Version Description
Download this release
Release Info
| Developer | slickremix |
| Plugin |  Feed Them Social – Facebook, Instagram, Twitter, YouTube, Pinterest |
| Version | 2.5.2.1 |
| Comparing to | |
| See all releases | |
Code changes from version 2.5.2 to 2.5.2.1
- feed-them.php +4 -4
- includes/feed-them-functions.php +10 -15
- readme.txt +3 -3
feed-them.php
CHANGED
|
@@ -7,18 +7,18 @@
|
|
| 7 |
* Plugin Name: Feed Them Social (Facebook, Instagram, Twitter, etc)
|
| 8 |
* Plugin URI: https://feedthemsocial.com/
|
| 9 |
* Description: Customize feeds for Facebook Pages, Album Photos, Videos & Covers, Instagram, Twitter, Pinterest & YouTube on pages, posts or widgets.
|
| 10 |
-
* Version: 2.5.2
|
| 11 |
* Author: SlickRemix
|
| 12 |
* Author URI: https://www.slickremix.com/
|
| 13 |
* Text Domain: feed-them-social
|
| 14 |
* Domain Path: /languages
|
| 15 |
* Requires at least: wordpress 4.0.0
|
| 16 |
* Tested up to: WordPress 4.9.8
|
| 17 |
-
* Stable tag: 2.5.2
|
| 18 |
* License: GPLv2 or later
|
| 19 |
* License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
| 20 |
*
|
| 21 |
-
* @version 2.5.2
|
| 22 |
* @package FeedThemSocial/Core
|
| 23 |
* @copyright Copyright (c) 2012-2018 SlickRemix
|
| 24 |
*
|
|
@@ -27,7 +27,7 @@
|
|
| 27 |
*/
|
| 28 |
|
| 29 |
// Makes sure any js or css changes are reloaded properly. Added to enqued css and js files throughout
|
| 30 |
-
define('FTS_CURRENT_VERSION', '2.5.2');
|
| 31 |
|
| 32 |
final class Feed_Them_Social {
|
| 33 |
|
| 7 |
* Plugin Name: Feed Them Social (Facebook, Instagram, Twitter, etc)
|
| 8 |
* Plugin URI: https://feedthemsocial.com/
|
| 9 |
* Description: Customize feeds for Facebook Pages, Album Photos, Videos & Covers, Instagram, Twitter, Pinterest & YouTube on pages, posts or widgets.
|
| 10 |
+
* Version: 2.5.2.1
|
| 11 |
* Author: SlickRemix
|
| 12 |
* Author URI: https://www.slickremix.com/
|
| 13 |
* Text Domain: feed-them-social
|
| 14 |
* Domain Path: /languages
|
| 15 |
* Requires at least: wordpress 4.0.0
|
| 16 |
* Tested up to: WordPress 4.9.8
|
| 17 |
+
* Stable tag: 2.5.2.1
|
| 18 |
* License: GPLv2 or later
|
| 19 |
* License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
| 20 |
*
|
| 21 |
+
* @version 2.5.2.1
|
| 22 |
* @package FeedThemSocial/Core
|
| 23 |
* @copyright Copyright (c) 2012-2018 SlickRemix
|
| 24 |
*
|
| 27 |
*/
|
| 28 |
|
| 29 |
// Makes sure any js or css changes are reloaded properly. Added to enqued css and js files throughout
|
| 30 |
+
define('FTS_CURRENT_VERSION', '2.5.2.1');
|
| 31 |
|
| 32 |
final class Feed_Them_Social {
|
| 33 |
|
includes/feed-them-functions.php
CHANGED
|
@@ -181,18 +181,18 @@ class feed_them_social_functions
|
|
| 181 |
|
| 182 |
//Make sure it's not ajaxing
|
| 183 |
if (!isset($_GET['load_more_ajaxing'])) {
|
| 184 |
-
$_REQUEST['fts_dynamic_name'] =
|
| 185 |
} //End make sure it's not ajaxing
|
| 186 |
|
| 187 |
ob_start();
|
| 188 |
|
| 189 |
if(!isset($_GET['locations'])){
|
| 190 |
-
$fb_token_response = isset($_REQUEST['next_url']) ? wp_remote_fopen($_REQUEST['next_url']) : wp_remote_fopen('https://graph.facebook.com/me/accounts?fields=locations{name,id,page_username,locations,store_number,store_location_descriptor,access_token},name,id,link,access_token&access_token=' . $_GET['access_token'] . '&limit=
|
| 191 |
$test_fb_app_token_response = json_decode($fb_token_response);
|
| 192 |
-
$_REQUEST['next_url'] = isset($test_fb_app_token_response->paging->next) ? $test_fb_app_token_response->paging->next : '';
|
| 193 |
}
|
| 194 |
else{
|
| 195 |
-
$fb_token_response = isset($_REQUEST['next_location_url']) ? wp_remote_fopen($_REQUEST['next_location_url']) : '';
|
| 196 |
$test_fb_app_token_response = json_decode($fb_token_response);
|
| 197 |
}
|
| 198 |
|
|
@@ -243,7 +243,7 @@ class feed_them_social_functions
|
|
| 243 |
<div class="fts-clear"></div>
|
| 244 |
</div>
|
| 245 |
<?php
