WassUp Real Time Analytics

Version Description

Release Info

Developer	michelem
Plugin	WassUp Real Time Analytics
Version	1.8.6
Comparing to
See all releases

Code changes from version 1.8.5 to 1.8.6

Files changed (6) hide show

lib/action.php +5 -5
lib/main.php +8 -8
lib/upgrade.php +1 -1
lib/wassup.class.php +2 -2
readme.txt +5 -1
wassup.php +57 -57

lib/action.php CHANGED Viewed

	@@ -44,7 +44,7 @@ if (!function_exists('get_bloginfo')) {
44	// GET parameter "wpabspath=ABSPATH" for "action.php" to run.
45	//-Helene D. 2009-04-04
46	if (!empty($_GET['wpabspath'])) {
47	- $wpabspath=~~attribute_escape~~(base64_decode(urldecode($_GET['wpabspath'])));
48	} elseif (defined('ABSPATH')) {
49	$wpabspath=ABSPATH;
50	}
	@@ -79,7 +79,7 @@ if (!$validuser) {
79	$hashfail = true;
80	if (isset($_GET['whash'])) {
81	$wassup_settings = get_option('wassup_settings');
82	- if ($_GET['whash'] == $wassup_settings['whash'] \|\| $_GET['whash'] == ~~attribute_escape~~($wassup_settings['whash'])) {
83	$hashfail = false;
84	}
85	}
	@@ -116,7 +116,7 @@ if (!$hashfail) {
116	if (method_exists($wpdb,'prepare')) {
117	$wpdb->query($wpdb->prepare("DELETE FROM $table_name WHERE wassup_id='%s'", $_GET['id']));
118	} else {
119	- $wpdb->query("DELETE FROM $table_name WHERE wassup_id='".~~attribute_escape~~($_GET['id'])."'");
120	}
121	} else {
122	echo "Error: Missing wassup_id parameter";
	@@ -182,7 +182,7 @@ if (!$hashfail) {
182	// ACTION: RUN SPY VIEW
183	if ($_GET['action'] == "spia") {
184	if (empty($rows)) { $rows = 0; }
185	- if (!empty($_GET['spiatype'])) $spytype=~~attribute_escape~~($_GET['spiatype']);
186	else $spytype=$wassup_settings['wassup_default_spy_type'];
187	$from_spydate=current_time('timestamp')-10;
188	wassup_spiaView($from_spydate,$rows,$spytype);
	@@ -222,7 +222,7 @@ if (!$hashfail) {
222	wassup_top10view($from_date, $to_date, $max_char_len, $top_limit,$title);
223	// ACTION: DISPLAY GEOGRAPHIC AND WHOIS DETAILS - TODO
224	} else {
225	- echo '<span style="color:red;">Action.php '.__("ERROR: Missing or unknown parameters","wassup").', action='.~~attribute_escape~~($_GET["action"]).'</span>';
226	}
227	if ($wdebug_mode) {
228	if (function_exists('profiler_endSection')) {


44	// GET parameter "wpabspath=ABSPATH" for "action.php" to run.
45	//-Helene D. 2009-04-04
46	if (!empty($_GET['wpabspath'])) {
47	+ $wpabspath=esc_attr(base64_decode(urldecode($_GET['wpabspath'])));
48	} elseif (defined('ABSPATH')) {
49	$wpabspath=ABSPATH;
50	}

79	$hashfail = true;
80	if (isset($_GET['whash'])) {
81	$wassup_settings = get_option('wassup_settings');
82	+ if ($_GET['whash'] == $wassup_settings['whash'] \|\| $_GET['whash'] == esc_attr($wassup_settings['whash'])) {
83	$hashfail = false;
84	}
85	}

116	if (method_exists($wpdb,'prepare')) {
117	$wpdb->query($wpdb->prepare("DELETE FROM $table_name WHERE wassup_id='%s'", $_GET['id']));
118	} else {
119	+ $wpdb->query("DELETE FROM $table_name WHERE wassup_id='".esc_attr($_GET['id'])."'");
120	}
121	} else {
122	echo "Error: Missing wassup_id parameter";

182	// ACTION: RUN SPY VIEW
183	if ($_GET['action'] == "spia") {
184	if (empty($rows)) { $rows = 0; }
185	+ if (!empty($_GET['spiatype'])) $spytype=esc_attr($_GET['spiatype']);
186	else $spytype=$wassup_settings['wassup_default_spy_type'];
187	$from_spydate=current_time('timestamp')-10;
188	wassup_spiaView($from_spydate,$rows,$spytype);

222	wassup_top10view($from_date, $to_date, $max_char_len, $top_limit,$title);
223	// ACTION: DISPLAY GEOGRAPHIC AND WHOIS DETAILS - TODO
224	} else {
225	+ echo '<span style="color:red;">Action.php '.__("ERROR: Missing or unknown parameters","wassup").', action='.esc_attr($_GET["action"]).'</span>';
226	}
227	if ($wdebug_mode) {
228	if (function_exists('profiler_endSection')) {

lib/main.php CHANGED Viewed

	@@ -522,12 +522,12 @@ function stringShortener($input, $max=0, $separator="(...)", $exceedFromEnd=0){
522	if (strlen($outstring) >= $inputlen) { //Because "Fir(...)fox" is longer than "Firefox"
523	$outstring = $instring;
524	}
525	- //# use WordPress 2.x function ~~attribute_escape~~ and 1.2.x
526	// function wp_specialchars to make malicious code
527	// harmless when echoed to the screen
528	- $outstring=~~attribute_escape~~(wp_specialchars($outstring,ENT_QUOTES));
529	} else {
530	- $outstring = ~~attribute_escape~~(wp_specialchars($instring,ENT_QUOTES));
531	}
532	return $outstring;
533	} //end function stringShortener
	@@ -580,7 +580,7 @@ function wCleanURL($url="") {
580	$cleaned_url = clean_url(stripslashes($url));
581	}
582	if (empty($cleaned_url)) { //oops, clean_url chomp
583	- $cleaned_url = ~~attribute_escape~~(stripslashes($url));
584	}
585	return $cleaned_url;
586	} //end function
	@@ -899,7 +899,7 @@ function wGeolocateIP($ip) {
899	$wassup_cache = array( 'meta_id'=>$cache_id,
900	'wassup_key'=>$ip,
901	'meta_key'=>'geoip',
902	- 'meta_value'=>~~attribute_escape~~(serialize($geoip)),
903	'meta_expire'=>time()+7*86400);
904	if (empty($cache_id)) {
905	if (method_exists($wpdb,'insert')) { //WP 2.5+
	@@ -1141,10 +1141,10 @@ function wassup_top10view ($from_date="",$to_date="",$max_char_len="",$top_limit
1141	foreach ($top_results as $top10) {
1142	echo "\n"; ?>
1143	<li class="charts"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1144	- echo ' <a href="'.clean_url($top10->top_link,'','url').'" title="'.~~attribute_escape~~($top10->top_link).'" target="_BLANK">';
1145	//#cut http:// from displayed url and truncate
1146	//# instead of using stringShortener
1147	- echo substr(str_replace("http://", "", ~~attribute_escape~~($top10->top_item)),0,$char_len);
1148	if (strlen($top10->top_item) > ($char_len + 7)) {
1149	echo '...';
1150	}
	@@ -1915,7 +1915,7 @@ class WassupItems {
1915	$wassup_cache = array('meta_id'=>$cache_id,
1916	'wassup_key'=>$chart_key,
1917	'meta_key'=>'chart',
1918	- 'meta_value'=>~~attribute_escape~~($chart_url),
1919	'meta_expire'=>time()+$cache_time);
1920	if (method_exists($wpdb,'insert')) { //WP 2.5+
1921	$result = $wpdb->insert($cache_table,$wassup_cache);


522	if (strlen($outstring) >= $inputlen) { //Because "Fir(...)fox" is longer than "Firefox"
523	$outstring = $instring;
524	}
525	+ //# use WordPress 2.x function esc_attr and 1.2.x
526	// function wp_specialchars to make malicious code
527	// harmless when echoed to the screen
528	+ $outstring=esc_attr(wp_specialchars($outstring,ENT_QUOTES));
529	} else {
530	+ $outstring = esc_attr(wp_specialchars($instring,ENT_QUOTES));
531	}
532	return $outstring;
533	} //end function stringShortener

580	$cleaned_url = clean_url(stripslashes($url));
581	}
582	if (empty($cleaned_url)) { //oops, clean_url chomp
583	+ $cleaned_url = esc_attr(stripslashes($url));
584	}
585	return $cleaned_url;
586	} //end function

