rtMedia for WordPress, BuddyPress and bbPress

Version Description

Security fix

Release Info

Developer	rtcamp
Plugin	rtMedia for WordPress, BuddyPress and bbPress
Version	3.7.40
Comparing to
See all releases

Code changes from version 3.7.39 to 3.7.40

Files changed (4) hide show

app/importers/RTMediaActivityUpgrade.php +23 -15
app/importers/RTMediaMediaSizeImporter.php +23 -14
index.php +1 -1
readme.txt +6 -3

app/importers/RTMediaActivityUpgrade.php CHANGED Viewed

	@@ -56,20 +56,26 @@ class RTMediaActivityUpgrade {
56
57	function rtmedia_activity_upgrade( $lastid = 0, $limit = 1 ){
58	global $wpdb;
59	- $~~rtmedia_model =~~ ~~new~~ ~~RTMediaModel(~~);
60	- $~~rtmedia_activity_model~~ = new ~~RTMediaActivityModel~~();
61	- $~~activity_sql~~ = " ~~SELECT *, max~~(~~privacy~~) ~~as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit " . $limit~~;
62	- if ( ~~isset~~( $~~_REQUEST['last_id']~~ ) ){
63	- ~~$lastid~~ = $_REQUEST['last_id'];
64	- }
65	- ~~if ( $lastid ){~~
66	- ~~$activity_sql~~ ~~= " SELECT *, max~~(~~privacy)~~ ~~as max_privacy FROM {~~$~~rtmedia_model->table_name} WHERE activity_id > " . $~~lastid ~~. ' AND activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit ' . $limit;~~
67	- }
68	- ~~$activity_data = $wpdb->get_results( $activity_sql );~~
69	- ~~if ( is_array(~~ $activity_data ) ~~&& ! empty~~( $~~activity_data~~ ) ){
70	- ~~$rtmedia_activity_model->insert~~( ~~array~~( ~~'activity_id' =>~~ $activity_data~~[0]->activity_id,~~ ~~'user_id'~~ => ~~$activity_data[0]->media_author,~~ ~~'privacy'~~ => $activity_data~~[0]->max_privacy~~ ) );






71	}
72	- ~~$this->return_upgrade( $activity_data[0] );~~
73	}
74
75	function return_upgrade( $activity_data, $upgrade = true ){
	@@ -102,7 +108,7 @@ class RTMediaActivityUpgrade {
102	$query_pending = " SELECT count( DISTINCT activity_id) as pending from {$rtmedia_model->table_name} where activity_id NOT IN( SELECT activity_id from {$rtmedia_activity_model->table_name} ) AND activity_id > 0 ";
103	$last_imported = $this->get_last_imported();
104	if ( $last_imported ){
105	- $query_pending .= " AND activity_id>{$last_imported} ";
106	}
107	$pending_count = $wpdb->get_results( $query_pending );
108	if ( $pending_count && sizeof( $pending_count ) > 0 ){
	@@ -147,6 +153,7 @@ class RTMediaActivityUpgrade {
147	<div class="wrap">
148	<h2>rtMedia: Upgrade rtMedia activity</h2>
149	<?php

150	echo '<span class="pending">' . rtmedia_migrate_formatseconds( $total - $done ) . ' (estimated)</span><br />';
151	echo '<span class="finished">' . $done . '</span>/<span class="total">' . $total . '</span>';
152	echo '<img src="images/loading.gif" alt="syncing" id="rtMediaSyncing" style="display:none" />';
	@@ -188,7 +195,8 @@ class RTMediaActivityUpgrade {
188	ajax_data = {
189	"action": "rtmedia_activity_upgrade",
190	"done": db_done,
191	- "last_id": last_id

