FeedWordPress - Version 2017.0913

Version Description

PARTIAL FIX FOR 2X DUPLICATE POSTS APPEARING ON DUAL HTTP/HTTPS SITES: Some users reported an issue in which their FeedWordPress sites, which are over both insecure HTTP and over HTTPS, would pick up exactly 2 copies of every post or almost every post from certain feeds, and where the guids for each of the pair of duplicate posts would look exactly alike, except for a difference in the protocol, for example:

http://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545 https://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545

... where www.example.com is the server that your own copy of FeedWordPress is installed. This release of FeedWordPress normalizes post guid prefixes so as to avoid or limit the scope of this problem.
PHP 7 Compatibility: eliminate remaining sources of PHP 7 compatibility-check failures -- remove the use of depreciated mysql_error() function, and make sure all classes make use of __construct() convention for constructors.
AVOID "PHP Warning: shell_exec() has been disabled for security reasons in [...]/feedwordpress/feeds-page.php on line 197": FeedWordPress uses the PHP shell_exec() function in a very narrowly limited way for information gathering, trying to find the real path to curl or wget on your system, so that it can give as realistic as possible a recommendation for the sample crontab line displayed in Syndication > Feeds & Updates. Some web hosting environments disable shell_exec for security reasons (since it could in theory be used to do a lot more stuff than the very limited information gathering FWP uses it for); in which case, this part of the code in FeedWordPress could spit out a nasty-looking and potentially worrisome-looking error message. So, now this code is fenced with checks to make sure that shell_exec is available, before FWP attempts to make use of it.

Release Info

Developer	radgeek
Plugin	FeedWordPress
Version	2017.0913
Comparing to
See all releases

Code changes from version 2016.1213 to 2017.0913

Files changed (7) hide show

feeds-page.php +16 -6
feedwordpress.php +5 -4
feedwordpresslocalpost.class.php +3 -1
feedwordpresssyndicationpage.class.php +5 -5
readme.txt +36 -3
syndicatedpost.class.php +34 -2
syndicationdataqueries.class.php +3 -1

feeds-page.php CHANGED Viewed

@@ -194,15 +194,25 @@ class FeedWordPressFeedsPage extends FeedWordPressAdminPage {
             		</select>
             		<div id="cron-job-explanation" class="setting-description">
             		<p><?php
-            -
            		$path = `which curl`; $opts = '--silent %s';
-            -
            		if (is_null($path) or strlen(trim($path))==0) :
             			$path = `which wget`; $opts = '-q -O - %s';
-            -
            			if (is_null($path) or strlen(trim($path))==0) :
-            -
            				$path = '/usr/bin/curl'; $opts = '--silent %s';
-            -
            			endif;
             		endif;
             		$path = preg_replace('/\n+$/', '', $path);
-            -
            		$crontab = `crontab -l`;
             		$cmdline = $path . ' ' . sprintf($opts, get_bloginfo('url').'?update_feedwordpress=1');


194	</select>
195	<div id="cron-job-explanation" class="setting-description">
196	<p><?php
197	+ // Do we have shell_exec() available from here, or is it disabled for security reasons?
198	+ // If it's available, use it to execute `which` to try to get a realistic path to curl,
199	+ // or to wget. If everything fails or shell_exec() isn't available, then just make
200	+ // up something for the sake of example.
201	+ $shellExecAvailable = (is_callable('shell_exec') && false === stripos(ini_get('disable_functions'), 'shell_exec'));
202	+
203	+ if ($shellExecAvailable) :
204	+ $path = `which curl`; $opts = '--silent %s';
205	+ endif;
206	+
207	+ if ($shellExecAvailable and (is_null($path) or strlen(trim($path))==0)) :
208	$path = `which wget`; $opts = '-q -O - %s';



