kk Star Ratings - Version 1.7.1

Version Description

Security Fix: Fixed a security issue in the ajax request for the file inclusion risk. This is a recommended update for all users.

Release Info

Developer	bhittani
Plugin	kk Star Ratings
Version	1.7.1
Comparing to
See all releases

Code changes from version 1.4.1 to 1.7.1

Files changed (5) hide show

admin/options.php +5 -19
ajax/kk-ratings-ajax.php +2 -2
kk-ratings.php +66 -13
readme.txt +21 -4
widget.php +18 -3

admin/options.php CHANGED Viewed

	@@ -11,9 +11,7 @@
11	<?php screen_icon(); ?>
12	<form action="options.php" method="post" id=<?php echo $this->plugin_id; ?>"_options_form" name=<?php echo $this->plugin_id; ?>"_options_form">
13	<?php settings_fields($this->plugin_id.'_options'); ?>
14	- <h2>kk Star Ratings » Settings
15	- <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like send="false" layout="button_count" width="450" show_faces="true" href="http://wakeusup.com"></fb:like>
16	- </h2>
17	<table width="697" class="widefat" style="width:600px;">
18	<thead>
19	<tr>
	@@ -30,11 +28,6 @@
30	</tr>
31	</tfoot>
32	<tbody>
33	- <tr>
34	- <td></td>
35	- <td><a href="http://wakeusup.com/2011/05/kk-star-ratings/" target="_blank" title="View Changelog">Changelog</a></td>
36	- <td></td>
37	- </tr>
38	<tr>
39	<td>1</td>
40	<td><label for="<?php echo $this->plugin_id; ?>[enable]">Enable</label></td>
	@@ -63,19 +56,17 @@
63	<br />Where $pid is the post of the id
64	<br /><br />
65	<strong>Get top rated posts as array of objects:</strong>
66	- <br /> <span style="color:#F60;"><?php if(function_exists('kk_star_ratings_get')) : $top_rated_posts = kk_star_ratings_get($total~~,$cat_id~~); endif; ?></span>
67	- <br />Where $total is the limit (int) ~~and $cat_id is the id of the category which is optional~~
68	- <br />$top_rated_posts will contain an array of objects, each containing an ID, ~~title~~ and ratings.
69	<br />
70	<strong>Example Usage:</strong>
71	<pre>
72	foreach($top_rated_posts as $post)
73	{
74	- // ~~You~~ get $post->ID, ~~$post->ratings~~ and $post->~~post_title~~
75	// Do anything with it like get_post($post->ID)
76	// ...
77	- // The following will display the Post ID, Title and Ratings for each.
78	- echo "Post ID: ".$post->ID." \| Title: ".$post->post_title." \| Ratings: ".$post->ratings.'<br />';
79	}
80	</pre>
81	<br />
	@@ -127,11 +118,6 @@
127	<input type="checkbox" name="<?php echo $this->plugin_id; ?>[clear]" value="1" <?php echo $this->options['clear'] ? "checked='checked'" : ""; ?> />
128	</td>
129	</tr>
130	- <tr>
131	- <td>8</td>
132	- <td><label for="<?php echo $this->plugin_id; ?>[column]">Show rating column in the posts/pages admin screen</label></td>
133	- <td><input type="checkbox" name="<?php echo $this->plugin_id; ?>[column]" value="1" <?php echo $this->options['column'] ? "checked='checked'" : ""; ?> /></td>
134	- </tr>
135	</tbody>
136	</table>
137	<p><input type="submit" name="submit" value="Save Settings" class="button" /></p>


11	<?php screen_icon(); ?>
12	<form action="options.php" method="post" id=<?php echo $this->plugin_id; ?>"_options_form" name=<?php echo $this->plugin_id; ?>"_options_form">
13	<?php settings_fields($this->plugin_id.'_options'); ?>
14	+ <h2>kk Star Ratings » Settings</h2>