192	}
193	jQuery.ajax( {
194	url: '<?php echo $admin_ajax; ?>',


56
57	function rtmedia_activity_upgrade( $lastid = 0, $limit = 1 ){
58	global $wpdb;
59	+ if( wp_verify_nonce( $_REQUEST['nonce'], 'rtmedia_media_activity_upgrade_nonce' ) ){
60	+ $rtmedia_model = new RTMediaModel();
61	+ $rtmedia_activity_model = new RTMediaActivityModel();
62	+ $activity_sql = " SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit " . $limit;
63	+ if ( isset( $_REQUEST['last_id'] ) ){
64	+ $lastid = intval( $_REQUEST['last_id'] );
65	+ }
66	+ if ( $lastid ){
67	+ $activity_sql = " SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id > " . $lastid . ' AND activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit ' . $limit;
68	+ }
69	+ $activity_data = $wpdb->get_results( $activity_sql );
70	+ if ( is_array( $activity_data ) && ! empty( $activity_data ) ){
71	+ $rtmedia_activity_model->insert( array( 'activity_id' => $activity_data[0]->activity_id, 'user_id' => $activity_data[0]->media_author, 'privacy' => $activity_data[0]->max_privacy ) );
72	+ }
73	+ $this->return_upgrade( $activity_data[0] );
74	+ } else {
75	+ echo '0';
76	+ wp_die();
77	}
78	+
79	}
80
81	function return_upgrade( $activity_data, $upgrade = true ){

108	$query_pending = " SELECT count( DISTINCT activity_id) as pending from {$rtmedia_model->table_name} where activity_id NOT IN( SELECT activity_id from {$rtmedia_activity_model->table_name} ) AND activity_id > 0 ";
109	$last_imported = $this->get_last_imported();
110	if ( $last_imported ){
111	+ $query_pending .= " AND activity_id > {$last_imported} ";
112	}
113	$pending_count = $wpdb->get_results( $query_pending );
114	if ( $pending_count && sizeof( $pending_count ) > 0 ){

153	<div class="wrap">
154	<h2>rtMedia: Upgrade rtMedia activity</h2>
155	<?php
156	+ wp_nonce_field( 'rtmedia_media_activity_upgrade_nonce', 'rtmedia_media_activity_upgrade_nonce' );
157	echo '<span class="pending">' . rtmedia_migrate_formatseconds( $total - $done ) . ' (estimated)</span><br />';
158	echo '<span class="finished">' . $done . '</span>/<span class="total">' . $total . '</span>';
159	echo '<img src="images/loading.gif" alt="syncing" id="rtMediaSyncing" style="display:none" />';

195	ajax_data = {
196	"action": "rtmedia_activity_upgrade",
197	"done": db_done,
198	+ "last_id": last_id,
199	+ "nonce" : jQuery.trim( jQuery( '#rtmedia_media_activity_upgrade_nonce' ).val() )
200	}
201	jQuery.ajax( {
202	url: '<?php echo $admin_ajax; ?>',

app/importers/RTMediaMediaSizeImporter.php CHANGED Viewed

	@@ -92,6 +92,7 @@ class RTMediaMediaSizeImporter {
92	<div class="wrap">
93	<h2>rtMedia: Import Media Size</h2>
94	<?php

95	echo '<span class="pending">' . rtmedia_migrate_formatseconds( $total - $done ) . ' (estimated)</span><br />';
96	echo '<span class="finished">' . $done . '</span>/<span class="total">' . $total . '</span>';
97	echo '<img src="images/loading.gif" alt="syncing" id="rtMediaSyncing" style="display:none" />';
	@@ -118,7 +119,8 @@ class RTMediaMediaSizeImporter {
118	ajax_data = {
119	"action": "rtmedia_media_size_import",
120	"done": db_done,
121	- "last_id": last_id

122	}
123	jQuery.ajax( {
124	url: rtmedia_admin_ajax,
	@@ -192,6 +194,7 @@ class RTMediaMediaSizeImporter {
192	$rtmedia_model = new RTMediaModel();
193	$query_pending = "SELECT COUNT(*) as pending from {$rtmedia_model->table_name} where file_size IS NULL AND media_type in ('photo','video','document','music','other')";
194	if ( $media_id ){

