WordPress Popular Posts plugin and WordPress 4.8.2

When I updated WordPress to version 4.8.2 I accidentally found out that the update stops the WordPress Popular Posts plugin from working correctly. I was working on some optimizations for a WP site and started seeing the SQL errors!

Turns out that version 4.8.2 of WordPress hardens $wpdb->prepare() to prevent plugins and themes from accidentally causing a vulnerability. And given that WordPress Popular Posts hasn’t been updated in a year, this update breaks it.

Given that it is very popular 🙂 and that it may not be updated by the publisher, I decided to check the code causing this problem and replace it with code that works with 4.8.2.

You will need to edit the WordPress Popular Posts plugin as below:

The 2 sections of code are:

// Update all-time table
$result1 = $wpdb->query( $wpdb->prepare( “INSERT INTO {$table}data (postid, day, last_viewed, pageviews) VALUES (%d, %s, %s, %d) ON DUPLICATE KEY UPDATE pageviews = pageviews + %4\$d, last_viewed = %3\$s”, $id, $now, $now, $views ));

// Update range (summary) table
$result2 = $wpdb->query( $wpdb->prepare( “INSERT INTO {$table}summary (postid, pageviews, view_date, last_viewed) VALUES (%d, %d, %s, %s) ON DUPLICATE KEY UPDATE pageviews = pageviews + %2\$d, last_viewed = %4\$s”, $id, $views, $curdate, $now ));

You will need to change to:

//Update all-time table
$result1 = $wpdb->query( $wpdb->prepare( “INSERT INTO {$table}data (postid, day, last_viewed, pageviews) VALUES (%d, %s, %s, %d) ON DUPLICATE KEY UPDATE pageviews = pageviews + VALUES(pageviews), last_viewed = VALUES(last_viewed)”, $id, $now, $now, $views ));

// Update range (summary) table
$result2 = $wpdb->query( $wpdb->prepare( “INSERT INTO {$table}summary (postid, pageviews, view_date, last_viewed) VALUES (%d, %d, %s, %s) ON DUPLICATE KEY UPDATE pageviews = pageviews + VALUES(pageviews), last_viewed = VALUES(last_viewed)”, $id, $views, $curdate, $now ));

Save the plugin and it should start updating the database correctly.

This entry was posted in WordPress. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *