Version Description
Added additional sanitation to prevent XSS attacks
Download this release
Release Info
| Developer | StatCounter |
| Plugin |  StatCounter – Free Real Time Visitor Stats |
| Version | 2.0.7 |
| Comparing to | |
| See all releases | |
Code changes from version 2.0.6 to 2.0.7
- StatCounter-Wordpress-Plugin.php +30 -12
- readme.txt +8 -2
StatCounter-Wordpress-Plugin.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
* Plugin Name: Official StatCounter Plugin
|
| 4 |
-
* Version: 2.0.
|
| 5 |
* Plugin URI: http://statcounter.com/
|
| 6 |
* Description: Adds the StatCounter tracking code to your blog. <br>To get setup: 1) Activate this plugin 2) Enter your StatCounter Project ID and Security Code in the <a href="options-general.php?page=StatCounter-Wordpress-Plugin.php"><strong>options page</strong></a>.
|
| 7 |
* Author: Aodhan Cullen
|
|
@@ -73,18 +73,36 @@ function sc_options_page() {
|
|
| 73 |
if ( isset( $_POST['info_update'] ) && check_admin_referer( 'update_sc_project_nonce', 'sc_project_nonce' ) ) {
|
| 74 |
|
| 75 |
// Update the Project ID
|
| 76 |
-
$sc_project = trim($_POST[key_sc_project]);
|
| 77 |
-
if ($sc_project ==
|
| 78 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
}
|
| 80 |
-
update_option(key_sc_project, $sc_project);
|
| 81 |
|
| 82 |
// Update the Security ID
|
| 83 |
-
$sc_security = trim($_POST[key_sc_security]);
|
| 84 |
-
|
| 85 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 86 |
}
|
| 87 |
-
update_option(key_sc_security, $sc_security);
|
| 88 |
|
| 89 |
// Update the position
|
| 90 |
$sc_position = $_POST[key_sc_position];
|
|
@@ -226,8 +244,8 @@ function add_statcounter() {
|
|
| 226 |
<!-- Start of StatCounter Code -->
|
| 227 |
<script>
|
| 228 |
<!--
|
| 229 |
-
var sc_project=<?php echo $sc_project; ?>;
|
| 230 |
-
var sc_security="<?php echo $sc_security; ?>";
|
| 231 |
<?php
|
| 232 |
if($sc_invisible==1) {
|
| 233 |
echo " var sc_invisible=1;\n";
|
|
@@ -258,7 +276,7 @@ function add_statcounter() {
|
|
| 258 |
async></script>";
|
| 259 |
}
|
| 260 |
}?>
|
| 261 |
-
<noscript><div class="statcounter"><a title="web analytics" href="<?php echo $protocol; ?>//statcounter.com/"><img class="statcounter" src="<?php echo $protocol; ?>//c.statcounter.com/<?php echo $sc_project; ?>/0/<?php echo $sc_security; ?>/<?php echo $sc_invisible; ?>/" alt="web analytics" /></a></div></noscript>
|
| 262 |
<!-- End of StatCounter Code -->
|
| 263 |
<?php
|
| 264 |
}
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
* Plugin Name: Official StatCounter Plugin
|
| 4 |
+
* Version: 2.0.7
|
| 5 |
* Plugin URI: http://statcounter.com/
|
| 6 |
* Description: Adds the StatCounter tracking code to your blog. <br>To get setup: 1) Activate this plugin 2) Enter your StatCounter Project ID and Security Code in the <a href="options-general.php?page=StatCounter-Wordpress-Plugin.php"><strong>options page</strong></a>.
