Headline
CVE-2019-5970: Attendance Manager
Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Details
- Reviews
- Installation
- Support
- Development
Visit The User’s Guide (ja)/(en) for more info.
An administrator can do all users’ attendance management.
And each user can do attendance management by themselves.
An attendance schedule is displayed by shortcords.
* Today’s staff
* Weekly schedule
* Monthly schedule
管理者は全てのユーザーの出勤管理ができます。
また、ユーザーも自分自身の出勤管理が可能です。
出勤スケジュールはショートコードで表示されます。
* 今日の出勤スタッフ
* 週間スケジュール
* 月間スケジュール
This plug-in makes several pages and data base tables automatically.
このプラグインはいくつかのページとデータベーステーブルを自動的に作ります。
Installation
Donwload plugin file (“attendance-manager.zip”)
プラグインファイル (“attendance-manager.zip”) をダウンロードします。Upload plugin file from Administrator menu “Plugins > Add New > Upload Plugin”.
管理画面「プラグイン > 新規追加 > プラグインのアップロード」からプラグインファイルをアップロードします。Activate the plugin.
プラグインを有効化します。
Plugin set up
Open the WordPress admin panel, and go to the plugin option page “Attendance Manager”.
管理画面を開き「Attendance Manager」メニューを開きます。Set up option item of some.
オプション項目を設定します。
User registration as “staff”
Register staff of your workplace as user.
職場のスタッフをユーザー登録します。When registering user, check “This user is a staff”.
登録の際、「このユーザーはスタッフです」をチェックします。In case of the registered user, check “This user is a staff” in a profile edit page of that user.
登録済みのユーザーの場合は、そのユーザーのプロフィール編集ページで「このユーザーはスタッフです」をチェックします。
Post each staff’s introduction article
Post each staff’s introduction article. (For example into a “staff” category etc.)
And insert short cord [attmgr_weekly id=”xx”] to that article.
- “id” is ID number of each user in your WordPress.
新たに各スタッフの紹介記事を投稿します。(例えば「スタッフ」カテゴリーなどに)
その記事に、ショートコード [attmgr_weekly id=”xx”] を挿入します。
- “id” はあなたのサイトにおける各ユーザーのID番号です。
Post a staff’s information
Post each staff’s information article. (For example, into a “staff” category etc.)
And insert short cord [attmgr_weekly id=”xx”] to that article.
This short code displays the weekly schedule of this staff.
各スタッフの紹介記事を投稿します。(例えば「スタッフ」カテゴリーなどに)
その記事に、ショートコード [attmgr_weekly id=”xx”] を挿入します。
このショートコードは、そのスタッフの週間スケジュールを表示するものです。
- “id” is ID number of each user in your WordPress.
“id” はあなたのサイトにおける各ユーザーのID番号です。
Attendance management
An administrator does all the user’s attendance management by a scheduler for admin.
管理者は管理者用スケジューラから全てのユーザーの出勤管理を行ないます。A staff logs in and does the attendance management by a scheduler for a staff.
スタッフはログインしてスタッフ専用スケジューラから自身の出勤管理を行ないます。
If you encounter some problems, please ask me.
Visit Trouble shooting (ja) for more info.
When the number of staff increases, the schedule is not reflected.
If the number of staff increases too much, the schedule may not be reflected.
This may be the upper limit of the number of POST items in your PHP.
In that case increase the value of “max_input_vars” in php.ini.
e.g.)
max_input_vars = 5000
スタッフ数を増えやしたらスケジュールが反映されなくなりました
スタッフ数が増えすぎるとスケジュールが反映されないことがあります。
それは、ご利用環境のPHPでのPOST項目数の上限かもしれません。
その場合、php.iniの “max_input_vars”の値を増やしてみてください。
例)
max_input_vars = 5000
Unfortunately, I never understood how to use this plugin. It lacks documentation and video tutorials. I followed the ReadMe documentation, yet staff never showed up on admin’s end. Sorry to give only 2 stars.
