RSS feed

Nutsmuggling

10th
Apr
2010

Events Manager 2.2, security hole closed

Hello folks,
I just released Events Manager 2.2. It’s a minor upgrade, here is the changelog:

  • Added a option to get events through a select
  • Closed many bugs causing a notices/warning visible only in debug mode
  • Closed a critical security hole discovered by Danilo Massa (to be released on May 10th)

The first point is the only proper feature, it allows you to use a select for the events venue. It’s something that comes in handy for people/organizations whose events take place in the same venues all the times.

The second point is something I should have done AGES ago. I put Worpress in debug mode and thus could see all the stuff that’s usually spitted directly into the error log. There were many small bugs, caused mainly by the lack of isset here and there. I believe there are still minor notice/warnings, but I got rid of most of them.

Point three is what urged me to release ASAP. Danilo Massa kindly notified me of a security hole in Events Manager, providing a simple one-liner to fix it. Since the vulnerability is pretty serious I hurried to apply Danilo’s patch and release 2.2.

This release is quite stable, it’s employed in a client portal, so you should have no problem with the upgrade.

Enjoy,
Davide

Posted in Events Manager, Wordpress | 25 Comments »

Share and Enjoy:
  • Digg
  • del.icio.us
  • Google
  • Technorati
  • StumbleUpon
  • Furl
  • Reddit

25 responses to “Events Manager 2.2, security hole closed”

  1. Robbb says:
    April 13th, 2010 at 11:22 pm

    Ciao Davide, ho provato a installare Events Manager, ma ho ottenuto un errore all’attivazione del plugin, quindi ho riprovato con una installazione vergine di WP, ma quello che ottengo e’ Mentre con EM2.2 ottengo Ho controllato lo script segnalato e ho notato che non ci sono piu’ errori eliminando la parte tra le righe 1382 e 1472. Allora ho provato a eliminare progressivamente le istruzioni per accertare dove si verifica l’errore, ma sembra che il problema sia che (probabilmente solo su certe installazioni di PHP) i tag aperti in un modo all’inizio di una struttura devono essere aperti allo sesso modo alla fine della struttura. Quindi per esempio devi avere codice vario e non puoi invece scrivere Pero’ se correggo questo “errore”, quello che ottengo e’ questo

    A questo punto sospetto un problema di compatibilita’ con WP2.9.2-IT PHP Version 5.2.8 Apache 2.2.11 Spero di esserti stato d’aiuto

  2. Gero Pflueger says:
    April 17th, 2010 at 10:10 am

    Hi,

    thanks for this great plugin. I’m missing just one feature: the feature to easily edit the number – or time span – of shown events, as well in the widget as on the events page. I need more than just 10 events – I want to show all of my events in the coming six or twelve months, at least on the events page.

    If you would introduce this in the settings of the plugin I’d consider it the perfect plugin :)

    Best, Gero

  3. Ceri says:
    April 18th, 2010 at 1:12 am

    Hi there! Amazing plugin… one question/problem though:

    On first load the calendar widget doesn’t target the “ajaxCalendar” (itself) for it’s prev/next links. It just targets the main frame… or something, I’m not very good at this. The ajaxCalendar does not define it’s target on FIRST load, but on subsequent clicks the prev/next month links work just fine, and “ajaxCalendar” is in the address they link to if you hover over the links, where it wasn’t on the first time you use them.

    This is a problem when you are using ajax/javascript for more than one content area, ie if you are using a content slider for your main content. The Calendar widget ends up targeting my main slider which shows the next available page in its lineup.

    Here’s a working example of my problem: http://iangreenlaw.cerenacat.com/wordpress/ When you click the next/prev links on the calendar, the main content gets changed as though you used my nav links. The calendar content DOES get changed to the next month, but so does my main content… this does not happen after the first time you use the calendar links, they behave properly after that.

    Please also note that on first load the prev/next links access a “post” command rather than a “get” command, the get commands work just find and target the ajaxCalendar. Not sure what that means, though… like I said, I’m a beginner of sorts.

    Is there anything that can be done to make the plugin more specific to target itself and not the main nav? Would be much more robust for use in slidingtabs type themes like this one (for ref I am using a modified “sleektabs” theme).

  4. Mike says:
    April 20th, 2010 at 11:13 pm

    Will this work with WP3.0 beta soon?

  5. Niko says:
    April 21st, 2010 at 5:42 pm

    Hi and thanks for this great plugin – basically just what I need!

    However since the update I have one major problem: the “details” section of the event is entirely unavailable when I create or modify one (in HTML as in visual), so i can’t type in any additional text or upload any image….

    Any thought ?

  6. Niko says:
    April 21st, 2010 at 5:45 pm

    Ok nevermind I just found out it was compatibility problem with qTranslate… upon desactivating it, the “details” are now available…

    Too bad, I really need qTranslate too :-(

  7. dennis says:
    April 22nd, 2010 at 2:58 am

    Do you have the rsvp email corrected? I used to get all these errors printing on the screen above the site. Also, who is the “notification receiver”?

  8. fog says:
    April 22nd, 2010 at 10:20 am

    Hi !

    Good work so far, but what really needs to be done is a administration section where you can customise, add and delete fields needed for booking also required fields and form validation. I will do some changes…?!$

    Best Greets Fog

  9. Jeremy Legasse says:
    April 25th, 2010 at 3:15 am

    How can I change the language on the datepicker???? on an old install the datepicker is english but on a new wordpress installation and plugin install from 2.2 it’s in a differnt language? Where do I change it back to english??

