Custom Facebook Feed - Version 4.1

Version Description

Tweak: The Facebook app used to connect groups has changed. If you are using a Facebook group feed, then please reconnect your group accounts using the new app when convenient to prevent any future issues. When reconnecting, follow the included directions on how to add the new app to your group settings.
Tweak: All Facebook data is now encrypted in your WordPress database.
Tweak: Access Tokens are no longer able to be viewed on the settings page.
Fix: Manually connecting an account while on the "Settings" page would not work.
Fix: Fixed a PHP error when a string was used for the cache time setting.

Release Info

Developer	smashballoon
Plugin	Custom Facebook Feed
Version	4.1
Comparing to
See all releases

Code changes from version 4.0.5 to 4.1

Files changed (33) hide show

README.txt +13 -1
admin/admin-functions.php +11 -0
admin/assets/css/settings.css +10 -2
admin/assets/img/group-app.png +0 -0
admin/assets/js/oembeds.js +2 -3
admin/assets/js/settings.js +38 -1
admin/builder/assets/css/global.css +1 -1
admin/builder/assets/js/add-source.js +1 -2
admin/builder/templates/form-data-examples.html +1 -4
admin/builder/templates/sections/popup/add-source-popup.php +6 -2
admin/views/settings/tab/advanced.php +14 -0
admin/views/settings/tab/general.php +9 -7
custom-facebook-feed.php +4 -3
inc/Admin/CFF_Global_Settings.php +24 -0
inc/Admin/CFF_Notifications.php +21 -1
inc/Admin/CFF_Support.php +3 -1
inc/Admin/CFF_oEmbeds.php +6 -1
inc/Builder/CFF_Db.php +35 -5
inc/Builder/CFF_Feed_Builder.php +10 -5
inc/Builder/CFF_Feed_Saver.php +16 -10
inc/Builder/CFF_Feed_Saver_Manager.php +1 -0
inc/Builder/CFF_Source.php +66 -8
inc/Builder/Controls/CFF_Customview_Control.php +0 -5
inc/CFF_Cache.php +65 -13
inc/CFF_Error_Reporter.php +6 -0
inc/CFF_FB_Settings.php +3 -0
inc/CFF_Group_Posts.php +12 -6
inc/CFF_Oembed.php +12 -1
inc/CFF_Shortcode.php +18 -7
inc/CFF_Utils.php +6 -0
inc/Custom_Facebook_Feed.php +31 -0
inc/SB_Facebook_Data_Encryption.php +189 -0
inc/SB_Facebook_Data_Manager.php +539 -0

README.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: Facebook, Facebook feed, Facebook posts, Facebook group, Facebook page
4	Requires at least: 4.1
5	Requires PHP: 5.6
6	Tested up to: 5.8
7	- Stable tag: 4.~~0.5~~
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -262,6 +262,13 @@ The most common reason for this is that an add-on or extension you have installe
262	9. It's super easy to display your Facebook feed in any page or post
263
264	== Changelog ==







265	= 4.0.5 =
266	* Fix: Fixed an issue that was causing the "All Feeds" page to be inaccessible to some users.
267
	@@ -270,6 +277,11 @@ The most common reason for this is that an add-on or extension you have installe
270	* Fix: If a feed name contained an apostrophe then additional slashes were being added each time settings were saved.
271	* Tweak: An alert bubble is added to the Facebook Feed menu item when there are new notifications available.
272





273	= 4.0.3 =
274	* Fix: Added additional plugin hardening.
275


4	Requires at least: 4.1
5	Requires PHP: 5.6
6	Tested up to: 5.8
7	+ Stable tag: 4.1
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

262	9. It's super easy to display your Facebook feed in any page or post
263
264	== Changelog ==
265	+ = 4.1 =
266	+ * Tweak: The Facebook app used to connect groups has changed. If you are using a Facebook group feed, then please reconnect your group accounts using the new app when convenient to prevent any future issues. When reconnecting, follow the included directions on how to add the new app to your group settings.
267	+ * Tweak: All Facebook data is now encrypted in your WordPress database.
268	+ * Tweak: Access Tokens are no longer able to be viewed on the settings page.
269	+ * Fix: Manually connecting an account while on the "Settings" page would not work.
270	+ * Fix: Fixed a PHP error when a string was used for the cache time setting.
271	+
272	= 4.0.5 =
273	* Fix: Fixed an issue that was causing the "All Feeds" page to be inaccessible to some users.
274

277	* Fix: If a feed name contained an apostrophe then additional slashes were being added each time settings were saved.
278	* Tweak: An alert bubble is added to the Facebook Feed menu item when there are new notifications available.
279
280	+ = 4.0.4 =
281	+ * Fix: The call-to-action in the Like Box widget would not display properly at certain window widths in some browsers.
282	+ * Fix: If a feed name contained an apostrophe then additional slashes were being added each time settings were saved.
283	+ * Tweak: An alert bubble is added to the Facebook Feed menu item when there are new notifications available.
284	+
285	= 4.0.3 =
286	* Fix: Added additional plugin hardening.
287

admin/admin-functions.php CHANGED Viewed

	@@ -3,6 +3,7 @@ use CustomFacebookFeed\CFF_Utils;
3	use CustomFacebookFeed\CFF_Oembed;
4	use CustomFacebookFeed\CFF_GDPR_Integrations;
5	use CustomFacebookFeed\CFF_Feed_Locator;

6
7	add_action('group_post_scheduler_cron', 'cff_group_cache_function');
8	function cff_group_cache_function(){
	@@ -5595,3 +5596,13 @@ function cff_check_custom_css() {
5595	cff_transfer_css( $custom_css );
5596	}
5597	add_action( 'init', 'cff_check_custom_css' );


3	use CustomFacebookFeed\CFF_Oembed;
4	use CustomFacebookFeed\CFF_GDPR_Integrations;
5	use CustomFacebookFeed\CFF_Feed_Locator;
6	+ use CustomFacebookFeed\SB_Facebook_Data_Manager;
7
8	add_action('group_post_scheduler_cron', 'cff_group_cache_function');
9	function cff_group_cache_function(){

5596	cff_transfer_css( $custom_css );
5597	}
5598	add_action( 'init', 'cff_check_custom_css' );
5599	+
5600	+ function cff_doing_openssl() {
5601	+ return extension_loaded( 'openssl' );
5602	+ }
5603	+ function cff_delete_all_platform_data(){
5604	+ $manager = new SB_Facebook_Data_Manager();
5605	+ $manager->delete_caches();
5606	+ \cff_main()->cff_error_reporter->add_action_log( 'Deleted all platform data.' );
5607	+ \cff_main()->cff_error_reporter->reset_api_errors();
5608	+ }

admin/assets/css/settings.css CHANGED Viewed

	@@ -1010,13 +1010,21 @@
1010	}
1011
1012	.sb-tab-box.sb-caching-box .cff-caching-btn .loading path,
1013	- .sb-tab-box.sb-optimize-box .optimize-image-btn .loading path {

1014	fill: rgb(23 22 22 / 95%)
1015	}
1016	.sb-tab-box.sb-caching-box .cff-caching-btn .success svg,
1017	- .sb-tab-box.sb-optimize-box .optimize-image-btn .success svg {

1018	stroke: rgb(23 22 22 / 95%)
1019	}






1020	.sb-tab-box.sb-caching-box .cff-caching-btn:disabled path,
1021	.sb-tab-box.sb-caching-box .optimize-image-btn:disabled path {
1022	fill: #8C8F9A;


1010	}
1011
1012	.sb-tab-box.sb-caching-box .cff-caching-btn .loading path,
1013	+ .sb-tab-box.sb-optimize-box .optimize-image-btn .loading path,
1014	+ .sb-tab-box.sb-dpa-clear-box-style .loading path {
1015	fill: rgb(23 22 22 / 95%)
1016	}
1017	.sb-tab-box.sb-caching-box .cff-caching-btn .success svg,
1018	+ .sb-tab-box.sb-optimize-box .optimize-image-btn .success svg,
1019	+ .sb-tab-box.sb-dpa-clear-box-style .success svg {
1020	stroke: rgb(23 22 22 / 95%)
1021	}
1022	+
1023	+ .sb-tab-content .sb-tab-box.sb-dpa-clear-box-style .cff-tab-form-field .cff-btn {
1024	+ transform: none;
1025	+ margin-bottom: 15px;
1026	+ }
1027	+
1028	.sb-tab-box.sb-caching-box .cff-caching-btn:disabled path,
1029	.sb-tab-box.sb-caching-box .optimize-image-btn:disabled path {
1030	fill: #8C8F9A;

admin/assets/img/group-app.png CHANGED Viewed

Binary file

admin/assets/js/oembeds.js CHANGED Viewed

	@@ -67,7 +67,6 @@ var cffoEmbeds = new Vue({
67	})
68	.then(response => response.json())
69	.then(data => {
70	- console.log(data);
71	if( data.success == false ) {
72	this.installerStatus = 'error'
73	}
	@@ -160,7 +159,7 @@ var cffoEmbeds = new Vue({
160
161	/**
162	* Toggle Sticky Widget view
163	- *
164	* @since 4.0
165	*/
166	toggleStickyWidget: function() {
	@@ -175,4 +174,4 @@ var cffoEmbeds = new Vue({
175	this.instagramInstallBtnText = this.modal.activate;
176	}
177	}
178	- })


67	})
68	.then(response => response.json())
69	.then(data => {

70	if( data.success == false ) {
71	this.installerStatus = 'error'
72	}

159
160	/**
161	* Toggle Sticky Widget view
162	+ *
163	* @since 4.0
164	*/
165	toggleStickyWidget: function() {

174	this.instagramInstallBtnText = this.modal.activate;
175	}
176	}
177	+ })

admin/assets/js/settings.js CHANGED Viewed

@@ -66,6 +66,7 @@ var settings_data = {
                 uploadStatus: null,
                 clearCacheStatus: null,
                 optimizeCacheStatus: null,
                 pressedBtnName: null,
                 loading: false,
                 hasError: cff_settings.hasError,
@@ -610,6 +611,40 @@ var cffSettings = new Vue({
                             }.bind(this), 3000);
                         });
                     },
                     saveChangesIcon: function() {
                         if ( this.btnStatus == 'loading' ) {
                             return this.loaderSVG;
@@ -753,7 +788,9 @@ var cffSettings = new Vue({
                     ajaxPost : function(data, callback){
                         var self = this;
                         data['nonce'] = self.nonce;
-            -
                        self.$http.post(self.ajaxHandler,data).then(callback);
                     },
                     /**


66	uploadStatus: null,
67	clearCacheStatus: null,
68	optimizeCacheStatus: null,
69	+ dpaResetStatus: null,
70	pressedBtnName: null,
71	loading: false,
72	hasError: cff_settings.hasError,

611	}.bind(this), 3000);
612	});
613	},
614	+ dpaReset: function() {
615	+ this.dpaResetStatus = 'loading';
616	+ let data = new FormData();
617	+ data.append( 'action', 'cff_dpa_reset' );
618	+ data.append( 'nonce', this.nonce );
619	+ fetch(this.ajaxHandler, {
620	+ method: "POST",
621	+ credentials: 'same-origin',
622	+ body: data
623	+ })
624	+ .then(response => response.json())
625	+ .then(data => {
626	+ if ( data.success == false ) {
627	+ this.dpaResetStatus = 'error';
628	+ return;
629	+ }
630	+ this.dpaResetStatus = 'success';
631	+ setTimeout(function() {
632	+ this.dpaResetStatus = null;
633	+ }.bind(this), 3000);
634	+ });
635	+ },
636	+ dpaResetStatusIcon: function() {
637	+ if ( this.dpaResetStatus === null ) {
638	+ return;
639	+ }
640	+ if ( this.dpaResetStatus == 'loading' ) {
641	+ return this.loaderSVG;
642	+ } else if ( this.dpaResetStatus == 'success' ) {
643	+ return this.checkmarkSVG;
644	+ } else if ( this.dpaResetStatus == 'error' ) {
645	+ return `<i class="fa fa-times-circle"></i>`;
646	+ }
647	+ },
648	saveChangesIcon: function() {
649	if ( this.btnStatus == 'loading' ) {
650	return this.loaderSVG;

788	ajaxPost : function(data, callback){
789	var self = this;
790	data['nonce'] = self.nonce;
791	+ data['settings_page'] = true;
792	+
793	+ self.$http.post(self.ajaxHandler,data).then(callback);
794	},
795
796	/**

admin/builder/assets/css/global.css CHANGED Viewed

	@@ -2072,7 +2072,7 @@
2072	.cff-group-app-screenshot{
2073	display: none;
2074	position: absolute;
2075	- bottom: ~~92px~~;
2076	left: 50%;
2077	margin-left: -325px;
2078	z-index: 10;


2072	.cff-group-app-screenshot{
2073	display: none;
2074	position: absolute;
2075	+ bottom: 75px;
2076	left: 50%;
2077	margin-left: -325px;
2078	z-index: 10;

admin/builder/assets/js/add-source.js CHANGED Viewed

	@@ -67,7 +67,7 @@ Vue.component('sb-add-source-component', {
67	'action' : 'cff_source_builder_update',
68	'type' : self.addNewSource.typeSelected,
69	'id' : self.addNewSource.manualSourceID,
70	- 'access_token' : self.addNewSource.manualSourceToken
71	};
72	if(isEventSource){
73	manualSourceData.privilege = 'events';
	@@ -234,7 +234,6 @@ Vue.component('sb-add-source-component', {
234	}
235	var finalUrl = fbConnectURL + "{'{url=" + appendURL + "}'}";
236	window.location = finalUrl;
237	-
238	},
239
240	/**


67	'action' : 'cff_source_builder_update',
68	'type' : self.addNewSource.typeSelected,
69	'id' : self.addNewSource.manualSourceID,
70	+ 'access_token' : self.addNewSource.manualSourceToken,
71	};
72	if(isEventSource){
73	manualSourceData.privilege = 'events';

234	}
235	var finalUrl = fbConnectURL + "{'{url=" + appendURL + "}'}";
236	window.location = finalUrl;

237	},
238
239	/**

admin/builder/templates/form-data-examples.html CHANGED Viewed

	@@ -130,7 +130,6 @@ Tool to help understand how sending and retrieving feed related info from the da
130	event.preventDefault();
131
132	var thisData = $(this).serializeArray();
133	- console.log(thisData)
134	$.ajax({
135	url: cff_builder.ajax_handler,
136	type: 'post',
	@@ -138,12 +137,10 @@ Tool to help understand how sending and retrieving feed related info from the da
138	success: function (data) {
139	if (data.indexOf('{') === 0) {
140	data = JSON.parse(data);
141	- console.log(data);
142	-
143	}
144
145	}
146	});
147	});
148	});
149	- </script>


130	event.preventDefault();
131
132	var thisData = $(this).serializeArray();

