WordPress.org

Plugin Directory

Changeset 397920


Ignore:
Timestamp:
06/16/11 11:30:04 (3 years ago)
Author:
neoxx
Message:

2.30

  • revised the security model (replaced option Allow anonymous Ajax Refresh Requests with All users can view stats and added the option Capability to view stats to define the capability of a certain user to access the stats)
  • de-coupling of Ajax-refresh-functions and output of wp_localize_script (GeneralStats is now compatible with [WP Minify](http://wordpress.org/extend/plugins/wp-minify/))
  • small enhancements
Location:
generalstats/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • generalstats/trunk/generalstats.php

    r324397 r397920  
    66Description: Counts the number of users, categories, posts, comments, pages, links, tags, link-categories, words in posts, words in comments and words in pages. 
    77Author: Dr. Bernhard Riedl 
    8 Version: 2.20 
     8Version: 2.30 
    99Author URI: http://www.bernhard.riedl.name/ 
    1010*/ 
    1111 
    1212/* 
    13 Copyright 2006-2010 Dr. Bernhard Riedl 
    14  
    15 Inspirations & Proof-Reading 2007-2010 
     13Copyright 2006-2011 Dr. Bernhard Riedl 
     14 
     15Inspirations & Proof-Reading 2007-2011 
    1616by Veronika Grascher 
    1717 
     
    119119        'ajax_refresh_time' => 30, 
    120120        'renew_nonce' => false, 
    121         'anonymous_ajax_refresh' => true, 
    122121        'ajax_refresh_lib' => 'jquery', 
    123122 
     
    133132        'mail_stats_schedule' => 'no', 
    134133        'count_html_tags' => false, 
     134        'all_users_can_view_stats' => true, 
     135        'view_stats_capability' => 'read', 
    135136        'debug_mode' => false, 
    136137 
     
    206207                'ajax_refresh_time' => 'Ajax Refresh Time', 
    207208                'renew_nonce' => 'Renew nonce to assure continous updates', 
    208                 'anonymous_ajax_refresh' => 'Allow anonymous Ajax Refresh Requests', 
    209209                'ajax_refresh_lib' => 'Ajax Refresh Library in Front-End' 
    210210            ) 
     
    235235                'mail_stats_schedule' => 'Schedule of Mail with Stats updates', 
    236236                'count_html_tags' => 'Include HTML-Tags in Word-Counts', 
     237                'all_users_can_view_stats' => 'All users can view stats', 
     238                'view_stats_capability' => 'Capability to view stats',   
    237239                'debug_mode' => 'Enable Debug-Mode' 
    238240            ) 
     
    287289        */ 
    288290 
    289         wp_register_script($this->get_prefix().'refresh_prototype', $this->get_plugin_url().'js/refresh_prototype.js', array('prototype'), '2.20'); 
    290  
    291         wp_register_script($this->get_prefix().'refresh_jquery', $this->get_plugin_url().'js/refresh_jquery.js', array('jquery', 'jshashtable'), '2.20'); 
     291        wp_register_script($this->get_prefix().'refresh_prototype', $this->get_plugin_url().'js/refresh_prototype.js', array('prototype'), '2.30'); 
     292 
     293        wp_register_script($this->get_prefix().'refresh_jquery', $this->get_plugin_url().'js/refresh_jquery.js', array('jquery', 'jshashtable'), '2.30'); 
    292294 
    293295        wp_register_script($this->get_prefix().'utils', $this->get_plugin_url().'js/utils.js', array('prototype'), '2.00'); 
     
    336338            */ 
    337339 
    338             if ($this->get_option('anonymous_ajax_refresh')) { 
     340            if ($this->get_option('all_users_can_view_stats')) { 
    339341                add_action('wp_ajax_nopriv_'.$this->get_prefix().'output', array(&$this, 'wp_ajax_refresh')); 
    340342                add_action('wp_ajax_nopriv_'.$this->get_prefix().'count', array(&$this, 'wp_ajax_refresh')); 
     
    891893        } 
    892894 
     895        /* 
     896        maybe upgrade to v2.40? 
     897        */ 
     898 
     899        if (array_key_exists('anonymous_ajax_refresh', $this->options)) 
     900            $this->upgrade_v24(); 
     901 
    893902        $this->log('setting options to '.var_export($this->options, true)); 
    894903 
     
