Yasr – Yet Another Stars Rating - Version 0.1.3

Version Description

  • Fixed some security issues. Please Update
Download this release

Release Info

Developer Dudo
Plugin Icon 128x128 Yasr – Yet Another Stars Rating
Version 0.1.3
Comparing to
See all releases

Code changes from version 0.2.3 to 0.1.3

css/yasr.css CHANGED
@@ -239,4 +239,4 @@
239
#yasr-log-page-navigation {
240
padding-top: 7px;
241
text-align: center;
242
- }
239
#yasr-log-page-navigation {
240
padding-top: 7px;
241
text-align: center;
242
+ }
lib/yasr-ajax-functions.php CHANGED
@@ -80,7 +80,6 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
80
if(isset($_POST['set_id']) && isset($_POST['post_id'])) {
81
$set_type = $_POST['set_id'];
82
$post_id = $_POST['post_id'];
83
- $nonce_visitor = $_POST['nonce_visitor'];
84
}
85
else {
86
exit();
@@ -90,10 +89,6 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
90
wp_die( __( 'You do not have sufficient permissions to access this page.', 'yasr' ) );
91
}
92
93
- if ( ! wp_verify_nonce( $nonce_visitor, 'yasr_nonce_insert_visitor_rating' ) ) {
94
- die( 'Security check' );
95
- }
96
-
97
global $wpdb;
98
99
$set_values=yasr_get_multi_set_values_and_field ($post_id, $set_type);
@@ -142,7 +137,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
142
143
echo "<tr> <td>";
144
echo "$name->name </td>";
145
- echo "<td> <div class=\"rateit bigstars multi\" id=\"$name->id\" data-rateit-value=\"\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-step=\"0.5\" data-rateit-resetable=\"true\" data-rateit-readonly=\"false\"></div> </td>";
146
echo "</tr>";
147
}
148
echo "</table>
@@ -179,7 +174,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
179
$set_content->vote = $integer_vote+1;
180
}
181
182
- echo "<td width=\"50%\"> <div class=\"rateit bigstars multi\" id=\"$set_content->id\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-value=\"$set_content->vote\" data-rateit-step=\"0.5\" data-rateit-resetable=\"true\" data-rateit-readonly=\"false\"></div> </td></tr>";
183
} //End foreach
184
echo "</table>";
185
@@ -480,7 +475,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
480
481
echo "
482
483
- <input type=\"hidden\" name=\"yasr-edit-form-number-elements\" id=\"yasr-edit-form-number-elements\" value=\"$i\">
484
485
</table>
486
@@ -515,6 +510,14 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
515
516
</form>
517
518
<?php
519
520
die();
@@ -654,7 +657,6 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
654
655
656
657
-
658
/******
659
Display recent votes on dashboard, called from function yasr_display_dashboard_log_wiget,
660
declared on yasr-db-function ******/
@@ -674,10 +676,6 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
674
$page_num = 1;
675
}
676
677
- if ( ! current_user_can( 'manage_options' ) ) {
678
- wp_die( __( 'You do not have sufficient permissions to access this page.', 'yasr' ) );
679
- }
680
-
681
$limit = 8; //max number of row to echo
682
683
$offset = ( $page_num - 1 ) * $limit;
80
if(isset($_POST['set_id']) && isset($_POST['post_id'])) {
81
$set_type = $_POST['set_id'];
82
$post_id = $_POST['post_id'];
83
}
84
else {
85
exit();
89
wp_die( __( 'You do not have sufficient permissions to access this page.', 'yasr' ) );
90
}
91
92
global $wpdb;
93
94
$set_values=yasr_get_multi_set_values_and_field ($post_id, $set_type);
137
138
echo "<tr> <td>";
139
echo "$name->name </td>";
140
+ echo "<td> <div class=\"rateit bigstars\" id=\"$name->id\" data-rateit-value=\"\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-step=\"0.5\" data-rateit-resetable=\"true\" data-rateit-readonly=\"false\"></div> </td>";
141
echo "</tr>";
142
}
143
echo "</table>
174
$set_content->vote = $integer_vote+1;
175
}
176
177
+ echo "<td width=\"50%\"> <div class=\"rateit bigstars\" id=\"$set_content->id\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-value=\"$set_content->vote\" data-rateit-step=\"0.5\" data-rateit-resetable=\"true\" data-rateit-readonly=\"false\"></div> </td></tr>";
178
} //End foreach
179
echo "</table>";
180
475
476
echo "
477
478
+ <input type=\"hidden\" name=\"yasr-edit-form-number-elements\" value=\"$i\">
479
480
</table>
481
510
511
</form>
512
513
+ <script type="text/javascript">
514
+
515
+ var counter = <?php echo "$i"; ?>;
516
+
517
+ counter = counter+1;
518
+
519
+ </script>
520
+
521
<?php
522
523
die();
657
658
659
660
/******
661
Display recent votes on dashboard, called from function yasr_display_dashboard_log_wiget,
662
declared on yasr-db-function ******/
676
$page_num = 1;
677
}
678
679
$limit = 8; //max number of row to echo
680
681
$offset = ( $page_num - 1 ) * $limit;
lib/yasr-db-functions.php CHANGED
@@ -93,7 +93,7 @@ function yasr_search_gd_star_rating () {
93
}
94
95
else {
96
- __( 'No previous Gd Star Ratings installation was found', 'yasr' );
97
}
98
}
99
@@ -406,7 +406,7 @@ function yasr_process_new_multi_set_form()
406
//IF thes fields are not empty go ahed