133	$.ajax({
134	url: cff_builder.ajax_handler,
135	type: 'post',

137	success: function (data) {
138	if (data.indexOf('{') === 0) {
139	data = JSON.parse(data);


140	}
141
142	}
143	});
144	});
145	});
146	+ </script>

admin/builder/templates/sections/popup/add-source-popup.php CHANGED Viewed

	@@ -35,8 +35,11 @@
35	<span class="sb-small sb-lighter" v-html="source.account_type"></span>
36	</div>
37	<div v-if="source.error !== ''" class="sb-source-error-wrap">
38	- <span v-html="genericText.invalid"></span><a href="#" @click.prevent.default="$parent.activateView('sourcePopupType', '~~creation~~')" v-html="genericText.reconnect"></a>
39	</div>



40	</div>
41	</div>
42	</div>
	@@ -318,6 +321,7 @@
318	<p class="sb-step-text sb-small-p"><span v-html="addAppStep"></span><span v-if="index === 0"><a id="cff-group-admin-link" :href="'https://www.facebook.com/groups/'+selectedSourcesToConnect[0]+'/apps/store'" target="_blank" rel="noopener noreferrer" v-html="$parent.genericText.clickingHere"></a></span></p>
319	</div>
320	</div>

321	</div>
322
323	<div v-if="typeof window.cffSelected !== 'undefined' && window.cffSelected.indexOf(false) > -1 " class="sb-directions-wrap">
	@@ -339,4 +343,4 @@
339	</div>
340	</div>
341	</div>
342	- </script>


35	<span class="sb-small sb-lighter" v-html="source.account_type"></span>
36	</div>
37	<div v-if="source.error !== ''" class="sb-source-error-wrap">
38	+ <span v-html="genericText.invalid"></span><a href="#" @click.prevent.default="$parent.activateView('sourcePopupType', 'creationRedirect')" v-html="genericText.reconnect"></a>
39	</div>
40	+ <div v-if="source.error === '' && typeof( source.needs_update ) !== 'undefined' && source.needs_update" class="sb-source-error-wrap">
41	+ <span v-html="genericText.updateRequired"></span><a href="#" @click.prevent.default="$parent.activateView('sourcePopupType','creationRedirect')" v-html="genericText.reconnect"></a>
42	+ </div>
43	</div>
44	</div>
45	</div>

321	<p class="sb-step-text sb-small-p"><span v-html="addAppStep"></span><span v-if="index === 0"><a id="cff-group-admin-link" :href="'https://www.facebook.com/groups/'+selectedSourcesToConnect[0]+'/apps/store'" target="_blank" rel="noopener noreferrer" v-html="$parent.genericText.clickingHere"></a></span></p>
322	</div>
323	</div>
324	+ <p style="margin-top: 25px;"><span style="color: red; font-weight: bold;">Important:</span> {{selectSourceScreen.modal.reconnectingAppDir}}</p>
325	</div>
326
327	<div v-if="typeof window.cffSelected !== 'undefined' && window.cffSelected.indexOf(false) > -1 " class="sb-directions-wrap">

343	</div>
344	</div>
345	</div>
346	+ </script>

admin/views/settings/tab/advanced.php CHANGED Viewed

@@ -157,5 +157,19 @@
                         </div>
                     </div>
                 </div>
             </div>
             <!-- todo: this is just demo content and will be replaced once I work on this -->


157	</div>
158	</div>
159	</div>
160	+ <div class="sb-tab-box sb-optimize-box sb-dpa-clear-box-style clearfix">
161	+ <div class="tab-label">
162	+ <h3>{{advancedTab.dpaClear.title}}</h3>
163	+ </div>
164	+ <div class="cff-tab-form-field">
165	+ <button type="button" class="cff-btn" @click="dpaReset()">
166	+ <span v-html="dpaResetStatusIcon()" :class="dpaResetStatus" v-if="dpaResetStatus !== null"></span>
167	+ {{advancedTab.dpaClear.clear}}
168	+ </button>
169	+ <span class="help-text">
170	+ {{advancedTab.dpaClear.helpText}}
171	+ </span>
172	+ </div>
173	+ </div>
174	</div>
175	<!-- todo: this is just demo content and will be replaced once I work on this -->

admin/views/settings/tab/general.php CHANGED Viewed

	@@ -272,8 +272,15 @@
272	<svg width="13" height="13" viewBox="0 0 13 13" fill="none" xmlns="http://www.w3.org/2000/svg">
273	<path d="M6.50008 0.666664C3.28008 0.666664 0.666748 3.28 0.666748 6.5C0.666748 9.72 3.28008 12.3333 6.50008 12.3333C9.72008 12.3333 12.3334 9.72 12.3334 6.5C12.3334 3.28 9.72008 0.666664 6.50008 0.666664ZM7.08342 9.41667H5.91675V8.25H7.08342V9.41667ZM7.08342 7.08333H5.91675V3.58333H7.08342V7.08333Z" fill="#D72C2C"/>
274	</svg>
275	- <span v-html="genericText.errorSource"></span><a href="#" @click.prevent.default="activateView('sourcePopup')" v-html="genericText.reconnect"></a>
276	</div>







277	</div>
278	</div>
279	<div class="sb-srcs-item-actions">
	@@ -288,11 +295,6 @@
288	<span>{{source.account_id}}</span>
289	<div class="cff-fb-srcs-info-icon" v-html="svgIcons['copy2']" @click.prevent.default="copyToClipBoard(source.account_id)"></div>
290	</div>
291	- <div class="cff-fb-srcs-info-item">
292	- <strong>{{genericText.token}}</strong>
293	- <span>{{source.access_token}}</span>
294	- <div class="cff-fb-srcs-info-icon" v-html="svgIcons['copy2']" @click.prevent.default="copyToClipBoard(source.access_token)"></div>
295	- </div>
296	</div>
297	</div>
298
	@@ -366,4 +368,4 @@
366	</div>
367	</div>
368	</div>
369	- </div>


272	<svg width="13" height="13" viewBox="0 0 13 13" fill="none" xmlns="http://www.w3.org/2000/svg">
273	<path d="M6.50008 0.666664C3.28008 0.666664 0.666748 3.28 0.666748 6.5C0.666748 9.72 3.28008 12.3333 6.50008 12.3333C9.72008 12.3333 12.3334 9.72 12.3334 6.5C12.3334 3.28 9.72008 0.666664 6.50008 0.666664ZM7.08342 9.41667H5.91675V8.25H7.08342V9.41667ZM7.08342 7.08333H5.91675V3.58333H7.08342V7.08333Z" fill="#D72C2C"/>
274	</svg>
275	+ <span v-html="genericText.errorSource"></span><a href="#" @click.prevent.default="activateView('sourcePopup','creationRedirect')" v-html="genericText.reconnect"></a>
276	</div>
277	+ <div v-if="source.error === '' && typeof( source.needs_update ) !== 'undefined' && source.needs_update" class="sb-source-error-wrap">
278	+ <svg width="13" height="13" viewBox="0 0 13 13" fill="none" xmlns="http://www.w3.org/2000/svg">
279	+ <path d="M6.50008 0.666664C3.28008 0.666664 0.666748 3.28 0.666748 6.5C0.666748 9.72 3.28008 12.3333 6.50008 12.3333C9.72008 12.3333 12.3334 9.72 12.3334 6.5C12.3334 3.28 9.72008 0.666664 6.50008 0.666664ZM7.08342 9.41667H5.91675V8.25H7.08342V9.41667ZM7.08342 7.08333H5.91675V3.58333H7.08342V7.08333Z" fill="#D72C2C"/>
280	+ </svg>
281	+
282	+ <span v-html="genericText.updateRequired"></span><a href="#" @click.prevent.default="activateView('sourcePopup','creationRedirect')" v-html="genericText.reconnect"></a>
283	+ </div>
284	</div>
285	</div>
286	<div class="sb-srcs-item-actions">

295	<span>{{source.account_id}}</span>
296	<div class="cff-fb-srcs-info-icon" v-html="svgIcons['copy2']" @click.prevent.default="copyToClipBoard(source.account_id)"></div>
297	</div>





298	</div>
299	</div>
300

368	</div>
369	</div>
370	</div>
371	+ </div>

custom-facebook-feed.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Smash Balloon Custom Facebook Feed
4	Plugin URI: https://smashballoon.com/custom-facebook-feed
5	Description: Add completely customizable Facebook feeds to your WordPress site
6	- Version: 4.~~0.5~~
7	Author: Smash Balloon
8	Author URI: http://smashballoon.com/
9	License: GPLv2 or later
	@@ -25,15 +25,16 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25	*/
26	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
27
28	- define('CFFVER', '4.~~0.5~~');
29	define( 'WPW_SL_STORE_URL', 'https://smashballoon.com/' );
30	define( 'WPW_SL_ITEM_NAME', 'Custom Facebook Feed WordPress Plugin Personal' ); //!Update Plugin Name at top of file!
31
32	// Db version.
33	if ( ! defined( 'CFF_DBVERSION' ) ) {
34	- define( 'CFF_DBVERSION', '2.1' );
35	}
36

37	// Plugin Folder Path.
38	if ( ! defined( 'CFF_PLUGIN_DIR' ) ) {
39	define( 'CFF_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );


3	Plugin Name: Smash Balloon Custom Facebook Feed
4	Plugin URI: https://smashballoon.com/custom-facebook-feed
5	Description: Add completely customizable Facebook feeds to your WordPress site
6	+ Version: 4.1
7	Author: Smash Balloon
8	Author URI: http://smashballoon.com/
9	License: GPLv2 or later

25	*/
26	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
27
28	+ define('CFFVER', '4.1');
29	define( 'WPW_SL_STORE_URL', 'https://smashballoon.com/' );
30	define( 'WPW_SL_ITEM_NAME', 'Custom Facebook Feed WordPress Plugin Personal' ); //!Update Plugin Name at top of file!
31
32	// Db version.
33	if ( ! defined( 'CFF_DBVERSION' ) ) {
34	+ define( 'CFF_DBVERSION', '2.4' );
35	}
36
37	+
38	// Plugin Folder Path.
39	if ( ! defined( 'CFF_PLUGIN_DIR' ) ) {
40	define( 'CFF_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );

inc/Admin/CFF_Global_Settings.php CHANGED Viewed

	@@ -72,6 +72,7 @@ class CFF_Global_Settings {
72	add_action( 'wp_ajax_cff_export_settings_json', [$this, 'cff_export_settings_json'] );
73	add_action( 'wp_ajax_cff_clear_cache', [$this, 'cff_clear_cache'] );
74	add_action( 'wp_ajax_cff_clear_image_resize_cache', [$this, 'cff_clear_image_resize_cache'] );

75
76	CFF_Upgrader::hooks();
77	}
	@@ -1165,6 +1166,11 @@ class CFF_Global_Settings {
1165	),
1166	)
1167	),





1168	),
1169	'dialogBoxPopupScreen' => array(
1170	'deleteSource' => array(
	@@ -1669,4 +1675,22 @@ class CFF_Global_Settings {
1669	return CFF_View::render( 'settings.index' );
1670	}
1671


















1672	}


72	add_action( 'wp_ajax_cff_export_settings_json', [$this, 'cff_export_settings_json'] );
73	add_action( 'wp_ajax_cff_clear_cache', [$this, 'cff_clear_cache'] );
74	add_action( 'wp_ajax_cff_clear_image_resize_cache', [$this, 'cff_clear_image_resize_cache'] );
75	+ add_action( 'wp_ajax_cff_dpa_reset', [$this, 'cff_dpa_reset'] );
76
77	CFF_Upgrader::hooks();
78	}

1166	),
1167	)
1168	),
1169	+ 'dpaClear' => array(
1170	+ 'title' => __( 'Manage Data', 'custom-facebook-feed' ),
1171	+ 'helpText' => __( 'Warning: Clicking this button will permanently delete all Facebook data, including all connected accounts, cached posts, and stored images.', 'custom-facebook-feed' ),
1172	+ 'clear' => __( 'Delete all Platform Data', 'custom-facebook-feed' ),
1173	+ ),
1174	),
1175	'dialogBoxPopupScreen' => array(
1176	'deleteSource' => array(

1675	return CFF_View::render( 'settings.index' );
1676	}
1677
1678	+ /**
1679	+ * CFF Clear Everything
1680	+ *
1681	+ * @since 4.1
1682	+ */
1683	+ public function cff_dpa_reset() {
1684	+ //Security Checks
1685	+ check_ajax_referer( 'cff_admin_nonce', 'nonce' );
1686	+
1687	+ $cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
1688	+ $cap = apply_filters( 'cff_settings_pages_capability', $cap );
1689	+ if ( ! current_user_can( $cap ) ) {
1690	+ wp_send_json_error(); // This auto-dies.
1691	+ }
1692	+
1693	+ cff_delete_all_platform_data();
1694	+ new CFF_Response( true, [] );
1695	+ }
1696	}

inc/Admin/CFF_Notifications.php CHANGED Viewed

	@@ -21,7 +21,7 @@ class CFF_Notifications {
21	*
22	* @var string
23	*/
24	- const SOURCE_URL = '~~http~~://plugin.smashballoon.com/notifications.json';
25
26	/**
27	* @var string
	@@ -252,6 +252,16 @@ class CFF_Notifications {
252	continue;
253	}
254










255	// The message and license should never be empty, if they are, ignore.
256	if ( empty( $notification['content'] ) \|\| empty( $notification['type'] ) ) {
257	continue;
	@@ -319,6 +329,16 @@ class CFF_Notifications {
319	if ( ! empty( $notification['minver'] ) && version_compare( $notification['minver'], CFFVER ) >= 0 ) {
320	unset( $notifications[ $key ] );
321	}










322	}
323
324	return $notifications;


21	*
22	* @var string
23	*/
24	+ const SOURCE_URL = 'https://plugin.smashballoon.com/notifications.json';
25
26	/**
27	* @var string

252	continue;
253	}
254
255	+ // Ignore if a specific cff_status is empty or false
256	+ if ( ! empty( $notification['statuscheck'] ) ) {
257	+ $status_key = sanitize_key( $notification['statuscheck'] );
258	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
259	+
260	+ if ( empty( $cff_statuses_option[ $status_key ] ) ) {
261	+ continue;
262	+ }
263	+ }
264	+
265	// The message and license should never be empty, if they are, ignore.
266	if ( empty( $notification['content'] ) \|\| empty( $notification['type'] ) ) {
267	continue;