209	endif;
210	+
211	+ if (is_null($path) or strlen(trim($path))==0) :
212	+ $path = '/usr/bin/curl'; $opts = '--silent %s';
213	+ endif;
214	+
215	$path = preg_replace('/\n+$/', '', $path);

216
217	$cmdline = $path . ' ' . sprintf($opts, get_bloginfo('url').'?update_feedwordpress=1');
218

feedwordpress.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: FeedWordPress
4	Plugin URI: http://feedwordpress.radgeek.com/
5	Description: simple and flexible Atom/RSS syndication for WordPress
6	- Version: ~~2016~~.~~1213~~
7	Author: Charles Johnson
8	Author URI: http://radgeek.com/
9	License: GPL
	@@ -11,7 +11,7 @@ License: GPL
11
12	/**
13	* @package FeedWordPress
14	- * @version ~~2016~~.~~1213~~
15	*/
16
17	# This uses code derived from:
	@@ -32,7 +32,7 @@ License: GPL
32
33	# -- Don't change these unless you know what you're doing...
34
35	- define ('FEEDWORDPRESS_VERSION', '~~2016~~.~~1213~~');
36	define ('FEEDWORDPRESS_AUTHOR_CONTACT', 'http://radgeek.com/contact');
37
38	if (!defined('FEEDWORDPRESS_BLEG')) :
	@@ -1823,7 +1823,8 @@ class FeedWordPress {
1823
1824	// Explicit update request in the HTTP request (e.g. from a cron job)
1825	if (self::update_requested()) :
1826	-

1827	$this->update_hooked = "Initiating a CRON JOB CHECK-IN ON UPDATE SCHEDULE due to URL parameter = ".trim($this->val($_REQUEST['update_feedwordpress']));
1828
1829	$this->update($this->update_requested_url());


3	Plugin Name: FeedWordPress
4	Plugin URI: http://feedwordpress.radgeek.com/
5	Description: simple and flexible Atom/RSS syndication for WordPress
6	+ Version: 2017.0913
7	Author: Charles Johnson
8	Author URI: http://radgeek.com/
9	License: GPL

11
12	/**
13	* @package FeedWordPress
14	+ * @version 2017.0913
15	*/
16
17	# This uses code derived from:

32
33	# -- Don't change these unless you know what you're doing...
34
35	+ define ('FEEDWORDPRESS_VERSION', '2017.0913');
36	define ('FEEDWORDPRESS_AUTHOR_CONTACT', 'http://radgeek.com/contact');
37
38	if (!defined('FEEDWORDPRESS_BLEG')) :

1823
1824	// Explicit update request in the HTTP request (e.g. from a cron job)
1825	if (self::update_requested()) :
1826	+ /DBG/ header("Content-Type: text/plain");
1827	+
1828	$this->update_hooked = "Initiating a CRON JOB CHECK-IN ON UPDATE SCHEDULE due to URL parameter = ".trim($this->val($_REQUEST['update_feedwordpress']));
1829
1830	$this->update($this->update_requested_url());

feedwordpresslocalpost.class.php CHANGED Viewed

	@@ -93,7 +93,9 @@ class FeedWordPressLocalPost {
93
94	public function feed () {
95	global $feedwordpress;
96	- $~~this->link~~ = $feedwordpress->subscription~~($this->feed_id(~~));


97	return $this->link;
98	}
99


93
94	public function feed () {
95	global $feedwordpress;
96	+ if (is_object($feedwordpress) and method_exists($feedwordpress, 'subscription')) :
97	+ $this->link = $feedwordpress->subscription($this->feed_id());
98	+ endif;
99	return $this->link;
100	}
101

feedwordpresssyndicationpage.class.php CHANGED Viewed

	@@ -701,7 +701,7 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
701	var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
702	s.type = 'text/javascript';
703	s.async = true;
704	- s.src = '~~http~~://api.flattr.com/js/0.6/load.js?mode=auto';
705	t.parentNode.insertBefore(s, t);
706	})();
707	/* ]]> */</script>
	@@ -723,7 +723,7 @@ support, and documentation.</p>
723	<div style="display: inline-block; vertical-align: middle; ">
724	<a class="FlattrButton" style="display:none;" href="http://feedwordpress.radgeek.com/"></a>
725	<noscript>
726	- <a href="~~http~~://flattr.com/thing/1380856/FeedWordPress" target="_blank"><img src="~~http~~://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a>
727	</noscript>
728	<div>via Flattr</div>
729
	@@ -865,7 +865,7 @@ regular donation</a>) using an existing PayPal account or any major credit card.
865	foreach ($alter as $sql) :
866	$result = $wpdb->query($sql);
867	if (!$result):
868	- $errs[] = ~~mysql_error()~~;
869	endif;
870	endforeach;
871
	@@ -988,7 +988,7 @@ regular donation</a>) using an existing PayPal account or any major credit card.
988	foreach ($alter as $sql) :
989	$result = $wpdb->query($sql);
990	if (!$result):
991	- $errs[] = ~~mysql_error()~~;
992	endif;
993	endforeach;
994
	@@ -1218,7 +1218,7 @@ has been added as a contributing site, using the feed at
1218	<<a href="<?php print $fwp_post['feed']; ?>"><?php print esc_html($fwp_post['feed']); ?></a>>.
1219	\| <a href="admin.php?page=<?php print $fwp_path; ?>/feeds-page.php&link_id=<?php print $link_id; ?>">Configure settings</a>.</p></div>
1220	<?php else: ?>
1221	- <div class="updated"><p>There was a problem adding the feed. [SQL: <?php echo esc_html(~~mysql_error(~~)); ?>]</p></div>
1222	<?php endif;
1223	elseif (isset($fwp_post['save_link_id'])):
1224	$existingLink = new SyndicatedLink($fwp_post['save_link_id']);


701	var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
702	s.type = 'text/javascript';
703	s.async = true;
704	+ s.src = 'https://api.flattr.com/js/0.6/load.js?mode=auto';
705	t.parentNode.insertBefore(s, t);
706	})();
707	/* ]]> */</script>

723	<div style="display: inline-block; vertical-align: middle; ">
724	<a class="FlattrButton" style="display:none;" href="http://feedwordpress.radgeek.com/"></a>
725	<noscript>
726	+ <a href="https://flattr.com/thing/1380856/FeedWordPress" target="_blank"><img src="https://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a>
727	</noscript>
728	<div>via Flattr</div>
729

865	foreach ($alter as $sql) :
866	$result = $wpdb->query($sql);
867	if (!$result):
868	+ $errs[] = $wpdb->last_error;
869	endif;
870	endforeach;
871

988	foreach ($alter as $sql) :
989	$result = $wpdb->query($sql);
990	if (!$result):
991	+ $errs[] = $wpdb->last_error;
992	endif;
993	endforeach;
994

1218	<<a href="<?php print $fwp_post['feed']; ?>"><?php print esc_html($fwp_post['feed']); ?></a>>.
1219	\| <a href="admin.php?page=<?php print $fwp_path; ?>/feeds-page.php&link_id=<?php print $link_id; ?>">Configure settings</a>.</p></div>
1220	<?php else: ?>
1221	+ <div class="updated"><p>There was a problem adding the feed. [SQL: <?php echo esc_html($wpdb->last_error); ?>]</p></div>
1222	<?php endif;
1223	elseif (isset($fwp_post['save_link_id'])):
1224	$existingLink = new SyndicatedLink($fwp_post['save_link_id']);

