WassUp Real Time Analytics - Version 1.9.4.4

Version Description

  • Important bugfix update. DO NOT UPGRADE when your site busy! Read installation instructions for safe upgrade instructions.

=

Download this release

Release Info

Developer michelem
Plugin Icon 128x128 WassUp Real Time Analytics
Version 1.9.4.4
Comparing to
See all releases

Code changes from version 1.9.4.1 to 1.9.4.4

Files changed (17) hide show
  1. js/thickbox/loadingAnimation.gif +0 -0
  2. js/thickbox/macFFBgHack.png +0 -0
  3. js/thickbox/thickbox.css +0 -33
  4. js/thickbox/thickbox.js +0 -316
  5. lib/akismet.class.php +10 -2
  6. lib/compatibility.php +3 -0
  7. lib/faq.php +1 -1
  8. lib/main.php +37 -21
  9. lib/settings.php +12 -3
  10. lib/uadetector.class.php +7 -5
  11. lib/upgrade.php +1 -1
  12. lib/wassup.class.php +26 -25
  13. lib/wassupadmin.php +24 -27
  14. readme.txt +23 -11
  15. wassup.php +80 -41
  16. widgets/widget_functions.php +19 -1
  17. widgets/widgets.php +21 -21
js/thickbox/loadingAnimation.gif DELETED
Binary file
js/thickbox/macFFBgHack.png DELETED
Binary file
js/thickbox/thickbox.css DELETED
@@ -1,33 +0,0 @@
1
- *{padding:0;margin:0;}
2
- #TB_window{font:12px Arial,Helvetica,sans-serif;color:#333333;}
3
- #TB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666666;}
4
- #TB_window a:link {color:#666666;}
5
- #TB_window a:visited {color:#666666;}
6
- #TB_window a:hover {color:#000;}
7
- #TB_window a:active {color:#666666;}
8
- #TB_window a:focus {color:#666666;}
9
- #TB_overlay{position:fixed;z-index:9999;top:0;left:0;height:100%;width:100%;}
10
- .TB_overlayMacFFBGHack{background:url(macFFBgHack.png) repeat;}
11
- .TB_overlayBG{background-color:#000;filter:alpha(opacity=75);-moz-opacity:0.75;opacity:0.75;}
12
- #TB_window{position:fixed;background:#ffffff;z-index:10002;color:#000000;display:none;border:4px solid #525252;text-align:left;top:50%;left:50%;}
13
- /* ie6 hacks */
14
- * html #TB_overlay{position:absolute;height:expression(document.body.scrollHeight>document.body.offsetHeight?document.body.scrollHeight:document.body.offsetHeight+'px');}
15
- * html #TB_window{position:absolute;margin-top:expression(0-parseInt(this.offsetHeight/2)+(TBWindowMargin=document.documentElement && document.documentElement.scrollTop || document.body.scrollTop)+'px');}
16
-
17
- #TB_window img#TB_Image{display:block;margin:15px 0 0 15px;border-right:1px solid #ccc;border-bottom:1px solid #ccc;border-top:1px solid #666;border-left:1px solid #666;}
18
- #TB_caption{height:25px;padding:7px 30px 10px 25px;float:left;}
19
- #TB_closeWindow{height:25px;padding:11px 25px 10px 0;float:right;}
20
- #TB_closeAjaxWindow{padding:7px 10px 5px 0;margin-bottom:1px;text-align:right;float:right;}
21
- #TB_ajaxWindowTitle{float:left;padding:7px 0 5px 10px;margin-bottom:1px;}
22
- #TB_title{border-bottom:3px #d54e21 solid;background-color:#e8e8e8;height:27px;}
23
- #TB_ajaxContent{clear:both;padding:2px 15px 15px 15px;overflow:auto;text-align:left;line-height:1.4em;}
24
- #TB_ajaxContent.TB_modal{padding:15px;}
25
- #TB_ajaxContent p{padding:5px 0px 5px 0px;}
26
- #TB_load{position:fixed;display:none;height:13px;width:208px;z-index:10003;top:50%;left:50%;margin:-6px 0 0 -104px;}
27
- #TB_HideSelect{z-index:9998;position:fixed;top:0;left:0;background-color:#fff;border:none;filter:alpha(opacity=0);-moz-opacity:0;opacity:0;height:100%;width:100%;}
28
-
29
- /* ie6 hacks */
30
- * html #TB_load{position:absolute;margin-top:expression(0-parseInt(this.offsetHeight/2)+(TBWindowMargin=document.documentElement && document.documentElement.scrollTop || document.body.scrollTop)+'px');}
31
- * html #TB_HideSelect{position:absolute;height:expression(document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight+'px');}
32
-
33
- #TB_iframeContent{clear:both;border:none;margin-bottom:-1px;margin-top:1px;}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
js/thickbox/thickbox.js DELETED
@@ -1,316 +0,0 @@
1
- /*
2
- * Thickbox 3.1 - One Box To Rule Them All.
3
- * By Cody Lindley (http://www.codylindley.com)
4
- * Copyright (c) 2007 cody lindley
5
- * Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.php
6
- */
7
-
8
- /*!!!!!!!!!!!!!!!!! edit below this line at your own risk !!!!!!!!!!!!!!!!!!!!!!!*/
9
- (function($) {
10
- //on page load call tb_init
11
- $(document).ready(function(){
12
- tb_init('a.thickbox, area.thickbox, input.thickbox');//pass where to apply thickbox
13
- imgLoader = new Image();// preload image
14
- imgLoader.src = tb_pathToImage;
15
- });
16
-
17
- //add thickbox to href & area elements that have a class of .thickbox
18
- function tb_init(domChunk){
19
- $(domChunk).click(function(){
20
- var t = this.title || this.name || null;
21
- var a = this.href || this.alt;
22
- var g = this.rel || false;
23
- tb_show(t,a,g);
24
- this.blur();
25
- return false;
26
- });
27
- }
28
-
29
- function tb_show(caption, url, imageGroup) {//function called when the user clicks on a thickbox link
30
-
31
- try {
32
- if (typeof document.body.style.maxHeight === "undefined") {//if IE 6
33
- $("body","html").css({height: "100%", width: "100%"});
34
- $("html").css("overflow","hidden");
35
- if (document.getElementById("TB_HideSelect") === null) {//iframe to hide select elements in ie6
36
- $("body").append("<iframe id='TB_HideSelect'></iframe><div id='TB_overlay'></div><div id='TB_window'></div>");
37
- $("#TB_overlay").click(tb_remove);
38
- }
39
- }else{//all others
40
- if(document.getElementById("TB_overlay") === null){
41
- $("body").append("<div id='TB_overlay'></div><div id='TB_window'></div>");
42
- $("#TB_overlay").click(tb_remove);
43
- }
44
- }
45
-
46
- if(tb_detectMacXFF()){
47
- $("#TB_overlay").addClass("TB_overlayMacFFBGHack");//use png overlay so hide flash
48
- }else{
49
- $("#TB_overlay").addClass("TB_overlayBG");//use background and opacity
50
- }
51
-
52
- if(caption===null){caption="";}
53
- $("body").append("<div id='TB_load'><img src='"+imgLoader.src+"' /></div>");//add loader to the page
54
- $('#TB_load').show();//show loader
55
-
56
- var baseURL;
57
- if(url.indexOf("?")!==-1){ //ff there is a query string involved
58
- baseURL = url.substr(0, url.indexOf("?"));
59
- }else{
60
- baseURL = url;
61
- }
62
-
63
- var urlString = /\.jpg$|\.jpeg$|\.png$|\.gif$|\.bmp$/;
64
- var urlType = baseURL.toLowerCase().match(urlString);
65
-
66
- if(urlType == '.jpg' || urlType == '.jpeg' || urlType == '.png' || urlType == '.gif' || urlType == '.bmp'){//code to show images
67
-
68
- TB_PrevCaption = "";
69
- TB_PrevURL = "";
70
- TB_PrevHTML = "";
71
- TB_NextCaption = "";
72
- TB_NextURL = "";
73
- TB_NextHTML = "";
74
- TB_imageCount = "";
75
- TB_FoundURL = false;
76
- if(imageGroup){
77
- TB_TempArray = $("a[@rel="+imageGroup+"]").get();
78
- for (TB_Counter = 0; ((TB_Counter < TB_TempArray.length) && (TB_NextHTML === "")); TB_Counter++) {
79
- var urlTypeTemp = TB_TempArray[TB_Counter].href.toLowerCase().match(urlString);
80
- if (!(TB_TempArray[TB_Counter].href == url)) {
81
- if (TB_FoundURL) {
82
- TB_NextCaption = TB_TempArray[TB_Counter].title;
83
- TB_NextURL = TB_TempArray[TB_Counter].href;
84
- TB_NextHTML = "<span id='TB_next'>&nbsp;&nbsp;<a href='#'>Next &gt;</a></span>";
85
- } else {
86
- TB_PrevCaption = TB_TempArray[TB_Counter].title;
87
- TB_PrevURL = TB_TempArray[TB_Counter].href;
88
- TB_PrevHTML = "<span id='TB_prev'>&nbsp;&nbsp;<a href='#'>&lt; Prev</a></span>";
89
- }
90
- } else {
91
- TB_FoundURL = true;
92
- TB_imageCount = "Image " + (TB_Counter + 1) +" of "+ (TB_TempArray.length);
93
- }
94
- }
95
- }
96
-
97
- imgPreloader = new Image();
98
- imgPreloader.onload = function(){
99
- imgPreloader.onload = null;
100
-
101
- // Resizing large images - orginal by Christian Montoya edited by me.
102
- var pagesize = tb_getPageSize();
103
- var x = pagesize[0] - 150;
104
- var y = pagesize[1] - 150;
105
- var imageWidth = imgPreloader.width;
106
- var imageHeight = imgPreloader.height;
107
- if (imageWidth > x) {
108
- imageHeight = imageHeight * (x / imageWidth);
109
- imageWidth = x;
110
- if (imageHeight > y) {
111
- imageWidth = imageWidth * (y / imageHeight);
112
- imageHeight = y;
113
- }
114
- } else if (imageHeight > y) {
115
- imageWidth = imageWidth * (y / imageHeight);
116
- imageHeight = y;
117
- if (imageWidth > x) {
118
- imageHeight = imageHeight * (x / imageWidth);
119
- imageWidth = x;
120
- }
121
- }
122
- // End Resizing
123
-
124
- TB_WIDTH = imageWidth + 30;
125
- TB_HEIGHT = imageHeight + 60;
126
- $("#TB_window").append("<a href='' id='TB_ImageOff' title='Close'><img id='TB_Image' src='"+url+"' width='"+imageWidth+"' height='"+imageHeight+"' alt='"+caption+"'/></a>" + "<div id='TB_caption'>"+caption+"<div id='TB_secondLine'>" + TB_imageCount + TB_PrevHTML + TB_NextHTML + "</div></div><div id='TB_closeWindow'><a href='#' id='TB_closeWindowButton' title='Close'>close</a> or Esc Key</div>");
127
-
128
- $("#TB_closeWindowButton").click(tb_remove);
129
-
130
- if (!(TB_PrevHTML === "")) {
131
- function goPrev(){
132
- if($(document).unbind("click",goPrev)){$(document).unbind("click",goPrev);}
133
- $("#TB_window").remove();
134
- $("body").append("<div id='TB_window'></div>");
135
- tb_show(TB_PrevCaption, TB_PrevURL, imageGroup);
136
- return false;
137
- }
138
- $("#TB_prev").click(goPrev);
139
- }
140
-
141
- if (!(TB_NextHTML === "")) {
142
- function goNext(){
143
- $("#TB_window").remove();
144
- $("body").append("<div id='TB_window'></div>");
145
- tb_show(TB_NextCaption, TB_NextURL, imageGroup);
146
- return false;
147
- }
148
- $("#TB_next").click(goNext);
149
-
150
- }
151
-
152
- document.onkeydown = function(e){
153
- if (e == null) { // ie
154
- keycode = event.keyCode;
155
- } else { // mozilla
156
- keycode = e.which;
157
- }
158
- if(keycode == 27){ // close
159
- tb_remove();
160
- } else if(keycode == 190){ // display previous image
161
- if(!(TB_NextHTML == "")){
162
- document.onkeydown = "";
163
- goNext();
164
- }
165
- } else if(keycode == 188){ // display next image
166
- if(!(TB_PrevHTML == "")){
167
- document.onkeydown = "";
168
- goPrev();
169
- }
170
- }
171
- };
172
-
173
- tb_position();
174
- $("#TB_load").remove();
175
- $("#TB_ImageOff").click(tb_remove);
176
- $("#TB_window").css({display:"block"}); //for safari using css instead of show
177
- };
178
-
179
- imgPreloader.src = url;
180
- }else{//code to show html
181
-
182
- var queryString = url.replace(/^[^\?]+\??/,'');
183
- var params = tb_parseQuery( queryString );
184
-
185
- TB_WIDTH = (params['width']*1) + 30 || 630; //defaults to 630 if no paramaters were added to URL
186
- TB_HEIGHT = (params['height']*1) + 40 || 440; //defaults to 440 if no paramaters were added to URL
187
- ajaxContentW = TB_WIDTH - 30;
188
- ajaxContentH = TB_HEIGHT - 45;
189
-
190
- if(url.indexOf('TB_iframe') != -1){// either iframe or ajax window
191
- urlNoQuery = url.split('TB_');
192
- $("#TB_iframeContent").remove();
193
- if(params['modal'] != "true"){//iframe no modal
194
- $("#TB_window").append("<div id='TB_title'><div id='TB_ajaxWindowTitle'>"+caption+"</div><div id='TB_closeAjaxWindow'><a href='#' id='TB_closeWindowButton' title='Close'>close</a> or Esc Key</div></div><iframe frameborder='0' hspace='0' src='"+urlNoQuery[0]+"' id='TB_iframeContent' name='TB_iframeContent"+Math.round(Math.random()*1000)+"' onload='tb_showIframe()' style='width:"+(ajaxContentW + 29)+"px;height:"+(ajaxContentH + 17)+"px;' > </iframe>");
195
- }else{//iframe modal
196
- $("#TB_overlay").unbind();
197
- $("#TB_window").append("<iframe frameborder='0' hspace='0' src='"+urlNoQuery[0]+"' id='TB_iframeContent' name='TB_iframeContent"+Math.round(Math.random()*1000)+"' onload='tb_showIframe()' style='width:"+(ajaxContentW + 29)+"px;height:"+(ajaxContentH + 17)+"px;'> </iframe>");
198
- }
199
- }else{// not an iframe, ajax
200
- if($("#TB_window").css("display") != "block"){
201
- if(params['modal'] != "true"){//ajax no modal
202
- $("#TB_window").append("<div id='TB_title'><div id='TB_ajaxWindowTitle'>"+caption+"</div><div id='TB_closeAjaxWindow'><a href='#' id='TB_closeWindowButton'>close</a> or Esc Key</div></div><div id='TB_ajaxContent' style='width:"+ajaxContentW+"px;height:"+ajaxContentH+"px'></div>");
203
- }else{//ajax modal
204
- $("#TB_overlay").unbind();
205
- $("#TB_window").append("<div id='TB_ajaxContent' class='TB_modal' style='width:"+ajaxContentW+"px;height:"+ajaxContentH+"px;'></div>");
206
- }
207
- }else{//this means the window is already up, we are just loading new content via ajax
208
- $("#TB_ajaxContent")[0].style.width = ajaxContentW +"px";
209
- $("#TB_ajaxContent")[0].style.height = ajaxContentH +"px";
210
- $("#TB_ajaxContent")[0].scrollTop = 0;
211
- $("#TB_ajaxWindowTitle").html(caption);
212
- }
213
- }
214
-
215
- $("#TB_closeWindowButton").click(tb_remove);
216
-
217
- if(url.indexOf('TB_inline') != -1){
218
- $("#TB_ajaxContent").append($('#' + params['inlineId']).children());
219
- $("#TB_window").unload(function () {
220
- $('#' + params['inlineId']).append( $("#TB_ajaxContent").children() ); // move elements back when you're finished
221
- });
222
- tb_position();
223
- $("#TB_load").remove();
224
- $("#TB_window").css({display:"block"});
225
- }else if(url.indexOf('TB_iframe') != -1){
226
- tb_position();
227
- if($.browser.safari){//safari needs help because it will not fire iframe onload
228
- $("#TB_load").remove();
229
- $("#TB_window").css({display:"block"});
230
- }
231
- }else{
232
- $("#TB_ajaxContent").load(url += "&random=" + (new Date().getTime()),function(){//to do a post change this load method
233
- tb_position();
234
- $("#TB_load").remove();
235
- tb_init("#TB_ajaxContent a.thickbox");
236
- $("#TB_window").css({display:"block"});
237
- });
238
- }
239
-
240
- }
241
-
242
- if(!params['modal']){
243
- document.onkeyup = function(e){
244
- if (e == null) { // ie
245
- keycode = event.keyCode;
246
- } else { // mozilla
247
- keycode = e.which;
248
- }
249
- if(keycode == 27){ // close
250
- tb_remove();
251
- }
252
- };
253
- }
254
-
255
- } catch(e) {
256
- //nothing here
257
- }
258
- }
259
-
260
- //helper functions below
261
- function tb_showIframe(){
262
- $("#TB_load").remove();
263
- $("#TB_window").css({display:"block"});
264
- }
265
-
266
- function tb_remove() {
267
- $("#TB_imageOff").unbind("click");
268
- $("#TB_closeWindowButton").unbind("click");
269
- $("#TB_window").fadeOut("fast",function(){$('#TB_window,#TB_overlay,#TB_HideSelect').trigger("unload").unbind().remove();});
270
- $("#TB_load").remove();
271
- if (typeof document.body.style.maxHeight == "undefined") {//if IE 6
272
- $("body","html").css({height: "auto", width: "auto"});
273
- $("html").css("overflow","");
274
- }
275
- document.onkeydown = "";
276
- document.onkeyup = "";
277
- return false;
278
- }
279
-
280
- function tb_position() {
281
- $("#TB_window").css({marginLeft: '-' + parseInt((TB_WIDTH / 2),10) + 'px', width: TB_WIDTH + 'px'});
282
- if ( !(jQuery.browser.msie && jQuery.browser.version < 7)) { // take away IE6
283
- $("#TB_window").css({marginTop: '-' + parseInt((TB_HEIGHT / 2),10) + 'px'});
284
- }
285
- }
286
-
287
- function tb_parseQuery ( query ) {
288
- var Params = {};
289
- if ( ! query ) {return Params;}// return empty object
290
- var Pairs = query.split(/[;&]/);
291
- for ( var i = 0; i < Pairs.length; i++ ) {
292
- var KeyVal = Pairs[i].split('=');
293
- if ( ! KeyVal || KeyVal.length != 2 ) {continue;}
294
- var key = unescape( KeyVal[0] );
295
- var val = unescape( KeyVal[1] );
296
- val = val.replace(/\+/g, ' ');
297
- Params[key] = val;
298
- }
299
- return Params;
300
- }
301
-
302
- function tb_getPageSize(){
303
- var de = document.documentElement;
304
- var w = window.innerWidth || self.innerWidth || (de&&de.clientWidth) || document.body.clientWidth;
305
- var h = window.innerHeight || self.innerHeight || (de&&de.clientHeight) || document.body.clientHeight;
306
- arrayPageSize = [w,h];
307
- return arrayPageSize;
308
- }
309
-
310
- function tb_detectMacXFF() {
311
- var userAgent = navigator.userAgent.toLowerCase();
312
- if (userAgent.indexOf('mac') != -1 && userAgent.indexOf('firefox')!=-1) {
313
- return true;
314
- }
315
- }
316
- }(jQuery));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
lib/akismet.class.php CHANGED
@@ -88,12 +88,16 @@ class wassup_AkismetHttpClient extends wassup_AkismetObject {
88
  var $errors=array();
89
 
