news, release, security, wassup - 17:31 - 2 September 2009

WassUp 1.7.2

Thanks a lot to Helene who did a wonderful job, now here is the new WassUp version tagged 1.7.2.

There are a lot of changes and some new languages added (thank guys! we have reached 25 language translations almost complete, you rock!).

Download WassUp Version 1.7.2

ChangeLog 1.7.2:

=============================

New features and improvements:

=============================

1) Updated Visitor Detail (Latest Hits) screen interface options:

-Extended the automatic timer and ticker to include a pause/restart

toggle option that is triggered when the mouse is clicked on the

countdown numbers.

-Modified the searchbox to restrict initial search parameters to the

current date range, not reset it to the last 24 hours.

2) Optimized how WassUp plugin functions are loaded into WordPress:

-Added a new function, “wassup_loader()”, to conditionally load WassUp

functions into WordPress so that only needed hooks are added. This

also fixes a sporadic activation error bug that appeared in some

WordPress 2.8+ configurations.

-Removed the standalone hooks for “wassupAppend” and “wassup_init”

and put them inside the “wassupPrepend()” function so that these

functions are “hooked” into WordPress only after “wassupPrepend”

determines that they are needed. This also makes it possible to pass

command-line arguments like “$cookie_value” and “$screen_res” to

these functions.

3) Modified WassUp variables and functions for consistency and to avoid

potential conflicts with other plugins:

-Renamed global “$version” variable to “$wassupversion” to avoid

potential name conflicts.

-Renamed “$siteurl” variable to “$blogurl” to avoid mixups between

WordPress admin url and the blog url because the term, “siteurl”,

is commonly used (incorrectly, IMHO) to refer to the url address of

wordpress admin files. I also made “$blogurl” a global variable.

-Renamed “createTable()” and “updateTable()” functions to

“wCreateTable()” and “wUpdateTable()” to avoid potential name

conflicts with other plugins.

4) Updated how WassUp creates and updates it’s tables after activation:

-Changed “wCreateTable()” to insert an initial “welcome to Wassup”

record in the new table when it creates it.

-Consolidated tests for default charset inclusion in the table

create/update statement into a single test command.

-Added DB_CHARSET existence to the test for charset inclusion.

-Removed the index (username,ip) from the create/update statement

because this caused a language display problem for non-romanic

languages in some WordPress configurations.

?(where table charset !== database charset)?

-Modified “wUpdateTable()” function to call “wCreateTable()” (and

‘dbDelta’ function) when updating table structure. This ensures that

the upgraded WassUp table will always have the same structure as new

installs. Previous statements that changed individual fields and

indices have been removed or commented out of “wUpdateTable()”.

5) Improved search engine lookups in “wGetSE()” and “seReferer()”:

-Added Bing to list of search engines in “wGetSE()”.

-Fixed redundant lookup of search engine data in “seReferer()” when

the data was already found in “wGetSE()”.

-Added a “break” command to terminate search engine comparison loop

instead of using “return”. This allows a page number lookup to be

done prior to function exit (return).

-Added a test to omit internal referrers from search engine lookups.

6) Changed “wassupAppend()” duplicate test to include userAgent in the

test so that page requests from a browser add-ons such as a feedreader

is not counted as a duplicate of an online page request.

7) Updated visitor screen resolution cookie and query parameter, ‘wscr’,

and added a javascript timer and function to automatically reload the

current page when a visitor has been online for 40 seconds so that

both cookie and ‘wscr’ can be seen and recorded by

“wassUpAppend()/wassupPrepend()”.

8) Updated “WassUp Options: Manage Files&Database” form and data:

-Added more WordPress/PHP/MySQL configuration settings to the list.

-Modified configuration settings in html to be an “unordered”

list (<ul><li>) instead of a series of paragraphs (<p>).

9) Added two new Wassup settings to WordPress options:

-”wassup_engine” is Wassup’s MySQL table engine type and is used to

avoid engine-related syntax errors in MySQL (ie. insert delayed).

-”wassup_table” contains the name of wassup’s table and is used to

set the variables “$table_name” and “$table_tmp_name”.

10) Added more security and sanitizing of table and forms to protect

against sql and script injection attacks:

-Wrote a new function, “wCleanURL()” in ‘main.php’ to replace

“clean_url” calls and sanitize URLS with either “clean_url()” or

“esc_url()” (WP 2.8+), depending on WordPress version.

