Changeset 2951952

Timestamp:

08/11/2023 05:53:56 AM (3 years ago)

Author:

Dudo

Message:

version 3.4.4

Location:

yet-another-stars-rating/trunk

Files:

• admin/editor/YasrOnSavePost.php (modified) (1 diff)
• docs/yasr_hooks.md (modified) (20 diffs)
• includes/classes/YasrDB.php (modified) (1 diff)
• includes/shortcodes/classes/YasrShortcodesAjax.php (modified) (4 diffs)
• includes/shortcodes/classes/YasrVisitorVotes.php (modified) (1 diff)
• includes/yasr-includes-functions.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• yet-another-stars-rating.php (modified) (2 diffs)

yet-another-stars-rating/trunk/admin/editor/YasrOnSavePost.php

@@ -90 +90 @@
         $rating = (float)$rating;
 
-        if ($rating > 5) {
-            $rating = 5;
-        }
-
-        if($rating <= 0) {
-            return;
-        }
+        $rating = yasr_validate_rating($rating, 0);
 
         /**

yet-another-stars-rating/trunk/docs/yasr_hooks.md

@@ -6 +6 @@
 _Add custom script in one of the page used by YASR, at the beginning_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $hook | string |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$hook | string |  |
 ___
  ### `do_action('yasr_add_admin_scripts_end')` 
@@ -16 +16 @@
 _Add custom script in one of the page used by YASR, at the end_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $hook | string |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$hook | string |  |
 ___
 
@@ -34 +34 @@
 _Use this action to add content inside shortcode creator_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $n_multi_set | int |  |
-| $multi_set | string |  the multiset name |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$n_multi_set | int |  |
+|$multi_set | string |  the multiset name |
 ___
 
@@ -57 +57 @@
 _Hook here to add new content at the beginning of the div_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $post_id | int |  |
-| $set_id | int |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$post_id | int |  |
+|$set_id | int |  |
 ___
  ### `do_action('yasr_add_content_multiset_tab_pro')` 
@@ -68 +68 @@
 _Hook here to add new content_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $post_id | int |  |
-| $set_id | int |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$post_id | int |  |
+|$set_id | int |  |
 ___
 
@@ -80 +80 @@
 _Hook here to add actions when YASR save data on save_post_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $post_id | int |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$post_id | int |  |
 ___
  ### `do_action('yasr_action_on_overall_rating')` 
@@ -90 +90 @@
 _Do action before overall rating is saved, works only in classic editor_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $post_id | int |  |
-| $rating | float |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$post_id | int |  |
+|$rating | float |  |
 ___
 
@@ -102 +102 @@
 _Hook here to add content at the bottom of the metabox_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $post_id | int |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$post_id | int |  |
 ___
 
@@ -130 +130 @@
 _Since this could contain js, this will only allow FALSE as value_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $style_page_upgrade_pro_js | string |  |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$style_page_upgrade_pro_js | string |  |
 ___
 
@@ -248 +248 @@
 _Use this hook to add (or eventually remove) supported itemTypes_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $itemTypes | array |  an array containing all the default supported itemTypes |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$itemTypes | array |  an array containing all the default supported itemTypes |
 ___
  ### `apply_filters('yasr_filter_itemtypes_fields')` 
@@ -264 +264 @@
 _yasr_softwareapplication_price_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $additionalFields | array |  an array containing all the default supported additional fields |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$additionalFields | array |  an array containing all the default supported additional fields |
 ___
 
@@ -333 +333 @@
 _If not used, will work with no support for atts_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $this->shortcode_name | string |  Name of shortcode caller |
-| $atts | string|array |  Shortcode atts |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$this->shortcode_name | string |  Name of shortcode caller |
+|$atts | string|array |  Shortcode atts |
 ___
  ### `apply_filters('yasr_multi_set_ranking_atts')` 
@@ -350 +350 @@
 _If not used, shortcode will works only with setId param_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $this->shortcode_name | string |  Name of shortcode caller |
-| $atts | string|array |  Shortcode atts |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$this->shortcode_name | string |  Name of shortcode caller |
+|$atts | string|array |  Shortcode atts |
 ___
 