15	<table width="697" class="widefat" style="width:600px;">
16	<thead>
17	<tr>

28	</tr>
29	</tfoot>
30	<tbody>





31	<tr>
32	<td>1</td>
33	<td><label for="<?php echo $this->plugin_id; ?>[enable]">Enable</label></td>

56	<br />Where $pid is the post of the id
57	<br /><br />
58	<strong>Get top rated posts as array of objects:</strong>
59	+ <br /> <span style="color:#F60;"><?php if(function_exists('kk_star_ratings_get')) : $top_rated_posts = kk_star_ratings_get($total); endif; ?></span>
60	+ <br />Where $total is the limit (int)
61	+ <br />$top_rated_posts will contain an array of objects, each containing an ID and ratings.
62	<br />
63	<strong>Example Usage:</strong>
64	<pre>
65	foreach($top_rated_posts as $post)
66	{
67	+ // you get $post->ID and $post->ratings
68	// Do anything with it like get_post($post->ID)
69	// ...


70	}
71	</pre>
72	<br />

118	<input type="checkbox" name="<?php echo $this->plugin_id; ?>[clear]" value="1" <?php echo $this->options['clear'] ? "checked='checked'" : ""; ?> />
119	</td>
120	</tr>





121	</tbody>
122	</table>
123	<p><input type="submit" name="submit" value="Save Settings" class="button" /></p>

ajax/kk-ratings-ajax.php CHANGED Viewed

	@@ -1,8 +1,8 @@
1	<?php
2	- ~~session_start();~~
3	header("Content-type: text/xml");
4
5	- $path_to_root = ~~urldecode($_SESSION[~~'~~kksr_root~~']); ~~// v 1.7.1~~
6	require_once($path_to_root."wp-config.php");
7
8	// check security


1	<?php
2	+
3	header("Content-type: text/xml");
4
5	+ $path_to_root = '../../../../';
6	require_once($path_to_root."wp-config.php");
7
8	// check security

kk-ratings.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	Plugin Name: kk Star Ratings
5	Plugin URI: http://wakeusup.com/2011/05/kk-star-ratings/
6	Description: A clean, animated and sweat ratings feature for your blog <strong>With kk Star Ratings, you can allow your blog posts to be rated by your blog visitors</strong>. <strong>It also includes a widget</strong> which you can add to your sidebar to show the top rated post. There are some useful options you can set to customize this plugin. You can do all that after installing and activating the plugin and then visiting the <a href="options-general.php?page=kk-ratings_options">Plugin Settings</a>.
7	- Version: 1.4.1
8	Author: Kamal Khan
9	Author URI: http://bhittani.com
10	License: GPLv2 or later
	@@ -45,6 +45,18 @@ if(!class_exists('kk_Ratings') && !isset($kkratings) && !function_exists('kk_sta
45	// set manual mode to false
46	$this->manual_mode = false;
47	}












48	/** function/method
49	* Usage: return file path relative to current plugin directory
50	* Arg(1): string
	@@ -67,11 +79,9 @@ if(!class_exists('kk_Ratings') && !isset($kkratings) && !function_exists('kk_sta
67	$params = array();
68	$params['nonce'] = $nonce; //for security
69	$params['path'] = $this->file_path('').'/';
70	- $params['root'] = urlencode(ABSPATH);
71	$params['pos'] = $this->options['position'];
72	-
73	- ~~//wp_deregister_script('jquery');~~
74	- //wp_register_script('jquery', ("http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"), false);
75	wp_enqueue_script('jquery');
76	wp_enqueue_script($this->plugin_id.'_js', $this->file_path($this->js_file), array('jquery') );
77	wp_localize_script($this->plugin_id.'_js', str_replace('-', '_', $this->plugin_id).'_settings', $params);
	@@ -105,8 +115,8 @@ if(!class_exists('kk_Ratings') && !isset($kkratings) && !function_exists('kk_sta
105	}
106	public function activate()
107	{
108	- $this->options['legend'] = '[avg]([per]) [total] votes'; // [total]=total ratings, [~~rating~~]=average, [per]=percentage
109	- $this->update_options();
110	if(!count($this->options)) :
111	$this->options['enable'] = 1; // 1, 0
112	$this->options['clear'] = 0; // 1, 0
	@@ -116,11 +126,18 @@ if(!class_exists('kk_Ratings') && !isset($kkratings) && !function_exists('kk_sta
116	$this->options['show_in_pages'] = 0; // 1, 0
117	$this->options['unique'] = 0; // 1, 0
118	$this->options['position'] = 'top-left'; // 'top-left', 'top-right', 'bottom-left', 'bottom-right'
119	- $this->options['legend'] = '[avg]([per]) [total] votes'; // [total]=total ratings, [~~rating~~]=average, [per]=percentage
120	$this->options['init_msg'] = 'Be the first to rate it!'; // string

