Custom Facebook Feed - Version 4.0.3

Version Description

Fix: Added additional plugin hardening.

Release Info

Developer	smashballoon
Plugin	Custom Facebook Feed
Version	4.0.3
Comparing to
See all releases

Code changes from version 4.0.2 to 4.0.3

Files changed (25) hide show

README.txt +4 -1
admin/addon-functions.php +10 -11
admin/admin-functions.php +34 -38
admin/assets/js/cff-admin-scripts.js +9 -3
admin/assets/js/settings.js +2 -1
admin/assets/js/support.js +2 -2
admin/builder/assets/js/builder.js +3 -1
admin/enqueu-script.php +8 -0
assets/js/cff-scripts.js +7 -1
custom-facebook-feed.php +2 -2
inc/Admin/CFF_Admin.php +3 -3
inc/Admin/CFF_Global_Settings.php +101 -24
inc/Admin/CFF_New_User.php +19 -13
inc/Admin/CFF_Notifications.php +8 -0
inc/Admin/CFF_Support.php +42 -33
inc/Admin/CFF_Upgrader.php +7 -3
inc/Admin/CFF_oEmbeds.php +4 -4
inc/Builder/CFF_Feed_Builder.php +7 -1
inc/Builder/CFF_Feed_Saver_Manager.php +79 -12
inc/Builder/CFF_Source.php +65 -29
inc/Builder/Tabs/CFF_Customize_Tab.php +0 -1
inc/CFF_Error_Reporter.php +5 -0
inc/CFF_Feed_Locator.php +46 -2
inc/CFF_Shortcode.php +1 -1
inc/Custom_Facebook_Feed.php +52 -16

README.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: Facebook, Facebook feed, Facebook posts, Facebook group, Facebook page
4	Requires at least: 4.1
5	Requires PHP: 5.6
6	Tested up to: 5.8
7	- Stable tag: 4.0.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -262,6 +262,9 @@ The most common reason for this is that an add-on or extension you have installe
262	9. It's super easy to display your Facebook feed in any page or post
263
264	== Changelog ==



265	= 4.0.2 =
266	* Important: With this update, the Custom CSS and Custom JS settings have been deprecated. Please see below for details.
267	* Tweak: If any Custom CSS was being used in this field then it will be automatically moved into the native WordPress Customizer "Additional CSS" field instead and continue to work as normal.


4	Requires at least: 4.1
5	Requires PHP: 5.6
6	Tested up to: 5.8
7	+ Stable tag: 4.0.3
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

262	9. It's super easy to display your Facebook feed in any page or post
263
264	== Changelog ==
265	+ = 4.0.3 =
266	+ * Fix: Added additional plugin hardening.
267	+
268	= 4.0.2 =
269	* Important: With this update, the Custom CSS and Custom JS settings have been deprecated. Please see below for details.
270	* Tweak: If any Custom CSS was being used in this field then it will be automatically moved into the native WordPress Customizer "Additional CSS" field instead and continue to work as normal.

admin/addon-functions.php CHANGED Viewed

	@@ -10,20 +10,19 @@ function cff_deactivate_addon() {
10
11	// Run a security check.
12	check_ajax_referer( 'cff-admin', 'nonce' );
13	- ~~$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';~~
14	- $cap = apply_filters( 'cff_settings_pages_capability', $cap );
15	// Check for permissions.
16	- if ( ! current_user_can( ~~$cap~~ ) ) {
17	wp_send_json_error();
18	}
19
20	$type = 'addon';
21	if ( ! empty( $_POST['type'] ) ) {
22	- $type = sanitize_key( $_POST['type'] );
23	}
24
25	if ( isset( $_POST['plugin'] ) ) {
26	- deactivate_plugins( $_POST['plugin'] );
27
28	if ( 'plugin' === $type ) {
29	wp_send_json_success( esc_html__( 'Plugin deactivated.', 'custom-facebook-feed' ) );
	@@ -47,7 +46,7 @@ function cff_activate_addon() {
47	check_ajax_referer( 'cff-admin', 'nonce' );
48
49	// Check for permissions.
50	- if ( ! current_user_can( '~~manage_options~~' ) ) {
51	wp_send_json_error();
52	}
53
	@@ -55,7 +54,7 @@ function cff_activate_addon() {
55
56	$type = 'addon';
57	if ( ! empty( $_POST['type'] ) ) {
58	- $type = sanitize_key( $_POST['type'] );
59	}
60
61	$activate = activate_plugins( $_POST['plugin'] );
	@@ -84,7 +83,7 @@ function cff_install_addon() {
84	check_ajax_referer( 'cff-admin', 'nonce' );
85
86	// Check for permissions.
87	- if ( ! current_user_can( '~~manage_options~~' ) ) {
88	wp_send_json_error();
89	}
90
	@@ -179,11 +178,11 @@ add_action( 'wp_ajax_cff_install_addon', 'cff_install_addon' );
179
180
181	/**
182	- * Smash Balloon Encrypt or decrypt
183	- *
184	* @param string @action
185	* @param string @string
186	- *
187	* @return string $output
188	*/
189	function sb_encrypt_decrypt( $action, $string ) {


10
11	// Run a security check.
12	check_ajax_referer( 'cff-admin', 'nonce' );
13	+

14	// Check for permissions.
15	+ if ( ! current_user_can( 'deactivate_plugins' ) ) {
16	wp_send_json_error();
17	}
18
19	$type = 'addon';
20	if ( ! empty( $_POST['type'] ) ) {
21	+ $type = sanitize_key( wp_unslash( $_POST['type'] ) );
22	}
23
24	if ( isset( $_POST['plugin'] ) ) {
25	+ deactivate_plugins( wp_unslash( $_POST['plugin'] ) );
26
27	if ( 'plugin' === $type ) {
28	wp_send_json_success( esc_html__( 'Plugin deactivated.', 'custom-facebook-feed' ) );

46	check_ajax_referer( 'cff-admin', 'nonce' );
47
48	// Check for permissions.
49	+ if ( ! current_user_can( 'activate_plugins' ) ) {
50	wp_send_json_error();
51	}
52

54
55	$type = 'addon';
56	if ( ! empty( $_POST['type'] ) ) {
57	+ $type = sanitize_key( wp_unslash( $_POST['type'] ) );
58	}
59
60	$activate = activate_plugins( $_POST['plugin'] );

83	check_ajax_referer( 'cff-admin', 'nonce' );
84
85	// Check for permissions.
86	+ if ( ! current_user_can( 'install_plugins' ) ) {
87	wp_send_json_error();
88	}
89

178
179
180	/**
181	+ * Smash Balloon Encrypt or decrypt
182	+ *
183	* @param string @action
184	* @param string @string
185	+ *
186	* @return string $output
187	*/
188	function sb_encrypt_decrypt( $action, $string ) {

admin/admin-functions.php CHANGED Viewed

	@@ -5127,10 +5127,12 @@ function cff_social_wall_page() {
5127
5128
5129	function cff_lite_dismiss() {
5130	- ~~$nonce = isset~~( ~~$_POST[~~'cff_nonce'] ) ~~? sanitize_text_field( $_POST[~~'cff_nonce'] ) ~~: ''~~;
5131
5132	- if ( ! ~~wp_verify_nonce(~~ ~~$nonce,~~ '~~cff_nonce~~' ) ~~) {~~
5133	- ~~die~~ ( '~~You~~ ~~did~~ ~~not do this the right way!'~~ );


5134	}
5135
5136	set_transient( 'facebook_feed_dismiss_lite', 'dismiss', 1 * WEEK_IN_SECONDS );
	@@ -5139,12 +5141,7 @@ function cff_lite_dismiss() {
5139	}
5140	add_action( 'wp_ajax_cff_lite_dismiss', 'cff_lite_dismiss' );
5141
5142	- ~~function cff_reset_log() {~~
5143	- \cff_main()->cff_error_reporter->add_action_log( 'View feed and retry button clicked.' );
5144	- cff_delete_cache();
5145	- die();
5146	- }
5147	- add_action( 'wp_ajax_cff_reset_log', 'cff_reset_log' );
5148
5149
5150	/* Display a notice regarding PPCA changes, which can be dismissed */
	@@ -5406,30 +5403,17 @@ function cff_free_add_caps() {
5406	}
5407	add_action( 'admin_init', 'cff_free_add_caps', 90 );
5408
5409	- //PPCA token checks
5410	- function cff_ppca_token_check_flag() {
5411	- if( get_transient('cff_ppca_access_token_invalid') ){
5412	- print_r(true);
5413	- } else {
5414	- print_r(false);
5415	- }
5416
5417	- die();
5418	- }
5419	- add_action( 'wp_ajax_cff_ppca_token_check_flag', 'cff_ppca_token_check_flag' );
5420
5421	- ~~//Set the PPCA token transient. Is cleared when settings are saved.~~
5422	- function cff_ppca_token_set_flag() {
5423	- set_transient('cff_ppca_access_token_invalid', true);
5424	- die();
5425	- }
5426	- add_action( 'wp_ajax_cff_ppca_token_set_flag', 'cff_ppca_token_set_flag' );
5427
5428	function cff_oembed_disable() {
5429	- ~~$nonce = isset~~( ~~$_POST[~~'cff_nonce'] ) ~~? sanitize_text_field( $_POST[~~'cff_nonce'] ) ~~: ''~~;
5430
5431	- if ( ! ~~wp_verify_nonce(~~ ~~$nonce,~~ '~~cff_nonce~~' ) ~~) {~~
5432	- ~~die~~ ( '~~You~~ ~~did~~ ~~not do this the right way!'~~ );


