Count per Day - Version 3.5.5

Version Description

  • Bugfix: security fixes in export, referrer and mass bot functions
Download this release

Release Info

Developer Tom Braider
Plugin Icon 128x128 Count per Day
Version 3.5.5
Comparing to
See all releases

Code changes from version 3.5.4 to 3.5.5

Files changed (4) hide show
  1. counter-core.php +10 -1
  2. counter-options.php +3 -3
  3. counter.php +16 -8
  4. readme.txt +5 -2
counter-core.php CHANGED
@@ -507,7 +507,7 @@ function register_widgets()
507
*/
508
function showQueries()
509
{
510
- global $wpdb, $cpd_path, $cpd_version;
511
512
$serverinfo = (isset($wpdb->dbh->server_info)) ? $wpdb->dbh->server_info : mysql_get_server_info($wpdb->dbh);
513
$clientinfo = (isset($wpdb->dbh->client_info)) ? $wpdb->dbh->client_info : mysql_get_client_info();
@@ -1042,9 +1042,18 @@ function export( $days = 180 )
1042
foreach ($rows as $row)
1043
{
1044
$row = (array) $row;
1045
$line = '"'.$row['date'].'";"'.long2ip($row['ip']).'";"'.$row['country'].'";"'
1046
.str_replace('"', ' ', $row['client']).'";"'.str_replace('"', ' ', $row['referer']).'";"'
1047
.abs($row['page']).'";"'.str_replace('"', ' ', $row['post']).'";"'.str_replace('"', ' ', $row['tag_cat_name']).'";"'.$row['tax'].'"'."\r\n";
1048
fwrite($f, $line);
1049
}
1050
$start += $part;
507
*/
508
function showQueries()
509
{
510
+ global $wpdb, $cpd_path, $cpd_version, $cpd_geoip_dir;
511
512
$serverinfo = (isset($wpdb->dbh->server_info)) ? $wpdb->dbh->server_info : mysql_get_server_info($wpdb->dbh);
513
$clientinfo = (isset($wpdb->dbh->client_info)) ? $wpdb->dbh->client_info : mysql_get_client_info();
1042
foreach ($rows as $row)
1043
{
1044
$row = (array) $row;
1045
+ // protect referer and client fields against CSV injection
1046
+ if($row['referer'][0] === "=" || $row['referer'][0] === "+" || $row['referer'][0] === "-" || $row['referer'][0] === "@"){
1047
+ $row['referer'] = "'".$row['referer'];
1048
+ }
1049
+ if($row['client'][0] === "=" || $row['client'][0] === "+" || $row['client'][0] === "-" || $row['client'][0] === "@"){
1050
+ $row['client'] = "'".$row['client'];
1051
+ }
1052
+
1053
$line = '"'.$row['date'].'";"'.long2ip($row['ip']).'";"'.$row['country'].'";"'
1054
.str_replace('"', ' ', $row['client']).'";"'.str_replace('"', ' ', $row['referer']).'";"'
1055
.abs($row['page']).'";"'.str_replace('"', ' ', $row['post']).'";"'.str_replace('"', ' ', $row['tag_cat_name']).'";"'.$row['tax'].'"'."\r\n";
1056
+
1057
fwrite($f, $line);
1058
}
1059
$start += $part;
counter-options.php CHANGED
@@ -450,12 +450,12 @@ switch($mode) {
450
<?php // mass bots ?>
451
<div class="postbox">
452
<?php
453
- $limit = (isset($o['massbotlimit'])) ? $o['massbotlimit'] : 25;
454
- $limit = (isset($_POST['limit'])) ? $_POST['limit'] : $limit;
455
$limit_input = '<input type="text" size="3" name="limit" value="'.$limit.'" style="text-align:center" />';
456
457
if ( $limit == 0 )
458
- $limit = 50;
459
$bots = $count_per_day->getMassBots( $limit );
460
?>
461
<h3><span class="cpd_icon cpd_massbots">&nbsp;</span> <?php _e('Mass Bots', 'cpd') ?></h3>
450
<?php // mass bots ?>
451
<div class="postbox">
452
<?php
453
+ $limit = (isset($o['massbotlimit'])) ? intval($o['massbotlimit']) : 25;
454
+ $limit = (isset($_POST['limit'])) ? intval($_POST['limit']) : $limit;
455
$limit_input = '<input type="text" size="3" name="limit" value="'.$limit.'" style="text-align:center" />';
456
457
if ( $limit == 0 )
458
+ $limit = 25;
459
$bots = $count_per_day->getMassBots( $limit );
460
?>
461
<h3><span class="cpd_icon cpd_massbots">&nbsp;</span> <?php _e('Mass Bots', 'cpd') ?></h3>
counter.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: Count Per Day
4
Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5
Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6
- Version: 3.5.4
7
License: Postcardware
8
