Count per Day - Version 3.1.1

Version Description

Security update = + Bugfix: important fixes in map.php and download.php, thanks to http://6scan.com

Download this release

Release Info

Developer Tom Braider
Plugin Icon 128x128 Count per Day
Version 3.1.1
Comparing to
See all releases

Code changes from version 3.1 to 3.1.1

Files changed (7) hide show
  1. counter.php +2 -2
  2. download.php +7 -1
  3. geoip/GeoIP.dat +0 -0
  4. map/data.xml.php +1 -0
  5. map/map.php +6 -1
  6. map/settings.xml.php +1 -0
  7. readme.txt +6 -3
counter.php CHANGED
@@ -3,14 +3,14 @@
3
  Plugin Name: Count Per Day
4
  Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5
  Description: Counter, shows reads per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6
- Version: 3.1
7
  License: Postcardware
8
  Author: Tom Braider
9
  Author URI: http://www.tomsdimension.de
10
  */
11
 
12
  $cpd_dir_name = 'count-per-day';
13
- $cpd_version = '3.1';
14
 
15
  $cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
16
  include_once($cpd_path.'counter-core.php');
3
  Plugin Name: Count Per Day
4
  Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5
  Description: Counter, shows reads per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6
+ Version: 3.1.1
7
  License: Postcardware
8
  Author: Tom Braider
9
  Author URI: http://www.tomsdimension.de
10
  */
11
 
12
  $cpd_dir_name = 'count-per-day';
13
+ $cpd_version = '3.1.1';
14
 
15
  $cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
16
  include_once($cpd_path.'counter-core.php');
download.php CHANGED
@@ -6,9 +6,15 @@
6
  if ( empty($_GET['f']) || empty($_GET['n']) )
7
  die('no way');
8
  $file = sys_get_temp_dir().'/'.$_GET['f'];
 
 
9
  if (!file_exists($file))
10
  die('file not found');
11
  $name = stripslashes($_GET['n']);
12
  (substr($name, -2) == 'gz') ? header('Content-Type: application/x-gzip') : header('Content-Type: text/plain');
13
  header("Content-Disposition: attachment; filename=\"$name\"");
14
- readfile($file);
 
 
 
 
6
  if ( empty($_GET['f']) || empty($_GET['n']) )
7
  die('no way');
8
  $file = sys_get_temp_dir().'/'.$_GET['f'];
9
+ if ( !in_array(substr($file, -3), array('.gz','sql','txt','tmp')) || strpos($file, '..') !== false )
10
+ die('no way');
11
  if (!file_exists($file))
12
  die('file not found');
13
  $name = stripslashes($_GET['n']);
14
  (substr($name, -2) == 'gz') ? header('Content-Type: application/x-gzip') : header('Content-Type: text/plain');
15
  header("Content-Disposition: attachment; filename=\"$name\"");
16
+ readfile($file);
17
+
18
+
19
+
20
+
geoip/GeoIP.dat CHANGED
Binary file
map/data.xml.php CHANGED
@@ -7,6 +7,7 @@ $geoip = new GeoIPCpD();
7
  $data = array();
8
 
9
  $what = (empty($_GET['map'])) ? 'reads' : $_GET['map'];
 
10
 
11
  if ( $what == 'online' )
12
  {
7
  $data = array();
8
 
9
  $what = (empty($_GET['map'])) ? 'reads' : $_GET['map'];
10
+ $what = strip_tags($what);
11
 
12
  if ( $what == 'online' )
13
  {
map/map.php CHANGED
@@ -1,4 +1,9 @@
1
- <?php $what = (empty($_GET['map'])) ? 'reads' : $_GET['map']; ?>
 
 
 
 
 
2
 
3
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4
  <html xmlns="http://www.w3.org/1999/xhtml">
1
+ <?php
2
+ $what = (empty($_GET['map'])) ? 'reads' : $_GET['map'];
3
+ $what = strip_tags($what);
4
+ if ( !in_array($what, array('visitors','reads','online')) )
5
+ die();
6
+ ?>
7
 
8
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
9
  <html xmlns="http://www.w3.org/1999/xhtml">
map/settings.xml.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
  $what = (empty($_GET['map'])) ? 'Reads' : ucfirst($_GET['map']);
 
3
  $disable = (empty($_GET['min'])) ? '' : '<enabled>false</enabled>';
4
 
5
  header("content-type: text/xml; charset=utf-8");
1
  <?php
2
  $what = (empty($_GET['map'])) ? 'Reads' : ucfirst($_GET['map']);
3
+ $what = strip_tags($what);
4
  $disable = (empty($_GET['min'])) ? '' : '<enabled>false</enabled>';
5
 
6
  header("content-type: text/xml; charset=utf-8");
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: Tom Braider
3
  Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4
  Requires at least: 3.0
5
- Tested up to: 3.3
6
- Stable tag: 3.1
7
  License: Postcardware :)
8
  Donate link: http://www.tomsdimension.de/postcards
9
 
@@ -131,7 +131,7 @@ to check if plugin is activated.
131
  'count()'
132
 
133
  * only count reads, without any output
134
- * cpdShow call it
135
 
136
  'getFirstCount( $return )'
137
 
@@ -284,6 +284,9 @@ to check if plugin is activated.
284
 
285
  == Changelog ==
286
 
 
 
 
287
  = 3.1 =
288
  + New: memory check before backup to avoid "out of memory" error
289
  + New: create temporary backup files for download only
2
  Contributors: Tom Braider
3
  Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4
  Requires at least: 3.0
5
+ Tested up to: 3.3.1
6
+ Stable tag: 3.1.1
7
  License: Postcardware :)
8
  Donate link: http://www.tomsdimension.de/postcards
9
 
131
  'count()'
132
 
133
  * only count reads, without any output
134
+ * 'show' call it
135
 
136
  'getFirstCount( $return )'
137
 
284
 
285
  == Changelog ==
286
 
287
+ = 3.1.1 Security update =
288
+ + Bugfix: important fixes in map.php and download.php, thanks to http://6scan.com
289
+
290
  = 3.1 =
291
  + New: memory check before backup to avoid "out of memory" error
292
  + New: create temporary backup files for download only