5433	}
5434
5435	$oembed_settings = get_option( 'cff_oembed_token', array() );
	@@ -5447,17 +5431,7 @@ function cff_oembed_disable() {
5447	}
5448	add_action( 'wp_ajax_cff_oembed_disable', 'cff_oembed_disable' );
5449
5450	- function cff_clear_error_log() {
5451
5452	- \cff_main()->cff_error_reporter->remove_all_errors();
5453	-
5454	- cff_delete_cache();
5455	-
5456	- echo "1";
5457	-
5458	- die();
5459	- }
5460	- add_action( 'wp_ajax_cff_clear_error_log', 'cff_clear_error_log' );
5461
5462	function cff_custom_cssjs_notice() {
5463	$cff_statuses_option = get_option( 'cff_statuses', array() );
	@@ -5496,6 +5470,8 @@ add_action( 'admin_notices', 'cff_custom_cssjs_notice' );
5496	add_action( 'cff_admin_notices', 'cff_custom_cssjs_notice' );
5497
5498	function cff_dismiss_custom_cssjs_notice() {


5499	$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
5500	$cap = apply_filters( 'cff_settings_pages_capability', $cap );
5501	//Only display notice to admins
	@@ -5507,6 +5483,26 @@ function cff_dismiss_custom_cssjs_notice() {
5507	}
5508	add_action( 'wp_ajax_cff_dismiss_custom_cssjs_notice', 'cff_dismiss_custom_cssjs_notice' );
5509




















5510	/**
5511	* Adds CSS to the end of the customizer "Additonal CSS" setting
5512	*


5127
5128
5129	function cff_lite_dismiss() {
5130	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
5131
5132	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
5133	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
5134	+ if ( ! current_user_can( $cap ) ) {
5135	+ wp_send_json_error(); // This auto-dies.
5136	}
5137
5138	set_transient( 'facebook_feed_dismiss_lite', 'dismiss', 1 * WEEK_IN_SECONDS );

5141	}
5142	add_action( 'wp_ajax_cff_lite_dismiss', 'cff_lite_dismiss' );
5143
5144	+





5145
5146
5147	/* Display a notice regarding PPCA changes, which can be dismissed */

5403	}
5404	add_action( 'admin_init', 'cff_free_add_caps', 90 );
5405







5406



5407
5408	+





5409
5410	function cff_oembed_disable() {
5411	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
5412
5413	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
5414	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
5415	+ if ( ! current_user_can( $cap ) ) {
5416	+ wp_send_json_error(); // This auto-dies.
5417	}
5418
5419	$oembed_settings = get_option( 'cff_oembed_token', array() );

5431	}
5432	add_action( 'wp_ajax_cff_oembed_disable', 'cff_oembed_disable' );
5433

5434









5435
5436	function cff_custom_cssjs_notice() {
5437	$cff_statuses_option = get_option( 'cff_statuses', array() );

5470	add_action( 'cff_admin_notices', 'cff_custom_cssjs_notice' );
5471
5472	function cff_dismiss_custom_cssjs_notice() {
5473	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
5474	+
5475	$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
5476	$cap = apply_filters( 'cff_settings_pages_capability', $cap );
5477	//Only display notice to admins

5483	}
5484	add_action( 'wp_ajax_cff_dismiss_custom_cssjs_notice', 'cff_dismiss_custom_cssjs_notice' );
5485
5486	+
5487	+ function cff_ppca_token_check_flag() {
5488	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
5489	+
5490	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
5491	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
5492	+ if ( ! current_user_can( $cap ) ) {
5493	+ wp_send_json_error(); // This auto-dies.
5494	+ }
5495	+
5496	+ if( get_transient('cff_ppca_access_token_invalid') ){
5497	+ print_r(true);
5498	+ } else {
5499	+ print_r(false);
5500	+ }
5501	+
5502	+ die();
5503	+ }
5504	+ add_action( 'wp_ajax_cff_ppca_token_check_flag', 'cff_ppca_token_check_flag' );
5505	+
5506	/**
5507	* Adds CSS to the end of the customizer "Additonal CSS" setting
5508	*

admin/assets/js/cff-admin-scripts.js CHANGED Viewed

	@@ -16,7 +16,8 @@ jQuery(document).ready(function($) {
16	url : cffA.ajax_url,
17	type : 'post',
18	data : {
19	- action : 'cff_dismiss_upgrade_notice'

20	},
21	success : function(data) {
22	if ( data.success == true ) {
	@@ -35,7 +36,8 @@ jQuery(document).ready(function($) {
35	url : cffA.ajax_url,
36	type : 'post',
37	data : {
38	- action : 'cff_dismiss_custom_cssjs_notice'

39	},
40	success : function(data) {
41	},
	@@ -50,7 +52,9 @@ jQuery(document).ready(function($) {
50	url : cffA.ajax_url,
51	type : 'get',
52	data : {
53	- action : 'cff_ppca_token_check_flag'


54	},
55	success : function(data) {
56	if( data ) $('.cff-ppca-check-notice.cff-error').show();
	@@ -1009,6 +1013,8 @@ jQuery(document).ready(function($) {
1009	data : {
1010	action : 'sb_other_plugins_modal',
1011	plugin : sb_get_plugin,


1012	},
1013	success : function(data) {
1014	if ( data.success == true ) {


16	url : cffA.ajax_url,
17	type : 'post',
18	data : {
19	+ action : 'cff_dismiss_upgrade_notice',
20	+ cff_nonce: cffA.cff_nonce
21	},
22	success : function(data) {
23	if ( data.success == true ) {

36	url : cffA.ajax_url,
37	type : 'post',
38	data : {
39	+ action : 'cff_dismiss_custom_cssjs_notice',
40	+ cff_nonce: cffA.cff_nonce
41	},
42	success : function(data) {
43	},

52	url : cffA.ajax_url,
53	type : 'get',
54	data : {
55	+ action : 'cff_ppca_token_check_flag',
56	+ cff_nonce: cffA.cff_nonce
57	+
58	},
59	success : function(data) {
60	if( data ) $('.cff-ppca-check-notice.cff-error').show();

1013	data : {
1014	action : 'sb_other_plugins_modal',
1015	plugin : sb_get_plugin,
1016	+ cff_nonce : cffA.cff_nonce,
1017	+
1018	},
1019	success : function(data) {
1020	if ( data.success == true ) {

admin/assets/js/settings.js CHANGED Viewed

	@@ -521,7 +521,7 @@ var cffSettings = new Vue({
521	return;
522	}
523
524	- let url = this.ajaxHandler + '?action=cff_export_settings_json&feed_id=' + this.exportFeed;
525	window.location = url;
526	},
527	saveSettings: function() {
	@@ -752,6 +752,7 @@ var cffSettings = new Vue({
752	*/
753	ajaxPost : function(data, callback){
754	var self = this;

755	self.$http.post(self.ajaxHandler,data).then(callback);
756	},
757


521	return;
522	}
523
524	+ let url = this.ajaxHandler + '?action=cff_export_settings_json&feed_id=' + this.exportFeed + '&nonce=' + this.nonce;
525	window.location = url;
526	},
527	saveSettings: function() {

752	*/
753	ajaxPost : function(data, callback){
754	var self = this;
755	+ data['nonce'] = self.nonce;
756	self.$http.post(self.ajaxHandler,data).then(callback);
757	},
758

admin/assets/js/support.js CHANGED Viewed

	@@ -73,7 +73,7 @@ var cffsupport = new Vue({
73	return;
74	}
75
76	- let url = this.ajax_handler + '?action=cff_export_settings_json&feed_id=' + this.exportFeed;
77	window.location = url;
78	},
79	searchDoc: function() {
	@@ -112,7 +112,7 @@ var cffsupport = new Vue({
112	},
113	/**
114	* Toggle Sticky Widget view
115	- *
116	* @since 4.0
117	*/
118	toggleStickyWidget: function() {


73	return;
74	}
75
76	+ let url = this.ajax_handler + '?action=cff_export_settings_json&feed_id=' + + this.exportFeed + '&nonce=' + this.nonce;
77	window.location = url;
78	},
79	searchDoc: function() {

112	},
113	/**
114	* Toggle Sticky Widget view
115	+ *
116	* @since 4.0
117	*/
118	toggleStickyWidget: function() {

admin/builder/assets/js/builder.js CHANGED Viewed

	@@ -109,6 +109,7 @@ cffBuilder = new Vue({
109	},
110	mixins: [VueClickaway.mixin],
111	data: {

112	plugins: cff_builder.installPluginsPopup,
113	dismissLite : cff_builder.facebook_feed_dismiss_lite,
114	supportPageUrl: cff_builder.supportPageUrl,
	@@ -556,6 +557,7 @@ cffBuilder = new Vue({
556	*/
557	ajaxPost : function(data, callback){
558	var self = this;

559	self.$http.post(self.ajaxHandler,data).then(callback);
560	},
561
	@@ -844,7 +846,7 @@ cffBuilder = new Vue({
844	self.viewsActive.onboardingStep = 0;
845	var postData = {
846	action : 'cff_dismiss_onboarding',
847	- was_active : wasActive
848	};
849	self.ajaxPost(postData, function(_ref){
850	var data = _ref.data;


109	},
110	mixins: [VueClickaway.mixin],
111	data: {
112	+ nonce : cff_builder.nonce,
113	plugins: cff_builder.installPluginsPopup,
114	dismissLite : cff_builder.facebook_feed_dismiss_lite,
115	supportPageUrl: cff_builder.supportPageUrl,

557	*/
558	ajaxPost : function(data, callback){
559	var self = this;
560	+ data['nonce'] = this.nonce;
561	self.$http.post(self.ajaxHandler,data).then(callback);
562	},
563

