Fix for add you event form and back slashes.

Also working with the filtering of the input fields.

diff --git a/index.php b/index.php
index 48eb46d..f8ce62b 100644 (file)
--- a/index.php
+++ b/index.php
@@ -3,7 +3,7 @@
  * Plugin Name: GLM Members Database Events
  * Plugin URI: http://www.gaslightmedia.com/
  * Description: Gaslight Media Members Database.
- * Version: 1.3.6
+ * Version: 1.3.7
  * Author: Chuck Scott
  * Author URI: http://www.gaslightmedia.com/
  * License: GPL2
@@ -20,7 +20,7 @@
  * @package glmMembersDatabaseEventsAddOn
  * @author Chuck Scott <cscott@gaslightmedia.com>
  * @license http://www.gaslightmedia.com Gaslightmedia
- * @version 1.3.6
+ * @version 1.3.7
  */
 
 /*
@@ -38,7 +38,7 @@
  *  so that we're sure the other add-ons see an up to date
  *  version from this plugin.
  */
-define('GLM_MEMBERS_EVENTS_PLUGIN_VERSION', '1.3.6');
+define('GLM_MEMBERS_EVENTS_PLUGIN_VERSION', '1.3.7');
 define('GLM_MEMBERS_EVENTS_PLUGIN_DB_VERSION', '0.0.22');
 
 // This is the minimum version of the GLM Members DB plugin require for this plugin.

diff --git a/models/front/events/frontAdd.php b/models/front/events/frontAdd.php
index bb6241e..682de6a 100644 (file)
--- a/models/front/events/frontAdd.php
+++ b/models/front/events/frontAdd.php
@@ -79,6 +79,23 @@ class GLmMembersFront_events_frontAdd extends GlmDataEvents
         }
     }
 
+    public function filterInput( $input, $raw = false )
+    {
+        if ( $raw ) {
+            return stripslashes( trim( filter_var( $input, FILTER_UNSAFE_RAW ) ) );
+        }
+        return stripslashes(
+            trim(
+                filter_var(
+                    str_replace( '"', '', $input ),
+                    FILTER_SANITIZE_STRING,
+                    array(
+                        'flags' => FILTER_FLAG_NO_ENCODE_QUOTES
+                    )
+                )
+            )
+        );
+    }
     /**
      * modelAction
      *
@@ -184,28 +201,25 @@ class GLmMembersFront_events_frontAdd extends GlmDataEvents
             $mysqlEnd = date("Y-m-d H:i:s",$ending_date);
 
             // events table data
-            $name       = trim(filter_var($_REQUEST['event_name'],FILTER_SANITIZE_STRING));
-            $intro      = trim(filter_var($_REQUEST['intro'],FILTER_SANITIZE_STRING));
-            $descr      = trim(filter_var($_REQUEST['descr'],FILTER_SANITIZE_STRING));
-            $cost       = trim(filter_var($_REQUEST['cost'],FILTER_SANITIZE_STRING));
-            $url        = trim(filter_var($_REQUEST['url'],FILTER_SANITIZE_STRING));
-            $admin_name = trim(filter_var($_REQUEST['admin_name'],FILTER_SANITIZE_STRING));
-            $admin_org  = trim(filter_var($_REQUEST['admin_org'],FILTER_SANITIZE_STRING));
-            $adminPhone = trim(filter_var($_REQUEST['admin_phone'],FILTER_SANITIZE_STRING));
-            $adminEmail = trim(filter_var($_REQUEST['admin_email'],FILTER_SANITIZE_STRING));
-            //$facebook   = trim(filter_var($_REQUEST['facebook'],FILTER_SANITIZE_STRING));
-            //$twitter    = trim(filter_var($_REQUEST['twitter'],FILTER_SANITIZE_STRING));
-
-            $contactFirst = trim(filter_var($_REQUEST['contact_fname'],FILTER_SANITIZE_STRING));
-            $contactLast  = trim(filter_var($_REQUEST['contact_lname'],FILTER_SANITIZE_STRING));
-            $place        = trim(filter_var($_REQUEST['place'],FILTER_SANITIZE_STRING));
-            $address      = trim(filter_var($_REQUEST['address'],FILTER_SANITIZE_STRING));
-            $city         = trim(filter_var($_REQUEST['city'],FILTER_SANITIZE_STRING));
-            $state        = trim(filter_var($_REQUEST['state'],FILTER_SANITIZE_STRING));
-            $zip          = trim(filter_var($_REQUEST['zip'],FILTER_SANITIZE_STRING));
-            $contactEmail = trim(filter_var($_REQUEST['contact_email'],FILTER_SANITIZE_STRING));
-            $contactPhone = trim(filter_var($_REQUEST['contact_phone'],FILTER_SANITIZE_STRING));
-            $fileDescr    = trim(filter_var($_REQUEST['fileDescription'],FILTER_SANITIZE_STRING));
+            $name         = $this->filterInput( $_REQUEST['event_name'] );
+            $intro        = $this->filterInput( $_REQUEST['intro'] );
+            $descr        = $this->filterInput( $_REQUEST['descr'], true );
+            $cost         = $this->filterInput( $_REQUEST['cost'] );
+            $url          = $this->filterInput( $_REQUEST['url'] );
+            $admin_name   = $this->filterInput( $_REQUEST['admin_name'] );
+            $admin_org    = $this->filterInput( $_REQUEST['admin_org'] );
+            $adminPhone   = $this->filterInput( $_REQUEST['admin_phone'] );
+            $adminEmail   = $this->filterInput( $_REQUEST['admin_email'] );
+            $contactFirst = $this->filterInput( $_REQUEST['contact_fname'] );
+            $contactLast  = $this->filterInput( $_REQUEST['contact_lname'] );
+            $place        = $this->filterInput( $_REQUEST['place'] );
+            $address      = $this->filterInput( $_REQUEST['address'] );
+            $city         = $this->filterInput( $_REQUEST['city'] );
+            $state        = $this->filterInput( $_REQUEST['state'] );
+            $zip          = $this->filterInput( $_REQUEST['zip'] );
+            $contactEmail = $this->filterInput( $_REQUEST['contact_email'] );
+            $contactPhone = $this->filterInput( $_REQUEST['contact_phone'] );
+            $fileDescr    = $this->filterInput( $_REQUEST['fileDescription'] );
 
             // get lat lon
             $latLon = $this->getGeoLocation( array($address, $city, $state) );