90
  /** Constructor */
91
- function wassup_AkismetHttpClient($host,$blogUrl,$apiKey,$port=80){
92
  $this->host=$host;
93
  $this->port=$port;
94
  $this->blogUrl=$blogUrl;
95
  $this->apiKey=$apiKey;
96
  }
 
 
 
 
97
  /** Use the connection active in $con to get a response from the server and return that response */
98
  function getResponse($request,$path,$type="post",$responseLength=1160){
99
  $this->_connect();
@@ -173,7 +177,7 @@ class wassup_Akismet extends wassup_AkismetObject {
173
  * @param String[] $comment - A formatted comment array to be examined by the Akismet service
174
  * @return Akismet
175
  */
176
- function wassup_Akismet($blogUrl,$apiKey,$comment=array()) {
177
  $this->blogUrl=$blogUrl;
178
  $this->apiKey =$apiKey;
179
  $this->setComment($comment);
@@ -187,6 +191,10 @@ class wassup_Akismet extends wassup_AkismetObject {
187
  $this->setError(WASSUP_AKISMET_INVALID_KEY,__("Your Akismet API key is not valid.","wassup"));
188
  }
189
  }
 
 
 
 
190
  /** Query Akismet server to check if comment is spam or not */
191
  function isSpam() {
192
  $response=$this->http->getResponse($this->_getQueryString(), 'comment-check');
88
  var $errors=array();
89
 
90
  /** Constructor */
91
+ function __construct($host,$blogUrl,$apiKey,$port=80){
92
  $this->host=$host;
93
  $this->port=$port;
94
  $this->blogUrl=$blogUrl;
95
  $this->apiKey=$apiKey;
96
  }
97
+ /** PHP4 constructor for backward compatibility */
98
+ function wassup_AkismetHttpClient($host,$blogUrl,$apiKey,$port=80){
99
+ $this->__construct($host,$blogUrl,$apiKey,$port);
100
+ }
101
  /** Use the connection active in $con to get a response from the server and return that response */
102
  function getResponse($request,$path,$type="post",$responseLength=1160){
103
  $this->_connect();
177
  * @param String[] $comment - A formatted comment array to be examined by the Akismet service
178
  * @return Akismet
179
  */
180
+ function __construct($blogUrl,$apiKey,$comment=array()) {
181
  $this->blogUrl=$blogUrl;
182
  $this->apiKey =$apiKey;
183
  $this->setComment($comment);
191
  $this->setError(WASSUP_AKISMET_INVALID_KEY,__("Your Akismet API key is not valid.","wassup"));
192
  }
193
  }
194
+ /** PHP4 constructor for backward compatibility */
195
+ function wassup_Akismet($blogUrl,$apiKey,$comment=array()) {
196
+ $this->__construct($blogUrl,$apiKey,$comment);
197
+ }
198
  /** Query Akismet server to check if comment is spam or not */
199
  function isSpam() {
200
  $response=$this->http->getResponse($this->_getQueryString(), 'comment-check');
lib/compatibility.php CHANGED
@@ -81,6 +81,9 @@ function wassup_load_compat_modules(){
81
  if(!class_exists('wassupOptions')){
82
  include_once($wassup_compatlib.'/compat_wassup.class.php');
83
  }
 
 
 
84
  }
85
  }
86
  return $is_compatible;
81
  if(!class_exists('wassupOptions')){
82
  include_once($wassup_compatlib.'/compat_wassup.class.php');
83
  }
84
+ if(!class_exists('Wassup_Widget')){
85
+ include_once($wassup_compatlib.'/compat_widget.php');
86
+ }
87
  }
88
  }
89
  return $is_compatible;
lib/faq.php CHANGED
@@ -79,7 +79,7 @@ function wassup_faq(){
79
  <li><strong>Q:</strong> <span class="faq-question"><?php echo __("How do I upgrade WassUp safely when my site has frequent visitors?","wassup");?></span><br/>
80
  <strong>A:</strong> <span class="faq-answer"><?php echo sprintf(__("To upgrade WassUp when your site is busy, you must first disable statistics recording manually under %s tab, then do the plugin upgrade, and afterwards re-enable recording manually when the upgrade is complete and the plugin is active.","wassup"),'<span class="code">WassUp >>'.__("Options","wassup").' >><nobr>[<a href="'.$options_link.'">'.__("General Setup","wassup").'</a>]</nobr></span>');?></span></li>
81
  <li><strong>Q:</strong> <span class="faq-question"><?php echo __("An unspecified error occurred during plugin upgrade. What do I do next?","wassup");?></span><br/>
82
- <strong>A:</strong> <span class="faq-answer"><?php echo __("Wait a few minutes. Do NOT re-attempt to upgrade nor try to activate the plugin again! An activation error with no explanation is probably due to your browser timing out, not an upgrade failure. WassUp continues it's upgrade in the background and will activate automatically when it is done. After a few minutes (5-10) has passed, revisit Wordpress admin Plugins panel and verify that Wassup plugin has activated.","wassup");?></span></li>
83
  <li><strong>Q:</strong> <span class="faq-question"><?php echo __("How do I uninstall WassUp cleanly?","wassup");?></span><br/>
84
  <strong>A #1:</strong> <span class="faq-answer"><?php echo __("From a single Wordpress site: navigate to Wordpress Plugins panel and deactivate WassUp plugin. Then, on the same page, click the \"delete\" link below WassUp name. This deletes both data and files permanently.","wassup");?></span><br/>
85
  <strong>A #2:</strong> <span class="faq-answer"><?php echo __("From Wordpress multisite Network admin panel: navigate to Plugins panel and deactivate WassUp plugin. If the plugin is not \"network activated\", navigate to the main site/parent domain Plugins panel and deactivate Wassup plugin there, then return to Network admin Plugins panel. Click the \"delete\" link below WassUp name. This deletes both data and files permanently from the main site/parent domain and deletes Wassup data from all the subsites in the network.","wassup");?></span><br/>
79
  <li><strong>Q:</strong> <span class="faq-question"><?php echo __("How do I upgrade WassUp safely when my site has frequent visitors?","wassup");?></span><br/>
80
  <strong>A:</strong> <span class="faq-answer"><?php echo sprintf(__("To upgrade WassUp when your site is busy, you must first disable statistics recording manually under %s tab, then do the plugin upgrade, and afterwards re-enable recording manually when the upgrade is complete and the plugin is active.","wassup"),'<span class="code">WassUp >>'.__("Options","wassup").' >><nobr>[<a href="'.$options_link.'">'.__("General Setup","wassup").'</a>]</nobr></span>');?></span></li>
81
  <li><strong>Q:</strong> <span class="faq-question"><?php echo __("An unspecified error occurred during plugin upgrade. What do I do next?","wassup");?></span><br/>
82
+ <strong>A:</strong> <span class="faq-answer"><?php echo __("Wait a few minutes. Do NOT re-attempt to upgrade nor try to activate the plugin again! An activation error with no explanation is probably due to your browser timing out, not an upgrade failure. WassUp continues it's upgrade in the background and will activate automatically when it is done. After a few minutes (5-10) has passed, revisit Wordpress' Plugins panel and verify that Wassup plugin has activated.","wassup");?></span></li>
83
  <li><strong>Q:</strong> <span class="faq-question"><?php echo __("How do I uninstall WassUp cleanly?","wassup");?></span><br/>
84
  <strong>A #1:</strong> <span class="faq-answer"><?php echo __("From a single Wordpress site: navigate to Wordpress Plugins panel and deactivate WassUp plugin. Then, on the same page, click the \"delete\" link below WassUp name. This deletes both data and files permanently.","wassup");?></span><br/>
85
  <strong>A #2:</strong> <span class="faq-answer"><?php echo __("From Wordpress multisite Network admin panel: navigate to Plugins panel and deactivate WassUp plugin. If the plugin is not \"network activated\", navigate to the main site/parent domain Plugins panel and deactivate Wassup plugin there, then return to Network admin Plugins panel. Click the \"delete\" link below WassUp name. This deletes both data and files permanently from the main site/parent domain and deletes Wassup data from all the subsites in the network.","wassup");?></span><br/>
lib/main.php CHANGED
@@ -42,8 +42,7 @@ class wassup_pagination{
42
  var $urlF;
43
  var $calculate;
44
  var $pagination;
45
- //PHP4 constructor
46
- function wassup_pagination(){
47
  $this->total_pages=null;
48
  $this->limit=null;
49
  $this->target="";
@@ -61,6 +60,8 @@ class wassup_pagination{
61
  $this->calculate=false;
62
  $this->pagination="";
63
  }
 
 
64
  function items($value){$this->total_pages=intval($value);}
65
  function limit($value){$this->limit=intval($value);}
66
  function target($value){$this->target=$value;}
@@ -182,11 +183,13 @@ class wDetector{
182
  var $os_version;
183
  var $os;
184
  var $useragent;
185
- function wdetector($ip="",$ua=""){
186
  $this->useragent=$ua;
187
  $this->check_os($ua);
188
  $this->check_browser($ua);
189
  }
 
