P3 (Plugin Performance Profiler)

Version Description

Security update: Escape URLs returned by add_query_arg and remove_query_arg

Release Info

Developer	StarfieldTech
Plugin	P3 (Plugin Performance Profiler)
Version	1.5.3.9
Comparing to
See all releases

Code changes from version 1.5.3.8 to 1.5.3.9

Files changed (8) hide show

classes/class.p3-profiler-plugin-admin.php +2 -2
classes/class.p3-profiler-table.php +2 -2
classes/class.p3-profiler.php +1 -1
p3-profiler.php +2 -2
readme.txt +9 -1
templates/callouts.php +4 -4
templates/help.php +4 -4
templates/template.php +3 -3

classes/class.p3-profiler-plugin-admin.php CHANGED Viewed

	@@ -154,7 +154,7 @@ class P3_Profiler_Plugin_Admin {
154	} catch ( P3_Profiler_No_Data_Exception $e ) {
155	echo '<div class="error"><p>' .
156	sprintf( __( 'No visits recorded during this profiling session. Check the <a href="%s">help</a> page for more information', 'p3-profiler' ),
157	- add_query_arg( array( 'p3_action' => 'help', 'current_scan' => null ) ) . '#q-circumvent-cache"'
158	) .
159	'</p></div>';
160	self::$scan = null;
	@@ -417,7 +417,7 @@ class P3_Profiler_Plugin_Admin {
417	wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
418	}
419	update_option( 'p3-profiler_debug_log', array() );
420	- wp_redirect( add_query_arg( array( 'p3_action' => 'help' ) ) );
421	}
422
423	/**


154	} catch ( P3_Profiler_No_Data_Exception $e ) {
155	echo '<div class="error"><p>' .
156	sprintf( __( 'No visits recorded during this profiling session. Check the <a href="%s">help</a> page for more information', 'p3-profiler' ),
157	+ esc_url( add_query_arg( array( 'p3_action' => 'help', 'current_scan' => null ) ) ) . '#q-circumvent-cache"'
158	) .
159	'</p></div>';
160	self::$scan = null;

417	wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
418	}
419	update_option( 'p3-profiler_debug_log', array() );
420	+ wp_redirect( esc_url( add_query_arg( array( 'p3_action' => 'help' ) ) ) );
421	}
422
423	/**

classes/class.p3-profiler-table.php CHANGED Viewed

	@@ -164,13 +164,13 @@ class P3_Profiler_Table extends WP_List_Table {
164	* @return string
165	*/
166	private function _action_links( $key, $display ) {
167	- $url = add_query_arg(
168	array(
169	'p3_action' => 'view-scan',
170	'name' => $key,
171	'current_scan' => null,
172	)
173	- );
174	$ret = '<a href="' . esc_attr( $url ). '" title="' . esc_attr__( 'View the results of this scan', 'p3-profiler' ) . '"><strong>' . $display . '</strong></a>';
175	$ret .= '<div class="row-actions-visible">';
176	$ret .= ' <span class="view">';


164	* @return string
165	*/
166	private function _action_links( $key, $display ) {
167	+ $url = esc_url( add_query_arg(
168	array(
169	'p3_action' => 'view-scan',
170	'name' => $key,
171	'current_scan' => null,
172	)
173	+ ) );
174	$ret = '<a href="' . esc_attr( $url ). '" title="' . esc_attr__( 'View the results of this scan', 'p3-profiler' ) . '"><strong>' . $display . '</strong></a>';
175	$ret .= '<div class="row-actions-visible">';
176	$ret .= ' <span class="view">';

classes/class.p3-profiler.php CHANGED Viewed

	@@ -650,7 +650,7 @@ class P3_Profiler {
650	if ( !empty( $url ) ) {
651	return $url;
652	}
653	- $url = remove_query_arg( 'P3_NOCACHE', $_SERVER['REQUEST_URI'] );
654	return $url;
655	}
656


