WordPress Related Posts - Version 2.6.2

Version Description

Fix for security vulnerability. Upgrade immediately.

=

Download this release

Release Info

Developer zemanta
Plugin Icon wp plugin WordPress Related Posts
Version 2.6.2
Comparing to
See all releases

Code changes from version 2.6.1 to 2.6.2

Files changed (24) hide show
  1. config.php +6 -4
  2. edit_related_posts.php +2 -0
  3. notifications.php +1 -1
  4. readme.txt +6 -0
  5. recommendations.php +1 -1
  6. settings.php +16 -89
  7. static/img/arrow_down.png +0 -0
  8. static/img/arrow_right.png +0 -0
  9. static/img/check.png +0 -0
  10. static/img/close.png +0 -0
  11. static/img/cross.png +0 -0
  12. static/img/cross_2x.png +0 -0
  13. static/img/desktop_icon.png +0 -0
  14. static/img/icon_support.png +0 -0
  15. static/img/measure_icon.png +0 -0
  16. static/img/measure_icon_2x.png +0 -0
  17. static/img/menu_icon.png +0 -0
  18. static/img/menu_icon_2x.png +0 -0
  19. static/img/mobile_icon.png +0 -0
  20. static/img/network_icon.png +0 -0
  21. static/img/outlink.png +0 -0
  22. static/img/promoted_arrow.png +0 -0
  23. static/js/dashboard.js +8 -8
  24. wp_related_posts.php +4 -2
config.php CHANGED
@@ -51,14 +51,17 @@ function wp_rp_get_options() {
51
  return $wp_rp_options;
52
  }
53
 
 
54
  $wp_rp_meta = get_option('wp_rp_meta', false);
55
- if(!$wp_rp_meta || $wp_rp_meta['version'] !== WP_RP_VERSION) {
 
56
  wp_rp_upgrade();
57
  $wp_rp_meta = get_option('wp_rp_meta');
 
58
  }
59
- $wp_rp_meta = new ArrayObject($wp_rp_meta);
60
 
61
- $wp_rp_options = new ArrayObject(get_option('wp_rp_options'));
 
62
 
63
  return $wp_rp_options;
64
  }
@@ -177,7 +180,6 @@ function wp_rp_install() {
177
  'show_turn_on_button' => true,
178
  'name' => '',
179
  'email' => '',
180
- 'show_blogger_network_form' => false,
181
  'remote_notifications' => array(),
182
  'turn_on_button_pressed' => false,
183
  'show_statistics' => false,
51
  return $wp_rp_options;
52
  }
53
 
54
+ $wp_rp_options = get_option('wp_rp_options', false);
55
  $wp_rp_meta = get_option('wp_rp_meta', false);
56
+
57
+ if(!$wp_rp_meta || !$wp_rp_options || $wp_rp_meta['version'] !== WP_RP_VERSION) {
58
  wp_rp_upgrade();
59
  $wp_rp_meta = get_option('wp_rp_meta');
60
+ $wp_rp_options = get_option('wp_rp_options');
61
  }
 
62
 
63
+ $wp_rp_meta = new ArrayObject($wp_rp_meta);
64
+ $wp_rp_options = new ArrayObject($wp_rp_options);
65
 
66
  return $wp_rp_options;
67
  }
180
  'show_turn_on_button' => true,
181
  'name' => '',
182
  'email' => '',
 
183
  'remote_notifications' => array(),
184
  'turn_on_button_pressed' => false,
185
  'show_statistics' => false,
edit_related_posts.php CHANGED
@@ -1,6 +1,8 @@
1
  <?php
2
 
3
  function wp_rp_update_related_posts_callback() {
 
 
4
  if (!current_user_can('edit_posts')) {
5
  die('error');
6
  }
1
  <?php
2
 
3
  function wp_rp_update_related_posts_callback() {
4
+ die('error'); // Not supported any more.
5
+
6
  if (!current_user_can('edit_posts')) {
7
  die('error');
8
  }
notifications.php CHANGED
@@ -38,7 +38,7 @@ function wp_rp_print_notifications() {
38
 
39
  foreach($messages as $id => $text) {
40
  echo '<div class="wp_rp_notification">
41
- <a href="' . admin_url('admin-ajax.php?action=rp_dismiss_notification&id=' . $id) . '" class="close">x</a>
42
  <p>' . $text . '</p>
43
  </div>';
44
  }
38
 
