Abigailm

Darian, I am sorrry but I don’t have time to set up a staging site — it’s easier for me to just stick with version 7.3.0 for now. I can see from other thread here that I am not the only one with this problem. I think it’s obvious that the 7.3.1 release is buggy, at least on some installation. I look forward to whenever you are ready to incorporate the many code changes you have suggested into your next release.

It’s not a browser cache issue — I cleared all caches every step along the way.

The website is at https://www.davistraining.info/events/month/ — but currently is rolled back to 7.3.0 — so you aren’t going to see the issue.

And here is the screenshot of my settings that you asked for:

And here is what the source code on the page looks like. Again, this items are displaying because there does not seem to be any corresponding css specs for the defined class:

OK, I had to create a new account at Imgur to get things working.

Here is the Javascript console error:

I did already try to make that change – it didn’t help. I tried again today — here’s a picture of my edit:
I tried uploading screenshots to Imgur but that site is giving me problems right now.

I can tell you what I have found.
With version 7.3.1, both with and without the changed line of code you provided, the console shows a Javascript error at legend-superpowers.js:129
TypeError: Cannot read properties of null (reading ‘length’)

For the categories, the source code for the page shows all hidden categories loaded as <li class=”teccc-hidden-category”> … but there is no corresponding CSS style set for that class. So of course the text is displayed on the page. When I rolled back to 7.30, the source code doesn’t show the hidden categories as being included at all.

Andy — thanks for the code — I tried plugging that in and it did not resolve the problem.

Basically we have dozens of categories & subcategories set up on our calendar — but we only want a handful of main categories to display on the month view. And we do use the Legend Superpowers feature, because it really is useful with a crowded calendar. We haven’t bothered assiging colors to the many subcategories we want hidden. So what happens with the upgrade instead of just the legend with the assigned colors at the top, we have those items listed- but also another 5 lines of text with all the titles that are supposed to be hidden. And as noted, the Superpowers feature stops working.

Darian — I appreciate your suggestion, but I don’t have time to mess with a staging site. I rolled back to 7.3.0 and things are working fine — it is only an issue introduced with the update.

Thanks — it looks like the email is coming from the TEC plugin. I have been working with their support team, but they requested that I also contact you to determine whether there are issues tied to EDD that might be causing this.

Same here — except that I have had the free plugin even longer — and also purchased the addons bundle so long ago that I can’t find a record of it. However, I just searched my emails and I found an old email dated November 12, 2022 that I hadn’t seen before, with this text: (So almost a year ago).

Subject: [PayPal Notice] An important update to the plugin pricing model

This is Vova from Shortcodes Ultimate.

I’m excited to announce that Shortcodes Ultimate will transition from selling Premium Add-Ons to Pro versions on Wednesday, 2 November 2022. This will bypass the burden our customers have to bear when installing multiple add-ons, which can create incompatibility issues, conflicts, and other problems. It will also make shipping features much faster, as we will no longer need to assess compatibility between individual add-ons and the core plugin.?

To learn more about these updates, please?read the announcement.

Important to note:

• There’s a new way to access premium features called?Shortcodes Ultimate Pro.
• Premium add-ons will continue receiving updates until October 31, 2025.
• Premium add-ons are no longer for sale.

We’ve also partnered with WordPress sales platform Freemius and will be making some changes to the plugin pricing model. We believe this is a step in the right direction that will allow us to dedicate more time to product development and support to ensure that our customers receive excellent service.

Here’s a link to the announcement on their website:
https://getshortcodes.com/shortcodes-ultimates-pricing-update/

I think we’re ok to ignore the renewal request unless there is something in particular you want/need with the plugin.

I am replacing with the MC4WP plugin https://www.ads-software.com/plugins/mailchimp-for-wp/

I am doing this gradually, on multiple sites — but so far finding integration very easy and intuitive. Since various websites have different integrations, I need to do this step-by-step. But so far I haven’t run into any problems. I always check support forum activity before installing a new plugin, and response time from their developer seems quite rapid.

I’m willing to give some grace to allow developers time to debug and make needed corrections to their code, but I would expect at least some sort of response with an indicated time frame.

To developers: please respond! I also have this notice from Wordfence — and I will be replacing this plugin with another on multiple websites if this issue will not be resolved soon.

This appears to be a serious issue – from Wordfence:

The Easy Forms for Mailchimp plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘sql_error’ parameter in versions up to, and including, 6.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Hello — I have also had the same issue and this thread was brought to my attention by someone at TEC premium support. I think the long-term solution is for the TEC developers to code their REST API call so that it generates a header with a character request that meets the gatekeeping function of OWASP rule #920600

However, there is a way to write and deploy an exception to any OWASP rule. There is some info on syntax for getting around false positives here:
https://coraza.io/docs/seclang/syntax/

I’m guessing that an exception can be written to bypass the OWASP rule based on some part of the string /wp-json/tribe/views/v2/html — I haven’t gotten around to trying that yet — but I’ll post here if I do come up with a solution. For now I have simply disabled OWASP 920600 on the domain that has the event calendar plugin.

Please understand that even if warnings do not display on the website, they are logged, and on a busy website these PHP warning messages can cause log files to grow very rapidly.

I just updated a site to PHP 8.1 and am seeing the same error message –so obviously not patched as of now.

PHP Warning: Undefined array key “exclude_current” in …/wp-content/plugins/ultimate-posts-widget/ultimate-posts-widget.php on line 135

This is a fairly high-traffic website and I’ve only seen this error once so far in my logs, so I’m not sure what is triggering it.

Same issue (also reported) — but I am seeing the <pubDate> in the raw RSS feed correctly — the problem is that old events are being served up along with new events, in seemingly random order, and since the RSS feed settings serve up only 10 events, then newer ones weren’t showing.

I figured out a workaround — with one downside.

I used bulk edit to set all the PAST events tied to my RSS feeds to “Private”. That solved the problem for the RSS feeds, since they are displayed on separate sites — so simply won’t serve up anything set as private.

The downside is that visitors to the site can’t use the back button on event list pages to see past events (unless they are logged-in users). But for me, it’s a lot more important that people can get notice and see upcoming events than event history. I’m hoping that this will be fixed within a short time frame.