Yasr – Yet Another Stars Rating - Version 0.7.4

Version Description

  • Security fix. Please update!
Download this release

Release Info

Developer Dudo
Plugin Icon 128x128 Yasr – Yet Another Stars Rating
Version 0.7.4
Comparing to
See all releases

Code changes from version 0.7.3 to 0.7.4

lib/yasr-ajax-functions.php CHANGED
@@ -30,7 +30,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
30
31
function yasr_insert_overall_rating_callback() {
32
33
- if (isset($_POST['rating']) && ($_POST['post_id'])) {
34
global $current_user;
35
get_currentuserinfo();
36
$rating = $_POST['rating'];
@@ -180,7 +180,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
180
add_action( 'wp_ajax_yasr_send_id_nameset', 'yasr_output_multiple_set_callback' );
181
182
function yasr_output_multiple_set_callback() {
183
- if(isset($_POST['set_id']) && isset($_POST['post_id'])) {
184
$set_type = $_POST['set_id'];
185
$post_id = $_POST['post_id'];
186
}
@@ -208,10 +208,11 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
208
209
<table class=\"yasr_table_multi_set_admin\">";
210
//Get Set fields name
211
- $set_name=$wpdb->get_results("SELECT field_name AS name, field_id AS id
212
FROM " . YASR_MULTI_SET_FIELDS_TABLE . "
213
- WHERE parent_set_id=$set_type
214
- ORDER BY field_id ASC");
215
216
foreach ($set_name as $name) {
217
@@ -322,6 +323,11 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
322
$id_field = $_POST['id_field'];
323
$set_type = $_POST['set_type'];
324
$nonce = $_POST['nonce'];
325
}
326
else {
327
exit();
@@ -338,11 +344,12 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
338
global $wpdb;
339
340
//Check if vote already exist
341
- $vote_already_exist=$wpdb->get_results("SELECT id FROM " . YASR_MULTI_SET_VALUES_TABLE . "
342
- WHERE post_id = $post_id
343
- AND set_type = $set_type
344
- AND field_id = $id_field
345
- ");
346
347
//If vote already exist, overwrite it
348
if ($vote_already_exist) {
@@ -396,7 +403,9 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
396
}
397
398
} //End else
399
die();
400
} //End callback function
401
402
@@ -572,9 +581,9 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
572
function yasr_import_step1_callback () {
573
574
//Since version 0.05 for pro and 0.6.5 for lite
575
- $gd_star_logs_imported = get_option('yasr-gdstar-logs-imported');
576
577
- if (!$gd_star_logs_imported) {
578
579
//Import logs from GD star
580
$logs = yasr_import_gdstar_logs();
@@ -593,7 +602,7 @@ if ( ! defined( 'ABSPATH' ) ) exit('You\'re not allowed to see this page'); // E
593
594
//Insert GD star review in yasr votes table
595
$check_query_success = yasr_insert_gdstar_data($reviews);
596
-
597
?>
598
599
<div class="yasr-result-step-1">
@@ -882,12 +891,20 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
882
add_action( 'wp_ajax_nopriv_yasr_send_visitor_rating', 'yasr_insert_visitor_votes_callback' );
883
884
function yasr_insert_visitor_votes_callback () {
885
- if(isset($_POST['rating']) && isset($_POST['post_id'])) {
886
$rating = $_POST['rating'];
887
$post_id = $_POST['post_id'];
888
$size = $_POST['size'];
889
$nonce_visitor = $_POST['nonce_visitor'];
890
}
891
else {
892
exit();
893
}
@@ -926,8 +943,9 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
926
927
global $wpdb;
928
929
- $row_exists = $wpdb->get_results ("SELECT number_of_votes, sum_votes FROM " . YASR_VOTES_TABLE . "
930
- WHERE post_id=$post_id");
931
932
//If post already has vote, find where it is and sum it
933
if ($row_exists) {
@@ -1018,12 +1036,20 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1018
add_action( 'wp_ajax_nopriv_yasr_update_visitor_rating', 'yasr_update_visitor_rating_callback' );
