Feed Them Social – Facebook, Instagram, Twitter, YouTube, Pinterest

Version Description

Release Info

Developer	slickremix
Plugin	Feed Them Social – Facebook, Instagram, Twitter, YouTube, Pinterest
Version	2.9.8.6
Comparing to
See all releases

Code changes from version 2.9.8.5 to 2.9.8.6

Files changed (4) hide show

feed-them.php +4 -4
feeds/twitter/class-fts-twitter-feed.php +6 -5
includes/feed-them-functions.php +48 -38
readme.txt +6 -1

feed-them.php CHANGED Viewed

	@@ -7,18 +7,18 @@
7	* Plugin Name: Feed Them Social - for Twitter feed, Youtube, and more
8	* Plugin URI: https://feedthemsocial.com/
9	* Description: Display a Custom Facebook feed, Instagram feed, Twitter feed and YouTube feed on pages, posts or widgets.
10	- * Version: 2.9.8.5
11	* Author: SlickRemix
12	* Author URI: https://www.slickremix.com/
13	* Text Domain: feed-them-social
14	* Domain Path: /languages
15	* Requires at least: WordPress 4.0.0
16	* Tested up to: WordPress 6.0
17	- * Stable tag: 2.9.8.5
18	* License: GPLv2 or later
19	* License URI: https://www.gnu.org/licenses/gpl-3.0.html
20	*
21	- * @version 2.9.8.5
22	* @package FeedThemSocial/Core
23	* @copyright Copyright (c) 2012-2022 SlickRemix
24	*
	@@ -31,7 +31,7 @@
31	*
32	* Makes sure any js or css changes are reloaded properly. Added to enqued css and js files throughout!
33	*/
34	- define( 'FTS_CURRENT_VERSION', '2.9.8.5' );
35
36	define( 'FEED_THEM_SOCIAL_NOTICE_STATUS', get_option( 'rating_fts_slick_notice', false ) );
37


7	* Plugin Name: Feed Them Social - for Twitter feed, Youtube, and more
8	* Plugin URI: https://feedthemsocial.com/
9	* Description: Display a Custom Facebook feed, Instagram feed, Twitter feed and YouTube feed on pages, posts or widgets.
10	+ * Version: 2.9.8.6
11	* Author: SlickRemix
12	* Author URI: https://www.slickremix.com/
13	* Text Domain: feed-them-social
14	* Domain Path: /languages
15	* Requires at least: WordPress 4.0.0
16	* Tested up to: WordPress 6.0
17	+ * Stable tag: 2.9.8.6
18	* License: GPLv2 or later
19	* License URI: https://www.gnu.org/licenses/gpl-3.0.html
20	*
21	+ * @version 2.9.8.6
22	* @package FeedThemSocial/Core
23	* @copyright Copyright (c) 2012-2022 SlickRemix
24	*

31	*
32	* Makes sure any js or css changes are reloaded properly. Added to enqued css and js files throughout!
33	*/
34	+ define( 'FTS_CURRENT_VERSION', '2.9.8.6' );
35
36	define( 'FEED_THEM_SOCIAL_NOTICE_STATUS', get_option( 'rating_fts_slick_notice', false ) );
37

feeds/twitter/class-fts-twitter-feed.php CHANGED Viewed

	@@ -247,9 +247,9 @@ class FTS_Twitter_Feed extends feed_them_social_functions {
247	exit( 'Sorry, You can\'t do that!' );
248	}
249
250	- $twitter_external_url = $_REQUEST['fts_url'];
251	- $no_video_image_check = $_REQUEST['fts_no_video_image'];
252	- $fts_popup = $_REQUEST['fts_popup'];
253
254	// echo ' test ';
255	// A regular user posted photo or video is not allowed to pass here.
	@@ -260,8 +260,9 @@ class FTS_Twitter_Feed extends feed_them_social_functions {
260	// 2. Site does not have Twitter info, so we can get the og:title, og:description, og:image
261	// If 1 or 2 are not found then we return nothing.
262
263	- // FYI sometimes get_meta_tags will not work because a website will block it's usage.
264	- $tags = get_meta_tags( $twitter_external_url );

265	// First try and us the get_meta_tags php function because this is quicker
266	// Otherwise we use preg_match to find what we need from the <meta properties"og:image" for example.
267	// More exceptions might need to be created but this is what's been done so far...


247	exit( 'Sorry, You can\'t do that!' );
248	}
249
250	+ $twitter_external_url = esc_url_raw( $_REQUEST['fts_url'] );
251	+ $no_video_image_check = esc_html( $_REQUEST['fts_no_video_image'] );
252	+ $fts_popup = esc_html( $_REQUEST['fts_popup'] );
253
254	// echo ' test ';
255	// A regular user posted photo or video is not allowed to pass here.

