My Calendar - Version 3.1.5

Version Description

  • Bug fix: PHP error checking broken due to session creation
Download this release

Release Info

Developer joedolson
Plugin Icon 128x128 My Calendar
Version 3.1.5
Comparing to
See all releases

Code changes from version 3.1.4 to 3.1.5

includes/general-utilities.php CHANGED
@@ -420,5 +420,5 @@ function mc_debug( $subject, $body, $email = false ) {
420
function mc_drop_table( $table ) {
421
global $wpdb;
422
$sql = 'DROP TABLE ' . $table();
423
- $wpdb->query( $sql ); // WPCS: unprepared SQL ok.
424
}
420
function mc_drop_table( $table ) {
421
global $wpdb;
422
$sql = 'DROP TABLE ' . $table();
423
+ $wpdb->query( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
424
}
my-calendar-categories.php CHANGED
@@ -25,7 +25,7 @@ if ( ! defined( 'ABSPATH' ) ) {
25
function mc_update_category( $field, $data, $category ) {
26
global $wpdb;
27
$field = sanitize_key( $field );
28
- $result = $wpdb->query( $wpdb->prepare( 'UPDATE ' . my_calendar_categories_table() . " SET $field = %d WHERE category_id=%d", $data, $category ) ); // WPCS: unprepared SQL ok.
29
30
return $result;
31
}
@@ -162,15 +162,15 @@ function my_calendar_manage_categories() {
162
}
163
} elseif ( isset( $_GET['mode'] ) && isset( $_GET['category_id'] ) && 'delete' == $_GET['mode'] ) {
164
$cat_id = (int) $_GET['category_id'];
165
- $results = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_categories_table() . ' WHERE category_id=%d', $cat_id ) ); // WPCS: unprepared SQL OK.
166
167
// Also delete relationships for this category.
168
- $rel_results = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_category_relationships_table() . ' WHERE category_id = %d', $cat_id ) ); // WPCS: unprepared SQL OK.
169
170
if ( $results ) {
171
$default_category = get_option( 'mc_default_category' );
172
$default_category = ( is_numeric( $default_category ) ) ? absint( $default_category ) : 1;
173
- $cal_results = $wpdb->query( $wpdb->prepare( 'UPDATE `' . my_calendar_table() . '` SET event_category=%d WHERE event_category=%d', $default_category, $cat_id ) ); // WPCS: unprepared SQL OK.
174
} else {
175
$cal_results = false;
176
}
@@ -317,7 +317,7 @@ function mc_edit_category_form( $view = 'edit', $cat_id = '' ) {
317
$cur_cat = false;
318
if ( '' != $cat_id ) {
319
$cat_id = (int) $cat_id;
320
- $cur_cat = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_categories_table() . ' WHERE category_id=%d', $cat_id ) ); // WPCS: unprepared SQL OK.
321
}
322
if ( mc_is_custom_icon() ) {
323
$directory = str_replace( '/my-calendar', '', $dir ) . '/my-calendar-custom/';
@@ -609,7 +609,7 @@ function mc_manage_categories() {
609
$cat_order = 'category_id';
610
}
611
// We pull the categories from the database.
612
- $categories = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_categories_table() . ' ORDER BY %s ASC', $cat_order ) ); // WPCS: unprepared SQL OK.
613
if ( ! empty( $categories ) ) {
614
?>
615
<table class="widefat page fixed mc-categories" id="my-calendar-admin-table">
@@ -886,7 +886,7 @@ function mc_get_categories( $event, $ids = true ) {
886
if ( ! $results ) {
887
$relate = my_calendar_category_relationships_table();
888
$catego = my_calendar_categories_table();
889
- $results = $mcdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $relate . ' as r JOIN ' . $catego . ' as c ON c.category_id = r.category_id WHERE event_id = %d', $event_id ) ); // WPCS: unprepared SQL OK.
890
}
891
if ( true === $ids ) {
892
if ( $results ) {
25
function mc_update_category( $field, $data, $category ) {
26
global $wpdb;
27
$field = sanitize_key( $field );
28
+ $result = $wpdb->query( $wpdb->prepare( 'UPDATE ' . my_calendar_categories_table() . " SET $field = %d WHERE category_id=%d", $data, $category ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared
29
30
return $result;
31
}
162
}
163
} elseif ( isset( $_GET['mode'] ) && isset( $_GET['category_id'] ) && 'delete' == $_GET['mode'] ) {
164
$cat_id = (int) $_GET['category_id'];
165
+ $results = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_categories_table() . ' WHERE category_id=%d', $cat_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
166
167
// Also delete relationships for this category.
168
+ $rel_results = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_category_relationships_table() . ' WHERE category_id = %d', $cat_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
169
170
if ( $results ) {
171
$default_category = get_option( 'mc_default_category' );
172
$default_category = ( is_numeric( $default_category ) ) ? absint( $default_category ) : 1;
173
+ $cal_results = $wpdb->query( $wpdb->prepare( 'UPDATE `' . my_calendar_table() . '` SET event_category=%d WHERE event_category=%d', $default_category, $cat_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
174
} else {
175
$cal_results = false;
176
}
317
$cur_cat = false;
318
if ( '' != $cat_id ) {
319
$cat_id = (int) $cat_id;
320
+ $cur_cat = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_categories_table() . ' WHERE category_id=%d', $cat_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
321
}
322
if ( mc_is_custom_icon() ) {
323
$directory = str_replace( '/my-calendar', '', $dir ) . '/my-calendar-custom/';
609
$cat_order = 'category_id';
610
}
611
// We pull the categories from the database.
612
+ $categories = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_categories_table() . ' ORDER BY %s ASC', $cat_order ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
613
if ( ! empty( $categories ) ) {
614
?>
615
<table class="widefat page fixed mc-categories" id="my-calendar-admin-table">
886
if ( ! $results ) {
887
$relate = my_calendar_category_relationships_table();
888
$catego = my_calendar_categories_table();
889
+ $results = $mcdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $relate . ' as r JOIN ' . $catego . ' as c ON c.category_id = r.category_id WHERE event_id = %d', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
890
}
891
if ( true === $ids ) {
892
if ( $results ) {
my-calendar-core.php CHANGED
@@ -270,14 +270,10 @@ function mc_deal_with_deleted_user( $id ) {
270
$new = $wpdb->get_var( 'SELECT MIN(ID) FROM ' . $wpdb->users, 0, 0 );
271
$new_author = apply_filters( 'mc_deleted_author', $new );
272
// This may not work quite right in multi-site. Need to explore further when I have time.
273
- $wpdb->get_results(
274
- $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_author=%d WHERE event_author=%d', $new_author, $id )
275
- ); // WPCS: unprepared SQL OK.
276
277
$new_host = apply_filters( 'mc_deleted_host', $new );
278
- $wpdb->get_results(
279
- $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_host=%d WHERE event_host=%d', $new_host, $id )
280
- ); // WPCS: unprepared SQL OK.
281
}
282
283
/**
@@ -958,11 +954,11 @@ function mc_spam( $event_url = '', $description = '', $post = array() ) {
958
*/
959
function mc_update_count_cache() {
960
global $wpdb;
961
- $published = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_approved = 1' ); // WPCS: unprepared SQL OK.
962
- $draft = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_approved = 0' ); // WPCS: unprepared SQL OK.
963
- $trash = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_approved = 2' ); // WPCS: unprepared SQL OK.
964
- $archive = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_status = 0' ); // WPCS: unprepared SQL OK.
965
- $spam = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_flagged = 1' ); // WPCS: unprepared SQL OK.
966
$counts = array(
967
'published' => $published,
968
'draft' => $draft,
@@ -1144,7 +1140,7 @@ function mc_ajax_delete_occurrence() {
1144
global $wpdb;
1145
$occur_id = (int) $_REQUEST['occur_id'];
1146
$delete = 'DELETE FROM `' . my_calendar_event_table() . '` WHERE occur_id = %d';
1147
- $result = $wpdb->query( $wpdb->prepare( $delete, $occur_id ) ); // WPCS: unprepared SQL OK.