 
190
  function check_os($useragent){
191
  $os="";
192
  $version="";
@@ -353,11 +356,11 @@ function stringShortener($input,$max=0,$sep='(...)',$exceedFromEnd=0){
353
  //check for valid input
354
  $strng=rtrim($input);
355
  if(empty($strng) || !is_string($input)){
356
- return esc_attr($input); //v1.9.4 bugfix
357
  }
358
  //temporarily replace all %-hex chars with literals and trim the input string of whitespaces...re-encoded after truncation
359
  $instring=rtrim(stripslashes(rawurldecode(html_entity_decode(wassupURI::disarm_attack($input))))," +\t");
360
- if(empty($instring)) $instring=$input; //v1.9.4 bugfix
361
  $inputlen=strlen($instring);
362
  $max=(is_numeric($max))?(integer)$max:$inputlen;
363
  if($max <$inputlen){
@@ -381,12 +384,12 @@ function stringShortener($input,$max=0,$sep='(...)',$exceedFromEnd=0){
381
  if(strlen($outstring) >= $inputlen){ //Because "Fir(...)fox" is longer than "Firefox"
382
  $outstring=$instring;
383
  }
384
- // uses 'esc_attr' and 'esc_html' to make malicious code harmless when echoed to the screen
385
- $outstring=esc_attr(esc_html($outstring,ENT_QUOTES));
386
  } else {
387
- $outstring=esc_attr(esc_html($instring,ENT_QUOTES));
388
  }
389
- return $outstring;
390
  } //end function stringShortener
391
 
392
  /**
@@ -448,8 +451,8 @@ function wassup_rawdataView($args=array()){
448
  if(!empty($rk->url_wpid) && is_numeric($rk->url_wpid)){
449
  $result=$wpdb->get_var(sprintf("SELECT `post_title` from {$wpdb->prefix}posts WHERE `ID`=%d",(int)$rk->url_wpid));
450
  if(empty($result) || is_wp_error($result)) $p_title=" ** ". __("none or deleted post","wassup")." ** ";
451
- else $p_title=$result;
452
- if(!empty($p_title)) echo '</span><nobr> &nbsp; &nbsp; '.__("Title","wassup").': </nobr><span class="raw">'.esc_attr($p_title);
453
  }?></span></li>
454
  <li><span class="field"><?php echo __("Referrer","wassup");?>:</span><span class="raw"><?php echo wassupURI::cleanURL($rk->referrer);?></span></li><?php
455
  if(!empty($rk->search) || !empty($rk->searchengine) || !empty($rk->searchpage)){
@@ -1065,7 +1068,7 @@ function wassup_top10view ($from_date="",$to_date="",$res="",$top_limit=0,$title
1065
  <li class="wassup-nowrap"><nobr><?php
1066
  if ($top10->top_item=="_notprovided_") $top_string='('.__("not provided","wassup").')';
1067
  else $top_string=stringShortener(preg_replace('/'.preg_quote($blogurl,'/').'/i','',$top10->top_item),$char_len);
1068
- echo wPadNum($top10->top_count,$ndigits).' <a href="'.wassupURI::cleanURL($top10->top_link).'" target="_BLANK" title="'.substr($top10->top_item,0,$wassup_options->wassup_screen_res-100).'">'.$top_string.'</a>';?></nobr></li><?php
1069
  $i++;
1070
  }
1071
  }
@@ -1177,7 +1180,7 @@ function wassup_top10view ($from_date="",$to_date="",$res="",$top_limit=0,$title
1177
  foreach ($top_results as $top10) {
1178
  echo "\n"; ?>
1179
  <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1180
- echo ' <span class="top10" title="'.esc_attr($top10->top_item).'">'.stringShortener($top10->top_item, $char_len).'</span>'; ?></nobr></li><?php
1181
  $i++;
1182
  }
1183
  }
@@ -1209,7 +1212,7 @@ function wassup_top10view ($from_date="",$to_date="",$res="",$top_limit=0,$title
1209
  $ndigits = strlen("{$top_results[0]->top_count}");
1210
  foreach ($top_results as $top10) {
1211
  echo "\n"; ?>
1212
- <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits); ?> <span class="top10" title="<?php echo esc_attr($top10->top_item);?>"><?php echo stringShortener($top10->top_item, $char_len); ?></span></nobr></li><?php
1213
  $i++;
1214
  }
1215
  }
@@ -1243,7 +1246,7 @@ function wassup_top10view ($from_date="",$to_date="",$res="",$top_limit=0,$title
1243
  echo "\n";?>
1244
  <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1245
  echo ' <img src="'.WASSUPURL.'/img/flags/'.strtolower(esc_attr($top10->top_item)).'.png" alt="" />';?>
1246
- <span class="top10" title="<?php echo $top10->top_item;?>"><?php echo esc_attr($top10->top_item);?></span></nobr></li><?php
1247
  $i++;
1248
  }
1249
  }
@@ -1281,7 +1284,7 @@ function wassup_top10view ($from_date="",$to_date="",$res="",$top_limit=0,$title
1281
  else
1282
  $uclass="";
1283
  echo "\n"; ?>
1284
- <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits).' <span class="top10'.$uclass.'" title="'.esc_attr($top10->top_item).'">'.stringShortener($top10->top_item, $char_len).'</span>'; ?></nobr></li><?php
1285
  $i++;
1286
  } //end loop
1287
  }
@@ -1314,7 +1317,16 @@ function wassup_top10view ($from_date="",$to_date="",$res="",$top_limit=0,$title
1314
  foreach ($top_results as $top10) {
1315
  echo "\n"; ?>
1316
  <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1317
- echo ' <a href="'.wassupURI::add_siteurl($top10->top_link).'" target="_BLANK" title="'.$top10->top_item.'">'.stringShortener($top10->top_item,$char_len).'</a>'; ?> </nobr></li><?php
 
 
 
 
 
 
 
 
 
1318
  $i++;
1319
  }
1320
  }
@@ -1490,7 +1502,7 @@ class WassupItems {
1490
  var $Last;
1491
  var $WpUrl;
1492
  var $totrecords=0;
1493
- function wassupitems($table_name,$date_from,$date_to,$whereis=null,$limit=null) {
1494
  global $wpdb,$wassup_options,$wdebug_mode;
1495
  if (empty($wassup_options->wassup_table)) $wassup_options = new wassupOptions;
1496
  $wassup_table = $wassup_options->wassup_table;
@@ -1582,10 +1594,14 @@ class WassupItems {
1582
  echo "\n -->";
1583
  }
1584
  }
 
 
 
 
1585
  // Function to show main query and count items
1586
  function calc_tot($Type,$Search="",$specific_where_clause=null,$distinct_type=null){
1587
  global $wpdb,$current_user,$wdebug_mode;
1588
- //get/set user-specific wassup_settings
1589
  if(!is_object($current_user) || empty($current_user->ID)) wp_get_current_user();
1590
  $wassup_user_settings=get_user_option('_wassup_settings',$current_user->ID);
1591
  $this->ItemsType=$Type;
@@ -1607,7 +1623,7 @@ class WassupItems {
1607
  switch ($Type) {
1608
  // This is the MAIN query to show the chronology
1609
  case "main":
1610
- //New in v1.9.4: use temporary table to help speed up retrieval of large datasets
1611
  $bigdata=false;
1612
  $totrecords=$wpdb->get_var("SELECT COUNT(*) FROM $this->tableName");
1613
  if($totrecords >50000) $bigdata=true;
@@ -1706,7 +1722,7 @@ class WassupItems {
1706
  if(!empty($wip)&& $Search==$wip){
1707
  //for IP-only search
1708
  $ss=sprintf(" AND `ip`='%s'",$searchParam);
1709
- //New in v1.9.4: separate url searches
1710
  }elseif(strpos($Search,'/')!==FALSE){
1711
  $ss = sprintf(" AND (`urlrequested` LIKE '%%%s%%' OR `agent` LIKE '%%%s%%' OR `referrer` LIKE '%%%s%%')",
1712
  $searchParam,
42
  var $urlF;
43
  var $calculate;
44
  var $pagination;
45
+ function __construct(){
 
46
  $this->total_pages=null;
47
  $this->limit=null;
48
  $this->target="";
60
  $this->calculate=false;
61
  $this->pagination="";
62
  }
63
+ //PHP4 constructor
64
+ function wassup_pagination(){$this->__construct();}
65
  function items($value){$this->total_pages=intval($value);}
66
  function limit($value){$this->limit=intval($value);}
67
  function target($value){$this->target=$value;}
183
  var $os_version;
184
  var $os;
185
  var $useragent;
186
+ function __construct($ip="",$ua=""){
187
  $this->useragent=$ua;
188
  $this->check_os($ua);
189
  $this->check_browser($ua);
190
  }
191
+ //PHP4 constructor
192
+ function wdetector($ip="",$ua=""){$this->__construct($ip,$ua);}
193
  function check_os($useragent){
194
  $os="";
195
  $version="";
356
  //check for valid input
357
  $strng=rtrim($input);
358
  if(empty($strng) || !is_string($input)){
359
+ return esc_attr($input); //v1.9.4 bugfix
360
  }
361
  //temporarily replace all %-hex chars with literals and trim the input string of whitespaces...re-encoded after truncation
362
  $instring=rtrim(stripslashes(rawurldecode(html_entity_decode(wassupURI::disarm_attack($input))))," +\t");
363
+ if(empty($instring)) $instring=$input;
364
  $inputlen=strlen($instring);
365
  $max=(is_numeric($max))?(integer)$max:$inputlen;
366
  if($max <$inputlen){
384
  if(strlen($outstring) >= $inputlen){ //Because "Fir(...)fox" is longer than "Firefox"
385
  $outstring=$instring;
386
  }
387
+ //try neutralize malicious code
388
+ $outstring=esc_html($outstring,ENT_QUOTES);
389
  } else {
390
+ $outstring=esc_html($instring,ENT_QUOTES);
391
  }
392
+ return wassupURI::disarm_attack($outstring);
393
  } //end function stringShortener
394
 
395
  /**
451
  if(!empty($rk->url_wpid) && is_numeric($rk->url_wpid)){
452
  $result=$wpdb->get_var(sprintf("SELECT `post_title` from {$wpdb->prefix}posts WHERE `ID`=%d",(int)$rk->url_wpid));
453
  if(empty($result) || is_wp_error($result)) $p_title=" ** ". __("none or deleted post","wassup")." ** ";
454
+ else $p_title=get_the_title($rk->url_wpid); //let Wordpress escape the title
455
+ if(!empty($p_title)) echo '</span><nobr> &nbsp; &nbsp; '.__("Title","wassup").': </nobr><span class="raw">'.$p_title;
456
  }?></span></li>
457
  <li><span class="field"><?php echo __("Referrer","wassup");?>:</span><span class="raw"><?php echo wassupURI::cleanURL($rk->referrer);?></span></li><?php
458
  if(!empty($rk->search) || !empty($rk->searchengine) || !empty($rk->searchpage)){
1068
  <li class="wassup-nowrap"><nobr><?php
1069
  if ($top10->top_item=="_notprovided_") $top_string='('.__("not provided","wassup").')';
1070
  else $top_string=stringShortener(preg_replace('/'.preg_quote($blogurl,'/').'/i','',$top10->top_item),$char_len);
1071
+ echo wPadNum($top10->top_count,$ndigits).' <a href="'.wassupURI::cleanURL($top10->top_link).'" target="_BLANK" title="'.esc_attr(substr($top10->top_item,0,$wassup_options->wassup_screen_res-100)).'">'.esc_attr($top_string).'</a>';?></nobr></li><?php
1072
  $i++;
1073
  }
1074
  }
1180
  foreach ($top_results as $top10) {
1181
  echo "\n"; ?>
1182
  <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1183
+ echo ' <span class="top10" title="'.esc_attr($top10->top_item).'">'.esc_attr(stringShortener($top10->top_item, $char_len)).'</span>'; ?></nobr></li><?php
1184
  $i++;
1185
  }
1186
  }
1212
  $ndigits = strlen("{$top_results[0]->top_count}");
1213
  foreach ($top_results as $top10) {
1214
  echo "\n"; ?>
1215
+ <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits); ?> <span class="top10" title="<?php echo esc_attr($top10->top_item);?>"><?php echo esc_attr(stringShortener($top10->top_item, $char_len)); ?></span></nobr></li><?php
1216
  $i++;
1217
  }
1218
  }
1246
  echo "\n";?>
1247
  <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1248
  echo ' <img src="'.WASSUPURL.'/img/flags/'.strtolower(esc_attr($top10->top_item)).'.png" alt="" />';?>
1249
+ <span class="top10" title="<?php echo esc_attr($top10->top_item);?>"><?php echo esc_attr($top10->top_item);?></span></nobr></li><?php
1250
  $i++;
1251
  }
1252
  }
1284
  else
1285
  $uclass="";
1286
  echo "\n"; ?>
1287
+ <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits).' <span class="top10'.$uclass.'" title="'.esc_attr($top10->top_item).'">'.esc_attr(stringShortener($top10->top_item, $char_len)).'</span>'; ?></nobr></li><?php
1288
  $i++;
1289
  } //end loop
1290
  }
1317
  foreach ($top_results as $top10) {
1318
  echo "\n"; ?>
1319
  <li class="wassup-nowrap"><nobr><?php echo wPadNum($top10->top_count,$ndigits);
1320
+ if(!empty($top10->top_group) && is_numeric($top10->top_group)){
1321
+ //let Wordpress escape title
1322
+ $p_title=get_the_title($top10->top_group);
1323
+ if(empty($p_title) && !empty($top10->top_item)){
1324
+ $p_title=esc_attr($top10->top_item);
1325
+ }
1326
+ }else{
1327
+ $p_title=esc_attr($top10->top_item);
1328
+ }
1329
+ echo ' <a href="'.wassupURI::add_siteurl($top10->top_link).'" target="_BLANK" title="'.$p_title.'">'.stringShortener($p_title,$char_len).'</a>'; ?> </nobr></li><?php
1330
  $i++;
1331
  }
1332
  }
1502
  var $Last;
1503
  var $WpUrl;
1504
  var $totrecords=0;
1505
+ function __construct($table_name,$date_from,$date_to,$whereis=null,$limit=null) {
1506
  global $wpdb,$wassup_options,$wdebug_mode;
1507
  if (empty($wassup_options->wassup_table)) $wassup_options = new wassupOptions;
1508
  $wassup_table = $wassup_options->wassup_table;
1594
  echo "\n -->";
1595
  }
1596
  }
1597
+ // PHP4 constructor
1598
+ function wassupitems($table_name,$date_from,$date_to,$whereis=null,$limit=null) {
1599
+ $this->__construct($table_name,$date_from,$date_to,$whereis,$limit);
1600
+ }
1601
  // Function to show main query and count items
1602
  function calc_tot($Type,$Search="",$specific_where_clause=null,$distinct_type=null){
1603
  global $wpdb,$current_user,$wdebug_mode;
1604
+ // get/set user-specific wassup_settings
1605
  if(!is_object($current_user) || empty($current_user->ID)) wp_get_current_user();
1606
  $wassup_user_settings=get_user_option('_wassup_settings',$current_user->ID);
1607
  $this->ItemsType=$Type;
1623
  switch ($Type) {
1624
  // This is the MAIN query to show the chronology
1625
  case "main":
1626
+ //use temporary table to help speed up retrieval of large datasets @since v1.9.4
1627
  $bigdata=false;
1628
  $totrecords=$wpdb->get_var("SELECT COUNT(*) FROM $this->tableName");
1629
  if($totrecords >50000) $bigdata=true;
1722
  if(!empty($wip)&& $Search==$wip){
1723
  //for IP-only search
1724
  $ss=sprintf(" AND `ip`='%s'",$searchParam);
1725
+ //separate url searches @since v1.9.4
1726
  }elseif(strpos($Search,'/')!==FALSE){
1727
  $ss = sprintf(" AND (`urlrequested` LIKE '%%%s%%' OR `agent` LIKE '%%%s%%' OR `referrer` LIKE '%%%s%%')",
1728
  $searchParam,
lib/settings.php CHANGED
@@ -164,7 +164,14 @@ function wassup_optionsView($tab=0) {
164
  <p class="noindent-opt"><?php echo __("Multisite settings that applies to all subsites in the network.","wassup");?></p>
165
  <input type="hidden" name="_network_settings" value="1"/>
166
  <h3><?php _e("Network Statistics Recording","wassup");?></h3>
167
- <p class="description"><?php echo __("Enables Wassup visitor tracking on all subsites in network. Do NOT disable unless upgrading plugin.","wassup");?></p>
 