329	if ( ! empty( $notification['minver'] ) && version_compare( $notification['minver'], CFFVER ) >= 0 ) {
330	unset( $notifications[ $key ] );
331	}
332	+
333	+ // Ignore if a specific cff_status is empty or false
334	+ if ( ! empty( $notification['statuscheck'] ) ) {
335	+ $status_key = sanitize_key( $notification['statuscheck'] );
336	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
337	+
338	+ if ( empty( $cff_statuses_option[ $status_key ] ) ) {
339	+ unset( $notifications[ $key ] );
340	+ }
341	+ }
342	}
343
344	return $notifications;

inc/Admin/CFF_Support.php CHANGED Viewed

	@@ -12,6 +12,7 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
12	use CustomFacebookFeed\CFF_View;
13	use CustomFacebookFeed\CFF_Utils;
14	use CustomFacebookFeed\CFF_Response;

15	use CustomFacebookFeed\Builder\CFF_Db;
16	use CustomFacebookFeed\CFF_Feed_Locator;
17	use CustomFacebookFeed\Builder\CFF_Feed_Builder;
	@@ -442,6 +443,7 @@ class CFF_Support {
442
443	$feeds_list = CFF_Feed_Builder::get_feed_list();
444	$source_list = CFF_Feed_Builder::get_source_list();

445	$i = 0;
446	foreach( $feeds_list as $feed ) {
447	if ( $i >= 25 ) {
	@@ -458,7 +460,7 @@ class CFF_Support {
458	$output .= $source['username'];
459	$output .= ' (' . $source_id . ')';
460	$output .= "</br>";
461	- $output .= $source['access_token'];
462	}
463	}
464	}


12	use CustomFacebookFeed\CFF_View;
13	use CustomFacebookFeed\CFF_Utils;
14	use CustomFacebookFeed\CFF_Response;
15	+ use CustomFacebookFeed\SB_Facebook_Data_Manager;
16	use CustomFacebookFeed\Builder\CFF_Db;
17	use CustomFacebookFeed\CFF_Feed_Locator;
18	use CustomFacebookFeed\Builder\CFF_Feed_Builder;

443
444	$feeds_list = CFF_Feed_Builder::get_feed_list();
445	$source_list = CFF_Feed_Builder::get_source_list();
446	+ $manager = new SB_Facebook_Data_Manager();
447	$i = 0;
448	foreach( $feeds_list as $feed ) {
449	if ( $i >= 25 ) {

460	$output .= $source['username'];
461	$output .= ' (' . $source_id . ')';
462	$output .= "</br>";
463	+ $output .= $manager->remote_encrypt( $source['access_token'] );
464	}
465	}
466	}

inc/Admin/CFF_oEmbeds.php CHANGED Viewed

	@@ -220,6 +220,11 @@ class CFF_oEmbeds {
220	$oembed_token_settings = $newly_retrieved_oembed_connection_data;
221	$return['newOembedData'] = $newly_retrieved_oembed_connection_data;
222





223	update_option( 'cff_oembed_token', $newly_retrieved_oembed_connection_data );
224	update_option( 'sbi_oembed_token', $newly_retrieved_oembed_connection_data );
225	} elseif ( ! empty( $newly_retrieved_oembed_connection_data ) ) {
	@@ -408,4 +413,4 @@ class CFF_oEmbeds {
408	public function oembeds_manager(){
409	return CFF_View::render( 'oembeds.index' );
410	}
411	- }


220	$oembed_token_settings = $newly_retrieved_oembed_connection_data;
221	$return['newOembedData'] = $newly_retrieved_oembed_connection_data;
222
223	+ $encryption = new \CustomFacebookFeed\SB_Facebook_Data_Encryption();
224	+ if ( isset( $newly_retrieved_oembed_connection_data['access_token'] ) && ! $encryption->decrypt( $newly_retrieved_oembed_connection_data['access_token'] ) ) {
225	+ $newly_retrieved_oembed_connection_data['access_token'] = $encryption->encrypt( $newly_retrieved_oembed_connection_data['access_token'] );
226	+ }
227	+
228	update_option( 'cff_oembed_token', $newly_retrieved_oembed_connection_data );
229	update_option( 'sbi_oembed_token', $newly_retrieved_oembed_connection_data );
230	} elseif ( ! empty( $newly_retrieved_oembed_connection_data ) ) {

413	public function oembeds_manager(){
414	return CFF_View::render( 'oembeds.index' );
415	}
416	+ }

inc/Builder/CFF_Db.php CHANGED Viewed

	@@ -6,6 +6,7 @@
6	*/
7
8	namespace CustomFacebookFeed\Builder;

9
10	class CFF_Db {
11
	@@ -80,6 +81,15 @@ class CFF_Db {
80	return $wpdb->get_results( $sql, ARRAY_A );
81	}
82









83	if ( ! isset( $args['id'] ) ) {
84	return false;
85	}
	@@ -129,6 +139,7 @@ class CFF_Db {
129	public static function source_update( $to_update, $where_data ) {
130	global $wpdb;
131	$sources_table_name = $wpdb->prefix . 'cff_sources';

132
133	$data = array();
134	$where = array();
	@@ -147,7 +158,7 @@ class CFF_Db {
147	$where_format[] = '%s';
148	}
149	if ( isset( $to_update['access_token'] ) ) {
150	- $data['access_token'] = $to_update['access_token'];
151	$format[] = '%s';
152	}
153	if ( isset( $to_update['username'] ) ) {
	@@ -155,7 +166,7 @@ class CFF_Db {
155	$format[] = '%s';
156	}
157	if ( isset( $to_update['info'] ) ) {
158	- $data['info'] = $to_update['info'];
159	$format[] = '%s';
160	}
161	if ( isset( $to_update['error'] ) ) {
	@@ -214,6 +225,7 @@ class CFF_Db {
214	public static function source_insert( $to_insert ) {
215	global $wpdb;
216	$sources_table_name = $wpdb->prefix . 'cff_sources';

217
218	$data = array();
219	$format = array();
	@@ -233,7 +245,7 @@ class CFF_Db {
233	$format[] = '%s';
234	}
235	if ( isset( $to_insert['access_token'] ) ) {
236	- $data['access_token'] = $to_insert['access_token'];
237	$format[] = '%s';
238	}
239	if ( isset( $to_insert['username'] ) ) {
	@@ -241,7 +253,7 @@ class CFF_Db {
241	$format[] = '%s';
242	}
243	if ( isset( $to_insert['info'] ) ) {
244	- $data['info'] = $to_insert['info'];
245	$format[] = '%s';
246	}
247	if ( isset( $to_insert['error'] ) ) {
	@@ -900,6 +912,24 @@ class CFF_Db {
900	}
901	}
902


















903	public static function reset_tables() {
904	global $wpdb;
905	$feeds_table_name = $wpdb->prefix . 'cff_feeds';
	@@ -947,4 +977,4 @@ class CFF_Db {
947
948	update_option( 'cff_statuses', $cff_statuses_option );
949	}
950	- }


6	*/
7
8	namespace CustomFacebookFeed\Builder;
9	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
10
11	class CFF_Db {
12

81	return $wpdb->get_results( $sql, ARRAY_A );
82	}
83
84	+ if ( isset( $args['type'] ) && ! isset( $args['id'] ) ) {
85	+ $sql = $wpdb->prepare( "
86	+ SELECT * FROM $sources_table_name
87	+ WHERE account_type = %s;
88	+ ", $args['type'] );
89	+
90	+ return $wpdb->get_results( $sql, ARRAY_A );
91	+ }
92	+
93	if ( ! isset( $args['id'] ) ) {
94	return false;
95	}

139	public static function source_update( $to_update, $where_data ) {
140	global $wpdb;
141	$sources_table_name = $wpdb->prefix . 'cff_sources';
142	+ $encryption = new SB_Facebook_Data_Encryption();
143
144	$data = array();
145	$where = array();

158	$where_format[] = '%s';
159	}
160	if ( isset( $to_update['access_token'] ) ) {
161	+ $data['access_token'] = $encryption->maybe_encrypt( $to_update['access_token'] );
162	$format[] = '%s';
163	}
164	if ( isset( $to_update['username'] ) ) {

166	$format[] = '%s';
167	}
168	if ( isset( $to_update['info'] ) ) {
169	+ $data['info'] = $encryption->maybe_encrypt( $to_update['info'] );
170	$format[] = '%s';
171	}
172	if ( isset( $to_update['error'] ) ) {

225	public static function source_insert( $to_insert ) {
226	global $wpdb;
227	$sources_table_name = $wpdb->prefix . 'cff_sources';
228	+ $encryption = new SB_Facebook_Data_Encryption();
229
230	$data = array();
231	$format = array();

245	$format[] = '%s';
246	}
247	if ( isset( $to_insert['access_token'] ) ) {
248	+ $data['access_token'] = $encryption->maybe_encrypt( $to_insert['access_token'] );
249	$format[] = '%s';
250	}
251	if ( isset( $to_insert['username'] ) ) {

253	$format[] = '%s';
254	}
255	if ( isset( $to_insert['info'] ) ) {
256	+ $data['info'] = $encryption->maybe_encrypt( $to_insert['info'] );
257	$format[] = '%s';
258	}
259	if ( isset( $to_insert['error'] ) ) {

912	}
913	}
914
915	+ public static function clear_cff_feed_caches() {
916	+ global $wpdb;
917	+ $feed_caches_table_name = $wpdb->prefix . 'cff_feed_caches';
918	+
919	+ if ( $wpdb->get_var( "show tables like '$feed_caches_table_name'" ) === $feed_caches_table_name ) {
920	+ $wpdb->query( "DELETE FROM $feed_caches_table_name" );
921	+ }
922	+ }
923	+
924	+ public static function clear_cff_sources() {
925	+ global $wpdb;
926	+ $sources_table_name = $wpdb->prefix . 'cff_sources';
927	+
928	+ if ( $wpdb->get_var( "show tables like '$sources_table_name'" ) === $sources_table_name ) {
929	+ $wpdb->query( "DELETE FROM $sources_table_name" );
930	+ }
931	+ }
932	+
933	public static function reset_tables() {
934	global $wpdb;
935	$feeds_table_name = $wpdb->prefix . 'cff_feeds';

977
978	update_option( 'cff_statuses', $cff_statuses_option );
979	}
980	+ }

inc/Builder/CFF_Feed_Builder.php CHANGED Viewed

	@@ -8,7 +8,7 @@ namespace CustomFacebookFeed\Builder;
8	use CustomFacebookFeed\Builder\Tabs\CFF_Styling_Tab;
9	use CustomFacebookFeed\CFF_Utils;
10	use CustomFacebookFeed\CFF_Response;
11	- use CustomFacebookFeed\~~Custom_Facebook_Feed_Pro~~;
12	use function DI\value;
13
14	class CFF_Feed_Builder {
	@@ -985,6 +985,7 @@ class CFF_Feed_Builder {
985	'errorNotice' => __( 'There was an error when trying to connect to Facebook.', 'custom-facebook-feed' ),
986	'errorDirections' => '<a href="https://smashballoon.com/custom-facebook-feed/docs/errors/" target="_blank" rel="noopener">' . __( 'Directions on How to Resolve This Issue', 'custom-facebook-feed' ) . '</a>',
987	'errorSource' => __( 'Source Invalid', 'custom-facebook-feed' ),

988	'invalid' => __( 'Invalid', 'custom-facebook-feed' ),
989	'reconnect' => __( 'Reconnect', 'custom-facebook-feed' ),
990	'feed' => __( 'feed', 'custom-facebook-feed' ),
	@@ -1116,12 +1117,13 @@ class CFF_Feed_Builder {
1116	'accessToken' => __( 'Facebook Access Token', 'custom-facebook-feed' ),
1117	'enterToken' => __( 'Enter Token', 'custom-facebook-feed' ),
1118	'addApp' => __( 'Add Facebook App to your group', 'custom-facebook-feed' ),
1119	- 'addAppDetails' => __( 'To get posts from your group, Facebook requires the "Smash Balloon ~~Plugin~~" app to be added in your group settings. Just follow the directions here:', 'custom-facebook-feed' ),
1120	'addAppSteps' => [
1121	__( 'Go to your group settings page by ', 'custom-facebook-feed' ),
1122	- sprintf( __( 'Search for "Smash Balloon" and select our app %s(see screenshot)%s', 'custom-facebook-feed' ), '<a href="JavaScript:void(0);" id="cff-group-app-tooltip">', '<img class="cff-group-app-screenshot sb-tr-1" src="' . trailingslashit( CFF_PLUGIN_URL ) . 'admin/assets/img/group-app.png" alt="Thumbnail Layout"></a>'),
1123	__( 'Click "Add" and you are done.', 'custom-facebook-feed' )
1124	],

1125	'appMemberInstructions' => sprintf( __( 'To display a feed form this group, Facebook requires the admin to add the Smash Balloon app in the group settings. Please ask an admin to follow the %sdirections here%s to add the app.', 'custom-facebook-feed' ), '<a href="https://smashballoon.com/doc/display-facebook-group-feed/" target="_blank" rel="noopener noreferrer">', '</a>' ) . '<br><br>' . __( 'Once this is done, you will be able to display a feed from this group.', 'custom-facebook-feed' ),
1126	'notAdmin' => __( 'For groups you are not an administrator of', 'custom-facebook-feed' ),
1127	'disclaimer' => sprintf( __( 'Please note: There are Facebook limitations to displaying group content which may prevent older posts from being displayed. Please %ssee here%s for more information.', 'custom-facebook-feed' ), '<a href="https://smashballoon.com/doc/facebook-api-change-limits-groups-to-90-days/" target="_blank" rel="noopener noreferrer">', '</a>' ),
	@@ -1506,6 +1508,7 @@ class CFF_Feed_Builder {
1506	public static function get_source_list( $page = 1 ) {
1507	$args['page'] = $page;
1508	$source_data = CFF_Db::source_query( $args );

1509
1510	$legacy_data = \CustomFacebookFeed\CFF_FB_Settings::get_legacy_settings( array() );
1511
	@@ -1513,11 +1516,13 @@ class CFF_Feed_Builder {
1513
1514	$return = array();
1515	foreach ( $source_data as $source ) {
1516	- $info = ! empty( $source['info'] ) ? json_decode( $source['info'] ) : array();
1517	$avatar = \CustomFacebookFeed\CFF_Parse::get_avatar( $info );
1518
1519	$source['avatar_url'] = $avatar;
1520


1521	if ( $source['account_id'] === $legacy_id ) {
1522	$source['used_in'] = $source['used_in'] + 1;
1523	if ( ! isset( $source['instances'] ) ) {
	@@ -2578,4 +2583,4 @@ class CFF_Feed_Builder {
2578	include_once CFF_BUILDER_DIR . 'templates/builder.php';
2579	}
2580
2581	- }


8	use CustomFacebookFeed\Builder\Tabs\CFF_Styling_Tab;
9	use CustomFacebookFeed\CFF_Utils;
10	use CustomFacebookFeed\CFF_Response;
11	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
12	use function DI\value;
13
14	class CFF_Feed_Builder {