1148
1149
if ( $result ) {
1150
wp_send_json(
@@ -1772,7 +1768,7 @@ function my_calendar_privacy_export( $email_address, $page = 1 ) {
1772
$user = get_user_by( 'email', $email_address );
1773
if ( $user ) {
1774
$user_ID = $user->ID;
1775
- $calendar = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id FROM ' . my_calendar_table() . ' WHERE event_host = %d OR event_author = %d', $user_ID, $user_ID ) ); // WPCS: unprepared SQL ok.
1776
foreach ( $calendar as $obj ) {
1777
$events[] = $obj->event_id;
1778
}
@@ -1783,7 +1779,7 @@ function my_calendar_privacy_export( $email_address, $page = 1 ) {
1783
} else {
1784
foreach ( $events as $e ) {
1785
$event_export = array();
1786
- $event = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' WHERE event_id = %d', $e ) ); // WPCS: unprepared SQL OK.
1787
$meta = get_post_meta( $event->event_post );
1788
1789
foreach ( $event as $key => $value ) {
@@ -1870,7 +1866,7 @@ function my_calendar_privacy_eraser( $email_address, $page = 1 ) {
1870
if ( $user ) {
1871
$user_ID = $user->ID;
1872
// for deletion, if *author*, delete; if *host*, change host.
1873
- $calendar = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id, event_host, event_author FROM ' . my_calendar_table() . ' WHERE event_host = %d OR event_author = %d', $user_ID, $user_ID ) ); // WPCS: unprepared SQL ok.
1874
foreach ( $calendar as $obj ) {
1875
if ( $user_ID == $obj->event_host && $obj->event_host != $obj->event_author ) {
1876
$updates[] = array( $obj->event_id, $obj->event_author );
270
$new = $wpdb->get_var( 'SELECT MIN(ID) FROM ' . $wpdb->users, 0, 0 );
271
$new_author = apply_filters( 'mc_deleted_author', $new );
272
// This may not work quite right in multi-site. Need to explore further when I have time.
273
+ $wpdb->get_results( $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_author=%d WHERE event_author=%d', $new_author, $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
274
275
$new_host = apply_filters( 'mc_deleted_host', $new );
276
+ $wpdb->get_results( $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_host=%d WHERE event_host=%d', $new_host, $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
277
}
278
279
/**
954
*/
955
function mc_update_count_cache() {
956
global $wpdb;
957
+ $published = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_approved = 1' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
958
+ $draft = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_approved = 0' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
959
+ $trash = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_approved = 2' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
960
+ $archive = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_status = 0' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
961
+ $spam = $wpdb->get_var( 'SELECT count( event_id ) FROM ' . my_calendar_table() . ' WHERE event_flagged = 1' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
962
$counts = array(
963
'published' => $published,
964
'draft' => $draft,
1140
global $wpdb;
1141
$occur_id = (int) $_REQUEST['occur_id'];
1142
$delete = 'DELETE FROM `' . my_calendar_event_table() . '` WHERE occur_id = %d';
1143
+ $result = $wpdb->query( $wpdb->prepare( $delete, $occur_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
1144
1145
if ( $result ) {
1146
wp_send_json(
1768
$user = get_user_by( 'email', $email_address );
1769
if ( $user ) {
1770
$user_ID = $user->ID;
1771
+ $calendar = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id FROM ' . my_calendar_table() . ' WHERE event_host = %d OR event_author = %d', $user_ID, $user_ID ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
1772
foreach ( $calendar as $obj ) {
1773
$events[] = $obj->event_id;
1774
}
1779
} else {
1780
foreach ( $events as $e ) {
1781
$event_export = array();
1782
+ $event = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' WHERE event_id = %d', $e ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
1783
$meta = get_post_meta( $event->event_post );
1784
1785
foreach ( $event as $key => $value ) {
1866
if ( $user ) {
1867
$user_ID = $user->ID;
1868
// for deletion, if *author*, delete; if *host*, change host.
1869
+ $calendar = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id, event_host, event_author FROM ' . my_calendar_table() . ' WHERE event_host = %d OR event_author = %d', $user_ID, $user_ID ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
1870
foreach ( $calendar as $obj ) {
1871
if ( $user_ID == $obj->event_host && $obj->event_host != $obj->event_author ) {
1872
$updates[] = array( $obj->event_id, $obj->event_author );
my-calendar-event-manager.php CHANGED
@@ -231,7 +231,7 @@ function mc_update_event( $field, $data, $event, $type = '%d' ) {
231
} else {
232
$sql = 'UPDATE ' . my_calendar_table() . " SET $field = %f WHERE event_id=%d";
233
}
234
- $result = $wpdb->query( $wpdb->prepare( $sql, $data, $event ) ); // WPCS: unprepared SQL ok.
235
236
return $result;
237
}
@@ -266,10 +266,10 @@ function mc_bulk_action( $action ) {
266
$value = (int) $value;
267
$total = count( $events );
268
if ( 'delete' == $action ) {
269
- $result = $wpdb->get_results( $wpdb->prepare( 'SELECT event_author FROM ' . my_calendar_table() . ' WHERE event_id = %d', $value ), ARRAY_A ); // WPCS: unprepared SQL OK.
270
if ( mc_can_edit_event( $value ) ) {
271
$occurrences = 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d';
272
- $wpdb->query( $wpdb->prepare( $occurrences, $value ) ); // WPCS: unprepared SQL OK.
273
$ids[] = (int) $value;
274
$prepare[] = '%d';
275
$i ++;
@@ -315,7 +315,7 @@ function mc_bulk_action( $action ) {
315
break;
316
}
317
318
- $result = $wpdb->query( $wpdb->prepare( $sql, $ids ) ); // WPCS: unprepared SQL OK.
319
320
mc_update_count_cache();
321
$results = array(
@@ -436,11 +436,11 @@ function my_calendar_manage() {
436
global $wpdb;
437
if ( isset( $_GET['mode'] ) && 'delete' == $_GET['mode'] ) {
438
$event_id = ( isset( $_GET['event_id'] ) ) ? absint( $_GET['event_id'] ) : false;
439
- $result = $wpdb->get_results( $wpdb->prepare( 'SELECT event_title, event_author FROM ' . my_calendar_table() . ' WHERE event_id=%d', $event_id ), ARRAY_A ); // WPCS: unprepared SQL OK.
440
if ( mc_can_edit_event( $event_id ) ) {
441
if ( isset( $_GET['date'] ) ) {
442
$event_instance = (int) $_GET['date'];
443
- $inst = $wpdb->get_var( $wpdb->prepare( 'SELECT occur_begin FROM ' . my_calendar_event_table() . ' WHERE occur_id=%d', $event_instance ) ); // WPCS: unprepared SQL OK.
444
$instance_date = '(' . date( 'Y-m-d', mc_strtotime( $inst ) ) . ')';
445
} else {
446
$instance_date = '';
@@ -481,7 +481,7 @@ function my_calendar_manage() {
481
if ( isset( $_GET['mode'] ) && 'publish' == $_GET['mode'] ) {
482
if ( current_user_can( 'mc_approve_events' ) ) {
483
$event_id = absint( $_GET['event_id'] );
484
- $wpdb->get_results( $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_approved = 1 WHERE event_id=%d', $event_id ) ); // WPCS: unprepared SQL OK.
485
mc_update_count_cache();
486
} else {
487
mc_show_error( __( 'You do not have permission to approve that event.', 'my-calendar' ) );
@@ -492,7 +492,7 @@ function my_calendar_manage() {
492
if ( isset( $_GET['mode'] ) && 'reject' == $_GET['mode'] ) {
493
if ( current_user_can( 'mc_approve_events' ) ) {
494
$event_id = absint( $_GET['event_id'] );
495
- $wpdb->get_results( $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_approved = 2 WHERE event_id=%d', $event_id ) ); // WPCS: unprepared SQL OK.
496
mc_update_count_cache();
497
} else {
498
mc_show_error( __( 'You do not have permission to trash that event.', 'my-calendar' ) );
@@ -908,12 +908,12 @@ function mc_delete_event( $event_id ) {
908
$instance = false;
909
$post_id = mc_get_data( 'event_post', $event_id );
910
if ( empty( $_POST['event_instance'] ) ) {
911
- $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id =%d', $event_id ) ); // WPCS: unprepared SQL OK.
