i dont know if its been fixed or even if it is needed but i found a bug from a google search?? in calendar.php the $month and $year can be given incorrect syntax in the address line ie
?month=-2z4&year=-2259
resulting in SQL errors
i made a fix of sorts
// security fix if( empty( $month ) ){ $month = $a_current['month']; }else{ $month = is_numeric($month) ? abs(intval($month)) : $a_current['month']; if ($month > 12){ $month = $a_current['month']; } } if( empty( $year ) ){ $year = $a_current['year']; }else{ $year = is_numeric($year) ? abs(intval($year)) : $a_current['year']; if ( $year > 31){ $year = $a_current['year']; } }// security fix
inserted above
$month_name = $a_monthnames[ $month ];