readme.txt CHANGED Viewed

@@ -3,8 +3,8 @@ Contributors: Charles Johnson
             Donate link: http://feedwordpress.radgeek.com/
             Tags: syndication, aggregation, feed, atom, rss
             Requires at least: 4.5
-            -
            Tested up to: 4.7
-            -
            Stable tag: 2016.1213
             FeedWordPress syndicates content from feeds you choose into your WordPress weblog.
@@ -93,9 +93,42 @@ outs, see the documentation at the [FeedWordPress project homepage][].
             == Changelog ==
             = 2016.1213 =
-            -
            *	WORDPRSS BACKWARD COMPATIBILITY FOR VERSIONS [4.5, 4.7]: This change fixes
             	a fatal PHP error (on some web server configurations you'd see the message
             	"Fatal error: require_once(): Failed opening required '[...]/wp-includes/class-wp-feed-cache.php'"
             	on others, you might just see an HTTP 500 Internal Server Error or a blank


3	Donate link: http://feedwordpress.radgeek.com/
4	Tags: syndication, aggregation, feed, atom, rss
5	Requires at least: 4.5
6	+ Tested up to: 4.8.1
7	+ Stable tag: 2017.0913
8
9	FeedWordPress syndicates content from feeds you choose into your WordPress weblog.
10

93
94	== Changelog ==
95
96	+ = 2017.0913 =
97	+
98	+ * PARTIAL FIX FOR 2X DUPLICATE POSTS APPEARING ON DUAL HTTP/HTTPS SITES: Some
99	+ users reported an issue in which their FeedWordPress sites, which are over
100	+ both insecure HTTP and over HTTPS, would pick up exactly 2 copies of every
101	+ post or almost every post from certain feeds, and where the guids for each
102	+ of the pair of duplicate posts would look exactly alike, except for a
103	+ difference in the protocol, for example:
104	+
105	+ http://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545
106	+ https://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545
107	+
108	+ ... where www.example.com is the server that your own copy of FeedWordPress
109	+ is installed. This release of FeedWordPress normalizes post guid prefixes
110	+ so as to avoid or limit the scope of this problem.
111	+
112	+ * PHP 7 Compatibility: eliminate remaining sources of PHP 7 compatibility-check
113	+ failures -- remove the use of depreciated mysql_error() function, and make
114	+ sure all classes make use of __construct() convention for constructors.
115	+
116	+ * AVOID "PHP Warning: shell_exec() has been disabled for security reasons in
117	+ [...]/feedwordpress/feeds-page.php on line 197": FeedWordPress uses the PHP
118	+ shell_exec() function in a very narrowly limited way for information gathering,
119	+ trying to find the real path to curl or wget on your system, so that it can
120	+ give as realistic as possible a recommendation for the sample crontab line
121	+ displayed in Syndication > Feeds & Updates. Some web hosting environments
122	+ disable shell_exec for security reasons (since it could in theory be used to
123	+ do a lot more stuff than the very limited information gathering FWP uses it
124	+ for); in which case, this part of the code in FeedWordPress could spit out
125	+ a nasty-looking and potentially worrisome-looking error message. So, now this
126	+ code is fenced with checks to make sure that shell_exec is available, before
127	+ FWP attempts to make use of it.
128	+
129	= 2016.1213 =
130
131	+ * WORDPRESS BACKWARD COMPATIBILITY FOR VERSIONS [4.5, 4.7]: This change fixes
132	a fatal PHP error (on some web server configurations you'd see the message
133	"Fatal error: require_once(): Failed opening required '[...]/wp-includes/class-wp-feed-cache.php'"
134	on others, you might just see an HTTP 500 Internal Server Error or a blank

syndicatedpost.class.php CHANGED Viewed

@@ -584,9 +584,24 @@ class SyndicatedPost {
             		return $hash;
             	} /* SyndicatedPost::update_hash() */
             	static function normalize_guid_prefix () {
-            -
            		return trailingslashit(get_bloginfo('url')).'?guid=';
-            -
            	}
             	static function normalize_guid ($guid) {
             		$guid = trim($guid);
@@ -596,6 +611,23 @@ class SyndicatedPost {
             			$guid = SyndicatedPost::normalize_guid_prefix().md5($guid);
             		endif;
             		$guid = trim($guid);
             		return $guid;
             	} /* SyndicatedPost::normalize_guid() */