650	if ( !empty( $url ) ) {
651	return $url;
652	}
653	+ $url = esc_url( remove_query_arg( 'P3_NOCACHE', $_SERVER['REQUEST_URI'] ) );
654	return $url;
655	}
656

p3-profiler.php CHANGED Viewed

	@@ -4,13 +4,13 @@ Plugin Name: P3 (Plugin Performance Profiler)
4	Plugin URI: http://support.godaddy.com/godaddy/wordpress-p3-plugin/
5	Description: See which plugins are slowing down your site. Create a profile of your WordPress site's plugins' performance by measuring their impact on your site's load time.
6	Author: GoDaddy.com
7	- Version: 1.5.3.8
8	Author URI: http://www.godaddy.com/
9	Text Domain: p3-profiler
10	Domain Path: /languages
11	*/
12
13	- define( 'P3_VERSION', '1.5.3.8' );
14
15	// Make sure it's wordpress
16	if ( !defined( 'ABSPATH') )


4	Plugin URI: http://support.godaddy.com/godaddy/wordpress-p3-plugin/
5	Description: See which plugins are slowing down your site. Create a profile of your WordPress site's plugins' performance by measuring their impact on your site's load time.
6	Author: GoDaddy.com
7	+ Version: 1.5.3.9
8	Author URI: http://www.godaddy.com/
9	Text Domain: p3-profiler
10	Domain Path: /languages
11	*/
12
13	+ define( 'P3_VERSION', '1.5.3.9' );
14
15	// Make sure it's wordpress
16	if ( !defined( 'ABSPATH') )

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: Godaddy, StarfieldTech, kurtpayne, asink
3	Tags: debug, debugging, developer, development, performance, plugin, profiler, speed
4	Requires at least: 3.3
5	Tested up to: 4.1
6	- Stable tag: 1.5.3.8
7	License: GPLv2
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -46,6 +46,10 @@ Manual installation:
46	4. Then activate the Plugin from Plugins page.
47
48	== Upgrade Notice ==




49	= 1.5.3.8 =
50	Bugfix for HTML element with space in the id
51
	@@ -165,6 +169,10 @@ add_filter( 'p3_automatic_scan_urls', 'my_p3_auto_scan_pages' );
165	</code>
166
167	== Changelog ==




168	= 1.5.3.8 =
169	Bugfix for HTML element with space in the id
170


3	Tags: debug, debugging, developer, development, performance, plugin, profiler, speed
4	Requires at least: 3.3
5	Tested up to: 4.1
6	+ Stable tag: 1.5.3.9
7	License: GPLv2
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9

46	4. Then activate the Plugin from Plugins page.
47
48	== Upgrade Notice ==
49	+
50	+ = 1.5.3.9 =
51	+ Security update: Escape URLs returned by add_query_arg and remove_query_arg
52	+
53	= 1.5.3.8 =
54	Bugfix for HTML element with space in the id
55

169	</code>
170
171	== Changelog ==
172	+
173	+ = 1.5.3.9 =
174	+ Security update: Escape URLs returned by add_query_arg and remove_query_arg
175	+
176	= 1.5.3.8 =
177	Bugfix for HTML element with space in the id
178

templates/callouts.php CHANGED Viewed

	@@ -380,7 +380,7 @@ $opts = get_option( 'p3-profiler_options' );
380	'p3_nonce' : '<?php echo wp_create_nonce( 'p3_ajax_stop_scan' ); ?>'
381	}
382	jQuery.post( ajaxurl, data, function( response ) {
383	- location.href = "<?php echo add_query_arg( array( 'p3_action' => 'view-scan', 'current_scan' => '1', 'name' => null ) ); ?>&name=" + response;
384	})
385	$( "#p3-scanner-dialog" ).dialog( "close" );
386	});
	@@ -423,7 +423,7 @@ $opts = get_option( 'p3-profiler_options' );
423	jQuery( "#p3-progress-dialog" ).dialog( "close" );
424
425	// View the scan
426	- location.href = "<?php echo add_query_arg( array( 'p3_action' => 'view-scan', 'current_scan' => '1', 'name' => null ) ); ?>&name=" + $( this ).attr( "data-scan-name" );
427	});
428	$( "#p3-view-incomplete-results-submit" ).click( function() {
429	$( "#p3-view-results-submit" ).attr( "data-scan-name", $( "#p3-view-incomplete-results-submit" ).attr( "data-scan-name" ) );
	@@ -595,7 +595,7 @@ $opts = get_option( 'p3-profiler_options' );
595	<label for="p3-cache-buster"><?php _e( 'Attempt to circumvent browser cache', 'p3-profiler' ); ?></label>
596	<br />
597	<em class="p3-em"><?php printf( __('This may help fix a "No visits recorded" error message. See the <a href="%s" class="cache-help">help</a> page for details.', 'p3-profiler' ),
598	- add_query_arg( array( 'p3_action' => 'help', 'current_scan' => null ) ) . '#q-debug-log'
599	); ?> </em>
600	</div>
601	<br />
	@@ -604,7 +604,7 @@ $opts = get_option( 'p3-profiler_options' );
604	<label for="p3-debug"><?php _e( 'Debug mode', 'p3-profiler' ); ?></label>
605	<br />
606	<em class="p3-em"><?php printf( __('This will log the last 100 visits. Check the <a href="%s" class="debug-help">help</a> page to view log messages.', 'p3-profiler' ),
607	- add_query_arg( array( 'p3_action' => 'help', 'current_scan' => null ) ) . '#q-debug-log'
608	); ?></em>
609	</div>
610	</div>


