Changeset 2889302 for wp-slimstat

Timestamp:

03/29/2023 02:52:17 PM (3 years ago)

Author:

mostafa.s1990

Message:

Update to version 4.9.4 from GitHub

Location:

wp-slimstat

Files:

• tags/4.9.4 (copied) (copied from wp-slimstat/trunk)
• tags/4.9.4/admin/view/wp-slimstat-db.php (modified) (1 diff)
• tags/4.9.4/readme.txt (modified) (2 diffs)
• tags/4.9.4/wp-slimstat.php (modified) (2 diffs)
• trunk/admin/view/wp-slimstat-db.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/wp-slimstat.php (modified) (2 diffs)

wp-slimstat/tags/4.9.4/admin/view/wp-slimstat-db.php

@@ -649 +649 @@
 
     public static function count_records( $_column = 'id', $_where = '', $_use_date_filters = true ) {
+        // Validating the column
+        if (in_array($_column, ['id', 'ip', 'other_ip', 'username', 'email', 'country', 'location', 'city', 'referer', 'resource', 'searchterms', 'notes', 'visit_id', 'server_latency', 'page_performance', 'browser', 'browser_version', 'browser_type', 'platform', 'language', 'fingerprint', 'user_agent', 'resolution', 'screen_width', 'screen_height', 'content_type', 'category', 'author', 'content_id', 'outbound_resource', 'tz_offset', 'dt_out', 'dt']) === false) {
+            return;
+        }
+
         $distinct_column = ( $_column != 'id' ) ? "DISTINCT $_column" : $_column;
         $_where = self::get_combined_where( $_where, $_column, $_use_date_filters );

wp-slimstat/tags/4.9.4/readme.txt

@@ -5 +5 @@
 Requires at least: 5.6
 Requires PHP: 7.4+
-Tested up to: 6.1
-Stable tag: 4.9.3.3
+Tested up to: 6.2
+Stable tag: 4.9.4
 
 == Description ==
@@ -50 +50 @@
 
 == Changelog ==
+= 4.9.4 =
+* [Fix] Hardened plugin security and sanitization of arguments
+
 = 4.9.3.3 =
 * [Fix] Disabled shortcode's filtering WHERE statement and make security harder.

wp-slimstat/tags/4.9.4/wp-slimstat.php

@@ -4 +4 @@
 Plugin URI: https://wp-slimstat.com/
 Description: The leading web analytics plugin for WordPress
-Version: 4.9.3.3
+Version: 4.9.4
 Author: Jason Crouse, VeronaLabs
 Text Domain: wp-slimstat
@@ -735 +735 @@
      */
     public static function slimstat_shortcode( $_attributes = '', $_content = '' ) {
-        extract( shortcode_atts( array(
+        shortcode_atts( array(
             'f' => '',  // recent, popular, count, widget
             'w' => '',  // column to use (for recent, popular and count) or widget to use
             's' => ' ', // separator
             'o' => 0    // offset for counters
-        ), $_attributes ) );
+        ), $_attributes );
+
+        $f = isset($_attributes['f']) ? $_attributes['f'] : '';
+        $w = isset($_attributes['w']) ? $_attributes['w'] : '';
+        $s = isset($_attributes['s']) ? $_attributes['s'] : '';
+        $o = isset($_attributes['o']) ? $_attributes['o'] : 0;
 
         $output = $where = $as_column = '';

wp-slimstat/trunk/admin/view/wp-slimstat-db.php

@@ -649 +649 @@
 
     public static function count_records( $_column = 'id', $_where = '', $_use_date_filters = true ) {
+        // Validating the column
+        if (in_array($_column, ['id', 'ip', 'other_ip', 'username', 'email', 'country', 'location', 'city', 'referer', 'resource', 'searchterms', 'notes', 'visit_id', 'server_latency', 'page_performance', 'browser', 'browser_version', 'browser_type', 'platform', 'language', 'fingerprint', 'user_agent', 'resolution', 'screen_width', 'screen_height', 'content_type', 'category', 'author', 'content_id', 'outbound_resource', 'tz_offset', 'dt_out', 'dt']) === false) {
+            return;
+        }
+
         $distinct_column = ( $_column != 'id' ) ? "DISTINCT $_column" : $_column;
         $_where = self::get_combined_where( $_where, $_column, $_use_date_filters );

wp-slimstat/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 5.6
 Requires PHP: 7.4+
-Tested up to: 6.1
-Stable tag: 4.9.3.3
+Tested up to: 6.2
+Stable tag: 4.9.4
 
 == Description ==
@@ -50 +50 @@
 
 == Changelog ==
+= 4.9.4 =
+* [Fix] Hardened plugin security and sanitization of arguments
+
 = 4.9.3.3 =
 * [Fix] Disabled shortcode's filtering WHERE statement and make security harder.

wp-slimstat/trunk/wp-slimstat.php

@@ -4 +4 @@
 Plugin URI: https://wp-slimstat.com/
 Description: The leading web analytics plugin for WordPress
-Version: 4.9.3.3
+Version: 4.9.4
 Author: Jason Crouse, VeronaLabs
 Text Domain: wp-slimstat
@@ -735 +735 @@
      */
     public static function slimstat_shortcode( $_attributes = '', $_content = '' ) {
-        extract( shortcode_atts( array(
+        shortcode_atts( array(
             'f' => '',  // recent, popular, count, widget
             'w' => '',  // column to use (for recent, popular and count) or widget to use
             's' => ' ', // separator
             'o' => 0    // offset for counters
-        ), $_attributes ) );
+        ), $_attributes );
+
+        $f = isset($_attributes['f']) ? $_attributes['f'] : '';
+        $w = isset($_attributes['w']) ? $_attributes['w'] : '';
+        $s = isset($_attributes['s']) ? $_attributes['s'] : '';
+        $o = isset($_attributes['o']) ? $_attributes['o'] : 0;
 
         $output = $where = $as_column = '';