Commit 922f3a41 authored by lechuck's avatar lechuck Committed by lucha

[auto] Plugin: wordpress-popular-posts 3.3.3

parent 0f6b53d1
......@@ -3,8 +3,8 @@ Contributors: hcabrera
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=hcabrerab%40gmail%2ecom&lc=GB&item_name=WordPress%20Popular%20Posts%20Plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG_global%2egif%3aNonHosted
Tags: popular, posts, widget, popularity, top
Requires at least: 3.8
Tested up to: 4.3.1
Stable tag: 3.3.2
Tested up to: 4.4
Stable tag: 3.3.3
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
......@@ -67,6 +67,11 @@ The [FAQ section](https://github.com/cabrerahector/wordpress-popular-posts/wiki/
4. WordPress Popular Posts Stats panel.
== Changelog ==
= 3.3.3 =
- Fixes potential XSS exploit in WPP's admin dashboard.
- Adds filter to set which post types should be tracked by WPP ([details](https://github.com/cabrerahector/wordpress-popular-posts/wiki/3.-Filters#wpp_trackable_post_types)).
- Adds ability to select first attached image as thumbnail source (thanks, [@serglopatin](https://github.com/serglopatin)!)
= 3.3.2 =
- Fixes warning message: 'stream does not support seeking in...'
- Removes excerpt HTML encoding.
......@@ -119,29 +124,6 @@ The [FAQ section](https://github.com/cabrerahector/wordpress-popular-posts/wiki/
* Fixes missing HTML decoding for custom HTML in widget.
* Puts LIMIT clause back to the outer query.
= 3.2.0 =
* Adds check for jQuery.
* Fixes invalid parameter in htmlspecialchars().
* Switches AJAX update to POST method.
* Removes href attribute from link when popular post is viewed.
* Removes unnecesary ORDER BY clause in views/comments subquery.
* Fixes Javascript console not working under IE8 (thanks, @[raphaelsaunier](https://github.com/raphaelsaunier)!)
* Fixes WPML compatibility bug storing post IDs as 0.
* Removes wpp-upload.js since it was no longer in use.
* Fixes undefined default thumbnail image (thanks, Lea Cohen!)
* Fixes rating parameter returning false value.
* Adds Data Sampling (thanks, @[kurtpayne](https://github.com/kurtpayne)!)
* Minor query optimizations.
* Adds {date} (thanks, @[matsuoshi](https://github.com/matsuoshi)!) and {thumb_img} tags to custom html.
* Adds minute time option for caching.
* Adds wpp_data_sampling filter.
* Removes jQuery's DOM ready hook for AJAX views update.
* Adds back missing GROUP BY clause.
* Removes unnecesary HTML decoding for custom HTML (thanks, Lea Cohen!)
* Translates category name when WPML is detected.
* Adds list of available thumbnail sizes to the widget.
* Other minor bugfixes and improvements.
See [full changelog](https://github.com/cabrerahector/wordpress-popular-posts/blob/master/changelog.md).
== Language support ==
......@@ -157,3 +139,5 @@ All translations are community made: people who are nice enough to share their t
* Flame graphic by freevector/Vecteezy.com.
== Upgrade Notice ==
= 3.3.3 =
This version fixes a potential security issue. You should upgrade as soon as possible.
\ No newline at end of file
......@@ -14,69 +14,91 @@ else
if ( isset($_POST['section']) ) {
if ( "stats" == $_POST['section'] ) {
$current = 'stats';
$this->user_settings['stats']['order_by'] = $_POST['stats_order'];
$this->user_settings['stats']['limit'] = (is_numeric($_POST['stats_limit']) && $_POST['stats_limit'] > 0) ? $_POST['stats_limit'] : 10;
$this->user_settings['stats']['post_type'] = empty($_POST['stats_type']) ? "post,page" : $_POST['stats_type'];
$this->user_settings['stats']['freshness'] = empty($_POST['stats_freshness']) ? false : $_POST['stats_freshness'];
if ( isset( $_POST['wpp-admin-token'] ) && wp_verify_nonce( $_POST['wpp-admin-token'], 'wpp-update-stats-options' ) ) {
$this->user_settings['stats']['order_by'] = $_POST['stats_order'];
$this->user_settings['stats']['limit'] = (is_numeric($_POST['stats_limit']) && $_POST['stats_limit'] > 0) ? $_POST['stats_limit'] : 10;
$this->user_settings['stats']['post_type'] = empty($_POST['stats_type']) ? "post,page" : $_POST['stats_type'];
$this->user_settings['stats']['freshness'] = empty($_POST['stats_freshness']) ? false : $_POST['stats_freshness'];
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
}
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
}
elseif ( "misc" == $_POST['section'] ) {
$current = 'tools';
$this->user_settings['tools']['link']['target'] = $_POST['link_target'];
$this->user_settings['tools']['css'] = $_POST['css'];
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
}
elseif ( "thumb" == $_POST['section'] ) {
$current = 'tools';
if ($_POST['thumb_source'] == "custom_field" && (!isset($_POST['thumb_field']) || empty($_POST['thumb_field']))) {
echo '<div id="wpp-message" class="error fade"><p>'.__('Please provide the name of your custom field.', $this->plugin_slug).'</p></div>';
} else {
$this->user_settings['tools']['thumbnail']['source'] = $_POST['thumb_source'];
$this->user_settings['tools']['thumbnail']['field'] = ( !empty( $_POST['thumb_field']) ) ? $_POST['thumb_field'] : "wpp_thumbnail";
$this->user_settings['tools']['thumbnail']['default'] = ( !empty( $_POST['upload_thumb_src']) ) ? $_POST['upload_thumb_src'] : "";
$this->user_settings['tools']['thumbnail']['resize'] = $_POST['thumb_field_resize'];
$this->user_settings['tools']['thumbnail']['responsive'] = $_POST['thumb_responsive'];
if ( isset( $_POST['wpp-admin-token'] ) && wp_verify_nonce( $_POST['wpp-admin-token'], 'wpp-update-misc-options' ) ) {
$this->user_settings['tools']['link']['target'] = $_POST['link_target'];
$this->user_settings['tools']['css'] = $_POST['css'];
update_site_option('wpp_settings_config', $this->user_settings);
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
}
}
elseif ( "data" == $_POST['section'] ) {
}
elseif ( "thumb" == $_POST['section'] ) {
$current = 'tools';
$this->user_settings['tools']['log']['level'] = $_POST['log_option'];
$this->user_settings['tools']['log']['limit'] = $_POST['log_limit'];
$this->user_settings['tools']['log']['expires_after'] = ( $this->__is_numeric($_POST['log_expire_time']) && $_POST['log_expire_time'] > 0 )
? $_POST['log_expire_time']
: $this->default_user_settings['tools']['log']['expires_after'];
$this->user_settings['tools']['ajax'] = $_POST['ajax'];
if ( isset( $_POST['wpp-admin-token'] ) && wp_verify_nonce( $_POST['wpp-admin-token'], 'wpp-update-thumbnail-options' ) ) {
if ($_POST['thumb_source'] == "custom_field" && (!isset($_POST['thumb_field']) || empty($_POST['thumb_field']))) {
echo '<div id="wpp-message" class="error fade"><p>'.__('Please provide the name of your custom field.', $this->plugin_slug).'</p></div>';
} else {
$this->user_settings['tools']['thumbnail']['source'] = $_POST['thumb_source'];
$this->user_settings['tools']['thumbnail']['field'] = ( !empty( $_POST['thumb_field']) ) ? $_POST['thumb_field'] : "wpp_thumbnail";