899	$wassup_cache = array( 'meta_id'=>$cache_id,
900	'wassup_key'=>$ip,
901	'meta_key'=>'geoip',
902	+ 'meta_value'=>esc_attr(serialize($geoip)),
903	'meta_expire'=>time()+7*86400);
904	if (empty($cache_id)) {
905	if (method_exists($wpdb,'insert')) { //WP 2.5+

1141	foreach ($top_results as $top10) {
1142	echo "\n"; ?>
1143	<li class="charts"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1144	+ echo ' <a href="'.clean_url($top10->top_link,'','url').'" title="'.esc_attr($top10->top_link).'" target="_BLANK">';
1145	//#cut http:// from displayed url and truncate
1146	//# instead of using stringShortener
1147	+ echo substr(str_replace("http://", "", esc_attr($top10->top_item)),0,$char_len);
1148	if (strlen($top10->top_item) > ($char_len + 7)) {
1149	echo '...';
1150	}

1915	$wassup_cache = array('meta_id'=>$cache_id,
1916	'wassup_key'=>$chart_key,
1917	'meta_key'=>'chart',
1918	+ 'meta_value'=>esc_attr($chart_url),
1919	'meta_expire'=>time()+$cache_time);
1920	if (method_exists($wpdb,'insert')) { //WP 2.5+
1921	$result = $wpdb->insert($cache_table,$wassup_cache);

lib/upgrade.php CHANGED Viewed

	@@ -158,7 +158,7 @@ function wCreateTable($wtable="",$withcharset=true) {
158	if (empty($current_user->user_login)) get_currentuserinfo();
159	$logged_user = (!empty($current_user->user_login)? $current_user->user_login: "");
160	if (isset($_COOKIE['wassup_screen_res'])) {
161	- $screen_res = ~~attribute_escape~~(trim($_COOKIE['wassup_screen_res']));
162	if ($screen_res == "x") $screen_res = "";
163	}
164	$currentLocale = get_locale();


158	if (empty($current_user->user_login)) get_currentuserinfo();
159	$logged_user = (!empty($current_user->user_login)? $current_user->user_login: "");
160	if (isset($_COOKIE['wassup_screen_res'])) {
161	+ $screen_res = esc_attr(trim($_COOKIE['wassup_screen_res']));
162	if ($screen_res == "x") $screen_res = "";
163	}
164	$currentLocale = get_locale();

lib/wassup.class.php CHANGED Viewed

	@@ -163,7 +163,7 @@ class wassupOptions {
163	'wassup_alert_message' =>"",
164	'wassup_uninstall' =>"0",
165	'wassup_optimize' =>current_time('timestamp'),
166	- 'wassup_top10' =>~~attribute_escape~~(serialize($top10)),
167	// "topsearch"=>"1", - moved
168	// "topreferrer"=>"1", - moved
169	// "toprequest"=>"1", - moved
	@@ -256,7 +256,7 @@ class wassupOptions {
256	if (is_array($obj->$k)) {
257	//serialize any arrays within $obj
258	if (count($obj->$k)>0) {
259	- $settings_array[$k] = ~~attribute_escape~~(serialize($obj->$k));
260	} else {
261	$settings_array[$k] = "";
262	}


163	'wassup_alert_message' =>"",
164	'wassup_uninstall' =>"0",
165	'wassup_optimize' =>current_time('timestamp'),
166	+ 'wassup_top10' =>esc_attr(serialize($top10)),
167	// "topsearch"=>"1", - moved
168	// "topreferrer"=>"1", - moved
169	// "toprequest"=>"1", - moved

256	if (is_array($obj->$k)) {
257	//serialize any arrays within $obj
258	if (count($obj->$k)>0) {
259	+ $settings_array[$k] = esc_attr(serialize($obj->$k));
260	} else {
261	$settings_array[$k] = "";
262	}

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=michele%
4	Tags: tracker, tracking, statistics, analyze, web, realtime, stats, ajax, visitors, visits, online users, details, seo, admin, spy, visitors, widgets, widget, sidebar, monitor, stalker, detector, webmaster, tool, geolocation, chart, google!charts, spammers, exploits, injection, security, useragent, browser, spider, detection, pageviews
5	Requires at least: 2.2
6	Tested up to: 4.0
7	- Stable tag: 1.8.5
8
9	Analyze your visitors traffic with real-time statistics, a lot of chronological information, charts, a sidebar widget.
10
	@@ -144,6 +144,10 @@ IMPORTANT: WassUp is incompatible with page-based caching plugins such as "WP Su
144
145	== Changelog ==
146




147	= 1.8.5 =
148	= Important fix for SPY visitors view =
149	* Changed main API tool to get GEOIP data


4	Tags: tracker, tracking, statistics, analyze, web, realtime, stats, ajax, visitors, visits, online users, details, seo, admin, spy, visitors, widgets, widget, sidebar, monitor, stalker, detector, webmaster, tool, geolocation, chart, google!charts, spammers, exploits, injection, security, useragent, browser, spider, detection, pageviews
5	Requires at least: 2.2
6	Tested up to: 4.0
7	+ Stable tag: 1.8.6
8
9	Analyze your visitors traffic with real-time statistics, a lot of chronological information, charts, a sidebar widget.
10

144
145	== Changelog ==
146
147	+ = 1.8.6 =
148	+ = Removed deprecated Wordpress methods
149	+ = Small text changes
150	+
151	= 1.8.5 =
152	= Important fix for SPY visitors view =
153	* Changed main API tool to get GEOIP data

