All-in-One Video Gallery - Version 2.5.4

Version Description

  • Security Fix.
Download this release

Release Info

Developer plugins360
Plugin Icon 128x128 All-in-One Video Gallery
Version 2.5.4
Comparing to
See all releases

Code changes from version 2.5.3 to 2.5.4

README.txt CHANGED
@@ -6,7 +6,7 @@ Tags: video player, video gallery, youtube gallery, vimeo gallery, livestream
6
  Requires at least: 4.7.0
7
  Tested up to: 5.9
8
  Requires PHP: 5.6.20
9
- Stable tag: 2.5.3
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -136,6 +136,10 @@ Yes, it is. However, do not "network-activate" the plugin. Activate it only on t
136
 
137
  == Changelog ==
138
 
 
 
 
 
139
  = 2.5.3 =
140
 
141
  * Tweak: Tags input field rebuilt using a standard HTML "select" field.
@@ -257,6 +261,6 @@ For the changelog of earlier versions, please refer to the [changelog on plugins
257
 
258
  == Upgrade Notice ==
259
 
260
- = 2.5.3 =
261
 
262
- Tags input field rebuilt using a standard HTML "select" field. [See changelog](https://wordpress.org/plugins/all-in-one-video-gallery/#developers)
6
  Requires at least: 4.7.0
7
  Tested up to: 5.9
8
  Requires PHP: 5.6.20
9
+ Stable tag: 2.5.4
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
136
 
137
  == Changelog ==
138
 
139
+ = 2.5.4 =
140
+
141
+ * Security Fix.
142
+
143
  = 2.5.3 =
144
 
145
  * Tweak: Tags input field rebuilt using a standard HTML "select" field.
261
 
262
  == Upgrade Notice ==
263
 
264
+ = 2.5.4 =
265
 
266
+ Security Fix. [See changelog](https://wordpress.org/plugins/all-in-one-video-gallery/#developers)
all-in-one-video-gallery.php CHANGED
@@ -11,7 +11,7 @@
11
  * Plugin Name: All-in-One Video Gallery
12
  * Plugin URI: https://plugins360.com/all-in-one-video-gallery/
13
  * Description: No coding required. A Responsive & Lightweight video gallery plugin. HTML5 Player, Categories, Visual Builder (Gutenberg), Search Form, Comments, Social Sharing and everything you will need to build a YouTube/Vimeo like video sharing website.
14
- * Version: 2.5.3
15
  * Author: Team Plugins360
16
  * Author URI: https://plugins360.com
17
  * License: GPL-2.0+
@@ -76,7 +76,7 @@ if ( !function_exists( 'aiovg_fs' ) ) {
76
 
77
  // The current version of the plugin
78
  if ( !defined( 'AIOVG_PLUGIN_VERSION' ) ) {
79
- define( 'AIOVG_PLUGIN_VERSION', '2.5.3' );
80
  }
81
  // The unique identifier of the plugin
82
  if ( !defined( 'AIOVG_PLUGIN_SLUG' ) ) {
11
  * Plugin Name: All-in-One Video Gallery
12
  * Plugin URI: https://plugins360.com/all-in-one-video-gallery/
13
  * Description: No coding required. A Responsive & Lightweight video gallery plugin. HTML5 Player, Categories, Visual Builder (Gutenberg), Search Form, Comments, Social Sharing and everything you will need to build a YouTube/Vimeo like video sharing website.
14
+ * Version: 2.5.4
15
  * Author: Team Plugins360
16
  * Author URI: https://plugins360.com
17
  * License: GPL-2.0+
76
 
77
  // The current version of the plugin
78
  if ( !defined( 'AIOVG_PLUGIN_VERSION' ) ) {
79
+ define( 'AIOVG_PLUGIN_VERSION', '2.5.4' );
80
  }
81
  // The unique identifier of the plugin
82
  if ( !defined( 'AIOVG_PLUGIN_SLUG' ) ) {
freemius/includes/class-freemius.php CHANGED
@@ -3550,6 +3550,8 @@
3550
  * @since 1.1.7.3
3551
  */
3552
  static function _toggle_debug_mode() {
 
 
3553
  if ( ! is_super_admin() ) {
3554
  return;
3555
  }
@@ -3571,10 +3573,19 @@
3571
  * @since 1.2.1.6
3572
  */
3573
  static function _get_debug_log() {
 
 
 
 
 
 
 
 
 