985	'errorNotice' => __( 'There was an error when trying to connect to Facebook.', 'custom-facebook-feed' ),
986	'errorDirections' => '<a href="https://smashballoon.com/custom-facebook-feed/docs/errors/" target="_blank" rel="noopener">' . __( 'Directions on How to Resolve This Issue', 'custom-facebook-feed' ) . '</a>',
987	'errorSource' => __( 'Source Invalid', 'custom-facebook-feed' ),
988	+ 'updateRequired' => __( 'Update Required', 'custom-facebook-feed' ),
989	'invalid' => __( 'Invalid', 'custom-facebook-feed' ),
990	'reconnect' => __( 'Reconnect', 'custom-facebook-feed' ),
991	'feed' => __( 'feed', 'custom-facebook-feed' ),

1117	'accessToken' => __( 'Facebook Access Token', 'custom-facebook-feed' ),
1118	'enterToken' => __( 'Enter Token', 'custom-facebook-feed' ),
1119	'addApp' => __( 'Add Facebook App to your group', 'custom-facebook-feed' ),
1120	+ 'addAppDetails' => __( 'To get posts from your group, Facebook requires the "Smash Balloon Wordpress" app to be added in your group settings. Just follow the directions here:', 'custom-facebook-feed' ),
1121	'addAppSteps' => [
1122	__( 'Go to your group settings page by ', 'custom-facebook-feed' ),
1123	+ sprintf( __( 'Search for "Smash Balloon WordPress" and select our app %s(see screenshot)%s', 'custom-facebook-feed' ), '<a href="JavaScript:void(0);" id="cff-group-app-tooltip">', '<img class="cff-group-app-screenshot sb-tr-1" src="' . trailingslashit( CFF_PLUGIN_URL ) . 'admin/assets/img/group-app.png" alt="Thumbnail Layout"></a>'),
1124	__( 'Click "Add" and you are done.', 'custom-facebook-feed' )
1125	],
1126	+ 'reconnectingAppDir' => __( 'If you are reconnecting an existing Group then make sure to follow the directions above to add this new app to your Group settings. The previous app will no longer work. This is required in order for new posts to be retrieved.', 'custom-facebook-feed' ),
1127	'appMemberInstructions' => sprintf( __( 'To display a feed form this group, Facebook requires the admin to add the Smash Balloon app in the group settings. Please ask an admin to follow the %sdirections here%s to add the app.', 'custom-facebook-feed' ), '<a href="https://smashballoon.com/doc/display-facebook-group-feed/" target="_blank" rel="noopener noreferrer">', '</a>' ) . '<br><br>' . __( 'Once this is done, you will be able to display a feed from this group.', 'custom-facebook-feed' ),
1128	'notAdmin' => __( 'For groups you are not an administrator of', 'custom-facebook-feed' ),
1129	'disclaimer' => sprintf( __( 'Please note: There are Facebook limitations to displaying group content which may prevent older posts from being displayed. Please %ssee here%s for more information.', 'custom-facebook-feed' ), '<a href="https://smashballoon.com/doc/facebook-api-change-limits-groups-to-90-days/" target="_blank" rel="noopener noreferrer">', '</a>' ),

1508	public static function get_source_list( $page = 1 ) {
1509	$args['page'] = $page;
1510	$source_data = CFF_Db::source_query( $args );
1511	+ $encryption = new SB_Facebook_Data_Encryption();
1512
1513	$legacy_data = \CustomFacebookFeed\CFF_FB_Settings::get_legacy_settings( array() );
1514

1516
1517	$return = array();
1518	foreach ( $source_data as $source ) {
1519	+ $info = ! empty( $source['info'] ) ? json_decode($encryption->decrypt( $source['info'] ) ) : array();
1520	$avatar = \CustomFacebookFeed\CFF_Parse::get_avatar( $info );
1521
1522	$source['avatar_url'] = $avatar;
1523
1524	+ $source['needs_update'] = CFF_Source::needs_update( $source, $info );
1525	+
1526	if ( $source['account_id'] === $legacy_id ) {
1527	$source['used_in'] = $source['used_in'] + 1;
1528	if ( ! isset( $source['instances'] ) ) {

2583	include_once CFF_BUILDER_DIR . 'templates/builder.php';
2584	}
2585
2586	+ }

inc/Builder/CFF_Feed_Saver.php CHANGED Viewed

	@@ -8,6 +8,7 @@
8	namespace CustomFacebookFeed\Builder;
9
10	use CustomFacebookFeed\CFF_FB_Settings;

11
12	class CFF_Feed_Saver {
13
	@@ -219,6 +220,7 @@ class CFF_Feed_Saver {
219	* @since 4.0
220	*/
221	public function update() {

222	if ( ! isset( $this->sanitized_and_sorted_data ) ) {
223	return false;
224	}
	@@ -231,6 +233,8 @@ class CFF_Feed_Saver {
231
232	if ( $this->is_legacy ) {
233	$to_save_json = \CustomFacebookFeed\CFF_Utils::cff_json_encode( $settings_array );


234	return update_option( 'cff_legacy_feed_settings', $to_save_json );
235	}
236
	@@ -282,10 +286,10 @@ class CFF_Feed_Saver {
282	*
283	* @since 4.0
284	*/
285	- public function get_feed_settings() {

286	if ( $this->is_legacy ) {
287	- $return = CFF_FB_Settings::get_legacy_settings( array() );
288	-
289	$this->feed_db_data = array(
290	'id' => 'legacy',
291	'feed_name' => __( 'Legacy Feeds', 'custom-facebook-feed' ),
	@@ -351,9 +355,9 @@ class CFF_Feed_Saver {
351	'account_id' => stripslashes( $source['account_id'] ),
352	'account_type' => stripslashes( $source['account_type'] ),
353	'privilege' => stripslashes( $source['privilege'] ),
354	- 'access_token' => stripslashes( $source['access_token'] ),
355	'username' => stripslashes( $source['username'] ),
356	- 'info' => stripslashes( $source['info'] ),
357	'error' => stripslashes( $source['error'] ),
358	'expires' => stripslashes( $source['expires'] ),
359	'avatar_url' => stripslashes( $source['avatar_url'] ),
	@@ -381,9 +385,9 @@ class CFF_Feed_Saver {
381	'account_id' => stripslashes( $source_query[0]['account_id'] ),
382	'account_type' => stripslashes( $source_query[0]['account_type'] ),
383	'privilege' => stripslashes( $source_query[0]['privilege'] ),
384	- 'access_token' => stripslashes( $source_query[0]['access_token'] ),
385	'username' => stripslashes( $source_query[0]['username'] ),
386	- 'info' => stripslashes( $source_query[0]['info'] ),
387	'expires' => stripslashes( $source_query[0]['expires'] ),
388	);
389
	@@ -422,6 +426,7 @@ class CFF_Feed_Saver {
422
423	$args = array( 'id' => $sources );
424	$source_query = CFF_Db::source_query( $args );

425
426	$return['sources'] = array();
427	if ( ! empty( $source_query ) ) {
	@@ -430,9 +435,9 @@ class CFF_Feed_Saver {
430	'record_id' => stripslashes( $source['id'] ),
431	'account_id' => stripslashes( $source['account_id'] ),
432	'account_type' => stripslashes( $source['account_type'] ),
433	- 'access_token' => stripslashes( $source['access_token'] ),
434	'username' => stripslashes( $source['username'] ),
435	- 'info' => stripslashes( $source['info'] ),
436	'expires' => stripslashes( $source['expires'] ),
437	);
438	}
	@@ -798,8 +803,9 @@ class CFF_Feed_Saver {
798
799	public static function set_legacy_feed_settings() {
800	$to_save = CFF_Post_Set::legacy_to_builder_convert();
801	-
802	$to_save_json = \CustomFacebookFeed\CFF_Utils::cff_json_encode( $to_save );

803
804	update_option( 'cff_legacy_feed_settings', $to_save_json );
805	}


8	namespace CustomFacebookFeed\Builder;
9
10	use CustomFacebookFeed\CFF_FB_Settings;
11	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
12
13	class CFF_Feed_Saver {
14

220	* @since 4.0
221	*/
222	public function update() {
223	+ $encryption = new SB_Facebook_Data_Encryption();
224	if ( ! isset( $this->sanitized_and_sorted_data ) ) {
225	return false;
226	}

233
234	if ( $this->is_legacy ) {
235	$to_save_json = \CustomFacebookFeed\CFF_Utils::cff_json_encode( $settings_array );
236	+ $to_save_json = $encryption->maybe_encrypt( $to_save_json );
237	+
238	return update_option( 'cff_legacy_feed_settings', $to_save_json );
239	}
240

286	*
287	* @since 4.0
288	*/
289	+ public function get_feed_settings( $is_export = false ) {
290	+ $encryption = new SB_Facebook_Data_Encryption();
291	if ( $this->is_legacy ) {
292	+ $return = CFF_FB_Settings::get_legacy_settings( array() ) ;

293	$this->feed_db_data = array(
294	'id' => 'legacy',
295	'feed_name' => __( 'Legacy Feeds', 'custom-facebook-feed' ),

355	'account_id' => stripslashes( $source['account_id'] ),
356	'account_type' => stripslashes( $source['account_type'] ),
357	'privilege' => stripslashes( $source['privilege'] ),
358	+ 'access_token' => $is_export === true ? stripslashes( $source['access_token'] ) : stripslashes( $encryption->decrypt( $source['access_token'] ) ),
359	'username' => stripslashes( $source['username'] ),
360	+ 'info' => stripslashes( $encryption->decrypt( $source['info'] ) ),
361	'error' => stripslashes( $source['error'] ),
362	'expires' => stripslashes( $source['expires'] ),
363	'avatar_url' => stripslashes( $source['avatar_url'] ),

385	'account_id' => stripslashes( $source_query[0]['account_id'] ),
386	'account_type' => stripslashes( $source_query[0]['account_type'] ),
387	'privilege' => stripslashes( $source_query[0]['privilege'] ),
388	+ 'access_token' => stripslashes( $encryption->decrypt( $source_query[0]['access_token'] ) ),
389	'username' => stripslashes( $source_query[0]['username'] ),
390	+ 'info' => stripslashes( $encryption->decrypt( $source_query[0]['info'] ) ),
391	'expires' => stripslashes( $source_query[0]['expires'] ),
392	);
393

426
427	$args = array( 'id' => $sources );
428	$source_query = CFF_Db::source_query( $args );
429	+ $encryption = new SB_Facebook_Data_Encryption();
430
431	$return['sources'] = array();
432	if ( ! empty( $source_query ) ) {

435	'record_id' => stripslashes( $source['id'] ),
436	'account_id' => stripslashes( $source['account_id'] ),
437	'account_type' => stripslashes( $source['account_type'] ),
438	+ 'access_token' => stripslashes( $encryption->decrypt( $source['access_token'] ) ),
439	'username' => stripslashes( $source['username'] ),
440	+ 'info' => stripslashes( $encryption->decrypt( $source['info'] ) ),
441	'expires' => stripslashes( $source['expires'] ),
442	);
443	}

803
804	public static function set_legacy_feed_settings() {
805	$to_save = CFF_Post_Set::legacy_to_builder_convert();
806	+ $encryption = new SB_Facebook_Data_Encryption();
807	$to_save_json = \CustomFacebookFeed\CFF_Utils::cff_json_encode( $to_save );
808	+ $to_save_json = $encryption->maybe_encrypt( $to_save_json );
809
810	update_option( 'cff_legacy_feed_settings', $to_save_json );
811	}

inc/Builder/CFF_Feed_Saver_Manager.php CHANGED Viewed

	@@ -89,6 +89,7 @@ class CFF_Feed_Saver_Manager {
89	$settings_data['playlist'] = CFF_Source::extract_id( $settings_data['playlist'], 'playlist' );
90	}
91

92	$feed_saver = new CFF_Feed_Saver( $feed_id );
93	$feed_saver->set_feed_name( $feed_name );
94	$feed_saver->set_data( $settings_data );


89	$settings_data['playlist'] = CFF_Source::extract_id( $settings_data['playlist'], 'playlist' );
90	}
91
92	+ unset($settings_data['accesstoken']);
93	$feed_saver = new CFF_Feed_Saver( $feed_id );
94	$feed_saver->set_feed_name( $feed_name );
95	$feed_saver->set_data( $settings_data );

inc/Builder/CFF_Source.php CHANGED Viewed

	@@ -33,7 +33,11 @@ class CFF_Source {
33	* @since 4.0
34	*/
35	public static function builder_update() {
36	- ~~check_ajax_referer(~~ 'cff-admin' ~~, 'nonce')~~;




37
38	$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
39	$cap = apply_filters( 'cff_settings_pages_capability', $cap );
	@@ -108,7 +112,8 @@ class CFF_Source {
108
109	// don't update or insert the access token if there is an API error
110	if ( ! isset( $header_details->error ) && ! isset( $header_details->cached_error ) ) {
111	- $source_data['error'] = '';

112	CFF_Source::update_or_insert( $source_data );
113	}
114
	@@ -150,7 +155,8 @@ class CFF_Source {
150	$source_data['info'] = $header_details;
151	// don't update or insert the access token if there is an API error
152	if ( ! isset( $header_details->error ) ) {
153	- $source_data['error'] = '';

154	CFF_Source::update_or_insert( $source_data );
155	}
156	endforeach;
	@@ -377,8 +383,8 @@ class CFF_Source {
377	#$urls['group'] = 'https://api.smashballoon.com/v2/facebook-group-login.php?state=' . $admin_url_state;
378
379	$sb_admin_email = get_option('admin_email');
380	- $urls['page'] = 'https://connect.smashballoon.com/auth/fb/?wordpress_user=' . $sb_admin_email . '&state=';
381	- $urls['group'] = 'https://connect.smashballoon.com/auth/fb/?wordpress_user=' . $sb_admin_email . '&state=';
382	$urls['stateURL'] = $admin_url_state;
383
384	return $urls;
	@@ -586,6 +592,8 @@ class CFF_Source {
586	}
587	CFF_Source::insert( $source_data );
588	}


589	}
590
591	/**
	@@ -642,11 +650,62 @@ class CFF_Source {
642	if ( isset( $source_data['name'] ) ) {
643	$source_data['username'] = $source_data['name'];
644	}
645	- $data = $source_data;
646
647	return CFF_Db::source_update( $data, $where );
648	}
649



















































650	/**
651	* Attempts to find the album or playlist ID from
652	* a Facebook URL
	@@ -690,7 +749,6 @@ class CFF_Source {
690	$id = explode( '.', $id_pieces )[1];
691	} else {
692	$id = $matches[0];
693	- error_log(json_encode($matches));
694	}
695	}
696
	@@ -997,4 +1055,4 @@ class CFF_Source {
997	);
998	return \CustomFacebookFeed\Builder\CFF_Source::update_or_insert( $source_data );
999	}
1000	- }