39
  foreach($messages as $id => $text) {
40
  echo '<div class="wp_rp_notification">
41
+ <a href="' . admin_url('admin-ajax.php?action=rp_dismiss_notification&id=' . $id . '&_wpnonce=' . wp_create_nonce("wp_rp_ajax_nonce")) . '" class="close">x</a>
42
  <p>' . $text . '</p>
43
  </div>';
44
  }
readme.txt CHANGED
@@ -65,8 +65,14 @@ We adopted the principle of having three "release channels". You can try the mos
65
 
66
  == Upgrade Notice ==
67
 
 
 
 
68
  == Changelog ==
69
 
 
 
 
70
  = 2.6.1 =
71
  * Fixed post excerpt bug
72
  * Link back to Zemanta is off by default
65
 
66
  == Upgrade Notice ==
67
 
68
+ = 2.6.2 =
69
+ Fix for security vulnerability. Upgrade immediately.
70
+
71
  == Changelog ==
72
 
73
+ = 2.6.2 =
74
+ * Fix for Cross-Site Request Forgery vulnerability. Credits for finding and reporting the vulnerability go to Charlie Eriksen via Secunia SVCRP.
75
+
76
  = 2.6.1 =
77
  * Fixed post excerpt bug
78
  * Link back to Zemanta is off by default
recommendations.php CHANGED
@@ -200,7 +200,7 @@ function wp_rp_fetch_related_posts_v2($limit = 10, $exclude_ids = array()) {
200
  WHERE label IN (" . implode(', ', array_fill(0, count($exclude_categories_labels), "%s")) . ")
201
  )") . "
202
  GROUP BY target.post_id
203
- ORDER BY score desc
204
  LIMIT %d;",
205
  array_merge(
206
  array($total_number_of_posts, $total_number_of_posts),
200
  WHERE label IN (" . implode(', ', array_fill(0, count($exclude_categories_labels), "%s")) . ")
201
  )") . "
202
  GROUP BY target.post_id
203
+ ORDER BY score desc, target.post_id desc
204
  LIMIT %d;",
205
  array_merge(
206
  array($total_number_of_posts, $total_number_of_posts),
settings.php CHANGED
@@ -98,32 +98,9 @@ function wp_rp_register_blog($button_type='other') {
98
  return false;
99
  }
100
 
101
- function wp_rp_ajax_blogger_network_submit_callback() {
102
- $postdata = stripslashes_deep($_POST);
103
-
104
- $meta = wp_rp_get_meta();
105
-
106
- $meta['show_blogger_network_form'] = false;
107
- if(isset($postdata['join'])) {
108
- $meta['remote_recommendations'] = true;
109
- }
110
- else {
111
- $blog_id = $meta['blog_id'];
112
- $auth_key = $meta['auth_key'];
113
- $req_options = array(
114
- 'timeout' => 5
115
- );
116
- $url = WP_RP_CTR_DASHBOARD_URL . "notifications/dismiss/?blog_id=$blog_id&auth_key=$auth_key&msg_id=blogger_network_form";
117
- $response = wp_remote_get($url, $req_options);
118
- }
119
-
120
- wp_rp_update_meta($meta);
121
-
122
- die('ok');
123
- }
124
- add_action('wp_ajax_blogger_network_submit', 'wp_rp_ajax_blogger_network_submit_callback');
125
 
126
- function wp_rp_ajax_dismiss_notification_callback() {
127
  if(isset($_REQUEST['id'])) {
128
  wp_rp_dismiss_notification((int)$_REQUEST['id']);
129
  }
@@ -136,6 +113,8 @@ function wp_rp_ajax_dismiss_notification_callback() {
136
  add_action('wp_ajax_rp_dismiss_notification', 'wp_rp_ajax_dismiss_notification_callback');
137
 
138
  function wp_rp_ajax_hide_show_statistics() {
 
 
139
  $meta = wp_rp_get_meta();
140
  $postdata = stripslashes_deep($_POST);
141
 
@@ -154,6 +133,10 @@ function wp_rp_ajax_hide_show_statistics() {
154
  add_action('wp_ajax_rp_show_hide_statistics', 'wp_rp_ajax_hide_show_statistics');
155
 
156
  function wp_rp_settings_page() {
 
 
 
 
157
  $options = wp_rp_get_options();
158
  $meta = wp_rp_get_meta();
159
 
@@ -163,6 +146,10 @@ function wp_rp_settings_page() {
163
  wp_rp_load_remote_notifications();
164
 
