
184
- <input type="submit" name="submit" class="button-secondary delete"
185
- value="<?php _e( 'Delete', 'my-calendar' );
186
echo " &quot;" . stripslashes( $result[0]['event_title'] ) . "&quot; $instance_date"; ?>"/>
187
</form>
188
</div><?php
@@ -675,6 +684,7 @@ function mc_delete_event( $event_id ) {
675
if ( empty( $event_id ) ) {
676
$message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( "You can't delete an event if you haven't submitted an event id", 'my-calendar' ) . "</p></div>";
677
} else {
678
$post_id = mc_get_data( 'event_post', $event_id );
679
if ( empty( $_POST['event_instance'] ) ) {
680
$sql = "DELETE FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
@@ -684,13 +694,18 @@ function mc_delete_event( $event_id ) {
684
$sql = "SELECT event_id FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
685
$result = $mcdb->get_results( $sql );
686
} else {
687
- $delete = "DELETE FROM " . my_calendar_event_table() . " WHERE occur_id = " . (int) $_POST['event_instance'];
688
- $result = $mcdb->get_results( $delete );
689
}
690
if ( empty( $result ) || empty( $result[0]->event_id ) ) {
691
mc_delete_cache();
692
// do an action using the event_id
693
- do_action( 'mc_delete_event', $event_id, $post_id );
694
$message = "<div class='updated'><p>" . __( 'Event deleted successfully', 'my-calendar' ) . "</p></div>";
695
} else {
696
$message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( 'Despite issuing a request to delete, the event still remains in the database. Please investigate.', 'my-calendar' ) . "</p></div>";
@@ -2436,7 +2451,6 @@ function mc_update_instance( $event_instance, $event_id, $update = array() ) {
2436
function mc_update_data( $event_id, $field, $value, $format = '%d' ) {
2437
global $wpdb;
2438
$data = array( $field => $value );
2439
- $format = esc_sql( $format );
2440
$formats = ( $format );
2441
$result = $wpdb->update(
2442
my_calendar_table(),
127
do_action( 'mc_update_event_post', $post_id, $_POST, $data, $event_id );
128
wp_publish_post( $post_id );
129
}
130
+
131
return $post_id;
132
}
133
134
+ /**
135
+ * Update a single field in an event.
136
+ *
137
+ * @param $field string database column
138
+ * @param $data mixed value to be saved
139
+ * @param $event mixed string/integer could be integer or string
140
+ * @param $type string signifier representing data type of $event
141
+ *
142
+ * @return database result
143
+ */
144
function mc_update_event( $field, $data, $event, $type = '%d' ) {
145
global $wpdb;
146
$field = sanitize_key( $field );
147
$result = $wpdb->query( $wpdb->prepare( "UPDATE " . my_calendar_table() . " SET $field = $type WHERE event_id=$type", $data, $event ) );
148
149
return $result;
182
<p><strong><?php _e( 'Delete Event', 'my-calendar' ); ?>
183
:</strong> <?php _e( 'Are you sure you want to delete this event?', 'my-calendar' ); ?>
184
<input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-nonce' ); ?>"/>
185
+ <input type="hidden" value="delete" name="event_action" />
186
<?php if ( ! empty( $_GET['date'] ) ) { ?>
187
<input type="hidden" name="event_instance" value="<?php echo (int) $_GET['date']; ?>"/>
188
<?php } ?>
191
<?php } ?>
192
193
<input type="hidden" name="event_id" value="<?php echo $event_id; ?>"/>
194
+ <input type="submit" name="submit" class="button-secondary delete" value="<?php _e( 'Delete', 'my-calendar' );
195
echo " &quot;" . stripslashes( $result[0]['event_title'] ) . "&quot; $instance_date"; ?>"/>
196
</form>
197
</div><?php
684
if ( empty( $event_id ) ) {
685
$message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( "You can't delete an event if you haven't submitted an event id", 'my-calendar' ) . "</p></div>";
686
} else {
687
+ $instance = false;
688
$post_id = mc_get_data( 'event_post', $event_id );
689
if ( empty( $_POST['event_instance'] ) ) {
690
$sql = "DELETE FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
694
$sql = "SELECT event_id FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'";
695
$result = $mcdb->get_results( $sql );
696
} else {
697
+ $delete = "DELETE FROM " . my_calendar_event_table() . " WHERE occur_id = " . (int) $_POST['event_instance'];
698
+ $result = $mcdb->get_results( $delete );
699
+ $instance = true;
700
}
701
if ( empty( $result ) || empty( $result[0]->event_id ) ) {
702
mc_delete_cache();
703
// do an action using the event_id
704
+ if ( $instance ) {
705
+ do_action( 'mc_delete_event_instance', $event_id, $post_id, (int) $_POST['event_instance'] );
706
+ } else {
707
+ do_action( 'mc_delete_event', $event_id, $post_id );
708
+ }
709
$message = "<div class='updated'><p>" . __( 'Event deleted successfully', 'my-calendar' ) . "</p></div>";
710
} else {
711
$message = "<div class='error'><p><strong>" . __( 'Error', 'my-calendar' ) . ":</strong>" . __( 'Despite issuing a request to delete, the event still remains in the database. Please investigate.', 'my-calendar' ) . "</p></div>";
2451
function mc_update_data( $event_id, $field, $value, $format = '%d' ) {
2452
global $wpdb;
2453
$data = array( $field => $value );
2454
$formats = ( $format );
2455
$result = $wpdb->update(
2456
my_calendar_table(),
my-calendar-events.php CHANGED
@@ -289,7 +289,6 @@ function mc_get_data( $field, $id ) {
289
if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
290
$mcdb = mc_remote_db();
291
}
292
- $field = esc_sql( $field );
293
$sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_table() . " WHERE event_id = %d", $id );
294
$result = $mcdb->get_var( $sql );
295
289
if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
290
$mcdb = mc_remote_db();
291
}
292
$sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_table() . " WHERE event_id = %d", $id );
293
$result = $mcdb->get_var( $sql );
294
my-calendar-limits.php CHANGED
@@ -131,7 +131,7 @@ function mc_select_author( $author, $type = 'event' ) {
131
}
132
$i ++;
133
} else {
134
- $key = esc_sql( trim( $key ) );
135
$author = get_user_by( 'login', $key ); // get author by username
136
$author_id = $author->ID;
137
if ( $i == 1 ) {
@@ -150,7 +150,7 @@ function mc_select_author( $author, $type = 'event' ) {
150
if ( is_numeric( $author ) ) {
151
$select_author = ( $type == 'all' ) ? " WHERE $data = $author" : " event_author = $author AND";
152
} else {
153
- $author = esc_sql( trim( $author ) );
154
$author = get_user_by( 'login', $author ); // get author by username
155
156
if ( is_object( $author ) ) {
@@ -201,7 +201,7 @@ function mc_select_host( $host, $type = 'event' ) {
201
}
202
$i ++;
203
} else {
204
- $key = esc_sql( trim( $key ) );
205
$host = get_user_by( 'login', $key ); // get host by username
206
$host_id = $host->ID;
207
if ( $i == 1 ) {
@@ -220,7 +220,7 @@ function mc_select_host( $host, $type = 'event' ) {
220
if ( is_numeric( $host ) ) {
221
$select_host = ( $type == 'all' ) ? " WHERE $data = $host" : " event_host = $host AND";
222
} else {
223
- $host = esc_sql( trim( $host ) );
224
$host = get_user_by( 'login', $host ); // get author by username
225
226
if ( is_object( $host ) ) {
@@ -302,9 +302,9 @@ function mc_limit_string( $type = '', $ltype = '', $lvalue = '' ) {
302
) ) ) {
303
if ( $current_location != 'all' && $current_location != '' ) {
304
if ( is_numeric( $current_location ) ) {
305
- $limit_string = esc_sql( $location_type ) . ' = ' . intval( $current_location ) . ' AND';
306
} else {
307
- $limit_string = esc_sql( $location_type ) . " = '" . esc_sql( $current_location ) . "' AND";
308
}
309
}
310
}
131
}
132
$i ++;
133
} else {
134
+ $key = trim( $key );
135
$author = get_user_by( 'login', $key ); // get author by username
136
$author_id = $author->ID;
137
if ( $i == 1 ) {
150
if ( is_numeric( $author ) ) {
151
$select_author = ( $type == 'all' ) ? " WHERE $data = $author" : " event_author = $author AND";
152
} else {
153
+ $author = trim( $author );
154
$author = get_user_by( 'login', $author ); // get author by username
155
156
if ( is_object( $author ) ) {
201
}
202
$i ++;
203
} else {
204
+ $key = trim( $key );
205
$host = get_user_by( 'login', $key ); // get host by username
206
$host_id = $host->ID;
207
if ( $i == 1 ) {
220
if ( is_numeric( $host ) ) {
221
$select_host = ( $type == 'all' ) ? " WHERE $data = $host" : " event_host = $host AND";
222
} else {
223
+ $host = trim( $host );
224
$host = get_user_by( 'login', $host ); // get author by username
225
226
if ( is_object( $host ) ) {
302
) ) ) {
303
if ( $current_location != 'all' && $current_location != '' ) {
304
if ( is_numeric( $current_location ) ) {
305
+ $limit_string = $location_type . ' = ' . intval( $current_location ) . ' AND';
306
} else {
307