912
- $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_table() . ' WHERE event_id=%d', $event_id ) ); // WPCS: unprepared SQL OK.
913
- $result = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id FROM ' . my_calendar_table() . ' WHERE event_id=%d', $event_id ) ); // WPCS: unprepared SQL OK.
914
} else {
915
$event_in = absint( $_POST['event_instance'] );
916
- $result = $wpdb->get_results( $wpdb->prepare( 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_id = %d', $event_in ) ); // WPCS: unprepared SQL OK.
917
$instance = true;
918
}
919
if ( empty( $result ) || empty( $result[0]->event_id ) ) {
@@ -943,7 +943,7 @@ function mc_form_data( $event_id = false ) {
943
global $wpdb, $submission;
944
if ( false !== $event_id ) {
945
$event_id = absint( $event_id );
946
- $data = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' WHERE event_id=%d LIMIT 1', $event_id ) ); // WPCS: unprepared SQL OK.
947
if ( empty( $data ) ) {
948
return mc_show_error( __( "Sorry! We couldn't find an event with that ID.", 'my-calendar' ), false );
949
}
@@ -1009,7 +1009,7 @@ function mc_get_instance_data( $instance_id ) {
1009
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
1010
$mcdb = mc_remote_db();
1011
}
1012
- $result = $mcdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_event_table() . ' WHERE occur_id = %d', $instance_id ) ); // WPCS: unprepared SQL OK.
1013
1014
return $result;
1015
}
@@ -1993,11 +1993,11 @@ function mc_list_events() {
1993
$query_limit = ( ( $current - 1 ) * $items_per_page );
1994
$limit .= ( 'archived' != $restrict ) ? ' AND event_status = 1' : ' AND event_status = 0';
1995
if ( 'event_category' != $sortbyvalue ) {
1996
- $events = $wpdb->get_results( $wpdb->prepare( 'SELECT SQL_CALC_FOUND_ROWS event_id FROM ' . my_calendar_table() . " $limit ORDER BY $sortbyvalue $sortbydirection " . 'LIMIT %d, %d', $query_limit, $items_per_page ) ); // WPCS: Unprepared SQL ok.
1997
} else {
1998
$limit = str_replace( array( 'WHERE ' ), '', $limit );
1999
$limit = ( strpos( $limit, 'AND' ) === 0 ) ? $limit : 'AND ' . $limit;
2000
- $events = $wpdb->get_results( $wpdb->prepare( 'SELECT DISTINCT SQL_CALC_FOUND_ROWS events.event_id FROM ' . my_calendar_table() . ' AS events JOIN ' . my_calendar_categories_table() . " AS categories WHERE events.event_category = categories.category_id $limit ORDER BY categories.category_name $sortbydirection " . 'LIMIT %d, %d', $query_limit, $items_per_page ) ); // WPCS: Unprepared SQL ok.
2001
}
2002
2003
$found_rows = $wpdb->get_col( 'SELECT FOUND_ROWS();' );
@@ -2143,7 +2143,7 @@ function mc_list_events() {
2143
</thead>
2144
<?php
2145
$class = '';
2146
- $categories = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_categories_table() ); // WPCS: unprepared SQL OK.
2147
2148
foreach ( array_keys( $events ) as $key ) {
2149
$e =& $events[ $key ];
@@ -2626,7 +2626,7 @@ function mc_check_data( $action, $post, $i ) {
2626
$event_hide_end = ( '' == $time || '23:59:59' == $time ) ? 1 : $event_hide_end; // Hide end time on all day events.
2627
// Set location.
2628
if ( 'none' != $location_preset && is_numeric( $location_preset ) ) {
2629
- $location = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_locations_table() . ' WHERE location_id = %d', $location_preset ) ); // WPCS: unprepared SQL OK.
2630
$event_label = $location->location_label;
2631
$event_street = $location->location_street;
2632
$event_street2 = $location->location_street2;
@@ -2879,7 +2879,7 @@ function mcs_check_conflicts( $begin, $time, $end, $endtime, $event_label ) {
2879
( occur_begin BETWEEN cast( \'%1$s\' AS DATETIME ) AND cast( \'%2$s\' AS DATETIME )
2880
OR occur_end BETWEEN cast( \'%3$s\' AS DATETIME ) AND cast( \'%4$s\' AS DATETIME ) )';
2881
2882
- $results = $wpdb->get_results( $wpdb->prepare( $event_query, $begin_time, $end_time, $begin_time, $end_time ) ); // WPCS: Unprepared SQL ok.
2883
2884
if ( empty( $results ) ) {
2885
// Alternate: where "begin time" between occur_begin & occur_end OR "end time" between occur_begin & occur_end.
@@ -2893,7 +2893,7 @@ function mcs_check_conflicts( $begin, $time, $end, $endtime, $event_label ) {
2893
( cast( \'%1$s\' AS DATETIME ) BETWEEN occur_begin AND occur_end
2894
OR cast( \'%2$s\' AS DATETIME ) BETWEEN occur_begin AND occur_end )';
2895
2896
- $results = $wpdb->get_results( $wpdb->prepare( $event_query2, $begin_time, $end_time ) ); // WPCS: Unprepared SQL ok.
2897
}
2898
2899
return ( ! empty( $results ) ) ? $results : false;
@@ -2990,7 +2990,7 @@ function mc_update_data( $event_id, $field, $value, $format = '%d' ) {
2990
*/
2991
function mc_group_id() {
2992
global $wpdb;
2993
- $result = $wpdb->get_var( 'SELECT MAX(event_id) FROM ' . my_calendar_table() ); // WPCS: unprepared SQL OK.
2994
$next = $result + 1;
2995
2996
return $next;
@@ -3021,7 +3021,7 @@ function mc_instance_list( $args ) {
3021
} else {
3022
$sql = 'SELECT * FROM ' . my_calendar_event_table() . ' WHERE occur_event_id=%d ORDER BY occur_begin ASC';
3023
}
3024
- $results = $wpdb->get_results( $wpdb->prepare( $sql, $id ) ); // WPCS: unprepared SQL OK.
3025
if ( is_array( $results ) ) {
3026
$details = '';
3027
foreach ( $results as $result ) {
@@ -3064,7 +3064,7 @@ function mc_instance_list( $args ) {
3064
function mc_admin_instances( $id, $occur = false ) {
3065
global $wpdb;
3066
$output = '';
3067
- $results = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_event_table() . ' WHERE occur_event_id=%d ORDER BY occur_begin ASC', $id ) ); // WPCS: unprepared SQL OK.
3068
if ( is_array( $results ) && is_admin() ) {
3069
foreach ( $results as $result ) {
3070
$begin = "<span id='occur_date_$result->occur_id'>" . date_i18n( get_option( 'mc_date_format' ), mc_strtotime( $result->occur_begin ) ) . ', ' . date( get_option( 'mc_time_format' ), mc_strtotime( $result->occur_begin ) ) . '</span>';
@@ -3094,7 +3094,7 @@ function mc_event_is_grouped( $group_id ) {
3094
if ( 0 == $group_id ) {
3095
return false;
3096
} else {
3097
- $value = $wpdb->get_var( $wpdb->prepare( 'SELECT count( event_group_id ) FROM ' . my_calendar_table() . ' WHERE event_group_id = %d', $group_id ) ); // WPCS: unprepared SQL OK.
3098
if ( $value > 1 ) {
3099
3100
return true;
@@ -3636,7 +3636,7 @@ function _mc_increment_values( $recur ) {
3636
function mc_get_instances( $id ) {
3637
global $wpdb;
3638
$id = (int) $id;
3639
- $results = $wpdb->get_results( $wpdb->prepare( 'SELECT occur_id, occur_begin FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d', $id ) ); // WPCS: unprepared SQL OK.
3640
$return = array();
3641
3642
foreach ( $results as $result ) {
@@ -3655,9 +3655,9 @@ function mc_get_instances( $id ) {
3655
function mc_delete_instances( $id ) {
3656
global $wpdb;
3657
$id = (int) $id;
3658
- $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d', $id ) ); // WPCS: unprepared SQL OK.
3659
// After bulk deletion, optimize table.
3660
- $wpdb->query( 'OPTIMIZE TABLE ' . my_calendar_event_table() ); // WPCS: unprepared SQL OK.
