Count per Day - Version 3.5.5

Version Description

Bugfix: security fixes in export, referrer and mass bot functions

Release Info

Developer	Tom Braider
Plugin	Count per Day
Version	3.5.5
Comparing to
See all releases

Code changes from version 3.5.4 to 3.5.5

Files changed (4) hide show

counter-core.php +10 -1
counter-options.php +3 -3
counter.php +16 -8
readme.txt +5 -2

counter-core.php CHANGED Viewed

	@@ -507,7 +507,7 @@ function register_widgets()
507	*/
508	function showQueries()
509	{
510	- global $wpdb, $cpd_path, $cpd_version;
511
512	$serverinfo = (isset($wpdb->dbh->server_info)) ? $wpdb->dbh->server_info : mysql_get_server_info($wpdb->dbh);
513	$clientinfo = (isset($wpdb->dbh->client_info)) ? $wpdb->dbh->client_info : mysql_get_client_info();
	@@ -1042,9 +1042,18 @@ function export( $days = 180 )
1042	foreach ($rows as $row)
1043	{
1044	$row = (array) $row;








1045	$line = '"'.$row['date'].'";"'.long2ip($row['ip']).'";"'.$row['country'].'";"'
1046	.str_replace('"', ' ', $row['client']).'";"'.str_replace('"', ' ', $row['referer']).'";"'
1047	.abs($row['page']).'";"'.str_replace('"', ' ', $row['post']).'";"'.str_replace('"', ' ', $row['tag_cat_name']).'";"'.$row['tax'].'"'."\r\n";

1048	fwrite($f, $line);
1049	}
1050	$start += $part;


507	*/
508	function showQueries()
509	{
510	+ global $wpdb, $cpd_path, $cpd_version, $cpd_geoip_dir;
511
512	$serverinfo = (isset($wpdb->dbh->server_info)) ? $wpdb->dbh->server_info : mysql_get_server_info($wpdb->dbh);
513	$clientinfo = (isset($wpdb->dbh->client_info)) ? $wpdb->dbh->client_info : mysql_get_client_info();

1042	foreach ($rows as $row)
1043	{
1044	$row = (array) $row;
1045	+ // protect referer and client fields against CSV injection
1046	+ if($row['referer'][0] === "=" \|\| $row['referer'][0] === "+" \|\| $row['referer'][0] === "-" \|\| $row['referer'][0] === "@"){
1047	+ $row['referer'] = "'".$row['referer'];
1048	+ }
1049	+ if($row['client'][0] === "=" \|\| $row['client'][0] === "+" \|\| $row['client'][0] === "-" \|\| $row['client'][0] === "@"){
1050	+ $row['client'] = "'".$row['client'];
1051	+ }
1052	+
1053	$line = '"'.$row['date'].'";"'.long2ip($row['ip']).'";"'.$row['country'].'";"'
1054	.str_replace('"', ' ', $row['client']).'";"'.str_replace('"', ' ', $row['referer']).'";"'
1055	.abs($row['page']).'";"'.str_replace('"', ' ', $row['post']).'";"'.str_replace('"', ' ', $row['tag_cat_name']).'";"'.$row['tax'].'"'."\r\n";
1056	+
1057	fwrite($f, $line);
1058	}
1059	$start += $part;

counter-options.php CHANGED Viewed

	@@ -450,12 +450,12 @@ switch($mode) {
450	<?php // mass bots ?>
451	<div class="postbox">
452	<?php
453	- $limit = (isset($o['massbotlimit'])) ? $o['massbotlimit'] : 25;
454	- $limit = (isset($_POST['limit'])) ? $_POST['limit'] : $limit;
455	$limit_input = '<input type="text" size="3" name="limit" value="'.$limit.'" style="text-align:center" />';
456
457	if ( $limit == 0 )
458	- $limit = 50;
459	$bots = $count_per_day->getMassBots( $limit );
460	?>
461	<h3><span class="cpd_icon cpd_massbots"> </span> <?php _e('Mass Bots', 'cpd') ?></h3>


