Plugin Directory

Changeset 488883 for count-per-day


Ignore:
Timestamp:
01/12/2012 06:02:03 PM (13 years ago)
Author:
Tom Braider
Message:

security update

Location:
count-per-day/trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • count-per-day/trunk/counter.php

    r454194 r488883  
    44Plugin URI: http://www.tomsdimension.de/wp-plugins/count-per-day
    55Description: Counter, shows reads per page; today, yesterday, last week, last months ... on dashboard, per shortcode or in widget.
    6 Version: 3.1
     6Version: 3.1.1
    77License: Postcardware
    88Author: Tom Braider
     
    1111
    1212$cpd_dir_name = 'count-per-day';
    13 $cpd_version = '3.1';
     13$cpd_version = '3.1.1';
    1414
    1515$cpd_path = str_replace('/', DIRECTORY_SEPARATOR, ABSPATH.PLUGINDIR.'/'.$cpd_dir_name.'/');
  • count-per-day/trunk/download.php

    r454194 r488883  
    77    die('no way');
    88$file = sys_get_temp_dir().'/'.$_GET['f'];
     9if ( !in_array(substr($file, -3), array('.gz','sql','txt','tmp')) || strpos($file, '..') !== false )
     10    die('no way');
    911if (!file_exists($file))
    1012    die('file not found');
     
    1315header("Content-Disposition: attachment; filename=\"$name\"");
    1416readfile($file);
     17
     18
     19
     20
  • count-per-day/trunk/map/data.xml.php

    r421769 r488883  
    88
    99$what = (empty($_GET['map'])) ? 'reads' : $_GET['map'];
     10$what = strip_tags($what);
    1011
    1112if ( $what == 'online' )
  • count-per-day/trunk/map/map.php

    r421769 r488883  
    1 <?php $what = (empty($_GET['map'])) ? 'reads' : $_GET['map']; ?>
     1<?php
     2$what = (empty($_GET['map'])) ? 'reads' : $_GET['map'];
     3$what = strip_tags($what);
     4if ( !in_array($what, array('visitors','reads','online')) )
     5    die();
     6?>
    27
    38<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  • count-per-day/trunk/map/settings.xml.php

    r421769 r488883  
    11<?php
    22$what = (empty($_GET['map'])) ? 'Reads' : ucfirst($_GET['map']);
     3$what = strip_tags($what);
    34$disable = (empty($_GET['min'])) ? '' : '<enabled>false</enabled>';
    45
    56header("content-type: text/xml; charset=utf-8");
    6 echo '<?xml version="1.0" encoding="UTF-8"?>';
    77?>
     8<?xml version="1.0" encoding="UTF-8"?>
    89
    910<settings>
  • count-per-day/trunk/readme.txt

    r454203 r488883  
    33Tags: counter, count, posts, visits, reads, dashboard, widget, shortcode
    44Requires at least: 3.0
    5 Tested up to: 3.3
    6 Stable tag: 3.1
     5Tested up to: 3.3.1
     6Stable tag: 3.1.1
    77License: Postcardware :)
    88Donate link: http://www.tomsdimension.de/postcards
     
    132132
    133133* only count reads, without any output
    134 * cpdShow call it
     134* 'show' call it
    135135
    136136'getFirstCount( $return )'
     
    284284
    285285== Changelog ==
     286
     287= 3.1.1 Security update =
     288+ Bugfix: important fixes in map.php and download.php, thanks to Pavel Komisarchuk from http://6scan.com
    286289
    287290= 3.1 =
Note: See TracChangeset for help on using the changeset viewer.