121	$this->update_options();
122	endif;
123






124	// add meta_key for avg. Required for backward compatibility
125	global $wpdb;
126	$table = $wpdb->prefix . 'postmeta';
	@@ -288,23 +305,53 @@ if(!class_exists('kk_Ratings') && !isset($kkratings) && !function_exists('kk_sta
288	endif;
289	return $content;
290	}




















291	public function kk_star_rating($pid=false)
292	{
293	if($this->options['enable'])
294	return $this->markup($pid);
295	return '';
296	}
297	- public function kk_star_ratings_get($total=5)
298	{
299	global $wpdb;
300	$table = $wpdb->prefix . 'postmeta';
301	- ~~$rated_posts = $wpdb->get_results~~(~~"SELECT a.ID, b.meta_value AS 'ratings' FROM " . $wpdb->posts . " a, $table b WHERE a.post_status='publish' AND a.ID=b.post_id AND b.meta_key='_kk_ratings_avg' ORDER BY b.meta_value DESC LIMIT $total"~~);
302	- ~~return~~ $~~rated_posts~~;








303	}
304	}

305
306	// Instantiate the plugin
307	$kkratings = new kk_Ratings('kk-ratings');

308	register_activation_hook(__FILE__, array($kkratings, 'activate'));
309	add_action('wp_head', array($kkratings, 'css'));
310	add_action('wp_print_scripts', array($kkratings, 'js'));
	@@ -314,15 +361,21 @@ if(!class_exists('kk_Ratings') && !isset($kkratings) && !function_exists('kk_sta
314	// add shortcode handler
315	add_shortcode('kkratings', array($kkratings, 'do_it_manually'));
316






317	function kk_star_ratings($pid=false)
318	{
319	global $kkratings;
320	return $kkratings->kk_star_rating($pid);
321	}
322	- function kk_star_ratings_get($lim=5)
323	{
324	global $kkratings;
325	- return $kkratings->kk_star_ratings_get($lim);
326	}
327
328	require_once('widget.php');


4	Plugin Name: kk Star Ratings
5	Plugin URI: http://wakeusup.com/2011/05/kk-star-ratings/
6	Description: A clean, animated and sweat ratings feature for your blog <strong>With kk Star Ratings, you can allow your blog posts to be rated by your blog visitors</strong>. <strong>It also includes a widget</strong> which you can add to your sidebar to show the top rated post. There are some useful options you can set to customize this plugin. You can do all that after installing and activating the plugin and then visiting the <a href="options-general.php?page=kk-ratings_options">Plugin Settings</a>.
7	+ Version: 1.7.1
8	Author: Kamal Khan
9	Author URI: http://bhittani.com
10	License: GPLv2 or later

45	// set manual mode to false
46	$this->manual_mode = false;
47	}
48	+ /** function/method [1.7.1]
49	+ * Usage: start the session if not started.
50	+ * Arg(0): null
51	+ * Return: void
52	+ */
53	+ public function session()
54	+ {
55	+ if (!session_id())
56	+ {
57	+ session_start();
58	+ }
59	+ }
60	/** function/method
61	* Usage: return file path relative to current plugin directory
62	* Arg(1): string