    932941            'use_ajax_refresh', 
    933942            'renew_nonce', 
    934             'anonymous_ajax_refresh', 
    935943            'dashboard_widget', 
    936944            'dashboard_right_now', 
    937945            'use_action_hooks', 
    938946            'count_html_tags', 
     947            'all_users_can_view_stats', 
    939948            'debug_mode' 
    940949        ); 
    941950 
    942951        foreach ($check_fields as $check_field) { 
    943             $input[$check_field] = ($input[$check_field] == 1 ? true : false); 
     952            $input[$check_field] = (isset($input[$check_field]) && $input[$check_field] == 1 ? true : false); 
    944953        } 
    945954 
     
    968977            'dashboard_widget', 
    969978            'dashboard_right_now', 
     979            'view_stats', 
    970980            'calculator' 
    971981        ); 
     
    974984 
    975985        foreach ($capability_fields as $capability_field) { 
    976             if (!in_array($input[$capability_field.'_capability'], $capabilities)) 
     986            if (isset($input[$capability_field.'_capability']) && !in_array($input[$capability_field.'_capability'], $capabilities)) 
    977987                unset($input[$capability_field.'_capability']); 
    978988        } 
     
    13211331        $settings['use_container']='1'; 
    13221332        $settings['display']='1'; 
    1323         $settings['anonymous_ajax_refresh']='1'; 
     1333        $settings['all_users_can_view_stats']='1'; 
    13241334 
    13251335        /* 
     
    13431353        delete_option($fieldsPre.'Force_Cache_Refresh'); 
    13441354        delete_option($fieldsPre.'Last_Cache_Time'); 
     1355 
     1356        $this->log('upgrade finished. - retrieved options are: '.var_export($settings, true)); 
     1357    } 
     1358 
     1359    /* 
     1360    upgrade options to GeneralStats v2.40 
     1361    */ 
     1362 
     1363    private function upgrade_v24() { 
     1364 
     1365        $this->log('upgrade options to '.$this->get_nicename().' v2.40'); 
     1366 
     1367        /* 
     1368        rename setting 
     1369        */ 
     1370 
     1371        $this->options['all_users_can_view_stats']=$this->options['anonymous_ajax_refresh']; 
     1372 
     1373        unset($this->options['anonymous_ajax_refresh']); 
     1374 
     1375        $settings=array(); 
     1376 
     1377        $settings['stats_selected']=$this->stats_selected; 
     1378        $settings['stats_available']=$this->stats_available; 
     1379        $settings['defaults']=$this->defaults; 
     1380        $settings['options']=$this->options; 
     1381 
     1382        /* 
     1383        store new settings 
     1384        */ 
     1385 
     1386        update_option($this->get_prefix(false), $settings); 
    13451387 
    13461388        $this->log('upgrade finished. - retrieved options are: '.var_export($settings, true)); 
     
    14551497        security check 
    14561498        */ 
     1499 
     1500        if (!$this->get_option('all_users_can_view_stats') && !current_user_can($this->get_option('view_stats_capability'))) 
     1501            die('-1'); 
    14571502 
    14581503        $security_string=$action.str_replace(array('\n', "\n"), '', $query_string); 
     
    17111756 
    17121757    function head_meta() { 
    1713         echo("<meta name=\"".$this->get_nicename()."\" content=\"2.20\"/>\n"); 
     1758        echo("<meta name=\"".$this->get_nicename()."\" content=\"2.30\"/>\n"); 
    17141759    } 
    17151760 
     
    17671812 
    17681813    function refresh_print_scripts() { 
     1814 
     1815        /* 
     1816        security check 
     1817        */ 
     1818 
     1819        if (!$this->get_option('all_users_can_view_stats') && !current_user_can($this->get_option('view_stats_capability'))) 
     1820            return; 
     1821 
    17691822        $ajax_refresh_lib=$this->get_option('ajax_refresh_lib'); 
    17701823 
     
    17811834        */ 
    17821835 
    1783         if (defined('WP_ADMIN') && WP_ADMIN) { 
     1836        if (is_admin()) { 
    17841837            $ajax_refresh_lib='jquery'; 
    17851838 
     
