WordPress.org

Plugin Directory

Changeset 488883 for count-per-day


Ignore:
Timestamp:
01/12/12 18:02:03 (2 years ago)
Author:
Tom Braider
Message:

security update

Location:
count-per-day/trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • count-per-day/trunk/counter.php

    r454194 r488883  
    44Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day 
    55Description: Counter, shows reads per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget. 
    6 Version: 3.1 
     6Version: 3.1.1 
    77License: Postcardware 
    88Author: Tom Braider 
     
    1111 
    1212$cpd_dir_name = 'count-per-day'; 
    13 $cpd_version = '3.1'; 
     13$cpd_version = '3.1.1'; 
    1414 
    1515$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/'); 
  • count-per-day/trunk/download.php

    r454194 r488883  
    77    die('no way'); 
    88$file = sys_get_temp_dir().'/'.$_GET['f']; 
     9if ( !in_array(substr($file, -3), array('.gz','sql','txt','tmp')) || strpos($file, '..') !== false ) 
     10    die('no way'); 
    911if (!file_exists($file)) 
    1012    die('file not found'); 
     
    1315header("Content-Disposition: attachment; filename=\"$name\""); 
    1416readfile($file); 
     17 
     18 
     19 
     20 
  • count-per-day/trunk/map/data.xml.php

    r421769 r488883  
    88 
    99$what = (empty($_GET['map'])) ? 'reads' : $_GET['map']; 
     10$what = strip_tags($what); 
    1011 
    1112if ( $what == 'online' ) 
  • count-per-day/trunk/map/map.php

    r421769 r488883  
    1 <?php $what = (empty($_GET['map'])) ? 'reads' : $_GET['map']; ?> 
     1<?php 
     2$what = (empty($_GET['map'])) ? 'reads' : $_GET['map']; 
     3$what = strip_tags($what); 
     4if ( !in_array($what, array('visitors','reads','online')) ) 
     5    die(); 
     6?> 
    27 
    38<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
  • count-per-day/trunk/map/settings.xml.php

    r421769 r488883  
    11<?php 
    22$what = (empty($_GET['map'])) ? 'Reads' : ucfirst($_GET['map']); 
     3$what = strip_tags($what); 
    34$disable = (empty($_GET['min'])) ? '' : '<enabled>false</enabled>'; 
    45 
    56header("content-type: text/xml; charset=utf-8"); 
    6 echo '<?xml version="1.0" encoding="UTF-8"?>'; 
    77?> 
     8<?xml version="1.0" encoding="UTF-8"?> 
    89 
    910<settings> 
  • count-per-day/trunk/readme.txt

    r454203 r488883  
    33Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode 
    44Requires at least: 3.0 
    5 Tested up to: 3.3 
    6 Stable tag: 3.1 
     5Tested up to: 3.3.1 
     6Stable tag: 3.1.1 
    77License: Postcardware :) 
    88Donate link: http://www.tomsdimension.de/postcards 
     
    132132 
    133133* only count reads, without any output 
    134 * cpdShow call it 
     134* 'show' call it 
    135135 
    136136'getFirstCount( $return )' 
     
    284284 
    285285== Changelog == 
     286 
     287= 3.1.1 Security update = 
     288+ Bugfix: important fixes in map.php and download.php, thanks to Pavel Komisarchuk from http://6scan.com 
    286289 
    287290= 3.1 = 
Note: See TracChangeset for help on using the changeset viewer.