846	self.viewsActive.onboardingStep = 0;
847	var postData = {
848	action : 'cff_dismiss_onboarding',
849	+ was_active : wasActive,
850	};
851	self.ajaxPost(postData, function(_ref){
852	var data = _ref.data;

admin/enqueu-script.php CHANGED Viewed

	@@ -7,6 +7,14 @@ require_once trailingslashit( CFF_PLUGIN_DIR ) . 'inc/Admin/CFF_Install_Skin.php
7
8
9	function cff_ppca_token_check_flag() {








10	if( get_transient('cff_ppca_access_token_invalid') ){
11	print_r(true);
12	} else {


7
8
9	function cff_ppca_token_check_flag() {
10	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
11	+
12	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
13	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
14	+ if ( ! current_user_can( $cap ) ) {
15	+ wp_send_json_error(); // This auto-dies.
16	+ }
17	+
18	if( get_transient('cff_ppca_access_token_invalid') ){
19	print_r(true);
20	} else {

assets/js/cff-scripts.js CHANGED Viewed

	@@ -487,11 +487,17 @@ if(!cff_js_exists){
487	var feedLocatorData = [];
488	jQuery('.cff-list-container').each(function(){
489	$cffPagUrl = jQuery(this).find('.cff-pag-url');





490	var singleFeedLocatorData = {
491	feedID : $cffPagUrl.attr('data-feed-id'),
492	postID : $cffPagUrl.attr('data-post-id'),
493	shortCodeAtts : jQuery.trim($cffPagUrl.attr('data-cff-shortcode')) == '' ? null : JSON.parse($cffPagUrl.attr('data-cff-shortcode')),
494	- location : locationGuess(jQuery(this))

495	};
496	feedLocatorData.push(singleFeedLocatorData);
497	});


487	var feedLocatorData = [];
488	jQuery('.cff-list-container').each(function(){
489	$cffPagUrl = jQuery(this).find('.cff-pag-url');
490	+ var locatorNonce = '';
491	+ if ( typeof $cffPagUrl.attr( 'data-locatornonce' ) !== 'undefined' ) {
492	+ locatorNonce = $cffPagUrl.attr( 'data-locatornonce' );
493	+ }
494	+
495	var singleFeedLocatorData = {
496	feedID : $cffPagUrl.attr('data-feed-id'),
497	postID : $cffPagUrl.attr('data-post-id'),
498	shortCodeAtts : jQuery.trim($cffPagUrl.attr('data-cff-shortcode')) == '' ? null : JSON.parse($cffPagUrl.attr('data-cff-shortcode')),
499	+ location : locationGuess(jQuery(this)),
500	+ locator_nonce : locatorNonce
501	};
502	feedLocatorData.push(singleFeedLocatorData);
503	});

custom-facebook-feed.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Smash Balloon Custom Facebook Feed
4	Plugin URI: https://smashballoon.com/custom-facebook-feed
5	Description: Add completely customizable Facebook feeds to your WordPress site
6	- Version: 4.0.2
7	Author: Smash Balloon
8	Author URI: http://smashballoon.com/
9	License: GPLv2 or later
	@@ -25,7 +25,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25	*/
26	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
27
28	- define('CFFVER', '4.0.2');
29	define( 'WPW_SL_STORE_URL', 'https://smashballoon.com/' );
30	define( 'WPW_SL_ITEM_NAME', 'Custom Facebook Feed WordPress Plugin Personal' ); //!Update Plugin Name at top of file!
31


3	Plugin Name: Smash Balloon Custom Facebook Feed
4	Plugin URI: https://smashballoon.com/custom-facebook-feed
5	Description: Add completely customizable Facebook feeds to your WordPress site
6	+ Version: 4.0.3
7	Author: Smash Balloon
8	Author URI: http://smashballoon.com/
9	License: GPLv2 or later

25	*/
26	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
27
28	+ define('CFFVER', '4.0.3');
29	define( 'WPW_SL_STORE_URL', 'https://smashballoon.com/' );
30	define( 'WPW_SL_ITEM_NAME', 'Custom Facebook Feed WordPress Plugin Personal' ); //!Update Plugin Name at top of file!
31

inc/Admin/CFF_Admin.php CHANGED Viewed

	@@ -68,7 +68,7 @@ class CFF_Admin{
68	);
69
70	//Show a Instagram plugin menu item if it isn't already installed
71	- if( !is_plugin_active( 'instagram-feed/instagram-feed.php' ) && !is_plugin_active( 'instagram-feed-pro/instagram-feed.php' ) ){
72	add_submenu_page(
73	'cff-top',
74	__( 'Instagram Feed', 'custom-facebook-feed' ),
	@@ -80,7 +80,7 @@ class CFF_Admin{
80	}
81
82	//Show a Twitter plugin menu item if it isn't already installed
83	- if( !is_plugin_active( 'custom-twitter-feeds/custom-twitter-feed.php' ) && !is_plugin_active( 'custom-twitter-feeds-pro/custom-twitter-feed.php' ) ){
84	add_submenu_page(
85	'cff-top',
86	__( 'Twitter Feed', 'custom-facebook-feed' ),
	@@ -92,7 +92,7 @@ class CFF_Admin{
92	}
93
94	//Show a YouTube plugin menu item if it isn't already installed
95	- if( !is_plugin_active( 'feeds-for-youtube/youtube-feed.php' ) && !is_plugin_active( 'youtube-feed-pro/youtube-feed.php' ) ){
96	add_submenu_page(
97	'cff-top',
98	__( 'YouTube Feed', 'custom-facebook-feed' ),


68	);
69
70	//Show a Instagram plugin menu item if it isn't already installed
71	+ if( !is_plugin_active( 'instagram-feed/instagram-feed.php' ) && !is_plugin_active( 'instagram-feed-pro/instagram-feed.php' ) && current_user_can( 'activate_plugins' ) && current_user_can( 'install_plugins' ) ){
72	add_submenu_page(
73	'cff-top',
74	__( 'Instagram Feed', 'custom-facebook-feed' ),

80	}
81
82	//Show a Twitter plugin menu item if it isn't already installed
83	+ if( !is_plugin_active( 'custom-twitter-feeds/custom-twitter-feed.php' ) && !is_plugin_active( 'custom-twitter-feeds-pro/custom-twitter-feed.php' ) && current_user_can( 'activate_plugins' ) && current_user_can( 'install_plugins' ) ){
84	add_submenu_page(
85	'cff-top',
86	__( 'Twitter Feed', 'custom-facebook-feed' ),

92	}
93
94	//Show a YouTube plugin menu item if it isn't already installed
95	+ if( !is_plugin_active( 'feeds-for-youtube/youtube-feed.php' ) && !is_plugin_active( 'youtube-feed-pro/youtube-feed.php' ) && current_user_can( 'activate_plugins' ) && current_user_can( 'install_plugins' ) ){
96	add_submenu_page(
97	'cff-top',
98	__( 'YouTube Feed', 'custom-facebook-feed' ),

inc/Admin/CFF_Global_Settings.php CHANGED Viewed

@@ -86,7 +86,14 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_save_settings() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		$data = $_POST;
             		$model = isset( $data[ 'model' ] ) ? $data['model'] : null;
@@ -218,7 +225,14 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_activate_license() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		// do the form validation to check if license_key is not empty
             		if ( empty( $_POST[ 'license_key' ] ) ) {
@@ -257,7 +271,14 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_deactivate_license() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		$license_key = trim( get_option( 'cff_license_key' ) );
             		$cff_license_data = $this->get_license_data( $license_key, 'deactivate_license', WPW_SL_ITEM_NAME );
@@ -286,7 +307,14 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_activate_extension_license() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		// do the form validation to check if license_key is not empty
             		if ( empty( $_POST[ 'license_key' ] ) ) {
@@ -321,7 +349,14 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_deactivate_extension_license() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		$extension_name = sanitize_text_field( $_POST[ 'extension_name' ] );
             		$extension_item_name = sanitize_text_field( $_POST[ 'extension_item_name' ] );
@@ -352,7 +387,15 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_test_connection() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		$license_key = get_option( 'cff_license_key' );
             		$cff_api_params = array(
             			'edd_action'=> 'check_license',
@@ -386,7 +429,15 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_import_settings_json() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		$filename = $_FILES['file']['name'];
             		$ext = pathinfo($filename, PATHINFO_EXTENSION);
             		if ( 'json' !== $ext ) {
@@ -425,22 +476,31 @@ class CFF_Global_Settings {
             	 * @return CFF_Response
             	 */
             	public function cff_export_settings_json() {
-            -
            		CFF_Feed_Builder::check_privilege( false );
-            -
            		if ( ! isset( $_GET['feed_id'] ) ) {
-            -
            			return;
+            		}
-            -
            		$feed_id = filter_var( $_GET['feed_id'], FILTER_SANITIZE_NUMBER_INT );
-            -
            		$feed = CFF_Feed_Saver_Manager::get_export_json( $feed_id );
-            -
            		$feed_info = CFF_Db::feeds_query( array('id' => $feed_id) );
-            -
            		$feed_name = strtolower( $feed_info[0]['feed_name'] );
-            -
            		$filename = 'cff-feed-' . $feed_name . '.json';
-            -
            		// create a new empty file in the php memory
-            -
            		$file  = fopen( 'php://memory', 'w' );
-            -
            		fwrite( $file, $feed );
-            -
            		fseek( $file, 0 );
-            -
            		header( 'Content-type: application/json' );
-            -
            		header( 'Content-disposition: attachment; filename = "' . $filename . '";' );
-            -
            		fpassthru( $file );
             		exit;
+            	}
@@ -450,7 +510,16 @@ class CFF_Global_Settings {
             	 * @since 4.0
             	 */
             	public function cff_clear_cache() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		// Get the settings model data
             		$model = isset( $_POST[ 'model' ] ) ? $_POST['model'] : null;
@@ -557,7 +626,15 @@ class CFF_Global_Settings {
             	 * @since 4.0
             	 */
             	public function cff_clear_image_resize_cache() {
-            -
            		CFF_Feed_Builder::check_privilege( 'nonce', 'cff_admin_nonce' );
             		// Caching option is a Pro only feature
             		if ( !CFF_Utils::cff_is_pro_version() ) {
             			return;


