Changeset 490070 for my-calendar
- Timestamp:
- 01/15/2012 01:22:22 AM (13 years ago)
- Location:
- my-calendar/trunk
- Files:
-
- 6 edited
-
my-calendar-event-manager.php (modified) (2 diffs)
-
my-calendar-group-manager.php (modified) (1 diff)
-
my-calendar-output.php (modified) (2 diffs)
-
my-calendar-settings.php (modified) (1 diff)
-
my-calendar.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
my-calendar/trunk/my-calendar-event-manager.php
r488257 r490070 375 375 mc_split_event( $event_id, $instance ); 376 376 } 377 $sql = "DELETE FROM " . my_calendar_table() . " WHERE event_id='" . mysql_real_escape_string($event_id). "'";377 $sql = "DELETE FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'"; 378 378 $wpdb->query($sql); 379 $sql = "SELECT event_id FROM " . my_calendar_table() . " WHERE event_id='" . mysql_real_escape_string($event_id). "'";379 $sql = "SELECT event_id FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "'"; 380 380 $result = $wpdb->get_results($sql); 381 381 if ( empty($result) || empty($result[0]->event_id) ) { … … 399 399 return "<div class=\"error\"><p>".__('Sorry! That\'s an invalid event key.','my-calendar')."</p></div>"; 400 400 } else { 401 $data = $wpdb->get_results("SELECT * FROM " . my_calendar_table() . " WHERE event_id='" . mysql_real_escape_string($event_id). "' LIMIT 1");401 $data = $wpdb->get_results("SELECT * FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "' LIMIT 1"); 402 402 if ( empty($data) ) { 403 403 return "<div class=\"error\"><p>".__("Sorry! We couldn't find an event with that ID.",'my-calendar')."</p></div>"; -
my-calendar/trunk/my-calendar-group-manager.php
r487273 r490070 168 168 return "<div class=\"error\"><p>".__('Sorry! That\'s an invalid event key.','my-calendar')."</p></div>"; 169 169 } else { 170 $data = $wpdb->get_results("SELECT * FROM " . my_calendar_table() . " WHERE event_id='" . mysql_real_escape_string($event_id). "' LIMIT 1");170 $data = $wpdb->get_results("SELECT * FROM " . my_calendar_table() . " WHERE event_id='" . (int) $event_id . "' LIMIT 1"); 171 171 if ( empty($data) ) { 172 172 return "<div class=\"error\"><p>".__("Sorry! We couldn't find an event with that ID.",'my-calendar')."</p></div>"; -
my-calendar/trunk/my-calendar-output.php
r487273 r490070 345 345 parse_str($_SERVER['QUERY_STRING'],$qsa); 346 346 foreach ($qsa as $name => $argument) { 347 $name = esc_url(strip_tags($argument)); 348 $argument = esc_url(strip_tags($argument)); 347 349 if ($name != 'month' && $name != 'yr' && $name != 'dy' ) { 348 350 $date_switcher .= '<input type="hidden" name="'.$name.'" value="'.$argument.'" />'; … … 441 443 $my_calendar_body .= apply_filters('mc_before_calendar','',$args); 442 444 $main_class = ( $name !='' )?sanitize_title($name):'all'; 443 $cid = ( isset($_GET['cid'] ) )? $_GET['cid']:'all';445 $cid = ( isset($_GET['cid'] ) )?wp_kses($_GET['cid']):'all'; 444 446 $format = ( mc_is_mobile() )?'list':$format; 445 447 $date_format = ( get_option('mc_date_format') != '' )?get_option('mc_date_format'):get_option('date_format'); -
my-calendar/trunk/my-calendar-settings.php
r487273 r490070 38 38 $name = mysql_real_escape_string($key['category_name']); 39 39 $color = mysql_real_escape_string($key['category_colour']); 40 $id = mysql_real_escape_string($key['category_id']);40 $id = (int) $key['category_id']; 41 41 $catsql = "INSERT INTO " . my_calendar_categories_table() . " SET 42 42 category_id='".$id."', -
my-calendar/trunk/my-calendar.php
r488257 r490070 6 6 Author: Joseph C Dolson 7 7 Author URI: http://www.joedolson.com 8 Version: 1.10. 18 Version: 1.10.2 9 9 */ 10 10 /* Copyright 2009-2012 Joe Dolson (email : joe@joedolson.com) … … 25 25 */ 26 26 global $mc_version, $wpdb; 27 $mc_version = '1.10. 1';27 $mc_version = '1.10.2'; 28 28 29 29 // Define the tables used in My Calendar -
my-calendar/trunk/readme.txt
r488257 r490070 80 80 81 81 == Changelog == 82 83 = 1.10.2 = 84 85 * Critical security update. Please upgrade promptly. Big thank you to Dean Batha for the bug report. 82 86 83 87 = 1.10.1 = … … 706 710 == Upgrade Notice == 707 711 712 - Version 1.10.2 is a CRITICAL SECURITY UPGRADE. Please upgrade promptly. 708 713 - Version 1.10.0 adds a printable view, multi-day events, and a few additional new options. 709 714 - Version 1.9.0 incorporated many new event editing and management options and a refresh of My Calendar's styles and scripts. Some changes will require updated styles or scripts to work properly. Updated JavaScript and styles <em>will not be installed by default</em>, in order to avoid overwriting any custom changes, but you can update styles and scripts on their editing pages.
Note: See TracChangeset
for help on using the changeset viewer.