Version Description
This is a security fix, please update immediately.
=
Download this release
Release Info
| Developer | GregRoss |
| Plugin |  WP Statistics |
| Version | 12.0.3 |
| Comparing to | |
| See all releases | |
Code changes from version 12.0.2 to 12.0.3
- includes/classes/statistics.class.php +4 -0
- includes/log/top-referring.php +1 -1
- readme.txt +6 -2
- wp-statistics.php +2 -2
includes/classes/statistics.class.php
CHANGED
|
@@ -730,6 +730,10 @@ class WP_Statistics {
|
|
| 730 |
$referrer = 'http://127.0.0.1';
|
| 731 |
}
|
| 732 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 733 |
if( $length > 0 ) {
|
| 734 |
$referrer = substr( $referrer, 0, $length );
|
| 735 |
}
|
| 730 |
$referrer = 'http://127.0.0.1';
|
| 731 |
}
|
| 732 |
|
| 733 |
+
if( 'javascript:' == strtolower( substr( $referrer, 0, 5 ) ) ) {
|
| 734 |
+
$referrer = 'http://127.0.0.1';
|
| 735 |
+
}
|
| 736 |
+
|
| 737 |
if( $length > 0 ) {
|
| 738 |
$referrer = substr( $referrer, 0, $length );
|
| 739 |
}
|
includes/log/top-referring.php
CHANGED
|
@@ -170,7 +170,7 @@
|
|
| 170 |
$i++;
|
| 171 |
|
| 172 |
echo "<div class='log-item'>";
|
| 173 |
-
echo "<div class='log-referred'>{$i} - <a href='?page=" . WP_STATISTICS_REFERRERS_PAGE . "&referr=
|
| 174 |
echo "<div class='log-ip'>" . __( 'References', 'wp_statistics' ) . ': ' . number_format_i18n( $value ) . '</div>';
|
| 175 |
echo "<div class='clear'></div>";
|
| 176 |
echo "<div class='log-url'><a href='http://" . $WP_Statistics->html_sanitize_referrer( $items ) . "/' title='" . $WP_Statistics->html_sanitize_referrer( $items ) . "'><div class='dashicons dashicons-admin-links'></div> http://" . $WP_Statistics->html_sanitize_referrer( $items ) . '/</a></div>';
|
| 170 |
$i++;
|
| 171 |
|
| 172 |
echo "<div class='log-item'>";
|
| 173 |
+
echo "<div class='log-referred'>{$i} - <a href='?page=" . WP_STATISTICS_REFERRERS_PAGE . "&referr=" . $WP_Statistics->html_sanitize_referrer( $items ) . $date_args . "'>" . $WP_Statistics->html_sanitize_referrer( $items ) . "</a></div>";
|
| 174 |
echo "<div class='log-ip'>" . __( 'References', 'wp_statistics' ) . ': ' . number_format_i18n( $value ) . '</div>';
|
| 175 |
echo "<div class='clear'></div>";
|
| 176 |
echo "<div class='log-url'><a href='http://" . $WP_Statistics->html_sanitize_referrer( $items ) . "/' title='" . $WP_Statistics->html_sanitize_referrer( $items ) . "'><div class='dashicons dashicons-admin-links'></div> http://" . $WP_Statistics->html_sanitize_referrer( $items ) . '/</a></div>';
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://wp-statistics.com/donate/
|
|
| 4 |
Tags: statistics, stats, visit, visitors, chart, browser, blog, today, yesterday, week, month, year, total, post, page, sidebar, summary, hits, pagerank, google, alexa, live visit
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 4.7
|
| 7 |
-
Stable tag: 12.0.
|
| 8 |
License: GPL3
|
| 9 |
|
| 10 |
Complete statistics for your WordPress site.
|
|
@@ -283,10 +283,14 @@ You may also downgrade to WP Statistics 10.3 as a temporary measure, but no new
|
|
| 283 |
10. View latest search engine referrers Statistics page.
|
| 284 |
|
| 285 |
== Upgrade Notice ==
|
| 286 |
-
= 12.0.
|
| 287 |
This is a security fix, please update immediately.
|
| 288 |
|
| 289 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
| 290 |
= 12.0.2 =
|
| 291 |
* Release Date: March 30, 2017
|
| 292 |
* Fixed: Top referrer widget was not using the new search table.
|
| 4 |
Tags: statistics, stats, visit, visitors, chart, browser, blog, today, yesterday, week, month, year, total, post, page, sidebar, summary, hits, pagerank, google, alexa, live visit
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 4.7
|
| 7 |
+
Stable tag: 12.0.3
|
| 8 |
License: GPL3
|
| 9 |
|
| 10 |
Complete statistics for your WordPress site.
|
| 283 |
10. View latest search engine referrers Statistics page.
|
| 284 |
|
| 285 |
== Upgrade Notice ==
|
| 286 |
+
= 12.0.3 =
|
| 287 |
This is a security fix, please update immediately.
|
| 288 |
|
| 289 |
== Changelog ==
|
| 290 |
+
= 12.0.3 =
|
| 291 |
+
* Release Date: March 31, 2017
|
| 292 |
+
* Fixed: Additional XSS issue with referrers, thanks Gen Sato who submitted to JPCERT/CC Vulnerability Handling Team.
|
| 293 |
+
|
| 294 |
= 12.0.2 =
|
| 295 |
* Release Date: March 30, 2017
|
| 296 |
* Fixed: Top referrer widget was not using the new search table.
|
wp-statistics.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: WP Statistics
|
| 4 |
* Plugin URI: http://wp-statistics.com/
|
| 5 |
* Description: Complete statistics for your WordPress site.
|
| 6 |
-
* Version: 12.0.
|
| 7 |
* Author: Greg Ross & Mostafa Soufi
|
| 8 |
* Author URI: http://wp-statistics.com/
|
| 9 |
* Text Domain: wp_statistics
|
|
@@ -12,7 +12,7 @@
|
|
| 12 |
*/
|
| 13 |
|
| 14 |
// These defines are used later for various reasons.
|
| 15 |
-
define('WP_STATISTICS_VERSION', '12.0.
|
| 16 |
define('WP_STATISTICS_MANUAL', 'manual/WP Statistics Admin Manual.');
|
| 17 |
define('WP_STATISTICS_REQUIRED_PHP_VERSION', '5.4.0');
|
| 18 |
define('WP_STATISTICS_REQUIRED_GEOIP_PHP_VERSION', WP_STATISTICS_REQUIRED_PHP_VERSION);
|
| 3 |
* Plugin Name: WP Statistics
|
| 4 |
* Plugin URI: http://wp-statistics.com/
|
| 5 |
* Description: Complete statistics for your WordPress site.
|
| 6 |
+
* Version: 12.0.3
|
| 7 |
* Author: Greg Ross & Mostafa Soufi
|
| 8 |
* Author URI: http://wp-statistics.com/
|
| 9 |
* Text Domain: wp_statistics
|
| 12 |
*/
|
| 13 |
|
| 14 |
// These defines are used later for various reasons.
|
| 15 |
+
define('WP_STATISTICS_VERSION', '12.0.3');
|
| 16 |
define('WP_STATISTICS_MANUAL', 'manual/WP Statistics Admin Manual.');
|
| 17 |
define('WP_STATISTICS_REQUIRED_PHP_VERSION', '5.4.0');
|
| 18 |
define('WP_STATISTICS_REQUIRED_GEOIP_PHP_VERSION', WP_STATISTICS_REQUIRED_PHP_VERSION);
|