260	// 2. Site does not have Twitter info, so we can get the og:title, og:description, og:image
261	// If 1 or 2 are not found then we return nothing.
262
263	+ // FYI sometimes get_meta_tags will not work because a website/server will block it's usage.
264	+ $tags = '' !== $twitter_external_url ? get_meta_tags( $twitter_external_url ) : '';
265	+
266	// First try and us the get_meta_tags php function because this is quicker
267	// Otherwise we use preg_match to find what we need from the <meta properties"og:image" for example.
268	// More exceptions might need to be created but this is what's been done so far...

includes/feed-them-functions.php CHANGED Viewed

	@@ -1489,7 +1489,7 @@ class feed_them_social_functions {
1489	var js, fjs = d.getElementsByTagName(s)[0];
1490	if (d.getElementById(id)) return;
1491	js = d.createElement(s); js.id = id;
1492	- js.src = "//connect.facebook.net/' . esc_html( $language_option ) . '/sdk.js#xfbml=1&appId=&version=v3.1";
1493	fjs.parentNode.insertBefore(js, fjs);
1494	}(document, "script", "facebook-jssd"));</script>';
1495	$_POST['fts_facebook_script_loaded'] = 'yes';
	@@ -3541,58 +3541,61 @@ if ( ! empty( $youtube_loadmore_text_color ) ) {
3541	*/
3542	public function fts_refresh_token_ajax() {
3543
3544	- ~~$fts_refresh_token_nonce~~ = ~~wp_create_nonce(~~ ~~'fts_refresh_token_nonce'~~ );
3545	-
3546	- if ( ~~wp_verify_nonce( $fts_refresh_token_nonce~~, '~~fts_refresh_token_nonce~~' ) ~~) {~~
3547	-
3548	- if ( isset( $_REQUEST['button_pushed'] ) && 'yes' === $_REQUEST['button_pushed'] ) {
3549
3550	- ~~if(~~ ~~'youtube'~~ ~~=== $_REQUEST['feed']~~ ~~&& !empty( $_REQUEST['refresh_token'] ) ){~~
3551	- ~~update_option~~( '~~youtube_custom_refresh_token~~', sanitize_text_field( wp_unslash( $_REQUEST['~~refresh_token~~'] ) ) );


3552
3553	- }
3554	- if ( 'instagram' === $_REQUEST['feed'] && !empty( $_REQUEST['access_token'] ) ){
3555	- update_option( 'fts_instagram_custom_api_token', sanitize_text_field( wp_unslash( $_REQUEST['access_token'] ) ) );
3556	- }
3557	- }
3558	- if ( !empty( $_REQUEST['access_token'] ) ) {
3559
3560	- if( 'youtube' === $_REQUEST['feed'] ){
3561	- update_option( '~~youtube_custom_access_token~~', sanitize_text_field( wp_unslash( $_REQUEST['~~access_token~~'] ) ) );
3562
3563	- }
3564	- if ( 'instagram' === $_REQUEST['feed'] ){
3565	- update_option( 'fts_instagram_custom_api_token', sanitize_text_field( wp_unslash( $_REQUEST['access_token'] ) ) );
3566	- }
3567	- }

3568
3569	if( 'youtube' === $_REQUEST['feed'] ){

3570
3571	- $startoftime = isset( $_REQUEST['expires_in'] ) ? strtotime( '+' . $_REQUEST['expires_in'] . ' seconds' ) : '';
3572	- $start_of_time_final = false !== $startoftime ? sanitize_key( $startoftime ) : '';
3573	- update_option( 'youtube_custom_token_exp_time', sanitize_text_field( wp_unslash( $start_of_time_final ) ) );
3574	}




3575
3576	- if( '~~instagram~~' === $_REQUEST['feed'] ){
3577
3578	- $startoftime = isset( $_REQUEST['expires_in'] ) ? $_REQUEST['expires_in'] : '';
3579	- $start_of_time_final = false !== $startoftime ? sanitize_key( $startoftime ) : '';
3580	- update_option( '~~fts_instagram_custom_api_token_expires_in~~', sanitize_text_field( wp_unslash( $start_of_time_final ) ) );

3581
3582	- ~~echo~~ ~~wp_unslash(~~ $_REQUEST['~~expires_in~~'] );
3583	- echo '<br/>';
3584	- }
3585



