Version Description
This is a security fix, please update immediately.
=
Download this release
Release Info
| Developer | GregRoss |
| Plugin |  WP Statistics |
| Version | 12.0.4 |
| Comparing to | |
| See all releases | |
Code changes from version 12.0.3 to 12.0.4
- includes/classes/statistics.class.php +17 -1
- includes/log/last-search.php +2 -1
- includes/log/last-visitor.php +2 -1
- includes/log/top-referring.php +4 -3
- includes/log/widgets/pages.php +1 -1
- includes/log/widgets/recent.php +20 -19
- includes/log/widgets/referring.php +5 -3
- includes/log/widgets/words.php +3 -1
- readme.txt +8 -2
- wp-statistics.php +2 -2
includes/classes/statistics.class.php
CHANGED
|
@@ -726,11 +726,13 @@ class WP_Statistics {
|
|
| 726 |
}
|
| 727 |
|
| 728 |
public function html_sanitize_referrer( $referrer, $length = -1 ) {
|
|
|
|
|
|
|
| 729 |
if( 'data:' == strtolower( substr( $referrer, 0, 5 ) ) ) {
|
| 730 |
$referrer = 'http://127.0.0.1';
|
| 731 |
}
|
| 732 |
|
| 733 |
-
if( 'javascript:' == strtolower( substr( $referrer, 0,
|
| 734 |
$referrer = 'http://127.0.0.1';
|
| 735 |
}
|
| 736 |
|
|
@@ -740,4 +742,18 @@ class WP_Statistics {
|
|
| 740 |
|
| 741 |
return htmlentities( $referrer, ENT_QUOTES );
|
| 742 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 743 |
}
|
| 726 |
}
|
| 727 |
|
| 728 |
public function html_sanitize_referrer( $referrer, $length = -1 ) {
|
| 729 |
+
$referrer = trim( $referrer );
|
| 730 |
+
|
| 731 |
if( 'data:' == strtolower( substr( $referrer, 0, 5 ) ) ) {
|
| 732 |
$referrer = 'http://127.0.0.1';
|
| 733 |
}
|
| 734 |
|
| 735 |
+
if( 'javascript:' == strtolower( substr( $referrer, 0, 11 ) ) ) {
|
| 736 |
$referrer = 'http://127.0.0.1';
|
| 737 |
}
|
| 738 |
|
| 742 |
|
| 743 |
return htmlentities( $referrer, ENT_QUOTES );
|
| 744 |
}
|
| 745 |
+
|
| 746 |
+
public function get_referrer_link( $referrer, $length = -1 ) {
|
| 747 |
+
$html_referrer = $this->html_sanitize_referrer( $referrer );
|
| 748 |
+
|
| 749 |
+
if( $length > 0 && strlen( $referrer ) > $length ) {
|
| 750 |
+
$html_referrer_limited = $this->html_sanitize_referrer( $item->referred, $length );
|
| 751 |
+
$eplises = '[...]';
|
| 752 |
+
} else {
|
| 753 |
+
$html_referrer_limited = $html_referrer;
|
| 754 |
+
$eplises = '';
|
| 755 |
+
}
|
| 756 |
+
|
| 757 |
+
return "<a href='{$html_referrer}'><div class='dashicons dashicons-admin-links'></div>{$html_referrer_limited}{$eplises}</a></div>";
|
| 758 |
+
}
|
| 759 |
}
|
includes/log/last-search.php
CHANGED
|
@@ -144,7 +144,8 @@
|
|
| 144 |
|
| 145 |
echo "<a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$items->agent}'>{$agent}</a>";
|
| 146 |
|
| 147 |
-
echo
|
|
|
|
| 148 |
echo "</div>";
|
| 149 |
}
|
| 150 |
}
|
| 144 |
|
| 145 |
echo "<a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$items->agent}'>{$agent}</a>";
|
| 146 |
|
| 147 |
+
echo $WP_Statistics->get_referrer_link( $items->referred );
|
| 148 |
+
|
| 149 |
echo "</div>";
|
| 150 |
}
|
| 151 |
}
|
includes/log/last-visitor.php
CHANGED
|
@@ -124,8 +124,9 @@
|
|
| 124 |
}
|
| 125 |
|
| 126 |
echo "<a href='?page=" . WP_STATISTICS_VISITORS_PAGE . "&agent={$items->agent}'>{$agent}</a>";
|
|
|
|
|
|
|
| 127 |
|
| 128 |
-
echo "<a href='" . $WP_Statistics->html_sanitize_referrer( $items->referred ) . "' title='" . $WP_Statistics->html_sanitize_referrer( $items->referred ) . "'>" . wp_statistics_icons('dashicons-admin-links', 'link') . " " . $WP_Statistics->html_sanitize_referrer( $items->referred ) . "</a></div>";