1019
1020
function yasr_update_visitor_rating_callback () {
1021
- if(isset($_POST['rating']) && isset($_POST['post_id'])) {
1022
$new_rating = $_POST['rating'];
1023
$post_id = $_POST['post_id'];
1024
$size = $_POST['size'];
1025
$nonce_visitor = $_POST['nonce_visitor'];
1026
}
1027
else {
1028
exit();
1029
}
@@ -1060,12 +1086,12 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1060
1061
global $wpdb;
1062
1063
- $all_post_votes = $wpdb->get_results ("SELECT sum_votes, number_of_votes FROM " . YASR_VOTES_TABLE . " WHERE post_id=$post_id");
1064
1065
global $current_user;
1066
get_currentuserinfo();
1067
1068
- $previous_vote = $wpdb->get_results ("SELECT vote FROM " . YASR_LOG_TABLE . " WHERE user_id=$current_user->ID AND post_id=$post_id");
1069
1070
1071
foreach ($all_post_votes as $votes) {
@@ -1098,7 +1124,7 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1098
array (
1099
'post_id' => $post_id
1100
),
1101
- array('%s' ),
1102
array( '%d' )
1103
);
1104
@@ -1113,7 +1139,9 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1113
array (
1114
'post_id' => $post_id,
1115
'user_id' => $current_user->ID
1116
- )
1117
);
1118
1119
@@ -1141,6 +1169,13 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1141
$rating = $_POST['rating'];
1142
$post_id = $_POST['post_id'];
1143
$size = $_POST['size'];
1144
}
1145
else {
1146
exit();
@@ -1236,7 +1271,7 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1236
1237
function yasr_stats_visitors_votes_callback () {
1238
1239
- if(isset($_POST['post_id'])) {
1240
$post_id = $_POST['post_id'];
1241
}
1242
@@ -1248,12 +1283,13 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1248
1249
global $wpdb;
1250
1251
- $stats = $wpdb->get_results ("SELECT ROUND( vote, 0 ) as vote, COUNT( vote ) AS n_of_votes
1252
FROM ". YASR_LOG_TABLE . "
1253
- WHERE post_id=$post_id
1254
GROUP BY vote
1255
ORDER BY vote DESC
1256
",
1257
ARRAY_A);
1258
1259
$total_votes=0; //Avoid undefined variable if stats exists. Necessary is $stats not exists
@@ -1315,7 +1351,7 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1315
$i=5;
1316
1317
foreach ($stats as $logged_votes) {
1318
-
1319
if ($i != 0) {
1320
1321
echo "<div class=\"yasr-progress-bar-row-container\">
@@ -1331,7 +1367,7 @@ add_action( 'wp_ajax_yasr_change_log_page', 'yasr_change_log_page_callback' );
1331
$i--;
1332
1333
}
1334
-
1335
} //End foreach
1336
1337
?>
30
31
function yasr_insert_overall_rating_callback() {
32
33
+ if (isset($_POST['rating']) && ($_POST['post_id']) && $_POST['post_id'] != '') {
34
global $current_user;
35
get_currentuserinfo();
36
$rating = $_POST['rating'];
180
add_action( 'wp_ajax_yasr_send_id_nameset', 'yasr_output_multiple_set_callback' );
181
182
function yasr_output_multiple_set_callback() {
183
+ if(isset($_POST['set_id']) && isset($_POST['post_id']) && $_POST['post_id'] != '' && $_POST['set_id'] != '' ) {
184
$set_type = $_POST['set_id'];
185
$post_id = $_POST['post_id'];
186
}
208
209
<table class=\"yasr_table_multi_set_admin\">";
210
//Get Set fields name
211
+ $set_name=$wpdb->get_results($wpdb->prepare("SELECT field_name AS name, field_id AS id
212
FROM " . YASR_MULTI_SET_FIELDS_TABLE . "
213
+ WHERE parent_set_id=%d
214
+ ORDER BY field_id ASC",
215
+ $set_type));
216
217
foreach ($set_name as $name) {
218
323
$id_field = $_POST['id_field'];
324
$set_type = $_POST['set_type'];
325
$nonce = $_POST['nonce'];
326
+
327
+ if ($post_id == '' || $set_type == '' || $id_field == '') {
328
+ exit();
329
+ }
330
+
331
}
332
else {
333
exit();
344
global $wpdb;
345
346
//Check if vote already exist
347