86	* @return CFF_Response
87	*/
88	public function cff_save_settings() {
89	+ //Security Checks
90	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
91	+
92	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
93	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
94	+ if ( ! current_user_can( $cap ) ) {
95	+ wp_send_json_error(); // This auto-dies.
96	+ }
97
98	$data = $_POST;
99	$model = isset( $data[ 'model' ] ) ? $data['model'] : null;

225	* @return CFF_Response
226	*/
227	public function cff_activate_license() {
228	+ //Security Checks
229	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
230	+
231	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
232	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
233	+ if ( ! current_user_can( $cap ) ) {
234	+ wp_send_json_error(); // This auto-dies.
235	+ }
236
237	// do the form validation to check if license_key is not empty
238	if ( empty( $_POST[ 'license_key' ] ) ) {

271	* @return CFF_Response
272	*/
273	public function cff_deactivate_license() {
274	+ //Security Checks
275	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
276	+
277	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
278	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
279	+ if ( ! current_user_can( $cap ) ) {
280	+ wp_send_json_error(); // This auto-dies.
281	+ }
282
283	$license_key = trim( get_option( 'cff_license_key' ) );
284	$cff_license_data = $this->get_license_data( $license_key, 'deactivate_license', WPW_SL_ITEM_NAME );

307	* @return CFF_Response
308	*/
309	public function cff_activate_extension_license() {
310	+ //Security Checks
311	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
312	+
313	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
314	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
315	+ if ( ! current_user_can( $cap ) ) {
316	+ wp_send_json_error(); // This auto-dies.
317	+ }
318
319	// do the form validation to check if license_key is not empty
320	if ( empty( $_POST[ 'license_key' ] ) ) {

349	* @return CFF_Response
350	*/
351	public function cff_deactivate_extension_license() {
352	+ //Security Checks
353	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
354	+
355	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
356	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
357	+ if ( ! current_user_can( $cap ) ) {
358	+ wp_send_json_error(); // This auto-dies.
359	+ }
360
361	$extension_name = sanitize_text_field( $_POST[ 'extension_name' ] );
362	$extension_item_name = sanitize_text_field( $_POST[ 'extension_item_name' ] );

387	* @return CFF_Response
388	*/
389	public function cff_test_connection() {
390	+ //Security Checks
391	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
392	+
393	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
394	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
395	+ if ( ! current_user_can( $cap ) ) {
396	+ wp_send_json_error(); // This auto-dies.
397	+ }
398	+
399	$license_key = get_option( 'cff_license_key' );
400	$cff_api_params = array(
401	'edd_action'=> 'check_license',

429	* @return CFF_Response
430	*/
431	public function cff_import_settings_json() {
432	+ //Security Checks
433	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
434	+
435	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
436	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
437	+ if ( ! current_user_can( $cap ) ) {
438	+ wp_send_json_error(); // This auto-dies.
439	+ }
440	+
441	$filename = $_FILES['file']['name'];
442	$ext = pathinfo($filename, PATHINFO_EXTENSION);
443	if ( 'json' !== $ext ) {

476	* @return CFF_Response
477	*/
478	public function cff_export_settings_json() {
479	+ //Security Checks
480	+ if(check_ajax_referer( 'cff_admin_nonce' , 'nonce', false) \|\| check_ajax_referer( 'cff-admin' , 'nonce', false) ){
481	+
482	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
483	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
484	+ if ( ! current_user_can( $cap ) ) {
485	+ wp_send_json_error(); // This auto-dies.
486	+ }
487	+
488	+ if ( ! isset( $_GET['feed_id'] ) ) {
489	+ return;
490	+ }
491	+ $feed_id = filter_var( $_GET['feed_id'], FILTER_SANITIZE_NUMBER_INT );
492	+ $feed = CFF_Feed_Saver_Manager::get_export_json( $feed_id );
493	+ $feed_info = CFF_Db::feeds_query( array('id' => $feed_id) );
494	+ $feed_name = strtolower( $feed_info[0]['feed_name'] );
495	+ $filename = 'cff-feed-' . $feed_name . '.json';
496	+ // create a new empty file in the php memory
497	+ $file = fopen( 'php://memory', 'w' );
498	+ fwrite( $file, $feed );
499	+ fseek( $file, 0 );
500	+ header( 'Content-type: application/json' );
501	+ header( 'Content-disposition: attachment; filename = "' . $filename . '";' );
502	+ fpassthru( $file );
503	}












504	exit;
505	}
506

510	* @since 4.0
511	*/
512	public function cff_clear_cache() {
513	+ //Security Checks
514	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
515	+
516	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
517	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
518	+ if ( ! current_user_can( $cap ) ) {
519	+ wp_send_json_error(); // This auto-dies.
520	+ }
521	+
522	+
523	// Get the settings model data
524	$model = isset( $_POST[ 'model' ] ) ? $_POST['model'] : null;
525

626	* @since 4.0
627	*/
628	public function cff_clear_image_resize_cache() {
629	+ //Security Checks
630	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
631	+
632	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
633	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
634	+ if ( ! current_user_can( $cap ) ) {
635	+ wp_send_json_error(); // This auto-dies.
636	+ }
637	+
638	// Caching option is a Pro only feature
639	if ( !CFF_Utils::cff_is_pro_version() ) {
640	return;

inc/Admin/CFF_New_User.php CHANGED Viewed

	@@ -57,7 +57,7 @@ class CFF_New_User extends CFF_Notifications {
57	*/
58	public function verify( $notifications ) {
59	$data = array();
60	-
61	if ( ! is_array( $notifications ) \|\| empty( $notifications ) ) {
62	return $data;
63	}
	@@ -235,13 +235,19 @@ class CFF_New_User extends CFF_Notifications {
235
236	/**
237	* Review Notice Consent from User
238	- *
239	* @since 4.0
240	*/
241	public function review_notice_consent() {
242	- if ~~( ! DOING_AJAX ) {~~
243	- ~~return~~;





244	}

245	$consent = isset( $_POST[ 'consent' ] ) ? sanitize_text_field( $_POST[ 'consent' ] ) : '';
246
247	update_option( 'cff_review_consent', $consent );
	@@ -297,7 +303,7 @@ class CFF_New_User extends CFF_Notifications {
297	foreach ( $notifications as $notification ) {
298	$img_src = CFF_PLUGIN_URL . 'admin/assets/img/' . sanitize_text_field( $notification['image'] );
299	$type = sanitize_text_field( $notification['id'] );
300	- // check if this is a review notice
301	if( $type == 'review' ) {
302	$review_consent = get_option( 'cff_review_consent' );
303	$cff_open_feedback_url = 'https://smashballoon.com/feedback/?plugin=facebook-lite';
	@@ -380,8 +386,8 @@ class CFF_New_User extends CFF_Notifications {
380	</div>
381	<div class="cff-notice-btns-wrap">
382	<p class="cff-notice-links">
383	- <?php
384	- foreach ( $buttons as $type => $button ) :
385	$btn_classes = array('cff-btn');
386	$btn_classes[] = esc_attr( $button['class'] );
387	if ( $type == 'primary' ) {
	@@ -408,11 +414,11 @@ class CFF_New_User extends CFF_Notifications {
408
409	/**
410	* CFF Get Notice Title depending on the notice type
411	- *
412	* @since 4.0
413	- *
414	* @param array $notification
415	- *
416	* @return string $title
417	*/
418	public function get_notice_title( $notification ) {
	@@ -433,12 +439,12 @@ class CFF_New_User extends CFF_Notifications {
433
434	/**
435	* CFF Get Notice Content depending on the notice type
436	- *
437	* @since 4.0
438	- *
439	* @param array $notification
440	* @param array $content_allowed_tags
441	- *
442	* @return string $content
443	*/
444	public function get_notice_content( $notification, $content_allowed_tags ) {


57	*/
58	public function verify( $notifications ) {
59	$data = array();
60	+
61	if ( ! is_array( $notifications ) \|\| empty( $notifications ) ) {
62	return $data;
63	}

235
236	/**
237	* Review Notice Consent from User
238	+ *
239	* @since 4.0
240	*/
241	public function review_notice_consent() {
242	+ //Security Checks
243	+ check_ajax_referer( 'cff_nonce', 'cff_nonce' );
244	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
245	+
246	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
247	+ if ( ! current_user_can( $cap ) ) {
248	+ wp_send_json_error(); // This auto-dies.
249	}
250	+
251	$consent = isset( $_POST[ 'consent' ] ) ? sanitize_text_field( $_POST[ 'consent' ] ) : '';
252
253	update_option( 'cff_review_consent', $consent );

303	foreach ( $notifications as $notification ) {
304	$img_src = CFF_PLUGIN_URL . 'admin/assets/img/' . sanitize_text_field( $notification['image'] );
305	$type = sanitize_text_field( $notification['id'] );
306	+ // check if this is a review notice
307	if( $type == 'review' ) {
308	$review_consent = get_option( 'cff_review_consent' );
309	$cff_open_feedback_url = 'https://smashballoon.com/feedback/?plugin=facebook-lite';

386	</div>
387	<div class="cff-notice-btns-wrap">
388	<p class="cff-notice-links">
389	+ <?php
390	+ foreach ( $buttons as $type => $button ) :
391	$btn_classes = array('cff-btn');
392	$btn_classes[] = esc_attr( $button['class'] );
393	if ( $type == 'primary' ) {