wassup.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WassUp Real Time Analytics
4	Plugin URI: http://www.wpwp.org
5	Description: Analyze your visitors traffic with real-time stats, charts, and a lot of chronological information. Includes a sidebar widget of current online visitors and other statistics and an admin dashboard widget with chart. For Wordpress 2.2 or higher. Caution: don't upgrade when your site is busy!
6	- Version: 1.8.5
7	Author: Michele Marcucci, Helene Duncker
8	Author URI: http://www.michelem.org/
9	Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
	@@ -23,7 +23,7 @@ if (!defined('ABSPATH')) {
23	}
24	//wassup globals & constants
25	global $wp_version, $current_user, $user_level, $wassup_options;
26	- $wassupversion="1.8.5";
27	$wassup_cookie_value="";
28	$wdebug_mode=false; //turn on debugging (global)...Use cautiously! Will display errors from all plugins, not just WassUp
29	define('WASSUPDIR', dirname(__FILE__)); //new constant in v1.8
	@@ -206,7 +206,7 @@ function wassup_head() {
206	//print '<meta name="wassup-version" content="'.$wassupversion.'" />'."\n";
207	//add screen resolution javascript to blog header
208	if ($wscreen_res == "" && isset($_COOKIE['wassup_screen_res'])) {
209	- $wscreen_res = ~~attribute_escape~~(trim($_COOKIE['wassup_screen_res']));
210	if ($wscreen_res == "x") $wscreen_res = "";
211	}
212	if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {
	@@ -214,7 +214,7 @@ function wassup_head() {
214	$wscreen_res = str_replace('X',' x ',$_SERVER['HTTP_UA_PIXELS']);
215	}
216	if (empty($wscreen_res) && isset($_COOKIE['wassup'])) {
217	- $cookie_data = explode('::',~~attribute_escape~~(base64_decode(urldecode($_COOKIE['wassup']))));
218	$wscreen_res=(!empty($cookie_data[2]))?$cookie_data[2]:"";
219	}
220	//Get visitor's screen resolution using javascript and a cookie.
	@@ -575,7 +575,7 @@ echo "\n"; ?>
575	} elseif ($_GET['page'] == "wassup-spia") {
576	//## Filter detail lists by visitor type...
577	if (isset($_GET['spiatype'])) {
578	- $spytype = ~~attribute_escape~~($_GET['spiatype']);
579	$wassup_options->wassup_default_spy_type = $spytype;
580	$wassup_options->saveSettings(); //save changes
581	} elseif (isset($wassup_options->wassup_default_spy_type) && $wassup_options->wassup_default_spy_type != '') {
	@@ -815,9 +815,9 @@ function WassUp() {
815	$wassup_options->wassup_spam = $_POST['wassup_spam'];
816	$wassup_options->wassup_refspam = $_POST['wassup_refspam'];
817	$wassup_options->wassup_hack = $_POST['wassup_hack'];
818	- $wassup_options->wassup_exclude = ~~attribute_escape~~($_POST['wassup_exclude']);
819	- $wassup_options->wassup_exclude_url = ~~attribute_escape~~($_POST['wassup_exclude_url']);
820	- $wassup_options->wassup_exclude_user = ~~attribute_escape~~($_POST['wassup_exclude_user']);
821	$wassup_options->delete_auto = $_POST['delete_auto'];
822	if (isset($_POST['delete_filter'])) {
823	$wassup_options->delete_filter = $_POST['delete_filter'];
	@@ -855,7 +855,7 @@ function WassUp() {
855	"toppostid" => (isset($_POST['toppostid'])?$_POST['toppostid']:"0"),
856	"topreferrer_exclude" => $_POST['topreferrer_exclude'],
857	"top_nospider" => (isset($_POST['top_nospider'])?$_POST['top_nospider']:"0"));
858	- $wassup_options->wassup_top10 = ~~attribute_escape~~(serialize($top_ten));
859	$wassup_options->wassup_cache = (!empty($_POST['wassup_cache'])?"1":"0");
860	if ($wassup_options->saveSettings()) {
861	$admin_message = __("Wassup options updated successfully","wassup")."." ;
	@@ -1121,7 +1121,7 @@ function WassUp() {
1121	<span style="font-size:11px; text-align:right; float:right;"><?php _e('Spy items by','wassup'); ?>: <select name="navi" style="font-size: 11px;" onChange="window.location.href=this.options[this.selectedIndex].value;"><?php
1122	//## selectable filter by type of record (wassup_default_spy_type)
1123	if (isset($_GET['spiatype'])) {
1124	- $spytype = ~~attribute_escape~~($_GET['spiatype']);
1125	} elseif ($wassup_options->wassup_default_spy_type != '') {
1126	$spytype = $wassup_options->wassup_default_spy_type;
1127	} else {
	@@ -1195,7 +1195,7 @@ function WassUp() {
1195	$wassup_options->wip = "";
1196	} elseif ($_GET['wmark'] == 1 && isset($_GET['wip'])) {
1197	$wassup_options->wmark = "1";
1198	- $wassup_options->wip = ~~attribute_escape~~($_GET['wip']);
1199	}
1200	}
1201	$wassup_options->saveSettings();
	@@ -1232,7 +1232,7 @@ function WassUp() {
1232
1233	//## Filter detail lists by visitor type...
1234	if (isset($_GET['type'])) {
1235	- $wtype = ~~attribute_escape~~($_GET['type']);
1236	$stickyFilters.='&type='.$wtype;
1237	} else {
1238	$wtype = $wassup_options->wassup_default_type;
	@@ -1247,7 +1247,7 @@ function WassUp() {
1247	//# of items per page...
1248	$witems = 10; //default
1249	if (isset($_GET['limit']) && is_numeric($_GET['limit'])) {
1250	- //$witems = htmlentities(~~attribute_escape~~($_GET['limit']));
1251	$witems = (int)$_GET['limit'];
1252	} elseif ($wassup_options->wassup_default_limit != '') {
1253	$witems = $wassup_options->wassup_default_limit;
	@@ -1267,7 +1267,7 @@ function WassUp() {
1267
1268	//## Filter detail lists by a searched item
1269	if (!empty($_GET['search'])) {
1270	- $wsearch = ~~attribute_escape~~(strip_tags(html_entity_decode($_GET['search'])));
1271	$stickyFilters.='&search='.$wsearch;
1272	} else {
1273	$wsearch = "";
	@@ -1276,13 +1276,13 @@ function WassUp() {
1276	// DELETE EVERY RECORD MARKED BY IP
1277	//# Delete limited to selected date range only. -Helene D. 3/4/08.
1278	if (!empty($_GET['deleteMARKED']) && $wassup_options->wmark == "1" && !empty($_GET['dip'])) {
1279	- $del_count = $wpdb->get_var("SELECT COUNT(ip) as deleted FROM $wassup_table WHERE ip='".~~attribute_escape~~($_GET['dip'])."' AND `timestamp` BETWEEN $from_date AND $to_date");
1280	if (method_exists($wpdb,'prepare')) {
1281	$wpdb->query($wpdb->prepare("DELETE FROM $wassup_table WHERE ip='%s' AND `timestamp` BETWEEN %s AND %s", $_GET['dip'], $from_date, $to_date));
1282	} else {
1283	- $wpdb->query("DELETE FROM $wassup_table WHERE ip='".~~attribute_escape~~($_GET['dip'])."' AND `timestamp` BETWEEN $from_date AND $to_date");
1284	}
1285	- $rec_count = $wpdb->get_var("SELECT COUNT(ip) as deleted FROM $wassup_table WHERE ip='".~~attribute_escape~~($_GET['dip'])."' AND `timestamp` BETWEEN $from_date AND $to_date"); //double-check deletions
1286	$rec_deleted = ($del_count - $rec_count)." ".__('records deleted','wassup');
1287	$wassup_options->showMessage($rec_deleted);
1288	//echo '<p><strong>'.$rec_deleted.' '.__('records deleted','wassup').'</strong></p>';
	@@ -1338,10 +1338,10 @@ function WassUp() {
1338	<td align="left" width="25"><?php
1339	//chart options
1340	if ($wassup_options->wassup_chart == "1") { ?>
1341	- <a href="?<?php echo ~~attribute_escape~~($URLQuery.'&wchart=0'); ?>" style="text-decoration:none;">
1342	<img src="<?php echo WASSUPURL.'/img/chart_delete.png" style="padding:0px 6px 0 0;" alt="'.__('hide chart','wassup').'" title="'.__('Hide the chart','wassup'); ?>" /></a><?php
1343	} else { ?>
1344	- <a href="?<?php echo ~~attribute_escape~~($URLQuery.'&wchart=1'); ?>" style="text-decoration:none;">
1345	<img src="<?php echo WASSUPURL.'/img/chart_add.png" style="padding:0px 6px 0 0;" alt="'.__('show chart','wassup').'" title="'.__('Show the chart','wassup'); ?>" /></a><?php
1346	} ?></td>
1347	<td class="legend" align="left"><span class="separator">\|</span>
	@@ -1357,13 +1357,13 @@ function WassUp() {
1357	}
1358	_e('Details for the last','wassup'); ?>:
1359	<select style="font-size: 11px;" name="last" onChange="window.location.href=this.options[this.selectedIndex].value;"><?php
1360	- $optionargs="?".~~attribute_escape~~($new_last."&last=");