$this->user_settings['tools']['thumbnail']['default'] = ( !empty( $_POST['upload_thumb_src']) ) ? $_POST['upload_thumb_src'] : "";
$this->user_settings['tools']['thumbnail']['resize'] = $_POST['thumb_field_resize'];
$this->user_settings['tools']['thumbnail']['responsive'] = $_POST['thumb_responsive'];
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
}
// if any of the caching settings was updated, destroy all transients created by the plugin
if ( $this->user_settings['tools']['cache']['active'] != $_POST['cache'] || $this->user_settings['tools']['cache']['interval']['time'] != $_POST['cache_interval_time'] || $this->user_settings['tools']['cache']['interval']['value'] != $_POST['cache_interval_value'] ) {
$this->__flush_transients();
}
$this->user_settings['tools']['cache']['active'] = $_POST['cache'];
$this->user_settings['tools']['cache']['interval']['time'] = $_POST['cache_interval_time'];
$this->user_settings['tools']['cache']['interval']['value'] = ( isset($_POST['cache_interval_value']) && is_numeric($_POST['cache_interval_value']) && $_POST['cache_interval_value'] > 0 )
? $_POST['cache_interval_value']
: 1;
}
elseif ( "data" == $_POST['section'] ) {
$current = 'tools';
if ( isset( $_POST['wpp-admin-token'] ) && wp_verify_nonce( $_POST['wpp-admin-token'], 'wpp-update-data-options' ) ) {
$this->user_settings['tools']['sampling']['active'] = $_POST['sampling'];
$this->user_settings['tools']['sampling']['rate'] = ( isset($_POST['sample_rate']) && is_numeric($_POST['sample_rate']) && $_POST['sample_rate'] > 0 )
? $_POST['sample_rate']
: 100;
$this->user_settings['tools']['log']['level'] = $_POST['log_option'];
$this->user_settings['tools']['log']['limit'] = $_POST['log_limit'];
$this->user_settings['tools']['log']['expires_after'] = ( $this->__is_numeric($_POST['log_expire_time']) && $_POST['log_expire_time'] > 0 )
? $_POST['log_expire_time']
: $this->default_user_settings['tools']['log']['expires_after'];
$this->user_settings['tools']['ajax'] = $_POST['ajax'];
// if any of the caching settings was updated, destroy all transients created by the plugin
if ( $this->user_settings['tools']['cache']['active'] != $_POST['cache'] || $this->user_settings['tools']['cache']['interval']['time'] != $_POST['cache_interval_time'] || $this->user_settings['tools']['cache']['interval']['value'] != $_POST['cache_interval_value'] ) {
$this->__flush_transients();
}
$this->user_settings['tools']['cache']['active'] = $_POST['cache'];
$this->user_settings['tools']['cache']['interval']['time'] = $_POST['cache_interval_time'];
$this->user_settings['tools']['cache']['interval']['value'] = ( isset($_POST['cache_interval_value']) && is_numeric($_POST['cache_interval_value']) && $_POST['cache_interval_value'] > 0 )
? $_POST['cache_interval_value']
: 1;
$this->user_settings['tools']['sampling']['active'] = $_POST['sampling'];
$this->user_settings['tools']['sampling']['rate'] = ( isset($_POST['sample_rate']) && is_numeric($_POST['sample_rate']) && $_POST['sample_rate'] > 0 )
? $_POST['sample_rate']
: 100;
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
update_site_option('wpp_settings_config', $this->user_settings);
echo "<div class=\"updated\"><p><strong>" . __('Settings saved.', $this->plugin_slug ) . "</strong></p></div>";
}
}
}
......@@ -172,13 +194,15 @@ if (empty($wpp_rand)) {
<option <?php if ($this->user_settings['stats']['order_by'] == "views") {?>selected="selected"<?php } ?> value="views"><?php _e("Order by views", $this->plugin_slug); ?></option>
<option <?php if ($this->user_settings['stats']['order_by'] == "avg") {?>selected="selected"<?php } ?> value="avg"><?php _e("Order by avg. daily views", $this->plugin_slug); ?></option>
</select>