3574
  $logs = FS_Logger::load_db_logs(
3575
  fs_request_get( 'filters', false, 'post' ),
3576
- ! empty( $_POST['limit'] ) && is_numeric( $_POST['limit'] ) ? $_POST['limit'] : 200,
3577
- ! empty( $_POST['offset'] ) && is_numeric( $_POST['offset'] ) ? $_POST['offset'] : 0
3578
  );
3579
 
3580
  self::shoot_ajax_success( $logs );
@@ -4047,7 +4058,7 @@
4047
  if ( empty( $unique_id ) || ! is_string( $unique_id ) ) {
4048
  $key = fs_strip_url_protocol( get_site_url( $blog_id ) );
4049
 
4050
- $secure_auth = defined( 'SECURE_AUTH_KEY' ) ? SECURE_AUTH_KEY : '';
4051
  if ( empty( $secure_auth ) ||
4052
  false !== strpos( $secure_auth, ' ' ) ||
4053
  'put your unique phrase here' === $secure_auth
@@ -4447,6 +4458,12 @@
4447
  * @since 1.0.9
4448
  */
4449
  function _email_about_firewall_issue() {
 
 
 
 
 
 
4450
  $this->_admin_notices->remove_sticky( 'failed_connect_api' );
4451
 
4452
  $pong = $this->ping();
@@ -4521,6 +4538,12 @@
4521
  * @since 1.1.7.4
4522
  */
4523
  function _retry_connectivity_test() {
 
 
 
 
 
 
4524
  $this->_admin_notices->remove_sticky( 'failed_connect_api_first' );
4525
 
4526
  $pong = $this->ping();
3550
  * @since 1.1.7.3
3551
  */
3552
  static function _toggle_debug_mode() {
3553
+ check_admin_referer( 'fs_toggle_debug_mode' );
3554
+
3555
  if ( ! is_super_admin() ) {
3556
  return;
3557
  }
3573
  * @since 1.2.1.6
3574
  */
3575
  static function _get_debug_log() {
3576
+ check_admin_referer( 'fs_get_debug_log' );
3577
+
3578
+ if ( ! is_super_admin() ) {
3579
+ return;
3580
+ }
3581
+
3582
+ $limit = min( ! empty( $_POST['limit'] ) ? absint( $_POST['limit'] ) : 200, 200 );
3583
+ $offset = min( ! empty( $_POST['offset'] ) ? absint( $_POST['offset'] ) : 200, 200 );
3584
+
3585
  $logs = FS_Logger::load_db_logs(
3586
  fs_request_get( 'filters', false, 'post' ),
3587
+ $limit,
3588
+ $offset
3589
  );
3590
 
3591
  self::shoot_ajax_success( $logs );
4058
  if ( empty( $unique_id ) || ! is_string( $unique_id ) ) {
4059
  $key = fs_strip_url_protocol( get_site_url( $blog_id ) );
4060
 
4061
+ $secure_auth = SECURE_AUTH_KEY;
4062
  if ( empty( $secure_auth ) ||
4063
  false !== strpos( $secure_auth, ' ' ) ||
4064
  'put your unique phrase here' === $secure_auth
4458
  * @since 1.0.9
4459
  */
4460
  function _email_about_firewall_issue() {
4461
+ check_admin_referer( 'fs_resolve_firewall_issues' );
4462
+
4463
+ if ( ! current_user_can( is_multisite() ? 'manage_options' : 'activate_plugins' ) ) {
4464
+ return;
4465
+ }
4466
+
4467
  $this->_admin_notices->remove_sticky( 'failed_connect_api' );
4468
 
4469
  $pong = $this->ping();
4538
  * @since 1.1.7.4
4539
  */
4540
  function _retry_connectivity_test() {
4541
+ check_admin_referer( 'fs_retry_connectivity_test' );
4542
+
4543
+ if ( ! current_user_can( is_multisite() ? 'manage_options' : 'activate_plugins' ) ) {
4544
+ return;
4545
+ }
4546
+
4547
  $this->_admin_notices->remove_sticky( 'failed_connect_api_first' );
4548
 
4549
  $pong = $this->ping();
freemius/includes/managers/class-fs-admin-notice-manager.php CHANGED
@@ -175,7 +175,12 @@
175
  *
176
  */
177
  function dismiss_notice_ajax_callback() {
178
- $this->_sticky_storage->remove( $_POST['message_id'] );
 
 
 
 
 
179
  wp_die();
180
  }
181
 
@@ -469,4 +474,4 @@
469
  }
470
 
471
  #endregion
472
- }
175
  *
176
  */
177
  function dismiss_notice_ajax_callback() {
178
+ check_admin_referer( 'fs_dismiss_notice_action' );
179
+
180
+ if ( ! is_numeric( $_POST['message_id'] ) ) {
181
+ $this->_sticky_storage->remove( $_POST['message_id'] );
182
+ }
183
+
184
  wp_die();
185
  }
186
 
