Count per Day - Version 3.2.4

Version Description

  • Bigfix: security fix, check user permissions
Download this release

Release Info

Developer Tom Braider
Plugin Icon 128x128 Count per Day
Version 3.2.4
Comparing to
See all releases

Code changes from version 3.2.3 to 3.2.4

Files changed (5) hide show
  1. counter.php +2 -2
  2. massbots.php +10 -0
  3. notes.php +16 -3
  4. readme.txt +4 -1
  5. userperspan.php +10 -0
counter.php CHANGED
@@ -3,14 +3,14 @@
3
Plugin Name: Count Per Day
4
Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5
Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6
- Version: 3.2.3
7
License: Postcardware
8
Author: Tom Braider
9
Author URI: http://www.tomsdimension.de
10
*/
11
12
$cpd_dir_name = 'count-per-day';
13
- $cpd_version = '3.2.3';
14
15
$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
16
include_once($cpd_path.'counter-core.php');
3
Plugin Name: Count Per Day
4
Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5
Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6
+ Version: 3.2.4
7
License: Postcardware
8
Author: Tom Braider
9
Author URI: http://www.tomsdimension.de
10
*/
11
12
$cpd_dir_name = 'count-per-day';
13
+ $cpd_version = '3.2.4';
14
15
$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
16
include_once($cpd_path.'counter-core.php');
massbots.php CHANGED
@@ -3,6 +3,16 @@ if (!session_id()) session_start();
3
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
4
require_once($cpd_wp.'wp-load.php');
5
6
if ( isset($_GET['dmbip']) && isset($_GET['dmbdate']) )
7
{
8
$sql = $wpdb->prepare("
3
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
4
require_once($cpd_wp.'wp-load.php');
5
6
+ // check user
7
+ $o = get_option('count_per_day');
8
+ $can_see = str_replace(
9
+ // administrator, editor, author, contributor, subscriber
10
+ array(10, 7, 2, 1, 0),
11
+ array('manage_options', 'moderate_comments', 'edit_published_posts', 'edit_posts', 'read'),
12
+ $o['show_in_lists']);
13
+ if ( !current_user_can($can_see) )
14
+ die();
15
+
16
if ( isset($_GET['dmbip']) && isset($_GET['dmbdate']) )
17
{
18
$sql = $wpdb->prepare("
notes.php CHANGED
@@ -3,6 +3,16 @@ if (!session_id()) session_start();
3
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
4
require_once($cpd_wp.'wp-load.php');
5
6
// set default values
7
if ( isset($_POST['month']) )
8
$month = (int) $_POST['month'];
@@ -18,14 +28,17 @@ else if ( isset($_GET['year']) )
18
else
19
$year = date_i18n('Y');
20
21
// load notes
22
- $n = get_option('count_per_day_notes', array());
23
24
// save changes
25
if ( isset($_POST['new']) )
26
- $n[] = array( $_POST['date'], $_POST['note'] );
27
else if ( isset($_POST['edit']) )
28
- $n[$_POST['id']] = array( $_POST['date'], $_POST['note'] );
29
else if ( isset($_POST['delete']) )
30
unset($n[$_POST['id']]);
31
update_option('count_per_day_notes', $n);
3
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
4
require_once($cpd_wp.'wp-load.php');
5
6
+ // check user
7
+ $o = get_option('count_per_day');
8
+ $can_see = str_replace(
9
+ // administrator, editor, author, contributor, subscriber
10
+ array(10, 7, 2, 1, 0),
11
+ array('manage_options', 'moderate_comments', 'edit_published_posts', 'edit_posts', 'read'),
12
+ $o['show_in_lists']);
13
+ if ( !current_user_can($can_see) )
14
+ die();
15
+
16
// set default values
17
if ( isset($_POST['month']) )
18
$month = (int) $_POST['month'];
28
else
29
$year = date_i18n('Y');
30
31
+ $date = strip_tags($_POST['date']);
32
+ $note = strip_tags($_POST['note']);
33
+
34
// load notes
35
+ $n = (array) get_option('count_per_day_notes');
36
37
// save changes
38
if ( isset($_POST['new']) )
39
+ $n[] = array( $date, $note );
40
else if ( isset($_POST['edit']) )
41
+ $n[$_POST['id']] = array( $date, $note );
42
else if ( isset($_POST['delete']) )
43
unset($n[$_POST['id']]);
44
update_option('count_per_day_notes', $n);
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: Tom Braider
3
Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4
Requires at least: 3.0
5
Tested up to: 3.4.1
6
- Stable tag: 3.2.3
7
License: Postcardware :)
8
Donate link: http://www.tomsdimension.de/postcards
9
@@ -292,6 +292,9 @@ to check if plugin is activated.
292
293
== Changelog ==
294
295
= 3.2.3 =
296
+ Bugfix: security fix, XSS in search words, thanks to http://www.n0lab.com/?p=163
297
3
Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4
Requires at least: 3.0
5
Tested up to: 3.4.1
6
+ Stable tag: 3.2.4
7
License: Postcardware :)
8
Donate link: http://www.tomsdimension.de/postcards
9
292
293
== Changelog ==
294
295
+ = 3.2.4 =
296
+ + Bigfix: security fix, check user permissions
297
+
298
= 3.2.3 =
299
+ Bugfix: security fix, XSS in search words, thanks to http://www.n0lab.com/?p=163
300
userperspan.php CHANGED
@@ -3,6 +3,16 @@ if (!session_id()) session_start();
3
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
4
require_once($cpd_wp.'wp-load.php');
5
6
$cpd_datemin = ( !empty($_REQUEST['datemin']) ) ? wp_strip_all_tags($_REQUEST['datemin']) : date_i18n('Y-m-d', time() - 86400 * 14); // 14 days
7
$cpd_datemax = ( !empty($_REQUEST['datemax']) ) ? wp_strip_all_tags($_REQUEST['datemax']) : date_i18n('Y-m-d');
8
$cpd_page = ( isset($_REQUEST['page']) ) ? intval($_REQUEST['page']) : 0;
3
$cpd_wp = (!empty($_SESSION['cpd_wp'])) ? $_SESSION['cpd_wp'] : '../../../';
4
require_once($cpd_wp.'wp-load.php');
5
6
+ // check user
7
+ $o = get_option('count_per_day');
8
+ $can_see = str_replace(
9
+ // administrator, editor, author, contributor, subscriber
10
+ array(10, 7, 2, 1, 0),
11
+ array('manage_options', 'moderate_comments', 'edit_published_posts', 'edit_posts', 'read'),
12
+ $o['show_in_lists']);
13
+ if ( !current_user_can($can_see) )
14
+ die();
15
+
16
$cpd_datemin = ( !empty($_REQUEST['datemin']) ) ? wp_strip_all_tags($_REQUEST['datemin']) : date_i18n('Y-m-d', time() - 86400 * 14); // 14 days
17
$cpd_datemax = ( !empty($_REQUEST['datemax']) ) ? wp_strip_all_tags($_REQUEST['datemax']) : date_i18n('Y-m-d');
18
$cpd_page = ( isset($_REQUEST['page']) ) ? intval($_REQUEST['page']) : 0;