584	return $hash;
585	} /* SyndicatedPost::update_hash() */
586
587	+ /**
588	+ * SyndicatedPost::normalize_guid_prefix(): generates a normalized URL
589	+ * prefix (including scheme, authority, full path, and the beginning of
590	+ * a query string) for creating guids that conform to WordPress's
591	+ * internal constraints on the URL space for valid guids. To create a
592	+ * normalized guid, just concatenate a valid URL query parameter value
593	+ * to the returned URL.
594	+ *
595	+ * @return string The URL prefix generated.
596	+ *
597	+ * @uses trailingslashit()
598	+ * @uses home_url()
599	+ * @uses apply_filters()
600	+ */
601	static function normalize_guid_prefix () {
602	+ $url = trailingslashit(home_url(/path=/ '', /scheme=/ 'http'));
603	+ return apply_filters('syndicated_item_guid_normalized_prefix', $url . '?guid=');
604	+ } /* SyndicatedPost::normalize_guid_prefix() */
605
606	static function normalize_guid ($guid) {
607	$guid = trim($guid);

611	$guid = SyndicatedPost::normalize_guid_prefix().md5($guid);
612	endif;
613	$guid = trim($guid);
614	+
615	+ return $guid;
616	+ } /* SyndicatedPost::normalize_guid() */
617	+
618	+ static function alternative_guid_prefix () {
619	+ $url = trailingslashit(home_url(/path=/ '', /scheme=/ 'https'));
620	+ return apply_filters('syndicated_item_guid_normalized_prefix', $url . '?guid=');
621	+ }
622	+ static function alternative_guid ($guid) {
623	+ $guid = trim($guid);
624	+ if (preg_match('/^[0-9a-z]{32}$/i', $guid)) : // MD5
625	+ $guid = SyndicatedPost::alternative_guid_prefix().strtolower($guid);
626	+ elseif ((strlen(esc_url($guid)) == 0) or (esc_url($guid) != $guid)) :
627	+ $guid = SyndicatedPost::alternative_guid_prefix().md5($guid);
628	+ endif;
629	+ $guid = trim($guid);
630	+
631	return $guid;
632	} /* SyndicatedPost::normalize_guid() */
633

syndicationdataqueries.class.php CHANGED Viewed

	@@ -47,6 +47,7 @@ class SyndicationDataQueries {
47	// MD5 hashes
48	if (preg_match('/^[0-9a-f]{32}$/i', $guid)) :
49	$seek[] = SyndicatedPost::normalize_guid_prefix().$guid;

50	endif;
51
52	// Invalid URIs, URIs that WordPress just doesn't like, and URIs
	@@ -54,8 +55,9 @@ class SyndicationDataQueries {
54	$nGuid = SyndicatedPost::normalize_guid($guid);
55	if ($guid != $nGuid) :
56	$seek[] = $nGuid;

57	endif;
58	-
59	// Escape to prevent frak-ups, injections, etc.
60	$seek = array_map('esc_sql', $seek);
61


47	// MD5 hashes
48	if (preg_match('/^[0-9a-f]{32}$/i', $guid)) :
49	$seek[] = SyndicatedPost::normalize_guid_prefix().$guid;
50	+ $seek[] = SyndicatedPost::alternative_guid_prefix().$guid;
51	endif;
52
53	// Invalid URIs, URIs that WordPress just doesn't like, and URIs

55	$nGuid = SyndicatedPost::normalize_guid($guid);
56	if ($guid != $nGuid) :
57	$seek[] = $nGuid;
58	+ $seek[] = SyndicatedPost::alternative_guid($guid);
59	endif;
60	+
61	// Escape to prevent frak-ups, injections, etc.
62	$seek = array_map('esc_sql', $seek);
63