 
 
 
 
 
 
168
  <p><input type="checkbox" name="network_active" value="1" <?php if(!empty($wassup_network_settings['wassup_active'])) echo $checked;?> /> <strong><?php _e('Enable Statistics Recording for network.','wassup');?></strong><br/>
169
  <span class="opt-note"><?php echo " ".__("Can be overridden on individual subsites to disable statistics recording.","wassup");?></span><?php
170
  if(!empty($wassup_network_settings['wassup_table'])){?><br/>
@@ -737,10 +744,12 @@ function wassup_optionsView($tab=0) {
737
  echo (int)$max_execute." ".__("seconds","wassup");
738
  }
739
  }elseif($max_execute==0){
740
- echo $max_execute." (".__("unlimited","wassup").")";
741
  }else{
742
- _e("unknown","wassup");
743
  }
 
 
744
  }else{
745
  _e("unknown","wassup");
746
  }
164
  <p class="noindent-opt"><?php echo __("Multisite settings that applies to all subsites in the network.","wassup");?></p>
165
  <input type="hidden" name="_network_settings" value="1"/>
166
  <h3><?php _e("Network Statistics Recording","wassup");?></h3>
167
+ <p class="description"><?php
168
+ if($wassup_options->network_activated_plugin()){
169
+ echo __("Enables visitor tracking on all subsites in network.","wassup");
170
+ }else{
171
+ echo __("Enables visitor tracking on the network subsites where plugin is activated.","wassup");
172
+ }
173
+ echo " ".__("Do NOT disable unless upgrading plugin.","wassup");
174
+ ?></p>
175
  <p><input type="checkbox" name="network_active" value="1" <?php if(!empty($wassup_network_settings['wassup_active'])) echo $checked;?> /> <strong><?php _e('Enable Statistics Recording for network.','wassup');?></strong><br/>
176
  <span class="opt-note"><?php echo " ".__("Can be overridden on individual subsites to disable statistics recording.","wassup");?></span><?php
177
  if(!empty($wassup_network_settings['wassup_table'])){?><br/>
744
  echo (int)$max_execute." ".__("seconds","wassup");
745
  }
746
  }elseif($max_execute==0){
747
+ echo $max_execute.' ('.__("unlimited","wassup").')';
748
  }else{
749
+ echo $max_execute.' ('.__("unknown","wassup").')';
750
  }
751
+ }elseif(is_string($max_execute)){
752
+ echo htmlspecialchars($max_execute);
753
  }else{
754
  _e("unknown","wassup");
755
  }
lib/uadetector.class.php CHANGED
@@ -1,12 +1,12 @@
1
  <?php
2
  /**
3
  * Class for in-depth user agent detection.
4
- * Updated: 2016-09-04
5
- * @version 0.9.2
6
  * @author helened
7
  * Author URI: http://helenesit.com
8
  *
9
- * @copyright Copyright (c) 2009-2016 Helene Duncker
10
  * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License
11
  *
12
  * This program is distributed in the hope that it will be useful,
@@ -68,11 +68,11 @@ class UADetector {
68
  //var $is_active_agent=false; //private
69
 
70
  /**
71
- * PHP4 compatible constructor
72
  * @param string $ua (optional)
73
  * @return object(16)
74
  */
75
- function uadetector($ua=""){
76
  $this->is_browser=false;
77
  $this->is_mobile=false;
78
  $this->is_robot=false;
@@ -116,6 +116,8 @@ function uadetector($ua=""){
116
  unset($this->_done_browsers,$this->_done_spiders,$this->is_active_agent);
117
  return;
118
  } //end function __construct
 
 
119
 
120
  /**
121
  * Check user agent against a known list of top user agents
1
  <?php
2
  /**
3
  * Class for in-depth user agent detection.
4
+ * Updated: 2017-09-04
5
+ * @version 0.9.3
6
  * @author helened
7
  * Author URI: http://helenesit.com
8
  *
9
+ * @copyright Copyright (c) 2009-2018 Helene Duncker
10
  * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License
11
  *
12
  * This program is distributed in the hope that it will be useful,
68
  //var $is_active_agent=false; //private
69
 
70
  /**
71
+ * constructor
72
  * @param string $ua (optional)
73
  * @return object(16)
74
  */
75
+ function __construct($ua=""){
76
  $this->is_browser=false;
77
  $this->is_mobile=false;
78
  $this->is_robot=false;
116
  unset($this->_done_browsers,$this->_done_spiders,$this->is_active_agent);
117
  return;
118
  } //end function __construct
119
+ /** PHP4-compatible constructor */
120
+ function uadetector($ua=""){$this->__construct($ua);}
121
 
122
  /**
123
  * Check user agent against a known list of top user agents
lib/upgrade.php CHANGED
@@ -697,7 +697,7 @@ function wassup_updateTable($wtable=""){
697
  } //end if 1.9
698
 
699
  //For all upgrades:
700
- // New in v1.9.4: get a new api key
701
  if(empty($wassup_options->wassup_googlemaps_key)){
702
  if(!empty($low_priority)){
703
  wp_schedule_single_event(time()+600,'wassup_scheduled_api_upg');
697
  } //end if 1.9
698
 
699
  //For all upgrades:
700
+ // get a new api key @since v1.9.4
701
  if(empty($wassup_options->wassup_googlemaps_key)){
702
  if(!empty($low_priority)){
703
  wp_schedule_single_event(time()+600,'wassup_scheduled_api_upg');
lib/wassup.class.php CHANGED
@@ -63,7 +63,7 @@ class wassupOptions {
63
  var $wassup_refspam = "1";
64
  var $wassup_attack = "1";
65
  var $wassup_hack = "1";
66
- var $refspam_whitelist=""; //new in v1.9.4: for incorrectly labeled referrer spam
67
 
68
  /* table/file management settings */
69
  var $wassup_table;
@@ -92,17 +92,17 @@ class wassupOptions {
92
  var $wassup_upgraded = 0; //upgrade timestamp @since v1.9
93
 
94
  /**
95
- * PHP4 constructor.
96
- *
97
  * optional argument to set default values for new/empty class vars @since v1.9
98
  * @param boolean $add_defaults
99
- * @return void
100
- *
101
  */
102
- public function wassupoptions($add_defaults=false){
103
  if($add_defaults)$this->_initSettings();
104
  else $this->loadSettings();
105
  }
 
 
 
106
  /** loads current settings/initializes empty class vars. */
107
  private function _initSettings(){
108
  $settings=$this->getSettings(true);
@@ -639,7 +639,7 @@ class wassupOptions {
639
  else $text=strip_tags(html_entity_decode(wp_kses($input,array())));
640
  //only alphanumeric chars allowed with few exceptions
641
  //since v1.9.3 allow '@' char for email searches
642
- //v1.9.4 bugfix: allow '/?&=' chars for url searches
643
  $cleantext=preg_replace('#([^0-9a-z\-_\.,\:\*\#/&\?=@\'" ]+)#i','',$text);
644
  return $cleantext;
645
  }
@@ -2088,8 +2088,8 @@ class wassupDb{
2088
  $table_create=$result[0][1];
2089
  $sql_header="#\n# " . sprintf(__('Table structure of table %s','wassup'),esc_attr($table))."\n#\n";
2090
  $sql_header .= preg_replace(array('/^CREATE\sTABLE\s(IF\sNOT\sEXISTS\s)?/i', '/AUTO_INCREMENT\=\d+\s/i'),array('CREATE TABLE IF NOT EXISTS ',''),$table_create).' ;';
2091
- $sql_header .= "\n#\n# ".sprintf(__('Data contents of table %s','wassup'),esc_attr($table))."\n#\n";
2092
  }
 
2093
  }
2094
  //set starting rec id of export query
2095
  if(empty($start_id) || !is_numeric($start_id)){
@@ -2163,7 +2163,7 @@ class wassupDb{
2163
  //write sql header
2164
  fwrite($output,$sql_header);
2165
  $i=0;
2166
- //field list for sql-insert
2167
  $sql_fields="INSERT INTO `".esc_attr($table).'` (';
2168
  foreach($fields AS $col){
2169
  if(empty($wassup_options->export_omit_recid) || $col != 'id'){
@@ -2534,24 +2534,25 @@ class wassupURI {
2534
  * @return string
2535
  */
2536
  static function get_menu_arg(){
2537
- $menuarg="wassup";
2538
- if(isset($_GET['page'])) $menuarg=htmlspecialchars($_GET['page']);
2539
- if(stristr($menuarg,"wassup")!==false){
2540
  if(isset($_GET['ml'])){
2541
- $menuarg=htmlspecialchars($_GET['ml']);
2542
  }else{
2543
- $wassupfolder=basename(WASSUPDIR);
2544
- if($menuarg=="wassup-stats"){
2545
- $menuarg="wassup";
2546
- }elseif($menuarg=="wassup-spia"){
2547
- $menuarg="wassup-spy";
2548
- }elseif($menuarg==$wassupfolder){
2549
- $menuarg="wassup";
2550
- }elseif($menuarg=="wassup-options"){
2551
- if(isset($_GET['tab'])){
2552
- if($_GET['tab']=="donate") $menuarg="wassup-donate";
2553
- elseif($_GET['tab']=="faq") $menuarg="wassup-faq";
2554
- }
 
2555
  }
2556
  }
2557
  }
63
  var $wassup_refspam = "1";
64
  var $wassup_attack = "1";
65
  var $wassup_hack = "1";
66
+ var $refspam_whitelist=""; //for incorrectly labeled referrer spam @since v1.9.4
67
 
68
  /* table/file management settings */
69
  var $wassup_table;
92
  var $wassup_upgraded = 0; //upgrade timestamp @since v1.9
93
 
94
  /**
95
+ * constructor.
 
96
  * optional argument to set default values for new/empty class vars @since v1.9
97
  * @param boolean $add_defaults
 
 
98
  */
99
+ public function __construct($add_defaults=false){
100
  if($add_defaults)$this->_initSettings();
101
  else $this->loadSettings();
102
  }
103
+ public function wassupoptions($add_defaults=false){
104
+ self::__construct($add_defaults);
105
+ }
106
  /** loads current settings/initializes empty class vars. */
107
  private function _initSettings(){
108
  $settings=$this->getSettings(true);
639
  else $text=strip_tags(html_entity_decode(wp_kses($input,array())));
640
  //only alphanumeric chars allowed with few exceptions
641
  //since v1.9.3 allow '@' char for email searches
642
+ //since v1.9.4 allow '/?&=' chars for url searches
643
  $cleantext=preg_replace('#([^0-9a-z\-_\.,\:\*\#/&\?=@\'" ]+)#i','',$text);
644
  return $cleantext;
645
  }
2088
  $table_create=$result[0][1];
2089
  $sql_header="#\n# " . sprintf(__('Table structure of table %s','wassup'),esc_attr($table))."\n#\n";
2090
  $sql_header .= preg_replace(array('/^CREATE\sTABLE\s(IF\sNOT\sEXISTS\s)?/i', '/AUTO_INCREMENT\=\d+\s/i'),array('CREATE TABLE IF NOT EXISTS ',''),$table_create).' ;';
 
2091
  }
2092
+ $sql_header .= "\n#\n# ".sprintf(__('Data contents of table %s','wassup'),esc_attr($table))."\n#\n";
2093
  }
2094
  //set starting rec id of export query
2095
  if(empty($start_id) || !is_numeric($start_id)){
2163
  //write sql header
2164
  fwrite($output,$sql_header);
2165
  $i=0;
2166
+ //make a field list for sql-insert statement in output below
2167
  $sql_fields="INSERT INTO `".esc_attr($table).'` (';
2168
  foreach($fields AS $col){
2169
  if(empty($wassup_options->export_omit_recid) || $col != 'id'){
2534
  * @return string
2535
  */
2536
  static function get_menu_arg(){
2537
+ $menuarg=""; //bugfix in v1.9.4.4 - thanks to @simonothen for finding this bug
2538
+ //return only wassup page
2539
+ if(isset($_GET['page']) && stristr($_GET['page'],'wassup')!==FALSE){
2540
  if(isset($_GET['ml'])){
2541
+ $menuarg=htmlspecialchars($_GET['ml']); //security fix @since v1.9.4.2 - thanks to Dimopoulos Elias for finding this bug
2542
  }else{
2543
+ $menuarg=htmlspecialchars($_GET['page']);
2544
+ }
2545
+ $wassupfolder=basename(WASSUPDIR);
2546
+ if($menuarg=="wassup-stats"){
2547
+ $menuarg="wassup";
2548
+ }elseif($menuarg=="wassup-spia"){
2549
+ $menuarg="wassup-spy";
2550
+ }elseif($menuarg==$wassupfolder){
2551
+ $menuarg="wassup";
2552
+ }elseif($menuarg=="wassup-options"){
2553
+ if(isset($_GET['tab'])){
2554
+ if($_GET['tab']=="donate") $menuarg="wassup-donate";
2555
+ elseif($_GET['tab']=="faq") $menuarg="wassup-faq";
2556
  }
2557
  }
2558
  }
lib/wassupadmin.php CHANGED
@@ -38,7 +38,7 @@ unset($wfile); //to free memory
38
  * @since v1.9
39
  */
40
  function wassup_admin_load(){
41
- global $current_user, $wassup_options;
42
  if(!defined('WASSUPURL')){
43
  if(!wassup_init()) return; //nothing to do
44
  }
@@ -58,9 +58,6 @@ function wassup_admin_load(){
58
  //show user-specific messages in all admin panels
59
  add_action('admin_notices',array(&$wassup_options,'showMessage'));
60
  }
61
- //for embed of javascripts and css tags in admin head
62
- add_action('admin_head','wassup_embeded_scripts',11);
63
- add_action('admin_head','wassup_add_css',11);
64
  //for admin menu and dashboard submenu
65
  if($wassup_options->network_activated_plugin() && is_network_admin()){
66
  add_action('network_admin_menu','wassup_add_pages');
@@ -79,6 +76,8 @@ function wassup_admin_load(){
79
  }
80
  }
81
  if(!empty($_GET['page']) && stristr($_GET['page'],'wassup')!==FALSE){
 