3661
}
3662
3663
add_filter( 'mc_instance_data', 'mc_reuse_id', 10, 3 );
231
} else {
232
$sql = 'UPDATE ' . my_calendar_table() . " SET $field = %f WHERE event_id=%d";
233
}
234
+ $result = $wpdb->query( $wpdb->prepare( $sql, $data, $event ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
235
236
return $result;
237
}
266
$value = (int) $value;
267
$total = count( $events );
268
if ( 'delete' == $action ) {
269
+ $result = $wpdb->get_results( $wpdb->prepare( 'SELECT event_author FROM ' . my_calendar_table() . ' WHERE event_id = %d', $value ), ARRAY_A ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
270
if ( mc_can_edit_event( $value ) ) {
271
$occurrences = 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d';
272
+ $wpdb->query( $wpdb->prepare( $occurrences, $value ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
273
$ids[] = (int) $value;
274
$prepare[] = '%d';
275
$i ++;
315
break;
316
}
317
318
+ $result = $wpdb->query( $wpdb->prepare( $sql, $ids ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
319
320
mc_update_count_cache();
321
$results = array(
436
global $wpdb;
437
if ( isset( $_GET['mode'] ) && 'delete' == $_GET['mode'] ) {
438
$event_id = ( isset( $_GET['event_id'] ) ) ? absint( $_GET['event_id'] ) : false;
439
+ $result = $wpdb->get_results( $wpdb->prepare( 'SELECT event_title, event_author FROM ' . my_calendar_table() . ' WHERE event_id=%d', $event_id ), ARRAY_A ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
440
if ( mc_can_edit_event( $event_id ) ) {
441
if ( isset( $_GET['date'] ) ) {
442
$event_instance = (int) $_GET['date'];
443
+ $inst = $wpdb->get_var( $wpdb->prepare( 'SELECT occur_begin FROM ' . my_calendar_event_table() . ' WHERE occur_id=%d', $event_instance ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
444
$instance_date = '(' . date( 'Y-m-d', mc_strtotime( $inst ) ) . ')';
445
} else {
446
$instance_date = '';
481
if ( isset( $_GET['mode'] ) && 'publish' == $_GET['mode'] ) {
482
if ( current_user_can( 'mc_approve_events' ) ) {
483
$event_id = absint( $_GET['event_id'] );
484
+ $wpdb->get_results( $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_approved = 1 WHERE event_id=%d', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
485
mc_update_count_cache();
486
} else {
487
mc_show_error( __( 'You do not have permission to approve that event.', 'my-calendar' ) );
492
if ( isset( $_GET['mode'] ) && 'reject' == $_GET['mode'] ) {
493
if ( current_user_can( 'mc_approve_events' ) ) {
494
$event_id = absint( $_GET['event_id'] );
495
+ $wpdb->get_results( $wpdb->prepare( 'UPDATE ' . my_calendar_table() . ' SET event_approved = 2 WHERE event_id=%d', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
496
mc_update_count_cache();
497
} else {
498
mc_show_error( __( 'You do not have permission to trash that event.', 'my-calendar' ) );
908
$instance = false;
909
$post_id = mc_get_data( 'event_post', $event_id );
910
if ( empty( $_POST['event_instance'] ) ) {
911
+ $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id =%d', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
912
+ $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_table() . ' WHERE event_id=%d', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
913
+ $result = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id FROM ' . my_calendar_table() . ' WHERE event_id=%d', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
914
} else {
915
$event_in = absint( $_POST['event_instance'] );
916
+ $result = $wpdb->get_results( $wpdb->prepare( 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_id = %d', $event_in ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
917
$instance = true;
918
}
919
if ( empty( $result ) || empty( $result[0]->event_id ) ) {
943
global $wpdb, $submission;
944
if ( false !== $event_id ) {
945
$event_id = absint( $event_id );
946
+ $data = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' WHERE event_id=%d LIMIT 1', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
947
if ( empty( $data ) ) {
948
return mc_show_error( __( "Sorry! We couldn't find an event with that ID.", 'my-calendar' ), false );
949
}
1009
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
1010
$mcdb = mc_remote_db();
1011
}
1012
+ $result = $mcdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_event_table() . ' WHERE occur_id = %d', $instance_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
1013
1014
return $result;
1015
}
1993
$query_limit = ( ( $current - 1 ) * $items_per_page );
1994
$limit .= ( 'archived' != $restrict ) ? ' AND event_status = 1' : ' AND event_status = 0';
1995
if ( 'event_category' != $sortbyvalue ) {
1996
+ $events = $wpdb->get_results( $wpdb->prepare( 'SELECT SQL_CALC_FOUND_ROWS event_id FROM ' . my_calendar_table() . " $limit ORDER BY $sortbyvalue $sortbydirection " . 'LIMIT %d, %d', $query_limit, $items_per_page ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared
1997
} else {
1998
$limit = str_replace( array( 'WHERE ' ), '', $limit );
1999
$limit = ( strpos( $limit, 'AND' ) === 0 ) ? $limit : 'AND ' . $limit;
2000
+ $events = $wpdb->get_results( $wpdb->prepare( 'SELECT DISTINCT SQL_CALC_FOUND_ROWS events.event_id FROM ' . my_calendar_table() . ' AS events JOIN ' . my_calendar_categories_table() . " AS categories WHERE events.event_category = categories.category_id $limit ORDER BY categories.category_name $sortbydirection " . 'LIMIT %d, %d', $query_limit, $items_per_page ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared
2001
}
2002
2003
$found_rows = $wpdb->get_col( 'SELECT FOUND_ROWS();' );
2143
</thead>
2144
<?php
2145
$class = '';
2146
+ $categories = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_categories_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
2147
2148
foreach ( array_keys( $events ) as $key ) {
2149
$e =& $events[ $key ];
2626
$event_hide_end = ( '' == $time || '23:59:59' == $time ) ? 1 : $event_hide_end; // Hide end time on all day events.
2627
// Set location.
2628
if ( 'none' != $location_preset && is_numeric( $location_preset ) ) {
2629
+ $location = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_locations_table() . ' WHERE location_id = %d', $location_preset ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
2630
$event_label = $location->location_label;
2631
$event_street = $location->location_street;
2632
$event_street2 = $location->location_street2;
2879
( occur_begin BETWEEN cast( \'%1$s\' AS DATETIME ) AND cast( \'%2$s\' AS DATETIME )
2880
OR occur_end BETWEEN cast( \'%3$s\' AS DATETIME ) AND cast( \'%4$s\' AS DATETIME ) )';
2881
2882
+ $results = $wpdb->get_results( $wpdb->prepare( $event_query, $begin_time, $end_time, $begin_time, $end_time ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
2883
2884
if ( empty( $results ) ) {
2885
// Alternate: where "begin time" between occur_begin & occur_end OR "end time" between occur_begin & occur_end.
2893
( cast( \'%1$s\' AS DATETIME ) BETWEEN occur_begin AND occur_end
2894
OR cast( \'%2$s\' AS DATETIME ) BETWEEN occur_begin AND occur_end )';
2895
2896
+ $results = $wpdb->get_results( $wpdb->prepare( $event_query2, $begin_time, $end_time ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
2897
}
2898
2899
return ( ! empty( $results ) ) ? $results : false;
2990
*/
2991
function mc_group_id() {
2992
global $wpdb;
2993
+ $result = $wpdb->get_var( 'SELECT MAX(event_id) FROM ' . my_calendar_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
2994
$next = $result + 1;
2995
2996
return $next;
3021
} else {
3022
$sql = 'SELECT * FROM ' . my_calendar_event_table() . ' WHERE occur_event_id=%d ORDER BY occur_begin ASC';
3023
}
3024
+ $results = $wpdb->get_results( $wpdb->prepare( $sql, $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3025
if ( is_array( $results ) ) {
3026
$details = '';
3027
foreach ( $results as $result ) {
3064
function mc_admin_instances( $id, $occur = false ) {
3065
global $wpdb;
3066
$output = '';
3067
+ $results = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_event_table() . ' WHERE occur_event_id=%d ORDER BY occur_begin ASC', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3068
if ( is_array( $results ) && is_admin() ) {
3069
foreach ( $results as $result ) {
3070
$begin = "<span id='occur_date_$result->occur_id'>" . date_i18n( get_option( 'mc_date_format' ), mc_strtotime( $result->occur_begin ) ) . ', ' . date( get_option( 'mc_time_format' ), mc_strtotime( $result->occur_begin ) ) . '</span>';
3094
if ( 0 == $group_id ) {
3095
return false;
3096
} else {
3097
+ $value = $wpdb->get_var( $wpdb->prepare( 'SELECT count( event_group_id ) FROM ' . my_calendar_table() . ' WHERE event_group_id = %d', $group_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3098
if ( $value > 1 ) {
3099
3100
return true;
3636
function mc_get_instances( $id ) {
3637
global $wpdb;
3638
$id = (int) $id;
3639
+ $results = $wpdb->get_results( $wpdb->prepare( 'SELECT occur_id, occur_begin FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3640
$return = array();
3641
3642
foreach ( $results as $result ) {
3655
function mc_delete_instances( $id ) {
3656
global $wpdb;
3657
$id = (int) $id;
3658
+ $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3659
// After bulk deletion, optimize table.