    17971850        $_ajax_nonce=wp_create_nonce($security_string); 
    17981851 
    1799         wp_localize_script($this->get_prefix().'refresh'.$ajax_refresh_lib, $this->get_prefix().'refresh_settings', array('ajax_url' => admin_url('admin-ajax.php'), 
    1800 '_ajax_nonce' => $_ajax_nonce, 'refresh_time' => $this->get_option('ajax_refresh_time'))); 
     1852        wp_localize_script( 
     1853            $this->get_prefix().'refresh'.$ajax_refresh_lib, 
     1854            $this->get_prefix().'refresh_settings', 
     1855            array( 
     1856                'ajax_url' => admin_url('admin-ajax.php'), 
     1857                '_ajax_nonce' => $_ajax_nonce, 
     1858                'refresh_time' => $this->get_option('ajax_refresh_time') 
     1859            ) 
     1860        ); 
    18011861    } 
    18021862 
     
    19572017 
    19582018        /* 
     2019        security check 
     2020        */ 
     2021 
     2022        if (!$this->get_option('all_users_can_view_stats') && !current_user_can($this->get_option('view_stats_capability'))) 
     2023            throw new Exception('You are not authorized to view stats!'); 
     2024 
     2025        /* 
    19592026        fill params with default-values 
    19602027        */ 
     
    21652232 
    21662233        $this->log('function _count, $params='.var_export($params, true)); 
     2234 
     2235        /* 
     2236        security check 
     2237        */ 
     2238 
     2239        if (!$this->get_option('all_users_can_view_stats') && !current_user_can($this->get_option('view_stats_capability'))) 
     2240            throw new Exception('You are not authorized to view stats!'); 
    21672241 
    21682242        /* 
     
    32433317        </ul></div> 
    32443318 
    3245         <div class="<?php echo($this->get_prefix()); ?>wrap"> 
     3319        <div id="<?php echo($this->get_prefix()); ?>content" class="<?php echo($this->get_prefix()); ?>wrap"> 
     3320 
     3321        <script type="text/javascript"> 
     3322 
     3323        /* <![CDATA[ */ 
     3324 
     3325        if ($('<?php echo($this->get_prefix()); ?>content')) 
     3326            $('<?php echo($this->get_prefix()); ?>content').style.display="none"; 
     3327 
     3328        /* ]]> */ 
     3329 
     3330        </script> 
    32463331 
    32473332        <?php if ($is_wp_options) { ?> 
     
    33203405 
    33213406    /* 
    3322     display js-menu 
     3407    display js-menu and content-block 
    33233408    if js has been disabled, 
    33243409    the menu will not be visible 
     
    33263411 
    33273412    $('<?php echo($this->get_prefix()); ?>menu').style.display="block"; 
     3413 
     3414    $('<?php echo($this->get_prefix()); ?>content').style.display="block"; 
    33283415 
    33293416    /* ]]> */ 
     
    34863573    */ 
    34873574 
    3488     private function neotrinity_support() { ?> 
     3575    private function neotrinity_support() { 
     3576        global $user_identity; ?> 
    34893577        <h3>Support</h3> 
    3490         If you like to support the development of <?php echo($this->get_nicename()); ?>, you can invite me for a <a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&amp;business=bernhard%40riedl%2ename&amp;item_name=Donation%20for%20GeneralStats&amp;no_shipping=1&amp;no_note=1&amp;tax=0&amp;currency_code=EUR&amp;bn=PP%2dDonationsBF&amp;charset=UTF%2d8">virtual pizza</a> for my work. <?php echo(convert_smilies(':)')); ?><br /><br /> 
     3578        <?php echo($user_identity); ?>, if you would like to support the development of <?php echo($this->get_nicename()); ?>, you can invite me for a <a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&amp;business=bernhard%40riedl%2ename&amp;item_name=Donation%20for%20GeneralStats&amp;no_shipping=1&amp;no_note=1&amp;tax=0&amp;currency_code=EUR&amp;bn=PP%2dDonationsBF&amp;charset=UTF%2d8">virtual pizza</a> for my work. <?php echo(convert_smilies(':)')); ?><br /><br /> 
    34913579 
    34923580        <form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick" /><input type="hidden" name="business" value="&#110;&#101;&#111;&#64;&#x6E;&#x65;&#x6F;&#x74;&#x72;&#105;&#110;&#x69;&#x74;&#x79;&#x2E;&#x61;t" /><input type="hidden" name="item_name" value="Donation for GeneralStats" /><input type="hidden" name="no_shipping" value="2" /><input type="hidden" name="no_note" value="1" /><input type="hidden" name="currency_code" value="EUR" /><input type="hidden" name="tax" value="0" /><input type="hidden" name="bn" value="PP-DonationsBF" /><input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" style="border:0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" /><img alt="if you like to, you can support me" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" /></form><br /> 
     