33	* @since 4.0
34	*/
35	public static function builder_update() {
36	+ $action = 'cff-admin';
37	+ if ( ! empty( $_POST['settings_page'] ) ) {
38	+ $action = 'cff_admin_nonce';
39	+ }
40	+ check_ajax_referer( $action , 'nonce');
41
42	$cap = current_user_can( 'manage_custom_facebook_feed_options' ) ? 'manage_custom_facebook_feed_options' : 'manage_options';
43	$cap = apply_filters( 'cff_settings_pages_capability', $cap );

112
113	// don't update or insert the access token if there is an API error
114	if ( ! isset( $header_details->error ) && ! isset( $header_details->cached_error ) ) {
115	+ $source_data['error'] = '';
116	+ $source_data['info']->connected_version = CFFVER;
117	CFF_Source::update_or_insert( $source_data );
118	}
119

155	$source_data['info'] = $header_details;
156	// don't update or insert the access token if there is an API error
157	if ( ! isset( $header_details->error ) ) {
158	+ $source_data['error'] = '';
159	+ $source_data['info']->connected_version = CFFVER;
160	CFF_Source::update_or_insert( $source_data );
161	}
162	endforeach;

383	#$urls['group'] = 'https://api.smashballoon.com/v2/facebook-group-login.php?state=' . $admin_url_state;
384
385	$sb_admin_email = get_option('admin_email');
386	+ $urls['page'] = 'https://connect.smashballoon.com/auth/fb/?wordpress_user=' . $sb_admin_email . '&vn=' . CFFVER . '&state=';
387	+ $urls['group'] = 'https://connect.smashballoon.com/auth/fb/?wordpress_user=' . $sb_admin_email . '&vn=' . CFFVER . '&state=';
388	$urls['stateURL'] = $admin_url_state;
389
390	return $urls;

592	}
593	CFF_Source::insert( $source_data );
594	}
595	+
596	+ CFF_Source::after_update_or_insert( $source_data );
597	}
598
599	/**

650	if ( isset( $source_data['name'] ) ) {
651	$source_data['username'] = $source_data['name'];
652	}
653	+ $data = $source_data;
654
655	return CFF_Db::source_update( $data, $where );
656	}
657
658	+ /**
659	+ * Do something after a source is updated or inserted
660	+ *
661	+ * @param array $source_data
662	+ * @since 4.0.6/4.0.9
663	+ */
664	+ public static function after_update_or_insert( $source_data ) {
665	+
666	+ // check to see if all groups updated
667	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
668	+
669	+ if ( empty( $cff_statuses_option['groups_need_update'] ) ) {
670	+ return;
671	+ }
672	+ $groups = \CustomFacebookFeed\Builder\CFF_Db::source_query( array( 'type' => 'group' ) );
673	+
674	+ $cff_statuses_option['groups_need_update'] = false;
675	+ if ( empty( $groups ) ) {
676	+ update_option( 'cff_statuses', $cff_statuses_option, false );
677	+ } else {
678	+ $encryption = new \CustomFacebookFeed\SB_Facebook_Data_Encryption();
679	+ $groups_need_update = false;
680	+ foreach ( $groups as $source ) {
681	+ $info = ! empty( $source['info'] ) ? json_decode( $encryption->decrypt( $source['info'] ) ) : array();
682	+ if ( \CustomFacebookFeed\Builder\CFF_Source::needs_update( $source, $info ) ) {
683	+ $groups_need_update = true;
684	+ }
685	+ }
686	+ $cff_statuses_option['groups_need_update'] = $groups_need_update;
687	+ update_option( 'cff_statuses', $cff_statuses_option, false );
688	+ }
689	+ }
690	+
691	+ /**
692	+ * @param array $source
693	+ * @param array $source_info
694	+ *
695	+ * @return bool
696	+ * @since 4.0.6/4.0.9
697	+ */
698	+ public static function needs_update( $source, $source_info ) {
699	+ if ( 'group' === $source['account_type'] ) {
700	+ $connected_version = is_object( $source_info ) && isset( $source_info->connected_version ) ? $source_info->connected_version : 0;
701	+ if ( version_compare( $connected_version, '4.0.9', '<' ) ) {
702	+ return true;
703	+ }
704	+ }
705	+
706	+ return false;
707	+ }
708	+
709	/**
710	* Attempts to find the album or playlist ID from
711	* a Facebook URL

749	$id = explode( '.', $id_pieces )[1];
750	} else {
751	$id = $matches[0];

752	}
753	}
754

1055	);
1056	return \CustomFacebookFeed\Builder\CFF_Source::update_or_insert( $source_data );
1057	}
1058	+ }

inc/Builder/Controls/CFF_Customview_Control.php CHANGED Viewed

	@@ -122,11 +122,6 @@ class CFF_Customview_Control extends CFF_Controls_Base{
122	<span>{{source.account_id}}</span>
123	<div class="cff-fb-srcs-info-icon" v-html="svgIcons['copy2']" @click.prevent.default="copyToClipBoard(source.account_id)"></div>
124	</div>
125	- <div class="cff-fb-srcs-info-item">
126	- <strong>{{genericText.token}}</strong>
127	- <span>{{source.access_token}}</span>
128	- <div class="cff-fb-srcs-info-icon" v-html="svgIcons['copy2']" @click.prevent.default="copyToClipBoard(source.access_token)"></div>
129	- </div>
130	</div>
131	</div>
132


122	<span>{{source.account_id}}</span>
123	<div class="cff-fb-srcs-info-icon" v-html="svgIcons['copy2']" @click.prevent.default="copyToClipBoard(source.account_id)"></div>
124	</div>





125	</div>
126	</div>
127

inc/CFF_Cache.php CHANGED Viewed

	@@ -8,6 +8,7 @@
8	*/
9
10	namespace CustomFacebookFeed;

11
12	class CFF_Cache {
13
	@@ -76,6 +77,11 @@ class CFF_Cache {
76	*/
77	private $header_backup;
78





79	/**
80	* CFF_Cache constructor. Set the feed id, cache key, legacy
81	*
	@@ -96,6 +102,7 @@ class CFF_Cache {
96	}
97
98	$this->feed_id = $feed_id;

99	}
100
101	/**
	@@ -209,29 +216,31 @@ class CFF_Cache {
209	* @since 4.0
210	*/
211	public function get( $type ) {

212	switch( $type ) {
213	case 'posts':
214	- return $this->posts;
215	break;
216	case 'posts' . $this->suffix:
217	- return $this->posts_page;
218	break;
219	case 'header':
220	- return $this->header;
221	break;
222	case 'resized_images':
223	- return $this->resized_images;
224	break;
225	case 'meta':
226	- return $this->meta;
227	break;
228	case 'posts_backup':
229	- return $this->posts_backup;
230	break;
231	case 'header_backup':
232	- return $this->header_backup;
233	break;
234	}

235	}
236
237	/**
	@@ -294,16 +303,18 @@ class CFF_Cache {
294	$cache_value = CFF_Utils::cff_json_encode( $cache_value );
295	}
296


297	if ( $this->is_legacy ) {
298	if ( $cache_key === 'posts' ) {
299	- set_transient( $this->feed_id, $~~cache_value~~, $this->cache_time );
300	if ( $include_backup ) {
301	- set_transient( '!cff_backup_' . $this->feed_id, $~~cache_value~~, YEAR_IN_SECONDS );
302	}
303	} elseif ( strpos( $cache_key, 'posts' ) !== false ) {
304	- set_transient( $this->feed_id, $~~cache_value~~, $this->cache_time );
305	} elseif ( strpos( $cache_key, 'header' ) !== false ) {
306	- set_transient( $this->feed_id, $~~cache_value~~, $this->cache_time );
307	}
308
309	return 1;
	@@ -322,7 +333,7 @@ class CFF_Cache {
322	$where = array();
323	$format = array();
324
325	- $data['cache_value'] = $cache_value;
326	$format[] = '%s';
327
328	$data['last_updated'] = date( 'Y-m-d H:i:s' );
	@@ -380,7 +391,7 @@ class CFF_Cache {
380	$affected = $wpdb->query( $wpdb->prepare(
381	"UPDATE $cache_table_name
382	SET cache_value = ''
383	- WHERE feed_id = %d
384	AND cache_key NOT IN ( 'posts', 'posts_backup', 'header_backup' );",
385	$this->feed_id ) );
386	} else {
	@@ -545,4 +556,45 @@ class CFF_Cache {
545	private function get_wp_cache_key() {
546	return 'cff_feed_'. $this->feed_id . '_' . $this->page;
547	}









































548	}


8	*/
9
10	namespace CustomFacebookFeed;
11	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
12
13	class CFF_Cache {
14

77	*/
78	private $header_backup;
79
80	+ /**
81	+ * @var object\|SB_Facebook_Data_Encryption
82	+ */
83	+ protected $encryption;
84	+
85	/**
86	* CFF_Cache constructor. Set the feed id, cache key, legacy
87	*

102	}
103
104	$this->feed_id = $feed_id;
105	+ $this->encryption = new SB_Facebook_Data_Encryption();
106	}
107
108	/**

216	* @since 4.0
217	*/
218	public function get( $type ) {
219	+ $return = array();
220	switch( $type ) {
221	case 'posts':
222	+ $return = $this->posts;
223	break;
224	case 'posts' . $this->suffix:
225	+ $return = $this->posts_page;
226	break;
227	case 'header':
228	+ $return = $this->header;
229	break;
230	case 'resized_images':
231	+ $return = $this->resized_images;
232	break;
233	case 'meta':
234	+ $return = $this->meta;
235	break;
236	case 'posts_backup':
237	+ $return = $this->posts_backup;
238	break;
239	case 'header_backup':
240	+ $return = $this->header_backup;
241	break;
242	}
243	+ return $this->maybe_decrypt( $return );
244	}
245
246	/**

303	$cache_value = CFF_Utils::cff_json_encode( $cache_value );
304	}
305
306	+ $encrypted_cache_value = $this->maybe_encrypt( $cache_value );
307	+
308	if ( $this->is_legacy ) {
309	if ( $cache_key === 'posts' ) {
310	+ set_transient( $this->feed_id, $encrypted_cache_value, $this->cache_time );
311	if ( $include_backup ) {
312	+ set_transient( '!cff_backup_' . $this->feed_id, $encrypted_cache_value, YEAR_IN_SECONDS );
313	}
314	} elseif ( strpos( $cache_key, 'posts' ) !== false ) {
315	+ set_transient( $this->feed_id, $encrypted_cache_value, $this->cache_time );
316	} elseif ( strpos( $cache_key, 'header' ) !== false ) {
317	+ set_transient( $this->feed_id, $encrypted_cache_value, $this->cache_time );
318	}
319
320	return 1;

333	$where = array();
334	$format = array();
335
336	+ $data['cache_value'] = $this->maybe_encrypt( $cache_value );
337	$format[] = '%s';
338
339	$data['last_updated'] = date( 'Y-m-d H:i:s' );

391	$affected = $wpdb->query( $wpdb->prepare(
392	"UPDATE $cache_table_name
393	SET cache_value = ''
394	+ WHERE feed_id = %d
395	AND cache_key NOT IN ( 'posts', 'posts_backup', 'header_backup' );",
396	$this->feed_id ) );
397	} else {

556	private function get_wp_cache_key() {
557	return 'cff_feed_'. $this->feed_id . '_' . $this->page;
558	}
559	+ /**
560	+ * Uses a raw value and attempts to encrypt it
561	+ *
562	+ * @param $value
563	+ *
564	+ * @return bool\|string
565	+ */
566	+ private function maybe_encrypt( $value ) {
567	+ if ( ! empty( $value ) && ! is_string( $value ) ) {
568	+ $value = cff_json_encode( $value );
569	+ }
570	+ if ( empty( $value ) ) {
571	+ return $value;
572	+ }
573	+
574	+ return $this->encryption->encrypt( $value );
575	+ }
576	+
577	+ /**
578	+ * Uses a raw value and attempts to decrypt it
579	+ *
580	+ * @param $value
581	+ *
582	+ * @return bool\|string
583	+ */
584	+ private function maybe_decrypt( $value ) {
585	+ if ( ! is_string( $value ) ) {
586	+ return $value;
587	+ }
588	+ if ( strpos( $value, '{' ) === 0 ) {
589	+ return $value;
590	+ }
591	+
592	+ $decrypted = $this->encryption->decrypt( $value );
593	+
594	+ if ( ! $decrypted ) {
595	+ return $value;
596	+ }
597	+
598	+ return $decrypted;
599	+ }
600	}

inc/CFF_Error_Reporter.php CHANGED Viewed

	@@ -308,6 +308,12 @@ class CFF_Error_Reporter
308	delete_option( $this->reporter_key );
309	}
310






311	/**
312	* @param $type
313	* @param $message


308	delete_option( $this->reporter_key );
309	}
310
311	+ public function reset_api_errors() {
312	+ $this->errors['connection'] = array();
313	+ $this->errors['accounts'] = array();
314	+ update_option( $this->reporter_key, $this->errors, false );
315	+ }
316	+
317	/**
318	* @param $type
319	* @param $message

inc/CFF_FB_Settings.php CHANGED Viewed

	@@ -390,7 +390,10 @@ class CFF_FB_Settings {
390	* @return array
391	*/
392	public static function get_legacy_settings( $shortcode_atts ) {

393	$options = get_option( 'cff_legacy_feed_settings', array() );


394	if ( ! empty( $options ) ) {
395	$options = json_decode( $options, true );
396	if ( empty( $options['id'] ) \|\| empty( $options['sources'] ) ) {


390	* @return array
391	*/
392	public static function get_legacy_settings( $shortcode_atts ) {
393	+ $encryption = new SB_Facebook_Data_Encryption();
394	$options = get_option( 'cff_legacy_feed_settings', array() );
395	+ $options = $encryption->maybe_decrypt( $options );
396	+
397	if ( ! empty( $options ) ) {
398	$options = json_decode( $options, true );
399	if ( empty( $options['id'] ) \|\| empty( $options['sources'] ) ) {

inc/CFF_Group_Posts.php CHANGED Viewed

	@@ -7,6 +7,7 @@
7	* @since 3.19.3
8	*/
9	namespace CustomFacebookFeed;

10	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
11
12
	@@ -57,8 +58,10 @@ class CFF_Group_Posts{
57	*/
58	private $is_event_page;
59
60	-
61	-


62
63	/**
64	* Construct.
	@@ -69,6 +72,7 @@ class CFF_Group_Posts{
69	* @access public
70	*/
71	function __construct($group_id, $feed_options, $api_call_url, $data_att_html,$is_event_page) {

72	$this->cache_name = '!cff_group_'. $group_id . '_' . str_replace(',', '_', $feed_options['type']);
73	$this->posts_cache_data = get_option($this->cache_name);
74	$this->feed_options = $feed_options;
	@@ -83,7 +87,7 @@ class CFF_Group_Posts{
83	$this->posts_cache_data->shortcode_options = $this->data_att_html;
84	$this->posts_cache_data->data = [];
85	}else{
86	- $this->posts_cache_data = json_decode($this->posts_cache_data);
87	}
88
89	}
	@@ -232,7 +236,7 @@ class CFF_Group_Posts{
232	$this->posts_cache_data->is_event_page = $this->is_event_page;
233	$this->posts_cache_data->data = array_slice( $this->posts_array, 0, 100 );
234	if(sizeof($this->posts_array) > 0){
235	- update_option( $this->cache_name, json_encode($this->posts_cache_data), false );
236	}
237
238	}
	@@ -288,13 +292,14 @@ class CFF_Group_Posts{
288	static function cron_update_group_persistent_cache(){
289	global $wpdb;
290	$table_name = $wpdb->prefix . "options";

291	$persistent_groups = $wpdb->get_results( "
292	SELECT `option_name` AS `name`, `option_value` AS `value`
293	FROM $table_name
294	WHERE `option_name` LIKE ('%!cff\_group\_%')
295	" );
296	foreach ($persistent_groups as $group) {
297	- $group_json = json_decode($group->value, true);
298	CFF_Group_Posts::update_or_add_group($group->name, $group_json);
299	}
300	}
	@@ -311,6 +316,7 @@ class CFF_Group_Posts{
311	$is_event_page = isset($group_cache['is_event_page']) ? $group_cache['is_event_page'] : false;
312	$data_att_html = $group_cache['shortcode_options'];
313	$new_cached_posts = $cached_posts;

314
315	$posts_array_api = json_decode(CFF_Group_Posts::api_call($api_url, $data_att_html));
316	foreach ($posts_array_api->data as $single_post) {
	@@ -336,7 +342,7 @@ class CFF_Group_Posts{
336	$new_cached_posts = array_slice( $new_cached_posts, 0, 100 );
337	$posts_cache_data->data = $new_cached_posts;
338	if(sizeof($new_cached_posts) > 0){
339	- update_option( $cache_name, json_encode($posts_cache_data), false );
340	}
341
342	}


7	* @since 3.19.3
8	*/
9	namespace CustomFacebookFeed;
10	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
11	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
12
13

58	*/
59	private $is_event_page;
60
61	+ /**
62	+ * @var class
63	+ */
64	+ private $encryption;
65
66	/**
67	* Construct.

