Release new version 2.2.1

= 2.2.1 - 2019/12/17 =
* This maintenance release has a full code security review plus compatibility with WordPress 5.3.1
* Tweak - Remove the hard coded PHP error_reporting display errors false from compile sass to css
* Tweak - Test for compatibility with WordPress 5.3.1
* Dev - Replace file_get_contents with HTTP API wp_remote_get
* Dev - Ensure that all inputs are sanitized and all outputs are escaped

Author: alextuan

.gitattributes

@@ -6,6 +6,7 @@
 /package-lock.json export-ignore
 /package.json export-ignore
 /README.md export-ignore
+/prettier.config.js export-ignore
 /.vscode/ export-ignore
 /node_modules/ export-ignore
 /composer.* export-ignore

admin/admin-init.php

@@ -187,7 +187,7 @@ public function admin_settings_page( $page_data = array() ) {
 
 	    ?>
         <div class="wrap">
-            <div class="icon32 icon32-a3rev-ui-settings icon32-a3rev<?php echo $current_page; ?>" id="icon32-a3rev<?php echo $current_page; ?>"><br /></div>
+            <div class="icon32 icon32-a3rev-ui-settings icon32-a3rev<?php echo esc_attr( $current_page ); ?>" id="icon32-a3rev<?php echo esc_attr( $current_page ); ?>"><br /></div>
             <?php
 				$tabs = apply_filters( $this->plugin_name . '-' . $current_page . '_settings_tabs_array', array() );
 
@@ -299,7 +299,7 @@ public function admin_settings_tab( $current_page = '', $tab_data = array()  ) {
         <?php
 			foreach ( $subtabs as $subtab ) {
 		?>
-        	<div class="section" id="<?php echo trim( $subtab['name'] ); ?>">
+        	<div class="section" id="<?php echo trim( esc_attr( $subtab['name'] ) ); ?>">
             <?php if ( isset( $subtab['callback_function'] ) && !empty( $subtab['callback_function'] ) ) call_user_func( $subtab['callback_function'] ); ?>
             </div>
         <?php

admin/admin-interface.php

@@ -31,7 +31,7 @@ class WP_PVC_Admin_UI
 	 * You must change to correct plugin name that you are working
 	 */
 
-	public $framework_version      = '2.1.0';
+	public $framework_version      = '2.2.0';
 	public $plugin_name            = A3_PVC_KEY;
 	public $plugin_path            = A3_PVC_PLUGIN_NAME;
 	public $google_api_key_option  = '';
@@ -173,7 +173,7 @@ public function update_google_map_api_key() {
 
 			update_option( $this->google_map_api_key_option . '_enable', 1 );
 
-			$option_value = trim( $_POST[ $this->google_map_api_key_option ] );
+			$option_value = trim( sanitize_text_field( $_POST[ $this->google_map_api_key_option ] ) );
 
 			$old_google_map_api_key_option = get_option( $this->google_map_api_key_option );
 
@@ -191,7 +191,7 @@ public function update_google_map_api_key() {
 
 			update_option( $this->google_map_api_key_option . '_enable', 0 );
 
-			$option_value = trim( $_POST[ $this->google_map_api_key_option ] );
+			$option_value = trim( sanitize_text_field( $_POST[ $this->google_map_api_key_option ] ) );
 			update_option( $this->google_map_api_key_option, $option_value );
 
 			if ( 0 != $old_google_map_api_key_enable ) {

admin/admin-ui.php

@@ -368,7 +368,7 @@ public function __construct() {
 
 			update_option( $this->google_api_key_option . '_enable', 1 );
 
-			$option_value = trim( $_POST[ $this->google_api_key_option ] );
+			$option_value = trim( sanitize_text_field( $_POST[ $this->google_api_key_option ] ) );
 
 			$old_google_api_key_option = get_option( $this->google_api_key_option );
 
@@ -386,7 +386,7 @@ public function __construct() {
 
 			update_option( $this->google_api_key_option . '_enable', 0 );
 
-			$option_value = trim( $_POST[ $this->google_api_key_option ] );
+			$option_value = trim( sanitize_text_field( $_POST[ $this->google_api_key_option ] ) );
 			update_option( $this->google_api_key_option, $option_value );
 
 			if ( 0 != $old_google_api_key_enable ) {
@@ -465,8 +465,9 @@ public function is_valid_google_api_key( $cache=true ) {
 
 				// Get font list from default webfonts.json file of plugin
 				if ( 'invalid' == $google_api_key_status && file_exists( $this->admin_plugin_dir() . '/assets/webfonts/webfonts.json' ) ) {
-					$webfonts  = file_get_contents( $this->admin_plugin_dir() . '/assets/webfonts/webfonts.json' );
-					if ( false != $webfonts ) {
+					$response = wp_remote_get( $this->admin_plugin_url() . '/assets/webfonts/webfonts.json', array( 'timeout' => 120 ) );
+					$webfonts = wp_remote_retrieve_body( $response );
+					if ( ! empty( $webfonts ) ) {
 						$json_string = get_magic_quotes_gpc() ? stripslashes( $webfonts ) : $webfonts;
 						$response_fonts = json_decode( $json_string, true );
 					}
@@ -518,8 +519,9 @@ public function is_valid_google_api_key( $cache=true ) {
 
