stklcode/statify-blacklist
stklcode/statify-blacklist
1
0
Fork 0
Code Issues Actions Releases 21 Activity

Nonce verified; capabilities checked; input sanitized

Browse Source
This commit is contained in:
Stefan Kalscheuer 2016-08-16 08:22:37 +02:00
parent 949bf9d26f
commit aba620277a
6 changed files with 134 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -2,7 +2,7 @@
* Contributors: Stefan Kalscheuer * Contributors: Stefan Kalscheuer
* Requires at least: 3.9 * Requires at least: 3.9
* Tested up to: 4.5.3 * Tested up to: 4.5.3
* Stable tag: 1.1.0 * Stable tag: 1.1.1
* License: GPLv3 or later * License: GPLv3 or later
* License URI: https://www.gnu.org/licenses/gpl-3.0.html * License URI: https://www.gnu.org/licenses/gpl-3.0.html
@ -12,31 +12,39 @@ A blacklist extension for the famous [Statify](http://statify.de) Wordpress plug
This plugin adds customizable blacklist to Statify to allow blocking of referer spam or internal interactions. This plugin adds customizable blacklist to Statify to allow blocking of referer spam or internal interactions.
### Current Features ## ### Current Features ##
####Referer Blacklist #### Referer Blacklist ####
Add a list of domains (for simplicity onl second-level, e.g. _example.com_ which blocks _everything.example.com_). Add a list of domains (for simplicity onl second-level, e.g. _example.com_ which blocks _everything.example.com_).
#### CleanUp Database #### CleanUp Database ####
Filters can be applied to data stored in database after modifying filter rules or for one-time clean-up. Filters can be applied to data stored in database after modifying filter rules or for one-time clean-up.
#### Compatibility ####
### Compatibility ###
This plugin requires Statify to be installed. The extension has been tested with Statify 1.4.2 This plugin requires Statify to be installed. The extension has been tested with Statify 1.4.2
The plugin is capable of handling multisite installations. The plugin is capable of handling multisite installations.
### Credits ### ### Credits ###
* Author: Stefan Kalscheuer * Author: Stefan Kalscheuer
* Special Thanks to [pluginkollektiv](http://pluginkollektiv.org/) for maintaining _Statify_
## Installation ## ## Installation ##
* If you dont know how to install a plugin for WordPress, [heres how](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins). * If you dont know how to install a plugin for WordPress, [heres how](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins).
* Make sure _Statify_ plugin is installed and active
* Goto _Settings_ -> _Statify Blacklist_ to configure the plugin
### Requirements ### ### Requirements ###
* PHP 5.2.4 * PHP 5.2.4
* WordPress 3.9 * WordPress 3.9
* Statify plugin installed and activated (tested with 1.4.2) * Statify plugin installed and activated (tested up to 1.4.3)
## Changelog ## Screenshots ##
#### 1.1.0 / 15.08.2016 1. Statify Blacklist settings page
## Changelog ##
### 1.1.1 / 16.08.2016 ###
* Some security fixes
### 1.1.0 / 15.08.2016 ###
* One-time execution on database * One-time execution on database
#### 1.0.0 / 14.08.2016 ### 1.0.0 / 14.08.2016 ###
* First release * First release

10
inc/statifyblacklist.class.php
View File

@ -79,15 +79,9 @@ class StatifyBlacklist
* Update options * Update options
* *
* @since 1.0.0 * @since 1.0.0
* @changed 1.1.1
*/ */
public static function update_options($options = null) { public static function update_options() {
if (isset($options)) {
if ((is_multisite() && array_key_exists(STATIFYBLACKLIST_BASE, (array)get_site_option('active_sitewide_plugins'))))
update_site_option('statify-blacklist', $options);
else
update_option('statify-blacklist', $options);
}
self::$_options = wp_parse_args( self::$_options = wp_parse_args(
get_option('statify-blacklist'), get_option('statify-blacklist'),
array( array(

68
inc/statifyblacklist_admin.class.php
View File

@ -1,5 +1,8 @@
<?php <?php
/* Quit */
defined('ABSPATH') OR exit;
/** /**
* Statify Blacklist admin configuration * Statify Blacklist admin configuration
* *
@ -7,6 +10,36 @@
*/ */
class StatifyBlacklist_Admin extends StatifyBlacklist class StatifyBlacklist_Admin extends StatifyBlacklist
{ {
/**
* Update options
*
* @return mixed array of sanitized array on errors, FALSE if there were none
* @since 1.1.1
*/
public static function update_options($options) {
if (isset($options) && current_user_can('manage_options')) {
/* Sanitize URLs and remove empty inputs */
$givenReferer = $options['referer'];
$sanitizedReferer = self::sanitizeURLs($givenReferer);
/* Abort on errors */
if (!empty(array_diff($givenReferer, $sanitizedReferer))) {
return $sanitizedReferer;
}
/* Update database on success */
if ((is_multisite() && array_key_exists(STATIFYBLACKLIST_BASE, (array)get_site_option('active_sitewide_plugins'))))
update_site_option('statify-blacklist', $options);
else
update_option('statify-blacklist', $options);
}
/* Refresh options */
parent::update_options();
return false;
}
/** /**
* Add configuration page to admin menu * Add configuration page to admin menu
* *
@ -65,20 +98,47 @@ class StatifyBlacklist_Admin extends StatifyBlacklist
* Filter database for cleanup. * Filter database for cleanup.
* *
* @since 1.1.0 * @since 1.1.0
* @changed 1.1.1
*/ */
public static function cleanup_database() { public static function cleanup_database() {
/* Check user permissions */
if (!current_user_can('manage_options'))
die(_e('Are you sure you want to do this?'));
global $wpdb; global $wpdb;
/* Sanitize URLs */
$referer = self::sanitizeURLs(self::$_options['referer']);
/* Build filter regexp */ /* Build filter regexp */
$refererRegexp = str_replace('.', '\.', implode('|', self::$_options['referer'])); $refererRegexp = str_replace('.', '\.', implode('|', $referer));
if (!empty($refererRegexp)) { if (!empty($refererRegexp)) {
/* Execute filter on database */ /* Execute filter on database */
$wpdb->query( $wpdb->query(
$wpdb->prepare("DELETE FROM `$wpdb->statify` WHERE referrer REGEXP %s", $refererRegexp) $wpdb->prepare("DELETE FROM `$wpdb->statify` WHERE referrer REGEXP %s", $refererRegexp)
); );
}
/* Optimize DB */ /* Optimize DB */
$wpdb->query("OPTIMIZE TABLE `$wpdb->statify`"); $wpdb->query("OPTIMIZE TABLE `$wpdb->statify`");
}
}
/**
* Sanitize URLs and remove empty results
* @param $urls array given array of URLs
* @return array sanitized array
*
* @since 1.1.1
*/
private static function sanitizeURLs($urls) {
return array_filter(
array_map(
function($r) {
return preg_replace('/[^\da-z\.-]/i', '', filter_var($r, FILTER_SANITIZE_URL));
},
$urls
)
);
} }
} }

35
readme.txt
View File

@ -1,35 +0,0 @@
=== Statify Blacklist ===
Contributors: Stefan Kalscheuer
Tags: stats, extension, blacklist, filter
Requires at least: 3.9
Tested up to: 4.5.3
Stable tag: trunk
License: GPLv3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html
Extension for the Statify statistics plugin. Provides a customizable referer blacklist.
== Description ==
A blacklist extension for the famous [Statify](http://statify.de) Wordpress plugin.
This plugin adds customizable blacklist to Statify to allow blocking of referer spam or internal interactions.
== Requirements ==
* PHP 5.2.4
* WordPress 3.9
* Statify plugin (tested with 1.4.2)
== Installation ==
1. Upload the plugin files to the `/wp-content/plugins/statify-blacklist` directory, or install the plugin through the WordPress plugins screen directly.
1. Activate the plugin through the 'Plugins' screen in WordPress
1. Use the Settings->Plugin Name screen to configure the plugin
1. (Make your instructions match the desired user flow for activating and installing your plugin. Include any steps that might be needed for explanatory purposes)
== Changelog ==
= 1.1.0 / 15.08.2016 =
* One-time execution on database
= 1.0.0 / 14.08.2016 =
* First release

4
statifyblacklist.php
View File

@ -4,11 +4,11 @@ Plugin Name: Statify Blacklist
Description: Extension for the statify plugin to add a customizable blacklists. Description: Extension for the statify plugin to add a customizable blacklists.
Text Domain: statify-blacklist Text Domain: statify-blacklist
Domain Path: /lang Domain Path: /lang
Author: stklcode Author: Stefan Kalscheuer
Author URI: https://stklcode.de Author URI: https://stklcode.de
Plugin URI: https://wordpress.org/plugins/statify-blacklist Plugin URI: https://wordpress.org/plugins/statify-blacklist
License: GPLv3 or later License: GPLv3 or later
Version: 1.1.0 Version: 1.1.1
*/ */
/* Quit */ /* Quit */