474
  }
475
 
476
  #endregion
477
+ }
freemius/includes/sdk/Exceptions/ArgumentNotExistException.php CHANGED
@@ -1,4 +1,8 @@
1
  <?php
 
 
 
 
2
  if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
3
  exit;
4
  }
@@ -6,4 +10,4 @@
6
  if ( ! class_exists( 'Freemius_ArgumentNotExistException' ) ) {
7
  class Freemius_ArgumentNotExistException extends Freemius_InvalidArgumentException {
8
  }
9
- }
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
  if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
7
  exit;
8
  }
10
  if ( ! class_exists( 'Freemius_ArgumentNotExistException' ) ) {
11
  class Freemius_ArgumentNotExistException extends Freemius_InvalidArgumentException {
12
  }
13
+ }
freemius/includes/sdk/Exceptions/EmptyArgumentException.php CHANGED
@@ -1,4 +1,8 @@
1
  <?php
 
 
 
 
2
  if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
3
  exit;
4
  }
@@ -6,4 +10,4 @@
6
  if ( ! class_exists( 'Freemius_EmptyArgumentException' ) ) {
7
  class Freemius_EmptyArgumentException extends Freemius_InvalidArgumentException {
8
  }
9
- }
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
  if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
7
  exit;
8
  }
10
  if ( ! class_exists( 'Freemius_EmptyArgumentException' ) ) {
11
  class Freemius_EmptyArgumentException extends Freemius_InvalidArgumentException {
12
  }
13
+ }
freemius/includes/sdk/Exceptions/Exception.php CHANGED
@@ -1,4 +1,8 @@
1
  <?php
 
 
 
 
2
  if ( ! class_exists( 'Freemius_Exception' ) ) {
3
  /**
4
  * Thrown when an API call returns an exception.
@@ -71,4 +75,4 @@
71
  return $str . $this->getMessage();
72
  }
73
  }
74
- }
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
  if ( ! class_exists( 'Freemius_Exception' ) ) {
7
  /**
8
  * Thrown when an API call returns an exception.
75
  return $str . $this->getMessage();
76
  }
77
  }
78
+ }
freemius/includes/sdk/Exceptions/InvalidArgumentException.php CHANGED
@@ -1,8 +1,12 @@
1
  <?php
 
 
 
 
2
  if ( ! class_exists( 'Freemius_Exception' ) ) {
3
  exit;
4
  }
5
 
6
  if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
7
  class Freemius_InvalidArgumentException extends Freemius_Exception { }
8
- }
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
  if ( ! class_exists( 'Freemius_Exception' ) ) {
7
  exit;
8
  }
9
 
10
  if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
11
  class Freemius_InvalidArgumentException extends Freemius_Exception { }
12
+ }
freemius/includes/sdk/Exceptions/OAuthException.php CHANGED
@@ -1,4 +1,8 @@
1
  <?php
 
 
 
 
2
  if ( ! class_exists( 'Freemius_Exception' ) ) {
3
  exit;
4
  }
@@ -9,4 +13,4 @@
9
  parent::__construct( $pResult );
10
  }
11
  }
12
- }
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
  if ( ! class_exists( 'Freemius_Exception' ) ) {
7
  exit;
8
  }
13
  parent::__construct( $pResult );
14
  }
15
  }
16
+ }
freemius/includes/sdk/FreemiusBase.php CHANGED
@@ -15,6 +15,10 @@
15
  * under the License.
16
  */
17
 
 
 
 
 
18
  if ( ! defined( 'FS_API__VERSION' ) ) {
19
  define( 'FS_API__VERSION', '1' );
20
  }
15
  * under the License.
16
  */
17
 
18
+ if ( ! defined( 'ABSPATH' ) ) {
19
+ exit;
20
+ }
21
+
22
  if ( ! defined( 'FS_API__VERSION' ) ) {
23
  define( 'FS_API__VERSION', '1' );
24
  }
freemius/includes/sdk/FreemiusWordPress.php CHANGED
@@ -14,6 +14,9 @@
14
  * License for the specific language governing permissions and limitations
15
  * under the License.
16
  */
 
 
 
17
 
18
  require_once dirname( __FILE__ ) . '/FreemiusBase.php';
19
 
@@ -709,4 +712,4 @@
709
  }
710
 
711
  #endregion
712
- }
14
  * License for the specific language governing permissions and limitations
15
  * under the License.
16
  */
17
+ if ( ! defined( 'ABSPATH' ) ) {
18
+ exit;
19
+ }
20
 