-Added more checks to block script injections attempts disguised as

wassup query/form parameters.

11) Modified how WassUp data backup/export handles errors and sends data:

-Saved “backup_table()” errors messages in options variable

$wassup_options->wassup_alert_msg and displayed them after

“export_wassup()” terminates instead of echoing them to the screen

in middle of export.

-Replaced ‘print $sql;’ statement in “backup_table()” with a

‘return $sql;’ statement so that output is handled by the calling

function, “export_wassup()”, instead.

12) Internationalized Wassup 2.7+ dashboard widget function.

13) Improved “wGetStats()” statistics in ‘main.php’:

-Added “urlrequested” to the type of statistics output.

-Made stats results case insensitive in MySQL queries.

14) Improved “top 10″ stats output and tightened security in ‘action.php’:

-Replaced the inflexible ‘limit 10′ condition in ‘top ten’ stats with

a limit variable “$stat_limit”. Currently $stat_limit=10 but this may

be changeable by users in upcoming revisions.

-Replaced separate “urlrequested” stats query with a call to

“wGetStats()” function.

-[404] urls are no longer shown as links.

-If top 10 results count is less than 10, blank <li> statements are

padded to the output for styling consistency.

-Added a test for ‘wp-config.php’ in WordPress’ parent directory

when it is not found in the install directory (re Wassup forum post).

15) Renamed the “cache_check()” function to “wassup_foot()” to avoid

name conflicts with other plugins. Also place footer content inside a

single paragraph surrounded by html comment tags ‘<!–’ and ‘–>’ to

fix a css/float bug that showed up in some theme templates.

16) Updated “uadetector” class in ‘uadetector.class.php’ module to detect

more browsers, spiders and mobile user agents, operating systems, and

screen resolution.

17) Added more comments to code including new PHPDocumenter-style comments

ex: (/**, @package, @subpackage)

-Added a disclaimer in plugin comment and in “readme.txt” file.

-Added a requirement of WordPress 2.2 or higher in plugin description.

-Added a note about incompatibility with “Super-cache” plugin in

“readme.txt” usage section.

18) Wrote a new function, ‘microtime_float()’, to output microtime as a

float value, similar to PHP 5′s microtime(true). This is used in

WassUp timer and in the PHP profiler module (see below).

19) In Wassup development copy (unreleased), added a PHP profiler module,

‘profiler.php’ to /lib directory and included the profiler in Wassup

code when in debug mode.  This PHP profiler identifies potential code

bottlenecks that slows down WassUp.

========================

Bugs and security fixes:

========================

1) Fixed a bug in ‘main.php’ “wGetStats()” function that caused an error

whenever there are no stats to print.

2) Fixed a bug in “wassupAppend()” that caused all spam check (referrer,

previous spam) to be disabled whenever Akismet spam check was

disabled.

3) Fixed a bug in “wGetSE()” where the locale “SK” was incorrectly

appended to a search engine whenever the search domain was not in the

array of “known” search engines.

4) In “wGetLocale()” function, renamed language codes: Ko to Kr,

Da to Dk, Ur to In, and both He and Iw to Il so that they match

country codes that have an associated flag image. (Closes ticket #85)

5) Removed the index “(username,ip)” from WassUp’s table structure to fix

a language display problem in some non-romanic languages.

6) Fixed bug in Visitor detail/latest hits that caused [expand all]

and [collapse chronology] button options not to be printed when

“items-per-page” was set to an amount different from 10 or 20. (Closes

ticket #97)

7) Fixed WassUp script execution vulnerability by escaping code lines

that included “html_entity_decode” and “urldecode”. Used

“attribute_escape” as the escape function.

8) Fixed a bug in “wassup_foot()” function (formerly “cache_check”) that

caused the wassup footer line to be split up by span/div floats in

some theme templates.

9) Replaced “eregi” and “eregi_replace” functions with “stristr”,

“str_replace” or “preg_replace” because all PHP POSIX regex functions

are deprecated since PHP 5.3 and deleted since PHP 6.