<label for="stats_type"><?php _e("Post type", $this->plugin_slug); ?>:</label> <input type="text" name="stats_type" value="<?php echo $this->user_settings['stats']['post_type']; ?>" size="15" />
<label for="stats_type"><?php _e("Post type", $this->plugin_slug); ?>:</label> <input type="text" name="stats_type" value="<?php echo esc_attr( $this->user_settings['stats']['post_type'] ); ?>" size="15" />
<label for="stats_limits"><?php _e("Limit", $this->plugin_slug); ?>:</label> <input type="text" name="stats_limit" value="<?php echo $this->user_settings['stats']['limit']; ?>" size="5" />
<input type="hidden" name="section" value="stats" />
<input type="submit" class="button-secondary action" value="<?php _e("Apply", $this->plugin_slug); ?>" name="" />
<div class="clear"></div>
<label for="stats_freshness"><input type="checkbox" class="checkbox" <?php echo ($this->user_settings['stats']['freshness']) ? 'checked="checked"' : ''; ?> id="stats_freshness" name="stats_freshness" /> <?php _e('Display only posts published within the selected Time Range', $this->plugin_slug); ?></label>
<?php wp_nonce_field( 'wpp-update-stats-options', 'wpp-admin-token' ); ?>
</form>
</div>
</div>
......@@ -231,6 +255,7 @@ if (empty($wpp_rand)) {
<select name="thumb_source" id="thumb_source">
<option <?php if ($this->user_settings['tools']['thumbnail']['source'] == "featured") {?>selected="selected"<?php } ?> value="featured"><?php _e("Featured image", $this->plugin_slug); ?></option>
<option <?php if ($this->user_settings['tools']['thumbnail']['source'] == "first_image") {?>selected="selected"<?php } ?> value="first_image"><?php _e("First image on post", $this->plugin_slug); ?></option>
<option <?php if ($this->user_settings['tools']['thumbnail']['source'] == "first_attachment") {?>selected="selected"<?php } ?> value="first_attachment"><?php _e("First attachment", $this->plugin_slug); ?></option>
<option <?php if ($this->user_settings['tools']['thumbnail']['source'] == "custom_field") {?>selected="selected"<?php } ?> value="custom_field"><?php _e("Custom field", $this->plugin_slug); ?></option>
</select>
<br />
......@@ -240,7 +265,7 @@ if (empty($wpp_rand)) {
<tr valign="top" <?php if ($this->user_settings['tools']['thumbnail']['source'] != "custom_field") {?>style="display:none;"<?php } ?> id="row_custom_field">
<th scope="row"><label for="thumb_field"><?php _e("Custom field name", $this->plugin_slug); ?>:</label></th>
<td>
<input type="text" id="thumb_field" name="thumb_field" value="<?php echo $this->user_settings['tools']['thumbnail']['field']; ?>" size="10" <?php if ($this->user_settings['tools']['thumbnail']['source'] != "custom_field") {?>style="display:none;"<?php } ?> />
<input type="text" id="thumb_field" name="thumb_field" value="<?php echo esc_attr( $this->user_settings['tools']['thumbnail']['field'] ); ?>" size="10" <?php if ($this->user_settings['tools']['thumbnail']['source'] != "custom_field") {?>style="display:none;"<?php } ?> />
</td>
</tr>
<tr valign="top" <?php if ($this->user_settings['tools']['thumbnail']['source'] != "custom_field") {?>style="display:none;"<?php } ?> id="row_custom_field_resize">
......@@ -285,6 +310,8 @@ if (empty($wpp_rand)) {
</tr>
</tbody>
</table>
<?php wp_nonce_field( 'wpp-update-thumbnail-options', 'wpp-admin-token' ); ?>
</form>
<br />
<p style="display:block; float:none; clear:both">&nbsp;</p>
......@@ -312,7 +339,7 @@ if (empty($wpp_rand)) {
<option <?php if ($this->user_settings['tools']['log']['limit'] == 1) {?>selected="selected"<?php } ?> value="1"><?php _e("Keep data for", $this->plugin_slug); ?></option>
</select>
<label for="log_expire_time"<?php echo ($this->user_settings['tools']['log']['limit'] == 0) ? ' style="display:none;"' : ''; ?>><input type="text" id="log_expire_time" name="log_expire_time" value="<?php echo $this->user_settings['tools']['log']['expires_after']; ?>" size="3" /> <?php _e("day(s)", $this->plugin_slug); ?></label>