3660
+ $wpdb->query( 'OPTIMIZE TABLE ' . my_calendar_event_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3661
}
3662
3663
add_filter( 'mc_instance_data', 'mc_reuse_id', 10, 3 );
my-calendar-events.php CHANGED
@@ -444,9 +444,9 @@ function mc_get_event_core( $id, $rebuild = false ) {
444
}
445
446
if ( $rebuild ) {
447
- $event = $mcdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE event_id=%d', $id ) ); // WPCS: unprepared SQL OK.
448
} else {
449
- $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE event_id = %d ORDER BY occur_id ASC LIMIT 1', $id ) ); // WPCS: unprepared SQL OK.
450
$event = mc_event_object( $event );
451
}
452
@@ -466,7 +466,7 @@ function mc_get_first_event( $id ) {
466
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
467
$mcdb = mc_remote_db();
468
}
469
- $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE occur_event_id=%d', $id ) ); // WPCS: unprepared SQL OK.
470
$event = mc_event_object( $event );
471
472
return $event;
@@ -485,7 +485,7 @@ function mc_get_nearest_event( $id ) {
485
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
486
$mcdb = mc_remote_db();
487
}
488
- $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE occur_event_id=%d ORDER BY ABS( DATEDIFF( occur_begin, NOW() ) )', $id ) ); // WPCS: unprepared SQL OK.
489
$event = mc_event_object( $event );
490
491
return $event;
@@ -509,7 +509,7 @@ function mc_get_event( $id, $type = 'object' ) {
509
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
510
$mcdb = mc_remote_db();
511
}
512
- $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE occur_id=%d', $id ) ); // WPCS: unprepared SQL OK.
513
if ( 'object' == $type ) {
514
$event = mc_event_object( $event );
515
return $event;
@@ -659,7 +659,7 @@ function mc_get_occurrences( $id ) {
659
if ( 0 === $id ) {
660
return array();
661
}
662
- $results = $wpdb->get_results( $wpdb->prepare( 'SELECT occur_id, occur_event_id FROM ' . my_calendar_event_table() . ' WHERE occur_event_id=%d', $id ) ); // WPCS: unprepared SQL OK.
663
664
return $results;
665
}
@@ -677,7 +677,7 @@ function mc_get_related( $id ) {
677
if ( 0 === $id ) {
678
return '';
679
}
680
- $results = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id FROM ' . my_calendar_table() . ' WHERE event_group_id=%d', $id ) ); // WPCS: unprepared SQL OK.
681
682
return $results;
683
}
444
}
445
446
if ( $rebuild ) {
447
+ $event = $mcdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE event_id=%d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
448
} else {
449
+ $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE event_id = %d ORDER BY occur_id ASC LIMIT 1', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
450
$event = mc_event_object( $event );
451
}
452
466
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
467
$mcdb = mc_remote_db();
468
}
469
+ $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE occur_event_id=%d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
470
$event = mc_event_object( $event );
471
472
return $event;
485
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
486
$mcdb = mc_remote_db();
487
}
488
+ $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE occur_event_id=%d ORDER BY ABS( DATEDIFF( occur_begin, NOW() ) )', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
489
$event = mc_event_object( $event );
490
491
return $event;
509
if ( 'true' == get_option( 'mc_remote' ) && function_exists( 'mc_remote_db' ) ) {
510
$mcdb = mc_remote_db();
511
}
512
+ $event = $mcdb->get_row( $wpdb->prepare( 'SELECT *, UNIX_TIMESTAMP(occur_begin) AS ts_occur_begin, UNIX_TIMESTAMP(occur_end) AS ts_occur_end FROM ' . my_calendar_event_table() . ' JOIN ' . my_calendar_table() . ' ON (event_id=occur_event_id) JOIN ' . my_calendar_categories_table() . ' ON (event_category=category_id) WHERE occur_id=%d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
513
if ( 'object' == $type ) {
514
$event = mc_event_object( $event );
515
return $event;
659
if ( 0 === $id ) {
660
return array();
661
}
662
+ $results = $wpdb->get_results( $wpdb->prepare( 'SELECT occur_id, occur_event_id FROM ' . my_calendar_event_table() . ' WHERE occur_event_id=%d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
663
664
return $results;
665
}
677
if ( 0 === $id ) {
678
return '';
679
}
680
+ $results = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id FROM ' . my_calendar_table() . ' WHERE event_group_id=%d', $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
681
682
return $results;
683
}
my-calendar-group-manager.php CHANGED
@@ -192,7 +192,7 @@ function mc_group_data( $event_id = false ) {
192
if ( intval( $event_id ) != $event_id ) {
193
return mc_show_error( __( 'Sorry! That\'s an invalid event key.', 'my-calendar' ), false );
194
} else {
195
- $data = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' WHERE event_id=%d LIMIT 1', $event_id ) ); // WPCS: unprepared SQL OK.
196
if ( empty( $data ) ) {
197
return mc_show_error( __( "Sorry! We couldn't find an event with that ID.", 'my-calendar' ), false );
198
}
@@ -226,7 +226,7 @@ function mc_compare_group_members( $group_id, $field = false ) {
226
// Just comparing a single field.
227
$query = "SELECT $field FROM " . my_calendar_table() . ' WHERE event_group_id = %d';
228
}
229
- $results = $wpdb->get_results( $wpdb->prepare( $query, $group_id ), ARRAY_N ); // WPCS: Unprepared SQL ok.
230
$count = count( $results );
231
for ( $i = 0; $i < $count; $i ++ ) {
232
$n = ( ( $i + 1 ) > $count - 1 ) ? 0 : $i + 1;
@@ -250,7 +250,7 @@ function mc_group_form( $group_id, $type = 'break' ) {
250
global $wpdb;
251
$event_id = (int) $_GET['event_id'];
252
$nonce = wp_create_nonce( 'my-calendar-nonce' );
253
- $results = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id, event_begin, event_time FROM ' . my_calendar_table() . ' WHERE event_group_id = %d', $group_id ) ); // WPCS: unprepared SQL OK.
254
if ( 'apply' == $type ) {
255
$warning = ( ! mc_compare_group_members( $group_id ) ) ? '<p class="warning">' . __( '<strong>NOTE:</strong> The group editable fields for the events in this group do not match', 'my-calendar' ) . '</p>' : '<p class="matched">' . __( 'The group editable fields for the events in this group match.', 'my-calendar' ) . '</p>';
256
} else {
@@ -838,7 +838,7 @@ function mc_check_group_data( $action, $post ) {
838
$event_span = ! empty( $post['event_span'] ) ? 1 : 0;
839
// Set location.
840
if ( 'none' != $location_preset ) {
841
- $location = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_locations_table() . ' WHERE location_id = %d', $location_preset ) ); // WPCS: unprepared SQL OK.
842
$event_label = $location->location_label;
843
$event_street = $location->location_street;
844
$event_street2 = $location->location_street2;
@@ -996,7 +996,7 @@ function mc_list_groups() {
996
$limit = '';
997
}
998
$query_limit = ( ( $current - 1 ) * $items_per_page );
999
- $events = $wpdb->get_results( $wpdb->prepare( 'SELECT SQL_CALC_FOUND_ROWS * FROM ' . my_calendar_table() . " $limit ORDER BY $sortbyvalue $sortbydirection LIMIT %d, %d", $query_limit, $items_per_page ) ); // WPCS: Unprepared SQL ok.
1000
$found_rows = $wpdb->get_col( 'SELECT FOUND_ROWS();' );
1001
$items = $found_rows[0];
1002
?>
@@ -1067,7 +1067,7 @@ function mc_list_groups() {
1067
</thead>
1068
<?php
1069
$class = '';
1070
- $categories = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_categories_table() ); // WPCS: unprepared SQL OK.
1071
foreach ( $events as $event ) {
1072
$class = ( 'alternate' == $class ) ? '' : 'alternate';
1073
$spam = ( 1 == $event->event_flagged ) ? ' spam' : '';
192
if ( intval( $event_id ) != $event_id ) {
193
return mc_show_error( __( 'Sorry! That\'s an invalid event key.', 'my-calendar' ), false );
194
} else {
195
+ $data = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_table() . ' WHERE event_id=%d LIMIT 1', $event_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
196
if ( empty( $data ) ) {
197
return mc_show_error( __( "Sorry! We couldn't find an event with that ID.", 'my-calendar' ), false );
198
}
226
// Just comparing a single field.
227
$query = "SELECT $field FROM " . my_calendar_table() . ' WHERE event_group_id = %d';
228
}
229
+ $results = $wpdb->get_results( $wpdb->prepare( $query, $group_id ), ARRAY_N ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
230
$count = count( $results );
231
for ( $i = 0; $i < $count; $i ++ ) {
232
$n = ( ( $i + 1 ) > $count - 1 ) ? 0 : $i + 1;
250
global $wpdb;
251
$event_id = (int) $_GET['event_id'];
252
$nonce = wp_create_nonce( 'my-calendar-nonce' );
253
+ $results = $wpdb->get_results( $wpdb->prepare( 'SELECT event_id, event_begin, event_time FROM ' . my_calendar_table() . ' WHERE event_group_id = %d', $group_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
254
if ( 'apply' == $type ) {
255
$warning = ( ! mc_compare_group_members( $group_id ) ) ? '<p class="warning">' . __( '<strong>NOTE:</strong> The group editable fields for the events in this group do not match', 'my-calendar' ) . '</p>' : '<p class="matched">' . __( 'The group editable fields for the events in this group match.', 'my-calendar' ) . '</p>';
256
} else {
838
$event_span = ! empty( $post['event_span'] ) ? 1 : 0;
839
// Set location.
840
if ( 'none' != $location_preset ) {
841
+ $location = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_locations_table() . ' WHERE location_id = %d', $location_preset ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
842
$event_label = $location->location_label;
843
$event_street = $location->location_street;
844
$event_street2 = $location->location_street2;
996
$limit = '';
997
}
998
$query_limit = ( ( $current - 1 ) * $items_per_page );
999
+ $events = $wpdb->get_results( $wpdb->prepare( 'SELECT SQL_CALC_FOUND_ROWS * FROM ' . my_calendar_table() . " $limit ORDER BY $sortbyvalue $sortbydirection LIMIT %d, %d", $query_limit, $items_per_page ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared
1000
$found_rows = $wpdb->get_col( 'SELECT FOUND_ROWS();' );
1001
$items = $found_rows[0];
1002
?>
1067
</thead>
1068
<?php
1069
$class = '';
1070
+ $categories = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_categories_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
1071
foreach ( $events as $event ) {
1072
$class = ( 'alternate' == $class ) ? '' : 'alternate';
1073
$spam = ( 1 == $event->event_flagged ) ? ' spam' : '';
my-calendar-install.php CHANGED
@@ -381,8 +381,8 @@ function mc_migrate_db() {
381
global $wpdb;
382
383
// Step 1) check if early escapement is needed.
384
- $count = $wpdb->get_var( 'SELECT count(1) from ' . my_calendar_event_table() ); // WPCS: unprepared SQL OK.
385
- $count2 = $wpdb->get_var( 'SELECT count(1) from ' . my_calendar_table() ); // WPCS: unprepared SQL OK.
386
if ( $count2 > 0 && $count > 0 ) {
387
return;
388
}
@@ -391,7 +391,7 @@ function mc_migrate_db() {
391
}
392
393
// Step 2) migrate events.
394
- $events = $wpdb->get_results( 'SELECT event_id, event_begin, event_time, event_end, event_endtime FROM ' . my_calendar_table() ); // WPCS: unprepared SQL OK.
395
foreach ( $events as $event ) {
396
// assign endtimes to all events.
397
if ( '00:00:00' == $event->event_endtime && '00:00:00' != $event->event_time ) {
@@ -472,7 +472,7 @@ function mc_check_location_table( $event, $locations ) {
472
function mc_transition_db() {
473
if ( 'true' != get_option( 'mc_remote' ) ) {
474
global $wpdb;
475
- $results = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_locations_table(), ARRAY_A ); // WPCS: unprepared SQL OK.
476
$locations = array();
477
foreach ( $results as $result ) {
478
$location_id = $result['location_id'];
@@ -480,7 +480,7 @@ function mc_transition_db() {
480
$hash = md5( serialize( $result ) );
481
$locations[ $location_id ] = $result;
482
}
483
- $results = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_categories_table() ); // WPCS: unprepared SQL OK.
484
foreach ( $results as $category ) {
485
$term = wp_insert_term( $category->category_name, 'mc-event-category' );
486
if ( ! is_wp_error( $term ) ) {
@@ -493,7 +493,7 @@ function mc_transition_db() {
493
}
494
}
495
}
496
- $results = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_table(), ARRAY_A ); // WPCS: unprepared SQL OK.
497
foreach ( $results as $event ) {
498
$post_id = mc_create_event_post( $event, $event['event_id'] );
499
mc_update_event( 'event_post', $post_id, $event['event_id'] );
@@ -562,7 +562,7 @@ function mc_check_imports() {
562
*/
563
function mc_transition_categories() {
564
global $wpdb;
565
- $results = $wpdb->get_results( 'SELECT event_id, event_category FROM ' . my_calendar_table() ); // WPCS: unprepared SQL OK.
566
foreach ( $results as $result ) {
567
$event_id = $result->event_id;
568
$category = $result->event_category;
381
global $wpdb;
382
383
// Step 1) check if early escapement is needed.
384
+ $count = $wpdb->get_var( 'SELECT count(1) from ' . my_calendar_event_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
385
+ $count2 = $wpdb->get_var( 'SELECT count(1) from ' . my_calendar_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
386
if ( $count2 > 0 && $count > 0 ) {
387
return;
388
}
391
}
392
393
// Step 2) migrate events.
394
+ $events = $wpdb->get_results( 'SELECT event_id, event_begin, event_time, event_end, event_endtime FROM ' . my_calendar_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
395
foreach ( $events as $event ) {
396
// assign endtimes to all events.
397
if ( '00:00:00' == $event->event_endtime && '00:00:00' != $event->event_time ) {
472
function mc_transition_db() {
473
if ( 'true' != get_option( 'mc_remote' ) ) {
474
global $wpdb;
475
+ $results = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_locations_table(), ARRAY_A ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
476
$locations = array();
477
foreach ( $results as $result ) {
478
$location_id = $result['location_id'];
480
$hash = md5( serialize( $result ) );
481
$locations[ $location_id ] = $result;
482
}
483
+ $results = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_categories_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
484
foreach ( $results as $category ) {
485
$term = wp_insert_term( $category->category_name, 'mc-event-category' );
486
if ( ! is_wp_error( $term ) ) {
493
}
494
}
495
}
496
+ $results = $wpdb->get_results( 'SELECT * FROM ' . my_calendar_table(), ARRAY_A ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
497
foreach ( $results as $event ) {
498
$post_id = mc_create_event_post( $event, $event['event_id'] );
499
mc_update_event( 'event_post', $post_id, $event['event_id'] );
562
*/
563
function mc_transition_categories() {
564
global $wpdb;
565
+ $results = $wpdb->get_results( 'SELECT event_id, event_category FROM ' . my_calendar_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
566
foreach ( $results as $result ) {
567
$event_id = $result->event_id;
568
$category = $result->event_category;
my-calendar-location-manager.php CHANGED
@@ -76,7 +76,7 @@ function mc_mass_delete_locations() {
76
$i ++;
77
}
78
$prepared = implode( ',', $prepare );
79
- $result = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_locations_table() . " WHERE location_id IN ($prepared)", $deleted ) ); // WPCS: unprepared SQL OK, PreparedSQLPlaceholders replacement count ok.
