WordPress.org
Get WordPress

Plugin Directory

Changeset 3466230


Ignore:
Timestamp:
02/21/2026 04:42:47 AM (6 weeks ago)
Author:
osamaesh
Message:

8.5

  1. Prevent Stored XSS in visitor tracking
  2. Prevent XSS when displaying page titles in the admin
  3. Use safe text for DataTable content
  4. Improved wp-cron cleanup (performance)
  5. Safer DB Cleanup (DELETE by batch)
  6. Bot Filtering (Reduce Monitoring Overhead)
Location:
visitors-traffic-real-time-statistics
Files:
428 added
5 edited

Legend:

Unmodified
Added
Removed

  • visitors-traffic-real-time-statistics/trunk/Visitors-Traffic-Real-Time-Statistics.php

    r3450908 r3466230  
    55Author: wp-buy
    66Author URI: https://www.wp-buy.com/
    7 Version: 8.4
     7Version: 8.5
    88Text Domain: visitors-traffic-real-time-statistics
    99Domain Path: /languages
     
    8686add_action('plugins_loaded', 'ahcfree_init');
    8787add_action('plugins_loaded', 'ahcfree_multisite_init', 99);
     88
     89
     90add_action('ahc_cleanup_event', ['WPHitsCounter', 'run_cleanup']);
     91
     92register_activation_hook(__FILE__, ['WPHitsCounter', 'schedule_cleanup']);
     93
     94register_deactivation_hook(__FILE__, ['WPHitsCounter', 'unschedule_cleanup']);
     95
     96
    8897//if ( function_exists('get_plugin_data') ) {
    8998//  $woodhl_detail = get_plugin_data( __FILE__ );

  • visitors-traffic-real-time-statistics/trunk/WPHitsCounter.php

    r3330557 r3466230  
    102102
    103103
    104 
     104        $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
     105
     106    if (preg_match('/bot|crawl|slurp|spider|mediapartners/i', $user_agent)) {
     107        return;
     108    }
    105109        //$this->cleanUnwantedRecords();
    106110
    107         $this->cleanHitsTable();
     111        //$this->cleanHitsTable();
    108112
    109113        if (!$this->isHitRecorded()) {
     
    593597
    594598     */
    595     public function cleanHitsTable()
     599        public function cleanHitsTable()
    596600    {
    597601        global $wpdb;
     
    12751279        return $result;
    12761280    }
     1281   
     1282   
     1283   
     1284   
     1285public static function schedule_cleanup() {
     1286
     1287    if (!wp_next_scheduled('ahc_cleanup_event')) {
     1288
     1289        wp_schedule_event(time() + 300, 'daily', 'ahc_cleanup_event');
     1290
     1291    }
     1292
    12771293}
     1294
     1295public static function unschedule_cleanup() {
     1296
     1297    $timestamp = wp_next_scheduled('ahc_cleanup_event');
     1298
     1299    if ($timestamp) {
     1300
     1301        wp_unschedule_event($timestamp, 'ahc_cleanup_event');
     1302
     1303    }
     1304
     1305}
     1306
     1307public static function run_cleanup() {
     1308
     1309if (!isset($_SERVER['HTTP_USER_AGENT'])) $_SERVER['HTTP_USER_AGENT'] = 'wp-cron';
     1310    if (!isset($_SERVER['REQUEST_URI'])) $_SERVER['REQUEST_URI'] = '/wp-cron.php';
     1311
     1312    $counter = new self(0);
     1313    $counter->cleanHitsTable();
     1314
     1315}
     1316}

  • visitors-traffic-real-time-statistics/trunk/functions.php

    r3450908 r3466230  
    13901390        $wpdb->query($sql);
    13911391    }
     1392   
     1393   
     1394     if (get_option('ahc_db_indexes_ahc_online_users_added')) {
     1395        return;
     1396    }
     1397   
     1398
     1399    $wpdb->query("ALTER TABLE ahc_hits ADD INDEX idx_hit_date (hit_date)");
     1400    $wpdb->query("ALTER TABLE ahc_hits ADD INDEX idx_ip_page (hit_ip_address, hit_page_id)");
     1401    $wpdb->query("ALTER TABLE ahc_online_users ADD INDEX idx_online_date (`date`)");
     1402
     1403    update_option('ahc_db_indexes_ahc_online_users_added', 1);
    13921404}
    13931405
     
    32903302
    32913303            $page_id = intval($_POST['page_id']);
    3292             $page_title = ahc_free_sanitize_text_or_array_field($_POST['page_title']);
     3304           // $page_title = ahc_free_sanitize_text_or_array_field($_POST['page_title']);
     3305           
     3306            $page_title_raw = isset($_POST['page_title']) ? wp_unslash($_POST['page_title']) : '';
     3307            $page_title_decoded = html_entity_decode($page_title_raw, ENT_QUOTES | ENT_HTML5, 'UTF-8');
     3308            $page_title = sanitize_text_field(wp_strip_all_tags($page_title_decoded, true));
    32933309            $post_type = ahc_free_sanitize_text_or_array_field($_POST['post_type']);
    32943310            $_SERVER['HTTP_REFERER'] = ahc_free_sanitize_text_or_array_field($_POST['referer']);

  • visitors-traffic-real-time-statistics/trunk/js/ahcfree_js_scripts.js

    r3330557 r3466230  
    405405            </style>
    406406            <div class="traffic-header-enhanced">
    407                 <div class="page-title">${pageTitle}</div>
     407                <div class="page-title"></div>
    408408                <div class="hits">${hits.toLocaleString()} hits</div>
    409409            </div>
     
    417417            // Update modal content and title
    418418            jQuery('#TrafficStatsModal .modal-body').html(headerHtml);
     419            jQuery('#TrafficStatsModal .modal-body').html(headerHtml);
     420            jQuery('#TrafficStatsModal .modal-body .page-title').text(pageTitle);
    419421            jQuery('#TrafficStatsModal .modal-title').text('Page Statistics: ' + pageTitle);
    420422

  • visitors-traffic-real-time-statistics/trunk/readme.txt

    r3450908 r3466230  
    33Tags: visitor, traffic, statistics, stats analytics, hits counter
    44Requires at least: 3.0.1
    5 Tested up to: 6.9
    6 Stable tag: 8.4
     5Tested up to: 6.9.1
     6Stable tag: 8.5
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    184184== Changelog ==
    185185
     186= 8.5 =
     1871. Prevent Stored XSS in visitor tracking
     1882. Prevent XSS when displaying page titles in the admin
     1893. Use safe text for DataTable content
     1904. Improved wp-cron cleanup (performance)
     1915. Safer DB Cleanup (DELETE by batch)
     1927. Bot Filtering (Reduce Monitoring Overhead)
     193
    186194= 8.4 =
    187195
Note: See TracChangeset for help on using the changeset viewer.