414
415	/**
416	* CFF Get Notice Title depending on the notice type
417	+ *
418	* @since 4.0
419	+ *
420	* @param array $notification
421	+ *
422	* @return string $title
423	*/
424	public function get_notice_title( $notification ) {

439
440	/**
441	* CFF Get Notice Content depending on the notice type
442	+ *
443	* @since 4.0
444	+ *
445	* @param array $notification
446	* @param array $content_allowed_tags
447	+ *
448	* @return string $content
449	*/
450	public function get_notice_content( $notification, $content_allowed_tags ) {

inc/Admin/CFF_Notifications.php CHANGED Viewed

	@@ -134,6 +134,14 @@ class CFF_Notifications {
134	* @return CFF_Response
135	*/
136	public function dismiss_upgrade_notice() {








137	// set the transient so it will hide for next 7 days
138	set_transient( 'facebook_feed_dismiss_lite', 'dismiss', 1 * WEEK_IN_SECONDS );
139


134	* @return CFF_Response
135	*/
136	public function dismiss_upgrade_notice() {
137	+ // Run a security check.
138	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
139	+
140	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
141	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
142	+ if ( ! current_user_can( $cap ) ) {
143	+ wp_send_json_error(); // This auto-dies.
144	+ }
145	// set the transient so it will hide for next 7 days
146	set_transient( 'facebook_feed_dismiss_lite', 'dismiss', 1 * WEEK_IN_SECONDS );
147

inc/Admin/CFF_Support.php CHANGED Viewed

	@@ -129,9 +129,9 @@ class CFF_Support {
129
130	/**
131	* Page Data to use in front end
132	- *
133	* @since 4.0
134	- *
135	* @return array
136	*/
137	public function page_data() {
	@@ -256,7 +256,7 @@ class CFF_Support {
256
257	/**
258	* Get System Info
259	- *
260	* @since 4.0
261	*/
262	public function get_system_info() {
	@@ -297,9 +297,9 @@ class CFF_Support {
297
298	/**
299	* Get Site and Server Info
300	- *
301	* @since 4.0
302	- *
303	* @return string
304	*/
305	public static function get_site_n_server_info() {
	@@ -327,9 +327,9 @@ class CFF_Support {
327
328	/**
329	* Get Active Plugins
330	- *
331	* @since 4.0
332	- *
333	* @return string
334	*/
335	public static function get_active_plugins_info() {
	@@ -350,9 +350,9 @@ class CFF_Support {
350
351	/**
352	* Get Global Settings
353	- *
354	* @since 4.0
355	- *
356	* @return string
357	*/
358	public static function get_global_settings_info() {
	@@ -432,9 +432,9 @@ class CFF_Support {
432
433	/**
434	* Get Feeds Settings
435	- *
436	* @since 4.0
437	- *
438	* @return string
439	*/
440	public static function get_feeds_settings_info() {
	@@ -475,20 +475,20 @@ class CFF_Support {
475	$i++;
476	}
477	$output .= "</br>";
478	-
479	return $output;
480	}
481	-
482	/**
483	* Get Image Resizing Info
484	- *
485	* @since 4.0
486	- *
487	* @return string
488	*/
489	public static function get_image_resizing_info() {
490	$output = "## IMAGE RESIZING: ##" . "</br>";
491	-
492	$upload = wp_upload_dir();
493	$upload_dir = $upload['basedir'];
494	$upload_dir = trailingslashit( $upload_dir ) . CFF_UPLOADS_NAME;
	@@ -501,15 +501,15 @@ class CFF_Support {
501	}
502	}
503	$output .= "</br>";
504	-
505	return $output;
506	}
507
508	/**
509	* Get Posts Table Info
510	- *
511	* @since 4.0
512	- *
513	* @return string
514	*/
515	public static function get_posts_table_info() {
	@@ -559,9 +559,9 @@ class CFF_Support {
559
560	/**
561	* CFF Get Errors Info
562	- *
563	* @since 4.0
564	- *
565	* @return string
566	*/
567	public static function get_errors_info() {
	@@ -590,9 +590,9 @@ class CFF_Support {
590
591	/**
592	* Get Action Logs Info
593	- *
594	* @since 4.0
595	- *
596	* @return string
597	*/
598	public static function get_action_logs_info() {
	@@ -604,15 +604,15 @@ class CFF_Support {
604	endforeach;
605	endif;
606	$output .= "</br>";
607	-
608	return $output;
609	}
610
611	/**
612	* Get Feeds Settings
613	- *
614	* @since 4.0
615	- *
616	* @return string
617	*/
618	public static function get_oembeds_info() {
	@@ -627,9 +627,9 @@ class CFF_Support {
627
628	/**
629	* CFF Get Support URL
630	- *
631	* @since 4.0
632	- *
633	* @return string $url
634	*/
635	public function get_support_url() {
	@@ -657,7 +657,16 @@ class CFF_Support {
657	* @return CFF_Response
658	*/
659	public function cff_export_settings_json() {
660	- \CustomFacebookFeed\Builder\CFF_Feed_Builder::check_privilege( false );









661	if ( ! isset( $_GET['feed_id'] ) ) {
662	return;
663	}
	@@ -679,11 +688,11 @@ class CFF_Support {
679
680	/**
681	* CFF Get Whitespace
682	- *
683	* @since 4.0
684	- *
685	- * @param int $times
686	- *
687	* @return string
688	*/
689	public static function get_whitespace( $times ) {


129
130	/**
131	* Page Data to use in front end
132	+ *
133	* @since 4.0
134	+ *
135	* @return array
136	*/
137	public function page_data() {

256
257	/**
258	* Get System Info
259	+ *
260	* @since 4.0
261	*/
262	public function get_system_info() {

297
298	/**
299	* Get Site and Server Info
300	+ *
301	* @since 4.0
302	+ *
303	* @return string
304	*/
305	public static function get_site_n_server_info() {

327
328	/**
329	* Get Active Plugins
330	+ *
331	* @since 4.0
332	+ *
333	* @return string
334	*/
335	public static function get_active_plugins_info() {

350
351	/**
352	* Get Global Settings
353	+ *
354	* @since 4.0
355	+ *
356	* @return string
357	*/
358	public static function get_global_settings_info() {

432
433	/**
434	* Get Feeds Settings
435	+ *
436	* @since 4.0
437	+ *
438	* @return string
439	*/
440	public static function get_feeds_settings_info() {

475	$i++;
476	}
477	$output .= "</br>";
478	+
479	return $output;
480	}
481	+
482	/**
483	* Get Image Resizing Info
484	+ *
485	* @since 4.0
486	+ *
487	* @return string
488	*/
489	public static function get_image_resizing_info() {
490	$output = "## IMAGE RESIZING: ##" . "</br>";
491	+
492	$upload = wp_upload_dir();
493	$upload_dir = $upload['basedir'];
494	$upload_dir = trailingslashit( $upload_dir ) . CFF_UPLOADS_NAME;

501	}
502	}
503	$output .= "</br>";
504	+
505	return $output;
506	}
507
508	/**
509	* Get Posts Table Info
510	+ *
511	* @since 4.0
512	+ *
513	* @return string
514	*/
515	public static function get_posts_table_info() {

559
560	/**
561	* CFF Get Errors Info
562	+ *
563	* @since 4.0
564	+ *
565	* @return string
566	*/
567	public static function get_errors_info() {

590
591	/**
592	* Get Action Logs Info
593	+ *
594	* @since 4.0
595	+ *
596	* @return string
597	*/
598	public static function get_action_logs_info() {

604	endforeach;
605	endif;
606	$output .= "</br>";
607	+
608	return $output;
609	}
610
611	/**
612	* Get Feeds Settings
613	+ *
614	* @since 4.0
615	+ *
616	* @return string
617	*/
618	public static function get_oembeds_info() {

627
628	/**
629	* CFF Get Support URL
630	+ *
631	* @since 4.0
632	+ *
633	* @return string $url
634	*/
635	public function get_support_url() {

657	* @return CFF_Response
658	*/
659	public function cff_export_settings_json() {
660	+ //\CustomFacebookFeed\Builder\CFF_Feed_Builder::check_privilege( false );
661	+ //Security Checks
662	+ check_ajax_referer( 'cff-admin', 'nonce' );
663	+
664	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
665	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
666	+ if ( ! current_user_can( $cap ) ) {
667	+ wp_send_json_error(); // This auto-dies.
668	+ }
669	+
670	if ( ! isset( $_GET['feed_id'] ) ) {
671	return;
672	}

688
689	/**
690	* CFF Get Whitespace
691	+ *
692	* @since 4.0
693	+ *
694	+ * @param int $times
695	+ *
696	* @return string
697	*/
698	public static function get_whitespace( $times ) {

inc/Admin/CFF_Upgrader.php CHANGED Viewed

	@@ -87,11 +87,15 @@ class CFF_Upgrader {
87	*/
88	public static function maybe_upgrade_redirect() {
89	$home_url = home_url();
90	- ~~$nonce~~ = ~~$_POST[~~'nonce'];
91
92	- if ( ! ~~wp_verify_nonce(~~ ~~$nonce,~~ '~~cff_admin_nonce~~' ) ~~) {~~
93	- ~~die~~ ( '~~You~~ ~~did~~ ~~not do this the right way!'~~ );


94	}


95	// Check for permissions.
96	if ( ! current_user_can( 'install_plugins' ) ) {
97	wp_send_json_error( array( 'message' => esc_html__( 'You are not allowed to install plugins.', 'custom-facebook-feed' ) ) );


87	*/
88	public static function maybe_upgrade_redirect() {
89	$home_url = home_url();
90	+ check_ajax_referer( 'cff_admin_nonce' , 'nonce');
91
92	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
93	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
94	+ if ( ! current_user_can( $cap ) ) {
95	+ wp_send_json_error(); // This auto-dies.
96	}
97	+
98	+
99	// Check for permissions.
100	if ( ! current_user_can( 'install_plugins' ) ) {
101	wp_send_json_error( array( 'message' => esc_html__( 'You are not allowed to install plugins.', 'custom-facebook-feed' ) ) );

inc/Admin/CFF_oEmbeds.php CHANGED Viewed

	@@ -70,9 +70,9 @@ class CFF_oEmbeds {
70
71	/**
72	* Disable Facebook oEmbed
73	- *
74	* @since 4.0
75	- *
76	* @return CFF_Response
77	*/
78	public function disable_facebook_oembed () {
	@@ -90,9 +90,9 @@ class CFF_oEmbeds {
90
91	/**
92	* Disable Instagram oEmbed
93	- *
94	* @since 4.0
95	- *
96	* @return CFF_Response
97	*/
98	public function disable_instagram_oembed () {


70
71	/**
72	* Disable Facebook oEmbed
73	+ *
74	* @since 4.0
75	+ *
76	* @return CFF_Response
77	*/
78	public function disable_facebook_oembed () {

90
91	/**
92	* Disable Instagram oEmbed
93	+ *
94	* @since 4.0
95	+ *
96	* @return CFF_Response
97	*/
98	public function disable_instagram_oembed () {

inc/Builder/CFF_Feed_Builder.php CHANGED Viewed

	@@ -73,6 +73,8 @@ class CFF_Feed_Builder {
73	* @since 4.0
74	*/
75	public static function after_dismiss_onboarding() {


76	$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
77	$cap = apply_filters( 'cff_settings_pages_capability', $cap );
78
	@@ -92,7 +94,11 @@ class CFF_Feed_Builder {
92	* @since 4.0
93	*/
94	public static function sb_other_plugins_modal() {
95	- ~~CFF_Feed_Builder::check_privilege~~( '~~nonce~~', 'cff_nonce' );




96
97	$plugin = isset( $_POST['plugin'] ) ? sanitize_text_field( $_POST['plugin'] ) : '';
98	$sb_other_plugins = self::install_plugins_popup();


73	* @since 4.0
74	*/
75	public static function after_dismiss_onboarding() {
76	+ check_ajax_referer( 'cff-admin' , 'nonce');
77	+
78	$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
79	$cap = apply_filters( 'cff_settings_pages_capability', $cap );
80

94	* @since 4.0
95	*/
96	public static function sb_other_plugins_modal() {
97	+ check_ajax_referer( 'cff_nonce' , 'cff_nonce');
98	+
99	+ if ( ! current_user_can( 'activate_plugins' ) \|\| ! current_user_can( 'install_plugins' ) ) {
100	+ wp_send_json_error();
101	+ }
102
103	$plugin = isset( $_POST['plugin'] ) ? sanitize_text_field( $_POST['plugin'] ) : '';
104	$sb_other_plugins = self::install_plugins_popup();

inc/Builder/CFF_Feed_Saver_Manager.php CHANGED Viewed

	@@ -35,7 +35,14 @@ class CFF_Feed_Saver_Manager {
35	* @since 4.0
36	*/
37	public static function builder_update() {
38	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );







39
40	$settings_data = $_POST;
41
	@@ -147,7 +154,13 @@ class CFF_Feed_Saver_Manager {
147	* @since 4.0
148	*/
149	public static function retrieve_comments() {
150	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






151
152	if ( empty( $_POST['feed_id'] )) {
153	echo '{}';
	@@ -179,7 +192,13 @@ class CFF_Feed_Saver_Manager {
179	* @since 4.0
180	*/
181	public static function delete_feed() {
182	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






183
184	if ( ! empty( $_POST['feeds_ids'] ) && is_array( $_POST['feeds_ids'] )) {
185	CFF_Db::delete_feeds_query( $_POST['feeds_ids'] );
	@@ -194,7 +213,13 @@ class CFF_Feed_Saver_Manager {
194	* @since 4.0
195	*/
196	public static function delete_source() {
197	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






198
199	if ( ! empty( $_POST['source_id'] ) ) {
200	CFF_Db::delete_source_query( $_POST['source_id'] );
	@@ -208,7 +233,13 @@ class CFF_Feed_Saver_Manager {
208	* @since 4.0
209	*/
210	public static function clear_single_feed_cache() {
211	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






212
213	$feed_id = sanitize_text_field( $_POST['feedID'] );
214
	@@ -239,7 +270,13 @@ class CFF_Feed_Saver_Manager {
239	* @since 4.0
240	*/
241	public static function duplicate_feed() {
242	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






243
244	if ( ! empty( $_POST['feed_id'] ) ) {
245	CFF_Db::duplicate_feed_query( $_POST['feed_id'] );
	@@ -253,7 +290,13 @@ class CFF_Feed_Saver_Manager {
253	* @since 4.0
254	*/
255	public static function importer() {
256	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






257
258	if ( ! empty( $_POST['feed_json'] ) && strpos( $_POST['feed_json'], '{' ) === 0 ) {
259	echo json_encode( CFF_Feed_Saver_Manager::import_feed( stripslashes( $_POST['feed_json'] ) ) );
	@@ -275,7 +318,7 @@ class CFF_Feed_Saver_Manager {
275	* @since 4.0
276	*/
277	public static function maybe_feed_customizer_data( $include_comments = false ) {
278	- ~~CFF_Feed_Builder::check_privilege( false );~~
279
280	if ( isset( $_GET['feed_id'] ) ){
281	$feed_id = $_GET['feed_id'];
	@@ -331,7 +374,13 @@ class CFF_Feed_Saver_Manager {
331	* @since 4.0
332	*/
333	public static function feed_customizer_fly_preview() {
334	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






335
336	if( isset( $_POST['feedID'] ) && isset( $_POST['previewSettings'] ) ){
337	$return = array(
	@@ -368,7 +417,13 @@ class CFF_Feed_Saver_Manager {
368	* @since 4.0
369	*/
370	public static function get_feed_settings() {
371	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






372
373	$feed_id = ! empty( $_POST['feed_id'] ) ? $_POST['feed_id'] : false;
374
	@@ -430,7 +485,13 @@ class CFF_Feed_Saver_Manager {
430	* @since 4.0
431	*/
432	public static function get_feed_list_page() {
433	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






434
435	$args = array( 'page' => (int)$_POST['page'] );
436	$feeds_data = CFF_Feed_Builder::get_feed_list($args);
	@@ -446,7 +507,13 @@ class CFF_Feed_Saver_Manager {
446	* @since 4.0
447	*/
448	public static function get_locations_page() {
449	- ~~CFF_Feed_Builder::check_privilege~~( ~~false~~ );






450
451	$args = array( 'page' => (int)$_POST['page'] );
452


35	* @since 4.0
36	*/
37	public static function builder_update() {
38	+ check_ajax_referer( 'cff-admin' , 'nonce');
39	+
40	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
41	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
42	+ if ( ! current_user_can( $cap ) ) {
43	+ wp_send_json_error(); // This auto-dies.
44	+ }
45	+
46
47	$settings_data = $_POST;
48

154	* @since 4.0
155	*/
156	public static function retrieve_comments() {
157	+ check_ajax_referer( 'cff-admin' , 'nonce');
158	+
159	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
160	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
161	+ if ( ! current_user_can( $cap ) ) {
162	+ wp_send_json_error(); // This auto-dies.
163	+ }
164
165	if ( empty( $_POST['feed_id'] )) {
166	echo '{}';

192	* @since 4.0
193	*/
194	public static function delete_feed() {
195	+ check_ajax_referer( 'cff-admin' , 'nonce');
196	+
197	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
198	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
199	+ if ( ! current_user_can( $cap ) ) {
200	+ wp_send_json_error(); // This auto-dies.
201	+ }
202
203	if ( ! empty( $_POST['feeds_ids'] ) && is_array( $_POST['feeds_ids'] )) {
204	CFF_Db::delete_feeds_query( $_POST['feeds_ids'] );

213	* @since 4.0
214	*/
215	public static function delete_source() {
216	+ check_ajax_referer( 'cff_admin_nonce' , 'nonce');
217	+
218	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
219	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
220	+ if ( ! current_user_can( $cap ) ) {
221	+ wp_send_json_error(); // This auto-dies.
222	+ }
223
224	if ( ! empty( $_POST['source_id'] ) ) {
225	CFF_Db::delete_source_query( $_POST['source_id'] );

233	* @since 4.0
234	*/
235	public static function clear_single_feed_cache() {
236	+ check_ajax_referer( 'cff-admin' , 'nonce');
237	+
238	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
239	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
240	+ if ( ! current_user_can( $cap ) ) {
241	+ wp_send_json_error(); // This auto-dies.
242	+ }
243
244	$feed_id = sanitize_text_field( $_POST['feedID'] );
245

270	* @since 4.0
271	*/
272	public static function duplicate_feed() {
273	+ check_ajax_referer( 'cff-admin' , 'nonce');
274	+
275	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
276	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
277	+ if ( ! current_user_can( $cap ) ) {
278	+ wp_send_json_error(); // This auto-dies.
279	+ }
280
281	if ( ! empty( $_POST['feed_id'] ) ) {
282	CFF_Db::duplicate_feed_query( $_POST['feed_id'] );

290	* @since 4.0
291	*/
292	public static function importer() {
293	+ check_ajax_referer( 'cff-admin' , 'nonce');
294	+
295	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
296	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
297	+ if ( ! current_user_can( $cap ) ) {
298	+ wp_send_json_error(); // This auto-dies.
299	+ }
300
301	if ( ! empty( $_POST['feed_json'] ) && strpos( $_POST['feed_json'], '{' ) === 0 ) {
302	echo json_encode( CFF_Feed_Saver_Manager::import_feed( stripslashes( $_POST['feed_json'] ) ) );