|
| 129 |
echo "</div>";
|
| 130 |
}
|
| 131 |
|
| 124 |
}
|
| 125 |
|
| 126 |
echo "<a href='?page=" . WP_STATISTICS_VISITORS_PAGE . "&agent={$items->agent}'>{$agent}</a>";
|
| 127 |
+
|
| 128 |
+
echo $WP_Statistics->get_referrer_link( $items->referred );
|
| 129 |
|
|
|
|
| 130 |
echo "</div>";
|
| 131 |
}
|
| 132 |
|
includes/log/top-referring.php
CHANGED
|
@@ -156,7 +156,7 @@
|
|
| 156 |
|
| 157 |
echo "<div class='log-agent'><a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$item->agent}'>{$agent}</a>";
|
| 158 |
|
| 159 |
-
echo
|
| 160 |
echo "</div>";
|
| 161 |
|
| 162 |
}
|
|
@@ -168,12 +168,13 @@
|
|
| 168 |
foreach( $get_urls as $items => $value) {
|
| 169 |
|
| 170 |
$i++;
|
|
|
|
| 171 |
|
| 172 |
echo "<div class='log-item'>";
|
| 173 |
-
echo "<div class='log-referred'>{$i} - <a href='?page=" . WP_STATISTICS_REFERRERS_PAGE . "&referr=" . $
|
| 174 |
echo "<div class='log-ip'>" . __( 'References', 'wp_statistics' ) . ': ' . number_format_i18n( $value ) . '</div>';
|
| 175 |
echo "<div class='clear'></div>";
|
| 176 |
-
echo "<div class='log-url'
|
| 177 |
echo "</div>";
|
| 178 |
|
| 179 |
}
|
| 156 |
|
| 157 |
echo "<div class='log-agent'><a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$item->agent}'>{$agent}</a>";
|
| 158 |
|
| 159 |
+
echo $WP_Statistics->get_referrer_link( $item->referred, 100 );
|
| 160 |
echo "</div>";
|
| 161 |
|
| 162 |
}
|
| 168 |
foreach( $get_urls as $items => $value) {
|
| 169 |
|
| 170 |
$i++;
|
| 171 |
+
$referrer_html = $WP_Statistics->html_sanitize_referrer( $items );
|
| 172 |
|
| 173 |
echo "<div class='log-item'>";
|
| 174 |
+
echo "<div class='log-referred'>{$i} - <a href='?page=" . WP_STATISTICS_REFERRERS_PAGE . "&referr=" . $referrer_html . $date_args . "'>" . $referrer_html . "</a></div>";
|
| 175 |
echo "<div class='log-ip'>" . __( 'References', 'wp_statistics' ) . ': ' . number_format_i18n( $value ) . '</div>';
|
| 176 |
echo "<div class='clear'></div>";
|
| 177 |
+
echo "<div class='log-url'>" . $WP_Statistics->get_referrer_link( $items, 100 ) . '</div>';
|
| 178 |
echo "</div>";
|
| 179 |
|
| 180 |
}
|
includes/log/widgets/pages.php
CHANGED
|
@@ -14,7 +14,7 @@
|
|
| 14 |
|
| 15 |
echo "<div class=\"log-page-title\">{$i} - {$uri[3]}</div>";
|
| 16 |
echo '<div class="right-div">' . __( 'Visits', 'wp_statistics' ) . ': <a href="?page=' . WP_STATISTICS_PAGES_PAGE . '&page-uri=' . $uri[0] . '">' . number_format_i18n( $uri[1] ) . '</a></div>';
|
| 17 |
-
echo '<div><a href="' . $site_url . $uri[0] . '">' . htmlentities( urldecode( $uri[0] ), ENT_QUOTES ) . '</a></div>';
|
| 18 |
echo '</div>';
|
| 19 |
|
| 20 |
if( $i > 9 ) { break; }
|
| 14 |
|
| 15 |
echo "<div class=\"log-page-title\">{$i} - {$uri[3]}</div>";
|
| 16 |
echo '<div class="right-div">' . __( 'Visits', 'wp_statistics' ) . ': <a href="?page=' . WP_STATISTICS_PAGES_PAGE . '&page-uri=' . $uri[0] . '">' . number_format_i18n( $uri[1] ) . '</a></div>';
|
| 17 |
+
echo '<div><a href="' . htmlentities( $site_url . $uri[0], ENT_QUOTES ) . '">' . htmlentities( urldecode( $uri[0] ), ENT_QUOTES ) . '</a></div>';
|
| 18 |
echo '</div>';
|
| 19 |
|
| 20 |
if( $i > 9 ) { break; }
|
includes/log/widgets/recent.php
CHANGED
|
@@ -20,25 +20,26 @@
|
|
| 20 |
}
|
| 21 |
|
| 22 |
echo "<div class='log-item'>";
|
| 23 |
-
|
| 24 |
-
|
| 25 |
-
|
| 26 |
-
|
| 27 |
