Events Manager 2.2, security hole closed
Hello folks,
I just released Events Manager 2.2. It’s a minor upgrade, here is the changelog:
- Added a option to get events through a select
- Closed many bugs causing a notices/warning visible only in debug mode
- Closed a critical security hole discovered by Danilo Massa (to be released on May 10th)
The first point is the only proper feature, it allows you to use a select for the events venue. It’s something that comes in handy for people/organizations whose events take place in the same venues all the times.
The second point is something I should have done AGES ago. I put Worpress in debug mode and thus could see all the stuff that’s usually spitted directly into the error log. There were many small bugs, caused mainly by the lack of isset here and there. I believe there are still minor notice/warnings, but I got rid of most of them.
Point three is what urged me to release ASAP. Danilo Massa kindly notified me of a security hole in Events Manager, providing a simple one-liner to fix it. Since the vulnerability is pretty serious I hurried to apply Danilo’s patch and release 2.2.
This release is quite stable, it’s employed in a client portal, so you should have no problem with the upgrade.
Enjoy,
Davide
2010-04-13 at 11.22 pm
Ciao Davide, ho provato a installare Events Manager, ma ho ottenuto un errore all’attivazione del plugin, quindi ho riprovato con una installazione vergine di WP, ma quello che ottengo e’ Mentre con EM2.2 ottengo Ho controllato lo script segnalato e ho notato che non ci sono piu’ errori eliminando la parte tra le righe 1382 e 1472. Allora ho provato a eliminare progressivamente le istruzioni per accertare dove si verifica l’errore, ma sembra che il problema sia che (probabilmente solo su certe installazioni di PHP) i tag aperti in un modo all’inizio di una struttura devono essere aperti allo sesso modo alla fine della struttura. Quindi per esempio devi avere codice vario e non puoi invece scrivere Pero’ se correggo questo “errore”, quello che ottengo e’ questo
A questo punto sospetto un problema di compatibilita’ con WP2.9.2-IT PHP Version 5.2.8 Apache 2.2.11 Spero di esserti stato d’aiuto
2010-04-17 at 10.10 am
Hi,
thanks for this great plugin. I’m missing just one feature: the feature to easily edit the number – or time span – of shown events, as well in the widget as on the events page. I need more than just 10 events – I want to show all of my events in the coming six or twelve months, at least on the events page.
If you would introduce this in the settings of the plugin I’d consider it the perfect plugin
Best, Gero
2010-04-18 at 1.12 am
Hi there! Amazing plugin… one question/problem though:
On first load the calendar widget doesn’t target the “ajaxCalendar” (itself) for it’s prev/next links. It just targets the main frame… or something, I’m not very good at this. The ajaxCalendar does not define it’s target on FIRST load, but on subsequent clicks the prev/next month links work just fine, and “ajaxCalendar” is in the address they link to if you hover over the links, where it wasn’t on the first time you use them.
This is a problem when you are using ajax/javascript for more than one content area, ie if you are using a content slider for your main content. The Calendar widget ends up targeting my main slider which shows the next available page in its lineup.
Here’s a working example of my problem: http://iangreenlaw.cerenacat.com/wordpress/ When you click the next/prev links on the calendar, the main content gets changed as though you used my nav links. The calendar content DOES get changed to the next month, but so does my main content… this does not happen after the first time you use the calendar links, they behave properly after that.
Please also note that on first load the prev/next links access a “post” command rather than a “get” command, the get commands work just find and target the ajaxCalendar. Not sure what that means, though… like I said, I’m a beginner of sorts.
Is there anything that can be done to make the plugin more specific to target itself and not the main nav? Would be much more robust for use in slidingtabs type themes like this one (for ref I am using a modified “sleektabs” theme).
2010-04-20 at 11.13 pm
Will this work with WP3.0 beta soon?
2010-04-21 at 5.42 pm
Hi and thanks for this great plugin – basically just what I need!
However since the update I have one major problem: the “details” section of the event is entirely unavailable when I create or modify one (in HTML as in visual), so i can’t type in any additional text or upload any image….
Any thought ?
2010-04-21 at 5.45 pm
Ok nevermind I just found out it was compatibility problem with qTranslate… upon desactivating it, the “details” are now available…
Too bad, I really need qTranslate too
2010-04-22 at 2.58 am
Do you have the rsvp email corrected? I used to get all these errors printing on the screen above the site. Also, who is the “notification receiver”?
2010-04-22 at 10.20 am
Hi !
Good work so far, but what really needs to be done is a administration section where you can customise, add and delete fields needed for booking also required fields and form validation. I will do some changes…?!$
Best Greets Fog
2010-04-25 at 3.15 am
How can I change the language on the datepicker???? on an old install the datepicker is english but on a new wordpress installation and plugin install from 2.2 it’s in a differnt language? Where do I change it back to english??
Thanks! LOVE THE PLUGIN
2010-04-29 at 10.23 am
偶尔幽生活一默你会觉得很爽,但生活幽你一默就惨了……
2010-05-03 at 11.43 am
http://davidebenini.it/2010/04/10/events-manager-2-2-security-hole-closed/#comment-16025
Niko,
See dbemevents.php (2.2.2) row 1702 with qtranslatehooks.php (v2.5.7) row 314
Solution:
Install this plugin (CKEditor For WordPress 1.0 Beta2): http://wordpress.org/extend/plugins/ckeditor-for-wordpress/
And enjoy!
2010-05-03 at 1.38 pm
Sorry, out of action with CKEditor For WordPress 1.0 Beta2 in the Post/Page language switch-tab on top of editor. Uninstall CKEditor For WordPress 1.0 Beta2 and go to dbemevents.php (2.2.2) and delete rows 1693 to 1709 this:
<div id="" class="postarea">And paste this:
Next: Go to wp-admin/wp-admin.css and wp-admin/wp-admin.dev.css and replaces this:
.js .theEditor{color:white;}with:.js .theEditor{color:black;}Enjoy
2010-05-08 at 9.17 am
Hi I just tested your great plugin, but I cannot install it : it says (on WP 2.9.2 with EM 2.2.2) that :
Parse error: parse error in F:\sites\ocrav2\wp-content\plugins\events-manager\dbem_events.php on line 2288
Can you help me ?
2010-05-14 at 9.00 pm
Let us all know when this error is fixed, file is too long to easily find the problem spot.
Parse error: syntax error, unexpected $end in /{path-to-wp}/wp-content/plugins/events-manager/dbem_events.php on line 2358
2010-05-27 at 5.08 am
Great plugin. Much more thought out than some of the competing events plugins.
Just one small feature request – a closing date on RSVPs. Shutting off RSVPs once it’s hit a capacity limit is great, but it would also be nice to close RSVPs off at a certain date (say, a week before the event).
Other than that, top stuff!
2010-05-31 at 10.51 am
Hi,
does it work on wp3?
dont get it running on wp3.
grts,
Chris
2010-06-01 at 4.59 pm
Hi,
I’d like to display 2 event widgets on the same page. (one titled: Future Events and one Past events). But when I drag and drop it into the widgets bar, the widget dissapears from the Available Widgets.
The other widgets like Archive for example, can be used as many times as you like.
Do you know how this problem could be solved?
Cheers, Radu
2010-06-10 at 10.57 am
hi, i love your plugin! i would like to use it, but a need a important feature:
every user is able to show and edit all events. thats bad. its important that the users only see and change the own entries.
i have try to manage it with the plugin adminize. the problem is: it is possible to disable the menue for editing. but, if the user write and new event and klick “publish”, he will be listened all events and can change it then.
thank you
2010-06-23 at 11.19 pm
I’m using 2.2.2 with Wordpress 3.0. The automatic update did not work. I had to do a manual ftp upload instead. The only problem I’m seeing so far is that in Internet Explorer on the main Events page in the editor the list of events shows up very briefly and then dissapears. Looks like a just an IE display problem because it works fine in Firefox. If anyone else sees this and finds a fix for it please respond! Thanks
2010-06-24 at 2.15 pm
I have one recommendation for an improvement to the usability of this plugin.
In the current month (June), if I click the right arrows to move to the next month (July) and then click on a date in the calendar, the calendar immediately jumps back to the current month. Could the calendar be configured to show the month of the date of the event?
Thanks for a great plugin!
2010-07-01 at 6.54 am
Hi Davide,
Just wanted to say thank you for a great plugin. Though it took some time to figure out how to modify it for our use, it still is a great help to us to have it.
cheers.
2010-07-12 at 1.13 pm
Hi,
Thank you for your great plugin.
1- “Send book” button “Accept Text” is not readable because of text background colour.
2- Name, Phone, E-Mail should be integrated with user database
3- Booking List should be displayed with an attribute
2010-07-12 at 8.31 pm
Hi,
I just made a fresh install of wordpress 3.0 and installed the events manager plugin. It throws following warning message while activation.
The plugin generated 233 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.
Please advise
2010-07-26 at 11.29 pm
I just upgrade to the 2.2 release because of the mention of the security patch.
However, my event manager is now not working. I’m very green in regards to your program and have no idea how to fix.
This is what I get when I login to the admin.
WordPress database error: [Unknown column 'eventcategoryid' in 'field list']
2010-09-09 at 5.44 pm
Hi Davide,
Thanks a lot for this plugin, it rocks!
Three issues I am encountering:
Version 2.2 doesn’t populate the default values, I had to manually fill everything in. Not a big deal though.
The fields “Small calendar title” and “Small calendar title separator” are not set up in the database and can’t be saved, effectively disabling the event preview on the widget calendar.
Recurring events do not show up in the current month in the calendar widget. For the next month they show again.
Any idea when you can fix the last two at least? Or is there a workaround?
Cheers, Tom
2010-09-10 at 4.45 pm
Hi Davide, I’m holding off upgrading to 3.01 until you upgrade to 2.2.3.
My client wants to eliminate the end time for events. When I leave it blank a default time populates the field. Is there a way to have that field remain blank?
Thanks and love the plugin just like the other comments.
2010-10-07 at 9.45 am
To you all folks, EM 3.0 is about to be released, it should solve most of your problems. Davide
2011-03-14 at 3.39 pm
Good day intelligent points.. now why did not i think of these? Off subject barely, is that this page pattern merely from an bizarre set up or else do you employ a personalized template. I exploit a webpage i’m in search of to improve and nicely the visuals is likely one of many key issues to complete on my list.
2011-08-17 at 12.38 pm
Admiring the commitment you put into your website and detailed information you offer. It’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Excellent read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.
2011-08-24 at 6.25 am
Excellent weblog right here! Additionally your web site a lot up fast! What host are you the usage of? Can I get your affiliate link to your host? I wish my site loaded up as fast as yours lol.
2012-02-03 at 5.33 am
Recommeneded website…
below you’ll find the link to some sites that we think you should visit…