380	'p3_nonce' : '<?php echo wp_create_nonce( 'p3_ajax_stop_scan' ); ?>'
381	}
382	jQuery.post( ajaxurl, data, function( response ) {
383	+ location.href = "<?php echo esc_url_raw( add_query_arg( array( 'p3_action' => 'view-scan', 'current_scan' => '1', 'name' => null ) ) ); ?>&name=" + response;
384	})
385	$( "#p3-scanner-dialog" ).dialog( "close" );
386	});

423	jQuery( "#p3-progress-dialog" ).dialog( "close" );
424
425	// View the scan
426	+ location.href = "<?php echo esc_url_raw( add_query_arg( array( 'p3_action' => 'view-scan', 'current_scan' => '1', 'name' => null ) ) ); ?>&name=" + $( this ).attr( "data-scan-name" );
427	});
428	$( "#p3-view-incomplete-results-submit" ).click( function() {
429	$( "#p3-view-results-submit" ).attr( "data-scan-name", $( "#p3-view-incomplete-results-submit" ).attr( "data-scan-name" ) );

595	<label for="p3-cache-buster"><?php _e( 'Attempt to circumvent browser cache', 'p3-profiler' ); ?></label>
596	<br />
597	<em class="p3-em"><?php printf( __('This may help fix a "No visits recorded" error message. See the <a href="%s" class="cache-help">help</a> page for details.', 'p3-profiler' ),
598	+ esc_url( add_query_arg( array( 'p3_action' => 'help', 'current_scan' => null ) ) ) . '#q-debug-log'
599	); ?> </em>
600	</div>
601	<br />

604	<label for="p3-debug"><?php _e( 'Debug mode', 'p3-profiler' ); ?></label>
605	<br />
606	<em class="p3-em"><?php printf( __('This will log the last 100 visits. Check the <a href="%s" class="debug-help">help</a> page to view log messages.', 'p3-profiler' ),
607	+ esc_url( add_query_arg( array( 'p3_action' => 'help', 'current_scan' => null ) ) ) . '#q-debug-log'
608	); ?></em>
609	</div>
610	</div>

templates/help.php CHANGED Viewed

	@@ -347,8 +347,8 @@ After you've tuned your site up as much as possible, if you're still not happy w
347	<h2 class="p3-help-question q-debug" data-question-id="q-debug-log"><?php _e( "Where can I view the debug log?", 'p3-profiler' ); ?></h2>
348	<blockquote class="q-debug-data">
349	<?php printf( __( "Debug mode will record 100 visits to your site, then turn off automatically. You can view the log below. The entries are shown in reverse order with the latest visits appearing at the top of the list. You can also <a href=\"%1\$s\" class=\"button-secondary\">Clear the log</a> or <a href=\"%2\$s\" class=\"button-secondary\">Download the log</a> as a CSV.", 'p3-profiler' ),
350	- wp_nonce_url( add_query_arg( array( 'p3_action' => 'clear-debug-log' ) ), 'p3-clear-debug-log' ),
351	- wp_nonce_url( add_query_arg( array( 'p3_action' => 'download-debug-log' ) ), 'p3-download-debug-log' )
352	); ?>
353	<br /><br />
354	<div id="p3-debug-log-container">
	@@ -382,11 +382,11 @@ After you've tuned your site up as much as possible, if you're still not happy w
382	<td><?php echo $entry['recording_ip']; ?></td>
383	<td>
384	<?php if ( file_exists(P3_PROFILES_PATH . '/' . $entry['scan_name'] . '.json' ) ) : ?>
385	- <a href="<?php echo add_query_arg( array(
386	'p3_action' => 'view-scan',
387	'current-scan' => null,
388	'name' => $entry['scan_name'] . '.json'
389	- ) ); ?>"><?php echo $entry['scan_name']; ?></a>
390	<?php else : ?>
391	<?php echo $entry['scan_name']; ?>
392	<?php endif; ?>