165
  if(sizeof($_POST)) {
 
 
 
 
166
  $old_options = $options;
167
  $new_options = array(
168
  'on_single_post' => isset($postdata['wp_rp_on_single_post']),
@@ -279,6 +266,8 @@ function wp_rp_settings_page() {
279
  ?>
280
 
281
  <div class="wrap" id="wp_rp_wrap">
 
 
282
  <input type="hidden" id="wp_rp_json_url" value="<?php esc_attr_e(WP_RP_STATIC_BASE_URL . WP_RP_STATIC_JSON_PATH); ?>" />
283
  <input type="hidden" id="wp_rp_version" value="<?php esc_attr_e(WP_RP_VERSION); ?>" />
284
  <input type="hidden" id="wp_rp_dashboard_url" value="<?php esc_attr_e(WP_RP_CTR_DASHBOARD_URL); ?>" />
@@ -322,71 +311,9 @@ function wp_rp_settings_page() {
322
  </div>
323
  <?php endif; ?>
324
 
325
- <?php if ($meta['show_blogger_network_form'] and $meta['blog_id'] and !$meta['show_turn_on_button']): ?>
326
- <form action="https://docs.google.com/a/zemanta.com/spreadsheet/formResponse?formkey=dDEyTlhraEd0dnRwVVFMX19LRW8wbWc6MQ&amp;ifq" method="POST" class="wp_rp_message_form" id="wp_rp_blogger_network_form" target="wp_rp_blogger_network_hidden_iframe">
327
- <input type="hidden" name="pageNumber" value="0" />
328
- <input type="hidden" name="backupCache" />
329
- <input type="hidden" name="entry.2.single" value="<?php echo get_bloginfo('wpurl'); ?>" />
330
- <input type="hidden" name="entry.3.single" value="<?php echo $meta['blog_id']; ?>" />
331
- <a href="#" class="dismiss"><img width="12" src="<?php echo plugins_url("static/img/close.png", __FILE__); ?>" /></a>
332
- <h2>Blogger networks</h2>
333
- <p>Easily link out to similar bloggers to exchange traffic with them. One click out, one click in.</p>
334
- <table class="form-table"><tbody>
335
- <tr valign="top">
336
- <th scope="row"><label for="wp_rp_blogger_network_kind">I want to exchange traffic with</label></th>
337
- <td width="1%">
338
- <select name="entry.0.group" id="wp_rp_blogger_network_kind">
339
- <option value="Automotive" />Automotive bloggers</option>
340
- <option value="Beauty &amp; Style" />Beauty &amp; Style bloggers</option>
341
- <option value="Business" />Business bloggers</option>
342
- <option value="Consumer Tech" />Consumer Tech bloggers</option>
343
- <option value="Enterprise Tech" />Enterprise Tech bloggers</option>
344
- <option value="Entertainment" />Entertainment bloggers</option>
345
- <option value="Family &amp; Parenting" />Family &amp; Parenting bloggers</option>
346
- <option value="Food &amp; Drink" />Food &amp; Drink bloggers</option>
347
- <option value="Graphic Arts" />Graphic Arts bloggers</option>
348
- <option value="Healthy Living" />Healthy Living bloggers</option>
349
- <option value="Home &amp; Shelter" />Home &amp; Shelter bloggers</option>
350
- <option value="Lifestyle &amp; Hobby" />Lifestyle &amp; Hobby bloggers</option>
351
- <option value="Men's Lifestyle" />Men's Lifestyle bloggers</option>
352
- <option value="Personal Finance" />Personal Finance bloggers</option>
353
- <option value="Women's Lifestyle" />Women's Lifestyle bloggers</option>
354
- </select>
355
- </td>
356
- <td rowspan="2" valign="middle"><div id="wp_rp_blogger_network_thankyou" class="thankyou"><img src="<?php echo plugins_url("static/img/check.png", __FILE__); ?>" width="30" height="22" />Thanks for showing interest.</div></td>
357
- </tr>
358
- <tr valign="top">
359
- <th scope="row"><label for="wp_rp_blogger_network_email">My email is:</label></th>
360
- <td><input type="email" name="entry.1.single" value="" id="wp_rp_blogger_network_email" required="required" /></td>
361
- </tr>
362
- <tr valign="top">
363
- <th scope="row"></th>
364
- <td><input type="submit" name="submit" value="Submit" class="submit" id="wp_rp_blogger_network_submit" /></td>
365
- </tbody></table>
366
- <script type="text/javascript">
367
- jQuery(function($) {
368
- var submit = $('#wp_rp_blogger_network_submit');
369
- $('#wp_rp_blogger_network_form')
370
- .submit(function(event) {
371
- submit.addClass('disabled');
372
- setTimeout(function() { submit.attr('disabled', true); }, 0);
373
- $('#wp_rp_blogger_network_hidden_iframe').load(function() {
374
- submit.attr('disabled', false).removeClass('disabled');
375
- $('#wp_rp_blogger_network_thankyou').fadeIn('slow');
376
- $.post(ajaxurl, {action: 'blogger_network_submit', 'join': true});
377
- });
378
- })
379
- .find('a.dismiss').click(function () {
380
- $.post(ajaxurl, {action: 'blogger_network_submit'});
381
- $('#wp_rp_blogger_network_form').slideUp();
382
- });
383
- });
384
- </script>
385
- </form>
386
- <iframe id="wp_rp_blogger_network_hidden_iframe" name="wp_rp_blogger_network_hidden_iframe" style="display: none"></iframe>
387
- <?php endif; ?>
388
-
389
  <form method="post" enctype="multipart/form-data" action="<?php echo admin_url('admin.php?page=wordpress-related-posts'); ?>" id="wp_rp_settings_form" style="display: <?php echo ($meta['show_turn_on_button'] && !$meta['turn_on_button_pressed'] && !$meta['blog_id'] ? 'none' : 'block'); ?>;">
 