195	$query_pending = "SELECT COUNT(*) as pending from {$rtmedia_model->table_name} where file_size IS NULL AND media_type in ('photo','video','document','music','other') AND id > '" . $media_id . "'";
196	}
197	$pending_count = $wpdb->get_results( $query_pending );
	@@ -216,19 +219,25 @@ class RTMediaMediaSizeImporter {
216
217	function rtmedia_media_size_import( $lastid = 0, $limit = 1 ){
218	global $wpdb;
219	- $~~rtmedia_model~~ = ~~new~~ ~~RTMediaModel(~~);
220	- $~~get_media_sql~~ = ~~"SELECT~~ * from {$rtmedia_model->table_name} where file_size is NULL and media_type in (~~'photo','video','document','music','other'~~) ~~order by id limit " . $limit~~;
221	- if ( ~~isset(~~ $~~_REQUEST[~~'~~last_id~~'] ) ){
222	- ~~$lastid~~ = $_REQUEST['last_id'];
223	- }
224	- ~~if ( $lastid ){~~
225	- ~~$get_media_sql~~ = ~~"SELECT * from {~~$~~rtmedia_model->table_name} where id > '" . $~~lastid ~~. "' AND file_size is NULL and media_type in ('photo','video','document','music','other'~~) ~~order by id limit " . $limit;~~
226	- }
227	- ~~$result = $wpdb->get_results( $get_media_sql );~~
228	- ~~if (~~ $result && ~~sizeof~~( $~~result~~ ) ~~> 0 ){~~
229	- $~~migrate~~ = ~~$this->migrate_single_media~~( $result[0] );






230	}
231	- ~~$this->return_migration( $result[0], $migrate );~~
232	}
233
234	function migrate_single_media( $result ){
	@@ -252,7 +261,7 @@ class RTMediaMediaSizeImporter {
252	return $return;
253	}
254
255	- function return_migration( $media, $migrate = true ){
256	$total = $this->get_total_count();
257	$pending = $this->get_pending_count( $media->id );
258	$done = $total - $pending;


92	<div class="wrap">
93	<h2>rtMedia: Import Media Size</h2>
94	<?php
95	+ wp_nonce_field( 'rtmedia_media_size_import_nonce', 'rtmedia_media_size_import_nonce' );
96	echo '<span class="pending">' . rtmedia_migrate_formatseconds( $total - $done ) . ' (estimated)</span><br />';
97	echo '<span class="finished">' . $done . '</span>/<span class="total">' . $total . '</span>';
98	echo '<img src="images/loading.gif" alt="syncing" id="rtMediaSyncing" style="display:none" />';

119	ajax_data = {
120	"action": "rtmedia_media_size_import",
121	"done": db_done,
122	+ "last_id": last_id,
123	+ "nonce" : jQuery.trim( jQuery( '#rtmedia_media_size_import_nonce' ).val() )
124	}
125	jQuery.ajax( {
126	url: rtmedia_admin_ajax,

194	$rtmedia_model = new RTMediaModel();
195	$query_pending = "SELECT COUNT(*) as pending from {$rtmedia_model->table_name} where file_size IS NULL AND media_type in ('photo','video','document','music','other')";
196	if ( $media_id ){
197	+ $media_id = intval( $media_id );
198	$query_pending = "SELECT COUNT(*) as pending from {$rtmedia_model->table_name} where file_size IS NULL AND media_type in ('photo','video','document','music','other') AND id > '" . $media_id . "'";
199	}
200	$pending_count = $wpdb->get_results( $query_pending );

219
220	function rtmedia_media_size_import( $lastid = 0, $limit = 1 ){
221	global $wpdb;
222	+ if( wp_verify_nonce( $_REQUEST['nonce'], 'rtmedia_media_size_import_nonce' ) ){
223	+ $rtmedia_model = new RTMediaModel();
224	+ $get_media_sql = "SELECT * from {$rtmedia_model->table_name} where file_size is NULL and media_type in ('photo','video','document','music','other') order by id limit " . $limit;
225	+ if ( isset( $_REQUEST['last_id'] ) ){
226	+ $lastid = intval( $_REQUEST['last_id'] );
227	+ }
228	+ if ( $lastid ){
229	+ $get_media_sql = "SELECT * from {$rtmedia_model->table_name} where id > '" . $lastid . "' AND file_size is NULL and media_type in ('photo','video','document','music','other') order by id limit " . $limit;
230	+ }
231	+ $result = $wpdb->get_results( $get_media_sql );
232	+ if ( $result && sizeof( $result ) > 0 ){
233	+ $migrate = $this->migrate_single_media( $result[0] );
234	+ }
235	+ $this->return_migration( $result[0], $migrate );
236	+ } else {
237	+ echo '0';
238	+ wp_die();
239	}
240	+
241	}
242
243	function migrate_single_media( $result ){

261	return $return;
262	}
263
264	+ function return_migration( $media = false, $migrate = true ){
265	$total = $this->get_total_count();
266	$pending = $this->get_pending_count( $media->id );
267	$done = $total - $pending;

index.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	Plugin Name: rtMedia for WordPress, BuddyPress and bbPress
5	Plugin URI: http://rtcamp.com/rtmedia/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media
6	Description: This plugin adds missing media rich features like photos, videos and audio uploading to BuddyPress which are essential if you are building social network, seriously!
7	- Version: 3.7.39
8	Author: rtCamp
9	Text Domain: rtmedia
10	Author URI: http://rtcamp.com/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media


4	Plugin Name: rtMedia for WordPress, BuddyPress and bbPress
5	Plugin URI: http://rtcamp.com/rtmedia/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media
6	Description: This plugin adds missing media rich features like photos, videos and audio uploading to BuddyPress which are essential if you are building social network, seriously!
7	+ Version: 3.7.40
8	Author: rtCamp
9	Text Domain: rtmedia
10	Author URI: http://rtcamp.com/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media

readme.txt CHANGED Viewed

	@@ -6,7 +6,7 @@ License: GPLv2 or later
6	License URI: http://www.gnu.org/licenses/gpl-2.0.html
7	Requires at least: WordPress 3.6
8	Tested up to: WordPress 4.1 + BuddyPress 2.2.0
9	- Stable tag: 3.7.39
10
11	Add albums, photo, audio/video encoding, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.
12
	@@ -128,6 +128,9 @@ http://www.youtube.com/watch?v=dJrykKQGDcs
128
129	Please visit [rtMedia's Roadmap page](http://rtcamp.com/rtmedia/roadmap/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's Features page") to get some details about future releases.
130



131	= 3.7.39 =
132	* Fix possible XSS vulnerability
133	* Update label for create album
	@@ -940,8 +943,8 @@ Please visit [rtMedia's Roadmap page](http://rtcamp.com/rtmedia/roadmap/?utm_sou
940
941	== Upgrade Notice ==
942
943	- = 3.7.39 =
944	- Requires BuddyPress 1.7 or higher, if using BuddyPress. ~~Fix~~ ~~possible XSS vulnerability, update label for create album.~~
945
946	== Sponsors ==
947


6	License URI: http://www.gnu.org/licenses/gpl-2.0.html
7	Requires at least: WordPress 3.6
8	Tested up to: WordPress 4.1 + BuddyPress 2.2.0
9	+ Stable tag: 3.7.40
10
11	Add albums, photo, audio/video encoding, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.
12

128
129	Please visit [rtMedia's Roadmap page](http://rtcamp.com/rtmedia/roadmap/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's Features page") to get some details about future releases.
130
131	+ = 3.7.40 =
132	+ * Security fix
133	+
134	= 3.7.39 =
135	* Fix possible XSS vulnerability
136	* Update label for create album

943
944	== Upgrade Notice ==
945
946	+ = 3.7.40 =
947	+ Requires BuddyPress 1.7 or higher, if using BuddyPress. Security fix
948
949	== Sponsors ==
950

rtMedia for WordPress, BuddyPress and bbPress - Version 3.7.40

Version Description

Release Info

Code changes from version 3.7.39 to 3.7.40