407
if ($_POST['multi-set-name']!='' && $_POST['multi-set-name-element-1']!='' && $_POST['multi-set-name-element-2']!='' ) {
408
409
- $multi_set_name = ucfirst(strtolower($_POST['multi-set-name']));
410
411
$multi_set_name_element_=array();
412
@@ -579,25 +579,12 @@ function yasr_process_edit_multi_set_form() {
579
array ('%d')
580
);
581
582
- $remove_set_votes = $wpdb->delete (
583
- YASR_MULTI_SET_VALUES_TABLE,
584
- array(
585
- 'set_type' => $set_id,
586
- ),
587
- array ('%d')
588
- );
589
-
590
if ($remove_set===FALSE) {
591
$error = TRUE;
592
$array_errors[] = __("Something goes wrong trying to delete a multi-set . Please report it", 'yasr');
593
}
594
595
if ($remove_set_values===FALSE) {
596
- $error = TRUE;
597
- $array_errors[] = __("Something goes wrong trying to delete data fields for a set. Please report it", 'yasr');
598
- }
599
-
600
- if ($remove_set_votes===FALSE) {
601
$error = TRUE;
602
$array_errors[] = __("Something goes wrong trying to delete data values for a set. Please report it", 'yasr');
603
}
@@ -607,7 +594,7 @@ function yasr_process_edit_multi_set_form() {
607
608
for ($i = 0; $i <= 9; $i++) {
609
610
- //Than, check if the user want to remove some field
611
if (isset($_POST["remove-element-$i"]) && !isset($_POST["yasr-remove-multi-set"]) ) {
612
613
$remove_field = $wpdb->delete (
@@ -647,11 +634,11 @@ function yasr_process_edit_multi_set_form() {
647
648
$field_name = $_POST["edit-multi-set-element-$i"];
649
650
- //if elements name is shorter than 3 chars
651
- if (mb_strlen($field_name) <3 ) {
652
- $array_errors[] = __("Field # $i must be at least 3 characters", "yasr");
653
- $error=TRUE;
654
- }
655
656
else {
657
@@ -688,16 +675,13 @@ function yasr_process_edit_multi_set_form() {
688
689
$field_name = $_POST["edit-multi-set-element-$i"];
690
691
- //if elements name is shorter than 3 chars return error. I use mb_strlen($field_name) > 1
692
- //because I don't wont return error if an user add an empty field. An empty field will be
693
- //just ignored
694
- if (mb_strlen($field_name) > 1 && mb_strlen($field_name) < 3) {
695
$array_errors[] = __("Field # $i must be at least 3 characters", "yasr");
696
$error=TRUE;
697
}
698
699
- //if field is not empty
700
- elseif ($field_name != '') {
701
702
$highest_id=$wpdb->get_results("SELECT id FROM " . YASR_MULTI_SET_FIELDS_TABLE . " ORDER BY id DESC LIMIT 1 ");
703
@@ -769,7 +753,6 @@ add_action( 'plugins_loaded', 'add_action_dashboard_widget_log' );
769
770
771
function yasr_display_dashboard_log_wiget () {
772
-
773
774
$limit = 8; //max number of row to echo
775
@@ -881,6 +864,8 @@ add_action( 'plugins_loaded', 'add_action_dashboard_widget_log' );
881
882
?>
883
884
<script type="text/javascript">
885
886
//Log
@@ -888,8 +873,7 @@ add_action( 'plugins_loaded', 'add_action_dashboard_widget_log' );
888
889
var data = {
890
action : 'yasr_change_log_page',
891
- pagenum: jQuery(this).val(),
892
-
893
};
894
895
jQuery.post(ajaxurl, data, function(response) {
@@ -904,8 +888,7 @@ add_action( 'plugins_loaded', 'add_action_dashboard_widget_log' );
904
905
var data = {
906
action : 'yasr_change_log_page',
907
- pagenum: jQuery(this).val(),
908
-
909
};
910
911
jQuery.post(ajaxurl, data, function(response) {
93
}
94
95
else {
96
+ _e( 'Gd Star Rating non trovato' );
97
}
98
}
99
406
//IF thes fields are not empty go ahed
407
if ($_POST['multi-set-name']!='' && $_POST['multi-set-name-element-1']!='' && $_POST['multi-set-name-element-2']!='' ) {
408
409
+ $multi_set_name = $_POST['multi-set-name'];
410
411
$multi_set_name_element_=array();
412
579
array ('%d')
580
);
581
582
if ($remove_set===FALSE) {
583
$error = TRUE;
584
$array_errors[] = __("Something goes wrong trying to delete a multi-set . Please report it", 'yasr');
585
}
586
587
if ($remove_set_values===FALSE) {
588
$error = TRUE;
589
$array_errors[] = __("Something goes wrong trying to delete data values for a set. Please report it", 'yasr');
590
}
594
595
for ($i = 0; $i <= 9; $i++) {
596
597
+ //First, check if the user want to remove some field
598
if (isset($_POST["remove-element-$i"]) && !isset($_POST["yasr-remove-multi-set"]) ) {
599
600
$remove_field = $wpdb->delete (
634
635
$field_name = $_POST["edit-multi-set-element-$i"];
636
637
+ //if elements name is shorter than 3 chars
638
+ if (mb_strlen($field_name) <3 ) {
639
+ $array_errors[] = __("Field # $i must be at least 3 charactersssss", "yasr");
640
+ $error=TRUE;
641
+ }
642
643
else {
644
675
676
$field_name = $_POST["edit-multi-set-element-$i"];
677
678
+ //if elements name is shorter than 3 chars
679
+ if (mb_strlen($field_name) < 3) {
680
$array_errors[] = __("Field # $i must be at least 3 characters", "yasr");
681
$error=TRUE;
682
}
683
684
+ else {
685
686
$highest_id=$wpdb->get_results("SELECT id FROM " . YASR_MULTI_SET_FIELDS_TABLE . " ORDER BY id DESC LIMIT 1 ");
687
753
754
755
function yasr_display_dashboard_log_wiget () {