For details, see http://www.php.net/manual/en/function.ereg.php

=============================
New features and improvements:
=============================
1) Updated Visitor Detail (Latest Hits) screen interface options:
-Extended the automatic timer and ticker to include a pause/restart
toggle option that is triggered when the mouse is clicked on the
countdown numbers.
-Modified the searchbox to restrict initial search parameters to the
current date range, not reset it to the last 24 hours.
File(s): wassup.php, wassup.css, lib/main.php.
2) Optimized how WassUp plugin functions are loaded into WordPress:
-Added a new function, “wassup_loader()”, to conditionally load WassUp
functions into WordPress so that only needed hooks are added. This
also fixes a sporadic activation error bug that appeared in some
WordPress 2.8+ configurations.
-Removed the standalone hooks for “wassupAppend” and “wassup_init”
and put them inside the “wassupPrepend()” function so that these
functions are “hooked” into WordPress only after “wassupPrepend”
determines that they are needed. This also makes it possible to pass
command-line arguments like “$cookie_value” and “$screen_res” to
these functions.
File(s): wassup.php
3) Modified WassUp variables and functions for consistency and to avoid
potential conflicts with other plugins:
-Renamed global “$version” variable to “$wassupversion” to avoid
potential name conflicts.
-Renamed “$siteurl” variable to “$blogurl” to avoid mixups between
WordPress admin url and the blog url because the term, “siteurl”,
is commonly used (incorrectly, IMHO) to refer to the url address of
wordpress admin files. I also made “$blogurl” a global variable.
-Renamed “createTable()” and “updateTable()” functions to
“wCreateTable()” and “wUpdateTable()” to avoid potential name
conflicts with other plugins.
File(s): wassup.php, lib/main.php, lib/settings.php,
lib/wassup.class.php
4) Updated how WassUp creates and updates it’s tables after activation:
-Changed “wCreateTable()” to insert an initial “welcome to Wassup”
record in the new table when it creates it.
-Consolidated tests for default charset inclusion in the table
create/update statement into a single test command.
-Added DB_CHARSET existence to the test for charset inclusion.
-Removed the index (username,ip) from the create/update statement
because this caused a language display problem for non-romanic
languages in some WordPress configurations.
?(where table charset !== database charset)?
-Modified “wUpdateTable()” function to call “wCreateTable()” (and
‘dbDelta’ function) when updating table structure. This ensures that
the upgraded WassUp table will always have the same structure as new
installs. Previous statements that changed individual fields and
indices have been removed or commented out of “wUpdateTable()”.
File(s): wassup.php
5) Improved search engine lookups in “wGetSE()” and “seReferer()”:
-Added Bing to list of search engines in “wGetSE()”.
-Fixed redundant lookup of search engine data in “seReferer()” when
the data was already found in “wGetSE()”.
-Added a “break” command to terminate search engine comparison loop
instead of using “return”. This allows a page number lookup to be
done prior to function exit (return).
-Added a test to omit internal referrers from search engine lookups.
File(s): wassup.php
6) Changed “wassupAppend()” duplicate test to include userAgent in the
test so that page requests from a browser add-ons such as a feedreader
is not counted as a duplicate of an online page request.
File(s): wassup.php
7) Updated visitor screen resolution cookie and query parameter, ‘wscr’,
and added a javascript timer and function to automatically reload the
current page when a visitor has been online for 40 seconds so that
both cookie and ‘wscr’ can be seen and recorded by
“wassUpAppend()/wassupPrepend()”.
File(s): wassup.php
8) Updated “WassUp Options: Manage Files&Database” form and data:
-Added more WordPress/PHP/MySQL configuration settings to the list.
-Modified configuration settings in html to be an “unordered”
list (<ul><li>) instead of a series of paragraphs (<p>).
File(s): wassup.css, lib/settings.php
9) Added two new Wassup settings to WordPress options:
-”wassup_engine” is Wassup’s MySQL table engine type and is used to
avoid engine-related syntax errors in MySQL (ie. insert delayed).
-”wassup_table” contains the name of wassup’s table and is used to
set the variables “$table_name” and “$table_tmp_name”.
File(s): wassup.php, lib/main.php, lib/wassup.class.php
10) Added more security and sanitizing of table and forms to protect
against sql and script injection attacks:
-Wrote a new function, “wCleanURL()” in ‘main.php’ to replace