318	* @since 4.0
319	*/
320	public static function maybe_feed_customizer_data( $include_comments = false ) {
321	+
322
323	if ( isset( $_GET['feed_id'] ) ){
324	$feed_id = $_GET['feed_id'];

374	* @since 4.0
375	*/
376	public static function feed_customizer_fly_preview() {
377	+ check_ajax_referer( 'cff-admin' , 'nonce');
378	+
379	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
380	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
381	+ if ( ! current_user_can( $cap ) ) {
382	+ wp_send_json_error(); // This auto-dies.
383	+ }
384
385	if( isset( $_POST['feedID'] ) && isset( $_POST['previewSettings'] ) ){
386	$return = array(

417	* @since 4.0
418	*/
419	public static function get_feed_settings() {
420	+ check_ajax_referer( 'cff-admin' , 'nonce');
421	+
422	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
423	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
424	+ if ( ! current_user_can( $cap ) ) {
425	+ wp_send_json_error(); // This auto-dies.
426	+ }
427
428	$feed_id = ! empty( $_POST['feed_id'] ) ? $_POST['feed_id'] : false;
429

485	* @since 4.0
486	*/
487	public static function get_feed_list_page() {
488	+ check_ajax_referer( 'cff-admin' , 'nonce');
489	+
490	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
491	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
492	+ if ( ! current_user_can( $cap ) ) {
493	+ wp_send_json_error(); // This auto-dies.
494	+ }
495
496	$args = array( 'page' => (int)$_POST['page'] );
497	$feeds_data = CFF_Feed_Builder::get_feed_list($args);

507	* @since 4.0
508	*/
509	public static function get_locations_page() {
510	+ check_ajax_referer( 'cff-admin' , 'nonce');
511	+
512	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
513	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
514	+ if ( ! current_user_can( $cap ) ) {
515	+ wp_send_json_error(); // This auto-dies.
516	+ }
517
518	$args = array( 'page' => (int)$_POST['page'] );
519

inc/Builder/CFF_Source.php CHANGED Viewed

@@ -33,7 +33,14 @@ class CFF_Source {
             	 * @since 4.0
             	 */
             	public static function builder_update() {
-            -
            		CFF_Feed_Builder::check_privilege( false );
             		$source_data = array(
             			'access_token' => sanitize_text_field( $_POST['access_token'] ),
@@ -116,33 +123,41 @@ class CFF_Source {
             	 * @since 4.0
             	 */
             	public static function builder_update_multiple() {
-            -
            		CFF_Feed_Builder::check_privilege( false );
-            -
            		if(isset($_POST['sourcesList']) && !empty($_POST['sourcesList'])  && is_array($_POST['sourcesList'])){
-            -
            			foreach ($_POST['sourcesList'] as $single_source):
-            -
            				$source_data = array(
-            -
            					'access_token' => sanitize_text_field( $single_source['access_token'] ),
-            -
            					'id'           => sanitize_text_field( $single_source['account_id'] ),
-            -
            					'name'		   => isset($single_source['name']) ? sanitize_text_field($single_source['name']) : '',
-            -
            					'type'         => sanitize_text_field( $_POST['type'] ),
-            -
            					'privilege'    => isset( $single_source['privilege'] ) ? sanitize_text_field( $single_source['privilege'] ) : '',
-            -
            				);
-            -
            				$header_details = \CustomFacebookFeed\CFF_Utils::fetch_header_data( $source_data['id'], $source_data['type'] === 'group', $source_data['access_token'], 0, false, '' );
-            -
            				if ( isset( $header_details->shortcode_options ) ) {
-            -
            					unset( $header_details->shortcode_options );
-            -
            				}
-            -
            				if ( isset( $header_details->name ) ) {
-            -
            					$source_data['name'] = $header_details->name;
-            -
            				}
-            -
            				$source_data['info'] = $header_details;
-            -
            				// don't update or insert the access token if there is an API error
-            -
            				if ( ! isset( $header_details->error ) ) {
-            -
            					$source_data['error'] = '';
-            -
            					CFF_Source::update_or_insert( $source_data );
-            -
            				}
-            -
            			endforeach;
+            		}
-            -
            		echo \CustomFacebookFeed\CFF_Utils::cff_json_encode( CFF_Feed_Builder::get_source_list() );
             		wp_die();
+            	}
@@ -152,7 +167,14 @@ class CFF_Source {
             	 * @since 4.0
             	 */
             	public static function get_page() {
-            -
            		CFF_Feed_Builder::check_privilege( false );
             		$args = array( 'page' => $_POST['page'] );
             		$source_data = CFF_Db::source_query( $args );
@@ -168,7 +190,14 @@ class CFF_Source {
             	 * @since 4.0
             	 */
             	public static function get_featured_post_preview() {
-            -
            		CFF_Feed_Builder::check_privilege( false );
             		$query_args = array(
             			'id' => sanitize_text_field( $_POST['source_id'] )
@@ -204,7 +233,14 @@ class CFF_Source {
             	 * @since 4.0
             	 */
             	public static function get_playlist_post_preview() {
-            -
            		CFF_Feed_Builder::check_privilege( false );
             		$query_args = array(
             			'id' => sanitize_text_field( $_POST['source_id'] )


33	* @since 4.0
34	*/
35	public static function builder_update() {
36	+ check_ajax_referer( 'cff-admin' , 'nonce');
37	+
38	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
39	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
40	+ if ( ! current_user_can( $cap ) ) {
41	+ wp_send_json_error(); // This auto-dies.
42	+ }
43	+
44
45	$source_data = array(
46	'access_token' => sanitize_text_field( $_POST['access_token'] ),

123	* @since 4.0
124	*/
125	public static function builder_update_multiple() {

126
127	+ if(check_ajax_referer( 'cff_admin_nonce' , 'nonce', false) \|\| check_ajax_referer( 'cff-admin' , 'nonce', false) ){
128	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
129	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
130	+ if ( ! current_user_can( $cap ) ) {
131	+ wp_send_json_error(); // This auto-dies.
132	+ }
133	+
134	+ if(isset($_POST['sourcesList']) && !empty($_POST['sourcesList']) && is_array($_POST['sourcesList'])){
135	+ foreach ($_POST['sourcesList'] as $single_source):
136	+ $source_data = array(
137	+ 'access_token' => sanitize_text_field( $single_source['access_token'] ),
138	+ 'id' => sanitize_text_field( $single_source['account_id'] ),
139	+ 'name' => isset($single_source['name']) ? sanitize_text_field($single_source['name']) : '',
140	+ 'type' => sanitize_text_field( $_POST['type'] ),
141	+ 'privilege' => isset( $single_source['privilege'] ) ? sanitize_text_field( $single_source['privilege'] ) : '',
142	+ );
143	+ $header_details = \CustomFacebookFeed\CFF_Utils::fetch_header_data( $source_data['id'], $source_data['type'] === 'group', $source_data['access_token'], 0, false, '' );
144	+ if ( isset( $header_details->shortcode_options ) ) {
145	+ unset( $header_details->shortcode_options );
146	+ }
147	+ if ( isset( $header_details->name ) ) {
148	+ $source_data['name'] = $header_details->name;
149	+ }
150	+ $source_data['info'] = $header_details;
151	+ // don't update or insert the access token if there is an API error
152	+ if ( ! isset( $header_details->error ) ) {
153	+ $source_data['error'] = '';
154	+ CFF_Source::update_or_insert( $source_data );
155	+ }
156	+ endforeach;
157	+ }
158	+ echo \CustomFacebookFeed\CFF_Utils::cff_json_encode( CFF_Feed_Builder::get_source_list() );
159	}
160	+
161	wp_die();
162	}
163

167	* @since 4.0
168	*/
169	public static function get_page() {
170	+ check_ajax_referer( 'cff-admin' , 'nonce');
171	+
172	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
173	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
174	+ if ( ! current_user_can( $cap ) ) {
175	+ wp_send_json_error(); // This auto-dies.
176	+ }
177	+
178
179	$args = array( 'page' => $_POST['page'] );
180	$source_data = CFF_Db::source_query( $args );

190	* @since 4.0
191	*/
192	public static function get_featured_post_preview() {
193	+ check_ajax_referer( 'cff-admin' , 'nonce');
194	+
195	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
196	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
197	+ if ( ! current_user_can( $cap ) ) {
198	+ wp_send_json_error(); // This auto-dies.
199	+ }
200	+
201
202	$query_args = array(
203	'id' => sanitize_text_field( $_POST['source_id'] )

233	* @since 4.0
234	*/
235	public static function get_playlist_post_preview() {
236	+ check_ajax_referer( 'cff-admin' , 'nonce');
237	+
238	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
239	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
240	+ if ( ! current_user_can( $cap ) ) {
241	+ wp_send_json_error(); // This auto-dies.
242	+ }
243	+
244
245	$query_args = array(
246	'id' => sanitize_text_field( $_POST['source_id'] )

inc/Builder/Tabs/CFF_Customize_Tab.php CHANGED Viewed

	@@ -964,7 +964,6 @@ class CFF_Customize_Tab{
964	'stacked' => 'true',
965	'layout' => 'half',
966	'reverse' => 'true',
967	- 'labelStrong' => 'true',
968	'options' => [
969	'enabled' => 'on',
970	'disabled' => 'off'


964	'stacked' => 'true',
965	'layout' => 'half',
966	'reverse' => 'true',

967	'options' => [
968	'enabled' => 'on',
969	'disabled' => 'off'

inc/CFF_Error_Reporter.php CHANGED Viewed

	@@ -582,6 +582,11 @@ class CFF_Error_Reporter
582	public function dismiss_critical_notice() {
583
584	check_ajax_referer( 'cff-critical-notice', 'nonce' );