Straightforward, simple plugin. No bells and whistles. If you’re for example looking for a very simple tool to keep track of staff presence in the office, this will do it. In these “hybrid” (post-covid) times I find it very useful to be able to see who will be present in the office on which days and hours. Easier than using a shared on-line calendar. I hope the author will continue the development…
great plugin and really helped me a lot! though i hope you find a way for it to display only a specific user role in “Today’s Staff” something like this: [attmgr_daily role="administrator"] or [attmgr_daily role="accounting_department"] to check and see attendance of staff per department instead of the whole staff Also i hope you find a way to get the current user ID and display the weekly attendance of the current user like this: [attmgr_weekly id="$current_user"] because the only available shortcode the plugin has is the attendance of a specific user: [attmgr_weekly id="xx"] This would save me a lot! Thanks!
This is exactly what I was looking for. The plugin works great and when I ran into small trouble (which was caused by the Theme I was using) the developer responded very quickly when I send a mail. Try this! It works, my client is very happy now.
Read all 5 reviews
“Attendance Manager” is open source software. The following people have contributed to this plugin.
Contributors
- tnomi
0.6.0
- Fixed a link error with the shortcode [attmgr_daily] when business hours exceed midnight.
0.5.9
- Fixed a shortcode error when editing with the block editor.
0.5.8
- Fixed cURL timeout issue.
0.5.7
- Fixed a vulnerability issue.
0.5.6
- ‘Screen_icon’ on the admin-page has been deleted. And fixed some PHP ‘Notice’.
0.5.5
- Fixed some notices and warnings displayed in “WP_DEBUG” mode has been corrected.
0.5.4
- Bug fix in calendar navi.
0.5.3
- Shortcode ‘[attmgr_today_work id=”xx”]’ is added.
- The opening hours during midnight will be regarded as “Today”.
- Bug fix in calendar.
0.5.2
- The link of each staff can be given by “Edit User: Website(user_url)”.
- An option to use the user avatar on a staff’s portrait was added.
0.5.1
- An “action” URL of the “Settings” form was changed.
- Action hook “parse_request” was changed to “template_redirect”.
- These functions were changed, ATTMGR::current_page(), ATTMGR::current_user(), ATTMGR_Form::action(), ATTMGR_Form::access_control().
0.5.0
A “Date/Time Format” was added to the plugin option.
Several filter hook were added.- ‘attmgr_date_format’
- ‘attmgr_month_format’
- ‘attmgr_time_format’
- ‘attmgr_time_format_editor’
The schedule table name is given from a filter.
- ‘attmgr_schedule_table_name’
Several filter hook parameter were changed.
- ‘attmgr_shortcode_staff_scheduler’
- ‘attmgr_shortcode_admin_scheduler’
- ‘attmgr_shortcode_daily’
- ‘attmgr_shortcode_weekly’
- ‘attmgr_shortcode_weekly_all’
- ‘attmgr_shortcode_monthly_all’
Bug fix about submit processing in the scheduler.
Dutch translation (by Kleijheeg-san) was added.
0.4.5
Parameter “guide” was added to short code [attmgr_daily].
usage: [attmgr_daily guide="week"]
In this case, the link to each date in a week is shown.
The value of parameter “guide” are “week” or “1week”.
In a case of “1week”, the link to next week and previous week are not shown.
Parameter “guide” may omit. If “guide” is omitted, the link to each date is not shown.Parameter “past” was added to short code [attmgr_daily] and [attmgr_weekly_all] and [attmgr_monthly_all].
usage(1): [attmgr_daily guide="week" past="0"]
usage(2): [attmgr_weekly_all past="0"]
In this case, the link to the past is not shown.
Parameter “past” may omit, and default value of “past” is “true”.“font-size” in the of schedule table was changed.(front.css)
0.4.4
- Parameter “hide” was added to short code [attmgr_weekly].
usage: [attmgr_weekly id="xx" hide="1"]
In this case, it doesn’t show anything.
Parameter “hide” may omit, and default value of “hide” is “false”.
0.4.3
- Bug fix.
- Some filters were added.
- Media query is added to “front.css”.
0.4.2
- Some filters were added.
0.4.1
- Bug fix in “Monthly schedule”.
0.4.0
When time table is up to the next day like “23:00~08:00”, the schedule which continues from the previous day is displayed in “Today’s staff” until end time. (In this case, It is until 8:00.)
Time selection of a scheduler is helped.
When the start time was chosen, standard end time is chosen automatically.
And, the choices of end time are limited to time which is later from the start time.
If start time which is later from the end time is chosen, end time would be reset.
0.3.1
- Bug fix.
0.3.0
- Some style classes were added.
- Bug fix.
0.2.0
- first release.