756
757
$limit = 8; //max number of row to echo
758
864
865
?>
866
867
+
868
+
869
<script type="text/javascript">
870
871
//Log
873
874
var data = {
875
action : 'yasr_change_log_page',
876
+ pagenum: jQuery(this).val()
877
};
878
879
jQuery.post(ajaxurl, data, function(response) {
888
889
var data = {
890
action : 'yasr_change_log_page',
891
+ pagenum: jQuery(this).val()
892
};
893
894
jQuery.post(ajaxurl, data, function(response) {
lib/yasr-functions.php CHANGED
@@ -141,9 +141,9 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
141
142
<?php
143
144
- $error_new_multi_set=yasr_process_new_multi_set_form(); //defined in yasr-db-functions
145
146
- $error_edit_multi_set=yasr_process_edit_multi_set_form(); //defined in yasr-db-functions
147
148
if ($error_new_multi_set) {
149
echo "<div class=\"error\"> <p> <strong>";
@@ -187,173 +187,6 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
187
} //End yasr_settings_page_content
188
189
190
- /****** Create a form for settings page to create new multi set ******/
191
- function yasr_display_multi_set_form() {
192
- ?>
193
-
194
- <h4 align="center">Add New Multiple Set</h4>
195
- <em><?php _e('Field Name, Element#1 and Element#2 MUST be filled and must be long at least 3 characters', 'yasr') ?></em>
196
- <p>
197
- <form action="<?php echo admin_url('options-general.php?page=yasr_settings_page') ?>" id="form_add_multi_set" method="post">
198
- <strong><?php _e("Name", 'yasr')?></strong>
199
- <input type="text" name="multi-set-name" id="new-multi-set-name" class="input-text-multi-set">
200
- <input type="hidden" name="action" value="yasr_new_multi_set_form" />
201
-
202
- <p></p>
203
- <?php _e("You can insert up to nine element") ?>
204
- <br />
205
-
206
- <?php for($i=1; $i<=9; $i++) {
207
-
208
- echo "<strong>" . __("Element ", 'yasr') . "#$i" . "</strong>";
209
- ?>
210
- <input type="text" name="multi-set-name-element-<?php echo $i ?>" id="multi-set-name-element-<?php echo $i ?>" class="input-text-multi-set">
211
- <br />
212
-
213
- <?php } //End foreach
214
-
215
- wp_nonce_field( 'add-multi-set', 'add-nonce-new-multi-set' ) ?><!-- a little security to process on submission -->
216
-
217
- <br />
218
- <input type="submit" value="<?php _e("Create New Set", 'yasr') ?>" class="button-primary"/>
219
- </form>
220
-
221
- <?php
222
- } //End function
223
-
224
-
225
- /****** This function print the form to edit multi-set ******/
226
- function yasr_edit_multi_form() {
227
-
228
- $multi_set=yasr_get_multi_set();
229
-
230
- global $wpdb;
231
-
232
- $n_multi_set = $wpdb->num_rows; //wpdb->num_rows always store the last of the last query
233
-
234
- if ($n_multi_set > 1) {
235
- ?>
236
-
237
- <button href="#" class="button-delete" id="yasr-manage-multi-set"> <?php _e("Manage existing multi-set", 'yasr'); ?> </button>
238
-
239
- <div class="yasr-manage-multiset">
240
-
241
- <?php _e('Wich set do you want to edit or remove?', 'yasr')?>
242
-
243
- <select id ="yasr_select_edit_set">
244
- <?php foreach ($multi_set as $name) { ?>
245
- <option value="<?php echo $name->set_id ?>"><?php echo $name->set_name ?></option>
246
- <?php } //End foreach ?>
247
- </select>
248
-
249
- </div>
250
-
251
- <?php
252
- } //End if n_multi_set >1
253
-
254
- elseif ($n_multi_set == 1) {
255
-
256
- $set_name=$wpdb->get_results("SELECT field_name AS name, field_id AS id, parent_set_id AS set_id
257
- FROM " . YASR_MULTI_SET_FIELDS_TABLE . "
258
- ORDER BY field_id ASC");
259
-
260
- foreach ($multi_set as $find_set_id) {
261
- $set_type = $find_set_id->set_id;
262
- }
263
-
264
- ?>
265
-
266
- <button href="#" class="button-delete" id="yasr-manage-multi-set-single"> <?php _e("Manage existing multi-set", 'yasr'); ?> </button>
267
-
268
- <div class="yasr-manage-multiset-single">
269
-
270
- <form action=" <?php echo admin_url('options-general.php?page=yasr_settings_page') ?>" id="form_edit_multi_set" method="post">
271
-
272
- <input type="hidden" name="yasr_edit_multi_set_form" value="<?php echo $set_type ?>" />
273
-
274
- <table id="yasr-table-form-edit-multi-set">
275
- <tr>
276
-
277
- <td id="yasr-table-form-edit-multi-set-header">
278
- <?php _e('Field name', 'yasr') ?>
279
- </td>
280
-
281
- <td id="yasr-table-form-edit-multi-set-remove">
282
- <?php _e('Remove', 'yasr') ?>
283
- </td>
284
-
285
- </tr>
286
-
287
- <?php
288
-
289
- $i=1;
290
- foreach ($set_name as $name) {
291
- echo "
292
- <tr>
293
-
294
- <td width=\"80%\">
295
- Element #$i <input type=\"text\" value=\"$name->name\" name=\"edit-multi-set-element-$name->id\">
296
- </td>
297
-
298
- <td width=\"20%\" style=\"text-align:center\">
299
- <input type=\"checkbox\" name=\"remove-element-$name->id\">
300
- </td>
301
-
302
- </tr>
303
- ";
304
- $i++;
305
- }
306
-
307
-
308
- $i = $i-1; //This is the number of the fields
309
-
310
- echo "
311
-
312
- <input type=\"hidden\" name=\"yasr-edit-form-number-elements\" id=\"yasr-edit-form-number-elements\" value=\"$i\">