Author: Tom Braider
9
Author URI: http://www.tomsdimension.de
@@ -13,7 +13,7 @@ if (!defined('ABSPATH'))
13
exit;
14
15
$cpd_dir_name = 'count-per-day';
16
- $cpd_version = '3.5.4';
17
18
if (strpos($_SERVER['SERVER_NAME'], '.test'))
19
$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
@@ -140,9 +140,15 @@ function count( $x, $page = 'x' )
140
$client = substr( $client, 0, $this->options['fieldlen'] );
141
142
$referer = ($this->options['referers'] && isset($_SERVER['HTTP_REFERER'])) ? wp_strip_all_tags($_SERVER['HTTP_REFERER']) : '';
143
- if ($this->options['referers_cut'])
144
- $referer = substr( $referer, 0, strpos($referer,'?') );
145
- $referer = substr( $referer, 0, $this->options['fieldlen'] );
146
147
// new visitor on page?
148
$count = $this->mysqlQuery('var', $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->cpd_counter WHERE ip=$this->aton(%s) AND date=%s AND page=%d", $userip, $date, $page), 'count check '.__LINE__);
@@ -1014,9 +1020,11 @@ function getReferers( $limit = 0, $return = false, $days = 0 )
1014
if ($res)
1015
foreach ( $res as $row )
1016
{
1017
- $ref = str_replace('&', '&amp;', $row->referer);
1018
- $ref2 = str_replace(array('http://', 'https://'), '', $ref);
1019
- $r .= '<li><a href="'.$ref.'">'.$ref2.'</a> <b>'.$row->count.'</b></li>';
1020
}
1021
$r .= '</ul>';
1022
if ($return) return $r; else echo $r;
3
Plugin Name: Count Per Day
4
Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
5
Description: Counter, shows reads and visitors per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
6
+ Version: 3.5.5
7
License: Postcardware
8
Author: Tom Braider
9
Author URI: http://www.tomsdimension.de
13
exit;
14
15
$cpd_dir_name = 'count-per-day';
16
+ $cpd_version = '3.5.5';
17
18
if (strpos($_SERVER['SERVER_NAME'], '.test'))
19
$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
140
$client = substr( $client, 0, $this->options['fieldlen'] );
141
142
$referer = ($this->options['referers'] && isset($_SERVER['HTTP_REFERER'])) ? wp_strip_all_tags($_SERVER['HTTP_REFERER']) : '';
143
+
144
+ if (filter_var($referer, FILTER_VALIDATE_URL))
145
+ {
146
+ if ($this->options['referers_cut'])
147
+ $referer = substr( $referer, 0, strpos($referer,'?') );
148
+ $referer = substr( $referer, 0, $this->options['fieldlen'] );
149
+ }
150
+ else
151
+ $referer = '';
152
153
// new visitor on page?
154
$count = $this->mysqlQuery('var', $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->cpd_counter WHERE ip=$this->aton(%s) AND date=%s AND page=%d", $userip, $date, $page), 'count check '.__LINE__);
1020
if ($res)
1021
foreach ( $res as $row )
1022
{
1023
+ $ref = str_replace('&', '&amp;', esc_url($row->referer));
1024
+ if (empty($ref))
1025
+ $r .= '<li>- bad referrer - <b>'.$row->count.'</b></li>';
1026
+ else
1027
+ $r .= '<li><a href="'.$ref.'">'.str_replace(array('http://', 'https://'), '', $ref).'</a> <b>'.$row->count.'</b></li>';
1028
}
1029
$r .= '</ul>';
1030
if ($return) return $r; else echo $r;
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: Tom Braider
3
Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4
Requires at least: 3.0
5
- Tested up to: 4.6
6
- Stable tag: 3.5.4
7
License: Postcardware :)
8
Donate link: http://www.tomsdimension.de/postcards
9
@@ -306,6 +306,9 @@ show( $before, $after, $show, $count, $page )'
306
307
== Changelog ==
308
309
= 3.5.4 =
310
+ Bugfix: check for IPv6 compatibility on settings page
311
2
Contributors: Tom Braider
3
Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
4
Requires at least: 3.0
5
+ Tested up to: 4.7
6
+ Stable tag: 3.5.5
7
License: Postcardware :)
8
Donate link: http://www.tomsdimension.de/postcards
9
306
307
== Changelog ==
308
309
+ = 3.5.5 =
310
+ + Bugfix: security fixes in export, referrer and mass bot functions
311
+
312
= 3.5.4 =
313
+ Bugfix: check for IPv6 compatibility on settings page
314