54
views/settings_page.php
View File

@ -1,17 +1,40 @@
<?php <?php
/* Quit */
defined('ABSPATH') OR exit;
/* Update plugin options */ /* Update plugin options */
if ( !empty($_POST['statifyblacklist']) ) { if ( !empty($_POST['statifyblacklist']) ) {
/* Verify nonce */
check_admin_referer( 'statify-blacklist-settings' );
/* Check user capabilities */
if (!current_user_can('manage_options')) {
die(_e('Are you sure you want to do this?'));
}
if (!empty($_POST['cleanUp'])) { if (!empty($_POST['cleanUp'])) {
/* CleanUp DB */ /* CleanUp DB */
StatifyBlacklist_Admin::cleanup_database(); StatifyBlacklist_Admin::cleanup_database();
} else { } else {
StatifyBlacklist::update_options( /* Extract referer array */
if (empty(trim($_POST['statifyblacklist']['referer']))) $referer = array();
else $referer = explode("\r\n", $_POST['statifyblacklist']['referer']);
/* Update options (data will be sanitized) */
$statifyBlacklistUpdateResult= StatifyBlacklist_Admin::update_options(
array( array(
'active_referer' => (int)@$_POST['statifyblacklist']['active_referer'], 'active_referer' => (int)@$_POST['statifyblacklist']['active_referer'],
'referer' => explode("\r\n", $_POST['statifyblacklist']['referer']) 'referer' => $referer
) )
); );
/* Generate messages */
if ($statifyBlacklistUpdateResult !== false) {
$statifyBlacklistPostWarning = 'Some URLs are invalid and have been sanitized. Settings have not been saved yet.';
} else {
$statifyBlacklistPostSuccess = 'Settings updated successfully.';
}
} }
} }
@ -19,7 +42,23 @@ if ( !empty($_POST['statifyblacklist']) ) {
<div class="wrap"> <div class="wrap">
<h1><?php _e( 'Statify Blacklist', 'statify-blacklist') ?></h1> <h1><?php _e( 'Statify Blacklist', 'statify-blacklist') ?></h1>
<?php if (is_plugin_inactive('statify/statify.php')) { print '<div class="notice notice-warning"><p>'; esc_html_e('Statify plugin is not active.', 'statify-blacklist'); print '</p></div>'; } ?> <?php
if (is_plugin_inactive('statify/statify.php')) {
print '<div class="notice notice-warning"><p>';
esc_html_e('Statify plugin is not active.', 'statify-blacklist');
print '</p></div>';
}
if (isset($statifyBlacklistPostWarning)) {
print '<div class="notice notice-warning"><p>';
esc_html_e($statifyBlacklistPostWarning);
print '</p></div>';
}
if (isset($statifyBlacklistPostSuccess)) {
print '<div class="notice notice-success"><p>';
esc_html_e($statifyBlacklistPostSuccess);
print '</p></div>';
}
?>
<form action="" method="post" id="statify-blacklist-settings"> <form action="" method="post" id="statify-blacklist-settings">
<ul style="list-style: none;"> <ul style="list-style: none;">
<li> <li>
@ -31,7 +70,12 @@ if ( !empty($_POST['statifyblacklist']) ) {
<li> <li>
<label for="statify-blacklist_referer"> <label for="statify-blacklist_referer">
<?php esc_html_e('Referer blacklist:', 'statify-blacklist'); ?><br /> <?php esc_html_e('Referer blacklist:', 'statify-blacklist'); ?><br />
<textarea cols="40" rows="5" name="statifyblacklist[referer]" id="statify-blacklist_referer"><?php print implode("\r\n", StatifyBlacklist::$_options['referer']); ?></textarea><br /> <textarea cols="40" rows="5" name="statifyblacklist[referer]" id="statify-blacklist_referer"><?php
if (isset($statifyBlacklistUpdateResult) &&$statifyBlacklistUpdateResult !== false)
print esc_html(implode("\r\n", $statifyBlacklistUpdateResult));
else
print esc_html(implode("\r\n", StatifyBlacklist::$_options['referer']));
?></textarea><br />
<small>(<?php esc_html_e('Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist'); ?>)</small> <small>(<?php esc_html_e('Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist'); ?>)</small>
</label> </label>
</li> </li>
@ -44,7 +88,7 @@ if ( !empty($_POST['statifyblacklist']) ) {
<input class="button-secondary" type="submit" name="cleanUp" value="<?php esc_html_e('CleanUp Database', 'statify-blacklist') ?>" <input class="button-secondary" type="submit" name="cleanUp" value="<?php esc_html_e('CleanUp Database', 'statify-blacklist') ?>"
onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');"> onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');">
<br> <br>
<small>(<?php esc_html_e('Applies filter (even if disabled) to data stored in database. This cannot be undone!', 'statify-blacklist'); ?>)</small> <small><?php esc_html_e('Applies filter (even if disabled) to data stored in database. This cannot be undone!', 'statify-blacklist'); ?></small>
</p> </p>
</form> </form>
</div> </div>