v1.9.4.3 release candidate (#7)

Merged PHP7 class updates from v1.9.4.1 into master. Minor text changes.

README.md

@@ -3,8 +3,8 @@ Contributors: michelem, helened
 Donate link:  [donate](https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=michele%40befree%2eit&item_name=WassUp&no_shipping=0&no_note=1&tax=0&currency_code=EUR&lc=IT&bn=PP%2dDonationsBF&charset=UTF%2d8)   
 Tags: analytics, counter, online, seo, statistics, stats, tracker, traffic, trends, user, visitor, web  
 Requires at least: WordPress 2.2  
-Tested up to: 4.8
-Stable tag: 1.9.4.2
+Tested up to: 4.8 
+Stable tag: 1.9.4.3 
 License: GPLv2 or later  
 License URI: http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -154,14 +154,21 @@ When you activate this plugin (as described in "Installation"), it works "as is"
 * WassUp is incompatible with the following static page caching plugins: WP Super Cache, WP Cache, WP Fastest Cache, and WP Hyper Cache.
 
 ## Upgrade Notice
-### 1.9.4.2: Security bugfix
-* Important security bugfix.
+### 1.9.4.3
+* Important PHP7 compatibility upgrade.
 * DO NOT UPGRADE when your site busy!
 * Read [installation instructions](http://wordpress.org/plugins/wassup/installation/) for safe upgrade instructions.
 
 ## Changelog
-### 1.9.4.1
-* Important feature & bugfix upgrade.
+### v1.9.4.3 
+* merged PHP7 compatibility update (from v1.9.4.1) into master
+* minor text changes
+
+### v1.9.4.2 
+* Important security bugfix. Thanks to Dimopoulos Elias for finding this bug.
+
+### v1.9.4.1 
+* updated classes for PHP7-compatible class constructors (not released)
 
 ### v1.9.4: Important feature & bugfix upgrade
 * new option to whitelist referrers that are mislabeled as spam in WassUp (ex: Rx or sexy words in domain name)
@@ -177,7 +184,7 @@ When you activate this plugin (as described in "Installation"), it works "as is"
 * fixed a bug in "stringShortener" function that caused empty results
 * fixed a bug in Top Stats widget that caused blank lines to display
 * fixed some Top Stats widget translations
-* removed Google!maps API key from Wassup source due to Google TOS limitations
+* removed Google!maps API key from Wassup source due to Google's TOS limitations
 * miscellaneous minor bugfixes
 
 ### v1.9.3.1: Important bugfix upgrade
@@ -303,4 +310,3 @@ When you activate this plugin (as described in "Installation"), it works "as is"
 * [Jquery](http://www.jquery.com) for the amazing Ajax framework
 * [FAMFAMFAM](http://www.famfamfam.com/) for the flags icons
 * Thanks to [@AlexandreFiori](http://twitter.com/alexandrefiori) for access to his GeoIP API at [freegeoip.net](http://freegeoip.net)
-* A big thanks to [Helene D.](http://helenesit.com/) for her help to improve WassUp!

lib/akismet.class.php

@@ -88,12 +88,16 @@ class wassup_AkismetHttpClient extends wassup_AkismetObject {
 	var $errors=array();
 
 	/** Constructor */
-	function wassup_AkismetHttpClient($host,$blogUrl,$apiKey,$port=80){
+	function __construct($host,$blogUrl,$apiKey,$port=80){
 		$this->host=$host;
 		$this->port=$port;
 		$this->blogUrl=$blogUrl;
 		$this->apiKey=$apiKey;
 	}
+	/** PHP4 constructor for backward compatibility */
+	function wassup_AkismetHttpClient($host,$blogUrl,$apiKey,$port=80){
+		$this->__construct($host,$blogUrl,$apiKey,$port);
+	}
 	/** Use the connection active in $con to get a response from the server and return that response */
 	function getResponse($request,$path,$type="post",$responseLength=1160){
 		$this->_connect();
@@ -173,7 +177,7 @@ class wassup_Akismet extends wassup_AkismetObject {
 	 * @param  String[] $comment	- A formatted comment array to be examined by the Akismet service
 	 * @return Akismet
 	 */
-	function wassup_Akismet($blogUrl,$apiKey,$comment=array()) {
+	function __construct($blogUrl,$apiKey,$comment=array()) {
 		$this->blogUrl=$blogUrl;
 		$this->apiKey =$apiKey;
 		$this->setComment($comment);
@@ -187,6 +191,10 @@ function wassup_Akismet($blogUrl,$apiKey,$comment=array()) {
 			$this->setError(WASSUP_AKISMET_INVALID_KEY,__("Your Akismet API key is not valid.","wassup"));
 		}
 	}
+	/** PHP4 constructor for backward compatibility */
+	function wassup_Akismet($blogUrl,$apiKey,$comment=array()) {
+		$this->__construct($blogUrl,$apiKey,$comment);
+	}
 	/** Query Akismet server to check if comment is spam or not */
 	function isSpam() {
 		$response=$this->http->getResponse($this->_getQueryString(), 'comment-check');