 
390
  <?php if ($options['ctr_dashboard_enabled']): ?>
391
  <div id="wp_rp_earnings_holder" style="display:none;">
392
  <h2><?php _e('Earnings', 'wp_related_posts'); ?></h2>
98
  return false;
99
  }
100
 
101
+ function wp_rp_ajax_dismiss_notification_callback() {
102
+ check_ajax_referer('wp_rp_ajax_nonce');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
103
 
 
104
  if(isset($_REQUEST['id'])) {
105
  wp_rp_dismiss_notification((int)$_REQUEST['id']);
106
  }
113
  add_action('wp_ajax_rp_dismiss_notification', 'wp_rp_ajax_dismiss_notification_callback');
114
 
115
  function wp_rp_ajax_hide_show_statistics() {
116
+ check_ajax_referer('wp_rp_ajax_nonce');
117
+
118
  $meta = wp_rp_get_meta();
119
  $postdata = stripslashes_deep($_POST);
120
 
133
  add_action('wp_ajax_rp_show_hide_statistics', 'wp_rp_ajax_hide_show_statistics');
134
 
135
  function wp_rp_settings_page() {
136
+ if (!current_user_can('delete_users')) {
137
+ die('Sorry, you don\'t have permissions to access this page.');
138
+ }
139
+
140
  $options = wp_rp_get_options();
141
  $meta = wp_rp_get_meta();
142
 
146
  wp_rp_load_remote_notifications();
147
 
148
  if(sizeof($_POST)) {
149
+ if (!isset($_POST['_wp_rp_nonce']) || !wp_verify_nonce($_POST['_wp_rp_nonce'], 'wp_rp_settings') ) {
150
+ die('Sorry, your nonce did not verify.');
151
+ }
152
+
153
  $old_options = $options;
154
  $new_options = array(
155
  'on_single_post' => isset($postdata['wp_rp_on_single_post']),
266
  ?>
267
 
