P3 (Plugin Performance Profiler) - Version 1.0.5

Version Description

This version addresses a path disclosure issue. Users are encouraged to upgrade.

Release Info

Developer	StarfieldTech
Plugin	P3 (Plugin Performance Profiler)
Version	1.0.5
Comparing to
See all releases

Code changes from version 1.0.4 to 1.0.5

Files changed (13) hide show

class.p3-profile-reader.php +3 -0
class.p3-profile-table-sorter.php +3 -0
class.p3-profile-table.php +4 -1
class.p3-profiler.php +3 -0
p3-profiler.php +5 -1
readme.txt +11 -2
start-profile.php +1 -1
templates/callouts.php +4 -0
templates/fix-flag-file.php +4 -0
templates/help.php +4 -0
templates/list-scans.php +5 -1
templates/template.php +3 -1
templates/view-scan.php +13 -11

class.p3-profile-reader.php CHANGED Viewed

	@@ -1,4 +1,7 @@
1	<?php



2	/**
3	* Performance Profile Reader
4	*


1	<?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+
5	/**
6	* Performance Profile Reader
7	*

class.p3-profile-table-sorter.php CHANGED Viewed

	@@ -1,4 +1,7 @@
1	<?php



2	/**
3	* Profile table sorter
4	*


1	<?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+
5	/**
6	* Profile table sorter
7	*

class.p3-profile-table.php CHANGED Viewed

	@@ -1,4 +1,7 @@
1	<?php



2	/**
3	* Lists the performance profiles
4	*
	@@ -100,7 +103,7 @@ class P3_Profile_Table extends WP_List_Table {
100	*/
101	public function column_title( $item ) {
102	$actions = array(
103	- 'delete' => sprintf( '<a href="?page=%s&action=%s&name=%s">Delete</a>', $_REQUEST['name'], 'delete', $item['name'] ),
104	);
105
106	//Return the title contents


1	<?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+
5	/**
6	* Lists the performance profiles
7	*

103	*/
104	public function column_title( $item ) {
105	$actions = array(
106	+ 'delete' => sprintf( '<a href="?page=%s&action=%s&name=%s">Delete</a>', sanitize_text_field( $_REQUEST['name'] ), 'delete', $item['name'] ),
107	);
108
109	//Return the title contents

class.p3-profiler.php CHANGED Viewed

	@@ -1,4 +1,7 @@
1	<?php



2	/**
3	* Profiles a WordPress site
4	*


1	<?php
2	+ if ( basename( __FILE__ ) == basename( $_SERVER['SCRIPT_FILENAME'] ) )
3	+ die( 'Forbidden ');
4	+
5	/**
6	* Profiles a WordPress site
7	*

p3-profiler.php CHANGED Viewed

	@@ -4,10 +4,14 @@ Plugin Name: P3 (Plugin Performance Profiler)
4	Plugin URI: http://support.godaddy.com/godaddy/wordpress-p3-plugin/
5	Description: See which plugins are slowing down your site. Create a profile of your WordPress site's plugins' performance by measuring their impact on your site's load time.
6	Author: GoDaddy.com
7	- Version: 1.0.4
8	Author URI: http://www.godaddy.com/
9	*/
10




11	/**************************************************************************/
12	/ PACKAGE CONSTANTS /
13	/**************************************************************************/


4	Plugin URI: http://support.godaddy.com/godaddy/wordpress-p3-plugin/
5	Description: See which plugins are slowing down your site. Create a profile of your WordPress site's plugins' performance by measuring their impact on your site's load time.
6	Author: GoDaddy.com
7	+ Version: 1.0.5
8	Author URI: http://www.godaddy.com/
9	*/
10
11	+ // Make sure it's wordpress
12	+ if ( !defined( 'ABSPATH') )
13	+ die( 'Forbidden' );
14	+
15	/**************************************************************************/
16	/ PACKAGE CONSTANTS /
17	/**************************************************************************/