 
82
  //initialize user settings for Wassup, as needed
83
  if(empty($wassup_user_settings)) {
84
  $wassup_user_settings=$wassup_options->defaultSettings('wassup_user_settings');
@@ -86,6 +85,9 @@ function wassup_admin_load(){
86
  }
87
  //for display of Wassup page contents...only add-on modules need do this
88
  //add_action('wassup_page_content','wassup_page_contents',10,1);
 
 
 
89
  }
90
  } //end wassup_admin_load
91
 
@@ -259,7 +261,7 @@ function wassup_embeded_scripts($wassuppage="") {
259
  <script type="text/javascript">
260
  //<![CDATA[
261
  <?php
262
- //New in v1.9.4: ajax script to check download status of dynamically generated export file
263
  ?>
264
  var exportID="";
265
  var exportTimerCount=0;
@@ -324,7 +326,7 @@ jQuery(document).ready(function($) {
324
  $('.default-opt').click(function(){$(this).css("background-color","#d71");});
325
  $("a#BCdonate").toggle(function(){$('div#bc_placeholder').slideDown("slow");},function(){$('div#bc_placeholder').slideUp("slow");return false;});
326
  <?php
327
- //new in v1.9.4: dialog and javascripts for export action
328
  ?>
329
  $('#wassup-dialog').dialog({
330
  modal:true,
@@ -409,11 +411,7 @@ function showMarkerinfo(mmap,mlat,mlon,marker,markerwin){
409
  //]]>
410
  </script><?php
411
  echo "\n";
412
- }else{ //end if wassuppage == "wassup-spia"
413
- }
414
- ?>
415
- <script type='text/javascript'>var tb_pathToImage="<?php echo WASSUPURL.'/js/thickbox/loadingAnimation.gif';?>";</script>
416
- <?php
417
  } //end if _GET['page']
418
  } //end wassup_embeded_scripts
419
 
@@ -440,11 +438,7 @@ function wassup_add_css() {
440
  echo '<link href="'.WASSUPURL.'/css/jquery-ui/jquery-ui.css" rel="stylesheet" type="text/css" />'."\n";
441
  }
442
  }
443
- //always use Wassup's thickbox.css in Wassup panels
444
- if($wassuppage=="wassup" || $wassuppage=="wassup-online"){?>
445
- <link rel="stylesheet" href="<?php echo WASSUPURL.'/js/thickbox/thickbox.css';?>" type="text/css" /><?php
446
- echo "\n";
447
- }
448
  // Override some Wordpress css and Wassup default css settings on Wassup pages
449
  ?>
450
  <style type="text/css">
@@ -676,10 +670,11 @@ function WassUp() {
676
  $starttime=microtime_float(); //start script runtime
677
  //extend php script timeout..to 3 minutes
678
  $stimeout=ini_get('max_execution_time');
679
- if(is_numeric($stimeout) && $stimeout>0 && $stimeout<180){
 
680
  $disabled_funcs=ini_get('disable_functions');
681
- if((empty($disabled_funcs) || strpos($disabled_funcs,'set_time_limit')===false) && !ini_get('safe_mode')){
682
- @set_time_limit(180+1);
683
  }
684
  }
685
  $wassupfolder=basename(WASSUPDIR);
@@ -863,7 +858,7 @@ function WassUp() {
863
  $admin_message = __("Wassup options reset successfully","wassup")."." ;
864
  $wassup_user_settings=$wassup_options->resetUserSettings();
865
  if($wassup_options->is_recording_active()) wassup_cron_startup(); //restart wp-cron
866
- //New in v1.9.4: reset-to-default updates Wassup's map apikey
867
  if(empty($wassup_options->wassup_googlemaps_key)){
868
  $key=$wassup_options->lookup_apikey();
869
  }
@@ -1001,7 +996,7 @@ function WassUp() {
1001
  </small></p>
1002
  </div> <!-- end wassup-wrap --><?php
1003
 
1004
- //New in v1.9.4: start the refresh timer at end of page render
1005
  if($wassuppage == "wassup"){
1006
  $wrefresh = (int)$wassup_options->wassup_refresh;
1007
  if($wrefresh >0){
@@ -1042,11 +1037,13 @@ function wassup_page_contents($args=array()){
1042
  //extend php script timeout length for large datasets
1043
  $stimeout=ini_get("max_execution_time");
1044
  $can_set_timelimit=true;
1045
- if(is_numeric($stimeout) && $stimeout>0 && $stimeout <180){
 
1046
  $disabled_funcs=ini_get('disable_functions');
1047
- if((empty($disabled_funcs) || strpos($disabled_funcs,'set_time_limit')===false) && !ini_get('safe_mode')){
1048
  $result=@set_time_limit(180);
1049
- if($result) $stimeout=180;
 
1050
  }else{
1051
  $can_set_timelimit=false;
1052
  }
@@ -1656,7 +1653,7 @@ function wassup_page_contents($args=array()){
1656
  }?> <span class="separator">|</span>
1657
  <?php
1658
  //Top Stats window/popup params
1659
- //v1.9.4 bugfix: topstats from_date cannot be "0"
1660
  if($from_date==0 && $wlast==0){
1661
  $from_date=$wpdb->get_var(sprintf("SELECT MIN(`timestamp`) FROM `$wassup_table` WHERE `timestamp` < '%d'",$to_date));
1662
  }
@@ -1742,7 +1739,7 @@ function wassup_page_contents($args=array()){
1742
  foreach($wmain as $rk){
1743
  //monitor for script timeout limit and extend, if needed @since v1.9
1744
  $time_passed=time() - $stimer_start;
1745
- if($time_passed > ($stimeout-10)){
1746
  if($rkcount>0){
1747
  //report is hung, so terminate here
1748
  $data_error=__("Records display interrupted.","wassup")." - script timeout/partial data.";
@@ -2040,7 +2037,7 @@ function wassup_page_contents($args=array()){
2040
  $html='<p style="padding-top:10px;">'.__("Too few records to print chart","wassup").'...</p>';
2041
  if ($wpagestot > 12) {
2042
  //extend script timeout for chart
2043
- if($can_set_timelimit && (time()-$stimer_start)>$stimeout-30){
2044
  @set_time_limit($stimeout);
2045
  $stimer_start=time();
2046
  }
38
  * @since v1.9
39
  */
40
  function wassup_admin_load(){
41
+ global $current_user,$wp_version,$wassup_options;
42
  if(!defined('WASSUPURL')){
43
  if(!wassup_init()) return; //nothing to do
44
  }
58
  //show user-specific messages in all admin panels
59
  add_action('admin_notices',array(&$wassup_options,'showMessage'));
60
  }
 
 
 
61
  //for admin menu and dashboard submenu
62
  if($wassup_options->network_activated_plugin() && is_network_admin()){
63
  add_action('network_admin_menu','wassup_add_pages');
76
  }
77
  }
78
  if(!empty($_GET['page']) && stristr($_GET['page'],'wassup')!==FALSE){
79
+ add_action('admin_head','wassup_embeded_scripts',11);
80
+ add_action('admin_head','wassup_add_css',11);
81
  //initialize user settings for Wassup, as needed
82
  if(empty($wassup_user_settings)) {
83
  $wassup_user_settings=$wassup_options->defaultSettings('wassup_user_settings');
85
  }
86
  //for display of Wassup page contents...only add-on modules need do this
87
  //add_action('wassup_page_content','wassup_page_contents',10,1);
88
+ }elseif(version_compare($wp_version,'3.8','<') && strpos($_SERVER['REQUEST_URI'],'/plugin-install.php?')===false && strpos($_SERVER['REQUEST_URI'],'/plugins.php')===false){
89
+ //ignore css for plugins.php
90
+ add_action('admin_head','wassup_add_css',11);
91
  }
92
  } //end wassup_admin_load
93
 
261
  <script type="text/javascript">
262
  //<![CDATA[
263
  <?php
264
+ //ajax script to check download status of dynamically generated export file @since v1.9.4
265
  ?>
266
  var exportID="";
267
  var exportTimerCount=0;
326
  $('.default-opt').click(function(){$(this).css("background-color","#d71");});
327
  $("a#BCdonate").toggle(function(){$('div#bc_placeholder').slideDown("slow");},function(){$('div#bc_placeholder').slideUp("slow");return false;});
328
  <?php
329
+ //dialog and javascripts for export action @since v1.9.4
330
  ?>
331
  $('#wassup-dialog').dialog({
332
  modal:true,
411
  //]]>
412
  </script><?php
413
  echo "\n";
414
+ } //end if wassuppage == "wassup-spia"
 
 
 
 
415
  } //end if _GET['page']
416
  } //end wassup_embeded_scripts
417
 
438
  echo '<link href="'.WASSUPURL.'/css/jquery-ui/jquery-ui.css" rel="stylesheet" type="text/css" />'."\n";
439
  }
440
  }
441
+ //bugfix in v1.9.4.4: removed Wassup's thickbox css due to conflict in Wordpress admin panel
 
 
 
 
442
  // Override some Wordpress css and Wassup default css settings on Wassup pages
443
  ?>
444
  <style type="text/css">
670
  $starttime=microtime_float(); //start script runtime
671
  //extend php script timeout..to 3 minutes
672
  $stimeout=ini_get('max_execution_time');
673
+ if(!is_numeric($stimeout) || ($stimeout>0 && $stimeout<180)){
674
+ //set_time_limit is disabled on some hosts
675
  $disabled_funcs=ini_get('disable_functions');
676
+ if((empty($disabled_funcs) || strpos($disabled_funcs,'set_time_limit')===false)){
677
+ $result=@set_time_limit(180+1);
678
  }
679
  }
680
  $wassupfolder=basename(WASSUPDIR);
858
  $admin_message = __("Wassup options reset successfully","wassup")."." ;
859
  $wassup_user_settings=$wassup_options->resetUserSettings();
860
  if($wassup_options->is_recording_active()) wassup_cron_startup(); //restart wp-cron
861
+ //reset-to-default updates Wassup's map apikey @since v1.9.4
862
  if(empty($wassup_options->wassup_googlemaps_key)){
863
  $key=$wassup_options->lookup_apikey();
864
  }
996
  </small></p>
997
  </div> <!-- end wassup-wrap --><?php
998
 
999
+ //start the refresh timer at end of page render @since v1.9.4
1000
  if($wassuppage == "wassup"){
1001
  $wrefresh = (int)$wassup_options->wassup_refresh;
1002
  if($wrefresh >0){
1037
  //extend php script timeout length for large datasets
1038
  $stimeout=ini_get("max_execution_time");
1039
  $can_set_timelimit=true;
1040
+ if(!is_numeric($stimeout) || ($stimeout>0 && $stimeout <180)){
1041
+ //set_time_limit is disabled on some hosts
1042
  $disabled_funcs=ini_get('disable_functions');
1043
+ if((empty($disabled_funcs) || strpos($disabled_funcs,'set_time_limit')===false)){
1044
  $result=@set_time_limit(180);
1045
+ if($result !==false) $stimeout=180;
1046
+ else $can_set_timelimit=false;
1047
  }else{
1048
  $can_set_timelimit=false;
1049
  }
1653
  }?> <span class="separator">|</span>
1654
  <?php
1655
  //Top Stats window/popup params
1656
+ //topstats from_date cannot be "0"
1657
  if($from_date==0 && $wlast==0){
1658
  $from_date=$wpdb->get_var(sprintf("SELECT MIN(`timestamp`) FROM `$wassup_table` WHERE `timestamp` < '%d'",$to_date));
1659
  }
1739
  foreach($wmain as $rk){
1740
  //monitor for script timeout limit and extend, if needed @since v1.9
1741
  $time_passed=time() - $stimer_start;
1742
+ if($time_passed > ($stimeout - 10)){
1743
  if($rkcount>0){
1744
  //report is hung, so terminate here
1745
  $data_error=__("Records display interrupted.","wassup")." - script timeout/partial data.";
2037
  $html='<p style="padding-top:10px;">'.__("Too few records to print chart","wassup").'...</p>';
2038
  if ($wpagestot > 12) {
2039
  //extend script timeout for chart
2040
+ if($can_set_timelimit && (time() - $stimer_start)>$stimeout-30){
2041
  @set_time_limit($stimeout);
2042
  $stimer_start=time();
2043
  }
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: michelem, helened
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=michele%40befree%2eit&item_name=WassUp&no_shipping=0&no_note=1&tax=0&currency_code=EUR&lc=IT&bn=PP%2dDonationsBF&charset=UTF%2d8
4
  Tags: analytics, counter, online, seo, statistics, stats, tracker, traffic, trends, user, visitor, web
5
  Requires at least: 4.0
6
- Tested up to: 4.8
7
- Stable tag: 1.9.4.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -110,7 +110,7 @@ From the Wordpress widgets panel, drag the "WassUp Online" widget or the "Wassup
110
  Check the box for "Display a GEO IP Map in spy visitors view" under WassUp >>Options >>[General Setup] and save, then navigate to WassUp >>SPY Visitors panel to see the map.
111
 
112
  = The map has vanished and I get a message like: "Oops, something went wrong" or "Google has disabled use of the Maps API for this application". How do I fix this?" =
113
- Try upgrading to the latest version of Wassup, or go to Wassup-Options and click the Reset-to-Default button if you have already upgraded, or sign up for your own Google!Maps API key at https://developers.google.com/maps/documentation/javascript/get-api-key#key then enter the key under \"Spy Visitors settings\" in Wassup >>Options >>General Settings tab.
114
 
115
  = How do I exclude a visitor from being recorded? =
116
  Navigate to WassUp >>Options >>[Filters & Exclusions] tab and enter a visitor's username, IP address, or hostname into the appropriate field and save.
@@ -206,14 +206,27 @@ When you activate this plugin (as described in "Installation"), it works "as is"
206
  * WassUp is incompatible with the following static page caching plugins: WP Super Cache, WP Cache, WP Fastest Cache, and WP Hyper Cache.
207
 
208
  == Upgrade Notice ==
209
- = 1.9.4.2: Security bugfix =
210
- * Important security bugfix.
211
- * DO NOT UPGRADE when your site busy!
212
- * Read [installation instructions](http://wordpress.org/plugins/wassup/installation/) for safe upgrade instructions.
213
 