268
  <div class="wrap" id="wp_rp_wrap">
269
+ <input type="hidden" id="wp_rp_ajax_nonce" value="<?php echo wp_create_nonce("wp_rp_ajax_nonce"); ?>" />
270
+
271
  <input type="hidden" id="wp_rp_json_url" value="<?php esc_attr_e(WP_RP_STATIC_BASE_URL . WP_RP_STATIC_JSON_PATH); ?>" />
272
  <input type="hidden" id="wp_rp_version" value="<?php esc_attr_e(WP_RP_VERSION); ?>" />
273
  <input type="hidden" id="wp_rp_dashboard_url" value="<?php esc_attr_e(WP_RP_CTR_DASHBOARD_URL); ?>" />
311
  </div>
312
  <?php endif; ?>
313
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
314
  <form method="post" enctype="multipart/form-data" action="<?php echo admin_url('admin.php?page=wordpress-related-posts'); ?>" id="wp_rp_settings_form" style="display: <?php echo ($meta['show_turn_on_button'] && !$meta['turn_on_button_pressed'] && !$meta['blog_id'] ? 'none' : 'block'); ?>;">
315
+ <?php wp_nonce_field('wp_rp_settings', '_wp_rp_nonce') ?>
316
+
317
  <?php if ($options['ctr_dashboard_enabled']): ?>
318
  <div id="wp_rp_earnings_holder" style="display:none;">
319
  <h2><?php _e('Earnings', 'wp_related_posts'); ?></h2>
static/img/arrow_down.png CHANGED
Binary file
static/img/arrow_right.png CHANGED
Binary file
static/img/check.png CHANGED
Binary file
static/img/close.png CHANGED
Binary file
static/img/cross.png CHANGED
Binary file
static/img/cross_2x.png CHANGED
Binary file
static/img/desktop_icon.png CHANGED
Binary file
static/img/icon_support.png CHANGED
Binary file
static/img/measure_icon.png CHANGED
Binary file
static/img/measure_icon_2x.png CHANGED
Binary file
static/img/menu_icon.png CHANGED
Binary file
static/img/menu_icon_2x.png CHANGED
Binary file
static/img/mobile_icon.png CHANGED
Binary file
static/img/network_icon.png CHANGED
Binary file
static/img/outlink.png CHANGED
Binary file
static/img/promoted_arrow.png CHANGED
Binary file
static/js/dashboard.js CHANGED
@@ -1,11 +1,11 @@
1
- (function(a){var e=function(b,e){a.each(e,function(a,e){b=b.replace(RegExp("{{ *"+a+" *}}"),e)});return b};a(function(){var b=a("#wp_rp_earnings_wrap"),i=a("#wp_rp_earnings_holder"),f=a("#wp_rp_statistics_wrap"),j=a("#wp_rp_dashboard_url").val(),g=a("#wp_rp_blog_id").val(),h=a("#wp_rp_auth_key").val();traffic_exchange_enabled=0<a("#wp_rp_show_traffic_exchange_statistics").length;promoted_content_enabled=0<a("#wp_rp_show_promoted_content_statistics").length;update_interval=req_timeout=null;update_interval_sec=
2
- 2E3;update_interval_error_sec=3E4;updating=!1;ul=null;stats={};set_update_interval=function(a){a||(a=update_interval_sec);clearInterval(update_interval);0<a&&(update_interval=setInterval(update_dashboard,a))};display_error=function(c){var k=a("#wp_rp_statistics_wrap");c||k.find(".unavailable").slideDown();set_update_interval(update_interval_error_sec);updating=!1};create_dashboard=function(){ul=a('<ul class="statistics" />');f.find(".unavailable").slideUp();ul.append('<li class="title"><div class="desktop">Desktop</div><div class="mobile">Mobile</div></li>');
3
  ul.append(e('<li class="{{class}} stats"><p class="num mobile"></p><p class="num all"></p><h5>{{ title}}<span>{{range}}</span></h5></li>',{"class":"ctr",title:"click-through rate",range:"last 30 days"}));ul.append(e('<li class="{{class}} stats"><p class="num mobile"></p><p class="num all"></p><h5>{{ title}}<span>{{range}}</span></h5></li>',{"class":"pageviews",title:"page views",range:"last 30 days"}));ul.append(e('<li class="{{class}} stats"><p class="num mobile"></p><p class="num all"></p><h5>{{ title}}<span>{{range}}</span></h5></li>',
4
  {"class":"clicks",title:"clicks",range:"last 30 days"}));f.append(ul);traffic_exchange_enabled&&f.append('<div class="network"><div class="icon"></div><span class="num"></span><h4>Inbound Visitors</h4><div class="description"><p>Number of visitors that came to your site because this plugin promoted your content on other sites.<strong>Wow, a traffic exchange! :)</strong></p></div></div>')};update_dashboard=function(c){updating||(updating=!0,req_timeout=setTimeout(function(){display_error(!c)},2E3),
5
- a.getJSON(j+"pageviews/?callback=?",{blog_id:g,auth_key:h},function(a){var d=a.data;clearTimeout(req_timeout);if(!a||"ok"!==a.status||!a.data)display_error(!c);else{ul||create_dashboard();set_update_interval(a.data.update_interval);stats.mobile_pageviews=Math.max(d.mobile_pageviews,stats.mobile_pageviews||0);stats.mobile_clicks=Math.max(d.mobile_clicks,stats.mobile_clicks||0);a=0<stats.mobile_pageviews&&(100*(stats.mobile_clicks/stats.mobile_pageviews)).toFixed(1)||0;stats.desktop_pageviews=Math.max(d.pageviews-
6
  stats.mobile_pageviews,stats.desktop_pageviews||0);stats.desktop_clicks=Math.max(d.clicks-stats.mobile_clicks,stats.desktop_clicks||0);var e=0<stats.desktop_pageviews&&(100*(stats.desktop_clicks/stats.desktop_pageviews)).toFixed(1)||0;stats.network_in_pageviews=Math.max(d.network_in_pageviews,stats.network_in_pageviews||0);if(promoted_content_enabled&&d.promoted_content_money_earned){stats.promoted_content_money_earned=Math.max(d.promoted_content_money_earned,stats.promoted_content_money_earned||
7
- 0);var l=(stats.promoted_content_money_earned/100).toFixed(2),h=(d.meta.min_payout/100).toFixed(2);b.find(".num").html("$"+l);b.find(".payout").html("$"+h);stats.promoted_content_money_earned>=d.meta.min_payout&&b.find(".claim").hasClass("disabled")&&(b.find(".claim").removeClass("disabled"),b.find(".claim").attr("href","mailto:support+claim@zemanta.com?subject="+encodeURIComponent("I earned over $50!")+"&body="+encodeURIComponent("I would like to claim my money.\nMy reference code is: "+g+" \nMy PayPal account is:\n")));
8
- i.show()}ul.find(".ctr .num.all").html(e+"%");ul.find(".pageviews .num.all").html(stats.desktop_pageviews);ul.find(".clicks .num.all").html(stats.desktop_clicks);ul.find(".ctr .num.mobile").html(a+"%");ul.find(".pageviews .num.mobile").html(stats.mobile_pageviews);ul.find(".clicks .num.mobile").html(stats.mobile_clicks);f.find(".network .num").html(stats.network_in_pageviews);updating=!1}}))};turn_on_rp=function(c){a("#wp_rp_static_base_url").val();a("#wp_rp_ctr_dashboard_enabled, #wp_rp_enable_themes, #wp_rp_promoted_content_enabled, #wp_rp_traffic_exchange_enabled").prop("checked",
9
- !0);a("#wp_rp_settings_form").append('<input type="hidden" value="statistics+thumbnails+promoted" name="wp_rp_turn_on_button_pressed" id="wp_rp_turn_on_button_pressed">');a("#wp_rp_settings_form").append('<input type="hidden" value="'+c+'" name="wp_rp_button_type" id="wp_rp_button_type">');a("#wp_rp_settings_form").submit()};g&&h&&(update_dashboard(!0),update_interval=setInterval(update_dashboard,2E3));!g&&document.location.search.match(/ref=turn-on-rp/)&&turn_on_rp("turn-on-banner");a("#wp_rp_turn_on_statistics a.turn-on").click(function(c){c.preventDefault();
10
- c=a(this).data("type");turn_on_rp(c)});a(".wp_rp_notification .close").on("click",function(c){a.ajax({url:a(this).attr("href"),data:{noredirect:!0}});a(this).parent().slideUp(function(){a(this).remove()});c.preventDefault()});a("#wp_rp_wrap .collapsible .collapse-handle").on("click",function(c){var b=a(this).closest(".collapsible"),d=b.find(".container"),e=b.hasClass("collapsed"),f=b.attr("block");e?(d.slideDown(),a.post(ajaxurl,{action:"rp_show_hide_"+f,show:!0})):(d.slideUp(),a.post(ajaxurl,{action:"rp_show_hide_"+
11
- f,hide:!0}));b.toggleClass("collapsed");c.preventDefault()})})})(jQuery);
1
+ (function(a){var e=function(b,e){a.each(e,function(a,e){b=b.replace(RegExp("{{ *"+a+" *}}"),e)});return b};a(function(){var b=a("#wp_rp_earnings_wrap"),j=a("#wp_rp_earnings_holder"),f=a("#wp_rp_statistics_wrap"),k=a("#wp_rp_dashboard_url").val(),h=a("#wp_rp_blog_id").val(),i=a("#wp_rp_auth_key").val(),g=a("#wp_rp_ajax_nonce").val();traffic_exchange_enabled=0<a("#wp_rp_show_traffic_exchange_statistics").length;promoted_content_enabled=0<a("#wp_rp_show_promoted_content_statistics").length;update_interval=
2
+ req_timeout=null;update_interval_sec=2E3;update_interval_error_sec=3E4;updating=!1;ul=null;stats={};set_update_interval=function(a){a||(a=update_interval_sec);clearInterval(update_interval);0<a&&(update_interval=setInterval(update_dashboard,a))};display_error=function(c){var l=a("#wp_rp_statistics_wrap");c||l.find(".unavailable").slideDown();set_update_interval(update_interval_error_sec);updating=!1};create_dashboard=function(){ul=a('<ul class="statistics" />');f.find(".unavailable").slideUp();ul.append('<li class="title"><div class="desktop">Desktop</div><div class="mobile">Mobile</div></li>');
3
  ul.append(e('<li class="{{class}} stats"><p class="num mobile"></p><p class="num all"></p><h5>{{ title}}<span>{{range}}</span></h5></li>',{"class":"ctr",title:"click-through rate",range:"last 30 days"}));ul.append(e('<li class="{{class}} stats"><p class="num mobile"></p><p class="num all"></p><h5>{{ title}}<span>{{range}}</span></h5></li>',{"class":"pageviews",title:"page views",range:"last 30 days"}));ul.append(e('<li class="{{class}} stats"><p class="num mobile"></p><p class="num all"></p><h5>{{ title}}<span>{{range}}</span></h5></li>',