80
if ( 0 !== $result && false !== $result ) {
81
// Argument: array of event IDs.
82
do_action( 'mc_mass_delete_locations', $deleted );
@@ -132,7 +132,7 @@ function mc_manage_locations() {
132
}
133
134
$query_limit = ( ( $current - 1 ) * $items_per_page );
135
- $locations = $wpdb->get_results( $wpdb->prepare( 'SELECT SQL_CALC_FOUND_ROWS * FROM ' . my_calendar_locations_table() . " $search ORDER BY $orderby ASC LIMIT %d, %d", $query_limit, $items_per_page ) ); // WPCS: Unprepared SQL ok.
136
$found_rows = $wpdb->get_col( 'SELECT FOUND_ROWS();' );
137
$items = $found_rows[0];
138
76
$i ++;
77
}
78
$prepared = implode( ',', $prepare );
79
+ $result = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_locations_table() . " WHERE location_id IN ($prepared)", $deleted ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
80
if ( 0 !== $result && false !== $result ) {
81
// Argument: array of event IDs.
82
do_action( 'mc_mass_delete_locations', $deleted );
132
}
133
134
$query_limit = ( ( $current - 1 ) * $items_per_page );
135
+ $locations = $wpdb->get_results( $wpdb->prepare( 'SELECT SQL_CALC_FOUND_ROWS * FROM ' . my_calendar_locations_table() . " $search ORDER BY $orderby ASC LIMIT %d, %d", $query_limit, $items_per_page ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared
136
$found_rows = $wpdb->get_col( 'SELECT FOUND_ROWS();' );
137
$items = $found_rows[0];
138
my-calendar-locations.php CHANGED
@@ -25,7 +25,7 @@ if ( ! defined( 'ABSPATH' ) ) {
25
function mc_update_location( $field, $data, $location ) {
26
global $wpdb;
27
$field = sanitize_key( $field );
28
- $result = $wpdb->query( $wpdb->prepare( 'UPDATE ' . my_calendar_locations_table() . " SET $field = %d WHERE location_id=%d", $data, $location ) ); // WPCS: unprepared SQL ok.
29
30
return $result;
31
}
@@ -126,7 +126,7 @@ function my_calendar_add_locations() {
126
mc_show_error( __( 'Location could not be added to database', 'my-calendar' ) );
127
}
128
} elseif ( isset( $_GET['location_id'] ) && 'delete' == $_GET['mode'] ) {
129
- $results = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_locations_table() . ' WHERE location_id=%d', $_GET['location_id'] ) ); // WPCS: unprepared SQL ok.
130
do_action( 'mc_delete_location', $results, (int) $_GET['location_id'] );
131
if ( $results ) {
132
mc_show_notice( __( 'Location deleted successfully', 'my-calendar' ) );
@@ -263,7 +263,7 @@ function mc_show_location_form( $view = 'add', $loc_id = '' ) {
263
*/
264
function mc_get_location( $location_id ) {
265
global $wpdb;
266
- $location = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_locations_table() . ' WHERE location_id = %d', $location_id ) ); // WPCS: unprepared SQL ok.
267
268
return $location;
269
}
@@ -639,12 +639,12 @@ function mc_get_locations( $args ) {
639
// Prevent invalid order parameters.
640
$order = 'ASC';
641
}
642
- $valid_args = $wpdb->get_col( 'DESC ' . my_calendar_locations_table() ); // WPCS: unprepared SQL ok.
643
if ( ! ( in_array( $orderby, $valid_args ) ) ) {
644
// Prevent invalid order columns.
645
$orderby = 'location_label';
646
}
647
- $results = $wpdb->get_results( $wpdb->prepare( 'SELECT location_id,location_label FROM ' . my_calendar_locations_table() . ' WHERE %s = %s ORDER BY ' . $orderby . ' ' . $order, $where, $is ) ); // WPCS: unprepared SQL ok.
648
649
return apply_filters( 'mc_filter_results', $results, $args );
650
}
25
function mc_update_location( $field, $data, $location ) {
26
global $wpdb;
27
$field = sanitize_key( $field );
28
+ $result = $wpdb->query( $wpdb->prepare( 'UPDATE ' . my_calendar_locations_table() . " SET $field = %d WHERE location_id=%d", $data, $location ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQL.NotPrepared
29
30
return $result;
31
}
126
mc_show_error( __( 'Location could not be added to database', 'my-calendar' ) );
127
}
128
} elseif ( isset( $_GET['location_id'] ) && 'delete' == $_GET['mode'] ) {
129
+ $results = $wpdb->query( $wpdb->prepare( 'DELETE FROM ' . my_calendar_locations_table() . ' WHERE location_id=%d', $_GET['location_id'] ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
130
do_action( 'mc_delete_location', $results, (int) $_GET['location_id'] );
131
if ( $results ) {
132
mc_show_notice( __( 'Location deleted successfully', 'my-calendar' ) );
263
*/
264
function mc_get_location( $location_id ) {
265
global $wpdb;
266
+ $location = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . my_calendar_locations_table() . ' WHERE location_id = %d', $location_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
267
268
return $location;
269
}
639
// Prevent invalid order parameters.
640
$order = 'ASC';
641
}
642
+ $valid_args = $wpdb->get_col( 'DESC ' . my_calendar_locations_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
643
if ( ! ( in_array( $orderby, $valid_args ) ) ) {
644
// Prevent invalid order columns.
645
$orderby = 'location_label';
646
}
647
+ $results = $wpdb->get_results( $wpdb->prepare( 'SELECT location_id,location_label FROM ' . my_calendar_locations_table() . ' WHERE %s = %s ORDER BY ' . $orderby . ' ' . $order, $where, $is ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
648
649
return apply_filters( 'mc_filter_results', $results, $args );
650
}
my-calendar-output.php CHANGED
@@ -3011,7 +3011,7 @@ function mc_get_list_locations( $datatype, $full = true, $return_type = OBJECT )
3011
$select = '*';
3012
}
3013
// Value of $data is set in switch above. $select is same as data unless *.
3014
- $locations = $mcdb->get_results( "SELECT DISTINCT $select FROM " . my_calendar_locations_table() . " $where ORDER BY $data ASC", $return_type ); // WPCS: unprepared SQL ok.
3015
3016
return $locations;
3017
}
@@ -3030,9 +3030,9 @@ function my_calendar_show_locations( $datatype = 'name', $template = '' ) {
3030
$output = '<ul class="mc-locations">';
3031
foreach ( $locations as $key => $value ) {
3032
if ( 'hcard' != $datatype && '' != $template ) {
3033
- $label = stripslashes( $value->{$data} );
3034
$url = mc_maplink( $value, 'url', 'location' );
3035
- $output .= ( $url ) ? "<li>$url</li>" : "<li>$label</li>";
3036
} elseif ( 'hcard' == $datatype ) {
3037
$label = mc_hcard( $value, true, true, 'location' );
3038
$output .= "<li>$label</li>";
3011
$select = '*';
3012
}
3013
// Value of $data is set in switch above. $select is same as data unless *.
3014
+ $locations = $mcdb->get_results( "SELECT DISTINCT $select FROM " . my_calendar_locations_table() . " $where ORDER BY $data ASC", $return_type ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
3015
3016
return $locations;
3017
}
3030
$output = '<ul class="mc-locations">';
3031
foreach ( $locations as $key => $value ) {
3032
if ( 'hcard' != $datatype && '' != $template ) {
3033
+ $label = stripslashes( $value->{$datatype} );
3034
$url = mc_maplink( $value, 'url', 'location' );
3035
+ $output .= ( $url ) ? "<li><a href='" . esc_url( $url ) . "'>$label</a></li>" : "<li>$label</li>";
3036
} elseif ( 'hcard' == $datatype ) {
3037
$label = mc_hcard( $value, true, true, 'location' );
3038
$output .= "<li>$label</li>";
my-calendar-settings.php CHANGED
@@ -146,7 +146,7 @@ function my_calendar_import() {
146
}
147
foreach ( $event_ids as $value ) { // propagate event instances.