-
|
| 28 |
-
|
| 29 |
-
|
| 30 |
-
|
| 31 |
-
|
| 32 |
-
|
| 33 |
-
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
| 37 |
-
|
| 38 |
-
|
| 39 |
-
|
| 40 |
-
|
| 41 |
-
|
|
|
|
| 42 |
echo "</div>";
|
| 43 |
}
|
| 44 |
|
| 20 |
}
|
| 21 |
|
| 22 |
echo "<div class='log-item'>";
|
| 23 |
+
echo "<div class='log-referred'>{$ip_string}</div>";
|
| 24 |
+
echo "<div class='log-ip'>" . date(get_option('date_format'), strtotime($items->last_counter)) . "</div>";
|
| 25 |
+
echo "<div class='clear'></div>";
|
| 26 |
+
echo "<div class='log-url'>";
|
| 27 |
+
echo $map_string;
|
| 28 |
+
|
| 29 |
+
if($WP_Statistics->get_option('geoip')) {
|
| 30 |
+
echo "<img src='".plugins_url('wp-statistics/assets/images/flags/' . $items->location . '.png')."' title='{$ISOCountryCode[$items->location]}' class='log-tools'/>";
|
| 31 |
+
}
|
| 32 |
+
|
| 33 |
+
if( array_search( strtolower( $items->agent ), array( "chrome", "firefox", "msie", "opera", "safari" ) ) !== FALSE ){
|
| 34 |
+
$agent = "<img src='".plugins_url('wp-statistics/assets/images/').$items->agent.".png' class='log-tools' title='{$items->agent}'/>";
|
| 35 |
+
} else {
|
| 36 |
+
$agent = wp_statistics_icons('dashicons-editor-help', 'unknown');
|
| 37 |
+
}
|
| 38 |
+
|
| 39 |
+
echo "<a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$items->agent}'>{$agent}</a>";
|
| 40 |
+
|
| 41 |
+
echo $WP_Statistics->get_referrer_link( $items->referred );
|
| 42 |
+
|
| 43 |
echo "</div>";
|
| 44 |
}
|
| 45 |
|
includes/log/widgets/referring.php
CHANGED
|
@@ -55,10 +55,12 @@
|
|
| 55 |
<?php
|
| 56 |
|
| 57 |
foreach( $get_urls as $items => $value) {
|
| 58 |
-
|
|
|
|
|
|
|
| 59 |
echo "<tr>";
|
| 60 |
-
echo "<td><a href='?page=" . WP_STATISTICS_REFERRERS_PAGE . "&referr=" . $
|
| 61 |
-
echo "<td
|
| 62 |
echo "</tr>";
|
| 63 |
}
|
| 64 |
?>
|
| 55 |
<?php
|
| 56 |
|
| 57 |
foreach( $get_urls as $items => $value) {
|
| 58 |
+
|
| 59 |
+
$referrer_html = $WP_Statistics->html_sanitize_referrer( $items );
|
| 60 |
+
|
| 61 |
echo "<tr>";
|
| 62 |
+
echo "<td><a href='?page=" . WP_STATISTICS_REFERRERS_PAGE . "&referr=" . $referrer_html . "'>" . number_format_i18n($value) . "</a></td>";
|
| 63 |
+
echo "<td>" . $WP_Statistics->get_referrer_link( $items ) . "</td>";
|
| 64 |
echo "</tr>";
|
| 65 |
}
|
| 66 |
?>
|
includes/log/widgets/words.php
CHANGED
|
@@ -55,8 +55,10 @@
|
|
| 55 |
}
|
| 56 |
|
| 57 |
echo "<a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$items->agent}'>{$agent}</a>";
|
|
|
|
|
|
|
| 58 |
|
| 59 |
-
echo "<a href='" . $
|
| 60 |
echo "</div>";
|
| 61 |
}
|
| 62 |
|
| 55 |
}
|
| 56 |
|
| 57 |
echo "<a href='?page=" . WP_STATISTICS_OVERVIEW_PAGE . "&type=last-all-visitor&agent={$items->agent}'>{$agent}</a>";
|
| 58 |
+
|
| 59 |
+
$referrer_html = $WP_Statistics->html_sanitize_referrer( $items->referred );
|
| 60 |
|
| 61 |
+
echo "<a href='" . $referrer_html . "' title='" . $referrer_html . "'>" . wp_statistics_icons('dashicons-admin-links', 'link') . " " . $referrer_html . "</a></div>";
|
| 62 |
echo "</div>";
|
| 63 |
}
|
| 64 |
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://wp-statistics.com/donate/
|
|
| 4 |
Tags: statistics, stats, visit, visitors, chart, browser, blog, today, yesterday, week, month, year, total, post, page, sidebar, summary, hits, pagerank, google, alexa, live visit
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 4.7
|
| 7 |
-
Stable tag: 12.0.