214
  == Changelog ==
215
- = 1.9.4.1 =
216
- * Important feature & bugfix upgrade.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
217
  = v1.9.4 =
218
  = Important feature improvement & bugfix upgrade =
219
  * new option to whitelist referrers that are mislabeled as spam in WassUp (ex: Rx or sexy words in domain name)
@@ -263,7 +276,7 @@ When you activate this plugin (as described in "Installation"), it works "as is"
263
 
264
  = v1.9.1 =
265
  = Critical security, compatibility, and bugfix upgrade =
266
- * patched security loopholes (xss vulnerability) in the 'Top stats' widget and in `wassupURI::add_siteurl` method (in Visitor Details/Online)
267
  * improved security against xss attacks on interface and widgets.
268
  * improved compliance with the latest Wordpress.org plugin repository guidelines.
269
  * improved browser/os detection.
@@ -362,4 +375,3 @@ When you activate this plugin (as described in "Installation"), it works "as is"
362
  * [Jquery](http://www.jquery.com) for the amazing Ajax framework
363
  * [FAMFAMFAM](http://www.famfamfam.com/) for the flags icons
364
  * Thanks to [@AlexandreFiori](http://twitter.com/alexandrefiori) for access to his GeoIP API at [freegeoip.net](http://freegeoip.net)
365
- * A big thanks to [Helene D.](http://helenesit.com/) for her help to improve WassUp!
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=michele%40befree%2eit&item_name=WassUp&no_shipping=0&no_note=1&tax=0&currency_code=EUR&lc=IT&bn=PP%2dDonationsBF&charset=UTF%2d8
4
  Tags: analytics, counter, online, seo, statistics, stats, tracker, traffic, trends, user, visitor, web
5
  Requires at least: 4.0
6
+ Tested up to: 4.9.4
7
+ Stable tag: 1.9.4.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
110
  Check the box for "Display a GEO IP Map in spy visitors view" under WassUp >>Options >>[General Setup] and save, then navigate to WassUp >>SPY Visitors panel to see the map.
111
 
112
  = The map has vanished and I get a message like: "Oops, something went wrong" or "Google has disabled use of the Maps API for this application". How do I fix this?" =
113
+ Try upgrading to the latest version of Wassup, or go to Wassup-Options and click the Reset-to-Default button if you have already upgraded, or sign up for your own Google!Maps API key from [Google's API console](https://developers.google.com/maps/documentation/javascript/get-api-key#key) then enter the key in the indicated field under Wassup >>Options >>General Settings tab.
114
 
115
  = How do I exclude a visitor from being recorded? =
116
  Navigate to WassUp >>Options >>[Filters & Exclusions] tab and enter a visitor's username, IP address, or hostname into the appropriate field and save.
206
  * WassUp is incompatible with the following static page caching plugins: WP Super Cache, WP Cache, WP Fastest Cache, and WP Hyper Cache.
207
 
208
  == Upgrade Notice ==
209
+ = 1.9.4.4 =
210
+ * Important bugfix update. DO NOT UPGRADE when your site busy! Read [installation instructions](http://wordpress.org/plugins/wassup/installation/) for safe upgrade instructions.
 
 
211
 
212
  == Changelog ==
213
+ = v1.9.4.4 =
214
+ * fixed a bug that affected Wassup's tabbed submenu navigation. Thanks to @simonothen for finding this bug
215
+ * fixed a lightbox conflict caused by Wassup's thickbox.js
216
+ * fixed a bug that caused notices to display to visitors when in debug mode
217
+ * fixed a security vulnerability in Topstats (top10 and widget). Thanks to Anton Q. for finding this.
218
+ * minor code changes
219
+
220
+ = v1.9.4.3 =
221
+ * merged PHP7 compatibility updates (from v1.9.4.1) into master
222
+ * minor text changes
223
+
224
+ = v1.9.4.2 =
225
+ * Important security bugfix. Thanks to Dimopoulos Elias for finding this bug.
226
+
227
+ = v1.9.4.1 =
228
+ * updated classes for PHP7-compatible class constructors (not released)
229
+
230
  = v1.9.4 =
231
  = Important feature improvement & bugfix upgrade =
232
  * new option to whitelist referrers that are mislabeled as spam in WassUp (ex: Rx or sexy words in domain name)
276
 
277
  = v1.9.1 =
278
  = Critical security, compatibility, and bugfix upgrade =
279
+ * patched security loopholes (xss vulnerability) in the 'Top stats' widget and in `wassupURI::add_siteurl` method
280
  * improved security against xss attacks on interface and widgets.
281
  * improved compliance with the latest Wordpress.org plugin repository guidelines.
282
  * improved browser/os detection.
375
  * [Jquery](http://www.jquery.com) for the amazing Ajax framework
376
  * [FAMFAMFAM](http://www.famfamfam.com/) for the flags icons
377
  * Thanks to [@AlexandreFiori](http://twitter.com/alexandrefiori) for access to his GeoIP API at [freegeoip.net](http://freegeoip.net)
 
wassup.php CHANGED
@@ -3,15 +3,15 @@
3
  Plugin Name: WassUp Real Time Analytics
4
  Plugin URI: http://www.wpwp.org
5
  Description: Analyze your website traffic with accurate, real-time stats, live views, visitor counts, top stats, IP geolocation, customizable tracking, and more. For Wordpress 2.2+
6
- Version: 1.9.4.2
7
  Author: Michele Marcucci, Helene Duncker
8
  Author URI: http://www.michelem.org/
9
  Text Domain: wassup
10
  Domain Path: /language
11
  License: GPL2
12
 
13
- Copyright (c) 2007-2016 Michele Marcucci
14
- Released under the GNU General Public License GPLv2 or later
15
  http://www.gnu.org/licenses/gpl-2.0.html
16
 
17
  Disclaimer:
@@ -52,10 +52,10 @@ function wassup_init($init_settings=false){
52
 
53
  //define wassup globals & constants
54
  if(!defined('WASSUPVERSION')){
55
- define('WASSUPVERSION','1.9.4.2');
56
- define('WASSUPDIR',dirname(preg_replace('/\\\\/','/',__FILE__)));
57
  }
58
- //turn on debugging (global)...Use cautiously! Will display errors from all plugins, not just WassUp
59
  $wdebug_mode=false;
60
  if(defined('WP_DEBUG') && WP_DEBUG==true) $wdebug_mode=true;
61
  if($wdebug_mode){
@@ -68,7 +68,10 @@ function wassup_init($init_settings=false){
68
  $wdebug_mode=false;
69
  @wassup_disable_errors();
70
  }else{
71
- wassup_enable_errors();
 
 
 
72
  if(headers_sent()){
73
  //an error was likely displayed to screen
74
  echo "\n".'<!-- wassup_init start -->';
@@ -140,7 +143,7 @@ function wassup_init($init_settings=false){
140
  }
141
  if($wdebug_mode && headers_sent()){
142
  //an error message was likely displayed to screen
143
- echo "\n".'<!-- wassup_init end -->'."\n";
144
  }
145
  return $is_compatible;
146
  } //end wassup_init
@@ -157,7 +160,7 @@ function wassup_init($init_settings=false){
157
  * @return void
158
  */
159
  function wassup_install($network_wide=false) {
160
- global $wpdb,$wp_version,$wassup_options;
161
 
162
  $wassup_settings=get_option('wassup_settings'); //save old settings
163
  $wassup_network_settings=array();
@@ -623,7 +626,7 @@ function wassup_admin_preload() {
623
  /**
624
  * Loads javascript and css files for Wassup admin pages.
625
  * - Enqueues "spia.js", "jquery-ui.js" (various), "jquery-migrate.js" (also queues "jquery.js")
626
- * - Resets "thickbox.js" to Wassup's internal copy and enqueues it.
627
  * - Enqueues "wassup.js" and "wassup.css" for Wassup panels
628
  */
629
  function wassup_add_scripts(){
@@ -648,17 +651,12 @@ function wassup_add_scripts(){
648
  wp_dequeue_style('jquery-ui-core.css');
649
  wp_dequeue_style('jquery-ui.css');
650
  }
651
- //use Wassup's custom copy of thickbox.js always
652
- if(file_exists(WASSUPDIR.'/js/thickbox/thickbox.js')){
653
- wp_deregister_script('thickbox');
654
- wp_dequeue_style('thickbox.css');
655
- //register Wassup's thickbox.js
656
- wp_enqueue_script('thickbox',WASSUPURL.'/js/thickbox/thickbox.js',array('jquery'),'3');
657
- }
658
  //enqueue jquery-migrate.js (and 'jquery.js')
659
  wp_enqueue_script('jquery-migrate');
660
- wp_enqueue_script('wassup'); //wassup.js @since v1.9
661
- //queue wassup stylesheet link tag
662
  wp_enqueue_style('wassup', WASSUPURL.'/css/wassup.css',array(),$vers);
663
  }elseif(strpos($_SERVER['REQUEST_URI'],'/widgets.php')!==false || strpos($_SERVER['REQUEST_URI'],'/customize.php')!==false){
664
  //customizer css for wassup-widget control style
@@ -781,24 +779,33 @@ function wassup_log_message($msg,$msgtype="",$msgkey="0"){
781
  }
782
  /** Turns off all error notices except fatal errors. */
783
  function wassup_disable_errors(){
784
- ini_set('error_reporting',E_ERROR);
785
- //error_reporting(0); //same as above
786
  ini_set('display_errors','Off');
787
  }
788
  /** Turns on all error notices */
789
  function wassup_enable_errors(){
790
- global $wp_version;
791
- ini_set('display_errors','On');
792
  //don't use 'strict standards' in old Wordpress versions (part of E_ALL since PHP 5.4)
793
  $php_vers=phpversion();
794
- if(version_compare($php_vers,'5.0','>=')){
795
- if(version_compare($wp_version,'4.0','>=')){
796
- ini_set('error_reporting',E_ALL);
 
 
 
797
  }else{
798
- ini_set('error_reporting',E_ALL & ~E_STRICT & ~E_DEPRECATED);
799
  }
 
 
800
  }else{
801
- ini_set('error_reporting',E_ALL);
 
 
 
 
 
 
802
  }
803
  } //end wassup_enable_errors
804
 
@@ -818,12 +825,19 @@ function wassupPrepend() {
818
  if(empty($wassup_options) || !$wassup_options->is_recording_active()){ //do nothing
819
  return;
820
  }
821
- //New in v1.9.4: don't track ajax requests from some plugins
822
  $active_plugins=maybe_serialize(get_option('active_plugins'));
823
  //don't track Woocommerce ajax requests
824
  if(isset($_REQUEST['wc-ajax']) && preg_match('#/woocommerce\.php#',$active_plugins)>0){
825
  return;
826
  }
 
 
 
 
 
 
 
827
  $wassup_table=$wassup_options->wassup_table;
828
  $wassup_tmp_table=$wassup_table."_tmp";
829
  $wscreen_res="";
@@ -965,6 +979,11 @@ function wassupPrepend() {
965
  $args=array('dbtasks'=>$wassup_dbtask);
966
  wassupDb::scheduled_dbtask($args);
967
  }
 
 
 
 
 
968
  } //end wassupPrepend
969
 
970
  /**
@@ -1001,7 +1020,6 @@ function wassupAppend($req_code=0) {
1001
  if($is_media || is_feed() || (!is_page() && !is_home() && !is_single() && !is_archive())){
1002
  //turn off error display for media, feed, and any non-html requests
1003
  $wdebug_mode=false;
1004
- @wassup_disable_errors();
1005
  }else{
1006
  if(is_admin() || headers_sent()){
1007
  echo "\n".'<!-- *WassUp DEBUG On '."\n"; //hide errors
@@ -1012,6 +1030,11 @@ function wassupAppend($req_code=0) {
1012
  }
1013
  wassup_enable_errors();
1014
  }
 
 
 
 
 
1015
  } //end if $wdebug_mode
1016
  $error_msg="";
1017
  $wassup_table = $wassup_options->wassup_table;
@@ -1721,9 +1744,9 @@ function wassupAppend($req_code=0) {
1721
  if($wassup_options->wassup_refspam == 1 && !empty($referrer) && !$is_admin_login && stristr($referrer,$wpurl)!=$referrer && stristr($referrer,$blogurl)!=$referrer && $referrer!=$blogurl.$urlRequested){
1722
  $refdomain=wassupURI::get_urldomain($referrer);
1723
  $sitedomain=wassupURI::get_urldomain();
1724
- //New in v1.9.4: skip referrer check if from own domain
1725
  if($refdomain != $sitedomain || strpos($referrer,'=')!==false){
1726
- //New in v1.9.4: skip referrer check if on whitelist
1727
  if(empty($wassup_options->refspam_whitelist) || preg_match('#(?:^|\s*,)\s*('.preg_quote($refdomain).')\s*(?:,|$)#',$wassup_options->refspam_whitelist)==0){
1728
  //check if referrer is a previous comment spammer
1729
  if($spamComment->isRefSpam($referrer)>0){
@@ -1798,7 +1821,7 @@ function wassupAppend($req_code=0) {
1798
  // get search engine and search keywords from referrer
1799
  $searchengine="";
1800
  $search_phrase="";
1801
- $searchpage="";
1802
  $searchlocale="";
1803
  //don't check own blog for search engine data
1804
  if (!empty($referrer) && $spam == "0" && stristr($referrer,$blogurl)!=$referrer && !$wdebug_mode) {
@@ -1826,7 +1849,7 @@ function wassupAppend($req_code=0) {
1826
  if(is_array($se) && !empty($se['searchengine'])){
1827
  $searchengine=$se['searchengine'];
1828
  $search_phrase=$se['keywords'];
1829
- $searchpage=$se['page'];
1830
  $searchlang=$se['language'];
1831
  $searchlocale=$se['locale'];
1832
  }
@@ -1840,7 +1863,7 @@ function wassupAppend($req_code=0) {
1840
  $se=wSeReferer($ref);
1841
  if (!empty($se['Query'])) {
1842
  $search_phrase = $se['Query'];
1843
- $searchpage = $se['Pos'];
1844
  $searchdomain = $se['Se'];
1845
  //check for empty secure searches
1846
  } elseif(strpos($ref,'https://www.bing.')!==false || strpos($ref,'https://www.yahoo.')!==false || strpos($ref,'https://www.google.')!==false) {
@@ -1859,9 +1882,11 @@ function wassupAppend($req_code=0) {
1859
  if ($searchpage != $pcs[1]) {
1860
  $searchpage = $pcs[1];
1861
  }
1862
- } else {
1863
  // NOTE: Position retrieved in Google Images is the position number of image NOT page rank position like web search
1864
  $searchpage=(int)($searchpage/10)+1;
 
