Top 10 – Popular posts plugin for WordPress - Version 2.4.4

Version Description

  • Enhancements:

    • Changed tracker type to Query based for better compatibility

  • Bug fixes:

    • Security fix: Potential SQL injection vulnerability. Reported by DefenseCode ThunderScan
    • Revisions no longer displayed in the "View Popular Posts" screen in admin area
Download this release

Release Info

Developer Ajay
Plugin Icon 128x128 Top 10 – Popular posts plugin for WordPress
Version 2.4.4
Comparing to
See all releases

Code changes from version 2.4.3 to 2.4.4

Files changed (3) hide show
  1. admin/class-stats.php +5 -0
  2. readme.txt +9 -0
  3. top-10.php +2 -2
admin/class-stats.php CHANGED
@@ -90,6 +90,7 @@ class Top_Ten_Statistics_Table extends WP_List_Table {
90
  // Create the base WHERE clause.
91
  $where = $wpdb->prepare( ' AND ttt.blog_id = %d ', $blog_id ); // Posts need to be from the current blog only.
92
  $where .= " AND ($wpdb->posts.post_status = 'publish' OR $wpdb->posts.post_status = 'inherit') "; // Show published posts and attachments.
 
93
 
94
  /* If search argument is set, do a search for it. */
95
  if ( isset( $args['search'] ) ) {
@@ -110,6 +111,10 @@ class Top_Ten_Statistics_Table extends WP_List_Table {
110
  if ( ! empty( $_REQUEST['orderby'] ) ) { // Input var okay.
111
  $orderby = sanitize_text_field( wp_unslash( $_REQUEST['orderby'] ) );
112
 
 
 
 
 
113
  if ( ! empty( $_REQUEST['order'] ) ) {
114
  $order = sanitize_text_field( wp_unslash( $_REQUEST['order'] ) );
115
 
90
  // Create the base WHERE clause.
91
  $where = $wpdb->prepare( ' AND ttt.blog_id = %d ', $blog_id ); // Posts need to be from the current blog only.
92
  $where .= " AND ($wpdb->posts.post_status = 'publish' OR $wpdb->posts.post_status = 'inherit') "; // Show published posts and attachments.
93
+ $where .= " AND ($wpdb->posts.post_type <> 'revision' ) "; // No revisions.
94
 
95
  /* If search argument is set, do a search for it. */
96
  if ( isset( $args['search'] ) ) {
111
  if ( ! empty( $_REQUEST['orderby'] ) ) { // Input var okay.
112
  $orderby = sanitize_text_field( wp_unslash( $_REQUEST['orderby'] ) );
113
 
114
+ if ( ! in_array( $orderby, array( 'title', 'daily_count', 'total_count' ) ) ) {
115
+ $orderby = ' total_count ';
116
+ }
117
+
118
  if ( ! empty( $_REQUEST['order'] ) ) {
119
  $order = sanitize_text_field( wp_unslash( $_REQUEST['order'] ) );
120
 
readme.txt CHANGED
@@ -165,6 +165,15 @@ add_filter( 'manage_edit-projects_sortable_columns', 'tptn_column_register_sorta
165
 
166
  == Changelog ==
167
 
 
 
 
 
 
 
 
 
 
168
  = 2.4.3 =
169
 
170
  * Bug fixes:
165
 
166
  == Changelog ==
167
 
168
+ = 2.4.4 =
169
+
170
+ * Enhancements:
171
+ * Changed tracker type to Query based for better compatibility
172
+
173
+ * Bug fixes:
174
+ * Security fix: Potential SQL injection vulnerability. Reported by [DefenseCode ThunderScan](http://www.defensecode.com/)
175
+ * Revisions no longer displayed in the "View Popular Posts" screen in admin area
176
+
177
  = 2.4.3 =
178
 
179
  * Bug fixes:
top-10.php CHANGED
@@ -14,7 +14,7 @@
14
  * Plugin Name: Top 10
15
  * Plugin URI: https://webberzone.com/plugins/top-10/
16
  * Description: Count daily and total visits per post and display the most popular posts based on the number of views
17
- * Version: 2.4.3
18
  * Author: Ajay D'Souza
19
  * Author URI: https://webberzone.com
20
  * License: GPL-2.0+
@@ -132,7 +132,7 @@ function tptn_default_options() {
132
  'count_disp_form_zero' => 'No visits yet', // What to display where there are no hits?
133
  'dynamic_post_count' => false, // Use JavaScript for displaying the post count.
134
 
135
- 'tracker_type' => 'ajaxurl', // Tracker type.
136
  'track_authors' => false, // Track Authors visits.
137
  'track_admins' => true, // Track Admin visits.
138
  'track_editors' => true, // Track Admin visits.
14
  * Plugin Name: Top 10
15
  * Plugin URI: https://webberzone.com/plugins/top-10/
16
  * Description: Count daily and total visits per post and display the most popular posts based on the number of views
17
+ * Version: 2.4.4
18
  * Author: Ajay D'Souza
19
  * Author URI: https://webberzone.com
20
  * License: GPL-2.0+
132
  'count_disp_form_zero' => 'No visits yet', // What to display where there are no hits?
133
  'dynamic_post_count' => false, // Use JavaScript for displaying the post count.
134
 
135
+ 'tracker_type' => 'query_based', // Tracker type.
136
  'track_authors' => false, // Track Authors visits.
137
  'track_admins' => true, // Track Admin visits.
138
  'track_editors' => true, // Track Admin visits.