4
  {"class":"clicks",title:"clicks",range:"last 30 days"}));f.append(ul);traffic_exchange_enabled&&f.append('<div class="network"><div class="icon"></div><span class="num"></span><h4>Inbound Visitors</h4><div class="description"><p>Number of visitors that came to your site because this plugin promoted your content on other sites.<strong>Wow, a traffic exchange! :)</strong></p></div></div>')};update_dashboard=function(c){updating||(updating=!0,req_timeout=setTimeout(function(){display_error(!c)},2E3),
5
+ a.getJSON(k+"pageviews/?callback=?",{blog_id:h,auth_key:i},function(a){var d=a.data;clearTimeout(req_timeout);if(!a||"ok"!==a.status||!a.data)display_error(!c);else{ul||create_dashboard();set_update_interval(a.data.update_interval);stats.mobile_pageviews=Math.max(d.mobile_pageviews,stats.mobile_pageviews||0);stats.mobile_clicks=Math.max(d.mobile_clicks,stats.mobile_clicks||0);a=0<stats.mobile_pageviews&&(100*(stats.mobile_clicks/stats.mobile_pageviews)).toFixed(1)||0;stats.desktop_pageviews=Math.max(d.pageviews-
6
  stats.mobile_pageviews,stats.desktop_pageviews||0);stats.desktop_clicks=Math.max(d.clicks-stats.mobile_clicks,stats.desktop_clicks||0);var e=0<stats.desktop_pageviews&&(100*(stats.desktop_clicks/stats.desktop_pageviews)).toFixed(1)||0;stats.network_in_pageviews=Math.max(d.network_in_pageviews,stats.network_in_pageviews||0);if(promoted_content_enabled&&d.promoted_content_money_earned){stats.promoted_content_money_earned=Math.max(d.promoted_content_money_earned,stats.promoted_content_money_earned||
7
+ 0);var m=(stats.promoted_content_money_earned/100).toFixed(2),g=(d.meta.min_payout/100).toFixed(2);b.find(".num").html("$"+m);b.find(".payout").html("$"+g);stats.promoted_content_money_earned>=d.meta.min_payout&&b.find(".claim").hasClass("disabled")&&(b.find(".claim").removeClass("disabled"),b.find(".claim").attr("href","mailto:support+claim@zemanta.com?subject="+encodeURIComponent("I earned over $50!")+"&body="+encodeURIComponent("I would like to claim my money.\nMy reference code is: "+h+" \nMy PayPal account is:\n")));
8
+ j.show()}ul.find(".ctr .num.all").html(e+"%");ul.find(".pageviews .num.all").html(stats.desktop_pageviews);ul.find(".clicks .num.all").html(stats.desktop_clicks);ul.find(".ctr .num.mobile").html(a+"%");ul.find(".pageviews .num.mobile").html(stats.mobile_pageviews);ul.find(".clicks .num.mobile").html(stats.mobile_clicks);f.find(".network .num").html(stats.network_in_pageviews);updating=!1}}))};turn_on_rp=function(c){a("#wp_rp_static_base_url").val();a("#wp_rp_ctr_dashboard_enabled, #wp_rp_enable_themes, #wp_rp_promoted_content_enabled, #wp_rp_traffic_exchange_enabled").prop("checked",
9
+ !0);a("#wp_rp_settings_form").append('<input type="hidden" value="statistics+thumbnails+promoted" name="wp_rp_turn_on_button_pressed" id="wp_rp_turn_on_button_pressed">');a("#wp_rp_settings_form").append('<input type="hidden" value="'+c+'" name="wp_rp_button_type" id="wp_rp_button_type">');a("#wp_rp_settings_form").submit()};h&&i&&(update_dashboard(!0),update_interval=setInterval(update_dashboard,2E3));!h&&document.location.search.match(/ref=turn-on-rp/)&&turn_on_rp("turn-on-banner");a("#wp_rp_turn_on_statistics a.turn-on").click(function(c){c.preventDefault();
10
+ c=a(this).data("type");turn_on_rp(c)});a(".wp_rp_notification .close").on("click",function(c){a.ajax({url:a(this).attr("href"),data:{noredirect:!0},_wpnonce:g});a(this).parent().slideUp(function(){a(this).remove()});c.preventDefault()});a("#wp_rp_wrap .collapsible .collapse-handle").on("click",function(c){var b=a(this).closest(".collapsible"),d=b.find(".container"),e=b.hasClass("collapsed"),f=b.attr("block");e?(d.slideDown(),a.post(ajaxurl,{action:"rp_show_hide_"+f,show:!0,_wpnonce:g})):(d.slideUp(),
11
+ a.post(ajaxurl,{action:"rp_show_hide_"+f,hide:!0,_wpnonce:g}));b.toggleClass("collapsed");c.preventDefault()})})})(jQuery);
wp_related_posts.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: WordPress Related Posts
4
- Version: 2.6.1
5
  Plugin URI: http://wordpress.org/extend/plugins/wordpress-23-related-posts-plugin/
6
  Description: Quickly increase your readers' engagement with your posts by adding Related Posts in the footer of your content. Click on <a href="admin.php?page=wordpress-related-posts">Related Posts tab</a> to configure your settings.
7
  Author: Zemanta Ltd.
@@ -318,6 +318,7 @@ function wp_rp_should_exclude() {
318
  }
319
 