3586
3587	- // ~~This~~ only happens if the token is expired on the YouTube Options page and you go to re-save or refresh the page for some reason. It will also run this function if the cache is emptied and the token is found to be expired.
3588	- if ( 'no' ~~=== $_REQUEST['button_pushed'] ) {~~
3589	- ~~echo 'Token Refreshed: ';~~
3590	- // $output .= do_shortcode('[fts _youtube vid_count=3 large_vid=no large_vid_title=no large_vid_description=no thumbs_play_in_iframe=popup vids_in_row=3 space_between_videos=1px force_columns=yes maxres_thumbnail_images=yes thumbs_wrap_color=#000 wrap=none video_wrap_display=none comments_count=12 channel_id=UCqhnX4jA0A5paNd1v-zEysw loadmore=button loadmore_count=5 loadmore_btn_maxwidth=300px loadmore_btn_margin=10px]');
3591	- }
3592	- }
3593
3594	- ~~echo~~ ~~wp_unslash(~~ ~~$_REQUEST['access_token']~~ );




3595

3596
3597	wp_die();
3598	}
	@@ -3655,10 +3658,15 @@ if ( ! empty( $youtube_loadmore_text_color ) ) {
3655	// use for testing in script below.
3656	//console.log( '<?php print_r($response['body']) ? >' );
3657



3658	?>
3659	<script>
3660	jQuery(document).ready(function () {
3661


3662
3663	jQuery.ajax({
3664	data: {
	@@ -3666,6 +3674,8 @@ if ( ! empty( $youtube_loadmore_text_color ) ) {
3666	access_token: '<?php echo esc_js( $encrypted_token ); ?>',
3667	expires_in: '<?php echo esc_js( $expires_in ); ?>',
3668	button_pushed: '<?php echo esc_js( $button_pushed ); ?>',


3669	feed: 'instagram'
3670	},
3671	type: 'POST',


1489	var js, fjs = d.getElementsByTagName(s)[0];
1490	if (d.getElementById(id)) return;
1491	js = d.createElement(s); js.id = id;
1492	+ js.src = "//connect.facebook.net/' . esc_html( $language_option ) . '/sdk.js#xfbml=1&appId=1123168491105924&version=v3.1";
1493	fjs.parentNode.insertBefore(js, fjs);
1494	}(document, "script", "facebook-jssd"));</script>';
1495	$_POST['fts_facebook_script_loaded'] = 'yes';

3541	*/
3542	public function fts_refresh_token_ajax() {
3543
3544	+ // Check security token is set.
3545	+ if ( ! isset( $_REQUEST['fts_security'], $_REQUEST['fts_time'] ) ) {
3546	+ exit( 'Sorry, You can\'t do that!' );
3547	+ }

3548
3549	+ // Verify Nonce Security.
3550	+ if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['fts_security'] ) ) , sanitize_text_field( wp_unslash( $_REQUEST['fts_time'] ) ) . 'fts_refresh_token_nonce' ) ) {
3551	+ exit( 'Sorry, You can\'t do that!' );
3552	+ }
3553
3554	+ if ( isset( $_REQUEST['button_pushed'] ) && 'yes' === $_REQUEST['button_pushed'] ) {





3555
3556	+ if( 'youtube' === $_REQUEST['feed'] && !empty( $_REQUEST['refresh_token'] ) ){
3557	+ update_option( 'youtube_custom_refresh_token', sanitize_text_field( wp_unslash( $_REQUEST['refresh_token'] ) ) );
3558
3559	+ }
3560	+ if ( 'instagram' === $_REQUEST['feed'] && !empty( $_REQUEST['access_token'] ) ){
3561	+ update_option( 'fts_instagram_custom_api_token', sanitize_text_field( wp_unslash( $_REQUEST['access_token'] ) ) );
3562	+ }
3563	+ }
3564	+ if ( !empty( $_REQUEST['access_token'] ) ) {
3565
3566	if( 'youtube' === $_REQUEST['feed'] ){
3567	+ update_option( 'youtube_custom_access_token', sanitize_text_field( wp_unslash( $_REQUEST['access_token'] ) ) );
3568



3569	}
3570	+ if ( 'instagram' === $_REQUEST['feed'] ){
3571	+ update_option( 'fts_instagram_custom_api_token', sanitize_text_field( wp_unslash( $_REQUEST['access_token'] ) ) );
3572	+ }
3573	+ }
3574
3575	+ if( 'youtube' === $_REQUEST['feed'] ){
3576
3577	+ $startoftime = isset( $_REQUEST['expires_in'] ) ? strtotime( '+' . $_REQUEST['expires_in'] . ' seconds' ) : '';
3578	+ $start_of_time_final = false !== $startoftime ? sanitize_key( $startoftime ) : '';
3579	+ update_option( 'youtube_custom_token_exp_time', sanitize_text_field( wp_unslash( $start_of_time_final ) ) );
3580	+ }
3581
3582	+ if( 'instagram' === $_REQUEST['feed'] ){