 
1865
  }
1866
  }
1867
  //append country code to search engine name
@@ -2183,8 +2208,11 @@ function wassupAppend($req_code=0) {
2183
  $wassup_key=wassup_clientIP($_SERVER['REMOTE_ADDR']);
2184
  wassupDb::update_wassupmeta($wassup_key,'_debug_output',$expire,$debug_output);
2185
  }
2186
- //restore normal mode
2187
- @ini_set('display_errors',$mode_reset);
 
 
 
2188
  } //end if wdebug_mode
2189
  } //end wassupAppend
2190
 
@@ -2918,7 +2946,7 @@ function wGetSpider($agent="",$hostname="", $browser=""){
2918
  $pcs=array();
2919
  //identify obvious script injection bots
2920
  if(!empty($ua)){
2921
- //New in v1.9.3.1: check for more variations of <script> and <a> tags embedded in user agent string
2922
  if(stristr($ua,'location.href')!==FALSE){
2923
  $crawlertype="H";
2924
  $crawler="Script Injection bot";
@@ -3953,6 +3981,7 @@ function wIsAttack($http_target="") {
3953
  //### Website content functions
3954
  // START initializing Widget
3955
  function wassup_widget_init(){
 
3956
  if(!defined('WASSUPURL')){
3957
  if(!wassup_init()) return; //nothing to do
3958
  }
@@ -3960,6 +3989,12 @@ function wassup_widget_init(){
3960
  'wassup_onlineWidget',
3961
  'wassup_topstatsWidget',
3962
  );
 
 
 
 
 
 
3963
  if(!class_exists('wassup_onlineWidget')) include_once(WASSUPDIR.'/widgets/widgets.php');
3964
  foreach($wassup_widget_classes as $wwidget){
3965
  if(!empty($wwidget) && class_exists($wwidget)){
@@ -3967,6 +4002,10 @@ function wassup_widget_init(){
3967
  elseif(function_exists('wassup_compat_register_widget')) wassup_compat_register_widget($wwidget); //compatibility function
3968
  }
3969
  }
 
 
 
 
3970
  }
3971
 
3972
  /**
@@ -4007,7 +4046,7 @@ function wassup_sidebar($before_widget='',$after_widget='',$before_title='',$aft
4007
  //base widget info
4008
  $widget_html="\n".$before_widget;
4009
  if(!empty($title)) $widget_html.='
4010
- '.$before_title.$title.$after_title;
4011
  $widget_html .='
4012
  <p class="small">'.__("No Data","wassup").'</p>'.wassup_widget_foot_meta().$after_widget;
4013
  //calculate widget users online and top stats data
@@ -4032,7 +4071,7 @@ function wassup_sidebar($before_widget='',$after_widget='',$before_title='',$aft
4032
  if(!empty($html)){
4033
  $online_html= "\n".$before_widget;
4034
  if(!empty($title)) $online_html.='
4035
- '.$before_title.$title.$after_title;
4036
  $online_html .='
4037
  <ul'.$ulclass.'>
4038
  '.$html.'
3
  Plugin Name: WassUp Real Time Analytics
4
  Plugin URI: http://www.wpwp.org
5
  Description: Analyze your website traffic with accurate, real-time stats, live views, visitor counts, top stats, IP geolocation, customizable tracking, and more. For Wordpress 2.2+
6
+ Version: 1.9.4.4
7
  Author: Michele Marcucci, Helene Duncker
8
  Author URI: http://www.michelem.org/
9
  Text Domain: wassup
10
  Domain Path: /language
11
  License: GPL2
12
 
13
+ Copyright (c) 2007-2018 Michele Marcucci
14
+ Released under the GNU General Public License GPLv2 or later
15
  http://www.gnu.org/licenses/gpl-2.0.html
16
 
17
  Disclaimer:
52
 
53
  //define wassup globals & constants
54
  if(!defined('WASSUPVERSION')){
55
+ define('WASSUPVERSION','1.9.4.4');
56
+ define('WASSUPDIR',dirname(preg_replace('/\\\\/','/',__FILE__)));
57
  }
58
+ //turn on debugging in Wassup (global)...Use cautiously! May display errors from other plugins, not just WassUp
59
  $wdebug_mode=false;
60
  if(defined('WP_DEBUG') && WP_DEBUG==true) $wdebug_mode=true;
61
  if($wdebug_mode){
68
  $wdebug_mode=false;
69
  @wassup_disable_errors();
70
  }else{
71
+ //Bugfix in v1.9.4.4: set error_reporting in "init" only when WP_DEBUG is not set
72
+ if(!defined("WP_DEBUG") || WP_DEBUG===false){
73
+ @wassup_enable_errors();
74
+ }
75
  if(headers_sent()){
76
  //an error was likely displayed to screen
77
  echo "\n".'<!-- wassup_init start -->';
143
  }
144
  if($wdebug_mode && headers_sent()){
145
  //an error message was likely displayed to screen
146
+ echo "\n"."<!-- is_compatible=$is_compatible \ncurrent_local=$current_locale \ninit_settings=$init_settings \nwassup_init end -->"."\n";
147
  }
148
  return $is_compatible;
149
  } //end wassup_init
160
  * @return void
161
  */
162
  function wassup_install($network_wide=false) {
163
+ global $wpdb,$wp_version,$wassup_options,$wdebug_mode; //Bugfix in v1.9.4.4: add wdebug_mode to globals
164
 
165
  $wassup_settings=get_option('wassup_settings'); //save old settings
166
  $wassup_network_settings=array();
626
  /**
627
  * Loads javascript and css files for Wassup admin pages.
628
  * - Enqueues "spia.js", "jquery-ui.js" (various), "jquery-migrate.js" (also queues "jquery.js")
629
+ * - adds "thickbox.js"
630
  * - Enqueues "wassup.js" and "wassup.css" for Wassup panels
631
  */
632
  function wassup_add_scripts(){
651
  wp_dequeue_style('jquery-ui-core.css');
652
  wp_dequeue_style('jquery-ui.css');
653
  }
654
+ //bugfix in v1.9.4.4 - removed Wassup's copy of Thickbox due to conflict with Wordpress admin
655
+ add_thickbox(); //Wordpress 2.5+ built-in function to add thickbox
 
 
 
 
 
656
  //enqueue jquery-migrate.js (and 'jquery.js')
657
  wp_enqueue_script('jquery-migrate');
658
+ wp_enqueue_script('wassup');
659
+ //queue wassup stylesheet
660
  wp_enqueue_style('wassup', WASSUPURL.'/css/wassup.css',array(),$vers);
661
  }elseif(strpos($_SERVER['REQUEST_URI'],'/widgets.php')!==false || strpos($_SERVER['REQUEST_URI'],'/customize.php')!==false){
662
  //customizer css for wassup-widget control style
779
  }
780
  /** Turns off all error notices except fatal errors. */
781
  function wassup_disable_errors(){
782
+ error_reporting(E_ERROR);
 
783
  ini_set('display_errors','Off');
784
  }
785
  /** Turns on all error notices */
786
  function wassup_enable_errors(){
787
+ global $wp_version, $wdebug_mode;
 
788
  //don't use 'strict standards' in old Wordpress versions (part of E_ALL since PHP 5.4)
789
  $php_vers=phpversion();
790
+ if(version_compare($php_vers,'5.4','>=')){
791
+ //turn off deprecated notices in PHP7
792
+ if(version_compare($php_vers,'7.0','>=')){
793
+ error_reporting(E_ALL & ~E_DEPRECATED & ~E_USER_DEPRECATED );
794
+ }elseif(version_compare($wp_version,'4.0','<')){
795
+ error_reporting(E_ALL & ~E_STRICT);
796
  }else{
797
+ error_reporting(E_ALL);
798
  }
799
+ }elseif(version_compare($wp_version,'4.0','<')){
800
+ error_reporting(E_ALL & ~E_STRICT);
801
  }else{
802
+ error_reporting(E_ALL);
803
+ }
804
+ if(!empty($wdebug_mode)){
805
+ //Bugfix in v1.9.4.4: don't set display_errors unless WP_DEBUG is not set
806
+ if(!defined('WP_DEBUG') || !defined("WP_DEBUG_DISPLAY")){
807
+ ini_set('display_errors','On');
808
+ }
809
  }
810
  } //end wassup_enable_errors
811
 
825
  if(empty($wassup_options) || !$wassup_options->is_recording_active()){ //do nothing
826
  return;
827
  }
828
+ //don't track ajax requests from some plugins @since v1.9.4
829
  $active_plugins=maybe_serialize(get_option('active_plugins'));
830
  //don't track Woocommerce ajax requests
831
  if(isset($_REQUEST['wc-ajax']) && preg_match('#/woocommerce\.php#',$active_plugins)>0){
832
  return;
833
  }
834
+ //Bugfix in v1.9.4.4: suppress php7 deprecated notices
835
+ if(!$wdebug_mode){
836
+ $errmode_reset=error_reporting();
837
+ $errdisplay_reset=ini_get('display_errors');
838
+ wassup_disable_errors();
839
+ }
840
+
841
  $wassup_table=$wassup_options->wassup_table;
842
  $wassup_tmp_table=$wassup_table."_tmp";
843
  $wscreen_res="";
979
  $args=array('dbtasks'=>$wassup_dbtask);
980
  wassupDb::scheduled_dbtask($args);
981
  }
982
+ //restore default error_reporting @since v1.9.4.4
983
+ if(!$wdebug_mode && isset($errmode_reset)){
984
+ error_reporting($errmode_reset);
985
+ @ini_set('display_errors',$errdisplay_reset);
986
+ }
987
  } //end wassupPrepend
988
 
989
  /**
1020
  if($is_media || is_feed() || (!is_page() && !is_home() && !is_single() && !is_archive())){
1021
  //turn off error display for media, feed, and any non-html requests
1022
  $wdebug_mode=false;
 
1023
  }else{
1024
  if(is_admin() || headers_sent()){
1025
  echo "\n".'<!-- *WassUp DEBUG On '."\n"; //hide errors
1030
  }
1031
  wassup_enable_errors();
1032
  }
1033
+ }else{
1034
+ //Bugfix in v1.9.4.4: suppress PHP7 deprecated notices
1035
+ $errmode_reset=error_reporting();
1036
+ $errdisplay_reset=ini_get('display_errors');
1037
+ @wassup_disable_errors();
1038
  } //end if $wdebug_mode
1039
  $error_msg="";
1040
  $wassup_table = $wassup_options->wassup_table;
1744
  if($wassup_options->wassup_refspam == 1 && !empty($referrer) && !$is_admin_login && stristr($referrer,$wpurl)!=$referrer && stristr($referrer,$blogurl)!=$referrer && $referrer!=$blogurl.$urlRequested){
1745
  $refdomain=wassupURI::get_urldomain($referrer);
1746
  $sitedomain=wassupURI::get_urldomain();
1747
+ //skip referrer check if from own domain @since v1.9.4
1748
  if($refdomain != $sitedomain || strpos($referrer,'=')!==false){
1749
+ //skip referrer check if on whitelist @since v1.9.4
1750
  if(empty($wassup_options->refspam_whitelist) || preg_match('#(?:^|\s*,)\s*('.preg_quote($refdomain).')\s*(?:,|$)#',$wassup_options->refspam_whitelist)==0){
1751
  //check if referrer is a previous comment spammer
1752
  if($spamComment->isRefSpam($referrer)>0){
1821
  // get search engine and search keywords from referrer
1822
  $searchengine="";
1823
  $search_phrase="";
1824
+ $searchpage="0";
1825
  $searchlocale="";
1826
  //don't check own blog for search engine data
1827
  if (!empty($referrer) && $spam == "0" && stristr($referrer,$blogurl)!=$referrer && !$wdebug_mode) {
1849
  if(is_array($se) && !empty($se['searchengine'])){
1850
  $searchengine=$se['searchengine'];
1851
  $search_phrase=$se['keywords'];
1852
+ $searchpage=(int)$se['page'];
1853
  $searchlang=$se['language'];
1854
  $searchlocale=$se['locale'];
1855
  }
1863
  $se=wSeReferer($ref);
1864
  if (!empty($se['Query'])) {
1865
  $search_phrase = $se['Query'];
1866
+ $searchpage = (int)$se['Pos'];
1867
  $searchdomain = $se['Se'];
1868
  //check for empty secure searches
1869
  } elseif(strpos($ref,'https://www.bing.')!==false || strpos($ref,'https://www.yahoo.')!==false || strpos($ref,'https://www.google.')!==false) {
1882
  if ($searchpage != $pcs[1]) {
1883
  $searchpage = $pcs[1];
1884
  }
1885
+ } elseif(!empty($searchpage)) {
1886
  // NOTE: Position retrieved in Google Images is the position number of image NOT page rank position like web search
1887
  $searchpage=(int)($searchpage/10)+1;
1888
+ }else{
1889
+ $searchpage=1;
1890
  }
1891
  }
1892
  //append country code to search engine name
2208
  $wassup_key=wassup_clientIP($_SERVER['REMOTE_ADDR']);
2209
  wassupDb::update_wassupmeta($wassup_key,'_debug_output',$expire,$debug_output);
2210
  }
2211
+ }elseif(isset($errmode_reset)){
2212
+ //Bugfix in v1.9.4.4: reset error mode only if set
2213
+ //restore normal error mode
2214
+ error_reporting($errmode_reset);
2215
+ @ini_set('display_errors',$errdisplay_reset);
2216
  } //end if wdebug_mode
2217
  } //end wassupAppend
2218
 
2946
  $pcs=array();
2947
  //identify obvious script injection bots
2948
  if(!empty($ua)){
2949
+ //check for more variations of <script> and <a> tags embedded in user agent string @since v1.9.3.1
2950
  if(stristr($ua,'location.href')!==FALSE){
2951
  $crawlertype="H";
2952
  $crawler="Script Injection bot";
3981
  //### Website content functions
3982
  // START initializing Widget
3983
  function wassup_widget_init(){
3984
+ global $wdebug_mode;
3985
  if(!defined('WASSUPURL')){
3986
  if(!wassup_init()) return; //nothing to do
3987
  }
3989
  'wassup_onlineWidget',
3990
  'wassup_topstatsWidget',
3991
  );
3992
+ //Bugfix in v1.9.4.4: turn off PHP7 deprecated warnings
3993
+ if(!$wdebug_mode){
3994
+ $errmode_reset=error_reporting();
3995
+ $errdisplay_reset=ini_get('display_errors');
3996
+ @wassup_disable_errors();
3997
+ }
3998
  if(!class_exists('wassup_onlineWidget')) include_once(WASSUPDIR.'/widgets/widgets.php');
3999
  foreach($wassup_widget_classes as $wwidget){
4000
  if(!empty($wwidget) && class_exists($wwidget)){
4002
  elseif(function_exists('wassup_compat_register_widget')) wassup_compat_register_widget($wwidget); //compatibility function
4003
  }
4004
  }
4005
+ if(!$wdebug_mode && isset($errmode_reset)){
4006
+ error_reporting($errmode_reset);
4007
+ @ini_set('display_errors',$errdisplay_reset);
4008
+ }
4009
  }
4010
 
