Changeset 2832242 for wp-slimstat

Timestamp:

12/12/2022 09:58:00 AM (3 years ago)

Author:

mostafa.s1990

Message:

Update to version 4.9.3 from GitHub

Location:

wp-slimstat

Files:

• assets/banner-1544x500.jpg (added)
• assets/banner-772x250-1.jpg (deleted)
• assets/banner-772x250-10.png (deleted)
• assets/banner-772x250-11.png (deleted)
• assets/banner-772x250-12.jpg (deleted)
• assets/banner-772x250-14.jpg (deleted)
• assets/banner-772x250-15.jpg (deleted)
• assets/banner-772x250-16.jpg (deleted)
• assets/banner-772x250-2.png (deleted)
• assets/banner-772x250-3.png (deleted)
• assets/banner-772x250-5.jpg (deleted)
• assets/banner-772x250-6.png (deleted)
• assets/banner-772x250-7.png (deleted)
• assets/banner-772x250-8.png (deleted)
• assets/banner-772x250-9.jpg (deleted)
• assets/banner-772x250-9.png (deleted)
• assets/banner-772x250.jpg (added)
• assets/banner-772x250.png (deleted)
• assets/icon-128x128.png (modified) (previous)
• assets/icon-256x256.png (added)
• assets/icon.svg (added)
• tags/4.9.3 (copied) (copied from wp-slimstat/trunk)
• tags/4.9.3/admin/view/addons.php (modified) (1 diff)
• tags/4.9.3/admin/view/right-now.php (modified) (1 diff)
• tags/4.9.3/admin/view/wp-slimstat-reports.php (modified) (1 diff)
• tags/4.9.3/readme.txt (modified) (3 diffs)
• tags/4.9.3/wp-slimstat.php (modified) (12 diffs)
• trunk/admin/view/addons.php (modified) (1 diff)
• trunk/admin/view/right-now.php (modified) (1 diff)
• trunk/admin/view/wp-slimstat-reports.php (modified) (1 diff)
• trunk/readme.txt (modified) (3 diffs)
• trunk/wp-slimstat.php (modified) (12 diffs)

wp-slimstat/tags/4.9.3/admin/view/addons.php

@@ -42 +42 @@
     if ( empty( $_GET[ 'force_refresh' ] ) ) {
         echo ' ';
-        printf( __( 'This list is refreshed once daily: <a href="%s&amp;force_refresh=true" class="noslimstat">click here</a> to clear the cache.', 'wp-slimstat' ), $_SERVER[ 'REQUEST_URI' ] );
+        printf( __( 'This list is refreshed once daily: <a href="%s&amp;force_refresh=true" class="noslimstat">click here</a> to clear the cache.', 'wp-slimstat' ), esc_url($_SERVER[ 'REQUEST_URI' ]) );
     }
 

wp-slimstat/tags/4.9.3/admin/view/right-now.php

@@ -191 +191 @@
         }
 
-        $results[ $i ][ 'resource' ] = "<a class='slimstat-font-logout slimstat-tooltip-trigger' target='_blank' title='" . htmlentities( __( 'Open this URL in a new window', 'wp-slimstat' ), ENT_QUOTES, 'UTF-8' ) . "' href='" . htmlentities( $results[$i][ 'resource' ], ENT_QUOTES, 'UTF-8' ) . "'></a> <a class='slimstat-filter-link' href='" . wp_slimstat_reports::fs_url( 'resource equals ' . $results[ $i ][ 'resource' ] ) . "'>" . $resource_title . '</a>';
+        $results[ $i ][ 'resource' ] = "<a class='slimstat-font-logout slimstat-tooltip-trigger' target='_blank' title='" . htmlentities( __( 'Open this URL in a new window', 'wp-slimstat' ), ENT_QUOTES, 'UTF-8' ) . "' href='" . htmlentities( $results[$i][ 'resource' ], ENT_QUOTES, 'UTF-8' ) . "'></a> <a class='slimstat-filter-link' href='" . wp_slimstat_reports::fs_url( 'resource equals ' . esc_url($results[ $i ][ 'resource' ]) ) . "'>" . esc_html($resource_title) . '</a>';
     }
     else {

wp-slimstat/tags/4.9.3/admin/view/wp-slimstat-reports.php

@@ -1738 +1738 @@
         }
 
-        return $request_uri;
+        return esc_url($request_uri);
     }
 

wp-slimstat/tags/4.9.3/readme.txt

@@ -6 +6 @@
 Requires PHP: 7.4+
 Tested up to: 6.1
-Stable tag: 4.9.2
+Stable tag: 4.9.3
 
 == Description ==
@@ -32 +32 @@
 == Installation ==
 1. In your WordPress admin, go to Plugins > Add New
-2. Search for limstat Analytics
+2. Search for Slimstat Analytics
 3. Click on **Install Now** next to Slimstat Analytics and then activate the plugin
 4. Make sure your template calls `wp_footer()` or the equivalent hook somewhere (possibly just before the `</body>` tag)
@@ -50 +50 @@
 
 == Changelog ==
+= 4.9.3 =
+* [Update] New logo and icon for the plugin!
+* [Fix] Hardened plugin security and sanitization of user input and escaped output
+
 = 4.9.2 =
 * [Fix] Fixed tweak notice errors while activating the plugin in fresh installation

wp-slimstat/tags/4.9.3/wp-slimstat.php

@@ -4 +4 @@
 Plugin URI: https://wp-slimstat.com/
 Description: The leading web analytics plugin for WordPress
-Version: 4.9.2
+Version: 4.9.3
 Author: Jason Crouse, VeronaLabs
 Text Domain: wp-slimstat
 Domain Path: /languages
+Author URI: https://wp-slimstat.com/
 Requires PHP: 7.4
 */
@@ -361 +362 @@
                 }
             }
-        
+
             $cookie_found = false;
             foreach ( $cookie_names as $a_name => $a_value ) {
@@ -570 +571 @@
         }
 
-        // Geolocation 
+        // Geolocation
         include_once( plugin_dir_path( __FILE__ ) . 'vendor/maxmind.php' );
         try {
@@ -705 +706 @@
 
         if ( isset( $_SERVER[ 'REQUEST_URI' ] ) ) {
-            return urldecode( $_SERVER[ 'REQUEST_URI' ] );
+            return urldecode( sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])) );
         }
         else if ( isset( $_SERVER[ 'SCRIPT_NAME' ] ) ) {
@@ -854 +855 @@
                                     $output[ $result_idx ][ $a_column ] .=  $a_result[ 'username' ];
                                 }
-                                
+
                                 break;
 
@@ -1353 +1354 @@
 
         $update_checker_objects = array();
-        
+
         // This is only included if add-ons are installed
         include_once( plugin_dir_path( __FILE__ ) . 'vendor/update-checker/plugin-update-checker.php' );
@@ -1359 +1360 @@
         foreach ( self::$update_checker as $a_slug ) {
             $a_clean_slug = str_replace( array( 'wp_slimstat_', '_' ), array( '', '-' ), $a_slug );
-            
+
             if ( !empty( self::$settings[ 'addon_licenses' ][ 'wp-slimstat-' . $a_clean_slug ] ) ) {
                 $update_checker_objects[ $a_clean_slug ] = Puc_v4_Factory::buildUpdateChecker( 'https://www.wp-slimstat.com/update-checker/?slug=' . $a_clean_slug . '&key=' . urlencode( self::$settings[ 'addon_licenses' ][ 'wp-slimstat-' . $a_clean_slug ] ), dirname( dirname( __FILE__ ) ) . '/wp-slimstat-' . $a_clean_slug . '/index.php', 'wp-slimstat-' . $a_clean_slug );
@@ -1458 +1459 @@
         }
 
-        // Remove unwanted characters (SQL injections, anyone?)
+        // Remove unwanted characters from keys (SQL injections, anyone?)
         $data_keys = array();
         foreach ( array_keys( $_data ) as $a_key ) {
             $data_keys[] = sanitize_key( $a_key );
         }
+
+        // Remove unwanted characters from data (SQL injections, anyone?)
+        foreach ($_data as $key => $value) {
+            $_data[$key] = sanitize_text_field($value);
+        }
 
         self::$wpdb->query( self::$wpdb->prepare( "
@@ -1951 +1957 @@
      */
     protected static function _base64_url_encode( $_input = '' ) {
-        return strtr( base64_encode( $_input ), '+/=', '._-' ); 
-    } 
+        return strtr( base64_encode( $_input ), '+/=', '._-' );
+    }
     protected static function _base64_url_decode( $_input = '' ) {
         return strip_tags( trim( base64_decode( strtr( $_input, '._-', '+/=' ) ) ) );
@@ -1965 +1971 @@
      */
     public function __construct() {
-        parent::__construct( 'slimstat_widget', 'Slimstat', array( 
+        parent::__construct( 'slimstat_widget', 'Slimstat', array(
             'classname' => 'slimstat_widget',
             'description' => 'Add a Slimstat report to your sidebar',
@@ -2018 +2024 @@
 
         <p>
-        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_id' ) ); ?>"><?php _e( 'Report', 'wp-slimstat' ) ?></label> 
+        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_id' ) ); ?>"><?php _e( 'Report', 'wp-slimstat' ) ?></label>
         <select class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_id' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'slimstat_widget_id' ) ); ?>">
             <option value="">Select a widget</option>
@@ -2026 +2032 @@
 