1361	$wassup_options->showFormOptions("wassup_time_period","$wlast","$optionargs"); ?>
1362	</select></td>
1363	<td class="legend" align="right"><?php _e('Items per page','wassup'); ?>: <select name="navi" style="font-size: 11px;" onChange="window.location.href=this.options[this.selectedIndex].value;"><?php
1364	//selectable filter by number of items on page (default_limit)
1365	if (isset($_GET['limit'])) {
1366	- $new_limit = ~~attribute_escape~~(str_replace("&limit=".$_GET['limit'], "", html_entity_decode($URLQuery)));
1367	} else {
1368	$new_limit = $URLQuery;
1369	}
	@@ -1428,7 +1428,7 @@ function WassUp() {
1428	echo '<br/>';
1429	// Marked items - Refresh
1430	if ($wassup_options->wmark == 1) {
1431	- echo '  <a href="?'.~~attribute_escape~~($URLQuery.'&search='.$wassup_options->wip).'" title="'.__('Filter by marked IP','wassup').'"> '.__('Show marked items','wassup').' (<strong>'.$markedtot.'</strong> '.__("total").')</a> ';
1432	} ?></td>
1433	<td align="right" class="legend">
1434	<a href="<?php echo wCleanURL(WASSUPURL.'/lib/action.php?action=topten&from_date='.$from_date.'&to_date='.$to_date.$action_param.'&width='.($res+250).'&height=440','','url');
	@@ -1473,7 +1473,7 @@ function WassUp() {
1473	}
1474	}
1475	echo "\n"; ?>
1476	- <input type="text" size="25" name="search" value="<?php if ($wsearch != "") print ~~attribute_escape~~($wsearch); ?>" /><input type="submit" name="submit-search" value="search" />
1477	</form>
1478	</div> <!-- /search-ip -->
1479	</td>
	@@ -1548,7 +1548,7 @@ function WassUp() {
1548	echo '</span>'; ?></li>
1549	<li><?php echo __("IP","wassup").': <span class="raw">'.$rk->ip.'</span>'; ?></li>
1550	<li><?php echo __("Hostname","wassup").': <span class="raw">'.$hostname.'</span>'; ?></li>
1551	- <li><?php echo __("Url Requested","wassup").': <span class="raw">'.~~attribute_escape~~(htmlspecialchars(html_entity_decode($rk->urlrequested))).'</span>'; ?></li><?php
1552	if (!empty($rk->url_wpid) && is_numeric($rk->url_wpid)) {
1553	$p_title=$wpdb->get_var("SELECT `post_title` from {$wpdb->prefix}posts WHERE `ID` = {$rk->url_wpid}");
1554	echo "\n"; ?>
	@@ -1556,13 +1556,13 @@ function WassUp() {
1556	<li style="text-indent:10px;"><?php echo __("Post/Page Title","wassup").': <span class="raw">'.$p_title.'</span>'; ?></li><?php
1557	}
1558	echo "\n"; ?>
1559	- <li><?php echo __("Referrer","wassup").': <span class="raw">'.~~attribute_escape~~(urldecode($rk->referrer)).'</span>'; ?></li><?php
1560	if ($rk->search != "") { ?>
1561	<li><?php echo __("Search Engine","wassup").': <span class="raw">'.$rk->searchengine.'</span>     ';
1562	echo __("Search","wassup").': <span class="raw">'.$rk->search.'</span>     ';
1563	echo __("Page","wassup").': <span class="raw">'.$rk->searchpage.'</span>';?></li><?php
1564	} ?>
1565	- <li><?php echo __("User Agent","wassup").': <span class="raw">'.strip_tags(~~attribute_escape~~(htmlspecialchars(html_entity_decode($rk->agent)))).'</span>'; ?></li><?php
1566	if (empty($rk->spider) \|\| $rk->browser != "") {
1567	echo "\n"; ?>
1568	<li><?php echo __("Browser","wassup").': <span class="raw">'.$rk->browser.'</span>'; ?></li>
	@@ -1603,11 +1603,11 @@ function WassUp() {
1603	<p class="delbut"><?php
1604	// Mark/Unmark IP
1605	if ($wassup_options->wmark == 1 AND $wassup_options->wip == $ip) { ?>
1606	- <a href="?<?php echo ~~attribute_escape~~($URLQuery.'&deleteMARKED=1&dip='.$ip); ?>" style="text-decoration:none;" class="deleteIP"><img class="delete-icon" src="<?php echo WASSUPURL.'/img/cross.png" alt="'.__('delete','wassup').'" title="'.__('Delete ALL marked records with this IP','wassup'); ?>" /></a>
1607	- <a href="?<?php echo ~~attribute_escape~~($URLQuery.'&wmark=0'); ?>" style="text-decoration:none;"><img class="unmark-icon" src="<?php echo WASSUPURL.'/img/error_delete.png" alt="'.__('unmark','wassup').'" title="'.__('UnMark IP','wassup'); ?>" /></a><?php
1608	} else { ?>
1609	<a href="#" class="deleteID" id="<?php echo $rk->wassup_id ?>" style="text-decoration:none;"><img class="delete-icon" src="<?php echo WASSUPURL.'/img/b_delete.png" alt="'.__('delete','wassup').'" title="'.__('Delete this record','wassup'); ?>" /></a>
1610	- <a href="?<?php echo ~~attribute_escape~~($URLQuery.'&wmark=1&wip='.$ip); ?>" style="text-decoration:none;"><img class="mark-icon" src="<?php echo WASSUPURL.'/img/error_add.png" alt="'.__('mark','wassup').'" title="'.__('Mark IP','wassup'); ?>" /></a><?php
1611	} ?>
1612	<a href="#TB_inline?height=400&width=<?php echo $res.'&inlineId='.$raw_div; ?>" class="thickbox"><img class="table-icon" src="<?php echo WASSUPURL.'/img/b_select.png" alt="'.__('show raw table','wassup').'" title="'.__('Show the items as raw table','wassup'); ?>" /></a>
1613	</p>
	@@ -1772,7 +1772,7 @@ function WassUp() {
1772	} ?>
1773	</div><!-- /main-tabs --><?php
1774	// Print Google chart last to speed up detail display
1775	- if (!empty($wassup_options->wassup_chart) \|\| (!empty($_GET['chart']) && "1" == ~~attribute_escape~~($_GET['chart']))) {
1776	$chart_type = ($wassup_options->wassup_chart_type >0)? $wassup_options->wassup_chart_type: "2";
1777	//show Google!Charts image
1778	if ($wpagestot > 12) {
	@@ -1801,7 +1801,7 @@ function WassUp() {
1801
1802	// End calculating execution time of script
1803	$totaltime = sprintf("%8.8s",(microtime_float() - $starttime)); ?>
1804	- <p><small>WassUp ver: <?php echo $wassupversion.' <span class="separator">\|</span> '.__("Check the official","wassup").' <a href="http://www.wpwp.org" target="_BLANK">WassUp</a> '.__("page for updates, bug reports and your hints to improve it","wassup").' <span class="separator">\|</span> <a href="~~http~~://~~trac~~.~~wpwp.~~org/~~wiki~~/~~Documentation~~" title="Wassup '.__("~~User Guide documentation~~","wassup").'">Wassup '.__("~~User Guide documentation~~","wassup").'</a>'; ?>
1805	<nobr><span class="separator">\|</span> <?php echo __('Exec time','wassup').": $totaltime"; ?></nobr></small></p>
1806	<?php
1807	if ($wdebug_mode) {
	@@ -1845,7 +1845,7 @@ function wassupPrepend() {
1845	//#visitor tracking with "cookie"...
1846	if (isset($_COOKIE['wassup'])) {
1847	$wassup_cookie_value = $_COOKIE['wassup'];
1848	- $cookie_data = explode('::',~~attribute_escape~~(base64_decode(urldecode($_COOKIE['wassup']))));
1849	$wassup_id = $cookie_data[0];
1850	if (!empty($cookie_data[1])) {
1851	$wassup_timer = $cookie_data[1];
	@@ -1866,7 +1866,7 @@ function wassupPrepend() {
1866	//set screen resolution value from cookie or browser header data, if any
1867	if (empty($wscreen_res)) {
1868	if (isset($_COOKIE['wassup_screen_res'])) {
1869	- $wscreen_res = ~~attribute_escape~~(trim($_COOKIE['wassup_screen_res']));
1870	if ($wscreen_res == "x") $wscreen_res="";
1871	}
1872	if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {
	@@ -2143,7 +2143,7 @@ function wassupAppend() {
2143	$wassup_cookie_value = $_COOKIE['wassup'];
2144	}
2145	if (!empty($wassup_cookie_value)) {
2146	- $cookie_data = ~~attribute_escape~~(base64_decode(urldecode($wassup_cookie_value)));
2147	$wassup_cookie = explode('::',$cookie_data);
2148	$wassup_id = $wassup_cookie[0];
2149	if (!empty($wassup_cookie[2])) {
	@@ -2159,12 +2159,12 @@ function wassupAppend() {
2159	//### set screen resolution value from cookie or browser header data, if any
2160	if (empty($wscreen_res)) {
2161	if (isset($_COOKIE['wassup_screen_res'])) {
2162	- $wscreen_res = ~~attribute_escape~~(trim($_COOKIE['wassup_screen_res']));
2163	if ($wscreen_res == "x") $wscreen_res = "";
2164	}
2165	if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {
2166	//resolution in IE/IEMobile header sometimes
2167	- $wscreen_res = str_replace('X',' x ',~~attribute_escape~~($_SERVER['HTTP_UA_PIXELS']));
2168	}
2169	}
2170	//#### Get the visitor's details from http header...