320
  function wp_rp_ajax_blogger_network_blacklist_callback() {
 
321
  if (!current_user_can('delete_users')) {
322
  die();
323
  }
@@ -396,7 +397,8 @@ function wp_rp_head_resources() {
396
  "\twindow._wp_rp_traffic_exchange = " . ($options['traffic_exchange_enabled'] ? 'true' : 'false') . ";\n" .
397
  (current_user_can('edit_posts') ?
398
  "\twindow._wp_rp_admin_ajax_url = '" . admin_url('admin-ajax.php') . "';\n" .
399
- "\twindow._wp_rp_plugin_static_base_url = '" . esc_js(plugins_url('static/' , __FILE__)) . "';\n"
 
400
  : '') .
401
  wp_rp_render_head_script_variables();
402
  }
1
  <?php
2
  /*
3
  Plugin Name: WordPress Related Posts
4
+ Version: 2.6.2
5
  Plugin URI: http://wordpress.org/extend/plugins/wordpress-23-related-posts-plugin/
6
  Description: Quickly increase your readers' engagement with your posts by adding Related Posts in the footer of your content. Click on <a href="admin.php?page=wordpress-related-posts">Related Posts tab</a> to configure your settings.
7
  Author: Zemanta Ltd.
318
  }
319
 
320
  function wp_rp_ajax_blogger_network_blacklist_callback() {
321
+ check_ajax_referer('wp_rp_ajax_nonce');
322
  if (!current_user_can('delete_users')) {
323
  die();
324
  }
397
  "\twindow._wp_rp_traffic_exchange = " . ($options['traffic_exchange_enabled'] ? 'true' : 'false') . ";\n" .
398
  (current_user_can('edit_posts') ?
399
  "\twindow._wp_rp_admin_ajax_url = '" . admin_url('admin-ajax.php') . "';\n" .
400
+ "\twindow._wp_rp_plugin_static_base_url = '" . esc_js(plugins_url('static/' , __FILE__)) . "';\n" .
401
+ "\twindow._wp_rp_ajax_nonce = '" . wp_create_nonce("wp_rp_ajax_nonce") . "';\n"
402
  : '') .
403
  wp_rp_render_head_script_variables();
404
  }