72	* @access public
73	*/
74	function __construct($group_id, $feed_options, $api_call_url, $data_att_html,$is_event_page) {
75	+ $this->encryption = new SB_Facebook_Data_Encryption();
76	$this->cache_name = '!cff_group_'. $group_id . '_' . str_replace(',', '_', $feed_options['type']);
77	$this->posts_cache_data = get_option($this->cache_name);
78	$this->feed_options = $feed_options;

87	$this->posts_cache_data->shortcode_options = $this->data_att_html;
88	$this->posts_cache_data->data = [];
89	}else{
90	+ $this->posts_cache_data = json_decode( $this->encryption->maybe_decrypt( $this->posts_cache_data ) ) ;
91	}
92
93	}

236	$this->posts_cache_data->is_event_page = $this->is_event_page;
237	$this->posts_cache_data->data = array_slice( $this->posts_array, 0, 100 );
238	if(sizeof($this->posts_array) > 0){
239	+ update_option( $this->cache_name, $this->encryption->maybe_encrypt( json_encode($this->posts_cache_data) ) , false );
240	}
241
242	}

292	static function cron_update_group_persistent_cache(){
293	global $wpdb;
294	$table_name = $wpdb->prefix . "options";
295	+ $encryption = new SB_Facebook_Data_Encryption();
296	$persistent_groups = $wpdb->get_results( "
297	SELECT `option_name` AS `name`, `option_value` AS `value`
298	FROM $table_name
299	WHERE `option_name` LIKE ('%!cff\_group\_%')
300	" );
301	foreach ($persistent_groups as $group) {
302	+ $group_json = json_decode( $encryption->maybe_decrypt( $group->value ), true);
303	CFF_Group_Posts::update_or_add_group($group->name, $group_json);
304	}
305	}

316	$is_event_page = isset($group_cache['is_event_page']) ? $group_cache['is_event_page'] : false;
317	$data_att_html = $group_cache['shortcode_options'];
318	$new_cached_posts = $cached_posts;
319	+ $encryption = new SB_Facebook_Data_Encryption();
320
321	$posts_array_api = json_decode(CFF_Group_Posts::api_call($api_url, $data_att_html));
322	foreach ($posts_array_api->data as $single_post) {

342	$new_cached_posts = array_slice( $new_cached_posts, 0, 100 );
343	$posts_cache_data->data = $new_cached_posts;
344	if(sizeof($new_cached_posts) > 0){
345	+ update_option( $cache_name, $encryption->maybe_encrypt( json_encode( $posts_cache_data ) ), false );
346	}
347
348	}

inc/CFF_Oembed.php CHANGED Viewed

	@@ -247,11 +247,19 @@ class CFF_Oembed
247	public static function last_access_token() {
248	$oembed_token_settings = get_option( 'cff_oembed_token', array() );
249	$will_expire = CFF_Oembed::oembed_access_token_will_expire();


250	if ( ! empty( $oembed_token_settings['access_token'] )
251	&& (! $will_expire \|\| $will_expire > time()) ) {



252	return str_replace(":", ":02Sb981f26534g75h091287a46p5l63", $oembed_token_settings['access_token']);
253	} else {
254	$settings_access_token = trim(get_option('cff_access_token'));



255	if ( ! empty( $settings_access_token ) ) {
256	return str_replace(":", ":02Sb981f26534g75h091287a46p5l63", $settings_access_token);
257	}
	@@ -259,6 +267,9 @@ class CFF_Oembed
259	if ( class_exists( 'SB_Instagram_Oembed' ) ) {
260	$sbi_oembed_token_settings = get_option( 'sbi_oembed_token', array() );
261	if ( ! empty( $sbi_oembed_token_settings['access_token'] ) ) {



262	return $sbi_oembed_token_settings['access_token'];
263	}
264	}
	@@ -405,4 +416,4 @@ function cffOembedInit() {
405	return new CFF_Oembed();
406	}
407	cffOembedInit();
408	- */


247	public static function last_access_token() {
248	$oembed_token_settings = get_option( 'cff_oembed_token', array() );
249	$will_expire = CFF_Oembed::oembed_access_token_will_expire();
250	+ $encryption = new \CustomFacebookFeed\SB_Facebook_Data_Encryption();
251	+
252	if ( ! empty( $oembed_token_settings['access_token'] )
253	&& (! $will_expire \|\| $will_expire > time()) ) {
254	+ if ( $encryption->decrypt( $oembed_token_settings['access_token'] ) ) {
255	+ $oembed_token_settings['access_token'] = $encryption->decrypt( $oembed_token_settings['access_token'] );
256	+ }
257	return str_replace(":", ":02Sb981f26534g75h091287a46p5l63", $oembed_token_settings['access_token']);
258	} else {
259	$settings_access_token = trim(get_option('cff_access_token'));
260	+ if ( $encryption->decrypt( $settings_access_token ) ) {
261	+ $settings_access_token = $encryption->decrypt( $settings_access_token );
262	+ }
263	if ( ! empty( $settings_access_token ) ) {
264	return str_replace(":", ":02Sb981f26534g75h091287a46p5l63", $settings_access_token);
265	}

267	if ( class_exists( 'SB_Instagram_Oembed' ) ) {
268	$sbi_oembed_token_settings = get_option( 'sbi_oembed_token', array() );
269	if ( ! empty( $sbi_oembed_token_settings['access_token'] ) ) {
270	+ if ( $encryption->decrypt( $sbi_oembed_token_settings['access_token'] ) ) {
271	+ $sbi_oembed_token_settings['access_token'] = $encryption->decrypt( $sbi_oembed_token_settings['access_token'] );
272	+ }
273	return $sbi_oembed_token_settings['access_token'];
274	}
275	}

416	return new CFF_Oembed();
417	}
418	cffOembedInit();
419	+ */

inc/CFF_Shortcode.php CHANGED Viewed

	@@ -8,6 +8,7 @@
8	namespace CustomFacebookFeed;
9
10	use CustomFacebookFeed\Builder\CFF_Source;

11
12	if ( ! defined( 'ABSPATH' ) ) {
13	die( '-1' );
	@@ -290,6 +291,7 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
290	* @since 2.19
291	*/
292	public function display_cff($atts) {

293	$this->options = get_option('cff_style_settings');
294	$data_att_html = $this->cff_get_shortcode_data_attribute_html( $atts );
295	$feed_id = empty( $atts['feed'] ) ? 'default' : intval( $atts['feed'] );
	@@ -300,7 +302,10 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
300	$this->atts = $this->fb_feed_settings->get_settings();
301	$id_and_token = $this->fb_feed_settings->get_id_and_token();
302	$this->page_id = $id_and_token['id'];
303	- ~~$this->access_token = $id_and_token['token'];~~



304	$this->atts = $this->cff_get_processed_options( $this->atts );
305
306	} else {
	@@ -1835,7 +1840,8 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
1835
1836	if ( ! CFF_Utils::cff_is_pro_version() ) {
1837	$this->page_id = $settings['id'];
1838	- $~~this->access_token~~ = ~~$settings['accesstoken']~~;

1839	$this->feed_id = ! empty( $feed_id ) ? $feed_id : 'default';
1840	}
1841
	@@ -1951,7 +1957,10 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
1951	if($cff_cache_time_unit == 'minutes') $cff_cache_time_unit = 60;
1952	if($cff_cache_time_unit == 'hour' \|\| $cff_cache_time_unit == 'hours') $cff_cache_time_unit = 60*60;
1953	if($cff_cache_time_unit == 'days') $cff_cache_time_unit = 606024;
1954	- ~~$cache_seconds~~ = $cff_cache_time * ~~$cff_cache_time_unit;~~



1955
1956
1957	//********************************************//
	@@ -2165,6 +2174,8 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
2165	}
2166
2167	public static function get_single_event_data( $eventID, $access_token ) {


2168	//Is it SSL?
2169	$cff_ssl = '';
2170	if (is_ssl()) $cff_ssl = '&return_ssl_resources=true';
	@@ -2176,13 +2187,13 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
2176	$transient_name = 'cff_tle_' . $eventID;
2177	$transient_name = substr($transient_name, 0, 45);
2178
2179	- if ( false === ( $event_json = get_transient( $transient_name ) ) \|\| $event_json === null ) {
2180	//Get the contents of the Facebook page
2181	$event_json = CFF_Utils::cff_fetchUrl($event_json_url);
2182	//Cache the JSON for 180 days as the timeline event info probably isn't going to change
2183	- set_transient( $transient_name, $event_json, 60 * 60 * 24 * 180 );
2184	} else {
2185	- $event_json = get_transient( $transient_name );
2186	//If we can't find the transient then fall back to just getting the json from the api
2187	if ($event_json == false) $event_json = CFF_Utils::cff_fetchUrl($event_json_url);
2188	}
	@@ -2252,4 +2263,4 @@ class CFF_Shortcode extends CFF_Shortcode_Display{
2252	}
2253
2254
2255	- }


8	namespace CustomFacebookFeed;
9
10	use CustomFacebookFeed\Builder\CFF_Source;
11	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
12
13	if ( ! defined( 'ABSPATH' ) ) {
14	die( '-1' );

291	* @since 2.19
292	*/
293	public function display_cff($atts) {
294	+ do_action( 'cff_before_display_facebook' );
295	$this->options = get_option('cff_style_settings');
296	$data_att_html = $this->cff_get_shortcode_data_attribute_html( $atts );
297	$feed_id = empty( $atts['feed'] ) ? 'default' : intval( $atts['feed'] );

302	$this->atts = $this->fb_feed_settings->get_settings();
303	$id_and_token = $this->fb_feed_settings->get_id_and_token();
304	$this->page_id = $id_and_token['id'];
305	+
306	+ $encryption = new SB_Facebook_Data_Encryption();
307	+ $this->access_token = $encryption->decrypt($id_and_token['token']) ? $encryption->decrypt($id_and_token['token']) : $id_and_token['token'];
308	+
309	$this->atts = $this->cff_get_processed_options( $this->atts );
310
311	} else {

1840
1841	if ( ! CFF_Utils::cff_is_pro_version() ) {
1842	$this->page_id = $settings['id'];
1843	+ $encryption = new SB_Facebook_Data_Encryption();
1844	+ $this->access_token = $encryption->decrypt($settings['accesstoken']) ? $encryption->decrypt($settings['accesstoken']) : $settings['accesstoken'];
1845	$this->feed_id = ! empty( $feed_id ) ? $feed_id : 'default';
1846	}
1847

1957	if($cff_cache_time_unit == 'minutes') $cff_cache_time_unit = 60;
1958	if($cff_cache_time_unit == 'hour' \|\| $cff_cache_time_unit == 'hours') $cff_cache_time_unit = 60*60;
1959	if($cff_cache_time_unit == 'days') $cff_cache_time_unit = 606024;
1960	+ if ( intval( $cff_cache_time ) < 1 ) {
1961	+ $cff_cache_time = 1;
1962	+ }
1963	+ $cache_seconds = intval( $cff_cache_time ) * intval( $cff_cache_time_unit );
1964
1965
1966	//********************************************//

2174	}
2175
2176	public static function get_single_event_data( $eventID, $access_token ) {
2177	+ $encryption = new SB_Facebook_Data_Encryption();
2178	+
2179	//Is it SSL?
2180	$cff_ssl = '';
2181	if (is_ssl()) $cff_ssl = '&return_ssl_resources=true';

2187	$transient_name = 'cff_tle_' . $eventID;
2188	$transient_name = substr($transient_name, 0, 45);
2189
2190	+ if ( false === ( $event_json = $encryption->maybe_decrypt( get_transient( $transient_name ) ) ) \|\| $event_json === null ) {
2191	//Get the contents of the Facebook page
2192	$event_json = CFF_Utils::cff_fetchUrl($event_json_url);
2193	//Cache the JSON for 180 days as the timeline event info probably isn't going to change
2194	+ set_transient( $transient_name, $encryption->maybe_encrypt( $event_json ) , 60 * 60 * 24 * 180 );
2195	} else {
2196	+ $event_json = $encryption->maybe_decrypt( get_transient( $transient_name ) );
2197	//If we can't find the transient then fall back to just getting the json from the api
2198	if ($event_json == false) $event_json = CFF_Utils::cff_fetchUrl($event_json_url);
2199	}

2263	}
2264
2265
2266	+ }

inc/CFF_Utils.php CHANGED Viewed

	@@ -7,6 +7,7 @@
7	* @since 2.19
8	*/
9	namespace CustomFacebookFeed;

10
11
12
	@@ -812,6 +813,11 @@ class CFF_Utils{
812	$header_access_token = reset($access_token);
813	if( empty($header_access_token) ) $header_access_token = key($access_token);
814	}