+ $vote_already_exist=$wpdb->get_results($wpdb->prepare("SELECT id FROM " . YASR_MULTI_SET_VALUES_TABLE . "
348
+ WHERE post_id = %d
349
+ AND set_type = %d
350
+ AND field_id = %d
351
+ ",
352
+ $post_id, $set_type, $id_field));
353
354
//If vote already exist, overwrite it
355
if ($vote_already_exist) {
403
}
404
405
} //End else
406
+
407
die();
408
+
409
} //End callback function
410
411
581
function yasr_import_step1_callback () {
582
583
//Since version 0.05 for pro and 0.6.5 for lite
584
+ $gdsr_logs_imported = get_option('yasr-gdstar-logs-imported');
585
586
+ if (!$gdsr_logs_imported) {
587
588
//Import logs from GD star
589
$logs = yasr_import_gdstar_logs();
602
603
//Insert GD star review in yasr votes table
604
$check_query_success = yasr_insert_gdstar_data($reviews);
605
+
606
?>
607
608
<div class="yasr-result-step-1">
891
add_action( 'wp_ajax_nopriv_yasr_send_visitor_rating', 'yasr_insert_visitor_votes_callback' );
892
893
function yasr_insert_visitor_votes_callback () {
894
+ if(isset($_POST['rating']) && isset($_POST['post_id']) && isset($_POST['size']) && isset($_POST['nonce_visitor'])) {
895
$rating = $_POST['rating'];
896
$post_id = $_POST['post_id'];
897
$size = $_POST['size'];
898
$nonce_visitor = $_POST['nonce_visitor'];
899
+
900
+ if($post_id == '') {
901
+
902
+ exit();
903
+
904
+ }
905
+
906
}
907
+
908
else {
909
exit();
910
}
943
944
global $wpdb;
945
946
+ $row_exists = $wpdb->get_results($wpdb->prepare("SELECT number_of_votes, sum_votes FROM " . YASR_VOTES_TABLE . "
947
+ WHERE post_id=%d",
948
+ $post_id));
949
950
//If post already has vote, find where it is and sum it
951
if ($row_exists) {
1036
add_action( 'wp_ajax_nopriv_yasr_update_visitor_rating', 'yasr_update_visitor_rating_callback' );
1037
1038
function yasr_update_visitor_rating_callback () {
1039
+ if(isset($_POST['rating']) && isset($_POST['post_id']) && isset($_POST['size']) && isset($_POST['nonce_visitor']) ) {
1040
$new_rating = $_POST['rating'];
1041
$post_id = $_POST['post_id'];
1042
$size = $_POST['size'];
1043
$nonce_visitor = $_POST['nonce_visitor'];
1044
+
1045
+ if($post_id == '') {
1046
+
1047
+ exit();
1048
+
1049
+ }
1050
+
1051
}
1052
+
1053
else {
1054
exit();
1055
}
1086
1087
global $wpdb;
1088
1089
+ $all_post_votes = $wpdb->get_results($wpdb->prepare("SELECT sum_votes, number_of_votes FROM " . YASR_VOTES_TABLE . " WHERE post_id=%d", $post_id));
1090
1091
global $current_user;
1092
get_currentuserinfo();
1093
1094
+ $previous_vote = $wpdb->get_results($wpdb->prepare("SELECT vote FROM " . YASR_LOG_TABLE . " WHERE user_id=%d AND post_id=%d", $current_user->ID, $post_id));
1095
1096
1097
foreach ($all_post_votes as $votes) {
1124
array (
1125
'post_id' => $post_id
1126
),
1127
+ array( '%s' ),
1128
array( '%d' )
1129
);
1130
1139
array (
1140
'post_id' => $post_id,
1141
'user_id' => $current_user->ID
1142
+ ),
1143
+ array( '%s' ),
1144
+ array( '%d', '%d' )
1145
);
1146
1147
1169
$rating = $_POST['rating'];
1170
$post_id = $_POST['post_id'];
1171
$size = $_POST['size'];
1172
+
1173
+ if($post_id == '') {
1174
+
1175
+ exit();
1176
+
1177
+ }
1178
+
1179
}
1180
else {
1181
exit();
1271
1272
function yasr_stats_visitors_votes_callback () {
1273
1274
+ if(isset($_POST['post_id']) && $_POST['post_id'] != '' ) {
1275
$post_id = $_POST['post_id'];
1276
}
1277
1283
1284
global $wpdb;
1285
1286
+ $stats = $wpdb->get_results( $wpdb->prepare ("SELECT ROUND( vote, 0 ) as vote, COUNT( vote ) AS n_of_votes
1287
FROM ". YASR_LOG_TABLE . "
1288
+ WHERE post_id=%d
1289
GROUP BY vote
1290
ORDER BY vote DESC
1291
",
1292
+ $post_id ),
1293
ARRAY_A);
1294
1295
$total_votes=0; //Avoid undefined variable if stats exists. Necessary is $stats not exists