21
  require_once dirname( __FILE__ ) . '/FreemiusBase.php';
22
 
712
  }
713
 
714
  #endregion
715
+ }
freemius/require.php CHANGED
@@ -6,6 +6,10 @@
6
  * @since 1.1.9
7
  */
8
 
 
 
 
 
9
  // Configuration should be loaded first.
10
  require_once dirname( __FILE__ ) . '/config.php';
11
  require_once WP_FS__DIR_INCLUDES . '/fs-core-functions.php';
@@ -46,4 +50,4 @@
46
  require_once WP_FS__DIR_INCLUDES . '/class-fs-admin-notices.php';
47
  require_once WP_FS__DIR_INCLUDES . '/class-freemius-abstract.php';
48
  require_once WP_FS__DIR_INCLUDES . '/sdk/Exceptions/Exception.php';
49
- require_once WP_FS__DIR_INCLUDES . '/class-freemius.php';
6
  * @since 1.1.9
7
  */
8
 
9
+ if ( ! defined( 'ABSPATH' ) ) {
10
+ exit;
11
+ }
12
+
13
  // Configuration should be loaded first.
14
  require_once dirname( __FILE__ ) . '/config.php';
15
  require_once WP_FS__DIR_INCLUDES . '/fs-core-functions.php';
50
  require_once WP_FS__DIR_INCLUDES . '/class-fs-admin-notices.php';
51
  require_once WP_FS__DIR_INCLUDES . '/class-freemius-abstract.php';
52
  require_once WP_FS__DIR_INCLUDES . '/sdk/Exceptions/Exception.php';
53
+ require_once WP_FS__DIR_INCLUDES . '/class-freemius.php';
freemius/start.php CHANGED
@@ -15,7 +15,7 @@
15
  *
16
  * @var string
17
  */
18
- $this_sdk_version = '2.4.2';
19
 
20
  #region SDK Selection Logic --------------------------------------------------------------------
21
 
15
  *
16
  * @var string
17
  */
18
+ $this_sdk_version = '2.4.3';
19
 
20
  #region SDK Selection Logic --------------------------------------------------------------------
21
 
freemius/templates/account/partials/addon.php CHANGED
@@ -1,4 +1,9 @@
1
  <?php
 
 
 
 
 
2
  /**
3
  * @var array $VARS
4
  * @var Freemius $fs
@@ -443,4 +448,4 @@
443
  </td>
444
  <!--/ Optional Delete Action -->
445
  <?php endif ?>
446
- </tr>
1
  <?php
2
+
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  /**
8
  * @var array $VARS
9
  * @var Freemius $fs
448
  </td>
449
  <!--/ Optional Delete Action -->
450
  <?php endif ?>
451
+ </tr>
freemius/templates/ajax-loader.php CHANGED
@@ -1 +1,6 @@
1
- <div class="fs-ajax-loader" style="display: none"><?php for ( $i = 1; $i <= 8; $i ++ ) : ?><div class="fs-ajax-loader-bar fs-ajax-loader-bar-<?php echo $i ?>"></div><?php endfor ?></div>
 
 
 
 
 
1
+ <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+ ?>
6
+ <div class="fs-ajax-loader" style="display: none"><?php for ( $i = 1; $i <= 8; $i ++ ) : ?><div class="fs-ajax-loader-bar fs-ajax-loader-bar-<?php echo $i ?>"></div><?php endfor ?></div>
freemius/templates/debug.php CHANGED
@@ -37,6 +37,8 @@
37
 
38
  $.post( ajaxurl, {
39
  action: 'fs_toggle_debug_mode',
 
 
40
  is_on : ($(this).hasClass( 'fs-on' ) ? 1 : 0)
41
  }, function ( response ) {
42
  if ( 1 == response ) {
@@ -111,7 +113,8 @@
111
  if (optionName) {
112
  $.post(ajaxurl, {
113
  action : 'fs_get_db_option',
114
- _wpnonce : '<?php echo wp_create_nonce( 'fs_get_db_option' ) ?>',
 
115
  option_name: optionName
116
  }, function (response) {
117
  if (response.data.value)
@@ -131,7 +134,8 @@
131
  if (optionValue) {
132
  $.post(ajaxurl, {
133
  action : 'fs_set_db_option',
134
- _wpnonce : '<?php echo wp_create_nonce( 'fs_set_db_option' ) ?>',
 
135
  option_name : optionName,
136
  option_value: optionValue
137
  }, function () {
@@ -724,6 +728,8 @@
724
 