313
-
314
- </table>
315
-
316
- <table width=\"100%\" class=\"yasr-edit-form-remove-entire-set\">
317
- <tr>
318
-
319
- <td width=\"80%\">Remove whole set?</td>
320
-
321
- <td width=\"20%\" style=\"text-align:center\">
322
- <input type=\"checkbox\" name=\"yasr-remove-multi-set\" value=\"$set_type\">
323
- </td>
324
-
325
- </tr>
326
-
327
- </table>
328
-
329
- ";
330
-
331
- echo "<p>";
332
- _e("If you remove something you will remove all the votes for that set or field. This operation CAN'T BE undone." , "yasr");
333
- echo "</p>";
334
-
335
- wp_nonce_field( 'edit-multi-set', 'add-nonce-edit-multi-set' )
336
-
337
- ?>
338
-
339
- <div id="yasr-element-limit" style="display:none; color:red"><?php _e("You can use up to 9 elements" , "yasr") ?></div>
340
-
341
- <input type="button" class="button-delete" id="yasr-add-field-edit-multiset" value="<?php _e('Add element', 'yasr'); ?>">
342
-
343
- <input type="submit" value="<?php _e('Save changes', 'yasr') ?>" class="button-primary" >
344
-
345
- </form>
346
-
347
- </div>
348
-
349
- <?php
350
- }
351
-
352
- else {
353
- _e("No multiple set were found");
354
- }
355
-
356
- }//End function
357
358
359
/****** Create 2 metaboxes in post and pages ******/
@@ -454,7 +287,7 @@ function yasr_edit_multi_form() {
454
return $content . $overall_rating_shortcode;
455
break;
456
} //End Switch
457
- } //end ($option['what']=='overall_rating')
458
459
elseif ($option['what']=='visitor_rating') {
460
switch ($option['where']) {
@@ -525,4 +358,101 @@ function yasr_add_tinymce_button($buttons) {
525
//Add the button ID to the $button array
526
$buttons[] = "yasr_button";
527
return $buttons;
528
- }
141
142
<?php
143
144
+ $error_new_multi_set=yasr_process_new_multi_set_form();
145
146
+ $error_edit_multi_set=yasr_process_edit_multi_set_form();
147
148
if ($error_new_multi_set) {
149
echo "<div class=\"error\"> <p> <strong>";
187
} //End yasr_settings_page_content
188
189
190
191
192
/****** Create 2 metaboxes in post and pages ******/
287
return $content . $overall_rating_shortcode;
288
break;
289
} //End Switch
290
+ } //end ($option['what']==='overall_rating')
291
292
elseif ($option['what']=='visitor_rating') {
293
switch ($option['where']) {
358
//Add the button ID to the $button array
359
$buttons[] = "yasr_button";
360
return $buttons;
361
+ }
362
+
363
+
364
+ /****** Create a form for settings page to create new multi set ******/
365
+ function yasr_display_multi_set_form() {
366
+ ?>
367
+
368
+ <h4 align="center">Add New Multiple Set</h4>
369
+ <em><?php _e('Field Name, Element#1 and Element#2 MUST be filled and must be long at least 3 characters', 'yasr') ?></em>
370
+ <p>
371
+ <form action="<?php echo admin_url('options-general.php?page=yasr_settings_page') ?>" id="form_add_multi_set" method="post">
372
+ <strong><?php _e("Name", 'yasr')?></strong>
373
+ <input type="text" name="multi-set-name" id="new-multi-set-name" class="input-text-multi-set">
374
+ <input type="hidden" name="action" value="yasr_new_multi_set_form" />
375
+
376
+ <p></p>
377
+ <?php _e("You can insert up to nine element") ?>
378
+ <br />
379
+
380
+ <?php for($i=1; $i<=9; $i++) {
381
+
382
+ echo "<strong>" . __("Element ", 'yasr') . "#$i" . "</strong>";
383
+ ?>
384
+ <input type="text" name="multi-set-name-element-<?php echo $i ?>" id="multi-set-name-element-<?php echo $i ?>" class="input-text-multi-set">
385
+ <br />
386
+
387
+ <?php } //End foreach
388
+
389
+ wp_nonce_field( 'add-multi-set', 'add-nonce-new-multi-set' ) ?><!-- a little security to process on submission -->
390
+
391
+ <br />
392
+ <input type="submit" value="<?php _e("Create New Set", 'yasr') ?>" class="button-primary"/>
393
+ </form>
394
+
395
+ <?php
396
+ } //End function
397
+
398
+
399
+ /****** This function print the form to edit multi-set ******/
400
+ function yasr_edit_multi_form() {
401
+
402
+ $multi_set=yasr_get_multi_set();
403
+
404
+ global $wpdb;
405
+
406
+ $n_multi_set = $wpdb->num_rows; //wpdb->num_rows always store the last of the last query
407
+
408
+ if ($n_multi_set > 1) {
409
+ ?>
410
+
411
+ <button href="#" class="button-delete" id="yasr-manage-multi-set"> <?php _e("Manage existing multi-set", 'yasr'); ?> </button>
412
+
413
+ <div class="yasr-manage-multiset">
414
+
415
+ <?php _e('Wich set do you want to edit or remove?', 'yasr')?>
416
+
417
+ <select id ="yasr_select_edit_set">
418
+ <?php foreach ($multi_set as $name) { ?>
419
+ <option value="<?php echo $name->set_id ?>"><?php echo $name->set_name ?></option>
420
+ <?php } //End foreach ?>
421
+ </select>
422
+
423
+ </div>
424
+
425
+ <?php
426
+ } //End if n_multi_set >1
427
+
428
+ elseif ($n_multi_set == 1) {
429
+ ?>
430
+
431
+ <button href="#" class="button-delete" id="yasr-manage-multi-set-single"> <?php _e("Manage existing multi-set", 'yasr'); ?> </button>
432
+
433
+ <div class="yasr-manage-multiset-single">