4011
  /**
4046
  //base widget info
4047
  $widget_html="\n".$before_widget;
4048
  if(!empty($title)) $widget_html.='
4049
+ '.$before_title.esc_attr($title).$after_title;
4050
  $widget_html .='
4051
  <p class="small">'.__("No Data","wassup").'</p>'.wassup_widget_foot_meta().$after_widget;
4052
  //calculate widget users online and top stats data
4071
  if(!empty($html)){
4072
  $online_html= "\n".$before_widget;
4073
  if(!empty($title)) $online_html.='
4074
+ '.$before_title.esc_attr($title).$after_title;
4075
  $online_html .='
4076
  <ul'.$ulclass.'>
4077
  '.$html.'
widgets/widget_functions.php CHANGED
@@ -339,7 +339,25 @@ function wassup_widget_get_topstat($item,$limit,$chars,$from_date,$show_counts=0
339
  $html .='<nobr>'.$top_count.'<span class="top-item">'.wassupURI::disarm_attack($wtop->top_item).'</span></nobr>';
340
  }
341
  $html .='</li>';
342
- }elseif($scol == "url_wpid" || $scol == "search"){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
343
  $html .='
344
  <li'.$liclass.'>';
345
  if(!empty($wtop->top_link)){
339
  $html .='<nobr>'.$top_count.'<span class="top-item">'.wassupURI::disarm_attack($wtop->top_item).'</span></nobr>';
340
  }
341
  $html .='</li>';
342
+ }elseif($scol == "url_wpid"){
343
+ $html .='
344
+ <li'.$liclass.'>';
345
+ //let Wordpress escape title
346
+ if(!empty($wtop->top_group) && is_numeric($wtop->top_group)){
347
+ $p_title=get_the_title($wtop->top_group);
348
+ if(empty($p_title) && !empty($wtop->top_item)){
349
+ $p_title=esc_attr($wtop->top_item);
350
+ }
351
+ }else{
352
+ $p_title=esc_attr($wtop->top_item);
353
+ }
354
+ if(!empty($wtop->top_link)){
355
+ $html .=$top_count.'<span class="top-item"><a href="'.wassupURI::cleanURL($wtop->top_link).'" title="'.$p_title.'">'.$p_title.'</a></span>';
356
+ }else{
357
+ $html .=$top_count.'<span class="top-item">'.$p_title.'</span>';
358
+ }
359
+ $html .='</li>';
360
+ }elseif($scol == "search"){
361
  $html .='
362
  <li'.$liclass.'>';
363
  if(!empty($wtop->top_link)){
widgets/widgets.php CHANGED
@@ -34,7 +34,7 @@ if(!function_exists('wassup_widget_clear_cache')) require_once(WASSUPDIR.'/widge
34
  if(!class_exists('Wassup_Widget')){
35
  /**
36
  * Base class for building Wassup aside widgets
37
- * - sets common default options for all child widgets
38
  * - adds wassup-widget.css to page header
39
  * - generate a unique 'wassup_widget_id' for widget caching
40
  *
@@ -49,8 +49,8 @@ if(!class_exists('Wassup_Widget')){
49
  * ::widget - displays the widget.
50
  */
51
  class Wassup_Widget extends WP_Widget{
52
- /** __construct */
53
- function wassup_widget($id="wassup_widget",$name="Wassup Widget",$widget_opts=array(),$control_opts=array()){
54
  global $wp_version;
55
  $default_widget_opts=array(
56
  'widget_description'=>"WassUp ".__("base widget","wassup"),
@@ -80,7 +80,7 @@ class Wassup_Widget extends WP_Widget{
80
  $this->wassup_add_css();
81
  }
82
  /** Widget control form - for widget options */
83
- function form($old_instance){
84
  $defaults=array(
85
  'title'=>"",
86
  'chars'=>0,
@@ -112,7 +112,7 @@ class Wassup_Widget extends WP_Widget{
112
  } //end form
113
 
114
  /** saves widget options */
115
- function update($new_instance=array(),$old_instance=array()){
116
  global $wassup_options;
117
  $instance=false;
118
  $instance['title']=(isset($new_instance['title'])?$wassup_options->cleanFormText($new_instance['title']):"");
@@ -125,7 +125,7 @@ class Wassup_Widget extends WP_Widget{
125
  } //end update
126
 
127
  /** displays widget content on web site */
128
- function widget($wargs,$instance=array()){
129
  global $wassup_options,$wdebug_mode;
130
  $widget_opt=$wargs;
131
  if(empty($instance['wassup_widget_id'])) $instance=$this->wassup_get_widget_id($instance);
@@ -151,7 +151,7 @@ class Wassup_Widget extends WP_Widget{
151
 
152
  /* Do NOT Override the methods below */
153
  /** adds head style tag for widget/widget-form display */
154
- function wassup_add_css(){
155
  //widget css - one style tag for multiple widgets
156
  if(!is_admin()){
157
  //styles for widget display
@@ -167,7 +167,7 @@ class Wassup_Widget extends WP_Widget{
167
  }
168
  }
169
  /** create a unique id for caching Wassup widgets html */
170
- function wassup_get_widget_id($instance){
171
  global $wassup_options;
172
  $wassup_widget_id=$this->option_name."-".$this->number;
173
  //add blog_id for unique ids in network activation
@@ -176,7 +176,7 @@ class Wassup_Widget extends WP_Widget{
176
  return $instance;
177
  }
178
  /** update for new widget settings, add new default values */
179
- function wassup_parse_args($old_instance,$defaults){
180
  $all_defaults=wp_parse_args($defaults,$this->wassup_default_opts);
181
  if(empty($old_instance['wassup_widget_id'])){
182
  $instance=$this->wassup_get_widget_id($all_defaults);
@@ -194,19 +194,19 @@ class Wassup_Widget extends WP_Widget{
194
  * - Show counts of visitors currently browsing your site.
195
  */
196
  class wassup_onlineWidget extends Wassup_Widget{
197
- /** PHP4-compatible __construct */
198
- function wassup_onlinewidget(){
199
  $widget_id="wassup_online";
200
  $widget_name='WassUp '.__("Online","wassup");
201
  $widget_description= __("Show counts of your site's visitors who are currently online.","wassup");
202
  $widget_opts=array('description'=>$widget_description,'classname'=>"wassup-widget");
203
  $control_opts=array('description'=>$widget_description);
204
  //instantiate parent
205
- parent::wassup_widget($widget_id,$widget_name,$widget_opts,$control_opts);
206
  } //end __construct
207
 
208
  /** Widget control form - for widget options */
209
- function form($old_instance=array()){
210
  $defaults=array(
211
  'online_title'=>__("Online Now","wassup"),
212
  'online_total'=>1,
@@ -264,7 +264,7 @@ class wassup_onlineWidget extends Wassup_Widget{
264
  } //end form
265
 
266
  /** saves widget options */
267
- function update($new_instance=array(),$old_instance=array()){
268
  global $wassup_options;
269
  $instance=false;
270
  if(!empty($new_instance['wassup_widget_id'])){
@@ -286,7 +286,7 @@ class wassup_onlineWidget extends Wassup_Widget{
286
  } //end update
287
 
288
  /** displays widget content on web site */
289
- function widget($wargs,$instance=array()){
290
  global $wp_version,$wassup_options,$wdebug_mode;
291
  $widget_opt=$wargs;
292
  if(empty($instance['wassup_widget_id'])) $instance=$this->wassup_get_widget_id($instance);
@@ -362,8 +362,8 @@ class wassup_onlineWidget extends Wassup_Widget{
362
  * - Lists top stats or trending stats on your site, depending on statistics timeframe used.
363
  */
364
  class wassup_topstatsWidget extends Wassup_Widget{
365
- /** PHP4-compatible __construct */
366
- function wassup_topstatswidget(){
367
  global $wp_version;
368
  $widget_id="wassup_topstats";
369
  $widget_name='WassUp '.__("Top Stats","wassup");
@@ -371,11 +371,11 @@ class wassup_topstatsWidget extends Wassup_Widget{
371
  $widget_opts=array('description'=>$widget_description);
372
  $control_opts=array('height'=>700,'description'=>$widget_description);
373
  //instantiate parent
374
- parent::wassup_widget($widget_id,$widget_name,$widget_opts,$control_opts); //parent::__construct()
375
  } //end __construct
376
 
377
  /** Widget control form - for widget options */
378
- function form($old_instance=array()){
379
  global $wp_version,$wassup_options;
380
  $defaults=array(
381
  'title'=>"",
@@ -477,7 +477,7 @@ class wassup_topstatsWidget extends Wassup_Widget{
477
  } //end form
478
 
479
  /** saves widget options */
480
- function update($new_instance=array(),$old_instance=array()){
481
  global $wp_version,$wassup_options;
482
  $instance=false;
483
  if(!empty($new_instance['wassup_widget_id'])){
@@ -512,7 +512,7 @@ class wassup_topstatsWidget extends Wassup_Widget{
512
  } //end update
513
 
514
  /** displays widget content on web site */
515
- function widget($wargs,$instance=array()){
516
  global $wp_version,$wassup_options,$wdebug_mode;
517
  $widget_opt=$wargs;
518
  if(empty($instance['wassup_widget_id'])) $instance=$this->wassup_get_widget_id($instance);
34
  if(!class_exists('Wassup_Widget')){
35
  /**
36
  * Base class for building Wassup aside widgets
37
+ * - sets default options for all child widgets
38
  * - adds wassup-widget.css to page header
39
  * - generate a unique 'wassup_widget_id' for widget caching
40
  *
49
  * ::widget - displays the widget.
50
  */
51
  class Wassup_Widget extends WP_Widget{
52
+ /** constructor */
53
+ public function __construct($id="wassup_widget",$name="Wassup Widget",$widget_opts=array(),$control_opts=array()){
54
  global $wp_version;
55
  $default_widget_opts=array(
56
  'widget_description'=>"WassUp ".__("base widget","wassup"),
80
  $this->wassup_add_css();
81
  }
82
  /** Widget control form - for widget options */
83
+ public function form($old_instance){
84
  $defaults=array(
85
  'title'=>"",
86
  'chars'=>0,
112
  } //end form
113
 
114
  /** saves widget options */
115
+ public function update($new_instance=array(),$old_instance=array()){
116
  global $wassup_options;
117
  $instance=false;
118
  $instance['title']=(isset($new_instance['title'])?$wassup_options->cleanFormText($new_instance['title']):"");
125
  } //end update
126
 
127
  /** displays widget content on web site */
128
+ public function widget($wargs,$instance=array()){
129
  global $wassup_options,$wdebug_mode;
130
  $widget_opt=$wargs;
131
  if(empty($instance['wassup_widget_id'])) $instance=$this->wassup_get_widget_id($instance);
151
 
152
  /* Do NOT Override the methods below */
153
  /** adds head style tag for widget/widget-form display */
154
+ public function wassup_add_css(){
155
  //widget css - one style tag for multiple widgets
156
  if(!is_admin()){
157
  //styles for widget display
167
  }
168
  }
169
  /** create a unique id for caching Wassup widgets html */
170
+ public function wassup_get_widget_id($instance){
171
  global $wassup_options;
172
  $wassup_widget_id=$this->option_name."-".$this->number;
173
  //add blog_id for unique ids in network activation
176
  return $instance;
177
  }
178
  /** update for new widget settings, add new default values */
179
+ public function wassup_parse_args($old_instance,$defaults){
180
  $all_defaults=wp_parse_args($defaults,$this->wassup_default_opts);
181
  if(empty($old_instance['wassup_widget_id'])){
182
  $instance=$this->wassup_get_widget_id($all_defaults);
194
  * - Show counts of visitors currently browsing your site.
195
  */
196
  class wassup_onlineWidget extends Wassup_Widget{
197
+ /** constructor */
198
+ public function __construct(){
199
  $widget_id="wassup_online";
200
  $widget_name='WassUp '.__("Online","wassup");
201
  $widget_description= __("Show counts of your site's visitors who are currently online.","wassup");
202
  $widget_opts=array('description'=>$widget_description,'classname'=>"wassup-widget");
203
  $control_opts=array('description'=>$widget_description);
204
  //instantiate parent
205
+ parent::__construct($widget_id,$widget_name,$widget_opts,$control_opts);
206
  } //end __construct
207
 
208
  /** Widget control form - for widget options */
209
+ public function form($old_instance=array()){
210
  $defaults=array(
211
  'online_title'=>__("Online Now","wassup"),
212
  'online_total'=>1,
264
  } //end form
265
 
266
  /** saves widget options */
267
+ public function update($new_instance=array(),$old_instance=array()){
268
  global $wassup_options;
269
  $instance=false;
270
  if(!empty($new_instance['wassup_widget_id'])){
286
  } //end update
287
 
288
  /** displays widget content on web site */
289
+ public function widget($wargs,$instance=array()){
290
  global $wp_version,$wassup_options,$wdebug_mode;
291
  $widget_opt=$wargs;
292
  if(empty($instance['wassup_widget_id'])) $instance=$this->wassup_get_widget_id($instance);
362
  * - Lists top stats or trending stats on your site, depending on statistics timeframe used.
363
  */
364
  class wassup_topstatsWidget extends Wassup_Widget{
365
+ /** constructor */
366
+ public function __construct(){
367
  global $wp_version;
368
  $widget_id="wassup_topstats";
369
  $widget_name='WassUp '.__("Top Stats","wassup");
371
  $widget_opts=array('description'=>$widget_description);
372
  $control_opts=array('height'=>700,'description'=>$widget_description);
373
  //instantiate parent
374
+ parent::__construct($widget_id,$widget_name,$widget_opts,$control_opts);
375
  } //end __construct
376
 
377
  /** Widget control form - for widget options */
378
+ public function form($old_instance=array()){
379
  global $wp_version,$wassup_options;
380
  $defaults=array(
381
  'title'=>"",
477
  } //end form
478
 
479
  /** saves widget options */
480
+ public function update($new_instance=array(),$old_instance=array()){
481
  global $wp_version,$wassup_options;
482
  $instance=false;
483
  if(!empty($new_instance['wassup_widget_id'])){
512
  } //end update
513
 
514
  /** displays widget content on web site */
515
+ public function widget($wargs,$instance=array()){
516
  global $wp_version,$wassup_options,$wdebug_mode;
517
  $widget_opt=$wargs;
518
  if(empty($instance['wassup_widget_id'])) $instance=$this->wassup_get_widget_id($instance);