From 13197599feb224344042fb884b29bc25c1ce2502 Mon Sep 17 00:00:00 2001 From: Chuck Scott Date: Fri, 11 Aug 2017 16:27:10 -0400 Subject: [PATCH] Updated check for all common plugin PHP files being called directly and now sending user to /assets/404.html --- activate.php | 3 ++- deactivate.php | 3 ++- defines.php | 6 ++++++ index.php | 13 ++++++------- setup/adminHooks.php | 36 +++++++++++++++++++++++++++++++++--- uninstall.php | 3 ++- views/admin/events/list.html | 9 +++++++-- 7 files changed, 58 insertions(+), 15 deletions(-) diff --git a/activate.php b/activate.php index db1bb62..fcd6998 100644 --- a/activate.php +++ b/activate.php @@ -28,7 +28,8 @@ // Check that we're being called by WordPress. if (!defined('ABSPATH')) { - die("Please do not call this code directly!"); + header("Location: http://".$_SERVER['SERVER_NAME']."/error/404.html"); + die(); } require_once GLM_MEMBERS_EVENTS_PLUGIN_CLASS_PATH.'/data/dataFeedImport.php'; diff --git a/deactivate.php b/deactivate.php index ebb97e3..59bad4a 100644 --- a/deactivate.php +++ b/deactivate.php @@ -27,7 +27,8 @@ // Check that we're being called by WordPress. if (!defined('ABSPATH')) { - die("Please do not call this code directly!"); + header("Location: http://".$_SERVER['SERVER_NAME']."/error/404.html"); + die(); } /* diff --git a/defines.php b/defines.php index 9871eb5..067a6c3 100644 --- a/defines.php +++ b/defines.php @@ -5,6 +5,12 @@ * Set standard defined parameters */ +// Check that we're being called by WordPress. +if (!defined('ABSPATH')) { + header("Location: http://".$_SERVER['SERVER_NAME']."/error/404.html"); + die(); +} + // NOTE: Plugin & Database versions are defined in "/glm-member-db.php". define('GLM_MEMBERS_EVENTS_PLUGIN_NAME', 'Gaslight Media Members Database Events (events)'); diff --git a/index.php b/index.php index 6167a8b..2100314 100644 --- a/index.php +++ b/index.php @@ -9,7 +9,6 @@ * License: GPL2 */ - /** * Gaslight Media Members Database Events Add-On * Index @@ -23,6 +22,12 @@ * @version 1.6.57 */ +// Check that we're being called by WordPress. +if (!defined('ABSPATH')) { + header("Location: http://".$_SERVER['SERVER_NAME']."/error/404.html"); + die(); +} + /* * Plugin and Database Versions * @@ -66,12 +71,6 @@ if (GLM_MEMBERS_EVENTS_PLUGIN_VERSION != get_option('glmMembersDatabaseEventsPlu * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -// Check that we're being called by WordPress. -if (!defined('ABSPATH')) { - die("Please do not call this code directly!"); -} - /* * Some initial setup and tests */ diff --git a/setup/adminHooks.php b/setup/adminHooks.php index af1a1dc..3bc106f 100644 --- a/setup/adminHooks.php +++ b/setup/adminHooks.php @@ -43,20 +43,49 @@ add_filter('glm-member-db-admin-management-hooksHelp', function($content) { 2 ); +// Add hook to return event base data and all times for an event. add_filter( 'glm-member-db-events-get-events', function( $output ){ $events = $this->wpdb->get_results( "SELECT E.id,E.name,T1.start_time as start FROM " . GLM_MEMBERS_EVENTS_PLUGIN_DB_PREFIX . "events E, " . GLM_MEMBERS_EVENTS_PLUGIN_DB_PREFIX . "times T1 WHERE E.status = 10 - AND T1.event = E.id AND T1.start_time IN (SELECT MIN(start_time) - FROM " . GLM_MEMBERS_EVENTS_PLUGIN_DB_PREFIX . "times - WHERE event = E.id) + AND T1.event = E.id AND T1.start_time IN ( + SELECT MIN(start_time) + FROM " . GLM_MEMBERS_EVENTS_PLUGIN_DB_PREFIX . "times + WHERE event = E.id + ) ORDER BY E.name", ARRAY_A ); return $events; } ); + +// Add hook to return base event data for a specific event ID +add_filter( 'glm-member-db-events-get-event', function( $eventID ){ + + // Check for positive integer event ID + $eventId = ($eventID-0); + if ($eventId == 0) { + return $eventID; + } + + // Call dedicated model to get event base data + require_once GLM_MEMBERS_EVENTS_PLUGIN_CLASS_PATH.'/data/dataEvents.php'; + $EventData = new GlmDataEvents($this->wpdb, $this->config); + $eventData = $EventData->getEntry($eventId); + + // If we got good event base data, return that + if ($eventData) { + return $eventData; + } + + // Otherwise pass on the event ID + return $eventId; + +} ); + + add_filter( 'glm-member-db-dashboard-member-widgets', function ( $member = null ) { @@ -77,6 +106,7 @@ add_filter( ); + /* * Provide basic event data by Lat/Lon search for use as map items. * diff --git a/uninstall.php b/uninstall.php index f8d140a..c14e7a2 100644 --- a/uninstall.php +++ b/uninstall.php @@ -27,7 +27,8 @@ die('uninstall not configured - See plugin uninstall.php script!'); // Check that we're being called by WordPress. if (!defined('ABSPATH')) { - die("Please do not call this code directly!"); + header("Location: http://".$_SERVER['SERVER_NAME']."/error/404.html"); + die(); } //if uninstall not called from WordPress exit diff --git a/views/admin/events/list.html b/views/admin/events/list.html index b276465..67b53b5 100644 --- a/views/admin/events/list.html +++ b/views/admin/events/list.html @@ -115,10 +115,15 @@ {$e.lastDate} - Clone + Clone - View Event + View Event + + {$e_link = apply_filters('glm_members_add_link_to_event_list_entry', $e.id)} + {if $e_link} + {$e_link.title} + {/if} {/foreach} -- 2.17.1