434
+
435
+ <?php
436
+
437
+ $set_name=$wpdb->get_results("SELECT field_name AS name, field_id AS id
438
+ FROM " . YASR_MULTI_SET_FIELDS_TABLE . "
439
+ ORDER BY field_id ASC");
440
+
441
+ $i=1;
442
+ foreach ($set_name as $name) {
443
+ echo "Element #$i <input type=\"text\" value=\"$name->name\"> <br />";
444
+ $i++;
445
+ }
446
+
447
+ ?>
448
+
449
+ </div>
450
+
451
+ <?php
452
+ }
453
+
454
+ else {
455
+ _e("No multiple set were found");
456
+ }
457
+
458
+ }//End function
lib/yasr-shortcode-functions.php CHANGED
@@ -26,109 +26,96 @@ add_shortcode ('yasr_visitor_votes', 'shortcode_visitor_votes_callback');
26
27
function shortcode_visitor_votes_callback () {
28
29
- $shortcode_html = NULL; //Avoid undefined variable outside is_singular && is_main_query
30
31
- if( is_singular() && is_main_query() ) {
32
33
- $ajax_nonce_visitor = wp_create_nonce( "yasr_nonce_insert_visitor_rating" );
34
-
35
- $votes=yasr_get_visitor_votes();
36
-
37
- $medium_rating=0; //Avoid undefined variable
38
-
39
- if (!$votes) {
40
- $votes=0; //Avoid undefined variable if there is not overall rating
41
- $votes_number=0; //Avoid undefined variable
42
- }
43
44
- else {
45
- foreach ($votes as $user_votes) {
46
- $votes_number = $user_votes->number_of_votes;
47
- if ($votes_number !=0 ) {
48
- $medium_rating = ($user_votes->sum_votes/$votes_number);
49
- }
50
}
51
- }
52
-
53
- $medium_rating=round($medium_rating, 1);
54
-
55
- if ($votes_number>0) {
56
- $shortcode_html="<div id=\"yasr_visitor_votes\"><div class=\"rateit bigstars\" id=\"yasr_rateit_visitor_votes\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-value=\"$medium_rating\" data-rateit-step=\"1\" data-rateit-resetable=\"false\" data-rateit-readonly=\"false\">
57
- </div><br /> " . __("Average Rating", "yasr") . " $medium_rating / 5 (" . __("$votes_number votes casts" , "yasr") . ")</div>";
58
- }
59
-
60
- else {
61
- $shortcode_html="<div id=\"yasr_visitor_votes\"><div class=\"rateit bigstars\" id=\"yasr_rateit_visitor_votes\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-value=\"0\" data-rateit-step=\"1\" data-rateit-resetable=\"false\" data-rateit-readonly=\"false\">
62
- </div><br /> " . __("No rating yet" , "yasr") . "</div>";
63
}
64
65
66
- ?>
67
-
68
- <script>
69
- jQuery(document).ready(function() {
70
-
71
- var tooltipvalues = ['bad', 'poor', 'ok', 'good', 'super'];
72
- jQuery("#yasr_rateit_visitor_votes").bind('over', function (event, value) { jQuery(this).attr('title', tooltipvalues[value-1]); });
73
-
74
- var postid = <?php the_ID(); ?>;
75
- var cookiename = "yasr_visitor_vote_" + postid;
76
77
- //If there is not cookie allow visitor to vote
78
- if (!jQuery.cookie(cookiename)) {
79
-
80
- jQuery('#yasr_rateit_visitor_votes').on('rated', function() {
81
- var el = jQuery(this);
82
- var value = el.rateit('value');
83
- var value = value.toFixed(1); //
84
- var ajaxurl = "<?php echo admin_url('admin-ajax.php'); ?>";
85
-
86
- var data = {
87
- action: 'yasr_send_visitor_rating',
88
- rating: value,
89
- post_id: postid,
90
- nonce_visitor: "<?php echo "$ajax_nonce_visitor"; ?>"
91
- };
92
-
93
- //Send value to the Server
94
- jQuery.post(ajaxurl, data, function(response) {
95
- jQuery('#yasr_visitor_votes').html(response);
96
- jQuery('.rateit').rateit();
97
- //Create a cookie to disable double vote
98
- jQuery.cookie(cookiename, value, { expires : 360 });
99
- }) ;
100
- });
101
- } //End if (!jQuery.cookie(cookiename))
102
-
103
- //Else user cannot vote
104
- else {
105
- var cookievote=jQuery.cookie(cookiename);
106
- var ajaxurl = "<?php echo admin_url('admin-ajax.php'); ?>";
107
-
108
- var data = {
109
- action: 'yasr_readonly_visitor_shortcode',
110
- rating: cookievote,
111
- votes: <?php echo $medium_rating ?>,
112
- votes_number: <?php echo $votes_number ?>,
113
- post_id: postid
114
- }
115
-
116
- jQuery.post(ajaxurl, data, function(response) {
117
- jQuery('#yasr_visitor_votes').html(response);
118
- jQuery('.rateit').rateit();
119
- });
120
- } //End else
121
-
122
- });
123
-
124
- </script>
125
126
<?php
127
-
128
- } //End if is singular
129
-
130
- return $shortcode_html;
131
-
132
}
133
134
26
27
function shortcode_visitor_votes_callback () {
28
29
+ $votes=yasr_get_visitor_votes();
30
31
+ $medium_rating=0; //Avoid undefined variable
32
33
+ if (!$votes) {
34
+ $votes=0; //Avoid undefined variable if there is not overall rating
35
+ $votes_number=0; //Avoid undefined variable
36
+ }
37
38
+ else {
39
+ foreach ($votes as $user_votes) {
40
+ $votes_number = $user_votes->number_of_votes;
41
+ if ($votes_number !=0 ) {
42
+ $medium_rating = ($user_votes->sum_votes/$votes_number);
43
}
44
+ }
45
+ }
46
+
47
+ $medium_rating=round($medium_rating, 1);
48
+
49
+ if ($votes_number>0) {
50
+ $shortcode_html="<div id=\"yasr_visitor_votes\"><div class=\"rateit bigstars\" id=\"yasr_rateit_visitor_votes\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-value=\"$medium_rating\" data-rateit-step=\"1\" data-rateit-resetable=\"false\" data-rateit-readonly=\"false\">