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: Godaddy, StarfieldTech
3	Tags: debug, debugging, developer, development, performance, plugin, profiler, speed
4	Requires at least: 3.3
5	Tested up to: 3.3
6	- Stable tag: 1.0.4
7
8	See which plugins are slowing down your site. This plugin creates a performance report for your site.
9
	@@ -40,6 +40,11 @@ Manual installation:
40	3. Upload the contents of the zip file to the wp-content/plugins/ folder of your WordPress installation
41	4. Then activate the Plugin from Plugins page.
42





43	== Frequently Asked Questions ==
44
45	= What if I get a warning about usort()? =
	@@ -48,8 +53,12 @@ Warning messages like this: `Warning: usort() [function.usort]: Array was modifi
48
49	== Changelog ==
50




51	= 1.0.4 =
52	- * Bugfix - uninstalling the plugin when it hasn't be activated can result in an error message
53
54	= 1.0.3 =
55	* Enforcing WordPress 3.3 requirement during activation


3	Tags: debug, debugging, developer, development, performance, plugin, profiler, speed
4	Requires at least: 3.3
5	Tested up to: 3.3
6	+ Stable tag: 1.0.5
7
8	See which plugins are slowing down your site. This plugin creates a performance report for your site.
9

40	3. Upload the contents of the zip file to the wp-content/plugins/ folder of your WordPress installation
41	4. Then activate the Plugin from Plugins page.
42
43	+ == Upgrade Notice ==
44	+
45	+ = 1.0.5 =
46	+ This version addresses a path disclosure issue. Users are encouraged to upgrade.
47	+
48	== Frequently Asked Questions ==
49
50	= What if I get a warning about usort()? =

53
54	== Changelog ==
55
56	+ = 1.0.5 =
57	+ * Security - Fixed a path disclosure vulnerability
58	+ * Security - sanitized user input before it gets back to the browser
59	+
60	= 1.0.4 =
61	+ * Bugfix - uninstalling the plugin when it hasn't been activated can result in an error message
62
63	= 1.0.3 =
64	* Enforcing WordPress 3.3 requirement during activation

start-profile.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2
3	// If profiling hasn't started, start it
4	- if ( !isset( $GLOBALS['p3_profiler'] ) ) {
5	declare( ticks = 1 ); // Capture ever user function call
6	include_once realpath( dirname( __FILE__ ) ) . '/class.p3-profiler.php';
7	$GLOBALS['p3_profiler'] = new P3_Profiler(); // Go


1	<?php
2
3	// If profiling hasn't started, start it
4	+ if ( !isset( $GLOBALS['p3_profiler'] ) && basename( __FILE__ ) != basename( $_SERVER['SCRIPT_FILENAME'] ) ) {
5	declare( ticks = 1 ); // Capture ever user function call
6	include_once realpath( dirname( __FILE__ ) ) . '/class.p3-profiler.php';
7	$GLOBALS['p3_profiler'] = new P3_Profiler(); // Go

templates/callouts.php CHANGED Viewed

	@@ -1,3 +1,7 @@




1	<script type="text/javascript">
2
3	/*****************************************************************/


1	+ <?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+ ?>
5	<script type="text/javascript">
6
7	/*****************************************************************/

templates/fix-flag-file.php CHANGED Viewed

	@@ -1,3 +1,7 @@




1	<?php if ( file_exists( P3_FLAG_FILE ) && is_writable( P3_FLAG_FILE ) ) { ?>
2	<h3>Fixed!</h3>
3	The profiling flag file has been created and is writable.