1351
$i=5;
1352
1353
foreach ($stats as $logged_votes) {
1354
+
1355
if ($i != 0) {
1356
1357
echo "<div class=\"yasr-progress-bar-row-container\">
1367
$i--;
1368
1369
}
1370
+
1371
} //End foreach
1372
1373
?>
lib/yasr-db-functions.php CHANGED
@@ -138,7 +138,13 @@ function yasr_get_overall_rating($post_id_referenced=FALSE) {
138
139
}
140
141
- $result=$wpdb->get_results("SELECT overall_rating FROM " . YASR_VOTES_TABLE . " WHERE post_id=$post_id");
142
143
if ($result) {
144
foreach ($result as $rating) {
@@ -163,7 +169,7 @@ function yasr_get_snippet_type() {
163
164
else {
165
166
- $result=$wpdb->get_results("SELECT review_type FROM " . YASR_VOTES_TABLE . " WHERE post_id=$post_id");
167
168
if($result) {
169
foreach ($result as $snippet) {
@@ -226,7 +232,13 @@ function yasr_get_visitor_votes ($post_id_referenced=FALSE) {
226
227
}
228
229
- $result = $wpdb->get_results("SELECT number_of_votes, sum_votes FROM " . YASR_VOTES_TABLE . " WHERE post_id=$post_id");
230
231
return $result;
232
}
@@ -445,7 +457,13 @@ function yasr_check_if_user_already_voted() {
445
446
$post_id = get_the_ID();
447
448
- $result = $wpdb->get_results("SELECT vote FROM " . YASR_LOG_TABLE . " WHERE post_id=$post_id AND user_id=$user_id ORDER BY id DESC LIMIT 1 ");
449
450
if ($result) {
451
138
139
}
140
141
+ if ($post_id == '') {
142
+
143
+ exit();
144
+
145
+ }
146
+
147
+ $result=$wpdb->get_results($wpdb->prepare("SELECT overall_rating FROM " . YASR_VOTES_TABLE . " WHERE post_id=%d", $post_id));
148
149
if ($result) {
150
foreach ($result as $rating) {
169
170
else {
171
172
+ $result=$wpdb->get_results($wpdb->prepare("SELECT review_type FROM " . YASR_VOTES_TABLE . " WHERE post_id=%d", $post_id));
173
174
if($result) {
175
foreach ($result as $snippet) {
232
233
}
234
235
+ if ($post_id == '' ) {
236
+
237
+ exit();
238
+
239
+ }
240
+
241
+ $result = $wpdb->get_results($wpdb->prepare("SELECT number_of_votes, sum_votes FROM " . YASR_VOTES_TABLE . " WHERE post_id=%d", $post_id));
242
243
return $result;
244
}
457
458
$post_id = get_the_ID();
459
460
+ if (!$post_id || !$user_id) {
461
+
462
+ exit();
463
+
464
+ }
465
+
466
+ $result = $wpdb->get_results($wpdb->prepare("SELECT vote FROM " . YASR_LOG_TABLE . " WHERE post_id=%d AND user_id=%d ORDER BY id DESC LIMIT 1 ", $post_id, $user_id));
467
468
if ($result) {
469
lib/yasr-settings-functions.php CHANGED
@@ -626,7 +626,7 @@ function yasr_edit_multi_form() {
626
add_action( 'wp_ajax_yasr_get_multi_set', 'yasr_get_multi_set_callback' );
627
628
function yasr_get_multi_set_callback() {
629
- if (isset($_POST['set_id'])) {
630
$set_type = $_POST['set_id'];
631
}
632
else {
@@ -635,10 +635,10 @@ function yasr_edit_multi_form() {
635
636
global $wpdb;
637
638
- $set_name=$wpdb->get_results("SELECT field_name AS name, field_id AS id
639
FROM " . YASR_MULTI_SET_FIELDS_TABLE . "
640
- WHERE parent_set_id=$set_type
641
- ORDER BY field_id ASC");
642
643
644
@@ -739,7 +739,7 @@ function yasr_edit_multi_form() {
739
function yasr_process_new_multi_set_form()
740
{
741
742
- if ( isset( $_POST['multi-set-name']) ) {
743
744
global $wpdb;
745
@@ -1473,7 +1473,10 @@ function yasr_insert_gdstar_data($votes){
1473
array( '%d', '%d', '%s', '%d', '%d')
1474
);
1475
}
1476
- return $result;
1477
}
1478
1479
/****** Insert logs ******/
@@ -1498,8 +1501,8 @@ function yasr_insert_gdstar_logs($logs) {
1498
if ($result) {
1499
return TRUE;
1500
}
1501
- }
1502
1503
1504
/****** Insert gd star rating multi set name
1505
626
add_action( 'wp_ajax_yasr_get_multi_set', 'yasr_get_multi_set_callback' );
627
628
function yasr_get_multi_set_callback() {
629