725
  $.post(ajaxurl, {
726
  action : 'fs_get_debug_log',
 
 
727
  filters: filters,
728
  offset : offset,
729
  limit : limit
37
 
38
  $.post( ajaxurl, {
39
  action: 'fs_toggle_debug_mode',
40
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
41
+ _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_toggle_debug_mode' ) ); ?>,
42
  is_on : ($(this).hasClass( 'fs-on' ) ? 1 : 0)
43
  }, function ( response ) {
44
  if ( 1 == response ) {
113
  if (optionName) {
114
  $.post(ajaxurl, {
115
  action : 'fs_get_db_option',
116
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
117
+ _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_get_db_option' ) ); ?>,
118
  option_name: optionName
119
  }, function (response) {
120
  if (response.data.value)
134
  if (optionValue) {
135
  $.post(ajaxurl, {
136
  action : 'fs_set_db_option',
137
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
138
+ _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_set_db_option' ) ); ?>,
139
  option_name : optionName,
140
  option_value: optionValue
141
  }, function () {
728
 
729
  $.post(ajaxurl, {
730
  action : 'fs_get_debug_log',
731
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
732
+ _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_get_debug_log' ) ); ?>,
733
  filters: filters,
734
  offset : offset,
735
  limit : limit
freemius/templates/firewall-issues-js.php CHANGED
@@ -22,10 +22,12 @@
22
  notice = $( this ).parents( '.fs-notice' ),
23
  ajaxActionSuffix = notice.attr( 'data-manager-id' ).replace( ':', '-' );
24
 
25
- var data = {
26
- action : 'fs_resolve_firewall_issues_' + ajaxActionSuffix,
27
- error_type: error_type
28
- };
 
 
29
 
30
  if ( 'squid' === error_type ) {
31
  data.hosting_company = prompt( 'What is the name or URL of your hosting company?' );
@@ -39,7 +41,9 @@
39
  }
40
 
41
  if ( 'retry_ping' === error_type ) {
42
- data.action = 'fs_retry_connectivity_test_' + ajaxActionSuffix;
 
 
43
  }
44
 
45
  $( this ).css({'cursor': 'wait'});
@@ -56,4 +60,4 @@
56
  });
57
  });
58
  });
59
- </script>
22
  notice = $( this ).parents( '.fs-notice' ),
23
  ajaxActionSuffix = notice.attr( 'data-manager-id' ).replace( ':', '-' );
24
 
25
+ var data = {
26
+ action : 'fs_resolve_firewall_issues_' + ajaxActionSuffix,
27
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
28
+ _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_resolve_firewall_issues' ) ); ?>,
29
+ error_type: error_type
30
+ };
31
 
32
  if ( 'squid' === error_type ) {
33
  data.hosting_company = prompt( 'What is the name or URL of your hosting company?' );
41
  }
42
 
43
  if ( 'retry_ping' === error_type ) {
44
+ data.action = 'fs_retry_connectivity_test_' + ajaxActionSuffix;
45
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
46
+ data._wpnonce = <?php echo wp_json_encode( wp_create_nonce( 'fs_retry_connectivity_test' ) ); ?>;
47
  }
48
 
49
  $( this ).css({'cursor': 'wait'});
60
  });
61
  });
62
  });
63
+ </script>
freemius/templates/partials/network-activation.php CHANGED
@@ -1,4 +1,9 @@
1
  <?php
 
 
 
 
 
2
  /**
3
  * @var array $VARS
4
  * @var Freemius $fs
@@ -86,4 +91,4 @@
86
  </tbody>
87
  </table>
88
  </div>
89
- </div>
1
  <?php
2
+
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  /**
8
  * @var array $VARS
9
  * @var Freemius $fs
91
  </tbody>
92
  </table>
93
  </div>
94
+ </div>
freemius/templates/sticky-admin-notice-js.php CHANGED
@@ -23,7 +23,9 @@
23
 
24
  notice.fadeOut( 'fast', function() {
25
  var data = {
26
- action : 'fs_dismiss_notice_action_' + ajaxActionSuffix,
 
 
27
  message_id: id
28
  };
29
 
@@ -36,4 +38,4 @@
36
  });
37
  });
38
  });
39
- </script>
23
 
24
  notice.fadeOut( 'fast', function() {
25
  var data = {
26
+ action : 'fs_dismiss_notice_action_' + ajaxActionSuffix,
27
+ // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
28
+ _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_dismiss_notice_action' ) ); ?>,
29
  message_id: id
30
  };
31
 
38
  });
39
  });
40
  });
41
+ </script>