@@ -367 +367 @@
  ### `do_action('yasr_action_on_visitor_vote')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 89](.././includes/shortcodes/classes/YasrShortcodesAjax.php:89)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 93](.././includes/shortcodes/classes/YasrShortcodesAjax.php:93)
+
+_Hook here to add an action on visitor votes (e.g. empty cache)_
+
+|Argument | Type | Description |
+| --- | --- | --- |
+|$array_action_visitor_vote | array |  An array containing post_id and is_singular |
 ___
  ### `apply_filters('yasr_vv_cookie')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 197](.././includes/shortcodes/classes/YasrShortcodesAjax.php:197)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 201](.././includes/shortcodes/classes/YasrShortcodesAjax.php:201)
 ___
  ### `apply_filters('yasr_vv_updated_text')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 210](.././includes/shortcodes/classes/YasrShortcodesAjax.php:210)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 214](.././includes/shortcodes/classes/YasrShortcodesAjax.php:214)
 ___
  ### `apply_filters('yasr_vv_saved_text')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 213](.././includes/shortcodes/classes/YasrShortcodesAjax.php:213)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 217](.././includes/shortcodes/classes/YasrShortcodesAjax.php:217)
 ___
  ### `do_action('yasr_action_on_visitor_multiset_vote')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 324](.././includes/shortcodes/classes/YasrShortcodesAjax.php:324)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 328](.././includes/shortcodes/classes/YasrShortcodesAjax.php:328)
 ___
  ### `apply_filters('yasr_mv_cookie')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 429](.././includes/shortcodes/classes/YasrShortcodesAjax.php:429)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 433](.././includes/shortcodes/classes/YasrShortcodesAjax.php:433)
 ___
  ### `apply_filters('yasr_mv_saved_text')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 438](.././includes/shortcodes/classes/YasrShortcodesAjax.php:438)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 442](.././includes/shortcodes/classes/YasrShortcodesAjax.php:442)
 ___
  ### `apply_filters('yasr_filter_ranking_request')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 621](.././includes/shortcodes/classes/YasrShortcodesAjax.php:621)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 625](.././includes/shortcodes/classes/YasrShortcodesAjax.php:625)
 ___
  ### `apply_filters('yasr_add_sources_ranking_request')` 
 
- Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 672](.././includes/shortcodes/classes/YasrShortcodesAjax.php:672)
+ Source: [../includes/shortcodes/classes/YasrShortcodesAjax.php, line 676](.././includes/shortcodes/classes/YasrShortcodesAjax.php:676)
 ___
 
@@ -417 +423 @@
 _Use this filter to customize yasr visitor votes readonly._
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $shortcode_html | string |  html for the shortcode |
-| $stored_votes | array |  array with average rating data for the post id. |
-| $this->post_id | int |  the post id |
-| $stored_votes | YasrDB::visitorVotes() |  array |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$shortcode_html | string |  html for the shortcode |
+|$stored_votes | array |  array with average rating data for the post id. |
+|$this->post_id | int |  the post id |
+|$stored_votes | YasrDB::visitorVotes() |  array |
 ___
  ### `apply_filters('yasr_vv_cookie')` 
@@ -430 +436 @@
 _Use this filter to customize the visitor votes cookie name_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-|  | string |  yasr_visitor_votes_cookie is the default name |
+|Argument | Type | Description |
+| --- | --- | --- |
+| | string |  yasr_visitor_votes_cookie is the default name |
 ___
  ### `apply_filters('yasr_cstm_text_already_voted')` 
@@ -466 +472 @@
 _"General Settings" -> "Custom text to display BEFORE Visitor Rating"_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $number_of_votes | int |  the total number of votes |
-| $average_rating | float |  the average rating |
-| $this->unique_id | string |  the dom ID |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$number_of_votes | int |  the total number of votes |
+|$average_rating | float |  the average rating |
+|$this->unique_id | string |  the dom ID |
 ___
  ### `apply_filters('yasr_cstm_text_after_vv')` 
@@ -482 +488 @@
 _"General Settings" -> "Custom text to display AFTER Visitor Rating"_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $number_of_votes | int |  the total number of votes |
-| $average_rating | float |  the average rating |
-| $this->unique_id | string |  the dom ID |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$number_of_votes | int |  the total number of votes |
+|$average_rating | float |  the average rating |
+|$this->unique_id | string |  the dom ID |
 ___
  ### `apply_filters('yasr_vv_shortcode')` 
@@ -494 +500 @@
 _Use this filter to customize the yasr_visitor_votes shortcode_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $shortcode_html | string |  html for the shortcode |
-| $this->post_id | int |  the post id |
-| $this->starSize | string | () the star size |
-| $this->readonly | string |  is the stars are readonly or not |
-| $this->ajax_nonce_visitor | string |  the WordPress nonce |
-| $this->is_singular | string |  if the current page is_singular or not |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$shortcode_html | string |  html for the shortcode |
+|$this->post_id | int |  the post id |
+|$this->starSize | string | () the star size |
+|$this->readonly | string |  is the stars are readonly or not |
+|$this->ajax_nonce_visitor | string |  the WordPress nonce |
+|$this->is_singular | string |  if the current page is_singular or not |
 ___
 
@@ -537 +543 @@
 _Use this hook to write your custom microdata from scratch_
 
-| Argument | Type | Description |
-| --- | --- | --- |
-| $item_type_for_post | string |  the itemType selected for the post |
+|Argument | Type | Description |
+| --- | --- | --- |
+|$item_type_for_post | string |  the itemType selected for the post |
 ___
  ### `apply_filters('yasr_filter_existing_schema')` 

yet-another-stars-rating/trunk/includes/classes/YasrDB.php

@@ -91 +91 @@
         $overall_rating = get_post_meta($post_id, 'yasr_overall_rating', true);
 
-        if (!$overall_rating || $overall_rating < 0) {
-            $overall_rating = 0;
-        }
-        if($overall_rating > 5) {
-            $overall_rating = 5;
-        }
+        $overall_rating = yasr_validate_rating($overall_rating, 0);
+
         return $overall_rating;
     }

yet-another-stars-rating/trunk/includes/shortcodes/classes/YasrShortcodesAjax.php

@@ -44 +44 @@
         add_action('wp_ajax_nopriv_yasr_send_visitor_rating', array($this, 'saveVV'));
 
+        //die if post status is non publish
+        add_action('yasr_action_on_visitor_vote',             array($this, 'dieIfPrivatePost'));
+        add_action('yasr_action_on_visitor_multiset_vote',    array($this, 'dieIfPrivatePost'));
+
         //MV save rating
         add_action('wp_ajax_yasr_visitor_multiset_field_vote',        array($this, 'saveMV'));
@@ -69 +73 @@
         $this->dieIfNotAjax();
 
-        if (isset($_POST['rating'], $_POST['post_id'])) {
-            $rating        = (int) $_POST['rating'];
-            $post_id       = (int) $_POST['post_id'];
-            $is_singular   = $_POST['is_singular'];
-        }
-        else {
-            echo ($this->returnErrorResponse(__('Error in Ajax Call, missing required param.', 'yet-another-stars-rating')));
-            die();
-        }
-
-        if(isset($_POST['nonce_visitor'])) {
-            $nonce_visitor = $_POST['nonce_visitor'];
-        } else {
-            $nonce_visitor = false;
-        }
-
-        $array_action_visitor_vote = array('post_id' => $post_id, 'is_singular' => $is_singular);
-
-        do_action('yasr_action_on_visitor_vote', $array_action_visitor_vote);
-
-        $nonce_response = self::validNonce($nonce_visitor, 'yasr_nonce_vv');
-        if($nonce_response !== true) {
-            die($nonce_response);
-        }
-
-        if(YASR_ALLOWED_USER === 'logged_only' && !is_user_logged_in()) {
-            echo ($this->returnErrorResponse(__('Only logged in user can rate.', 'yet-another-stars-rating')));
-            die();
-        }
-
-        if ($rating < 1) {
-            $rating = 1;
-        }
-        elseif ($rating > 5) {
-            $rating = 5;
-        }
-
-        $current_user_id = get_current_user_id();
+        $this->vvDieIfNotValidData();
+
+        $post_id     = (int) $_POST['post_id'];
+        $is_singular = $_POST['is_singular'];
+
+        $this->vvDieIfNonceInvalid();
+
+        $this->actionOnVV($post_id, $is_singular);
+
+        $this->vvDieIfNotAllowed();
+
+        $rating = yasr_validate_rating((int) $_POST['rating']);
 
         if (is_user_logged_in()) {
-            $result_insert_log = $this->saveVVLoggedIn($post_id, $current_user_id, $rating);
+            $result_insert_log = $this->saveVVLoggedIn($post_id, get_current_user_id(), $rating);
 
         } //if user is not logged in insert
@@ -125 +103 @@
         die(); // this is required to return a proper result
     }
+
+    /**
+     * Echo an error and die if rating or post id are missing in $_POST
+     *
+     * @author Dario Curvino <@dudo>
+     *
+     * @since  3.4.4
+     * @return void
+     */
+    private function vvDieIfNotValidData() {
+        if (!isset($_POST['rating']) || !isset($_POST['post_id'])) {
+            echo $this->returnErrorResponse(__('Error in Ajax Call, missing required param.', 'yet-another-stars-rating'));
+            die();
+        }
+    }
+
+    /**
+     * Validate the nonce
+     *
+     * @author Dario Curvino <@dudo>
+     *
+     * @since  3.4.4
+     * @return void
+     */
+    private function vvDieIfNonceInvalid () {
+        if(isset($_POST['nonce_visitor'])) {
+            $nonce_visitor = $_POST['nonce_visitor'];
+        } else {
+            $nonce_visitor = false;
+        }
+
+        $nonce_response = self::validNonce($nonce_visitor, 'yasr_nonce_vv');
+        if($nonce_response !== true) {
+            die($nonce_response);
+        }
+    }
+
+
+    /**
+     * Create an array and add an action to perform on vv
+     *
+     * @author Dario Curvino <@dudo>
+     *
+     * @since 3.4.4
+     *
+     * @param $post_id
+     * @param $is_singular
+     *
+     * @return void
+     */
+    private function actionOnVV($post_id, $is_singular) {
+        $array_action_visitor_vote = array('post_id' => $post_id, 'is_singular' => $is_singular);
+
+        /**
+         * Hook here to add an action on visitor votes (e.g. empty cache)
+         * @param array $array_action_visitor_vote An array containing post_id and is_singular
+         */
+        do_action('yasr_action_on_visitor_vote', $array_action_visitor_vote);
+    }
+
+    /**
+     * @author Dario Curvino <@dudo>
+     *
+     * Die if user not allowed to rate
+     *
+     * @since 3.4.4
+     * @return void
+     */
+    private function vvDieIfNotAllowed() {
+        if(YASR_ALLOWED_USER === 'logged_only' && !is_user_logged_in()) {
+            echo ($this->returnErrorResponse(__('Only logged in user can rate.', 'yet-another-stars-rating')));
+            die();
+        }
+    }
+
 
     /**
@@ -285 +338 @@
         //return rest response
         return $array_to_return;
+    }
+
+    /**
+     * @author Dario Curvino <@dudo>
+     *
+     * @since 3.4.4
+     *
+     * @param $array_action_visitor_vote
+     *
+     * @return void
+     */
+    public function dieIfPrivatePost($array_action_visitor_vote) {
+        $post_id = $array_action_visitor_vote['post_id'];
+        if(!is_user_logged_in() || !current_user_can(YASR_USER_CAPABILITY_EDIT_POST)) {
+            $status = get_post_status($post_id);
+
+            if ($status !== 'publish') {
+                echo $this->returnErrorResponse(__("This post doesn't exists or is private", 'yet-another-stars-rating'));
+                die();
+            }
+        }
     }
 

yet-another-stars-rating/trunk/includes/shortcodes/classes/YasrVisitorVotes.php

@@ -153 +153 @@
             }
 
-            //I've to check $cookie_value !== false before because
-            //if $cookie_value is false, $cookie_value < 1 return true (...wtf...)
+            //I've to check $cookie_value !== false before
             if($cookie_value !== false) {
-                if ($cookie_value > 5) {
-                    $cookie_value = 5;
-                } elseif ($cookie_value < 1) {
-                    $cookie_value = 1;
-                }
+                $cookie_value = yasr_validate_rating($cookie_value);
             }
             //return int

yet-another-stars-rating/trunk/includes/yasr-includes-functions.php

@@ -384 +384 @@
     return esc_html($prefix) . str_shuffle(uniqid());
 }
+
+/**
+ * Sanitize rating
+ *
+ * @author Dario Curvino <@dudo>
+ *
+ * @since 3.4.4
+ *
+ * @param $rating
+ * @param $min_value
+ * @param $only_min
+ * @param $only_max
+ *
+ * @return int|mixed
+ */
+function yasr_validate_rating($rating, $min_value=1, $only_min=false, $only_max=false) {
+    if(!$rating) {
+        $rating = 0;
+    }
+
+    if ($rating < $min_value) {
+        $rating = $min_value;
+    }
+    elseif ($rating > 5) {
+        $rating = 5;
+    }
+
+    return $rating;
+}

yet-another-stars-rating/trunk/readme.txt

@@ -5 +5 @@
 Contributors: Dudo
 Tested up to: 6.3
-Stable tag: 3.4.3
+Stable tag: 3.4.4
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -207 +207 @@
 The full changelog can be found in the plugin's directory. Recent entries:
 
+= 3.4.4 =
+* TWEAKED: since this version, for non-logged-in users, or users that can't edit posts, it is no longer possible to vote for a post that do not exist or is marked as private.
+If, for some reason, you need to do this, just add [this code](https://gist.github.com/Dudo1985/9105ee335f6104cc4ce4ea392416678c) into your functions.php file
+
 = 3.4.3 =
 * TWEAKED: The same mechanisms to prevent spam ratings for yasr_visitor_votes now also work for yasr_visitor_multiset.

yet-another-stars-rating/trunk/yet-another-stars-rating.php

@@ -5 +5 @@
  * Plugin URI: http://wordpress.org/plugins/yet-another-stars-rating/
  * Description: Boost the way people interact with your site with an easy WordPress stars rating system! With schema.org rich snippets YASR will improve your SEO
- * Version: 3.4.3
+ * Version: 3.4.4
  * Requires at least: 4.7
  * Requires PHP: 5.4
@@ -79 +79 @@
     // Signal that SDK was initiated.
     do_action( 'yasr_fs_loaded' );
-    define( 'YASR_VERSION_NUM', '3.4.3' );
+    define( 'YASR_VERSION_NUM', '3.4.4' );
     //Plugin absolute path
     //e.g. /var/www/html/plugin_development/wp-content/plugins/yet-another-stars-rating