 				// Get font list from default webfonts.json file of plugin
 				if ( file_exists( $this->admin_plugin_dir() . '/assets/webfonts/webfonts.json' ) ) {
-					$webfonts  = file_get_contents( $this->admin_plugin_dir() . '/assets/webfonts/webfonts.json' );
-					if ( false != $webfonts ) {
+					$response = wp_remote_get( $this->admin_plugin_url() . '/assets/webfonts/webfonts.json', array( 'timeout' => 120 ) );
+					$webfonts = wp_remote_retrieve_body( $response );
+					if ( ! empty( $webfonts ) ) {
 						$json_string = get_magic_quotes_gpc() ? stripslashes( $webfonts ) : $webfonts;
 						$response_fonts = json_decode( $json_string, true );
 					}

admin/includes/fonts_face.php

@@ -71,7 +71,6 @@ public function plugin_compile_less_mincss( $sass, $css_file_name = '' )
 
         global $wp_filesystem;
 
-		@ini_set( 'display_errors', false );
         $_upload_dir = wp_upload_dir();
         $wp_filesystem->chmod($_upload_dir['basedir'], 0755);
         if (! $wp_filesystem->is_dir($_upload_dir['basedir'] . '/sass')) {

admin/less/sass.php

@@ -2,9 +2,9 @@
 /*
 Plugin Name: Page Views Count
 Description: Show front end users all time views and views today on posts, pages, index pages and custom post types with the Page Views Count Plugin. Use the Page Views Count function to add page views to any content type or object created by your theme or plugins.
-Version: 2.2.0
+Version: 2.2.1
 Requires at least: 4.6
-Tested up to: 5.2.3
+Tested up to: 5.3.1
 Author: a3rev Software
 Author URI: https://a3rev.com
 Text Domain: page-views-count
@@ -22,7 +22,7 @@
 define('A3_PVC_IMAGES_URL', A3_PVC_URL . '/assets/images');
 
 define( 'A3_PVC_KEY', 'a3_page_view_count' );
-define( 'A3_PVC_VERSION', '2.2.0' );
+define( 'A3_PVC_VERSION', '2.2.1' );
 define( 'A3_PVC_G_FONTS', false );
 
 if ( version_compare( PHP_VERSION, '5.6.0', '>=' ) ) {
@@ -95,5 +95,3 @@ function pvc_check_exclude( $postid = 0 ) {
 		return true;
 	}
 }
-
-?>

page-views-count.php

@@ -2,8 +2,8 @@
 Contributors: a3rev, a3rev Software, nguyencongtuan
 Tags: wordpress page view, page view count , post views, post view count, gutenberg
 Requires at least: 4.6
-Tested up to: 5.2.3
-Stable tag: 2.2.0
+Tested up to: 5.3.1
+Stable tag: 2.2.1
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -98,6 +98,13 @@ The manual installation method involves down loading our plugin and uploading it
 
 == Changelog ==
 
+= 2.2.1 - 2019/12/17 =
+* This maintenance release has a full code security review plus compatibility with WordPress 5.3.1
+* Tweak - Remove the hard coded PHP error_reporting display errors false from compile sass to css
+* Tweak - Test for compatibility with WordPress 5.3.1
+* Dev - Replace file_get_contents with HTTP API wp_remote_get
+* Dev - Ensure that all inputs are sanitized and all outputs are escaped
+
 = 2.2.0 - 2019/09/12 =
 * This feature upgrade is a full refactor of the plugins PHP to PHP dependency manager Composer with autoloading.
 * Feature - Plugin fully refactored to Composer for cleaner code and faster PHP code
@@ -110,10 +117,10 @@ The manual installation method involves down loading our plugin and uploading it
 * This is a maintenance upgrade to fix a potentially fatal error conflict with sites running PHP 7.3 plus compatibility with WordPress 5.2.2
 * Fix - PHP warning continue targeting switch is equivalent to break for compatibility on PHP 7.3
 
-= 2.1.1 � 2018/12/17 =
+= 2.1.1 - 2018/12/17 =
 * This is a maintenance update for WordPress version 5.0.2 and PHP 7.3 compatibility. 
-* Framework � Update to use WordPress ESLint rules 
-* Framework � Test and update for compatibility with PHP 7.3
+* Framework - Update to use WordPress ESLint rules 
+* Framework - Test and update for compatibility with PHP 7.3
 * Tweak - Test for compatibility with WordPress 
 
 = 2.1.0 - 2018/12/14 =

readme.txt

@@ -150,13 +150,11 @@ public function save( $post_id ) {
 
 		// Manual change Total Views and Today Views
 		if ( isset( $_POST['a3_pvc_total_views'] ) && isset( $_POST['a3_pvc_today_views'] ) ) {
-			$total_views = trim( $_POST['a3_pvc_total_views'] );
-			$today_views = trim( $_POST['a3_pvc_today_views'] );
+			$total_views = absint( trim( $_POST['a3_pvc_total_views'] ) );
+			$today_views = absint( trim( $_POST['a3_pvc_today_views'] ) );
 
 			A3_PVC::pvc_stats_manual_update( $post_id, $total_views, $today_views );
 		}
 	}
 
 }
-
-?>

src/metabox/class-pvc-metabox.php

@@ -476,4 +476,3 @@ public static function plugin_extra_links($links, $plugin_name) {
 		return $links;
 	}
 }
-?>