815	$header_details_json_url = 'https://graph.facebook.com/v4.0/'.$page_id.'?fields=id,picture.height(150).width(150),cover,name,link'.$page_only_fields.'&access_token='. $header_access_token;
816
817	//Get the data


7	* @since 2.19
8	*/
9	namespace CustomFacebookFeed;
10	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
11
12
13

813	$header_access_token = reset($access_token);
814	if( empty($header_access_token) ) $header_access_token = key($access_token);
815	}
816	+
817	+ $encryption = new SB_Facebook_Data_Encryption();
818	+ $header_access_token = $encryption->decrypt($header_access_token) ? $encryption->decrypt($header_access_token) : $header_access_token;
819	+
820	+
821	$header_details_json_url = 'https://graph.facebook.com/v4.0/'.$page_id.'?fields=id,picture.height(150).width(150),cover,name,link'.$page_only_fields.'&access_token='. $header_access_token;
822
823	//Get the data

inc/Custom_Facebook_Feed.php CHANGED Viewed

@@ -8,6 +8,7 @@
              */
             namespace CustomFacebookFeed;
             use CustomFacebookFeed\Admin\CFF_Admin;
             use CustomFacebookFeed\Admin\CFF_About;
             use CustomFacebookFeed\Admin\CFF_New_User;
@@ -623,6 +624,36 @@ final class Custom_Facebook_Feed{
             			update_option( 'cff_statuses', $cff_statuses_option );
+            		}
+            	}


8	*/
9
10	namespace CustomFacebookFeed;
11	+ use CustomFacebookFeed\SB_Facebook_Data_Manager;
12	use CustomFacebookFeed\Admin\CFF_Admin;
13	use CustomFacebookFeed\Admin\CFF_About;
14	use CustomFacebookFeed\Admin\CFF_New_User;

624
625	update_option( 'cff_statuses', $cff_statuses_option );
626	}
627	+
628	+ if ( (float) $db_ver < 2.2 ) {
629	+ $manager = new SB_Facebook_Data_Manager();
630	+ $manager->update_db_for_dpa();
631	+ update_option( 'cff_db_version', CFF_DBVERSION );
632	+ }
633	+
634	+ if ( version_compare( $db_ver, '2.4', '<' ) ) {
635	+ update_option( 'cff_db_version', CFF_DBVERSION );
636	+
637	+ $groups = \CustomFacebookFeed\Builder\CFF_Db::source_query( array( 'type' => 'group' ) );
638	+
639	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
640	+ $cff_statuses_option['groups_need_update'] = false;
641	+
642	+ if ( empty( $groups ) ) {
643	+ update_option( 'cff_statuses', $cff_statuses_option, false );
644	+ } else {
645	+ $encryption = new \CustomFacebookFeed\SB_Facebook_Data_Encryption();
646	+ $groups_need_update = false;
647	+ foreach ( $groups as $source ) {
648	+ $info = ! empty( $source['info'] ) ? json_decode( $encryption->decrypt( $source['info'] ) ) : array();
649	+ if ( \CustomFacebookFeed\Builder\CFF_Source::needs_update( $source, $info ) ) {
650	+ $groups_need_update = true;
651	+ }
652	+ }
653	+ $cff_statuses_option['groups_need_update'] = $groups_need_update;
654	+ update_option( 'cff_statuses', $cff_statuses_option, false );
655	+ }
656	+ }
657	}
658
659

inc/SB_Facebook_Data_Encryption.php ADDED Viewed

	@@ -0,0 +1,189 @@


1	+ <?php
2	+ /**
3	+ * Class SB_Facebook_Data_Encryption
4	+ *
5	+ * @copyright 2021 Google LLC
6	+ * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
7	+ * @link https://sitekit.withgoogle.com
8	+ */
9	+
10	+ namespace CustomFacebookFeed;
11	+ // Exit if accessed directly
12	+ if ( ! defined( 'ABSPATH' ) ) {
13	+ exit;
14	+ }
15	+
16	+
17	+ /**
18	+ * Class responsible for encrypting and decrypting data.
19	+ *
20	+ * @since 2.9.4/5.12.4
21	+ * @access private
22	+ * @ignore
23	+ */
24	+ class SB_Facebook_Data_Encryption {
25	+
26	+ /**
27	+ * Key to use for encryption.
28	+ *
29	+ * @since 2.9.4/5.12.4
30	+ * @var string
31	+ */
32	+ private $key;
33	+
34	+ /**
35	+ * Salt to use for encryption.
36	+ *
37	+ * @since 2.9.4/5.12.4
38	+ * @var string
39	+ */
40	+ private $salt;
41	+
42	+ /**
43	+ * Constructor.
44	+ *
45	+ * @since 2.9.4/5.12.4
46	+ */
47	+ public function __construct( $remote = array() ) {
48	+ if ( ! empty( $remote ) ) {
49	+ $this->key = $remote['key'];
50	+ $this->salt = $remote['salt'];
51	+ } else {
52	+ $this->key = $this->get_default_key();
53	+ $this->salt = $this->get_default_salt();
54	+ }
55	+ }
56	+
57	+ /**
58	+ * Encrypts a value.
59	+ *
60	+ * If a user-based key is set, that key is used. Otherwise the default key is used.
61	+ *
62	+ * @since 2.9.4/5.12.4
63	+ *
64	+ * @param string $value Value to encrypt.
65	+ * @return string\|bool Encrypted value, or false on failure.
66	+ */
67	+ public function encrypt( $value ) {
68	+ if ( ! cff_doing_openssl() ) {
69	+ return $value;
70	+ }
71	+
72	+ $method = 'aes-256-ctr';
73	+ $ivlen = openssl_cipher_iv_length( $method );
74	+ $iv = openssl_random_pseudo_bytes( $ivlen );
75	+
76	+ $raw_value = openssl_encrypt( $value . $this->salt, $method, $this->key, 0, $iv );
77	+ if ( ! $raw_value ) {
78	+ return false;
79	+ }
80	+
81	+ return base64_encode( $iv . $raw_value );
82	+ }
83	+
84	+ /**
85	+ * Decrypts a value.
86	+ *
87	+ * If a user-based key is set, that key is used. Otherwise the default key is used.
88	+ *
89	+ * @since 2.9.4/5.12.4
90	+ *
91	+ * @param string $raw_value Value to decrypt.
92	+ * @return string\|bool Decrypted value, or false on failure.
93	+ */
94	+ public function decrypt( $raw_value ) {
95	+ if ( ! cff_doing_openssl() ) {
96	+ return $raw_value;
97	+ }
98	+
99	+ $raw_value = base64_decode( $raw_value, true );
100	+
101	+ $method = 'aes-256-ctr';
102	+ $ivlen = openssl_cipher_iv_length( $method );
103	+ $iv = substr( $raw_value, 0, $ivlen );
104	+
105	+ $raw_value = substr( $raw_value, $ivlen );
106	+
107	+ $value = openssl_decrypt( $raw_value, $method, $this->key, 0, $iv );
108	+ if ( ! $value \|\| substr( $value, - strlen( $this->salt ) ) !== $this->salt ) {
109	+ return false;
110	+ }
111	+
112	+ return substr( $value, 0, - strlen( $this->salt ) );
113	+ }
114	+
115	+
116	+ public function maybe_encrypt( $raw_value ) {
117	+ $maybe_decrypted = $this->decrypt( $raw_value );
118	+
119	+ if ( $maybe_decrypted ) {
120	+ return $this->encrypt( $maybe_decrypted );
121	+ }
122	+
123	+ return $this->encrypt( $raw_value );
124	+ }
125	+
126	+ /**
127	+ * Uses a raw value and attempts to decrypt it
128	+ *
129	+ * @param $value
130	+ *
131	+ * @return bool\|string
132	+ */
133	+ public function maybe_decrypt( $value ) {
134	+ if ( ! is_string( $value ) ) {
135	+ return $value;
136	+ }
137	+ if ( strpos( $value, '{' ) === 0 ) {
138	+ return $value;
139	+ }
140	+
141	+ $decrypted = $this->decrypt( $value );
142	+
143	+ if ( ! $decrypted ) {
144	+ return $value;
145	+ }
146	+
147	+ return $decrypted;
148	+ }
149	+
150	+ /**
151	+ * Gets the default encryption key to use.
152	+ *
153	+ * @since 2.9.4/5.12.4
154	+ *
155	+ * @return string Default (not user-based) encryption key.
156	+ */
157	+ private function get_default_key() {
158	+ if ( defined( 'CFF_ENCRYPTION_KEY' ) && '' !== CFF_ENCRYPTION_KEY ) {
159	+ return CFF_ENCRYPTION_KEY;
160	+ }
161	+
162	+ if ( defined( 'LOGGED_IN_KEY' ) && '' !== LOGGED_IN_KEY ) {
163	+ return LOGGED_IN_KEY;
164	+ }
165	+
166	+ // If this is reached, you're either not on a live site or have a serious security issue.
167	+ return 'das-ist-kein-geheimer-schluessel';
168	+ }
169	+
170	+ /**
171	+ * Gets the default encryption salt to use.
172	+ *
173	+ * @since 2.9.4/5.12.4
174	+ *
175	+ * @return string Encryption salt.
176	+ */
177	+ private function get_default_salt() {
178	+ if ( defined( 'CFF_ENCRYPTION_SALT' ) && '' !== CFF_ENCRYPTION_SALT ) {
179	+ return CFF_ENCRYPTION_SALT;
180	+ }
181	+
182	+ if ( defined( 'LOGGED_IN_SALT' ) && '' !== LOGGED_IN_SALT ) {
183	+ return LOGGED_IN_SALT;
184	+ }
185	+
186	+ // If this is reached, you're either not on a live site or have a serious security issue.
187	+ return 'das-ist-kein-geheimes-salz';
188	+ }
189	+ }