|
| 8 |
License: GPL3
|
| 9 |
|
| 10 |
Complete statistics for your WordPress site.
|
|
@@ -283,10 +283,16 @@ You may also downgrade to WP Statistics 10.3 as a temporary measure, but no new
|
|
| 283 |
10. View latest search engine referrers Statistics page.
|
| 284 |
|
| 285 |
== Upgrade Notice ==
|
| 286 |
-
= 12.0.
|
| 287 |
This is a security fix, please update immediately.
|
| 288 |
|
| 289 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 290 |
= 12.0.3 =
|
| 291 |
* Release Date: March 31, 2017
|
| 292 |
* Fixed: Additional XSS issue with referrers, thanks Gen Sato who submitted to JPCERT/CC Vulnerability Handling Team.
|
| 4 |
Tags: statistics, stats, visit, visitors, chart, browser, blog, today, yesterday, week, month, year, total, post, page, sidebar, summary, hits, pagerank, google, alexa, live visit
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 4.7
|
| 7 |
+
Stable tag: 12.0.4
|
| 8 |
License: GPL3
|
| 9 |
|
| 10 |
Complete statistics for your WordPress site.
|
| 283 |
10. View latest search engine referrers Statistics page.
|
| 284 |
|
| 285 |
== Upgrade Notice ==
|
| 286 |
+
= 12.0.4 =
|
| 287 |
This is a security fix, please update immediately.
|
| 288 |
|
| 289 |
== Changelog ==
|
| 290 |
+
= 12.0.4 =
|
| 291 |
+
* Release Date: April 1, 2017
|
| 292 |
+
* Fixed: Additional XSS issue with referrers, thanks Gen Sato who submitted to JPCERT/CC Vulnerability Handling Team.
|
| 293 |
+
* Updated: Optimizations for referrers encoding.
|
| 294 |
+
* Updated: Logic for detecting invalid referrer types to capture more types.
|
| 295 |
+
|
| 296 |
= 12.0.3 =
|
| 297 |
* Release Date: March 31, 2017
|
| 298 |
* Fixed: Additional XSS issue with referrers, thanks Gen Sato who submitted to JPCERT/CC Vulnerability Handling Team.
|
wp-statistics.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: WP Statistics
|
| 4 |
* Plugin URI: http://wp-statistics.com/
|
| 5 |
* Description: Complete statistics for your WordPress site.
|
| 6 |
-
* Version: 12.0.
|
| 7 |
* Author: Greg Ross & Mostafa Soufi
|
| 8 |
* Author URI: http://wp-statistics.com/
|
| 9 |
* Text Domain: wp_statistics
|
|
@@ -12,7 +12,7 @@
|
|
| 12 |
*/
|
| 13 |
|
| 14 |
// These defines are used later for various reasons.
|
| 15 |
-
define('WP_STATISTICS_VERSION', '12.0.
|
| 16 |
define('WP_STATISTICS_MANUAL', 'manual/WP Statistics Admin Manual.');
|
| 17 |
define('WP_STATISTICS_REQUIRED_PHP_VERSION', '5.4.0');
|
| 18 |
define('WP_STATISTICS_REQUIRED_GEOIP_PHP_VERSION', WP_STATISTICS_REQUIRED_PHP_VERSION);
|
| 3 |
* Plugin Name: WP Statistics
|
| 4 |
* Plugin URI: http://wp-statistics.com/
|
| 5 |
* Description: Complete statistics for your WordPress site.
|
| 6 |
+
* Version: 12.0.4
|
| 7 |
* Author: Greg Ross & Mostafa Soufi
|
| 8 |
* Author URI: http://wp-statistics.com/
|
| 9 |
* Text Domain: wp_statistics
|
| 12 |
*/
|
| 13 |
|
| 14 |
// These defines are used later for various reasons.
|
| 15 |
+
define('WP_STATISTICS_VERSION', '12.0.4');
|
| 16 |
define('WP_STATISTICS_MANUAL', 'manual/WP Statistics Admin Manual.');
|
| 17 |
define('WP_STATISTICS_REQUIRED_PHP_VERSION', '5.4.0');
|
| 18 |
define('WP_STATISTICS_REQUIRED_GEOIP_PHP_VERSION', WP_STATISTICS_REQUIRED_PHP_VERSION);
|