79	$params = array();
80	$params['nonce'] = $nonce; //for security
81	$params['path'] = $this->file_path('').'/';

82	$params['pos'] = $this->options['position'];
83	+ $_SESSION['kksr_root'] = urlencode(ABSPATH); // v 1.7.1
84	+

85	wp_enqueue_script('jquery');
86	wp_enqueue_script($this->plugin_id.'_js', $this->file_path($this->js_file), array('jquery') );
87	wp_localize_script($this->plugin_id.'_js', str_replace('-', '_', $this->plugin_id).'_settings', $params);

115	}
116	public function activate()
117	{
118	+ //$this->options['legend'] = '[avg]([per]) [total] votes'; // [total]=total ratings, [avg]=average, [per]=percentage
119	+ //$this->update_options();
120	if(!count($this->options)) :
121	$this->options['enable'] = 1; // 1, 0
122	$this->options['clear'] = 0; // 1, 0

126	$this->options['show_in_pages'] = 0; // 1, 0
127	$this->options['unique'] = 0; // 1, 0
128	$this->options['position'] = 'top-left'; // 'top-left', 'top-right', 'bottom-left', 'bottom-right'
129	+ $this->options['legend'] = '[avg]([per]) [total] votes'; // [total]=total ratings, [avg]=average, [per]=percentage
130	$this->options['init_msg'] = 'Be the first to rate it!'; // string
131	+ $this->options['column'] = 1; // 1, 0
132	$this->update_options();
133	endif;
134
135	+ if(!isset($this->options['column']))
136	+ {
137	+ $this->options['column'] = 1;
138	+ $this->update_options();
139	+ }
140	+
141	// add meta_key for avg. Required for backward compatibility
142	global $wpdb;
143	$table = $wpdb->prefix . 'postmeta';

305	endif;
306	return $content;
307	}
308	+ public function add_column($Columns)
309	+ {
310	+ if($this->options['column'])
311	+ $Columns['kk_star_ratings'] = 'Ratings';
312	+ return $Columns;
313	+ }
314	+ function add_row($Columns, $id)
315	+ {
316	+ if($this->options['column']) :
317	+ $raw = (get_post_meta($id, '_kk_ratings_ratings', true)?get_post_meta($id, '_kk_ratings_ratings', true):0);
318	+ $avg = '<strong>'.(get_post_meta($id, '_kk_ratings_avg', true)?get_post_meta($id, '_kk_ratings_avg', true):'0').'/5</strong>';
319	+ $cast = (get_post_meta($id, '_kk_ratings_casts', true)?get_post_meta($id, '_kk_ratings_casts', true):'0').' votes';
320	+ $per = ($raw>0?ceil((($raw/$cast)/5)*100):0).'%';
321	+ $row = $avg . ' (' . $per . ') ' . $cast;
322	+ switch($Columns)
323	+ {
324	+ case 'kk_star_ratings' : echo $row; break;
325	+ }
326	+ endif;
327	+ }
328	public function kk_star_rating($pid=false)
329	{
330	if($this->options['enable'])
331	return $this->markup($pid);
332	return '';
333	}
334	+ public function kk_star_ratings_get($total=5, $cat=false)
335	{
336	global $wpdb;
337	$table = $wpdb->prefix . 'postmeta';
338	+ if(!$cat)
339	+ $rated_posts = $wpdb->get_results("SELECT a.ID, a.post_title, b.meta_value AS 'ratings' FROM " . $wpdb->posts . " a, $table b, $table c WHERE a.post_status='publish' AND a.ID=b.post_id AND a.ID=c.post_id AND b.meta_key='_kk_ratings_avg' AND c.meta_key='_kk_ratings_casts' ORDER BY b.meta_value DESC, c.meta_value DESC LIMIT $total");
340	+ else
341	+ {
342	+ $table2 = $wpdb->prefix . 'term_taxonomy';
343	+ $table3 = $wpdb->prefix . 'term_relationships';
344	+ $rated_posts = $wpdb->get_results("SELECT a.ID, a.post_title, b.meta_value AS 'ratings' FROM " . $wpdb->posts . " a, $table b, $table2 c, $table3 d, $table e WHERE c.term_taxonomy_id=d.term_taxonomy_id AND c.term_id=$cat AND d.object_id=a.ID AND a.post_status='publish' AND a.ID=b.post_id AND a.ID=e.post_id AND b.meta_key='_kk_ratings_avg' AND e.meta_key='_kk_ratings_casts' ORDER BY b.meta_value DESC, e.meta_value DESC LIMIT $total");
345	+ }
346	+
347	+ return $rated_posts;
348	}
349	}
350	+
351
352	// Instantiate the plugin
353	$kkratings = new kk_Ratings('kk-ratings');
354	+ if(!is_admin()) { add_action('init', array($kkratings, 'session')); }
355	register_activation_hook(__FILE__, array($kkratings, 'activate'));
356	add_action('wp_head', array($kkratings, 'css'));
357	add_action('wp_print_scripts', array($kkratings, 'js'));

