protect against invalid values passed by users of the shortcode

ibericode · Feb 27, 2024 · 4d3aaac · 4d3aaac
1 parent 99a29ed
commit 4d3aaac
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/src/class-shortcode-site-counter.php b/src/class-shortcode-site-counter.php
@@ -9,7 +9,7 @@
  * Adds support for a shortcode to display the number of times a page or a site has been viewed
 
  * Options:
- *  days: How many previous days to count. Defaults to -1 which means show views for all time
+ *  days: How many previous days to count.
  *  metric: Either "pageviews" or "visitors"
  *  global: Set to true to show count for entire site instead of the current page.
  */
@@ -33,17 +33,19 @@ public function content($args)
             'global' => false,
         );
         $args = shortcode_atts($default_args, $args, self::SHORTCODE);
+        $args['days'] = abs((int) $args['days']);
 
-        $id = $args['global'] && $args['global'] !== 'false' ? 0 : (int) get_the_ID();
-        $start_date = create_local_datetime("-{$args['days']} days")->format('Y-m-d');
+        $id = $args['global'] && $args['global'] !== 'false' && $args['global'] !== '0' ? 0 : (int) get_the_ID();
+        $start_date_str = $args['days'] === 0 ? 'today midnight' : "-{$args['days']} days";
+        $start_date = create_local_datetime($start_date_str)->format('Y-m-d');
         $end_date = create_local_datetime('tomorrow midnight')->format('Y-m-d');
 
         $cache_key = 'ka_counter_' . $id . $args['metric'][0] . $args['days'];
         $count = get_transient($cache_key);
         if (!$count) {
             $stats = new Stats();
             $totals = $stats->get_totals($start_date, $end_date, $id);
-            $count = $args['metric'] == 'pageviews' ? $totals->pageviews : $totals->visitors;
+            $count = $args['metric'] === 'pageviews' ? $totals->pageviews : $totals->visitors;
             set_transient($cache_key, $count, 60);
         }
 

diff --git a/src/functions.php b/src/functions.php
@@ -176,11 +176,12 @@ function get_most_viewed_posts(array $args = array()): array
             'days'    => 30,
         ), $args);
 
-        $args['days']      = (int) $args['days'];
+        $args['days']      = abs((int) $args['days']);
         $args['post_type'] = is_array($args['post_type']) ? $args['post_type'] : explode(',', $args['post_type']);
         $args['post_type'] = array_map('trim', $args['post_type']);
 
-        $start_date = create_local_datetime("-{$args['days']} days")->format('Y-m-d');
+        $start_date_str = $args['days'] === 0 ? 'today midnight' : "-{$args['days']} days";
+        $start_date = create_local_datetime($start_date_str)->format('Y-m-d');
         $end_date = create_local_datetime('tomorrow midnight')->format('Y-m-d');
 
         // build query
@@ -295,10 +296,14 @@ function test_custom_endpoint(): void
 function create_local_datetime($timestr): \DateTimeImmutable
 {
     $offset = (float) get_option('gmt_offset', 0.0);
-    if ($offset >= 0) {
+    if ($offset >= 0.00) {
         $offset = "+$offset";
     }
 
-    $now_local = (new \DateTimeImmutable('now'))->modify($offset . ' hours');
+    $now_local = (new \DateTimeImmutable('now'));
+    if ($offset > 0.00 || $offset < 0.00) {
+        $now_local = $now_local->modify($offset . ' hours');
+    }
+
     return $now_local->modify($timestr);
 }