347	<h2 class="p3-help-question q-debug" data-question-id="q-debug-log"><?php _e( "Where can I view the debug log?", 'p3-profiler' ); ?></h2>
348	<blockquote class="q-debug-data">
349	<?php printf( __( "Debug mode will record 100 visits to your site, then turn off automatically. You can view the log below. The entries are shown in reverse order with the latest visits appearing at the top of the list. You can also <a href=\"%1\$s\" class=\"button-secondary\">Clear the log</a> or <a href=\"%2\$s\" class=\"button-secondary\">Download the log</a> as a CSV.", 'p3-profiler' ),
350	+ wp_nonce_url( esc_url_raw( add_query_arg( array( 'p3_action' => 'clear-debug-log' ) ) ), 'p3-clear-debug-log' ),
351	+ wp_nonce_url( esc_url_raw( add_query_arg( array( 'p3_action' => 'download-debug-log' ) ) ), 'p3-download-debug-log' )
352	); ?>
353	<br /><br />
354	<div id="p3-debug-log-container">

382	<td><?php echo $entry['recording_ip']; ?></td>
383	<td>
384	<?php if ( file_exists(P3_PROFILES_PATH . '/' . $entry['scan_name'] . '.json' ) ) : ?>
385	+ <a href="<?php echo esc_url( add_query_arg( array(
386	'p3_action' => 'view-scan',
387	'current-scan' => null,
388	'name' => $entry['scan_name'] . '.json'
389	+ ) ) ); ?>"><?php echo $entry['scan_name']; ?></a>
390	<?php else : ?>
391	<?php echo $entry['scan_name']; ?>
392	<?php endif; ?>

templates/template.php CHANGED Viewed

	@@ -15,13 +15,13 @@ if ( 'current-scan' == self::$action \|\| !empty( $_REQUEST['current_scan'] ) ) {
15	<script type="text/javascript">
16	jQuery( document ).ready( function( $) {
17	$( "#button-current-scan" ).click( function() {
18	- location.href = "<?php echo add_query_arg( array( 'p3_action' => 'current-scan', 'name' => null, 'current_scan' => null ) ); ?>";
19	});
20	$( "#button-history-scans" ).click( function() {
21	- location.href = "<?php echo add_query_arg( array( 'p3_action' => 'list-scans', 'name' => null, 'current_scan' => null ) ); ?>";
22	});
23	$( "#button-help" ).click( function() {
24	- location.href = "<?php echo add_query_arg( array( 'p3_action' => 'help', 'name' => null, 'current_scan' => null ) ); ?>";
25	})
26	$( ".p3-button" ).button();
27	$( "#p3-navbar" ).buttonset();


15	<script type="text/javascript">
16	jQuery( document ).ready( function( $) {
17	$( "#button-current-scan" ).click( function() {
18	+ location.href = "<?php echo esc_url_raw( add_query_arg( array( 'p3_action' => 'current-scan', 'name' => null, 'current_scan' => null ) ) ); ?>";
19	});
20	$( "#button-history-scans" ).click( function() {
21	+ location.href = "<?php echo esc_url_raw( add_query_arg( array( 'p3_action' => 'list-scans', 'name' => null, 'current_scan' => null ) ) ); ?>";
22	});
23	$( "#button-help" ).click( function() {
24	+ location.href = "<?php echo esc_url_raw( add_query_arg( array( 'p3_action' => 'help', 'name' => null, 'current_scan' => null ) ) ); ?>";
25	})
26	$( ".p3-button" ).button();
27	$( "#p3-navbar" ).buttonset();

P3 (Plugin Performance Profiler) - Version 1.5.3.9

Version Description

Release Info

Code changes from version 1.5.3.8 to 1.5.3.9