3583
3584	+ $startoftime = isset( $_REQUEST['expires_in'] ) ? $_REQUEST['expires_in'] : '';
3585	+ $start_of_time_final = false !== $startoftime ? sanitize_key( $startoftime ) : '';
3586	+ update_option( 'fts_instagram_custom_api_token_expires_in', sanitize_text_field( wp_unslash( $start_of_time_final ) ) );
3587
3588	+ echo wp_unslash( $_REQUEST['expires_in'] );
3589	+ echo '<br/>';
3590	+ }



3591
3592	+ // This only happens if the token is expired on the YouTube Options page and you go to re-save or refresh the page for some reason. It will also run this function if the cache is emptied and the token is found to be expired.
3593	+ if ( 'no' === $_REQUEST['button_pushed'] ) {
3594	+ echo 'Token Refreshed: ';
3595	+ // $output .= do_shortcode('[fts _youtube vid_count=3 large_vid=no large_vid_title=no large_vid_description=no thumbs_play_in_iframe=popup vids_in_row=3 space_between_videos=1px force_columns=yes maxres_thumbnail_images=yes thumbs_wrap_color=#000 wrap=none video_wrap_display=none comments_count=12 channel_id=UCqhnX4jA0A5paNd1v-zEysw loadmore=button loadmore_count=5 loadmore_btn_maxwidth=300px loadmore_btn_margin=10px]');
3596	+ }
3597
3598	+ echo wp_unslash( $_REQUEST['access_token'] );
3599
3600	wp_die();
3601	}

3658	// use for testing in script below.
3659	//console.log( '<?php print_r($response['body']) ? >' );
3660
3661	+ $time = time();
3662	+ $nonce = wp_create_nonce( $time . 'fts_refresh_token_nonce' );
3663	+
3664	?>
3665	<script>
3666	jQuery(document).ready(function () {
3667
3668	+ var fts_time = "<?php echo esc_js( $time ); ?>";
3669	+ var fts_security = "<?php echo esc_js( $nonce ); ?>";
3670
3671	jQuery.ajax({
3672	data: {

3674	access_token: '<?php echo esc_js( $encrypted_token ); ?>',
3675	expires_in: '<?php echo esc_js( $expires_in ); ?>',
3676	button_pushed: '<?php echo esc_js( $button_pushed ); ?>',
3677	+ fts_security: fts_security,
3678	+ fts_time: fts_time,
3679	feed: 'instagram'
3680	},
3681	type: 'POST',

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: slickremix, slickchris
3	Tags: Facebook, Instagram, Twitter, YouTube, Feed
4	Requires at least: 3.6.0
5	Tested up to: 6.0
6	- Stable tag: 2.9.8.5
7	License: GPLv2 or later
8
9	Display a Custom Facebook feed, Instagram feed, Twitter feed, and YouTube feed on pages, posts or widgets.
	@@ -72,6 +72,11 @@ Feed Them Social was Developed By SlickRemix --> [https://www.slickremix.com/](h
72	* Log into WordPress dashboard then click Plugins > Add new > Then under the title "Install Plugins" click Upload > choose the zip > Activate the plugin!
73
74	== Changelog ==





75	= Version 2.9.8.5 Saturday, May 28th, 2022 =
76	* FIX: Combined Streams: Twitter User Name not linking properly.
77	* NOTE: Tested with WordPress Version 6.0


3	Tags: Facebook, Instagram, Twitter, YouTube, Feed
4	Requires at least: 3.6.0
5	Tested up to: 6.0
6	+ Stable tag: 2.9.8.6
7	License: GPLv2 or later
8
9	Display a Custom Facebook feed, Instagram feed, Twitter feed, and YouTube feed on pages, posts or widgets.

72	* Log into WordPress dashboard then click Plugins > Add new > Then under the title "Install Plugins" click Upload > choose the zip > Activate the plugin!
73
74	== Changelog ==
75	+ = Version 2.9.8.6 Monday, July 11th, 2022 =
76	+ * FIX: Facebook Feed: Share option was throwing invalid APP ID error.
77	+ * FIX: XSS Vulnerability: Instagram Refresh Token.
78	+ * FIX: Phar Vulnerability: Twitter Share url check.
79	+
80	= Version 2.9.8.5 Saturday, May 28th, 2022 =
81	* FIX: Combined Streams: Twitter User Name not linking properly.
82	* NOTE: Tested with WordPress Version 6.0

Feed Them Social – Facebook, Instagram, Twitter, YouTube, Pinterest - Version 2.9.8.6

Version Description

Release Info

Code changes from version 2.9.8.5 to 2.9.8.6