1	+ <?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+ ?>
5	<?php if ( file_exists( P3_FLAG_FILE ) && is_writable( P3_FLAG_FILE ) ) { ?>
6	<h3>Fixed!</h3>
7	The profiling flag file has been created and is writable.

templates/help.php CHANGED Viewed

	@@ -1,3 +1,7 @@




1	<script type="text/javascript">
2	// Set up the tabs
3	jQuery( document ).ready( function( $) {


1	+ <?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+ ?>
5	<script type="text/javascript">
6	// Set up the tabs
7	jQuery( document ).ready( function( $) {

templates/list-scans.php CHANGED Viewed

	@@ -1,5 +1,9 @@




1	<form id="scans-filter" method="post">
2	- <input type="hidden" name="page" value="<?php echo $_REQUEST ['page']?>" />
3	<?php echo wp_nonce_field( 'delete_scans', 'p3_nonce' ); ?>
4	<?php $this->scan_table->display(); ?>
5	</form>


1	+ <?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+ ?>
5	<form id="scans-filter" method="post">
6	+ <input type="hidden" name="page" value="<?php echo sanitize_text_field( $_REQUEST ['page'] ); ?>" />
7	<?php echo wp_nonce_field( 'delete_scans', 'p3_nonce' ); ?>
8	<?php $this->scan_table->display(); ?>
9	</form>

templates/template.php CHANGED Viewed

	@@ -1,4 +1,6 @@
1	<?php


2	$p3_action = '';
3	if ( !empty( $_REQUEST['p3_action'] ) ) {
4	$p3_action = $_REQUEST['p3_action'];
	@@ -7,7 +9,7 @@ $scan = $this->get_latest_profile();
7	if ( empty( $p3_action ) \|\| 'current-scan' == $p3_action ) {
8	$p3_action = 'current-scan';
9	} elseif ( 'view-scan' == $p3_action && !empty( $_REQUEST['name'] ) ) {
10	- $scan = sanitize_file_name( $_REQUEST['name'] );
11	if ( !file_exists( P3_PROFILES_PATH . "/$scan" ) ) {
12	wp_die( '<div id="message" class="error"><p>Scan does not exist</p></div>' );
13	}


1	<?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	$p3_action = '';
5	if ( !empty( $_REQUEST['p3_action'] ) ) {
6	$p3_action = $_REQUEST['p3_action'];

9	if ( empty( $p3_action ) \|\| 'current-scan' == $p3_action ) {
10	$p3_action = 'current-scan';
11	} elseif ( 'view-scan' == $p3_action && !empty( $_REQUEST['name'] ) ) {
12	+ $scan = sanitize_file_name( basename( $_REQUEST['name'] ) );
13	if ( !file_exists( P3_PROFILES_PATH . "/$scan" ) ) {
14	wp_die( '<div id="message" class="error"><p>Scan does not exist</p></div>' );
15	}

templates/view-scan.php CHANGED Viewed

@@ -1,15 +1,17 @@
             <?php
-            -
            	$url_stats = array();
-            -
            	$domain    = '';
-            -
            	if ( !empty( $profile ) ) {
-            -
            		$url_stats = $profile->get_stats_by_url();
-            -
            		$domain    = @parse_url( $profile->report_url, PHP_URL_HOST );
-            -
            	}
-            -
            	$pie_chart_id                 = substr( md5( uniqid() ), -8 );
-            -
            	$runtime_chart_id             = substr( md5( uniqid() ), -8 );
-            -
            	$query_chart_id               = substr( md5( uniqid() ), -8 );
-            -
            	$component_breakdown_chart_id = substr( md5( uniqid() ), -8 );
-            -
            	$component_runtime_chart_id   = substr( md5( uniqid() ), -8 );
             ?>
             <script type="text/javascript">


1	<?php
2	+ if ( !defined('P3_PATH') )
3	+ die( 'Forbidden ');
4	+ $url_stats = array();
5	+ $domain = '';
6	+ if ( !empty( $profile ) ) {
7	+ $url_stats = $profile->get_stats_by_url();
8	+ $domain = @parse_url( $profile->report_url, PHP_URL_HOST );
9	+ }
10	+ $pie_chart_id = substr( md5( uniqid() ), -8 );
11	+ $runtime_chart_id = substr( md5( uniqid() ), -8 );
12	+ $query_chart_id = substr( md5( uniqid() ), -8 );
13	+ $component_breakdown_chart_id = substr( md5( uniqid() ), -8 );
14	+ $component_runtime_chart_id = substr( md5( uniqid() ), -8 );
15	?>
16	<script type="text/javascript">
17