	@@ -2221,7 +2221,7 @@ function wassupAppend() {
2221	if (strlen($userAgent) > 255) {
2222	$userAgent=substr(str_replace(array(' ','%20%20','++'),array(' ','%20','+'),$userAgent),0,255);
2223	}
2224	- $language = (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? ~~attribute_escape~~($_SERVER['HTTP_ACCEPT_LANGUAGE']) : '');
2225	$comment_user = (isset($_COOKIE['comment_author_'.COOKIEHASH]) ? utf8_encode($_COOKIE['comment_author_'.COOKIEHASH]) : '');
2226
2227	//### Additional recording exclusion controls...
	@@ -2863,10 +2863,10 @@ function wSanitizeData($var, $quotes=false) {
2863	if (strstr($varstr, '://')!==false) {
2864	$varstr = clean_url($var,'','db');
2865	if (empty($varstr)) { //oops, clean_url chomp
2866	- $varstr = ~~attribute_escape~~(stripslashes($var));
2867	}
2868	} else {
2869	- $varstr = ~~attribute_escape~~($varstr);
2870	}
2871	if ($quotes) {
2872	$var = "'". $varstr ."'";
	@@ -3112,7 +3112,7 @@ function wGetSE($referrer = null){
3112	$n = strpos($match[1],$blogurl);
3113	if ($n !== false) {
3114	//blogurl in search phrase: cache of own site
3115	- $search_phrase = ~~attribute_escape~~(urldecode(substr($match[1],$n+strlen($blogurl))));
3116	$svariables = wGetQueryPairs($referrer);
3117	} elseif (strpos($referrer,$blogurl)!==false && preg_match('/\&prev\=([^&]+)/',$referrer,$match)!==false) {
3118	//NOTE: 'prev=' requires html_entity_decode to show [&?] in url substring
	@@ -3127,7 +3127,7 @@ function wGetSE($referrer = null){
3127	if ($nome == "Google" && strstr($referrer,'/m/search?')!==false) {
3128	$nome = "Google Mobile";
3129	}
3130	- $search_phrase = ~~attribute_escape~~(urldecode($match[1]));
3131	$svariables = wGetQueryPairs($referrer);
3132	}
3133	//retrieve search engine parameters
	@@ -3135,17 +3135,17 @@ function wGetSE($referrer = null){
3135	while($i--){
3136	$tab=explode("=",$svariables[$i]);
3137	if($tab[0] == $key && empty($search_phrase)){
3138	- $search_phrase=~~attribute_escape~~($tab[1]);
3139	} else {
3140	if (!empty($page) && $page == $tab[0] && is_numeric($tab[1])) {
3141	$searchpage = $tab[1];
3142	}
3143	if (!empty($lang) && $lang == $tab[0]) {
3144	- $searchlang = ~~attribute_escape~~($tab[1]);
3145	}
3146	//Indentify locale via Google search's new parameter, 'gl'
3147	if (strstr($nome,'Google')!==false && $tab[0] == "gl" && !empty($tab[1])) {
3148	- $selocale = ~~attribute_escape~~($tab[1]);
3149	}
3150	}
3151	} //end while
	@@ -3792,7 +3792,7 @@ function wGetLocale($language="",$hostname="",$referrer="") {
3792	*/
3793	function wGetSpamRef($referrer,$hostname="") {
3794	global $wdebug_mode;
3795	- $referrer=~~attribute_escape~~(strip_tags(str_replace(" ","",html_entity_decode($referrer))));
3796	$badhost=false;
3797	//$key = null;
3798	$referrer_host = "";
	@@ -4339,7 +4339,7 @@ function wassup_widget($wargs) {
4339
4340	// Widget Latest Searches
4341	if ($wassup_settings['wassup_widget_search'] == 1) {
4342	- $query_det = $wpdb->get_results("SELECT search, referrer FROM $table_tmp_name WHERE search!='' GROUP BY search ORDER BY `timestamp` DESC LIMIT ".~~attribute_escape~~($searchlimit)."");
4343	if (count($query_det) > 0) {
4344	print "$before_title ".__('Last searched terms','wassup')." $after_title";
4345	print "<ul class='$ulclass'>";
	@@ -4352,7 +4352,7 @@ function wassup_widget($wargs) {
4352
4353	// Widget Latest Referers
4354	if ($wassup_settings['wassup_widget_ref'] == 1) {
4355	- $query_ref = $wpdb->get_results("SELECT referrer FROM $table_tmp_name WHERE searchengine='' AND referrer!='' AND referrer NOT LIKE '$wpurl%' GROUP BY referrer ORDER BY `timestamp` DESC LIMIT ".~~attribute_escape~~($reflimit)."");
4356	if (count($query_ref) > 0) {
4357	print "$before_title ".__('Last referers','wassup')." $after_title";
4358	print "<ul class='$ulclass'>";
	@@ -4367,7 +4367,7 @@ function wassup_widget($wargs) {
4367	// Widget TOP Browsers
4368	if ($wassup_settings['wassup_widget_topbr'] == 1) {
4369	$top_period = "'`timestamp` > $wstart'"; //one month
4370	- $top_limit = ~~attribute_escape~~($topbrlimit);
4371	$top_results = wGetStats("browser",$top_limit,$top_period);
4372	if (count($top_results) > 0) {
4373	print "$before_title ".__('Top Browsers','wassup')." $after_title";
	@@ -4382,7 +4382,7 @@ function wassup_widget($wargs) {
4382	// Widget TOP OSes
4383	if ($wassup_settings['wassup_widget_topos'] == 1) {
4384	$top_period = "'`timestamp` > $wstart'"; //one month
4385	- $top_limit = ~~attribute_escape~~($toposlimit);
4386	$top_results = wGetStats("os",$top_limit,$top_period);
4387	if (count($top_results) > 0) {
4388	print "$before_title ".__('Top OS','wassup')." $after_title";
	@@ -4428,8 +4428,8 @@ function wassup_widget($wargs) {
4428
4429	//save widget form input
4430	if (isset($_POST['wassup-submit'])) {
4431	- $wassup_settings['wassup_widget_title'] = ~~attribute_escape~~($_POST['widget_title']);
4432	- $wassup_settings['wassup_widget_ulclass'] = ~~attribute_escape~~($_POST['widget_ulclass']);
4433	if (is_numeric($_POST['widget_chars'])) {
4434	$wassup_settings['wassup_widget_chars'] = $_POST['widget_chars'];
4435	}
	@@ -4467,8 +4467,8 @@ function wassup_widget($wargs) {
4467	} //end if _POST[submit]
4468
4469	//widget selection form
4470	- $title = (isset($wassup_settings['wassup_widget_title']))? ~~attribute_escape~~($wassup_settings['wassup_widget_title']): "Visitors Online";
4471	- $ulclass = (isset($wassup_settings['wassup_widget_ulclass']))? ~~attribute_escape~~($wassup_settings['wassup_widget_ulclass']): "links";
4472	$chars = (!empty($wassup_settings['wassup_widget_chars'])) ? (int) $wassup_settings['wassup_widget_chars']: 18;
4473	$searchlimit = (!empty($wassup_settings['wassup_widget_searchlimit'])) ? (int)$wassup_settings['wassup_widget_searchlimit']: 5;
4474	$reflimit = (!empty($wassup_settings['wassup_widget_reflimit'])) ? (int)$wassup_settings['wassup_widget_reflimit']: 5;
	@@ -4597,7 +4597,7 @@ function wassup_sidebar($before_widget='', $after_widget='', $before_title='', $
4597	print "$before_title Last searched terms $after_title";
4598	print "<ul class='$ulclass'>";
4599	foreach ($query_det as $sref) {
4600	- print "<li>- <a href='".~~attribute_escape~~($sref->referrer)."' target='_blank' rel='nofollow'>".stringShortener(~~attribute_escape~~($sref->search), $chars)."</a></li>";
4601	}
4602	print "</ul>";
4603	}
	@@ -4609,7 +4609,7 @@ function wassup_sidebar($before_widget='', $after_widget='', $before_title='', $
4609	print "$before_title Last referers $after_title";
4610	print "<ul class='$ulclass'>";
4611	foreach ($query_ref as $eref) {
4612	- print "<li>- <a href='".~~attribute_escape~~($eref->referrer)."' target='_blank' rel='nofollow'>".stringShortener(preg_replace("#https?://#", "", ~~attribute_escape~~($eref->referrer)), $chars)."</a></li>";
4613	}
4614	print "</ul>";
4615	}
	@@ -4618,7 +4618,7 @@ function wassup_sidebar($before_widget='', $after_widget='', $before_title='', $
4618	$wstart = (int)(current_time('timestamp') - 30.4*86400); //1 month in seconds
4619	if ($wtopbr == 1) {
4620	$top_period = "'`timestamp` > $wstart'"; //one month
4621	- $top_limit = ~~attribute_escape~~($topbrlimit);
4622	$top_results = wGetStats("browser",$top_limit,$top_period);
4623	if (count($top_results) > 0) {
4624	print "$before_title ".__('Top Browsers','wassup')." $after_title";
	@@ -4632,7 +4632,7 @@ function wassup_sidebar($before_widget='', $after_widget='', $before_title='', $
4632
4633	if ($wtopos == 1) {
4634	$top_period = "'`timestamp` > $wstart'"; //one month
4635	- $top_limit = ~~attribute_escape~~($toposlimit);
4636	$top_results = wGetStats("os",$top_limit,$top_period);
4637	if (count($top_results) > 0) {
4638	print "$before_title ".__('Top OS','wassup')." $after_title";