585
586	update_option( 'cff_dismiss_critical_notice', 1, false );
587


582	public function dismiss_critical_notice() {
583
584	check_ajax_referer( 'cff-critical-notice', 'nonce' );
585	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
586	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
587	+ if ( ! current_user_can( $cap ) ) {
588	+ wp_send_json_error(); // This auto-dies.
589	+ }
590
591	update_option( 'cff_dismiss_critical_notice', 1, false );
592

inc/CFF_Feed_Locator.php CHANGED Viewed

@@ -60,6 +60,26 @@ class CFF_Feed_Locator{
             		global $wpdb;
             		$feed_locator_table_name = esc_sql( $wpdb->prefix . CFF_FEED_LOCATOR );
             		$affected = $wpdb->query( $wpdb->prepare( "INSERT INTO $feed_locator_table_name
                   	(feed_id,
@@ -79,6 +99,17 @@ class CFF_Feed_Locator{
             			CFF_Utils::cff_json_encode( $this->feed_details['atts'] ),
             			date( 'Y-m-d H:i:s' ) ) );
+            	}
             	/**
             	 * Update a record based on the existing "id" column. Location can change
@@ -601,8 +632,21 @@ class CFF_Feed_Locator{
             				'html' => $location
+            			)
             		);
-            -
            		CFF_Feed_Locator::do_background_tasks( $feed_details );
-            -
            		wp_die( 'locating success' );
+            	}


60	global $wpdb;
61
62	$feed_locator_table_name = esc_sql( $wpdb->prefix . CFF_FEED_LOCATOR );
63	+ $two_minutes_ago = date( 'Y-m-d H:i:s', time() - 120 );
64	+
65	+ $results_recent_entries = $wpdb->get_results( $wpdb->prepare("
66	+ SELECT COUNT(*) AS num_entries
67	+ FROM $feed_locator_table_name
68	+ WHERE last_update > %s;
69	+ ", $two_minutes_ago ), ARRAY_A );
70	+
71	+ // Only allow 5 new entries within 5 minutes
72	+ if ( isset( $results_recent_entries[0]['num_entries'] ) && (int)$results_recent_entries[0]['num_entries'] > 5 ) {
73	+ return;
74	+ }
75	+
76	+ // Only allow 1000 total entries
77	+ $results_total_entries = $wpdb->get_results( "
78	+ SELECT COUNT(*) AS num_entries
79	+ FROM $feed_locator_table_name", ARRAY_A );
80	+ if ( isset( $results_total_entries[0]['num_entries'] ) && (int)$results_total_entries[0]['num_entries'] > 1000 ) {
81	+ $this->delete_oldest_entry();
82	+ }
83
84	$affected = $wpdb->query( $wpdb->prepare( "INSERT INTO $feed_locator_table_name
85	(feed_id,

99	CFF_Utils::cff_json_encode( $this->feed_details['atts'] ),
100	date( 'Y-m-d H:i:s' ) ) );
101	}
102	+ public function delete_oldest_entry() {
103	+ global $wpdb;
104	+
105	+ $feed_locator_table_name = esc_sql( $wpdb->prefix . SBI_INSTAGRAM_FEED_LOCATOR );
106	+
107	+ $affected = $wpdb->query(
108	+ "DELETE FROM $feed_locator_table_name
109	+ ORDER BY last_update ASC
110	+ LIMIT 1;" );
111	+
112	+ }
113
114	/**
115	* Update a record based on the existing "id" column. Location can change

632	'html' => $location
633	)
634	);
635	+ $can_do_background_tasks = false;
636	+
637	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
638	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
639	+ if ( current_user_can( $cap ) ) {
640	+ $can_do_background_tasks = true;
641	+ }
642	+
643	+
644	+ if ( $can_do_background_tasks ) {
645	+ CFF_Feed_Locator::do_background_tasks( $feed_details );
646	+ wp_die( 'locating success' );
647	+ }
648	+
649	+ wp_die( 'skipped locating' );
650	}
651
652

inc/CFF_Shortcode.php CHANGED Viewed

	@@ -1100,7 +1100,7 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
1100	$cff_content .= CFF_Utils::print_template_part( 'credit', get_defined_vars());
1101
1102	//End the feed
1103	- $cff_content .= '<input class="cff-pag-url" type="hidden" data-cff-shortcode="'.$data_att_html.'" data-post-id="' . get_the_ID() . '" data-feed-id="'.$atts['id'].'">';
1104	$cff_content .= '</div></div><div class="cff-clear"></div>';
1105
1106	//Add the Like Box outside


1100	$cff_content .= CFF_Utils::print_template_part( 'credit', get_defined_vars());
1101
1102	//End the feed
1103	+ $cff_content .= '<input class="cff-pag-url" type="hidden" data-locatornonce="'.esc_attr( wp_create_nonce( 'cff-locator-nonce-' . get_the_ID() ) ) .'" data-cff-shortcode="'.$data_att_html.'" data-post-id="' . get_the_ID() . '" data-feed-id="'.$atts['id'].'">';
1104	$cff_content .= '</div></div><div class="cff-clear"></div>';
1105
1106	//Add the Like Box outside

inc/Custom_Facebook_Feed.php CHANGED Viewed

@@ -229,7 +229,7 @@ final class Custom_Facebook_Feed{
             	 * @var CFF_Tooltip_Wizard
             	 */
             	public $cff_tooltip_wizard;
-            -
             	/**
             	 * CFF_Elementor_Base.
+            	 *
@@ -326,6 +326,8 @@ final class Custom_Facebook_Feed{
             		$this->register_assets();
             		$this->group_posts_process();
             		if ( $this->cff_blocks->allow_load() ) {
             			$this->cff_blocks->load();
+            		}
@@ -522,6 +524,7 @@ final class Custom_Facebook_Feed{
+            		}
             		//\CustomFacebookFeed\Builder\CFF_Db::reset_tables();\CustomFacebookFeed\Builder\CFF_Db::reset_db_update();die();
             		/**
             		 * for 4.0 update
             		 */
@@ -879,23 +882,56 @@ final class Custom_Facebook_Feed{
             	 * @access public
             	 */
             	function cff_feed_locator(){
-            -
            		$feed_locator_data_array = isset($_POST['feedLocatorData']) && !empty($_POST['feedLocatorData']) && is_array($_POST['feedLocatorData']) ? $_POST['feedLocatorData'] : false;
-            -
            	  	if($feed_locator_data_array != false):
-            -
            	  		foreach ($feed_locator_data_array as $single_feed_locator) {
-            -
            	  			$feed_details = array(
-            -
            					'feed_id' => $single_feed_locator['feedID'],
-            -
            					'atts' =>  $single_feed_locator['shortCodeAtts'],
-            -
            					'location' => array(
-            -
            						'post_id' => $single_feed_locator['postID'],
-            -
            						'html' => $single_feed_locator['location']
-            -
            					)
-            -
            				);
-            -
            				$locator = new CFF_Feed_Locator( $feed_details );
-            -
            				$locator->add_or_update_entry();
-            -
            	  		}
-            -
            	  	endif;
             	    die();
+            	}
+            }


229	* @var CFF_Tooltip_Wizard
230	*/
231	public $cff_tooltip_wizard;
232	+
233	/**
234	* CFF_Elementor_Base.
235	*

326	$this->register_assets();
327	$this->group_posts_process();
328
329	+ $this->detect_custom_code();
330	+
331	if ( $this->cff_blocks->allow_load() ) {
332	$this->cff_blocks->load();
333	}

524	}
525
526	//\CustomFacebookFeed\Builder\CFF_Db::reset_tables();\CustomFacebookFeed\Builder\CFF_Db::reset_db_update();die();
527	+
528	/**
529	* for 4.0 update
530	*/

882	* @access public
883	*/
884	function cff_feed_locator(){
885	+
886	+ $feed_locator_data_array = isset($_POST['feedLocatorData']) && !empty($_POST['feedLocatorData']) && is_array($_POST['feedLocatorData']) ? $_POST['feedLocatorData'] : false;
887	+ if($feed_locator_data_array != false):
888	+ foreach ($feed_locator_data_array as $single_feed_locator) {
889	+ $can_do_background_tasks = false;
890	+
891	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
892	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
893	+ if ( current_user_can( $cap ) ) {
894	+ $can_do_background_tasks = true;
895	+ } else {
896	+ $nonce = isset( $_POST['locator_nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['locator_nonce'] ) ) : '';
897	+ if ( isset( $single_feed_locator['postID'] ) && wp_verify_nonce( $nonce, esc_attr( 'cff-locator-nonce-' . $single_feed_locator['postID'] ) ) ) {
898	+ $can_do_background_tasks = true;
899	+ }
900	+ }
901	+
902	+ if( $can_do_background_tasks ){
903	+ $feed_details = array(
904	+ 'feed_id' => $single_feed_locator['feedID'],
905	+ 'atts' => $single_feed_locator['shortCodeAtts'],
906	+ 'location' => array(
907	+ 'post_id' => $single_feed_locator['postID'],
908	+ 'html' => $single_feed_locator['location']
909	+ )
910	+ );
911	+ $locator = new CFF_Feed_Locator( $feed_details );
912	+ $locator->add_or_update_entry();
913	+ }
914	+ }
915	+ endif;
916	die();
917	}
918	+
919	+ /**
920	+ * Detect Custom CSS Code
921	+ *
922	+ *
923	+ * @since ??
924	+ * @access public
925	+ */
926	+ public function detect_custom_code(){
927	+ //$cff_options = get_option( 'cff_style_settings' );
928	+ //if( !empty( $cff_options[ 'cff_custom_css' ]) ){
929	+ // $core_custom_css = wp_get_custom_css();
930	+ // \WP_Customize_Custom_CSS_Setting
931	+ //}
932	+
933	+
934	+ }
935	}
936
937