         <p>
-        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_title' ) ); ?>"><?php _e( 'Title', 'wp-slimstat' ) ?></label> 
+        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_title' ) ); ?>"><?php _e( 'Title', 'wp-slimstat' ) ?></label>
         <input type="text" class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'slimstat_widget_title' ) ); ?>" value="<?php echo trim( strip_tags( $slimstat_widget_title ) ) ?>">
         </p>
 
         <p>
-        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_filters' ) ); ?>"><?php _e( 'Optional filters', 'wp-slimstat' ); ?></label> 
+        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_filters' ) ); ?>"><?php _e( 'Optional filters', 'wp-slimstat' ); ?></label>
         <a href="https://slimstat.freshdesk.com/solution/articles/5000631833-what-is-the-syntax-of-a-slimstat-shortcode-#slimstat-operators" target="_blank">[?]</a>
         <textarea class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_filters' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'slimstat_widget_filters' ) ); ?>"><?php echo trim( strip_tags( $slimstat_widget_filters ) ) ?></textarea>

wp-slimstat/trunk/admin/view/addons.php

@@ -42 +42 @@
     if ( empty( $_GET[ 'force_refresh' ] ) ) {
         echo ' ';
-        printf( __( 'This list is refreshed once daily: <a href="%s&amp;force_refresh=true" class="noslimstat">click here</a> to clear the cache.', 'wp-slimstat' ), $_SERVER[ 'REQUEST_URI' ] );
+        printf( __( 'This list is refreshed once daily: <a href="%s&amp;force_refresh=true" class="noslimstat">click here</a> to clear the cache.', 'wp-slimstat' ), esc_url($_SERVER[ 'REQUEST_URI' ]) );
     }
 

wp-slimstat/trunk/admin/view/right-now.php

@@ -191 +191 @@
         }
 
-        $results[ $i ][ 'resource' ] = "<a class='slimstat-font-logout slimstat-tooltip-trigger' target='_blank' title='" . htmlentities( __( 'Open this URL in a new window', 'wp-slimstat' ), ENT_QUOTES, 'UTF-8' ) . "' href='" . htmlentities( $results[$i][ 'resource' ], ENT_QUOTES, 'UTF-8' ) . "'></a> <a class='slimstat-filter-link' href='" . wp_slimstat_reports::fs_url( 'resource equals ' . $results[ $i ][ 'resource' ] ) . "'>" . $resource_title . '</a>';
+        $results[ $i ][ 'resource' ] = "<a class='slimstat-font-logout slimstat-tooltip-trigger' target='_blank' title='" . htmlentities( __( 'Open this URL in a new window', 'wp-slimstat' ), ENT_QUOTES, 'UTF-8' ) . "' href='" . htmlentities( $results[$i][ 'resource' ], ENT_QUOTES, 'UTF-8' ) . "'></a> <a class='slimstat-filter-link' href='" . wp_slimstat_reports::fs_url( 'resource equals ' . esc_url($results[ $i ][ 'resource' ]) ) . "'>" . esc_html($resource_title) . '</a>';
     }
     else {

wp-slimstat/trunk/admin/view/wp-slimstat-reports.php

@@ -1738 +1738 @@
         }
 
-        return $request_uri;
+        return esc_url($request_uri);
     }
 

wp-slimstat/trunk/readme.txt

@@ -6 +6 @@
 Requires PHP: 7.4+
 Tested up to: 6.1
-Stable tag: 4.9.2
+Stable tag: 4.9.3
 
 == Description ==
@@ -32 +32 @@
 == Installation ==
 1. In your WordPress admin, go to Plugins > Add New
-2. Search for limstat Analytics
+2. Search for Slimstat Analytics
 3. Click on **Install Now** next to Slimstat Analytics and then activate the plugin
 4. Make sure your template calls `wp_footer()` or the equivalent hook somewhere (possibly just before the `</body>` tag)
@@ -50 +50 @@
 
 == Changelog ==
+= 4.9.3 =
+* [Update] New logo and icon for the plugin!
+* [Fix] Hardened plugin security and sanitization of user input and escaped output
+
 = 4.9.2 =
 * [Fix] Fixed tweak notice errors while activating the plugin in fresh installation

wp-slimstat/trunk/wp-slimstat.php

@@ -4 +4 @@
 Plugin URI: https://wp-slimstat.com/
 Description: The leading web analytics plugin for WordPress
-Version: 4.9.2
+Version: 4.9.3
 Author: Jason Crouse, VeronaLabs
 Text Domain: wp-slimstat
 Domain Path: /languages
+Author URI: https://wp-slimstat.com/
 Requires PHP: 7.4
 */
@@ -361 +362 @@
                 }
             }
-        
+
             $cookie_found = false;
             foreach ( $cookie_names as $a_name => $a_value ) {
@@ -570 +571 @@
         }
 