|
| 7 |
* Author: Aodhan Cullen
|
| 73 |
if ( isset( $_POST['info_update'] ) && check_admin_referer( 'update_sc_project_nonce', 'sc_project_nonce' ) ) {
|
| 74 |
|
| 75 |
// Update the Project ID
|
| 76 |
+
$sc_project = sanitize_text_field(trim($_POST[key_sc_project]));
|
| 77 |
+
if (ctype_digit($sc_project) == 0) {
|
| 78 |
+
echo "<script>alert('Project ID should be numbers only')</script>";
|
| 79 |
+
} else {
|
| 80 |
+
if ($sc_project == '') {
|
| 81 |
+
$sc_project = sc_project_default;
|
| 82 |
+
}
|
| 83 |
+
if (strlen($sc_project) > 16) {
|
| 84 |
+
echo "<script>alert('Project ID is invalid')</script>";
|
| 85 |
+
} else {
|
| 86 |
+
update_option(key_sc_project, $sc_project);
|
| 87 |
+
}
|
| 88 |
}
|
|
|
|
| 89 |
|
| 90 |
// Update the Security ID
|
| 91 |
+
$sc_security = sanitize_text_field(trim($_POST[key_sc_security]));
|
| 92 |
+
$sc_security = str_replace('"', '', $sc_security);
|
| 93 |
+
$sc_security = stripslashes($sc_security);
|
| 94 |
+
if (ctype_alnum(trim($sc_security, '"')) == 0) {
|
| 95 |
+
echo "<script>alert('Security code should be numbers and letters only')</script>";
|
| 96 |
+
} else {
|
| 97 |
+
if ($sc_security =='') {
|
| 98 |
+
$sc_security = sc_security_default;
|
| 99 |
+
}
|
| 100 |
+
if (strlen($sc_security) > 16) {
|
| 101 |
+
echo "<script>alert('Security code is invalid')</script>";
|
| 102 |
+
} else {
|
| 103 |
+
update_option(key_sc_security, $sc_security);
|
| 104 |
+
}
|
| 105 |
}
|
|
|
|
| 106 |
|
| 107 |
// Update the position
|
| 108 |
$sc_position = $_POST[key_sc_position];
|
| 244 |
<!-- Start of StatCounter Code -->
|
| 245 |
<script>
|
| 246 |
<!--
|
| 247 |
+
var sc_project=<?php echo esc_html($sc_project); ?>;
|
| 248 |
+
var sc_security="<?php echo esc_html($sc_security); ?>";
|
| 249 |
<?php
|
| 250 |
if($sc_invisible==1) {
|
| 251 |
echo " var sc_invisible=1;\n";
|
| 276 |
async></script>";
|
| 277 |
}
|
| 278 |
}?>
|
| 279 |
+
<noscript><div class="statcounter"><a title="web analytics" href="<?php echo $protocol; ?>//statcounter.com/"><img class="statcounter" src="<?php echo $protocol; ?>//c.statcounter.com/<?php echo esc_html($sc_project); ?>/0/<?php echo $sc_security; ?>/<?php echo $sc_invisible; ?>/" alt="web analytics" /></a></div></noscript>
|
| 280 |
<!-- End of StatCounter Code -->
|
| 281 |
<?php
|
| 282 |
}
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: Aodhan Cullen
|
|
| 3 |
Donate link: http://statcounter.com/
|
| 4 |
Tags: web, statistics, stats, hit, counter, visitor, ip, tracker, analytics
|
| 5 |
Requires at least: 2.0.2
|
| 6 |
-
Tested up to:
|
| 7 |
-
Stable tag: 2.0.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -69,6 +69,9 @@ To activate the StatCounter service for your WordPress site:
|
|
| 69 |
2. Using the magnify tool, you can "zoom in" on individual visitors and get a detailed report on where they are from, their system settings, and most importantly, what link reffered them to your site and their navigation path through your site.
|
| 70 |
|
| 71 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 72 |
= 2.0.6 =
|
| 73 |
Readme fix
|
| 74 |
|
|
@@ -141,6 +144,9 @@ Improved UI to give error message in dashboard when no project id has been set
|
|
| 141 |
|
| 142 |
== Upgrade Notice ==
|
| 143 |
|
|
|
|
|
|
|
|
|
|
| 144 |
= 1.6.9 =
|
| 145 |
Fixed small bug with form
|
| 146 |
|
| 3 |
Donate link: http://statcounter.com/
|
| 4 |
Tags: web, statistics, stats, hit, counter, visitor, ip, tracker, analytics
|
| 5 |
Requires at least: 2.0.2
|
| 6 |
+
Tested up to: 5.8.3
|
| 7 |
+
Stable tag: 2.0.7
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 69 |
2. Using the magnify tool, you can "zoom in" on individual visitors and get a detailed report on where they are from, their system settings, and most importantly, what link reffered them to your site and their navigation path through your site.
|
| 70 |
|
| 71 |
== Changelog ==
|
| 72 |
+
= 2.0.7 =
|
| 73 |
+
Added additional sanitation to prevent XSS attacks
|
| 74 |
+
|
| 75 |
= 2.0.6 =
|
| 76 |
Readme fix
|
| 77 |
|
| 144 |
|
| 145 |
== Upgrade Notice ==
|
| 146 |
|
| 147 |
+
= 2.0.7 =
|
| 148 |
+
Added additional sanitation to prevent XSS attacks
|
| 149 |
+
|
| 150 |
= 1.6.9 =
|
| 151 |
Fixed small bug with form
|
| 152 |
|