    38443932            <li>Due to security reasons, the time for <abbr title="asynchronous JavaScript and XML">Ajax</abbr> updates will be limited by default. WordPress normally defines this time to 24 hours. If you activate <em>Renew nonce to assure continous updates</em> you override this security feature but provide unlimited time for <abbr title="asynchronous JavaScript and XML">Ajax</abbr> updates of your stats.</li> 
    38453933 
    3846             <li>You can also choose to allow only logged in users to execute <abbr title="asynchronous JavaScript and XML">Ajax</abbr> refresh operations if you deactivate the option <em>Allow anonymous Ajax Refresh Requests</em>.</li> 
    3847  
    38483934            <li>In the last option, <em>Ajax Refresh Library in Front-End</em>, you can choose whether to use <a target="_blank" href="http://jquery.com/">jQuery</a> or <a target="_blank" href="http://www.prototypejs.org/">Prototype</a> for the Ajax Refresh in your theme.</li> 
    38493935        </ul> 
     
    38553941 
    38563942    function setting_use_ajax_refresh($params=array()) { 
    3857         $this->setting_checkfield('use_ajax_refresh', 'options', array('ajax_refresh_time', 'renew_nonce', 'anonymous_ajax_refresh', 'ajax_refresh_lib')); 
     3943        $this->setting_checkfield('use_ajax_refresh', 'options', array('ajax_refresh_time', 'renew_nonce', 'ajax_refresh_lib')); 
    38583944    } 
    38593945 
     
    38633949    function setting_renew_nonce($params=array()) { 
    38643950        $this->setting_checkfield('renew_nonce', 'options'); 
    3865     } 
    3866  
    3867     function setting_anonymous_ajax_refresh($params=array()) { 
    3868         $this->setting_checkfield('anonymous_ajax_refresh', 'options'); 
    38693951    } 
    38703952 
     
    39604042            <li>If you select to <em>Include HTML-Tags in Word-Counts</em>, not only 'real text' but also HTML and Javascript tags will be counted.</li> 
    39614043 
     4044            <li>If you want to keep the stats as a secret, you can deactivate <em>All users can view stats</em>. In that case, only users with the <em><a target="_blank" href="http://codex.wordpress.org/Roles_and_Capabilities">Capability</a> to view stats</em> can access this information.</li> 
     4045 
    39624046            <li>The <em>Debug Mode</em> can be used to have a look on the actions undertaken by <?php echo($this->get_nicename()); ?> and to investigate unexpected behaviour.</li> 
    39634047        </ul> 
     
    39724056    function setting_count_html_tags($params=array()) { 
    39734057        $this->setting_checkfield('count_html_tags', 'options'); 
     4058    } 
     4059 
     4060    function setting_all_users_can_view_stats($params=array()) { 
     4061        $this->setting_checkfield('all_users_can_view_stats', 'options', array('view_stats_capability'), false); 
     4062    } 
     4063 
     4064    function setting_view_stats_capability($params=array()) { 
     4065        $this->setting_capability('view_stats', 'options'); 
    39744066    } 
    39754067 
     
    41404232        $title = !isset($instance['title']) ? '&nbsp;' : apply_filters('widget_title', $instance['title']); 
    41414233 
     4234        $params=array( 
     4235            'use_container' => true, 
     4236            'display' => false 
     4237        ); 
     4238 
     4239        $stats=$generalstats->output($params); 
     4240 
     4241        if (empty($stats)) 
     4242            return; 
     4243 
    41424244        echo $before_widget; 
    41434245        echo $before_title . $title . $after_title; 
    41444246 
    4145         $params=array( 
    4146             'use_container' => true, 
    4147             'display' => true 
    4148         ); 
    4149  
    4150         $generalstats->output($params); 
     4247        echo $stats; 
    41514248 
    41524249        echo $after_widget; 
  • generalstats/trunk/js/refresh_jquery.js

    r324397 r397920  
    181181var generalstats_params = new Hashtable(); 
    182182 
    183 generalstats_params.put('compare_string', '<div class="generalstats-refreshable-output"'); 
    184  
    185 generalstats_params.put('fields', 'div.generalstats-refreshable-output'); 
    186  
    187183var generalstats_query_params = new Hashtable(); 
    188184 
    189 generalstats_query_params.put('action', 'generalstats_output'); 
     185jQuery(window).load(function(){ 
     186    if (jQuery('div.generalstats-refreshable-output').length>0) { 
     187        generalstats_params.put('compare_string', '<div class="generalstats-refreshable-output"'); 
    190188 
    191 generalstats_query_params.put('_ajax_nonce', generalstats_refresh_settings._ajax_nonce); 
     189        generalstats_params.put('fields', 'div.generalstats-refreshable-output'); 
    192190 
    193 jQuery(window).load(function(){ 
    194     if (jQuery('div.generalstats-refreshable-output').length>0) 
    195             generalstats_register_refresh(generalstats_params, generalstats_query_params); 
     191        generalstats_query_params.put('action', 'generalstats_output'); 
     192 
     193        generalstats_query_params.put('_ajax_nonce', generalstats_refresh_settings._ajax_nonce); 
     194 
     195        generalstats_register_refresh(generalstats_params, generalstats_query_params); 
     196    } 
    196197}); 
  • generalstats/trunk/js/refresh_prototype.js

    r324397 r397920  
    154154var generalstats_params = new Hash(); 
    155155 
    156 generalstats_params.set('compare_string', '<div class="generalstats-refreshable-output"'); 
    157  
    158 generalstats_params.set('fields', 'div.generalstats-refreshable-output'); 
    159  
    160156var generalstats_query_params = new Hash(); 
    161157 
    162 generalstats_query_params.set('action', 'generalstats_output'); 
     158Event.observe(window, 'load', function(e){ 
     159    if ($$('div.generalstats-refreshable-output').length>0) { 
     160        generalstats_params.set('compare_string', '<div class="generalstats-refreshable-output"'); 
    163161 
    164 generalstats_query_params.set('_ajax_nonce', generalstats_refresh_settings._ajax_nonce); 
     162        generalstats_params.set('fields', 'div.generalstats-refreshable-output'); 
    165163 
    166 Event.observe(window, 'load', function(e){ 
    167     if ($$('div.generalstats-refreshable-output').length>0) 
    168             generalstats_register_refresh(generalstats_params, generalstats_query_params); 
     164        generalstats_query_params.set('action', 'generalstats_output'); 
     165 
     166        generalstats_query_params.set('_ajax_nonce', generalstats_refresh_settings._ajax_nonce); 
     167 
     168        generalstats_register_refresh(generalstats_params, generalstats_query_params); 
     169    } 
    169170}); 
  • generalstats/trunk/readme.txt

    r324397 r397920  
    44Tags: statistics, stats, analytics, count, user, category, post, comment, page, link, tag, link-category, seo, widget, dashboard, sidebar, shortcode, multisite, multi-site, ajax, javascript, jquery, prototype 
    55Requires at least: 2.8 
    6 Tested up to: 3.2 
     6Tested up to: 3.3 
    77Stable tag: trunk 
    88 
     
    260260 
    261261== Changelog == 
     262 
     263= 2.30 = 
     264 
     265* revised the security model (replaced option `Allow anonymous Ajax Refresh Requests` with `All users can view stats` and added the option `Capability to view stats` to define the capability of a certain user to access the stats) 
     266* de-coupling of Ajax-refresh-functions and output of `wp_localize_script` (GeneralStats is now compatible with [WP Minify](http://wordpress.org/extend/plugins/wp-minify/)) 
     267* small enhancements 
    262268 
    263269= 2.20 = 
Note: See TracChangeset for help on using the changeset viewer.