“clean_url” calls and sanitize URLS with either “clean_url()” or
“esc_url()” (WP 2.8+), depending on WordPress version.
-Added more checks to block script injections attempts disguised as
wassup query/form parameters.
File(s): wassup.php, lib/main.php, lib/action.php
11) Modified how WassUp data backup/export handles errors and sends data:
-Saved “backup_table()” errors messages in options variable
$wassup_options->wassup_alert_msg and displayed them after
“export_wassup()” terminates instead of echoing them to the screen
in middle of export.
-Replaced ‘print $sql;’ statement in “backup_table()” with a
‘return $sql;’ statement so that output is handled by the calling
function, “export_wassup()”, instead.
File(s): wassup.php, lib/settings.php
12) Internationalized Wassup 2.7+ dashboard widget function.
File(s): wassup.php
13) Improved “wGetStats()” statistics in ‘main.php’:
-Added “urlrequested” to the type of statistics output.
-Made stats results case insensitive in MySQL queries.
File(s): wassup.php, lib/main.php, lib/action.php
14) Improved “top 10″ stats output and tightened security in ‘action.php’:
-Replaced the inflexible ‘limit 10′ condition in ‘top ten’ stats with
a limit variable “$stat_limit”. Currently $stat_limit=10 but this may
be changeable by users in upcoming revisions.
-Replaced separate “urlrequested” stats query with a call to
“wGetStats()” function.
-[404] urls are no longer shown as links.
-If top 10 results count is less than 10, blank <li> statements are
padded to the output for styling consistency.
-Added a test for ‘wp-config.php’ in WordPress’ parent directory
when it is not found in the install directory (re Wassup forum post).
Files(s): lib/action.php.
15) Renamed the “cache_check()” function to “wassup_foot()” to avoid
name conflicts with other plugins. Also place footer content inside a
single paragraph surrounded by html comment tags ‘<!–’ and ‘–>’ to
fix a css/float bug that showed up in some theme templates.
Files(s): wassup.php
16) Updated “uadetector” class in ‘uadetector.class.php’ module to detect
more browsers, spiders and mobile user agents, operating systems, and
screen resolution.
Files: lib/uadetector.class.php.
17) Added more comments to code including new PHPDocumenter-style comments
ex: (/**, @package, @subpackage)
-Added a disclaimer in plugin comment and in “readme.txt” file.
-Added a requirement of WordPress 2.2 or higher in plugin description.
-Added a note about incompatibility with “Super-cache” plugin in
“readme.txt” usage section.
Files(s): wassup.php, readme.txt, et al.
18) Wrote a new function, ‘microtime_float()’, to output microtime as a
float value, similar to PHP 5′s microtime(true). This is used in
WassUp timer and in the PHP profiler module (see below).
Files(s): wassup.php, lib/profiler.php.
19) In Wassup development copy (unreleased), added a PHP profiler module,
‘profiler.php’ to /lib directory and included the profiler in Wassup
code when in debug mode.  This PHP profiler identifies potential code
bottlenecks that slows down WassUp.
Files(s): all, lib/profiler.php
========================
Bugs and security fixes:
========================
1) Fixed a bug in ‘main.php’ “wGetStats()” function that caused an error
whenever there are no stats to print.
2) Fixed a bug in “wassupAppend()” that caused all spam check (referrer,
previous spam) to be disabled whenever Akismet spam check was
disabled.
3) Fixed a bug in “wGetSE()” where the locale “SK” was incorrectly
appended to a search engine whenever the search domain was not in the
array of “known” search engines.
4) In “wGetLocale()” function, renamed language codes: Ko to Kr,
Da to Dk, Ur to In, and both He and Iw to Il so that they match
country codes that have an associated flag image. (Closes ticket #85)
5) Removed the index “(username,ip)” from WassUp’s table structure to fix
a language display problem in some non-romanic languages.
6) Fixed bug in Visitor detail/latest hits that caused [expand all]
and [collapse chronology] button options not to be printed when
“items-per-page” was set to an amount different from 10 or 20. (Closes
ticket #97)
7) Fixed WassUp script execution vulnerability by escaping code lines
that included “html_entity_decode” and “urldecode”. Used
“attribute_escape” as the escape function.
8) Fixed a bug in “wassup_foot()” function (formerly “cache_check”) that
caused the wassup footer line to be split up by span/div floats in
some theme templates.
9) Replaced “eregi” and “eregi_replace” functions with “stristr”,
“str_replace” or “preg_replace” because all PHP POSIX regex functions
are deprecated since PHP 5.3 and deleted since PHP 6.
For details, see http://www.php.net/manual/en/function.ereg.p

News & Updates