450	<?php // mass bots ?>
451	<div class="postbox">
452	<?php
453	+ $limit = (isset($o['massbotlimit'])) ? intval($o['massbotlimit']) : 25;
454	+ $limit = (isset($_POST['limit'])) ? intval($_POST['limit']) : $limit;
455	$limit_input = '<input type="text" size="3" name="limit" value="'.$limit.'" style="text-align:center" />';
456
457	if ( $limit == 0 )
458	+ $limit = 25;
459	$bots = $count_per_day->getMassBots( $limit );
460	?>
461	<h3><span class="cpd_icon cpd_massbots"> </span> <?php _e('Mass Bots', 'cpd') ?></h3>

counter.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Count Per Day
4	Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5	Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6	- Version: 3.5.4
7	License: Postcardware
8	Author: Tom Braider
9	Author URI: http://www.tomsdimension.de
	@@ -13,7 +13,7 @@ if (!defined('ABSPATH'))
13	exit;
14
15	$cpd_dir_name = 'count-per-day';
16	- $cpd_version = '3.5.4';
17
18	if (strpos($_SERVER['SERVER_NAME'], '.test'))
19	$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
	@@ -140,9 +140,15 @@ function count( $x, $page = 'x' )
140	$client = substr( $client, 0, $this->options['fieldlen'] );
141
142	$referer = ($this->options['referers'] && isset($_SERVER['HTTP_REFERER'])) ? wp_strip_all_tags($_SERVER['HTTP_REFERER']) : '';
143	- ~~if ($this->options['referers_cut'])~~
144	- ~~$referer~~ ~~= substr~~( ~~$referer, 0, strpos~~($referer,~~'?')~~ );
145	- ~~$referer = substr( $referer, 0, $this->options['fieldlen'] );~~






146
147	// new visitor on page?
148	$count = $this->mysqlQuery('var', $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->cpd_counter WHERE ip=$this->aton(%s) AND date=%s AND page=%d", $userip, $date, $page), 'count check '.__LINE__);
	@@ -1014,9 +1020,11 @@ function getReferers( $limit = 0, $return = false, $days = 0 )
1014	if ($res)
1015	foreach ( $res as $row )
1016	{
1017	- $ref = str_replace('&', '&', $row->referer);
1018	- ~~$ref2~~ ~~= str_replace~~(~~array~~(~~'http://', 'https://'), '',~~ $ref);
1019	- $r .= '<li~~><a~~ ~~href="'.$ref.'">'.$ref2.'</a>~~ <b>'.$row->count.'</b></li>';


1020	}
1021	$r .= '</ul>';
1022	if ($return) return $r; else echo $r;


3	Plugin Name: Count Per Day
4	Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5	Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6	+ Version: 3.5.5
7	License: Postcardware
8	Author: Tom Braider
9	Author URI: http://www.tomsdimension.de

13	exit;
14
15	$cpd_dir_name = 'count-per-day';
16	+ $cpd_version = '3.5.5';
17
18	if (strpos($_SERVER['SERVER_NAME'], '.test'))
19	$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');

140	$client = substr( $client, 0, $this->options['fieldlen'] );
141
142	$referer = ($this->options['referers'] && isset($_SERVER['HTTP_REFERER'])) ? wp_strip_all_tags($_SERVER['HTTP_REFERER']) : '';
143	+
144	+ if (filter_var($referer, FILTER_VALIDATE_URL))
145	+ {
146	+ if ($this->options['referers_cut'])
147	+ $referer = substr( $referer, 0, strpos($referer,'?') );
148	+ $referer = substr( $referer, 0, $this->options['fieldlen'] );
149	+ }
150	+ else
151	+ $referer = '';
152
153	// new visitor on page?
154	$count = $this->mysqlQuery('var', $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->cpd_counter WHERE ip=$this->aton(%s) AND date=%s AND page=%d", $userip, $date, $page), 'count check '.__LINE__);

1020	if ($res)
1021	foreach ( $res as $row )
1022	{
1023	+ $ref = str_replace('&', '&', esc_url($row->referer));
1024	+ if (empty($ref))
1025	+ $r .= '<li>- bad referrer - <b>'.$row->count.'</b></li>';
1026	+ else
1027	+ $r .= '<li><a href="'.$ref.'">'.str_replace(array('http://', 'https://'), '', $ref).'</a> <b>'.$row->count.'</b></li>';
1028	}
1029	$r .= '</ul>';
1030	if ($return) return $r; else echo $r;

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: Tom Braider
3	Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4	Requires at least: 3.0
5	- Tested up to: 4.6
6	- Stable tag: 3.5.4
7	License: Postcardware :)
8	Donate link: http://www.tomsdimension.de/postcards
9
	@@ -306,6 +306,9 @@ show( $before, $after, $show, $count, $page )'
306
307	== Changelog ==
308



309	= 3.5.4 =
310	+ Bugfix: check for IPv6 compatibility on settings page
311


2	Contributors: Tom Braider
3	Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4	Requires at least: 3.0
5	+ Tested up to: 4.7
6	+ Stable tag: 3.5.5
7	License: Postcardware :)
8	Donate link: http://www.tomsdimension.de/postcards
9

306
307	== Changelog ==
308
309	+ = 3.5.5 =
310	+ + Bugfix: security fixes in export, referrer and mass bot functions
311	+
312	= 3.5.4 =
313	+ Bugfix: check for IPv6 compatibility on settings page
314