+ $limit_string = $location_type . " = '" . esc_sql( $current_location ) . "' AND";
308
}
309
}
310
}
my-calendar-locations.php CHANGED
@@ -616,7 +616,7 @@ function mc_location_data( $field, $id ) {
616
if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
617
$mcdb = mc_remote_db();
618
}
619
- $field = esc_sql( $field );
620
$sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_locations_table() . " WHERE location_id = %d", $id );
621
$result = $mcdb->get_var( $sql );
622
616
if ( get_option( 'mc_remote' ) == 'true' && function_exists( 'mc_remote_db' ) ) {
617
$mcdb = mc_remote_db();
618
}
619
+ $field = $field;
620
$sql = $wpdb->prepare( "SELECT $field FROM " . my_calendar_locations_table() . " WHERE location_id = %d", $id );
621
$result = $mcdb->get_var( $sql );
622
my-calendar-print.php CHANGED
@@ -60,12 +60,14 @@ echo $head;
60
}
61
}
62
63
- $add = array_map( 'esc_sql', $_GET );
64
unset( $add['cid'] );
65
unset( $add['feed'] );
66
unset( $add['href'] );
67
- $return_url = mc_build_url( $add, array( 'feed', 'cid', 'href' ), $return_url );
68
- echo "<p class='return'><a href='$return_url'>" . __( 'Return to calendar', 'my-calendar' ) . "</a></p>";
69
echo '
70
</body>
71
</html>';
60
}
61
}
62
63
+ $add = array_map( 'esc_html', $_GET );
64
unset( $add['cid'] );
65
unset( $add['feed'] );
66
unset( $add['href'] );
67
+ $return_url = apply_filters( 'mc_return_to_calendar', mc_build_url( $add, array( 'feed', 'cid', 'href' ), $return_url ), $add );
68
+ if ( $return_url ) {
69
+ echo "<p class='return'><a href='$return_url'>" . __( 'Return to calendar', 'my-calendar' ) . "</a></p>";
70
+ }
71
echo '
72
</body>
73
</html>';
my-calendar-shortcodes.php CHANGED
@@ -24,7 +24,7 @@ function my_calendar_insert( $atts, $content = null ) {
24
), $atts, 'my_calendar' ) );
25
if ( $format != 'mini' ) {
26
if ( isset( $_GET['format'] ) ) {
27
- $format = esc_sql( $_GET['format'] );
28
}
29
}
30
global $user_ID;
24
), $atts, 'my_calendar' ) );
25
if ( $format != 'mini' ) {
26
if ( isset( $_GET['format'] ) ) {
27
+ $format = $_GET['format'];
28
}
29
}
30
global $user_ID;
my-calendar.php CHANGED
@@ -7,7 +7,7 @@ Author: Joseph C Dolson
7
Author URI: http://www.joedolson.com
8
Text Domain: my-calendar
9
Domain Path: lang
10
- Version: 2.5.15
11
*/
12
/* Copyright 2009-2017 Joe Dolson (email : joe@joedolson.com)
13
@@ -30,7 +30,7 @@ if ( ! defined( 'ABSPATH' ) ) {
30
} // Exit if accessed directly
31
32
global $mc_version, $wpdb;
33
- $mc_version = '2.5.15';
34
35
register_activation_hook( __FILE__, 'mc_plugin_activated' );
36
register_deactivation_hook( __FILE__, 'mc_plugin_deactivated' );
7
Author URI: http://www.joedolson.com
8
Text Domain: my-calendar
9
Domain Path: lang
10
+ Version: 2.5.16
11
*/
12
/* Copyright 2009-2017 Joe Dolson (email : joe@joedolson.com)
13
30
} // Exit if accessed directly
31
32
global $mc_version, $wpdb;
33
+ $mc_version = '2.5.16';
34
35
register_activation_hook( __FILE__, 'mc_plugin_activated' );
36
register_deactivation_hook( __FILE__, 'mc_plugin_deactivated' );
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: joedolson
3
Donate link: http://www.joedolson.com/donate/
4
Tags: calendar, dates, times, event, events, scheduling, schedule, event manager, event calendar, class, concert, venue, location, box office, tickets, registration
5
Requires at least: 4.4
6
- Tested up to: 4.8
7
- Stable tag: 2.5.15
8
Text domain: my-calendar
9
License: GPLv2 or later
10
@@ -83,6 +83,11 @@ Translating my plug-ins is always appreciated. Visit <a href="https://translate.
83
84
== Changelog ==
85
86
= 2.5.15 =
87
88
* Bug fix: Jumpbox rendered October as January due to unneeded character replacement
3
Donate link: http://www.joedolson.com/donate/
4
Tags: calendar, dates, times, event, events, scheduling, schedule, event manager, event calendar, class, concert, venue, location, box office, tickets, registration
5
Requires at least: 4.4
6
+ Tested up to: 4.9
7
+ Stable tag: 2.5.16
8
Text domain: my-calendar
9
License: GPLv2 or later
10
83
84
== Changelog ==
85
86
+ = 2.5.16 =
87
+
88
+ * Bug fix: Event deletion action executed when individual instance deleted from front-end
89
+ * Updates: due to esc_sql function changes in WordPress 4.8.3
90
+
91
= 2.5.15 =
92
93
* Bug fix: Jumpbox rendered October as January due to unneeded character replacement