lib/compat-lib/compat_wassup.class.php

@@ -65,7 +65,7 @@ class wassupOptions {
 	var $wassup_refspam = "1";
 	var $wassup_attack = "1";
 	var $wassup_hack = "1";	
-	var $refspam_whitelist="";	//new in v1.9.4: for incorrectly labeled referrer spam
+	var $refspam_whitelist="";	//for incorrectly labeled referrer spam @since v1.9.4
 
 	/* table/file management settings */
 	var $wassup_table;
@@ -94,17 +94,18 @@ class wassupOptions {
 	var $wassup_upgraded = 0;	//upgrade timestamp @since v1.9
 
 	/**
-	 * PHP4 constructor.
-	 *
+	 * constructor.
 	 * optional argument to set default values for new/empty class vars @since v1.9
 	 * @param boolean $add_defaults 
-	 * @return void
-	 *
 	 */
-	function wassupoptions($add_defaults=false){
+	function __construct($add_defaults=false){
 		if($add_defaults)$this->_initSettings();
 		else $this->loadSettings();
 	}
+	/** PHP4 constructor. */
+	function wassupoptions($add_defaults=false){
+		$this->__construct($add_defaults);
+	}
 	/** loads current settings/initializes empty class vars. */
 	function _initSettings(){
 		$settings=$this->getSettings(true);
@@ -641,7 +642,7 @@ function cleanFormText($input){
 		else $text=strip_tags(html_entity_decode(wp_kses($input,array())));
 		//only alphanumeric chars allowed with few exceptions
 		//since v1.9.3 allow '@' char for email searches
-		//v1.9.4 bugfix: allow '/?&=' chars for url searches
+		//since v1.9.4 allow '/?&=' chars for url searches
 		$cleantext=preg_replace('#([^0-9a-z\-_\.,\:\*\#/&\?=@\'" ]+)#i','',$text);
 		return $cleantext;
 	}
@@ -2083,11 +2084,11 @@ function export_records($table,$start_id,$wherecondition,$dtype="sql"){
 			if(empty($result[0][1]) || is_wp_error($result)){
 				$err_msg=sprintf(__('Error with "SHOW CREATE TABLE" for %s.','wassup'), esc_attr($table));
 				wassup_log_message($err_msg);
-				break;
+			} else {
+				$table_create=$result[0][1];
+				$sql_header="#\n# " . sprintf(__('Table structure of table %s','wassup'),esc_attr($table))."\n#\n";
+				$sql_header .= preg_replace(array('/^CREATE\sTABLE\s(IF\sNOT\sEXISTS\s)?/i', '/AUTO_INCREMENT\=\d+\s/i'),array('CREATE TABLE IF NOT EXISTS ',''),$table_create).' ;';
 			}
-			$table_create=$result[0][1];
-			$sql_header="#\n# " . sprintf(__('Table structure of table %s','wassup'),esc_attr($table))."\n#\n";
-			$sql_header .= preg_replace(array('/^CREATE\sTABLE\s(IF\sNOT\sEXISTS\s)?/i', '/AUTO_INCREMENT\=\d+\s/i'),array('CREATE TABLE IF NOT EXISTS ',''),$table_create).' ;';
 			$sql_header .= "\n#\n# ".sprintf(__('Data contents of table %s','wassup'),esc_attr($table))."\n#\n";
 		}
 		//set starting rec id of export query
@@ -2162,7 +2163,7 @@ function export_records($table,$start_id,$wherecondition,$dtype="sql"){
 					//write sql header
 					fwrite($output,$sql_header);
 					$i=0;
-					//field list for sql-insert 
+					//make a field list for sql-insert statement in output below
 					$sql_fields="INSERT INTO `".esc_attr($table).'` (';
 					foreach($fields AS $col){
 						if(empty($wassup_options->export_omit_recid) || $col != 'id'){
@@ -2535,7 +2536,7 @@ function get_menu_arg(){
 		if(isset($_GET['page'])) $menuarg=$_GET['page'];
 		if(stristr($menuarg,"wassup")!==false){
 			if(isset($_GET['ml'])){
-				$menuarg=$_GET['ml'];
+				$menuarg=htmlspecialchars($_GET['ml']);  //security fix @since v1.9.4.2 - thanks to Dimopoulos Elias for finding this bug
 			}else{
 				$wassupfolder=basename(WASSUPDIR);
 				if($menuarg=="wassup-stats"){