3	Plugin Name: WassUp Real Time Analytics
4	Plugin URI: http://www.wpwp.org
5	Description: Analyze your visitors traffic with real-time stats, charts, and a lot of chronological information. Includes a sidebar widget of current online visitors and other statistics and an admin dashboard widget with chart. For Wordpress 2.2 or higher. Caution: don't upgrade when your site is busy!
6	+ Version: 1.8.6
7	Author: Michele Marcucci, Helene Duncker
8	Author URI: http://www.michelem.org/
9	Disclaimer: Use at your own risk. No warranty expressed or implied is provided.

23	}
24	//wassup globals & constants
25	global $wp_version, $current_user, $user_level, $wassup_options;
26	+ $wassupversion="1.8.6";
27	$wassup_cookie_value="";
28	$wdebug_mode=false; //turn on debugging (global)...Use cautiously! Will display errors from all plugins, not just WassUp
29	define('WASSUPDIR', dirname(__FILE__)); //new constant in v1.8

206	//print '<meta name="wassup-version" content="'.$wassupversion.'" />'."\n";
207	//add screen resolution javascript to blog header
208	if ($wscreen_res == "" && isset($_COOKIE['wassup_screen_res'])) {
209	+ $wscreen_res = esc_attr(trim($_COOKIE['wassup_screen_res']));
210	if ($wscreen_res == "x") $wscreen_res = "";
211	}
212	if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {

214	$wscreen_res = str_replace('X',' x ',$_SERVER['HTTP_UA_PIXELS']);
215	}
216	if (empty($wscreen_res) && isset($_COOKIE['wassup'])) {
217	+ $cookie_data = explode('::',esc_attr(base64_decode(urldecode($_COOKIE['wassup']))));
218	$wscreen_res=(!empty($cookie_data[2]))?$cookie_data[2]:"";
219	}
220	//Get visitor's screen resolution using javascript and a cookie.

575	} elseif ($_GET['page'] == "wassup-spia") {
576	//## Filter detail lists by visitor type...
577	if (isset($_GET['spiatype'])) {
578	+ $spytype = esc_attr($_GET['spiatype']);
579	$wassup_options->wassup_default_spy_type = $spytype;
580	$wassup_options->saveSettings(); //save changes
581	} elseif (isset($wassup_options->wassup_default_spy_type) && $wassup_options->wassup_default_spy_type != '') {

815	$wassup_options->wassup_spam = $_POST['wassup_spam'];
816	$wassup_options->wassup_refspam = $_POST['wassup_refspam'];
817	$wassup_options->wassup_hack = $_POST['wassup_hack'];
818	+ $wassup_options->wassup_exclude = esc_attr($_POST['wassup_exclude']);
819	+ $wassup_options->wassup_exclude_url = esc_attr($_POST['wassup_exclude_url']);
820	+ $wassup_options->wassup_exclude_user = esc_attr($_POST['wassup_exclude_user']);
821	$wassup_options->delete_auto = $_POST['delete_auto'];
822	if (isset($_POST['delete_filter'])) {
823	$wassup_options->delete_filter = $_POST['delete_filter'];

855	"toppostid" => (isset($_POST['toppostid'])?$_POST['toppostid']:"0"),
856	"topreferrer_exclude" => $_POST['topreferrer_exclude'],
857	"top_nospider" => (isset($_POST['top_nospider'])?$_POST['top_nospider']:"0"));
858	+ $wassup_options->wassup_top10 = esc_attr(serialize($top_ten));
859	$wassup_options->wassup_cache = (!empty($_POST['wassup_cache'])?"1":"0");
860	if ($wassup_options->saveSettings()) {
861	$admin_message = __("Wassup options updated successfully","wassup")."." ;

1121	<span style="font-size:11px; text-align:right; float:right;"><?php _e('Spy items by','wassup'); ?>: <select name="navi" style="font-size: 11px;" onChange="window.location.href=this.options[this.selectedIndex].value;"><?php
1122	//## selectable filter by type of record (wassup_default_spy_type)
1123	if (isset($_GET['spiatype'])) {
1124	+ $spytype = esc_attr($_GET['spiatype']);
1125	} elseif ($wassup_options->wassup_default_spy_type != '') {
1126	$spytype = $wassup_options->wassup_default_spy_type;
1127	} else {

1195	$wassup_options->wip = "";
1196	} elseif ($_GET['wmark'] == 1 && isset($_GET['wip'])) {
1197	$wassup_options->wmark = "1";
1198	+ $wassup_options->wip = esc_attr($_GET['wip']);
1199	}
1200	}
1201	$wassup_options->saveSettings();

1232
1233	//## Filter detail lists by visitor type...
1234	if (isset($_GET['type'])) {
1235	+ $wtype = esc_attr($_GET['type']);
1236	$stickyFilters.='&type='.$wtype;
1237	} else {
1238	$wtype = $wassup_options->wassup_default_type;

1247	//# of items per page...
1248	$witems = 10; //default
1249	if (isset($_GET['limit']) && is_numeric($_GET['limit'])) {
1250	+ //$witems = htmlentities(esc_attr($_GET['limit']));
1251	$witems = (int)$_GET['limit'];
1252	} elseif ($wassup_options->wassup_default_limit != '') {
1253	$witems = $wassup_options->wassup_default_limit;

1267
1268	//## Filter detail lists by a searched item
1269	if (!empty($_GET['search'])) {
1270	+ $wsearch = esc_attr(strip_tags(html_entity_decode($_GET['search'])));
1271	$stickyFilters.='&search='.$wsearch;
1272	} else {
1273	$wsearch = "";

1276	// DELETE EVERY RECORD MARKED BY IP
1277	//# Delete limited to selected date range only. -Helene D. 3/4/08.
1278	if (!empty($_GET['deleteMARKED']) && $wassup_options->wmark == "1" && !empty($_GET['dip'])) {
1279	+ $del_count = $wpdb->get_var("SELECT COUNT(ip) as deleted FROM $wassup_table WHERE ip='".esc_attr($_GET['dip'])."' AND `timestamp` BETWEEN $from_date AND $to_date");
1280	if (method_exists($wpdb,'prepare')) {
1281	$wpdb->query($wpdb->prepare("DELETE FROM $wassup_table WHERE ip='%s' AND `timestamp` BETWEEN %s AND %s", $_GET['dip'], $from_date, $to_date));
1282	} else {
1283	+ $wpdb->query("DELETE FROM $wassup_table WHERE ip='".esc_attr($_GET['dip'])."' AND `timestamp` BETWEEN $from_date AND $to_date");
1284	}
1285	+ $rec_count = $wpdb->get_var("SELECT COUNT(ip) as deleted FROM $wassup_table WHERE ip='".esc_attr($_GET['dip'])."' AND `timestamp` BETWEEN $from_date AND $to_date"); //double-check deletions
1286	$rec_deleted = ($del_count - $rec_count)." ".__('records deleted','wassup');
1287	$wassup_options->showMessage($rec_deleted);
1288	//echo '<p><strong>'.$rec_deleted.' '.__('records deleted','wassup').'</strong></p>';

1338	<td align="left" width="25"><?php
1339	//chart options
1340	if ($wassup_options->wassup_chart == "1") { ?>
1341	+ <a href="?<?php echo esc_attr($URLQuery.'&wchart=0'); ?>" style="text-decoration:none;">
1342	<img src="<?php echo WASSUPURL.'/img/chart_delete.png" style="padding:0px 6px 0 0;" alt="'.__('hide chart','wassup').'" title="'.__('Hide the chart','wassup'); ?>" /></a><?php
1343	} else { ?>
1344	+ <a href="?<?php echo esc_attr($URLQuery.'&wchart=1'); ?>" style="text-decoration:none;">
1345	<img src="<?php echo WASSUPURL.'/img/chart_add.png" style="padding:0px 6px 0 0;" alt="'.__('show chart','wassup').'" title="'.__('Show the chart','wassup'); ?>" /></a><?php
1346	} ?></td>
1347	<td class="legend" align="left"><span class="separator">\|</span>

