Skip to main content
NetterTech
Event management for WordPress, done right.

NetterTech Events 1.0.2

v1.0.2

The first public release on WordPress.org. Version 1.0.2 closes out the WordPress.org plugin review with a second round of compliance remediation on top of the 1.0.1 prefix rename. Every item landed as a focused root-cause refactor rather than an inline suppression. No new functionality.

Changed

  • Output escaping refactored across blocks, Beaver Builder modules, frontend shortcodes, admin/repository/service classes, and templates. A custom wp_kses allowlist helper preserves the SVG, ARIA, and data-* attributes that wp_kses_post would otherwise strip.
  • Service classes (RecurrenceRuleBuilder, TicketTypeSaver, CheckInEmailSaver, AttendeeFieldsSaveHandler) no longer read $_POST directly. Callers pass verified data after nonce and capability checks, and bulk-action handlers extract input only after nonce verification.
  • SecurityHeaders re-anchored to the current_screen and WP_Screen API instead of reading $_GET early in admin_init.
  • Calendar shortcode URL parameters moved to registered query vars (nettertech_events_calendar_month and ..._date). Legacy ?month= and ?date= URLs 301-redirect to the prefixed format.
  • Dynamic hook patterns replaced with fixed Hooks::* constants; what was previously encoded in the hook-name suffix now arrives as an action argument. Backward-compatible bridges fire the deprecated names alongside the canonical ones and will be removed in 2.0.
  • Template loader now passes a typed TemplateContext (or EmailContext for email templates) as a single $context parameter. Thirty-two templates refactored to property-style access.

Fixed

  • Settings input, the ticket-cart JSON payload, and bulk actions now sanitize at the request boundary.
  • EventTemplateResolver::can_preview_event() closed a gap where a malformed ?preview= value could skip nonce verification.

Packaging

  • Vendor documentation (per-library licenses, notices, changelogs, tests, and examples) excluded from the distribution zip. Bundled-library attribution is consolidated in readme.txt. The dual-licensed chillerlan/php-qrcode dependency is used under MIT, which is GPL-2.0 compatible.
  • Readable block source (blocks/*/src/index.jsx) ships alongside the compiled output, with a “Source Code & Build” section in readme.txt and the rebuild command.

Requirements

  • WordPress 6.5+
  • PHP 8.2+
  • WooCommerce 8.5+ (for ticketing)