361	// add shortcode handler
362	add_shortcode('kkratings', array($kkratings, 'do_it_manually'));
363
364	+ // ADD COLUMNS TO POST AND PAGE TABLES IN ADMIN (as of 1.6)
365	+ add_filter( 'manage_posts_columns', array($kkratings, 'add_column') );
366	+ add_filter( 'manage_pages_columns', array($kkratings, 'add_column') );
367	+ add_filter( 'manage_posts_custom_column', array($kkratings, 'add_row'), 10, 2 );
368	+ add_filter( 'manage_pages_custom_column', array($kkratings, 'add_row'), 10, 2 );
369	+
370	function kk_star_ratings($pid=false)
371	{
372	global $kkratings;
373	return $kkratings->kk_star_rating($pid);
374	}
375	+ function kk_star_ratings_get($lim=5, $cat=false)
376	{
377	global $kkratings;
378	+ return $kkratings->kk_star_ratings_get($lim, $cat);
379	}
380
381	require_once('widget.php');

readme.txt CHANGED Viewed

	@@ -9,9 +9,9 @@ Tags: star ratings, votings, rate posts, ajax ratings
9
10	Requires at least: 3.0
11
12	- Tested up to: 3.2.1
13
14	- Stable tag: 1.4.1
15
16
17	kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.
	@@ -29,6 +29,10 @@ It has quite cool hover fade effects and animations.
29
30	Version 1.3+ also inludes a widget so you can show top rated posts in your sidebar as well.
31




32	A settings page is also available where you can adjust the settings. You can:
33
34
	@@ -63,11 +67,11 @@ A settings page is also available where you can adjust the settings. You can:
63
64	=
65
66	- I ~~have~~ ~~installed~~ ~~the~~ ~~plugin~~, ~~but~~ ~~the~~ ~~ratings~~ ~~are~~ ~~not showing up anywhere~~
67
68	=
69
70	- ~~First~~ of ~~all~~ ~~make~~ ~~sure~~ ~~you~~ ~~have~~ ~~selected~~ ~~where~~ to ~~display~~ the ~~ratings in the settings page~~. ~~NOTE:~~ ~~unfortunately,~~ ~~some~~ ~~themes~~ ~~are~~ ~~poorly~~ ~~developed, so keep that in mind~~.
71
72
73
	@@ -104,5 +108,18 @@ First of all make sure you have selected where to display the ratings in the set
104	= 1.4.1 =
105	* Fixed: Settings are now able to be saved. Was not being saved in v1.4.
106













107
108	== Upgrade Notice ==


9
10	Requires at least: 3.0
11
12	+ Tested up to: 3.3.2
13
14	+ Stable tag: 1.7.1
15
16
17	kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

29
30	Version 1.3+ also inludes a widget so you can show top rated posts in your sidebar as well.
31
32	+ Now you can also filter the top rated posts widget by category
33	+
34	+ Custom template tag/function available
35	+
36	A settings page is also available where you can adjust the settings. You can:
37
38

