Search Meter - Version 2.13.3

Version Description

  • Work around Excel bug that could lead to exploits in downloaded search files.
Download this release

Release Info

Developer bennettmcelwee
Plugin Icon 128x128 Search Meter
Version 2.13.3
Comparing to
See all releases

Code changes from version 2.13.2 to 2.13.3

Files changed (5) hide show
  1. admin.php +22 -9
  2. languages/search-meter-fr_FR.po +2 -2
  3. languages/search-meter.pot +2 -2
  4. readme.txt +7 -4
  5. search-meter.php +30 -29
admin.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  /*
3
- Copyright (C) 2005-16 Bennett McElwee (bennett at thunderguy dotcom)
4
  This software is licensed under the GPL v3. See the included LICENSE file for
5
  details. If you would like to use it under different terms, contact the author.
6
  */
@@ -185,7 +185,7 @@ function smcln_sm_summary() {
185
  <?php if (current_user_can(TGUY_SM_OPTIONS_CAPABILITY)) : ?>
186
  <li><a href="options-general.php?page=<?php echo plugin_basename(__FILE__); ?>"><?php _e('Settings', 'search-meter') ?></a> |</li>
187
  <?php endif; ?>
188
- <li><a href="http://thunderguy.com/semicolon/donate/"><?php _e('Donate', 'search-meter') ?></a></li>
189
  </ul>
190
  <?php
191
  }
@@ -307,7 +307,7 @@ function tguy_sm_summary_page() {
307
  <?php endif; ?>
308
 
309
  <p><?php
310
- printf(__('For information and updates, see the %s.', 'search-meter'), '<a href="http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/">' . __('Search Meter home page', 'search-meter') . '</a>');
311
  echo ' ';
312
  _e('There you can offer suggestions, request new features or report problems.', 'search-meter');
313
  ?></p>
@@ -360,9 +360,12 @@ function tguy_sm_summary_table($days, $do_include_successes = true) {
360
  <?php
361
  if ($do_include_successes) {
362
  ?>
363
- <td class="sm-number"><?php echo $result->hits ?></td></tr>
364
  <?php
365
  }
 
 
 
366
  $class = ($class == '' ? 'alternate' : '');
367
  }
368
  ?>
@@ -477,7 +480,7 @@ function tguy_sm_recent_page($max_lines, $do_show_details) {
477
  <?php endif; ?>
478
 
479
  <p><?php
480
- printf(__('For information and updates, see the %s.', 'search-meter'), '<a href="http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/">' . __('Search Meter home page', 'search-meter') . '</a>');
481
  echo ' ';
482
  _e('There you can offer suggestions, request new features or report problems.', 'search-meter');
483
  ?></p>
@@ -628,7 +631,7 @@ function tguy_sm_options_page() {
628
  <p><?php printf(__('To see your search statistics, go to the %s.', 'search-meter'), '<a href="index.php?page=' . plugin_basename(__FILE__) . '">' . __('Search Meter Dashboard', 'search-meter') . '</a>') ?></p>
629
 
630
  <p><?php
631
- printf(__('For information and updates, see the %s.', 'search-meter'), '<a href="http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/">' . __('Search Meter home page', 'search-meter') . '</a>');
632
  echo ' ';
633
  _e('There you can offer suggestions, request new features or report problems.', 'search-meter');
634
  ?></p>
@@ -656,6 +659,16 @@ function tguy_sm_download() {
656
  tguy_sm_download_individual();
657
  }
658
  }
 
 
 
 
 
 
 
 
 
 
659
  function tguy_sm_download_summary() {
660
  global $wpdb;
661
  $results = $wpdb->get_results(
@@ -664,7 +677,7 @@ function tguy_sm_download_summary() {
664
  ORDER BY `date` ASC, `terms` ASC");
665
  $results_array = array(array(__('Date', 'search-meter'), __('Search terms', 'search-meter'), __('Searches', 'search-meter'), __('Results', 'search-meter')));
666
  foreach ($results as $result) {
667
- $results_array[] = array(tguy_sm_format_utc_as_local('Y-m-d', $result->date), $result->terms, $result->count, $result->last_hits);
668
  }
669
  /* translators: base filename for downloaded summary - lowercase letters, digits, dashes only */
670
  tguy_sm_download_to_csv($results_array, __('search-summary', 'search-meter'));
@@ -678,7 +691,7 @@ function tguy_sm_download_individual() {
678
  ORDER BY `datetime` ASC");
679
  $results_array = array(array(__('Date', 'search-meter'), __('Search terms', 'search-meter'), __('Results', 'search-meter'), __('Details', 'search-meter')));
680
  foreach ($results as $result) {
681
- $results_array[] = array(tguy_sm_format_utc_as_local('Y-m-d H:i:s', $result->datetime), $result->terms, $result->hits, $result->details);
682
  }
683
  /* translators: base filename for downloaded searches - lowercase letters, digits, dashes only */
684
  tguy_sm_download_to_csv($results_array, __('recent-searches', 'search-meter'));
@@ -701,7 +714,7 @@ function tguy_sm_download_to_csv($array, $filenamebase) {
701
  header('Content-Type: application/csv');
702
  header('Content-Disposition: attachment; filename="'.$filenamebase.'-'.current_time('Ymd-His').'.csv";');
703
 
704
- // see http://www.php.net/manual/en/wrappers.php.php#refsect2-wrappers.php-unknown-unknown-unknown-descriptioq
705
  $f = fopen('php://output', 'w');
706
  foreach ($array as $line) {
707
  fputcsv($f, $line);
1
  <?php
2
  /*
3
+ Copyright (C) 2005-20 Bennett McElwee (bennett at thunderguy dotcom)
4
  This software is licensed under the GPL v3. See the included LICENSE file for
5
  details. If you would like to use it under different terms, contact the author.
6
  */
185
  <?php if (current_user_can(TGUY_SM_OPTIONS_CAPABILITY)) : ?>
186
  <li><a href="options-general.php?page=<?php echo plugin_basename(__FILE__); ?>"><?php _e('Settings', 'search-meter') ?></a> |</li>
187
  <?php endif; ?>
188
+ <li><a href="https://thunderguy.com/semicolon/donate/"><?php _e('Donate', 'search-meter') ?></a></li>
189
  </ul>
190
  <?php
191
  }
307
  <?php endif; ?>
308
 
309
  <p><?php
310
+ printf(__('For information and updates, see the %s.', 'search-meter'), '<a href="https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/">' . __('Search Meter home page', 'search-meter') . '</a>');
311
  echo ' ';
312
  _e('There you can offer suggestions, request new features or report problems.', 'search-meter');
313
  ?></p>
360
  <?php
361
  if ($do_include_successes) {
362
  ?>
363
+ <td class="sm-number"><?php echo $result->hits ?></td>
364
  <?php
365
  }
366
+ ?>
367
+ </tr>
368
+ <?php
369
  $class = ($class == '' ? 'alternate' : '');
370
  }
371
  ?>
480
  <?php endif; ?>
481
 
482
  <p><?php
483
+ printf(__('For information and updates, see the %s.', 'search-meter'), '<a href="https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/">' . __('Search Meter home page', 'search-meter') . '</a>');
484
  echo ' ';
485
  _e('There you can offer suggestions, request new features or report problems.', 'search-meter');
486
  ?></p>
631
  <p><?php printf(__('To see your search statistics, go to the %s.', 'search-meter'), '<a href="index.php?page=' . plugin_basename(__FILE__) . '">' . __('Search Meter Dashboard', 'search-meter') . '</a>') ?></p>
632
 
633
  <p><?php
634
+ printf(__('For information and updates, see the %s.', 'search-meter'), '<a href="https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/">' . __('Search Meter home page', 'search-meter') . '</a>');
635
  echo ' ';
636
  _e('There you can offer suggestions, request new features or report problems.', 'search-meter');
637
  ?></p>
659
  tguy_sm_download_individual();
660
  }
661
  }
662
+
663
+ function tguy_sm_sanitise_terms_for_csv($terms) {
664
+ // Excel (and its clones) interpret CSV values starting with certain characters as formulas, leading to
665
+ // potential vulnerabilities: https://owasp.org/www-community/attacks/CSV_Injection
666
+ // So here we work around that: if the search string starts with an Excel formula character, prepend a
667
+ // space so Excel/Sheets/LibreOffice don't execute it as a formula. It's a shame we have to add a space
668
+ // to work around this behaviour, but hey, it's only a space.
669
+ return (preg_match('/^[=@+-]/', $terms) ? (' ' . $terms) : $terms);
670
+ }
671
+
672
  function tguy_sm_download_summary() {
673
  global $wpdb;
674
  $results = $wpdb->get_results(
677
  ORDER BY `date` ASC, `terms` ASC");
678
  $results_array = array(array(__('Date', 'search-meter'), __('Search terms', 'search-meter'), __('Searches', 'search-meter'), __('Results', 'search-meter')));
679
  foreach ($results as $result) {
680
+ $results_array[] = array(tguy_sm_format_utc_as_local('Y-m-d', $result->date), tguy_sm_sanitise_terms_for_csv($result->terms), $result->count, $result->last_hits);
681
  }
682
  /* translators: base filename for downloaded summary - lowercase letters, digits, dashes only */
683
  tguy_sm_download_to_csv($results_array, __('search-summary', 'search-meter'));
691
  ORDER BY `datetime` ASC");
692
  $results_array = array(array(__('Date', 'search-meter'), __('Search terms', 'search-meter'), __('Results', 'search-meter'), __('Details', 'search-meter')));
693
  foreach ($results as $result) {
694
+ $results_array[] = array(tguy_sm_format_utc_as_local('Y-m-d H:i:s', $result->datetime), tguy_sm_sanitise_terms_for_csv($result->terms), $result->hits, $result->details);
695
  }
696
  /* translators: base filename for downloaded searches - lowercase letters, digits, dashes only */
697
  tguy_sm_download_to_csv($results_array, __('recent-searches', 'search-meter'));
714
  header('Content-Type: application/csv');
715
  header('Content-Disposition: attachment; filename="'.$filenamebase.'-'.current_time('Ymd-His').'.csv";');
716
 
717
+ // see https://www.php.net/manual/en/wrappers.php.php#refsect2-wrappers.php-unknown-unknown-unknown-descriptioq
718
  $f = fopen('php://output', 'w');
719
  foreach ($array as $line) {
720
  fputcsv($f, $line);
languages/search-meter-fr_FR.po CHANGED
@@ -355,7 +355,7 @@ msgid "Search Meter save count"
355
  msgstr "Search Meter save count"
356
 
357
  #. Plugin URI of the plugin/theme
358
- msgid "http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/"
359
  msgstr ""
360
 
361
  #. Description of the plugin/theme
@@ -370,5 +370,5 @@ msgid "Bennett McElwee"
370
  msgstr ""
371
 
372
  #. Author URI of the plugin/theme
373
- msgid "http://thunderguy.com/semicolon/"
374
  msgstr ""
355
  msgstr "Search Meter save count"
356
 
357
  #. Plugin URI of the plugin/theme
358
+ msgid "https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/"
359
  msgstr ""
360
 
361
  #. Description of the plugin/theme
370
  msgstr ""
371
 
372
  #. Author URI of the plugin/theme
373
+ msgid "https://thunderguy.com/semicolon/"
374
  msgstr ""
languages/search-meter.pot CHANGED
@@ -334,7 +334,7 @@ msgstr ""
334
 
335
  #. Plugin URI of the plugin/theme
336
  msgid ""
337
- "http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/"
338
  msgstr ""
339
 
340
  #. Description of the plugin/theme
@@ -349,5 +349,5 @@ msgid "Bennett McElwee"
349
  msgstr ""
350
 
351
  #. Author URI of the plugin/theme
352
- msgid "http://thunderguy.com/semicolon/"
353
  msgstr ""
334
 
335
  #. Plugin URI of the plugin/theme
336
  msgid ""
337
+ "https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/"
338
  msgstr ""
339
 
340
  #. Description of the plugin/theme
349
  msgstr ""
350
 
351
  #. Author URI of the plugin/theme
352
+ msgid "https://thunderguy.com/semicolon/"
353
  msgstr ""
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === Search Meter ===
2
  Contributors: bennettmcelwee
3
- Donate link: http://thunderguy.com/semicolon/donate/
4
  Tags: search, meter, search-meter, statistics, widget, admin, keywords, terms, search terms
5
  Requires at least: 3.2
6
- Tested up to: 4.9.4
7
- Stable tag: 2.13.1
8
 
9
  Search Meter tracks what your readers are searching for on your blog. View full details of recent searches or stats for the last day, week or month.
10
 
@@ -67,13 +67,16 @@ Show a simple list of the 5 most recent successful search terms, hyperlinked to
67
 
68
  = Where can I find out more information? =
69
 
70
- The [Search Meter home page](http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/) has more information and a form to submit comments and questions.
71
 
72
  == Screenshots ==
73
 
74
  1. The Search Meter administration interface, showing some of the reports available.
75
 
76
  == Changelog ==
 
 
 
77
  = 2.13.2 =
78
  * Restore compatibility with some older versions of PHP (probably back to 5.0).
79
 
1
  === Search Meter ===
2
  Contributors: bennettmcelwee
3
+ Donate link: https://thunderguy.com/semicolon/donate/
4
  Tags: search, meter, search-meter, statistics, widget, admin, keywords, terms, search terms
5
  Requires at least: 3.2
6
+ Tested up to: 5.4
7
+ Stable tag: 2.13.2
8
 
9
  Search Meter tracks what your readers are searching for on your blog. View full details of recent searches or stats for the last day, week or month.
10
 
67
 
68
  = Where can I find out more information? =
69
 
70
+ The [Search Meter home page](https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/) has more information and a form to submit comments and questions.
71
 
72
  == Screenshots ==
73
 
74
  1. The Search Meter administration interface, showing some of the reports available.
75
 
76
  == Changelog ==
77
+ = 2.13.3 =
78
+ * Work around Excel bug that could lead to exploits in downloaded search files.
79
+
80
  = 2.13.2 =
81
  * Restore compatibility with some older versions of PHP (probably back to 5.0).
82
 
search-meter.php CHANGED
@@ -1,16 +1,16 @@
1
  <?php
2
  /*
3
  Plugin Name: Search Meter
4
- Plugin URI: http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/
5
  Description: Keeps track of what your visitors are searching for. After you have activated this plugin, you can check the Search Meter section in the Dashboard to see what your visitors are searching for on your blog.
6
- Version: 2.13.2
7
  Author: Bennett McElwee
8
- Author URI: http://thunderguy.com/semicolon/
9
- Donate link: http://thunderguy.com/semicolon/donate/
10
  Text Domain: search-meter
11
  Domain Path: /languages
12
 
13
- $Revision: 1513676 $
14
 
15
 
16
  INSTRUCTIONS
@@ -27,12 +27,12 @@ INSTRUCTIONS
27
  * To display recent and popular searches, use the Recent Searches and
28
  Popular Searches widgets, or the sm_list_popular_searches() and
29
  sm_list_recent_searches() template tags.
30
- * For full details, see http://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/
31
 
32
  Thanks to everyone who has suggested or contributed improvements. It takes a village to build a plugin.
33
 
34
 
35
- Copyright (C) 2005-16 Bennett McElwee (bennett at thunderguy dotcom)
36
  This software is licensed under the GPL v3. See the included LICENSE file for
37
  details. If you would like to use it under different terms, contact the author.
38
  */
@@ -81,14 +81,27 @@ function sm_list_popular_searches($before = '', $after = '', $count = 5) {
81
  GROUP BY `terms`
82
  ORDER BY countsum DESC, `terms` ASC
83
  LIMIT $count");
84
- if (count($results)) {
85
- echo "$before\n<ul>\n";
86
- $home_url_slash = get_option('home') . '/';
87
- foreach ($results as $result) {
88
- echo '<li><a href="'. $home_url_slash . sm_get_relative_search_url($result->terms) . '">'. htmlspecialchars($result->terms) .'</a></li>'."\n";
 
 
 
 
 
 
 
 
 
 
 
89
  }
90
- echo "</ul>\n$after\n";
91
  }
 
 
92
  }
93
 
94
  function sm_list_recent_searches($before = '', $after = '', $count = 5) {
@@ -337,26 +350,14 @@ function tguy_sm_save_search($posts) {
337
  $success = $wpdb->query($query);
338
  }
339
  }
340
- // Save search summary into the DB. Usually this will be a new row, so try to insert first
341
- // Temporarily suppress errors, as this query is expected to fail on duplicate searches in a single day. Thanks to James Collins.
342
- $suppress = $wpdb->suppress_errors();
343
- $success = $wpdb->query($wpdb->prepare("
344
  INSERT INTO `{$wpdb->prefix}searchmeter` (`terms`,`date`,`count`,`last_hits`)
345
- VALUES (%s, UTC_DATE(), 1, %d)",
 
346
  $search_terms,
347
  $hit_count
348
  ));
349
- $wpdb->suppress_errors($suppress);
350
- if (!$success) {
351
- $success = $wpdb->query($wpdb->prepare("
352
- UPDATE `{$wpdb->prefix}searchmeter` SET
353
- `count` = `count` + 1,
354
- `last_hits` = %d
355
- WHERE `terms` = %s AND `date` = UTC_DATE()",
356
- $hit_count,
357
- $search_terms
358
- ));
359
- }
360
  ++$tguy_sm_save_count;
361
  }
362
  return $posts;
1
  <?php
2
  /*
3
  Plugin Name: Search Meter
4
+ Plugin URI: https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/
5
  Description: Keeps track of what your visitors are searching for. After you have activated this plugin, you can check the Search Meter section in the Dashboard to see what your visitors are searching for on your blog.
6
+ Version: 2.13.3
7
  Author: Bennett McElwee
8
+ Author URI: https://thunderguy.com/semicolon/
9
+ Donate link: https://thunderguy.com/semicolon/donate/
10
  Text Domain: search-meter
11
  Domain Path: /languages
12
 
13
+ $Revision: 2341984 $
14
 
15
 
16
  INSTRUCTIONS
27
  * To display recent and popular searches, use the Recent Searches and
28
  Popular Searches widgets, or the sm_list_popular_searches() and
29
  sm_list_recent_searches() template tags.
30
+ * For full details, see https://thunderguy.com/semicolon/wordpress/search-meter-wordpress-plugin/
31
 
32
  Thanks to everyone who has suggested or contributed improvements. It takes a village to build a plugin.
33
 
34
 
35
+ Copyright (C) 2005-20 Bennett McElwee (bennett at thunderguy dotcom)
36
  This software is licensed under the GPL v3. See the included LICENSE file for
37
  details. If you would like to use it under different terms, contact the author.
38
  */
81
  GROUP BY `terms`
82
  ORDER BY countsum DESC, `terms` ASC
83
  LIMIT $count");
84
+
85
+ $searches = array();
86
+
87
+ foreach ($results as $result) {
88
+ array_push($searches, array(
89
+ 'term' => $result->terms,
90
+ 'href' => get_search_link($result->terms)
91
+ ));
92
+ }
93
+
94
+ $display = '';
95
+
96
+ if (count($searches)) {
97
+ $display = "$before\n<ul>\n";
98
+ foreach ($searches as $search) {
99
+ $display .= '<li><a href="' . $search['href'] . '">'. htmlspecialchars($search['term']) .'</a></li>'."\n";
100
  }
101
+ $display .= "</ul>\n$after\n";
102
  }
103
+
104
+ echo apply_filters('sm_list_popular_searches_display', $display, $searches);
105
  }
106
 
107
  function sm_list_recent_searches($before = '', $after = '', $count = 5) {
350
  $success = $wpdb->query($query);
351
  }
352
  }
353
+ // Save search summary into the DB.
354
+ $wpdb->query($wpdb->prepare("
 
 
355
  INSERT INTO `{$wpdb->prefix}searchmeter` (`terms`,`date`,`count`,`last_hits`)
356
+ VALUES (%s, UTC_DATE(), 1, %d)
357
+ ON DUPLICATE KEY UPDATE `count` = `count` + 1, `last_hits` = VALUES(`last_hits`)",
358
  $search_terms,
359
  $hit_count
360
  ));
 
 
 
 
 
 
 
 
 
 
 
361
  ++$tguy_sm_save_count;
362
  }
363
  return $posts;