148
$sql = 'SELECT event_begin, event_time, event_end, event_endtime FROM ' . my_calendar_table() . ' WHERE event_id = %d';
149
- $event = $wpdb->get_results( $wpdb->prepare( $sql, $value ) ); // WPCS: unprepared SQL ok.
150
$event = $event[0];
151
$dates = array(
152
'event_begin' => $event->event_begin,
@@ -163,7 +163,7 @@ function my_calendar_import() {
163
$color = esc_sql( $key['category_colour'] );
164
$id = (int) $key['category_id'];
165
$catsql = 'INSERT INTO ' . my_calendar_categories_table() . ' SET category_id=%1$d, category_name=%2$s, category_color=%3$s ON DUPLICATE KEY UPDATE category_name=%2$s, category_color=%3$s;';
166
- $cats_results = $wpdb->query( $wpdb->prepare( $catsql, $id, $name, $color ) ); // WPCS: unprepared SQL ok.
167
}
168
$message = ( false !== $cats_results ) ? __( 'Categories imported successfully.', 'my-calendar' ) : __( 'Categories not imported.', 'my-calendar' );
169
$e_message = ( false !== $events_results ) ? __( 'Events imported successfully.', 'my-calendar' ) : __( 'Events not imported.', 'my-calendar' );
146
}
147
foreach ( $event_ids as $value ) { // propagate event instances.
148
$sql = 'SELECT event_begin, event_time, event_end, event_endtime FROM ' . my_calendar_table() . ' WHERE event_id = %d';
149
+ $event = $wpdb->get_results( $wpdb->prepare( $sql, $value ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
150
$event = $event[0];
151
$dates = array(
152
'event_begin' => $event->event_begin,
163
$color = esc_sql( $key['category_colour'] );
164
$id = (int) $key['category_id'];
165
$catsql = 'INSERT INTO ' . my_calendar_categories_table() . ' SET category_id=%1$d, category_name=%2$s, category_color=%3$s ON DUPLICATE KEY UPDATE category_name=%2$s, category_color=%3$s;';
166
+ $cats_results = $wpdb->query( $wpdb->prepare( $catsql, $id, $name, $color ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
167
}
168
$message = ( false !== $cats_results ) ? __( 'Categories imported successfully.', 'my-calendar' ) : __( 'Categories not imported.', 'my-calendar' );
169
$e_message = ( false !== $events_results ) ? __( 'Events imported successfully.', 'my-calendar' ) : __( 'Events not imported.', 'my-calendar' );
my-calendar-templates.php CHANGED
@@ -942,7 +942,7 @@ function mc_event_date_span( $group_id, $event_span, $dates = array() ) {
942
943
return $dates;
944
} else {
945
- $dates = $mcdb->get_results( $wpdb->prepare( 'SELECT occur_begin, occur_end FROM ' . my_calendar_event_table() . ' WHERE occur_group_id = %d ORDER BY occur_begin ASC', $group_id ) ); // WPCS: unprepared SQL ok.
946
set_transient( 'mc_event_date_span_' . $group_id . '_' . $event_span, $dates, HOUR_IN_SECONDS );
947
948
return $dates;
942
943
return $dates;
944
} else {
945
+ $dates = $mcdb->get_results( $wpdb->prepare( 'SELECT occur_begin, occur_end FROM ' . my_calendar_event_table() . ' WHERE occur_group_id = %d ORDER BY occur_begin ASC', $group_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
946
set_transient( 'mc_event_date_span_' . $group_id . '_' . $event_span, $dates, HOUR_IN_SECONDS );
947
948
return $dates;
my-calendar-upgrade-db.php CHANGED
@@ -22,7 +22,7 @@ function my_calendar_check_db() {
22
}
23
24
global $wpdb;
25
- $cols = $wpdb->get_col( 'DESC ' . my_calendar_table() ); // WPCS: unprepared SQL ok.
26
$needs_update = false;
27
28
if ( ! in_array( 'event_tickets', $cols ) ) {
22
}
23
24
global $wpdb;
25
+ $cols = $wpdb->get_col( 'DESC ' . my_calendar_table() ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
26
$needs_update = false;
27
28
if ( ! in_array( 'event_tickets', $cols ) ) {
my-calendar-widgets.php CHANGED
@@ -268,7 +268,7 @@ function mc_span_time( $group_id ) {
268
$mcdb = mc_remote_db();
269
}
270
$group_id = (int) $group_id;
271
- $dates = $mcdb->get_results( $wpdb->prepare( 'SELECT event_begin, event_time, event_end, event_endtime FROM ' . my_calendar_table() . ' WHERE event_group_id = %d ORDER BY event_begin ASC', $group_id ) ); // WPCS: unprepared SQL ok.
272
$count = count( $dates );
273
$last = $count - 1;
274
$begin = $dates[0]->event_begin . ' ' . $dates[0]->event_time;
268
$mcdb = mc_remote_db();
269
}
270
$group_id = (int) $group_id;
271
+ $dates = $mcdb->get_results( $wpdb->prepare( 'SELECT event_begin, event_time, event_end, event_endtime FROM ' . my_calendar_table() . ' WHERE event_group_id = %d ORDER BY event_begin ASC', $group_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
272
$count = count( $dates );
273
$last = $count - 1;
274
$begin = $dates[0]->event_begin . ' ' . $dates[0]->event_time;
my-calendar.php CHANGED
@@ -17,7 +17,7 @@
17
* License: GPL-2.0+
18
* License URI: http://www.gnu.org/license/gpl-2.0.txt
19
* Domain Path: lang
20
- * Version: 3.1.4
21
*/
22
23
/*
@@ -42,7 +42,7 @@ if ( ! defined( 'ABSPATH' ) ) {
42
}
43
44
global $mc_version, $wpdb;
45
- $mc_version = '3.1.4';
46
47
define( 'MC_DEBUG', false );
48
@@ -155,6 +155,10 @@ add_action( 'init', 'mc_start_session', 1 );
155
* Makes sure session is started to be able to save search results.
156
*/
157
function mc_start_session() {
158
$required_php_version = '5.4.0';
159
if ( version_compare( PHP_VERSION, $required_php_version, '<' ) ) {
160
if ( ! session_id() ) {
17
* License: GPL-2.0+
18
* License URI: http://www.gnu.org/license/gpl-2.0.txt
19
* Domain Path: lang
20
+ * Version: 3.1.5
21
*/
22
23
/*
42
}
43
44
global $mc_version, $wpdb;
45
+ $mc_version = '3.1.5';
46
47
define( 'MC_DEBUG', false );
48
155
* Makes sure session is started to be able to save search results.
156
*/
157
function mc_start_session() {
158
+ // Starting a session breaks the white screen check.
159
+ if ( isset( $_GET['wp_scrape_key'] ) ) {
160
+ return;
161
+ }
162
$required_php_version = '5.4.0';
163
if ( version_compare( PHP_VERSION, $required_php_version, '<' ) ) {
164
if ( ! session_id() ) {
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: calendar, dates, times, event, events, scheduling, schedule, event manager
5
Requires at least: 4.4
6
Tested up to: 5.0
7
Requires PHP: 5.3
8
- Stable tag: 3.1.4
9
Text domain: my-calendar
10
License: GPLv2 or later
11
@@ -85,6 +85,10 @@ Translating my plug-ins is always appreciated. Visit <a href="https://translate.
85
86
TODO: Support limiting views to multiple locations
87
88
= 3.1.4 =
89
90
* Bug fix: typo in category string parameter for ical output
5
Requires at least: 4.4
6
Tested up to: 5.0
7
Requires PHP: 5.3
8
+ Stable tag: 3.1.5
9
Text domain: my-calendar
10
License: GPLv2 or later
11
85
86
TODO: Support limiting views to multiple locations
87
88
+ = 3.1.5 =
89
+
90
+ * Bug fix: PHP error checking broken due to session creation
91
+
92
= 3.1.4 =
93
94
* Bug fix: typo in category string parameter for ical output