51
+ </div><br /> " . __("Average Rating", "yasr") . " $medium_rating / 5 (" . __("$votes_number votes casts" , "yasr") . ")</div>";
52
+ }
53
+ else {
54
+ $shortcode_html="<div id=\"yasr_visitor_votes\"><div class=\"rateit bigstars\" id=\"yasr_rateit_visitor_votes\" data-rateit-starwidth=\"32\" data-rateit-starheight=\"32\" data-rateit-value=\"0\" data-rateit-step=\"1\" data-rateit-resetable=\"false\" data-rateit-readonly=\"false\">
55
+ </div><br /> " . __("No rating yet" , "yasr") . "</div>";
56
+ }
57
+
58
+ ?>
59
+
60
+ <script>
61
+ jQuery(document).ready(function() {
62
+
63
+ var tooltipvalues = ['bad', 'poor', 'ok', 'good', 'super'];
64
+ jQuery("#yasr_rateit_visitor_votes").bind('over', function (event, value) { jQuery(this).attr('title', tooltipvalues[value-1]); });
65
+
66
+ var postid = <?php the_ID(); ?>;
67
+ var cookiename = "yasr_visitor_vote_" + postid;
68
+
69
+ //If there is not cookie allow visitor to vote
70
+ if (!jQuery.cookie(cookiename)) {
71
+
72
+ jQuery('#yasr_rateit_visitor_votes').on('rated', function() {
73
+ var el = jQuery(this);
74
+ var value = el.rateit('value');
75
+ var value = value.toFixed(1); //
76
+ var ajaxurl = "<?php echo admin_url('admin-ajax.php'); ?>";
77
+
78
+ var data = {
79
+ action: 'yasr_send_visitor_rating',
80
+ rating: value,
81
+ post_id: postid
82
+ };
83
+
84
+ //Send value to the Server
85
+ jQuery.post(ajaxurl, data, function(response) {
86
+ jQuery('#yasr_visitor_votes').html(response);
87
+ jQuery('.rateit').rateit();
88
+ //Create a cookie to disable double vote
89
+ jQuery.cookie(cookiename, value, { expires : 360 });
90
+ }) ;
91
+ });
92
+ } //End if (!jQuery.cookie(cookiename))
93
+
94
+ //Else user cannot vote
95
+ else {
96
+ var cookievote=jQuery.cookie(cookiename);
97
+ var ajaxurl = "<?php echo admin_url('admin-ajax.php'); ?>";
98
+
99
+ var data = {
100
+ action: 'yasr_readonly_visitor_shortcode',
101
+ rating: cookievote,
102
+ votes: <?php echo $medium_rating ?>,
103
+ votes_number: <?php echo $votes_number ?>,
104
+ post_id: postid
105
}
106
107
+ jQuery.post(ajaxurl, data, function(response) {
108
+ jQuery('#yasr_visitor_votes').html(response);
109
+ jQuery('.rateit').rateit();
110
+ });
111
+ } //End else
112
113
+ });
114
115
+ </script>
116
117
<?php
118
+ return $shortcode_html;
119
}
120
121
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
=== Yasr - Yet Another Stars Rating ===
2
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8S963KJ3UW5XG
3
- Tags: Rating, Review, Star, Snippet, Rich snippet, Schema, Schema.org, Serp
4
Requires at least: 3.5
5
Tested up to: 3.9.1
6
- Stable tag: 0.2.3
7
License: GPL2
8
License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
@@ -49,22 +49,6 @@ If with gd-star-rating you're using a different number of stars from the default
49
50
== Changelog ==
51
52
- = 0.2.3 =
53
- * [yasr_visitor_votes] it's now disabled outside a post or a page
54
- * Security fixes on ajax functions
55
- * Various fixes on multi-set settings
56
- * Code cleanup
57
-
58
- = 0.2.2 =
59
- * Fixed doulbe ajax request on overall rating when used just 1 multiple set
60
- * Many other minor bug fixes
61
-
62
- = 0.2.1 =
63
- * Fixed insert rating on multi set if only 1 is used
64
-
65
- = 0.2.0 =
66
- * Fixed Table installation
67
-
68
= 0.1.3 =
69
* Fixed some security issues. Please Update
70
1
=== Yasr - Yet Another Stars Rating ===
2
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8S963KJ3UW5XG
3
+ Tags: Rating, Review, Star, Snippet
4
Requires at least: 3.5
5
Tested up to: 3.9.1
6
+ Stable tag: 0.1.3
7
License: GPL2
8
License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
49
50
== Changelog ==
51
52
= 0.1.3 =
53
* Fixed some security issues. Please Update
54
yasr-metabox-multiple-rating.php CHANGED
@@ -4,8 +4,6 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
4
5
$multi_set=yasr_get_multi_set();
6
7
- $ajax_nonce_multi = wp_create_nonce( "yasr_nonce_insert_multi_rating" );
8
-
9
global $wpdb;
10
11
$n_multi_set = $wpdb->num_rows; //wpdb->num_rows always store the the count number of rows of the last query
@@ -15,7 +13,6 @@ if ($n_multi_set>1) {
15
_e("Choose wich set you want to use");
16
17
?>
18
-
19
<br />
20
<select id ="select_set">
21
<?php foreach ($multi_set as $name) { ?>
@@ -24,6 +21,10 @@ if ($n_multi_set>1) {
24
</select>
25
26
27
<script>
28
// --------------IF multiple set are found -------------------
29
@@ -42,7 +43,7 @@ jQuery('#select_set').on("change", function() {
42
jQuery('#yasr_rateit_multi_rating').html(response);
43
jQuery('.rateit').rateit();
44
45
- jQuery('.multi').on('rated', function() {
46
var el = jQuery(this);
47
var value = el.rateit('value');
48
var value = value.toFixed(1);
@@ -63,7 +64,7 @@ jQuery('#select_set').on("change", function() {
63
});
64
65
66
- jQuery('.multi').on('reset', function() {
67
var el = jQuery(this);
68
var value = '0';
69
var idField = el.attr('id');
@@ -109,17 +110,17 @@ jQuery( document ).ready(function() {
109
set_id: <?php echo $set_id ?>,
110
post_id: postid
111
}
112
-
113
//Send value to the Server
114
jQuery.post(ajaxurl, data_id, function(response) {
115
jQuery('#yasr_rateit_multi_rating').html(response);
116
jQuery('.rateit').rateit();
117
118
- jQuery('.multi').on('rated', function() {
119
var el = jQuery(this);
120
var value = el.rateit('value');
121
var value = value.toFixed(1);
122
var idField = el.attr('id');
123
124
var data = {
125
action: 'yasr_send_id_field_with_vote',
@@ -135,7 +136,7 @@ jQuery( document ).ready(function() {
135
136
});
137
138
- jQuery('.multi').on('reset', function() {
139
var el = jQuery(this);
140
var value = '0';
141
var idField = el.attr('id');
@@ -167,8 +168,6 @@ jQuery( document ).ready(function() {
167
168
<div>
169
<p>
170
- <span id="yasr_rateit_multi_rating">
171
-
172
- </span>
173
</p>
174
- </div>
4
5
$multi_set=yasr_get_multi_set();
6
7
global $wpdb;
8
9
$n_multi_set = $wpdb->num_rows; //wpdb->num_rows always store the the count number of rows of the last query
13
_e("Choose wich set you want to use");
14
15
?>
16
<br />
17
<select id ="select_set">
18
<?php foreach ($multi_set as $name) { ?>
21
</select>
22
23
24
+ <?php
25
+ $ajax_nonce_multi = wp_create_nonce( "yasr_nonce_insert_multi_rating" );
26
+ ?>
27
+
28
<script>
29
// --------------IF multiple set are found -------------------
30
43
jQuery('#yasr_rateit_multi_rating').html(response);
44
jQuery('.rateit').rateit();
45
46
+ jQuery('.rateit').on('rated', function() {
47
var el = jQuery(this);
48
var value = el.rateit('value');
49
var value = value.toFixed(1);
64
});
65
66
67
+ jQuery('.rateit').on('reset', function() {
68
var el = jQuery(this);
69
var value = '0';
70
var idField = el.attr('id');
110
set_id: <?php echo $set_id ?>,
111
post_id: postid
112
}
113
//Send value to the Server
114
jQuery.post(ajaxurl, data_id, function(response) {
115
jQuery('#yasr_rateit_multi_rating').html(response);
116
jQuery('.rateit').rateit();
117
118
+ jQuery('.rateit').on('rated', function() {
119
var el = jQuery(this);
120
var value = el.rateit('value');
121
var value = value.toFixed(1);
122
var idField = el.attr('id');
123
+ var setType = jQuery('#select_set').val();
124
125
var data = {
126
action: 'yasr_send_id_field_with_vote',
136
137
});
138
139
+ jQuery('.rateit').on('reset', function() {
140
var el = jQuery(this);
141
var value = '0';
142
var idField = el.attr('id');
168
169
<div>
170
<p>
171
+ <span id="yasr_rateit_multi_rating"></span>
172
</p>
173
+ </div>
yasr-metabox-overall-rating.php CHANGED
@@ -30,7 +30,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
30
</div>
31
32
<?php
33
- function yasr_overall_rating_javascript() {
34
35
$ajax_nonce_overall = wp_create_nonce( "yasr_nonce_insert_overall_rating" );
36
30
</div>
31
32
<?php
33
+ function yasr_overall_rating_javascript($nonce) {
34
35
$ajax_nonce_overall = wp_create_nonce( "yasr_nonce_insert_overall_rating" );
36
yasr-settings-page.php CHANGED
@@ -5,13 +5,6 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
5
if ( !current_user_can( 'manage_options' ) ) {
6
wp_die( __( 'You do not have sufficient permissions to access this page.', 'yasr' ));
7
}
8
-
9
- $multi_set=yasr_get_multi_set();
10
-
11
- global $wpdb;
12
-
13
- $n_multi_set = $wpdb->num_rows; //wpdb->num_rows always store the last of the last query
14
-
15
?>
16
17
@@ -51,7 +44,6 @@ if ( !current_user_can( 'manage_options' ) ) {
51
</div> <!--End yasr-multi-set-left-->
52
53
<div class="yasr-multi-set-right">
54
-
55
<?php yasr_edit_multi_form(); ?>
56
57
<div id="yasr-multi-set-response" style="display:none">
@@ -175,90 +167,50 @@ if ( !current_user_can( 'manage_options' ) ) {
175
jQuery('.yasr-manage-multiset').toggle();
176
});
177
178
- <?php if ($n_multi_set == 1) { ?>
179
-
180
-
181
- jQuery('#yasr-manage-multi-set-single').on('click', function() {
182
-
183
- jQuery('.yasr-manage-multiset-single').toggle();
184
-
185
- var counter = jQuery("#yasr-edit-form-number-elements").attr('value');
186
-
187
- counter++;
188
-
189
- jQuery("#yasr-add-field-edit-multiset").on('click', function() {
190
191
- if(counter>9){
192
- jQuery('#yasr-element-limit').show();
193
- jQuery('#yasr-add-field-edit-multiset').hide();
194
- return false;
195
- }
196
-
197
- var newTextBoxDiv = jQuery(document.createElement('tr'))
198
-
199
- newTextBoxDiv.html('<td colspan="2">Element #' + counter + ' <input type="text" name="edit-multi-set-element-' + counter + '" value="" ></td>');
200
-
201
- newTextBoxDiv.appendTo("#yasr-table-form-edit-multi-set");
202
-
203
- counter++;
204
-
205
- });
206
-
207
- });
208
-
209
- <?php
210
-
211
- } //End if ($n_multi_set == 1)
212
-
213
- if ($n_multi_set > 1) {
214
-
215
- ?>
216
217
218
- //If more then 1 set is used...