|
| 246 |
-
$_REQUEST['next_location_url'] = isset($data->locations->paging->next) ? $data->locations->paging->next : '';
|
| 247 |
$remove_class_or_not = isset($data->locations->paging->next) ? 'fb-sublist-page-id-' . $data->id : '';
|
| 248 |
if(isset($data->locations->data)){
|
| 249 |
$location_count = count($data->locations->data);
|
|
@@ -292,7 +292,7 @@ class feed_them_social_functions
|
|
| 292 |
if (!isset($_GET['locations'])) {
|
| 293 |
$time = time();
|
| 294 |
$nonce = wp_create_nonce($time . "load-more-nonce");
|
| 295 |
-
$fbPageID = $data->id;
|
| 296 |
?>
|
| 297 |
<script>
|
| 298 |
jQuery(document).ready(function () {
|
|
@@ -350,7 +350,7 @@ class feed_them_social_functions
|
|
| 350 |
</script>
|
| 351 |
<?php
|
| 352 |
} //END Make sure it's not ajaxing locations ?>
|
| 353 |
-
<script>var nextURL_location_<?php echo $fbPageID; ?>= "<?php echo isset($data->locations->paging->next) ? $data->locations->paging->next : ''?>";</script>
|
| 354 |
<?php } ?>
|
| 355 |
</li>
|
| 356 |
|
|
@@ -365,7 +365,7 @@ class feed_them_social_functions
|
|
| 365 |
|
| 366 |
//Make sure it's not ajaxing
|
| 367 |
if (!isset($_GET['load_more_ajaxing']) && !isset($_GET['locations'])) {
|
| 368 |
-
$fts_dynamic_name = $_REQUEST['fts_dynamic_name'];
|
| 369 |
$time = time();
|
| 370 |
$nonce = wp_create_nonce($time . "load-more-nonce");
|
| 371 |
?>
|
|
@@ -422,7 +422,7 @@ class feed_them_social_functions
|
|
| 422 |
?>
|
| 423 |
<script>
|
| 424 |
<?php if(!isset($_GET['locations'])) {?>
|
| 425 |
-
var nextURL_<?php echo $_REQUEST['fts_dynamic_name']; ?>= "<?php echo $_REQUEST['next_url']; ?>";
|
| 426 |
// alert('nextURL_<?php echo $_REQUEST['fts_dynamic_name']; ?>');
|
| 427 |
<?php } ?>
|
| 428 |
|
|
@@ -472,12 +472,7 @@ class feed_them_social_functions
|
|
| 472 |
<?php
|
| 473 |
//Make sure it's not ajaxing
|
| 474 |
if (!isset($_GET['load_more_ajaxing']) && isset($test_fb_app_token_response->paging->next) && !isset($_GET['locations'])) {
|
| 475 |
-
$fts_dynamic_name = $_REQUEST['fts_dynamic_name'];
|
| 476 |
-
// this div returns outputs our ajax request via jquery append html from above
|
| 477 |
-
|
| 478 |
-
print '<div class="fts-clear"></div>';
|
| 479 |
-
print '<div id="output_' . $fts_dynamic_name . '" class="fts-hide"></div>';
|
| 480 |
-
|
| 481 |
print '<div class="fts-clear"></div>';
|
| 482 |
|
| 483 |
// print '<div class="fts-fb-load-more-wrapper">';
|
| 181 |
|
| 182 |
//Make sure it's not ajaxing
|
| 183 |
if (!isset($_GET['load_more_ajaxing'])) {
|
| 184 |
+
$_REQUEST['fts_dynamic_name'] = sanitize_key($this->feed_them_social_rand_string());
|
| 185 |
} //End make sure it's not ajaxing
|
| 186 |
|
| 187 |
ob_start();
|
| 188 |
|
| 189 |
if(!isset($_GET['locations'])){
|
| 190 |
+
$fb_token_response = isset($_REQUEST['next_url']) ? wp_remote_fopen(esc_url_raw($_REQUEST['next_url'])) : wp_remote_fopen('https://graph.facebook.com/me/accounts?fields=locations{name,id,page_username,locations,store_number,store_location_descriptor,access_token},name,id,link,access_token&access_token=' . $_GET['access_token'] . '&limit=25');
|
| 191 |
$test_fb_app_token_response = json_decode($fb_token_response);
|
| 192 |
+
$_REQUEST['next_url'] = isset($test_fb_app_token_response->paging->next) ? esc_url_raw($test_fb_app_token_response->paging->next) : '';
|
| 193 |
}
|
| 194 |
else{
|
| 195 |
+
$fb_token_response = isset($_REQUEST['next_location_url']) ? wp_remote_fopen(esc_url_raw($_REQUEST['next_location_url'])) : '';
|
| 196 |
$test_fb_app_token_response = json_decode($fb_token_response);
|
| 197 |
}
|
| 198 |
|
| 243 |
<div class="fts-clear"></div>
|
| 244 |
</div>
|
| 245 |
<?php
|
| 246 |
+
$_REQUEST['next_location_url'] = isset($data->locations->paging->next) ? esc_url_raw($data->locations->paging->next) : '';
|
| 247 |
$remove_class_or_not = isset($data->locations->paging->next) ? 'fb-sublist-page-id-' . $data->id : '';