    Thanks! LOVE THE PLUGIN

  10. Peter says:
    April 28th, 2010 at 10:08 pm

    We use you exelent plugin at site bluestime.ru – but have one problem. The days in the calendar are shoun like � � � – not the Mon|Tw|We… What is wrong?

  11. I房 says:
    April 29th, 2010 at 10:23 am

    偶尔幽生活一默你会觉得很爽,但生活幽你一默就惨了……

  12. Bitcause says:
    May 3rd, 2010 at 1:38 pm

    Sorry, out of action with CKEditor For WordPress 1.0 Beta2 in the Post/Page language switch-tab on top of editor. Uninstall CKEditor For WordPress 1.0 Beta2 and go to dbemevents.php (2.2.2) and delete rows 1693 to 1709 this: <div id="" class="postarea">

    And paste this: 

                    <?php the_editor($event [$pref . 'notes']); ?>


                </textarea><br/>
                    <?php _e('Details about the event', 'dbem') ?>
                </div>
            </div> <div style="clear:both;">

    Next: Go to wp-admin/wp-admin.css and wp-admin/wp-admin.dev.css and replaces this: .js .theEditor{color:white;} with: .js .theEditor{color:black;}

    Enjoy :)

  13. Samy says:
    May 8th, 2010 at 9:17 am

    Hi I just tested your great plugin, but I cannot install it : it says (on WP 2.9.2 with EM 2.2.2) that :

    Parse error: parse error in F:\sites\ocrav2\wp-content\plugins\events-manager\dbem_events.php on line 2288

    Can you help me ?

  14. Andy Blackwell says:
    May 14th, 2010 at 9:00 pm

    Let us all know when this error is fixed, file is too long to easily find the problem spot.

    Parse error: syntax error, unexpected $end in /{path-to-wp}/wp-content/plugins/events-manager/dbem_events.php on line 2358

  15. Nathan says:
    May 27th, 2010 at 5:08 am

    Great plugin. Much more thought out than some of the competing events plugins.

    Just one small feature request – a closing date on RSVPs. Shutting off RSVPs once it’s hit a capacity limit is great, but it would also be nice to close RSVPs off at a certain date (say, a week before the event).

    Other than that, top stuff!

  16. Chris says:
    May 31st, 2010 at 10:51 am

    Hi,

    does it work on wp3?

    dont get it running on wp3.

    grts,

    Chris

  17. Radu says:
    June 1st, 2010 at 4:59 pm

    Hi,

    I’d like to display 2 event widgets on the same page. (one titled: Future Events and one Past events). But when I drag and drop it into the widgets bar, the widget dissapears from the Available Widgets.

    The other widgets like Archive for example, can be used as many times as you like.

    Do you know how this problem could be solved?

    Cheers, Radu

  18. Sascha says:
    June 10th, 2010 at 10:57 am

    hi, i love your plugin! i would like to use it, but a need a important feature:

    every user is able to show and edit all events. thats bad. its important that the users only see and change the own entries.

    i have try to manage it with the plugin adminize. the problem is: it is possible to disable the menue for editing. but, if the user write and new event and klick “publish”, he will be listened all events and can change it then.

    thank you

  19. Maureen says:
    June 23rd, 2010 at 11:19 pm

    I’m using 2.2.2 with Wordpress 3.0. The automatic update did not work. I had to do a manual ftp upload instead. The only problem I’m seeing so far is that in Internet Explorer on the main Events page in the editor the list of events shows up very briefly and then dissapears. Looks like a just an IE display problem because it works fine in Firefox. If anyone else sees this and finds a fix for it please respond! Thanks :)

  20. Maureen says:
    June 24th, 2010 at 2:15 pm

    I have one recommendation for an improvement to the usability of this plugin.

    In the current month (June), if I click the right arrows to move to the next month (July) and then click on a date in the calendar, the calendar immediately jumps back to the current month. Could the calendar be configured to show the month of the date of the event?

    Thanks for a great plugin!

  21. Melvin says:
    July 1st, 2010 at 6:54 am

    Hi Davide,

    Just wanted to say thank you for a great plugin. Though it took some time to figure out how to modify it for our use, it still is a great help to us to have it.

    cheers.

  22. erkh says:
    July 12th, 2010 at 1:13 pm

    Hi,

    Thank you for your great plugin.

    1- “Send book” button “Accept Text” is not readable because of text background colour.

    2- Name, Phone, E-Mail should be integrated with user database

    3- Booking List should be displayed with an attribute

  23. Bhavi says:
    July 12th, 2010 at 8:31 pm

    Hi,

    I just made a fresh install of wordpress 3.0 and installed the events manager plugin. It throws following warning message while activation.

    The plugin generated 233 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.

    Please advise

  24. Raymond says:
    July 26th, 2010 at 11:29 pm

    I just upgrade to the 2.2 release because of the mention of the security patch.

    However, my event manager is now not working. I’m very green in regards to your program and have no idea how to fix.

    This is what I get when I login to the admin.

    WordPress database error: [Unknown column 'eventcategoryid' in 'field list']

  25. Latia Kanz says:
    September 3rd, 2010 at 2:34 am

    Thank you for the sensible critique. Me and my neighbor were just preparing to do some research about this. We got a grab a book from our local library but I think I learned more from this post. I am very glad to see such great information being shared freely out there.

Leave a Reply