-        // Geolocation 
+        // Geolocation
         include_once( plugin_dir_path( __FILE__ ) . 'vendor/maxmind.php' );
         try {
@@ -705 +706 @@
 
         if ( isset( $_SERVER[ 'REQUEST_URI' ] ) ) {
-            return urldecode( $_SERVER[ 'REQUEST_URI' ] );
+            return urldecode( sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])) );
         }
         else if ( isset( $_SERVER[ 'SCRIPT_NAME' ] ) ) {
@@ -854 +855 @@
                                     $output[ $result_idx ][ $a_column ] .=  $a_result[ 'username' ];
                                 }
-                                
+
                                 break;
 
@@ -1353 +1354 @@
 
         $update_checker_objects = array();
-        
+
         // This is only included if add-ons are installed
         include_once( plugin_dir_path( __FILE__ ) . 'vendor/update-checker/plugin-update-checker.php' );
@@ -1359 +1360 @@
         foreach ( self::$update_checker as $a_slug ) {
             $a_clean_slug = str_replace( array( 'wp_slimstat_', '_' ), array( '', '-' ), $a_slug );
-            
+
             if ( !empty( self::$settings[ 'addon_licenses' ][ 'wp-slimstat-' . $a_clean_slug ] ) ) {
                 $update_checker_objects[ $a_clean_slug ] = Puc_v4_Factory::buildUpdateChecker( 'https://www.wp-slimstat.com/update-checker/?slug=' . $a_clean_slug . '&key=' . urlencode( self::$settings[ 'addon_licenses' ][ 'wp-slimstat-' . $a_clean_slug ] ), dirname( dirname( __FILE__ ) ) . '/wp-slimstat-' . $a_clean_slug . '/index.php', 'wp-slimstat-' . $a_clean_slug );
@@ -1458 +1459 @@
         }
 
-        // Remove unwanted characters (SQL injections, anyone?)
+        // Remove unwanted characters from keys (SQL injections, anyone?)
         $data_keys = array();
         foreach ( array_keys( $_data ) as $a_key ) {
             $data_keys[] = sanitize_key( $a_key );
         }
+
+        // Remove unwanted characters from data (SQL injections, anyone?)
+        foreach ($_data as $key => $value) {
+            $_data[$key] = sanitize_text_field($value);
+        }
 
         self::$wpdb->query( self::$wpdb->prepare( "
@@ -1951 +1957 @@
      */
     protected static function _base64_url_encode( $_input = '' ) {
-        return strtr( base64_encode( $_input ), '+/=', '._-' ); 
-    } 
+        return strtr( base64_encode( $_input ), '+/=', '._-' );
+    }
     protected static function _base64_url_decode( $_input = '' ) {
         return strip_tags( trim( base64_decode( strtr( $_input, '._-', '+/=' ) ) ) );
@@ -1965 +1971 @@
      */
     public function __construct() {
-        parent::__construct( 'slimstat_widget', 'Slimstat', array( 
+        parent::__construct( 'slimstat_widget', 'Slimstat', array(
             'classname' => 'slimstat_widget',
             'description' => 'Add a Slimstat report to your sidebar',
@@ -2018 +2024 @@
 
         <p>
-        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_id' ) ); ?>"><?php _e( 'Report', 'wp-slimstat' ) ?></label> 
+        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_id' ) ); ?>"><?php _e( 'Report', 'wp-slimstat' ) ?></label>
         <select class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_id' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'slimstat_widget_id' ) ); ?>">
             <option value="">Select a widget</option>
@@ -2026 +2032 @@
 
         <p>
-        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_title' ) ); ?>"><?php _e( 'Title', 'wp-slimstat' ) ?></label> 
+        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_title' ) ); ?>"><?php _e( 'Title', 'wp-slimstat' ) ?></label>
         <input type="text" class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'slimstat_widget_title' ) ); ?>" value="<?php echo trim( strip_tags( $slimstat_widget_title ) ) ?>">
         </p>
 
         <p>
-        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_filters' ) ); ?>"><?php _e( 'Optional filters', 'wp-slimstat' ); ?></label> 
+        <label for="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_filters' ) ); ?>"><?php _e( 'Optional filters', 'wp-slimstat' ); ?></label>
         <a href="https://slimstat.freshdesk.com/solution/articles/5000631833-what-is-the-syntax-of-a-slimstat-shortcode-#slimstat-operators" target="_blank">[?]</a>
         <textarea class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'slimstat_widget_filters' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'slimstat_widget_filters' ) ); ?>"><?php echo trim( strip_tags( $slimstat_widget_filters ) ) ?></textarea>