67
68	=
69
70	+ Whenever I click on a star, it states "An error occured".
71
72	=
73
74	+ This may have occured to some users with previous versions of the plugin. It has been fixed in version 1.5.
75
76
77

108	= 1.4.1 =
109	* Fixed: Settings are now able to be saved. Was not being saved in v1.4.
110
111	+ = 1.5 =
112	+ * Fixed: Some users complained about a fault: "An error occured" being displayed when someone rates a post. This was due to the charset of the returned response via ajax (Mentioned by jamk). Has been fixed as the ajax response is now retrieved as an xml dom instead of plain text.
113	+ * Fixed: Regardless of unique voting set or not, a user could click on a star multiple times simultaneously and the post would be rated that much time. Has been fixed.
114	+ * Added: Filter by category in the widget as well as the custom template tag/function.
115	+
116	+ = 1.6 =
117	+ * Added: Now you can see a column in the admin screen of posts and pages stating the ratings of each.
118	+
119	+ = 1.7 =
120	+ * Update: The top rated posts now considers the vote count as well. This is a recommended update for all users.
121	+
122	+ = 1.7.1 =
123	+ * Security Fix: Fixed a security issue in the ajax request for the file inclusion risk. This is a recommended update for all users.
124
125	== Upgrade Notice ==

widget.php CHANGED Viewed

	@@ -20,15 +20,14 @@ class kk_Ratings_Widget extends WP_Widget
20	extract( $args, EXTR_SKIP );
21	$title = ( !empty($instance['title']) ) ? $instance['title'] : 'Top Posts';
22	$total = ( !empty($instance['noofposts']) ) ? $instance['noofposts'] : '5';

23	$sr = ($instance['showrating']) ? true : false;
24
25	echo $before_widget;
26	echo $before_title . $title . $after_title;
27
28	// OUTPUT starts
29	- ~~global~~ $~~wpdb~~;
30	- $table = $wpdb->prefix . 'postmeta';
31	- $posts = $wpdb->get_results("SELECT a.ID, a.post_title, b.meta_value AS 'ratings' FROM " . $wpdb->posts . " a, $table b WHERE a.post_status='publish' AND a.ID=b.post_id AND b.meta_key='_kk_ratings_avg' ORDER BY b.meta_value DESC LIMIT $total");
32	echo '<ul>';
33	foreach ($posts as $post)
34	{
	@@ -71,6 +70,22 @@ class kk_Ratings_Widget extends WP_Widget
71	</select>
72	</label>
73	</p>
















74	<?php
75	}
76	}


20	extract( $args, EXTR_SKIP );
21	$title = ( !empty($instance['title']) ) ? $instance['title'] : 'Top Posts';
22	$total = ( !empty($instance['noofposts']) ) ? $instance['noofposts'] : '5';
23	+ $category = ( $instance['category'] ) ? $instance['category'] : false;
24	$sr = ($instance['showrating']) ? true : false;
25
26	echo $before_widget;
27	echo $before_title . $title . $after_title;
28
29	// OUTPUT starts
30	+ $posts = kk_star_ratings_get($total, $category);


31	echo '<ul>';
32	foreach ($posts as $post)
33	{

70	</select>
71	</label>
72	</p>
73	+ <p>
74	+ <label for="<?php echo $this->get_field_id('category'); ?>">Filter by Category:
75	+ <select id="<?php echo $this->get_field_id('category'); ?>" name="<?php echo $this->get_field_name('category'); ?>">
76	+ <option value="0">Select</option>
77	+ <?php
78	+ foreach(get_categories(array()) as $category)
79	+ {
80	+ echo '<option value="'.$category->term_id.'"';
81	+ if(esc_attr($instance['category'])==$category->term_id)
82	+ echo ' selected="selected"';
83	+ echo '>'.$category->name.'</option>';
84	+ }
85	+ ?>
86	+ </select>
87	+ </label>
88	+ </p>
89	<?php
90	}
91	}