+ if (isset($_POST['set_id']) && $_POST['set_id'] != '' ) {
630
$set_type = $_POST['set_id'];
631
}
632
else {
635
636
global $wpdb;
637
638
+ $set_name=$wpdb->get_results($wpdb->prepare("SELECT field_name AS name, field_id AS id
639
FROM " . YASR_MULTI_SET_FIELDS_TABLE . "
640
+ WHERE parent_set_id=%d
641
+ ORDER BY field_id ASC", $set_type));
642
643
644
739
function yasr_process_new_multi_set_form()
740
{
741
742
+ if ( isset( $_POST['multi-set-name'])) {
743
744
global $wpdb;
745
1473
array( '%d', '%d', '%s', '%d', '%d')
1474
);
1475
}
1476
+
1477
+ if ($result) {
1478
+ return TRUE;
1479
+ };
1480
}
1481
1482
/****** Insert logs ******/
1501
if ($result) {
1502
return TRUE;
1503
}
1504
1505
+ }
1506
1507
/****** Insert gd star rating multi set name
1508
lib/yasr-shortcode-functions.php CHANGED
@@ -291,6 +291,9 @@ function shortcode_visitor_votes_callback ($atts) {
291
292
}
293
294
$var_post_id = (json_encode($post_id));
295
$var_ajax_url = (json_encode(admin_url('admin-ajax.php')));
296
$var_size = (json_encode($size));
@@ -380,6 +383,8 @@ function shortcode_visitor_votes_callback ($atts) {
380
381
}
382
383
} //End function shortcode_visitor_votes_callback
384
385
291
292
}
293
294
+ //if (!is_feed()) {
295
+
296
+ //$var_tooltip_values = json_encode ("bad, poor, ok, good, super");
297
$var_post_id = (json_encode($post_id));
298
$var_ajax_url = (json_encode(admin_url('admin-ajax.php')));
299
$var_size = (json_encode($size));
383
384
}
385
386
+ // } //End (!is_feed)
387
+
388
} //End function shortcode_visitor_votes_callback
389
390
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: 5 star, admin, administrator, AJAX, five-star, javascript, jquery, post r
4
Requires at least: 3.5
5
Contributors: Dudo
6
Tested up to: 4.1
7
- Stable tag: 0.7.3
8
License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
10
Yet Another Stars Rating is a simple plugin which allows you and / or your visitor to rate a post or element. Ideal for review's website
@@ -97,6 +97,9 @@ Of course not: you can easily add it on the visual editor just by clicking on th
97
98
== Changelog ==
99
100
= 0.7.3 =
101
* Added support for plugins that adds class or attribute on images
102
* Code cleanup
4
Requires at least: 3.5
5
Contributors: Dudo
6
Tested up to: 4.1
7
+ Stable tag: 0.7.4
8
License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
10
Yet Another Stars Rating is a simple plugin which allows you and / or your visitor to rate a post or element. Ideal for review's website
97
98
== Changelog ==
99
100
+ = 0.7.4 =
101
+ * Security fix. Please update!
102
+
103
= 0.7.3 =
104
* Added support for plugins that adds class or attribute on images
105
* Code cleanup
yet-another-stars-rating.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: Yet Another Stars Rating
4
* Plugin URI: http://wordpress.org/plugins/yet-another-stars-rating/
5
* Description: Rating system with rich snippets
6
- * Version: 0.7.3
7
* Author: Dario Curvino
8
* Author URI: http://yetanotherstarsrating.com/
9
* License: GPL2
@@ -28,7 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>
28
*/
29
30
31
- define('YASR_VERSION_NUM', '0.7.3');
32
33
//Plugin relative path
34
define( "YASR_RELATIVE_PATH", dirname(__FILE__) );
3
* Plugin Name: Yet Another Stars Rating
4
* Plugin URI: http://wordpress.org/plugins/yet-another-stars-rating/
5
* Description: Rating system with rich snippets
6
+ * Version: 0.7.4
7
* Author: Dario Curvino
8
* Author URI: http://yetanotherstarsrating.com/
9
* License: GPL2
28
*/
29
30
31
+ define('YASR_VERSION_NUM', '0.7.4');
32
33
//Plugin relative path
34
define( "YASR_RELATIVE_PATH", dirname(__FILE__) );