1357	}
1358	_e('Details for the last','wassup'); ?>:
1359	<select style="font-size: 11px;" name="last" onChange="window.location.href=this.options[this.selectedIndex].value;"><?php
1360	+ $optionargs="?".esc_attr($new_last."&last=");
1361	$wassup_options->showFormOptions("wassup_time_period","$wlast","$optionargs"); ?>
1362	</select></td>
1363	<td class="legend" align="right"><?php _e('Items per page','wassup'); ?>: <select name="navi" style="font-size: 11px;" onChange="window.location.href=this.options[this.selectedIndex].value;"><?php
1364	//selectable filter by number of items on page (default_limit)
1365	if (isset($_GET['limit'])) {
1366	+ $new_limit = esc_attr(str_replace("&limit=".$_GET['limit'], "", html_entity_decode($URLQuery)));
1367	} else {
1368	$new_limit = $URLQuery;
1369	}

1428	echo '<br/>';
1429	// Marked items - Refresh
1430	if ($wassup_options->wmark == 1) {
1431	+ echo '  <a href="?'.esc_attr($URLQuery.'&search='.$wassup_options->wip).'" title="'.__('Filter by marked IP','wassup').'"> '.__('Show marked items','wassup').' (<strong>'.$markedtot.'</strong> '.__("total").')</a> ';
1432	} ?></td>
1433	<td align="right" class="legend">
1434	<a href="<?php echo wCleanURL(WASSUPURL.'/lib/action.php?action=topten&from_date='.$from_date.'&to_date='.$to_date.$action_param.'&width='.($res+250).'&height=440','','url');

1473	}
1474	}
1475	echo "\n"; ?>
1476	+ <input type="text" size="25" name="search" value="<?php if ($wsearch != "") print esc_attr($wsearch); ?>" /><input type="submit" name="submit-search" value="search" />
1477	</form>
1478	</div> <!-- /search-ip -->
1479	</td>

1548	echo '</span>'; ?></li>
1549	<li><?php echo __("IP","wassup").': <span class="raw">'.$rk->ip.'</span>'; ?></li>
1550	<li><?php echo __("Hostname","wassup").': <span class="raw">'.$hostname.'</span>'; ?></li>
1551	+ <li><?php echo __("Url Requested","wassup").': <span class="raw">'.esc_attr(htmlspecialchars(html_entity_decode($rk->urlrequested))).'</span>'; ?></li><?php
1552	if (!empty($rk->url_wpid) && is_numeric($rk->url_wpid)) {
1553	$p_title=$wpdb->get_var("SELECT `post_title` from {$wpdb->prefix}posts WHERE `ID` = {$rk->url_wpid}");
1554	echo "\n"; ?>

1556	<li style="text-indent:10px;"><?php echo __("Post/Page Title","wassup").': <span class="raw">'.$p_title.'</span>'; ?></li><?php
1557	}
1558	echo "\n"; ?>
1559	+ <li><?php echo __("Referrer","wassup").': <span class="raw">'.esc_attr(urldecode($rk->referrer)).'</span>'; ?></li><?php
1560	if ($rk->search != "") { ?>
1561	<li><?php echo __("Search Engine","wassup").': <span class="raw">'.$rk->searchengine.'</span>     ';
1562	echo __("Search","wassup").': <span class="raw">'.$rk->search.'</span>     ';
1563	echo __("Page","wassup").': <span class="raw">'.$rk->searchpage.'</span>';?></li><?php
1564	} ?>
1565	+ <li><?php echo __("User Agent","wassup").': <span class="raw">'.strip_tags(esc_attr(htmlspecialchars(html_entity_decode($rk->agent)))).'</span>'; ?></li><?php
1566	if (empty($rk->spider) \|\| $rk->browser != "") {
1567	echo "\n"; ?>
1568	<li><?php echo __("Browser","wassup").': <span class="raw">'.$rk->browser.'</span>'; ?></li>

1603	<p class="delbut"><?php
1604	// Mark/Unmark IP
1605	if ($wassup_options->wmark == 1 AND $wassup_options->wip == $ip) { ?>
1606	+ <a href="?<?php echo esc_attr($URLQuery.'&deleteMARKED=1&dip='.$ip); ?>" style="text-decoration:none;" class="deleteIP"><img class="delete-icon" src="<?php echo WASSUPURL.'/img/cross.png" alt="'.__('delete','wassup').'" title="'.__('Delete ALL marked records with this IP','wassup'); ?>" /></a>
1607	+ <a href="?<?php echo esc_attr($URLQuery.'&wmark=0'); ?>" style="text-decoration:none;"><img class="unmark-icon" src="<?php echo WASSUPURL.'/img/error_delete.png" alt="'.__('unmark','wassup').'" title="'.__('UnMark IP','wassup'); ?>" /></a><?php
1608	} else { ?>
1609	<a href="#" class="deleteID" id="<?php echo $rk->wassup_id ?>" style="text-decoration:none;"><img class="delete-icon" src="<?php echo WASSUPURL.'/img/b_delete.png" alt="'.__('delete','wassup').'" title="'.__('Delete this record','wassup'); ?>" /></a>
1610	+ <a href="?<?php echo esc_attr($URLQuery.'&wmark=1&wip='.$ip); ?>" style="text-decoration:none;"><img class="mark-icon" src="<?php echo WASSUPURL.'/img/error_add.png" alt="'.__('mark','wassup').'" title="'.__('Mark IP','wassup'); ?>" /></a><?php
1611	} ?>
1612	<a href="#TB_inline?height=400&width=<?php echo $res.'&inlineId='.$raw_div; ?>" class="thickbox"><img class="table-icon" src="<?php echo WASSUPURL.'/img/b_select.png" alt="'.__('show raw table','wassup').'" title="'.__('Show the items as raw table','wassup'); ?>" /></a>
1613	</p>

1772	} ?>
1773	</div><!-- /main-tabs --><?php
1774	// Print Google chart last to speed up detail display
1775	+ if (!empty($wassup_options->wassup_chart) \|\| (!empty($_GET['chart']) && "1" == esc_attr($_GET['chart']))) {
1776	$chart_type = ($wassup_options->wassup_chart_type >0)? $wassup_options->wassup_chart_type: "2";
1777	//show Google!Charts image
1778	if ($wpagestot > 12) {

1801
1802	// End calculating execution time of script
1803	$totaltime = sprintf("%8.8s",(microtime_float() - $starttime)); ?>
1804	+ <p><small><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=UTFCNoCuAn8Dt6vDH8s5ZXR9EPx-P8fULroeYfaoaLsKopd57Xy_XSxGaoe&dispatch=5885d80a13c0db1f8e263663d3faee8d66f31424b43e9a70645c907a6cbd8fb4" title="Donate">Donation are really welcome</a> \| WassUp ver: <?php echo $wassupversion.' <span class="separator">\|</span> '.__("Check the official","wassup").' <a href="http://www.wpwp.org" target="_BLANK">WassUp</a> '.__("page for updates, bug reports and your hints to improve it","wassup").' <span class="separator">\|</span> <a href="https://wordpress.org/support/plugin/wassup" title="Wassup '.__("Support","wassup").'">Wassup '.__("Support","wassup").'</a>'; ?>
1805	<nobr><span class="separator">\|</span> <?php echo __('Exec time','wassup').": $totaltime"; ?></nobr></small></p>
1806	<?php
1807	if ($wdebug_mode) {

1845	//#visitor tracking with "cookie"...
1846	if (isset($_COOKIE['wassup'])) {
1847	$wassup_cookie_value = $_COOKIE['wassup'];
1848	+ $cookie_data = explode('::',esc_attr(base64_decode(urldecode($_COOKIE['wassup']))));
1849	$wassup_id = $cookie_data[0];
1850	if (!empty($cookie_data[1])) {
1851	$wassup_timer = $cookie_data[1];

1866	//set screen resolution value from cookie or browser header data, if any
1867	if (empty($wscreen_res)) {
1868	if (isset($_COOKIE['wassup_screen_res'])) {
1869	+ $wscreen_res = esc_attr(trim($_COOKIE['wassup_screen_res']));
1870	if ($wscreen_res == "x") $wscreen_res="";
1871	}
1872	if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {

2143	$wassup_cookie_value = $_COOKIE['wassup'];
2144	}
2145	if (!empty($wassup_cookie_value)) {
2146	+ $cookie_data = esc_attr(base64_decode(urldecode($wassup_cookie_value)));
2147	$wassup_cookie = explode('::',$cookie_data);
2148	$wassup_id = $wassup_cookie[0];
2149	if (!empty($wassup_cookie[2])) {

2159	//### set screen resolution value from cookie or browser header data, if any
2160	if (empty($wscreen_res)) {
2161	if (isset($_COOKIE['wassup_screen_res'])) {
2162	+ $wscreen_res = esc_attr(trim($_COOKIE['wassup_screen_res']));
2163	if ($wscreen_res == "x") $wscreen_res = "";
2164	}
2165	if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {
2166	//resolution in IE/IEMobile header sometimes
2167	+ $wscreen_res = str_replace('X',' x ',esc_attr($_SERVER['HTTP_UA_PIXELS']));
2168	}
2169	}
2170	//#### Get the visitor's details from http header...