|
| 248 |
if(isset($data->locations->data)){
|
| 249 |
$location_count = count($data->locations->data);
|
| 292 |
if (!isset($_GET['locations'])) {
|
| 293 |
$time = time();
|
| 294 |
$nonce = wp_create_nonce($time . "load-more-nonce");
|
| 295 |
+
$fbPageID = sanitize_key($data->id);
|
| 296 |
?>
|
| 297 |
<script>
|
| 298 |
jQuery(document).ready(function () {
|
| 350 |
</script>
|
| 351 |
<?php
|
| 352 |
} //END Make sure it's not ajaxing locations ?>
|
| 353 |
+
<script>var nextURL_location_<?php echo $fbPageID; ?>= "<?php echo isset($data->locations->paging->next) ? esc_url_raw($data->locations->paging->next) : ''?>";</script>
|
| 354 |
<?php } ?>
|
| 355 |
</li>
|
| 356 |
|
| 365 |
|
| 366 |
//Make sure it's not ajaxing
|
| 367 |
if (!isset($_GET['load_more_ajaxing']) && !isset($_GET['locations'])) {
|
| 368 |
+
$fts_dynamic_name = sanitize_key($_REQUEST['fts_dynamic_name']);
|
| 369 |
$time = time();
|
| 370 |
$nonce = wp_create_nonce($time . "load-more-nonce");
|
| 371 |
?>
|
| 422 |
?>
|
| 423 |
<script>
|
| 424 |
<?php if(!isset($_GET['locations'])) {?>
|
| 425 |
+
var nextURL_<?php echo $_REQUEST['fts_dynamic_name']; ?>= "<?php echo esc_url_raw($_REQUEST['next_url']); ?>";
|
| 426 |
// alert('nextURL_<?php echo $_REQUEST['fts_dynamic_name']; ?>');
|
| 427 |
<?php } ?>
|
| 428 |
|
| 472 |
<?php
|
| 473 |
//Make sure it's not ajaxing
|
| 474 |
if (!isset($_GET['load_more_ajaxing']) && isset($test_fb_app_token_response->paging->next) && !isset($_GET['locations'])) {
|
| 475 |
+
$fts_dynamic_name = sanitize_key($_REQUEST['fts_dynamic_name']);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 476 |
print '<div class="fts-clear"></div>';
|
| 477 |
|
| 478 |
// print '<div class="fts-fb-load-more-wrapper">';
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: slickremix
|
|
| 3 |
Tags: Facebook, Instagram, Twitter, YouTube, Feed
|
| 4 |
Requires at least: 3.6.0
|
| 5 |
Tested up to: 4.9.8
|
| 6 |
-
Stable tag: 2.5.2
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Custom feeds for Facebook Pages, Album Photos, Videos & Covers, Instagram, Twitter, Pinterest & YouTube on pages, posts or widgets.
|
|
@@ -76,8 +76,8 @@ Feed Them Social was Developed By SlickRemix --> [https://www.slickremix.com/](h
|
|
| 76 |
* Log into WordPress dashboard then click **Plugins** > **Add new** > Then under the title "Install Plugins" click **Upload** > **choose the zip** > **Activate the plugin!**
|
| 77 |
|
| 78 |
== Changelog ==
|
| 79 |
-
= Version 2.5.2
|
| 80 |
-
* FIX: Facebook Options: Additional check to make sure the next url does not contain malicious code.
|
| 81 |
|
| 82 |
= Version 2.5.1 Friday, September 21st, 2018 =
|
| 83 |
* NEW: Facebook Options: If you have Location pages you can get an access token for each one now when clicking the get access token button on the Facebook Options page of our plugin.
|
| 3 |
Tags: Facebook, Instagram, Twitter, YouTube, Feed
|
| 4 |
Requires at least: 3.6.0
|
| 5 |
Tested up to: 4.9.8
|
| 6 |
+
Stable tag: 2.5.2.1
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Custom feeds for Facebook Pages, Album Photos, Videos & Covers, Instagram, Twitter, Pinterest & YouTube on pages, posts or widgets.
|
| 76 |
* Log into WordPress dashboard then click **Plugins** > **Add new** > Then under the title "Install Plugins" click **Upload** > **choose the zip** > **Activate the plugin!**
|
| 77 |
|
| 78 |
== Changelog ==
|
| 79 |
+
= Version 2.5.2.1 Friday, September 28th, 2018 =
|
| 80 |
+
* FIX: Facebook Options: Additional check to make sure the next url does not contain malicious code and sanitize the dynamic name passed through ajax.
|
| 81 |
|
| 82 |
= Version 2.5.1 Friday, September 21st, 2018 =
|
| 83 |
* NEW: Facebook Options: If you have Location pages you can get an access token for each one now when clicking the get access token button on the Facebook Options page of our plugin.
|
