Easy Social Icons - Version 3.2.3

Version Description

fix / update security issue

Release Info

Developer	cybernetikz
Plugin	Easy Social Icons
Version	3.2.3
Comparing to
See all releases

Code changes from version 3.2.2 to 3.2.3

Files changed (2) hide show

easy-social-icons.php +35 -61
readme.txt +5 -2

easy-social-icons.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Easy Social Icons
4	Plugin URI: http://www.cybernetikz.com
5	Description: You can upload your own social icon, set your social URL, choose weather you want to display vertical or horizontal. You can use the shortcode <strong>[cn-social-icon]</strong> in page/post, template tag for php file <strong><?php if ( function_exists('cn_social_icon') ) echo cn_social_icon(); ?></strong> also you can use the widget <strong>"Easy Social Icons"</strong> for sidebar.
6	- Version: 3.2.2
7	Author: cybernetikz
8	Author URI: http://www.cybernetikz.com
9	License: GPL2
	@@ -35,12 +35,16 @@ function cnss_delete_icon()
35	{
36	global $wpdb,$err,$msg,$cnssBaseDir;
37	if (isset($_GET['cnss-delete'])) {




38	if ($_GET['id'] != '' && wp_verify_nonce($_GET['_wpnonce'], 'cnss_delete_icon'))
39	{
40	$table_name = $wpdb->prefix . "cn_social_icon";
41	$image_file_path = $cnssBaseDir;
42	- $wpdb->delete( $table_name, array( 'id' => $_GET['id'] ), array( '%d' ) );
43	- $msg = "Delete Successful !"~~."<br />"~~;
44	}
45	}
46	}
	@@ -231,43 +235,9 @@ function cnss_original_icon_color_fn($value) {
231	return $value==''?'0':$value;
232	}
233
234	- function ~~jsEscape~~($~~str~~) {
235	- ~~$output = '';~~
236	- ~~$str~~ = ~~str_split(~~$~~str~~);
237	- for($i=0;$i<count($str);$i++) {
238	- $chrNum = ord($str[$i]);
239	- $chr = $str[$i];
240	- if($chrNum === 226) {
241	- if(isset($str[$i+1]) && ord($str[$i+1]) === 128) {
242	- if(isset($str[$i+2]) && ord($str[$i+2]) === 168) {
243	- $output .= '\u2028';
244	- $i += 2;
245	- continue;
246	- }
247	- if(isset($str[$i+2]) && ord($str[$i+2]) === 169) {
248	- $output .= '\u2029';
249	- $i += 2;
250	- continue;
251	- }
252	- }
253	- }
254	- switch($chr) {
255	- case "'":
256	- case '"':
257	- case "\n";
258	- case "\r";
259	- case "&";
260	- case "\\";
261	- case "<":
262	- case ">":
263	- $output .= sprintf("\\u%04x", $chrNum);
264	- break;
265	- default:
266	- $output .= $str[$i];
267	- break;
268	- }
269	- }
270	- return $output;
271	}
272
273	function cnss_social_icon_option_fn() {
	@@ -459,8 +429,8 @@ function cnss_social_icon_option_fn() {
459	}
460	if( isset($_POST['_selected_icons']) ) {
461	if(is_array($_POST['_selected_icons'])) {
462	- $ids = implode(',', $_POST['_selected_icons']);
463	- $shortcode .= ' selected_icons="'~~.sanitize_text_field($~~ids) .'"';
464	}
465	}
466	}
	@@ -520,7 +490,7 @@ function cnss_social_icon_option_fn() {
520	</tr>
521	</table>
522	<p></p>
523	- <?php echo cnss_social_icon_sc( isset($_POST['_selected_icons']) ? $_POST['_selected_icons'] : array() ); ?>
524	<p><label><?php _e( 'Select Social Icons:' ); ?></label> <em>(If select none all icons will be displayed)</em></p>
525	<p>
526	<input type="submit" class="button-primary" value="<?php _e('Generate Shortcode') ?>" />
	@@ -642,9 +612,9 @@ function cnss_process_post() {
642	);
643
644	if (!$results)
645	- $err .= "Fail to update database" ~~. "<br />"~~;
646	else
647	- $msg .= "Update successful !" ~~. "<br />"~~;
648	}
649	/*
650	$allSocialMediaIcons = array('500px','amazon','android','angellist','apple','bandcamp','behance','behance-square','bitbucket','bluetooth','cc-amex','cc-mastercard','cc-paypal','cc-stripe','cc-visa','codepen','css3','delicious','deviantart','digg','dribbble ','dropbox','drupal','edge ','etsy','expeditedssl','facebook','facebook-f','facebook-official','facebook-square','firefox','flickr','forumbee ','foursquare','free-code-camp','get-pocket','git ','git-square ','github ','github-square ','gitlab','google ','google-plus','google-plus-circle','google-plus-official','google-plus-square','google-wallet','gratipay','hacker-news','houzz','html5','imdb','instagram','internet-explorer','joomla','lastfm','linkedin','linkedin-square','linux','maxcdn ','medium ','meetup','odnoklassniki','opera','paypal','pinterest ','pinterest-p ','pinterest-square ','product-hunt','quora ','reddit ','rss ','scribd','skype','slack','slideshare ','snapchat','soundcloud','spotify','stack-exchange','stack-overflow','steam','stumbleupon','telegram','trello','tripadvisor','tumblr','tumblr-square','twitch','twitter','twitter-square','viadeo','vimeo ','vimeo-square ','vine ','wechat','whatsapp ','wikipedia-w','windows','wordpress ','xing','xing-square','yahoo','yelp','youtube','youtube-square');
	@@ -711,11 +681,11 @@ function cnss_process_post() {
711	);
712
713	if (false === $result3){
714	- $err .= "Update fails !"~~. "<br />"~~;
715	}
716	else
717	{
718	- $msg = "Update successful !"~~. "<br />"~~;
719	}
720	}
721
	@@ -798,17 +768,22 @@ function cnss_social_icon_sort_fn() {
798	function cnss_save_ajax_order() {
799	global $wpdb;
800	$table_name = $wpdb->prefix . "cn_social_icon";
801	- parse_str($_POST['order'], $data);
802	- if (is_array($data)) {
803	- ~~foreach($data as $key => $values )~~
804	- {
805	- if ( $key == ~~'item'~~ )
806	- {
807	- ~~foreach( $values as $position => $id )~~
808	- {
809	- ~~$wpdb->update~~( $~~table_name,~~ ~~array('sortorder'~~ => $position), ~~array('id'~~ => $id) );
810	- }
811	- }