219
- jQuery('#yasr_select_edit_set').on("change", function() {
220
-
221
- var data = {
222
- action : 'yasr_get_multi_set',
223
- set_id : jQuery(this).val()
224
- }
225
-
226
- jQuery.post(ajaxurl, data, function(response) {
227
- jQuery('#yasr-multi-set-response').show();
228
- jQuery('#yasr-multi-set-response').toggle;
229
- jQuery('#yasr-multi-set-response').html(response);
230
- });
231
232
- });
233
234
-
235
- jQuery(document).ajaxComplete(function(){
236
-
237
- var counter = jQuery("#yasr-edit-form-number-elements").attr('value');
238
-
239
- counter++;
240
-
241
- jQuery("#yasr-add-field-edit-multiset").on('click', function() {
242
-
243
- if(counter>9){
244
- jQuery('#yasr-element-limit').show();
245
- jQuery('#yasr-add-field-edit-multiset').hide();
246
- return false;
247
- }
248
-
249
- var newTextBoxDiv = jQuery(document.createElement('tr'))
250
-
251
- newTextBoxDiv.html('<td colspan="2">Element #' + counter + ' <input type="text" name="edit-multi-set-element-' + counter + '" value="" ></td>');
252
-
253
- newTextBoxDiv.appendTo("#yasr-table-form-edit-multi-set");
254
-
255
- counter++;
256
-
257
- });
258
-
259
- });
260
-
261
- <?php } //End if ($n_multi_set > 1) ?>
262
263
264
//Terzo div code
5
if ( !current_user_can( 'manage_options' ) ) {
6
wp_die( __( 'You do not have sufficient permissions to access this page.', 'yasr' ));
7
}
8
?>
9
10
44
</div> <!--End yasr-multi-set-left-->
45
46
<div class="yasr-multi-set-right">
47
<?php yasr_edit_multi_form(); ?>
48
49
<div id="yasr-multi-set-response" style="display:none">
167
jQuery('.yasr-manage-multiset').toggle();
168
});
169
170
171
+ jQuery('#yasr-manage-multi-set-single').on('click', function() {
172
+ jQuery('.yasr-manage-multiset-single').toggle();
173
+ });
174
175
176
+ //If more then 1 set is used...
177
+ jQuery('#yasr_select_edit_set').on("change", function() {
178
+
179
+ var data = {
180
+ action : 'yasr_get_multi_set',
181
+ set_id : jQuery(this).val()
182
+ }
183
+
184
+ jQuery.post(ajaxurl, data, function(response) {
185
+ jQuery('#yasr-multi-set-response').show();
186
+ jQuery('#yasr-multi-set-response').toggle;
187
+ jQuery('#yasr-multi-set-response').html(response);
188
+ });
189
190
+ });
191
192
+
193
+ jQuery(document).ajaxComplete(function(){
194
+
195
+ jQuery("#yasr-add-field-edit-multiset").on('click', function() {
196
+
197
+ if(counter>9){
198
+ jQuery('#yasr-element-limit').show();
199
+ jQuery('#yasr-add-field-edit-multiset').hide();
200
+ return false;
201
+ }
202
+
203
+ var newTextBoxDiv = jQuery(document.createElement('tr'))
204
+
205
+ newTextBoxDiv.html('<td colspan="2">Element #' + counter + ' <input type="text" name="edit-multi-set-element-' + counter + '" value="" ></td>');
206
+
207
+ newTextBoxDiv.appendTo("#yasr-table-form-edit-multi-set");
208
+
209
+ counter++;
210
+
211
+ });
212
+
213
+ });
214
215
216
//Terzo div code
yet-another-stars-rating.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: Yet Another Stars Rating
4
* Plugin URI: http://wordpress.org/plugins/yet-another-stars-rating/
5
* Description: Rating system with rich snippets
6
- * Version: 0.2.3
7
* Author: Dario Curvino
8
* Author URI: http://profiles.wordpress.org/dudo/
9
* License: GPL2
@@ -28,7 +28,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>
28
*/
29
30
31
- define('YASR_VERSION_NUM', '0.2.3');
32
33
//Plugin absolute path
34
define( "YASR_ABSOLUTE_PATH", dirname(__FILE__) );
@@ -60,16 +62,14 @@ require (YASR_ABSOLUTE_PATH . '/lib/yasr-shortcode-functions.php');
60
61
$version_installed = get_option('yasr-version') ;
62
63
- //If this is a fresh new installation or version < 0.2.0
64
65
- if (!$version_installed || $version_installed < '0.2.0' ) {
66
67
yasr_install();
68
69
}
70
71
- update_option('yasr-version', YASR_VERSION_NUM);
72
-
73
global $wpdb;
74
75
define ("YASR_VOTES_TABLE", $wpdb->prefix . 'yasr_votes');
3
* Plugin Name: Yet Another Stars Rating
4
* Plugin URI: http://wordpress.org/plugins/yet-another-stars-rating/
5
* Description: Rating system with rich snippets
6
+ * Version: 0.1.3
7
* Author: Dario Curvino
8
* Author URI: http://profiles.wordpress.org/dudo/
9
* License: GPL2
28
*/
29
30
31
+ define('YASR_VERSION_NUM', '0.1.3');
32
+
33
+ update_option('yasr-version', YASR_VERSION_NUM);
34
35
//Plugin absolute path
36
define( "YASR_ABSOLUTE_PATH", dirname(__FILE__) );
62
63
$version_installed = get_option('yasr-version') ;
64
65
+ //If this is a fresh new installation
66
67
+ if (!$version_installed) {
68
69
yasr_install();
70
71
}
72
73
global $wpdb;
74
75
define ("YASR_VOTES_TABLE", $wpdb->prefix . 'yasr_votes');