<label for="log_expire_time"<?php echo ($this->user_settings['tools']['log']['limit'] == 0) ? ' style="display:none;"' : ''; ?>><input type="text" id="log_expire_time" name="log_expire_time" value="<?php echo esc_attr( $this->user_settings['tools']['log']['expires_after'] ); ?>" size="3" /> <?php _e("day(s)", $this->plugin_slug); ?></label>
<p class="description"<?php echo ($this->user_settings['tools']['log']['limit'] == 0) ? ' style="display:none;"' : ''; ?>><?php _e("Data from entries that haven't been viewed within the specified time frame will be automatically discarded", $this->plugin_slug); ?>.</p>
......@@ -387,6 +414,8 @@ if (empty($wpp_rand)) {
</tr>
</tbody>
</table>
<?php wp_nonce_field( 'wpp-update-data-options', 'wpp-admin-token' ); ?>
</form>
<br />
<p style="display:block; float:none; clear:both">&nbsp;</p>
......@@ -424,6 +453,8 @@ if (empty($wpp_rand)) {
</tr>
</tbody>
</table>
<?php wp_nonce_field( 'wpp-update-misc-options', 'wpp-admin-token' ); ?>
</form>
<br />
<p style="display:block; float:none; clear:both">&nbsp;</p>
......@@ -703,12 +734,9 @@ if (empty($wpp_rand)) {
<p><?php _e( 'This version includes the following changes', $this->plugin_slug ); ?>:</p>
<ul>
<li>Fixes warning message: 'stream does not support seeking in...'</li>
<li>Removes excerpt HTML encoding.</li>
<li>Passes widget ID to the instance variable for customization.</li>
<li>Adds CSS class current.</li>
<li>Documentation cleanup.</li>
<li>Other minor bug fixes / improvements.</li>
<li>Fixes potential XSS exploit in WPP's admin dashboard.</li>
<li>Adds filter to set which post types should be tracked by WPP (details).</li>
<li>Adds ability to select first attached image as thumbnail source (thanks, <a href="https://github.com/serglopatin">@serglopatin</a>!)</li>
</ul>
</div>
......
......@@ -3,7 +3,7 @@
Plugin Name: WordPress Popular Posts
Plugin URI: http://wordpress.org/extend/plugins/wordpress-popular-posts
Description: WordPress Popular Posts is a highly customizable widget that displays the most popular posts on your blog
Version: 3.3.2
Version: 3.3.3
Author: Hector Cabrera
Author URI: http://cabrerahector.com
Author Email: hcabrerab@gmail.com
......@@ -61,7 +61,7 @@ if ( !class_exists('WordpressPopularPosts') ) {
* @since 1.3.0
* @var string
*/
private $version = '3.3.2';
private $version = '3.3.3';
/**
* Plugin identifier.
......@@ -2525,6 +2525,21 @@ if ( !class_exists('WordpressPopularPosts') ) {
}
}
// get thumbnail path from first image attachment
elseif ($source == "first_attachment") {
$post_attachments = get_children(
array( 'numberposts' => 1,
'order' => 'ASC',
'post_parent' => $id,
'post_type' => 'attachment',
'post_mime_type' => 'image'
));
if ( !empty($post_attachments) ) {
$first_img = array_shift( $post_attachments );
return get_attached_file($first_img->ID);
}
}
// get thumbnail path from post content
elseif ($source == "first_image") {
......@@ -3094,7 +3109,16 @@ if ( !class_exists('WordpressPopularPosts') ) {
* @since 3.1.2
*/
public function is_single() {
if ( (is_single() || is_page()) && !is_front_page() && !is_preview() && !is_trackback() && !is_feed() && !is_robots() ) {
$trackable = array();
$registered_post_types = get_post_types( array('public' => true), 'names' );
foreach ( $registered_post_types as $post_type ) {
$trackable[] = $post_type;
}
$trackable = apply_filters( 'wpp_trackable_post_types', $trackable );
if ( is_singular($trackable) && !is_front_page() && !is_preview() && !is_trackback() && !is_feed() && !is_robots() ) {
global $post;
$this->current_post_id = ( is_object($post) ) ? $post->ID : 0;
} else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment