Version Description
- Bigfix: security fix, check user permissions
Download this release
Release Info
| Developer | Tom Braider |
| Plugin |  Count per Day |
| Version | 3.2.4 |
| Comparing to | |
| See all releases | |
Code changes from version 3.2.3 to 3.2.4
- counter.php +2 -2
- massbots.php +10 -0
- notes.php +16 -3
- readme.txt +4 -1
- userperspan.php +10 -0
counter.php
CHANGED
|
@@ -3,14 +3,14 @@
|
|
| 3 |
Plugin Name: Count Per Day
|
| 4 |
Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
|
| 5 |
Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
|
| 6 |
-
Version: 3.2.
|
| 7 |
License: Postcardware
|
| 8 |
Author: Tom Braider
|
| 9 |
Author URI: http://www.tomsdimension.de
|
| 10 |
*/
|
| 11 |
|
| 12 |
$cpd_dir_name = 'count-per-day';
|
| 13 |
-
$cpd_version = '3.2.
|
| 14 |
|
| 15 |
$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
|
| 16 |
include_once($cpd_path.'counter-core.php');
|
| 3 |
Plugin Name: Count Per Day
|
| 4 |
Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
|
| 5 |
Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
|
| 6 |
+
Version: 3.2.4
|
| 7 |
License: Postcardware
|
| 8 |
Author: Tom Braider
|
| 9 |
Author URI: http://www.tomsdimension.de
|
| 10 |
*/
|
| 11 |
|
| 12 |
$cpd_dir_name = 'count-per-day';
|
| 13 |
+
$cpd_version = '3.2.4';
|
| 14 |
|
| 15 |
$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
|
| 16 |
include_once($cpd_path.'counter-core.php');
|
massbots.php
CHANGED
|
@@ -3,6 +3,16 @@ if (!session_id()) session_start();
|
|
| 3 |
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
|
| 4 |
require_once($cpd_wp.'wp-load.php');
|
| 5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
if ( isset($_GET['dmbip']) && isset($_GET['dmbdate']) )
|
| 7 |
{
|
| 8 |
$sql = $wpdb->prepare("
|
| 3 |
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
|
| 4 |
require_once($cpd_wp.'wp-load.php');
|
| 5 |
|
| 6 |
+
// check user
|
| 7 |
+
$o = get_option('count_per_day');
|
| 8 |
+
$can_see = str_replace(
|
| 9 |
+
// administrator, editor, author, contributor, subscriber
|
| 10 |
+
array(10, 7, 2, 1, 0),
|
| 11 |
+
array('manage_options', 'moderate_comments', 'edit_published_posts', 'edit_posts', 'read'),
|
| 12 |
+
$o['show_in_lists']);
|
| 13 |
+
if ( !current_user_can($can_see) )
|
| 14 |
+
die();
|
| 15 |
+
|
| 16 |
if ( isset($_GET['dmbip']) && isset($_GET['dmbdate']) )
|
| 17 |
{
|
| 18 |
$sql = $wpdb->prepare("
|
notes.php
CHANGED
|
@@ -3,6 +3,16 @@ if (!session_id()) session_start();
|
|
| 3 |
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
|
| 4 |
require_once($cpd_wp.'wp-load.php');
|
| 5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
// set default values
|
| 7 |
if ( isset($_POST['month']) )
|
| 8 |
$month = (int) $_POST['month'];
|
|
@@ -18,14 +28,17 @@ else if ( isset($_GET['year']) )
|
|
| 18 |
else
|
| 19 |
$year = date_i18n('Y');
|
| 20 |
|
|
|
|
|
|
|
|
|
|
| 21 |
// load notes
|
| 22 |
-
$n = get_option('count_per_day_notes'
|
| 23 |
|
| 24 |
// save changes
|
| 25 |
if ( isset($_POST['new']) )
|
| 26 |
-
$n[] = array( $
|
| 27 |
else if ( isset($_POST['edit']) )
|
| 28 |
-
$n[$_POST['id']] = array( $
|
| 29 |
else if ( isset($_POST['delete']) )
|
| 30 |
unset($n[$_POST['id']]);
|
| 31 |
update_option('count_per_day_notes', $n);
|
| 3 |
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
|
| 4 |
require_once($cpd_wp.'wp-load.php');
|
| 5 |
|
| 6 |
+
// check user
|
| 7 |
+
$o = get_option('count_per_day');
|
| 8 |
+
$can_see = str_replace(
|
| 9 |
+
// administrator, editor, author, contributor, subscriber
|
| 10 |
+
array(10, 7, 2, 1, 0),
|
| 11 |
+
array('manage_options', 'moderate_comments', 'edit_published_posts', 'edit_posts', 'read'),
|
| 12 |
+
$o['show_in_lists']);
|
| 13 |
+
if ( !current_user_can($can_see) )
|
| 14 |
+
die();
|
| 15 |
+
|
| 16 |
// set default values
|
| 17 |
if ( isset($_POST['month']) )
|
| 18 |
$month = (int) $_POST['month'];
|
| 28 |
else
|
| 29 |
$year = date_i18n('Y');
|
| 30 |
|
| 31 |
+
$date = strip_tags($_POST['date']);
|
| 32 |
+
$note = strip_tags($_POST['note']);
|
| 33 |
+
|
| 34 |
// load notes
|
| 35 |
+
$n = (array) get_option('count_per_day_notes');
|
| 36 |
|
| 37 |
// save changes
|
| 38 |
if ( isset($_POST['new']) )
|
| 39 |
+
$n[] = array( $date, $note );
|
| 40 |
else if ( isset($_POST['edit']) )
|
| 41 |
+
$n[$_POST['id']] = array( $date, $note );
|
| 42 |
else if ( isset($_POST['delete']) )
|
| 43 |
unset($n[$_POST['id']]);
|
| 44 |
update_option('count_per_day_notes', $n);
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: Tom Braider
|
|
| 3 |
Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
|
| 4 |
Requires at least: 3.0
|
| 5 |
Tested up to: 3.4.1
|
| 6 |
-
Stable tag: 3.2.
|
| 7 |
License: Postcardware :)
|
| 8 |
Donate link: http://www.tomsdimension.de/postcards
|
| 9 |
|
|
@@ -292,6 +292,9 @@ to check if plugin is activated.
|
|
| 292 |
|
| 293 |
== Changelog ==
|
| 294 |
|
|
|
|
|
|
|
|
|
|
| 295 |
= 3.2.3 =
|
| 296 |
+ Bugfix: security fix, XSS in search words, thanks to http://www.n0lab.com/?p=163
|
| 297 |
|
| 3 |
Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
|
| 4 |
Requires at least: 3.0
|
| 5 |
Tested up to: 3.4.1
|
| 6 |
+
Stable tag: 3.2.4
|
| 7 |
License: Postcardware :)
|
| 8 |
Donate link: http://www.tomsdimension.de/postcards
|
| 9 |
|
| 292 |
|
| 293 |
== Changelog ==
|
| 294 |
|
| 295 |
+
= 3.2.4 =
|
| 296 |
+
+ Bigfix: security fix, check user permissions
|
| 297 |
+
|
| 298 |
= 3.2.3 =
|
| 299 |
+ Bugfix: security fix, XSS in search words, thanks to http://www.n0lab.com/?p=163
|
| 300 |
|
userperspan.php
CHANGED
|
@@ -3,6 +3,16 @@ if (!session_id()) session_start();
|
|
| 3 |
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
|
| 4 |
require_once($cpd_wp.'wp-load.php');
|
| 5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
$cpd_datemin = ( !empty($_REQUEST['datemin']) ) ? wp_strip_all_tags($_REQUEST['datemin']) : date_i18n('Y-m-d', time() - 86400 * 14); // 14 days
|
| 7 |
$cpd_datemax = ( !empty($_REQUEST['datemax']) ) ? wp_strip_all_tags($_REQUEST['datemax']) : date_i18n('Y-m-d');
|
| 8 |
$cpd_page = ( isset($_REQUEST['page']) ) ? intval($_REQUEST['page']) : 0;
|
| 3 |
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
|
| 4 |
require_once($cpd_wp.'wp-load.php');
|
| 5 |
|
| 6 |
+
// check user
|
| 7 |
+
$o = get_option('count_per_day');
|
| 8 |
+
$can_see = str_replace(
|
| 9 |
+
// administrator, editor, author, contributor, subscriber
|
| 10 |
+
array(10, 7, 2, 1, 0),
|
| 11 |
+
array('manage_options', 'moderate_comments', 'edit_published_posts', 'edit_posts', 'read'),
|
| 12 |
+
$o['show_in_lists']);
|
| 13 |
+
if ( !current_user_can($can_see) )
|
| 14 |
+
die();
|
| 15 |
+
|
| 16 |
$cpd_datemin = ( !empty($_REQUEST['datemin']) ) ? wp_strip_all_tags($_REQUEST['datemin']) : date_i18n('Y-m-d', time() - 86400 * 14); // 14 days
|
| 17 |
$cpd_datemax = ( !empty($_REQUEST['datemax']) ) ? wp_strip_all_tags($_REQUEST['datemax']) : date_i18n('Y-m-d');
|
| 18 |
$cpd_page = ( isset($_REQUEST['page']) ) ? intval($_REQUEST['page']) : 0;
|