2221	if (strlen($userAgent) > 255) {
2222	$userAgent=substr(str_replace(array(' ','%20%20','++'),array(' ','%20','+'),$userAgent),0,255);
2223	}
2224	+ $language = (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? esc_attr($_SERVER['HTTP_ACCEPT_LANGUAGE']) : '');
2225	$comment_user = (isset($_COOKIE['comment_author_'.COOKIEHASH]) ? utf8_encode($_COOKIE['comment_author_'.COOKIEHASH]) : '');
2226
2227	//### Additional recording exclusion controls...

2863	if (strstr($varstr, '://')!==false) {
2864	$varstr = clean_url($var,'','db');
2865	if (empty($varstr)) { //oops, clean_url chomp
2866	+ $varstr = esc_attr(stripslashes($var));
2867	}
2868	} else {
2869	+ $varstr = esc_attr($varstr);
2870	}
2871	if ($quotes) {
2872	$var = "'". $varstr ."'";

3112	$n = strpos($match[1],$blogurl);
3113	if ($n !== false) {
3114	//blogurl in search phrase: cache of own site
3115	+ $search_phrase = esc_attr(urldecode(substr($match[1],$n+strlen($blogurl))));
3116	$svariables = wGetQueryPairs($referrer);
3117	} elseif (strpos($referrer,$blogurl)!==false && preg_match('/\&prev\=([^&]+)/',$referrer,$match)!==false) {
3118	//NOTE: 'prev=' requires html_entity_decode to show [&?] in url substring

3127	if ($nome == "Google" && strstr($referrer,'/m/search?')!==false) {
3128	$nome = "Google Mobile";
3129	}
3130	+ $search_phrase = esc_attr(urldecode($match[1]));
3131	$svariables = wGetQueryPairs($referrer);
3132	}
3133	//retrieve search engine parameters

3135	while($i--){
3136	$tab=explode("=",$svariables[$i]);
3137	if($tab[0] == $key && empty($search_phrase)){
3138	+ $search_phrase=esc_attr($tab[1]);
3139	} else {
3140	if (!empty($page) && $page == $tab[0] && is_numeric($tab[1])) {
3141	$searchpage = $tab[1];
3142	}
3143	if (!empty($lang) && $lang == $tab[0]) {
3144	+ $searchlang = esc_attr($tab[1]);
3145	}
3146	//Indentify locale via Google search's new parameter, 'gl'
3147	if (strstr($nome,'Google')!==false && $tab[0] == "gl" && !empty($tab[1])) {
3148	+ $selocale = esc_attr($tab[1]);
3149	}
3150	}
3151	} //end while

3792	*/
3793	function wGetSpamRef($referrer,$hostname="") {
3794	global $wdebug_mode;
3795	+ $referrer=esc_attr(strip_tags(str_replace(" ","",html_entity_decode($referrer))));
3796	$badhost=false;
3797	//$key = null;
3798	$referrer_host = "";

4339
4340	// Widget Latest Searches
4341	if ($wassup_settings['wassup_widget_search'] == 1) {
4342	+ $query_det = $wpdb->get_results("SELECT search, referrer FROM $table_tmp_name WHERE search!='' GROUP BY search ORDER BY `timestamp` DESC LIMIT ".esc_attr($searchlimit)."");
4343	if (count($query_det) > 0) {
4344	print "$before_title ".__('Last searched terms','wassup')." $after_title";
4345	print "<ul class='$ulclass'>";

4352
4353	// Widget Latest Referers
4354	if ($wassup_settings['wassup_widget_ref'] == 1) {
4355	+ $query_ref = $wpdb->get_results("SELECT referrer FROM $table_tmp_name WHERE searchengine='' AND referrer!='' AND referrer NOT LIKE '$wpurl%' GROUP BY referrer ORDER BY `timestamp` DESC LIMIT ".esc_attr($reflimit)."");
4356	if (count($query_ref) > 0) {
4357	print "$before_title ".__('Last referers','wassup')." $after_title";
4358	print "<ul class='$ulclass'>";

4367	// Widget TOP Browsers
4368	if ($wassup_settings['wassup_widget_topbr'] == 1) {
4369	$top_period = "'`timestamp` > $wstart'"; //one month
4370	+ $top_limit = esc_attr($topbrlimit);
4371	$top_results = wGetStats("browser",$top_limit,$top_period);
4372	if (count($top_results) > 0) {
4373	print "$before_title ".__('Top Browsers','wassup')." $after_title";

4382	// Widget TOP OSes
4383	if ($wassup_settings['wassup_widget_topos'] == 1) {
4384	$top_period = "'`timestamp` > $wstart'"; //one month
4385	+ $top_limit = esc_attr($toposlimit);
4386	$top_results = wGetStats("os",$top_limit,$top_period);
4387	if (count($top_results) > 0) {
4388	print "$before_title ".__('Top OS','wassup')." $after_title";

4428
4429	//save widget form input
4430	if (isset($_POST['wassup-submit'])) {
4431	+ $wassup_settings['wassup_widget_title'] = esc_attr($_POST['widget_title']);
4432	+ $wassup_settings['wassup_widget_ulclass'] = esc_attr($_POST['widget_ulclass']);
4433	if (is_numeric($_POST['widget_chars'])) {
4434	$wassup_settings['wassup_widget_chars'] = $_POST['widget_chars'];
4435	}

4467	} //end if _POST[submit]
4468
4469	//widget selection form
4470	+ $title = (isset($wassup_settings['wassup_widget_title']))? esc_attr($wassup_settings['wassup_widget_title']): "Visitors Online";
4471	+ $ulclass = (isset($wassup_settings['wassup_widget_ulclass']))? esc_attr($wassup_settings['wassup_widget_ulclass']): "links";
4472	$chars = (!empty($wassup_settings['wassup_widget_chars'])) ? (int) $wassup_settings['wassup_widget_chars']: 18;
4473	$searchlimit = (!empty($wassup_settings['wassup_widget_searchlimit'])) ? (int)$wassup_settings['wassup_widget_searchlimit']: 5;
4474	$reflimit = (!empty($wassup_settings['wassup_widget_reflimit'])) ? (int)$wassup_settings['wassup_widget_reflimit']: 5;

4597	print "$before_title Last searched terms $after_title";
4598	print "<ul class='$ulclass'>";
4599	foreach ($query_det as $sref) {
4600	+ print "<li>- <a href='".esc_attr($sref->referrer)."' target='_blank' rel='nofollow'>".stringShortener(esc_attr($sref->search), $chars)."</a></li>";
4601	}
4602	print "</ul>";
4603	}

4609	print "$before_title Last referers $after_title";
4610	print "<ul class='$ulclass'>";
4611	foreach ($query_ref as $eref) {
4612	+ print "<li>- <a href='".esc_attr($eref->referrer)."' target='_blank' rel='nofollow'>".stringShortener(preg_replace("#https?://#", "", esc_attr($eref->referrer)), $chars)."</a></li>";
4613	}
4614	print "</ul>";
4615	}

4618	$wstart = (int)(current_time('timestamp') - 30.4*86400); //1 month in seconds
4619	if ($wtopbr == 1) {
4620	$top_period = "'`timestamp` > $wstart'"; //one month
4621	+ $top_limit = esc_attr($topbrlimit);
4622	$top_results = wGetStats("browser",$top_limit,$top_period);
4623	if (count($top_results) > 0) {
4624	print "$before_title ".__('Top Browsers','wassup')." $after_title";

4632
4633	if ($wtopos == 1) {
4634	$top_period = "'`timestamp` > $wstart'"; //one month
4635	+ $top_limit = esc_attr($toposlimit);
4636	$top_results = wGetStats("os",$top_limit,$top_period);
4637	if (count($top_results) > 0) {
4638	print "$before_title ".__('Top OS','wassup')." $after_title";

WassUp Real Time Analytics - Version 1.8.6

Version Description

Release Info

Code changes from version 1.8.5 to 1.8.6