inc/SB_Facebook_Data_Manager.php ADDED Viewed

	@@ -0,0 +1,539 @@


1	+ <?php
2	+ /**
3	+ * Class SB_Facebook_Data_Manager
4	+ *
5	+ * @since 4.1
6	+ */
7	+ namespace CustomFacebookFeed;
8	+ use CustomFacebookFeed\Builder\CFF_Db;
9	+ use CustomFacebookFeed\CFF_Resizer;
10	+ use CustomFacebookFeed\SB_Facebook_Data_Encryption;
11	+
12	+ if ( ! defined( 'ABSPATH' ) ) {
13	+ die( '-1' );
14	+ }
15	+
16	+ class SB_Facebook_Data_Manager {
17	+
18	+ /**
19	+ * Key and salt to use for remote encryption.
20	+ *
21	+ * @var string
22	+ *
23	+ * @since 4.1
24	+ */
25	+ private $key_salt;
26	+
27	+ /**
28	+ * Start manager
29	+ *
30	+ * @since 4.1
31	+ */
32	+ public function init() {
33	+ $this->hooks();
34	+ }
35	+
36	+
37	+ /**
38	+ * Hook into certain features of the plugin and AJAX calls
39	+ *
40	+ * @since 4.1
41	+ */
42	+ public function hooks() {
43	+ add_action( 'cff_before_display_facebook', array( $this, 'update_last_used' ) );
44	+ add_action( 'cff_before_display_facebook', array( $this, 'check' ) );
45	+ add_action( 'sb_facebook_twicedaily', array( $this, 'maybe_delete_old_data' ) );
46	+ }
47	+
48	+ /**
49	+ * To avoid a database update every page load, the check
50	+ * is done once a day
51	+ *
52	+ * @since 4.1
53	+ */
54	+ public function update_last_used() {
55	+ $statuses = $this->get_statuses();
56	+
57	+ // if this hasn't been updated in the last hour
58	+ if ( $statuses['last_used'] < cff_get_current_time() - 3600 ) {
59	+ // update the last used time
60	+ $statuses['last_used'] = cff_get_current_time();
61	+
62	+ $this->update_statuses( $statuses );
63	+ }
64	+
65	+ }
66	+
67	+ /**
68	+ * Check for plain text instagram data in posts table
69	+ *
70	+ * @since 4.1
71	+ */
72	+ public function check() {
73	+ $this->encrypt_json_in_cff_facebook_posts();
74	+ }
75	+
76	+ /**
77	+ * Delete unused data after a period
78	+ *
79	+ * @return bool
80	+ *
81	+ * @since 4.1
82	+ */
83	+ public function maybe_delete_old_data() {
84	+ $statuses = $this->get_statuses();
85	+
86	+ $data_was_deleted = false;
87	+
88	+ if ( $statuses['last_used'] < cff_get_current_time() - (21 * DAY_IN_SECONDS) ) {
89	+
90	+ $this->delete_caches();
91	+ \cff_main()->cff_error_reporter->add_action_log( 'Deleted all platform data.' );
92	+
93	+ $data_was_deleted = true;
94	+ }
95	+
96	+ if ( $statuses['last_used'] < cff_get_current_time() - (90 * DAY_IN_SECONDS) ) {
97	+ CFF_Db::clear_cff_sources();
98	+
99	+ \cff_main()->cff_error_reporter->add_action_log( 'Deleted all connected accounts.' );
100	+
101	+ $data_was_deleted = true;
102	+ }
103	+
104	+ return $data_was_deleted;
105	+ }
106	+
107	+ /**
108	+ * Delete feed caches
109	+ *
110	+ * @param bool $include_backup
111	+ *
112	+ * @since 2.9.4/5.12.4
113	+ */
114	+ public function delete_caches( $include_backup = true ) {
115	+ cff_delete_cache();
116	+ CFF_Resizer::delete_resizing_table_and_images();
117	+ \cff_main()->cff_error_reporter->add_action_log( 'Reset resizing tables.' );
118	+ //CFF_Resizer::create_resizing_table_and_uploads_folder();
119	+ CFF_Db::clear_cff_feed_caches();
120	+ CFF_Db::clear_cff_sources();
121	+ $this->delete_transient_backup_data( true );
122	+ }
123	+
124	+ /**
125	+ * Update all parts of the database for FB platform guidelines
126	+ *
127	+ * @throws Exception
128	+ *
129	+ * @since 4.1
130	+ */
131	+ public function update_db_for_dpa() {
132	+ global $wpdb;
133	+ $encryption = new SB_Facebook_Data_Encryption();
134	+ $table_name_option = $wpdb->prefix . "options";
135	+ $sources_table_name = $wpdb->prefix . "cff_sources";
136	+ $wpdb->query( "ALTER TABLE $sources_table_name MODIFY access_token varchar(1000) NOT NULL default ''" );
137	+
138	+ $this->encrypt_json_in_cff_facebook_posts();
139	+ $this->encrypt_sources_access_token();
140	+ $this->encrypt_cff_backup_cache();
141	+ $this->encrypt_cff_group_cache();
142	+ $this->remove_access_token_from_feeds();
143	+ $this->delete_transient_backup_data();
144	+ $this->encrypt_cff_legacy_feed();
145	+ $this->encrypt_oembed();
146	+ }
147	+
148	+
149	+ /**
150	+ * Encrypt a set of 50 posts if this has been attempted
151	+ * less than 30 times.
152	+ *
153	+ * @since 4.1
154	+ */
155	+ public function encrypt_json_in_cff_facebook_posts() {
156	+ $statuses = $this->get_statuses();
157	+ // if this hasn't been updated in the last hour
158	+ if ( $statuses['num_db_updates'] > 30 ) {
159	+ return;
160	+ }
161	+
162	+ $statuses['num_db_updates'] = $statuses['num_db_updates'] + 1;
163	+ $this->update_statuses( $statuses );
164	+
165	+ global $wpdb;
166	+ $encryption = new SB_Facebook_Data_Encryption();
167	+ $table_name = $wpdb->prefix . CFF_POSTS_TABLE;
168	+ $feeds_posts_table_name = esc_sql( $wpdb->prefix . CFF_FEEDS_POSTS_TABLE );
169	+
170	+ $plaintext_posts = array();
171	+
172	+ if ( empty( $plaintext_posts ) ) {
173	+ $statuses['num_db_updates'] = 31;
174	+ $this->update_statuses( $statuses );
175	+ }
176	+
177	+ foreach ( $plaintext_posts as $post ) {
178	+ $json_data = $encryption->encrypt( $post['json_data'] );
179	+ $updated = $wpdb->query( $wpdb->prepare(
180	+ "UPDATE $table_name as p
181	+ INNER JOIN $feeds_posts_table_name AS f ON p.id = f.id
182	+ SET p.json_data = %s
183	+ WHERE p.id = %d;", $json_data, $post['id'] ) );
184	+ }
185	+ }
186	+
187	+
188	+ /**
189	+ * Encrypt sources Access tokens
190	+ *
191	+ * @since 4.1
192	+ */
193	+ public function encrypt_sources_access_token() {
194	+ global $wpdb;
195	+ $encryption = new SB_Facebook_Data_Encryption();
196	+ $sources_table_name = $wpdb->prefix . 'cff_sources';
197	+
198	+ $sources_list = $wpdb->get_results( "SELECT * FROM $sources_table_name;", ARRAY_A );
199	+ foreach ( $sources_list as $source ) {
200	+ $access_token = $encryption->maybe_encrypt( $source['access_token'] );
201	+ $info = $encryption->maybe_encrypt( $source['info'] );
202	+
203	+ $updated = $wpdb->query( $wpdb->prepare(
204	+ "UPDATE $sources_table_name as s
205	+ SET s.access_token = %s,
206	+ s.info = %s,
207	+ s.last_updated = %s
208	+ WHERE s.id = %d;", $access_token, $info, date( 'Y-m-d H:i:s' ), $source['id'] ) );
209	+ }
210	+ }
211	+
212	+ /**
213	+ * Encrypt a Backup Cache Data
214	+ *
215	+ * @since 4.1
216	+ */
217	+ public function encrypt_cff_backup_cache() {
218	+ global $wpdb;
219	+ $encryption = new SB_Facebook_Data_Encryption();
220	+ $feed_cache_table_name = $wpdb->prefix . 'cff_feed_caches';
221	+
222	+
223	+ $feed_caches = $wpdb->get_results(
224	+ "SELECT * FROM $feed_cache_table_name as p
225	+ WHERE p.cache_value LIKE '%{%';
226	+ ", ARRAY_A );
227	+
228	+ if ( empty( $feed_caches ) ) {
229	+ $statuses['num_db_updates'] = 31;
230	+ $this->update_statuses( $statuses );
231	+ }
232	+
233	+ foreach ( $feed_caches as $cache ) {
234	+ $cache_value = $encryption->encrypt( $cache['cache_value'] );
235	+ $updated = $wpdb->query( $wpdb->prepare(
236	+ "UPDATE $feed_cache_table_name as p
237	+ SET p.cache_value = %s
238	+ WHERE p.id = %d;", $cache_value, $cache['id'] ) );
239	+ }
240	+ }
241	+
242	+ /**
243	+ * Update Group Posts Persistent Cache
244	+ *
245	+ * @throws Exception
246	+ *
247	+ * @since 4.1
248	+ */
249	+ public function encrypt_cff_group_cache(){
250	+ global $wpdb;
251	+ $encryption = new SB_Facebook_Data_Encryption();
252	+ $table_name = $wpdb->prefix . "options";
253	+ $persistent_groups = $wpdb->get_results( "
254	+ SELECT *
255	+ FROM $table_name
256	+ WHERE `option_name` LIKE ('%!cff\_group\_%')
257	+ " );
258	+
259	+ foreach ($persistent_groups as $group) {
260	+ $cache_value = $encryption->maybe_encrypt( $group->option_value );
261	+ $updated = $wpdb->query( $wpdb->prepare(
262	+ "UPDATE $table_name as gp
263	+ SET gp.option_value = %s
264	+ WHERE gp.option_id = %d;", $cache_value, $group->option_id ) );
265	+
266	+ }
267	+ }
268	+
269	+ public function encrypt_oembed() {
270	+ $cff_oembed_data = get_option( 'cff_oembed_token' );
271	+ $sbi_oembed_data = get_option( 'sbi_oembed_token' );
272	+
273	+ if ( empty( $cff_oembed_data['access_token'] ) && empty( $sbi_oembed_data['access_token'] ) ) {
274	+ return;
275	+ }
276	+
277	+ $encryption = new SB_Facebook_Data_Encryption();
278	+ if ( isset( $cff_oembed_data['access_token'] ) && ! $encryption->decrypt( $cff_oembed_data['access_token'] ) ) {
279	+ $cff_oembed_data['access_token'] = $encryption->encrypt( $cff_oembed_data['access_token'] );
280	+ }
281	+
282	+ if ( isset( $sbi_oembed_data['access_token'] ) && ! $encryption->decrypt( $sbi_oembed_data['access_token'] ) ) {
283	+ $sbi_oembed_data['access_token'] = $encryption->encrypt( $sbi_oembed_data['access_token'] );
284	+ }
285	+
286	+ update_option( 'cff_oembed_token', $cff_oembed_data );
287	+ update_option( 'sbi_oembed_token', $sbi_oembed_data );
288	+ }
289	+
290	+ /**
291	+ * Update Group Posts Persistent Cache
292	+ *
293	+ * @throws Exception
294	+ *
295	+ * @since 4.1
296	+ */
297	+ public function encrypt_cff_legacy_feed(){
298	+ global $wpdb;
299	+ $encryption = new SB_Facebook_Data_Encryption();
300	+ $table_name = $wpdb->prefix . "options";
301	+ $legacyfeed = $wpdb->get_results( "
302	+ SELECT *
303	+ FROM $table_name
304	+ WHERE `option_name` LIKE 'cff_legacy_feed_settings'
305	+ " );
306	+
307	+ foreach ($legacyfeed as $legacy) {
308	+ $cache_value = $encryption->maybe_encrypt( $legacy->option_value );
309	+ $updated = $wpdb->query( $wpdb->prepare(
310	+ "UPDATE $table_name as gp
311	+ SET gp.option_value = %s
312	+ WHERE gp.option_id = %d;", $cache_value, $legacy->option_id ) );
313	+
314	+ }
315	+ }
316	+
317	+ /**
318	+ * Update Feeds Table & Remove the Access Token from the Settings
319	+ *
320	+ * @throws Exception
321	+ *
322	+ * @since 4.1
323	+ */
324	+ public function remove_access_token_from_feeds() {
325	+ global $wpdb;
326	+ $feeds_table_name = $wpdb->prefix . 'cff_feeds';
327	+ $feeds_list = $wpdb->get_results(
328	+ "SELECT * FROM $feeds_table_name", ARRAY_A );
329	+
330	+ foreach ( $feeds_list as $feed ) {
331	+ $settings = json_decode( $feed['settings'], true );
332	+ unset($settings['accesstoken']);
333	+
334	+ $settings = json_encode( $settings );
335	+
336	+ $updated = $wpdb->query( $wpdb->prepare(
337	+ "UPDATE $feeds_table_name as f
338	+ SET f.settings = %s
339	+ WHERE f.id = %d;", $settings, $feed['id'] ) );
340	+ }
341	+ }
342	+
343	+ /**
344	+ * Data manager statuses
345	+ *
346	+ * @return array
347	+ *
348	+ * @since 4.1
349	+ */
350	+ public function get_statuses() {
351	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
352	+
353	+ $return = isset( $cff_statuses_option['data_manager'] ) ? $cff_statuses_option['data_manager'] : $this->defaults();
354	+ return $return;
355	+ }
356	+
357	+
358	+ /**
359	+ * Delete Backup data
360	+ *
361	+ * @since 4.1
362	+ */
363	+ public function delete_transient_backup_data( $processDeleteGroup = false ){
364	+ global $wpdb;
365	+ $table_name = $wpdb->prefix . "options";
366	+ $wpdb->query( "
367	+ DELETE
368	+ FROM $table_name
369	+ WHERE `option_name` LIKE ('%\_transient\_cff\_%')
370	+ " );
371	+ $wpdb->query( "
372	+ DELETE
373	+ FROM $table_name
374	+ WHERE `option_name` LIKE ('%\_transient\_!cff\_%')
375	+ " );
376	+ $wpdb->query( "
377	+ DELETE
378	+ FROM $table_name
379	+ WHERE `option_name` LIKE ('%\_transient\_cff\_ej\_%')
380	+ " );
381	+ $wpdb->query( "
382	+ DELETE
383	+ FROM $table_name
384	+ WHERE `option_name` LIKE ('%\_transient\_cff\_tle\_%')
385	+ " );
386	+ $wpdb->query( "
387	+ DELETE
388	+ FROM $table_name
389	+ WHERE `option_name` LIKE ('%\_transient\_cff\_album\_%')
390	+ " );
391	+ $wpdb->query( "
392	+ DELETE
393	+ FROM $table_name
394	+ WHERE `option_name` LIKE ('%\_transient\_timeout\_cff\_%')
395	+ " );
396	+ $wpdb->query( "
397	+ DELETE
398	+ FROM $table_name
399	+ WHERE `option_name` LIKE ('%\_transient\_timeout\_!cff\_%')
400	+ " );
401	+ $wpdb->query( "
402	+ DELETE
403	+ FROM $table_name
404	+ WHERE `option_name` LIKE ('%cff\_backup\_%')
405	+ " );
406	+
407	+ if( $processDeleteGroup === true){
408	+ $wpdb->query( "
409	+ DELETE
410	+ FROM $table_name
411	+ WHERE `option_name` LIKE ('%!cff\_group\_%')
412	+ " );
413	+ $wpdb->query( "
414	+ DELETE
415	+ FROM $table_name
416	+ WHERE `option_name` LIKE 'cff_connected_accounts'
417	+ " );
418	+ $wpdb->query( "
419	+ DELETE
420	+ FROM $table_name
421	+ WHERE `option_name` LIKE 'cff_access_token'
422	+ " );
423	+ $wpdb->query( "
424	+ DELETE
425	+ FROM $table_name
426	+ WHERE `option_name` LIKE 'cff_oembed_token'
427	+ " );
428	+ }
429	+ }
430	+
431	+ /**
432	+ * Update data manager status
433	+ *
434	+ * @param array $statuses
435	+ *
436	+ * @since 4.1
437	+ */
438	+ public function update_statuses( $statuses ) {
439	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
440	+ $cff_statuses_option['data_manager'] = $statuses;
441	+
442	+ update_option( 'cff_statuses', $cff_statuses_option );
443	+ }
444	+
445	+ /**
446	+ * Reset the data manager
447	+ *
448	+ * @since 4.1
449	+ */
450	+ public function reset() {
451	+ $cff_statuses_option = get_option( 'cff_statuses', array() );
452	+ $cff_statuses_option['data_manager'] = $this->defaults();
453	+
454	+ update_option( 'cff_statuses', $cff_statuses_option );
455	+ }
456	+
457	+ /**
458	+ * Default values for manager
459	+ *
460	+ * @return array
461	+ *
462	+ * @since 4.1
463	+ */
464	+ public function defaults() {
465	+ return array(
466	+ 'last_used' => cff_get_current_time() - DAY_IN_SECONDS,
467	+ 'num_db_updates' => 0
468	+ );
469	+ }
470	+
471	+ /**
472	+ * Encrypt using Smash Balloon's support key and salt
473	+ *
474	+ * @param string $encrypted_value
475	+ *
476	+ * @return bool\|string
477	+ *
478	+ * @since 2.9.4/5.12.4
479	+ */
480	+ public function remote_encrypt( $encrypted_value ) {
481	+ $local_encrypt = new SB_Facebook_Data_Encryption();
482	+ $raw_value = $local_encrypt->decrypt( $encrypted_value );
483	+ if ( $this->key_salt === null ) {
484	+ $url = 'https://secure.smashballoon.com/';
485	+ $args = array(
486	+ 'timeout' => 20
487	+ );
488	+ if ( version_compare( get_bloginfo( 'version' ), '3.7' , '<' ) ) {
489	+ $args['sslverify'] = false;
490	+ }
491	+ $response = wp_remote_get( $url, $args );
492	+
493	+ if ( ! is_wp_error( $response ) ) {
494	+ $this->key_salt = $response['body'];
495	+ }
496	+ }
497	+
498	+ $key = substr( $this->key_salt, 0, 64 );
499	+ $salt = substr( $this->key_salt, 64, 64 );
500	+
501	+ $args = array(
502	+ 'key' => $key,
503	+ 'salt' => $salt
504	+ );
505	+
506	+ $remote_encrypt = new SB_Facebook_Data_Encryption( $args );
507	+
508	+ return $remote_encrypt->encrypt( $raw_value );
509	+ }
510	+
511	+ public function remote_decrypt( $encrypted_value ) {
512	+ if ( $this->key_salt === null ) {
513	+ $url = 'https://secure.smashballoon.com/';
514	+ $args = array(
515	+ 'timeout' => 20
516	+ );
517	+ if ( version_compare( get_bloginfo( 'version' ), '3.7' , '<' ) ) {
518	+ $args['sslverify'] = false;
519	+ }
520	+ $response = wp_remote_get( $url, $args );
521	+
522	+ if ( ! is_wp_error( $response ) ) {
523	+ $this->key_salt = $response['body'];
524	+ }
525	+ }
526	+
527	+ $key = substr( $this->key_salt, 0, 64 );
528	+ $salt = substr( $this->key_salt, 64, 64 );
529	+
530	+ $args = array(
531	+ 'key' => $key,
532	+ 'salt' => $salt
533	+ );
534	+
535	+ $remote_encrypt = new SB_Facebook_Data_Encryption( $args );
536	+
537	+ return $remote_encrypt->decrypt( $encrypted_value );
538	+ }
539	+ }