812	}
813	}
814	}
	@@ -960,8 +935,8 @@ function cnss_social_icon_add_fn() {
960	<div class="wrap">
961	<?php echo cnss_esi_review_text(); ?>
962	<?php
963	- if($msg!='') echo '<div id="message" class="updated fade">'.$msg.'</div>';
964	- if($err!='') echo '<div id="message" class="error fade">'.$err.'</div>';
965	?>
966	<h2><?php echo $page_title;?></h2>
967	<div class="content_wrapper">
	@@ -1326,7 +1301,6 @@ function cn_social_icon($attr = array(), $call_from_widget = NULL) {
1326	}
1327
1328	function cnss_social_icon_sc( $selected_icons_array = array() ) {
1329	-
1330	global $wpdb,$cnssBaseURL;
1331
1332	$cnss_width = esc_attr(get_option('cnss-width'));


3	Plugin Name: Easy Social Icons
4	Plugin URI: http://www.cybernetikz.com
5	Description: You can upload your own social icon, set your social URL, choose weather you want to display vertical or horizontal. You can use the shortcode <strong>[cn-social-icon]</strong> in page/post, template tag for php file <strong><?php if ( function_exists('cn_social_icon') ) echo cn_social_icon(); ?></strong> also you can use the widget <strong>"Easy Social Icons"</strong> for sidebar.
6	+ Version: 3.2.3
7	Author: cybernetikz
8	Author URI: http://www.cybernetikz.com
9	License: GPL2

35	{
36	global $wpdb,$err,$msg,$cnssBaseDir;
37	if (isset($_GET['cnss-delete'])) {
38	+ if (! is_numeric($_GET['id'])) {
39	+ wp_die('Sequrity Issue.');
40	+ }
41	+
42	if ($_GET['id'] != '' && wp_verify_nonce($_GET['_wpnonce'], 'cnss_delete_icon'))
43	{
44	$table_name = $wpdb->prefix . "cn_social_icon";
45	$image_file_path = $cnssBaseDir;
46	+ $wpdb->delete( $table_name, array( 'id' => sanitize_text_field($_GET['id']) ), array( '%d' ) );
47	+ $msg = "Delete Successful !";
48	}
49	}
50	}

235	return $value==''?'0':$value;
236	}
237
238	+ function cnss_sanitize_array(array $arr)
239	+ {
240	+ return array_map('sanitize_text_field', $arr);


































241	}
242
243	function cnss_social_icon_option_fn() {

429	}
430	if( isset($_POST['_selected_icons']) ) {
431	if(is_array($_POST['_selected_icons'])) {
432	+ $ids = implode(',', cnss_sanitize_array($_POST['_selected_icons']));
433	+ $shortcode .= ' selected_icons="'.$ids.'"';
434	}
435	}
436	}

490	</tr>
491	</table>
492	<p></p>
493	+ <?php echo cnss_social_icon_sc( isset($_POST['_selected_icons']) ? cnss_sanitize_array($_POST['_selected_icons']) : array() ); ?>
494	<p><label><?php _e( 'Select Social Icons:' ); ?></label> <em>(If select none all icons will be displayed)</em></p>
495	<p>
496	<input type="submit" class="button-primary" value="<?php _e('Generate Shortcode') ?>" />

612	);
613
614	if (!$results)
615	+ $err .= "Fail to update database";
616	else
617	+ $msg .= "Update successful !";
618	}
619	/*
620	$allSocialMediaIcons = array('500px','amazon','android','angellist','apple','bandcamp','behance','behance-square','bitbucket','bluetooth','cc-amex','cc-mastercard','cc-paypal','cc-stripe','cc-visa','codepen','css3','delicious','deviantart','digg','dribbble ','dropbox','drupal','edge ','etsy','expeditedssl','facebook','facebook-f','facebook-official','facebook-square','firefox','flickr','forumbee ','foursquare','free-code-camp','get-pocket','git ','git-square ','github ','github-square ','gitlab','google ','google-plus','google-plus-circle','google-plus-official','google-plus-square','google-wallet','gratipay','hacker-news','houzz','html5','imdb','instagram','internet-explorer','joomla','lastfm','linkedin','linkedin-square','linux','maxcdn ','medium ','meetup','odnoklassniki','opera','paypal','pinterest ','pinterest-p ','pinterest-square ','product-hunt','quora ','reddit ','rss ','scribd','skype','slack','slideshare ','snapchat','soundcloud','spotify','stack-exchange','stack-overflow','steam','stumbleupon','telegram','trello','tripadvisor','tumblr','tumblr-square','twitch','twitter','twitter-square','viadeo','vimeo ','vimeo-square ','vine ','wechat','whatsapp ','wikipedia-w','windows','wordpress ','xing','xing-square','yahoo','yelp','youtube','youtube-square');

681	);
682
683	if (false === $result3){
684	+ $err .= "Update fails !";
685	}
686	else
687	{
688	+ $msg = "Update successful !";
689	}
690	}
691

768	function cnss_save_ajax_order() {
769	global $wpdb;
770	$table_name = $wpdb->prefix . "cn_social_icon";
771	+ parse_str(sanitize_text_field($_POST['order']), $data);
772	+ if (! is_array($data)) {
773	+ return;
774	+ }
775	+ foreach($data as $key => $values ) {
776	+ if ( $key != 'item' ) {
777	+ continue;
778	+ }
779	+ foreach( $values as $position => $id ) {
780	+ $wpdb->update(
781	+ $table_name,
782	+ array('sortorder' => $position),
783	+ array('id' => $id),
784	+ array('%d'),
785	+ array('%d')
786	+ );
787	}
788	}
789	}

935	<div class="wrap">
936	<?php echo cnss_esi_review_text(); ?>
937	<?php
938	+ if($msg!='') echo '<div id="message" class="updated fade">'.esc_html($msg).'</div>';
939	+ if($err!='') echo '<div id="message" class="error fade">'.esc_html($err).'</div>';
940	?>
941	<h2><?php echo $page_title;?></h2>
942	<div class="content_wrapper">

1301	}
1302
1303	function cnss_social_icon_sc( $selected_icons_array = array() ) {

1304	global $wpdb,$cnssBaseURL;
1305
1306	$cnss_width = esc_attr(get_option('cnss-width'));

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: cybernetikz
3	Donate link:
4	Tags: easy social icons, easy social icon, social icons, social share, follow us, custom social icons, social media icons
5	Requires at least: 3.5
6	- Tested up to: 5.9.2
7	- Stable tag: 3.2.2
8
9	Upload your own social media icons or choose from font-awesome. Use widget\|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.
10
	@@ -76,6 +76,9 @@ If you are using wordpress version lower than 3.5 please use Easy social Icon ve
76
77	== Changelog ==
78



79	= 3.2.2 =
80	* fix / update security issue
81


3	Donate link:
4	Tags: easy social icons, easy social icon, social icons, social share, follow us, custom social icons, social media icons
5	Requires at least: 3.5
6	+ Tested up to: 5.9.3
7	+ Stable tag: 3.2.3
8
9	Upload your own social media icons or choose from font-awesome. Use widget\|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.
10

76
77	== Changelog ==
78
79	+ = 3.2.3 =
80	+ * fix / update security issue
81	+
82	= 3.2.2 =
83	* fix / update security issue
84