FeedWordPress - Version 2022.0203

Version Description

ADDITIONAL CODE CLEANUP: This version does some additional code clean-up to remove some obsolete methods of generating output, and to do a better job of sanitizing input and escaping output in the FeedWordPress administrative dashboard.

Release Info

Developer	radgeek
Plugin	FeedWordPress
Version	2022.0203
Comparing to
See all releases

Code changes from version 2022.0123 to 2022.0203

Files changed (3) hide show

feedwordpresssyndicationpage.class.php +102 -106
posts-page.php +27 -20
readme.txt +5 -1

feedwordpresssyndicationpage.class.php CHANGED Viewed

	@@ -58,11 +58,8 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
58	endif;
59
60	// this may be output into HTML, and it should really only ever be Y or N...
61	- $~~visibility~~ = (
62	- ~~isset~~(~~$_REQUEST~~['~~visibility~~'])
63	- ? preg_replace('/[^YyNn]+/', '', strip_tags($_REQUEST['visibility']))
64	- : $defaultVisibility
65	- );
66
67	return (strlen($visibility) > 0 ? $visibility : $defaultVisibility);
68	} /* FeedWordPressSyndicationPage::visibility_toggle() */
	@@ -99,17 +96,25 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
99	* @uses sanitize_ids_sql()
100	*/
101	public function requested_link_ids_sql () {
102	- // Multiple link IDs passed in link_ids[]=... ~~. . .~~
103	- $~~link_ids~~ = (isset($_REQUEST['link_ids']) ? $_REQUEST['link_ids'] : array());





104
105	// Or single in link_id=...
106	- if (isset($_REQUEST['link_id'])) : ~~array_push($link_ids, $_REQUEST['link_id']); endif;~~



107
108	- // ~~Filter~~ for safe use in MySQL queries.
109	$link_ids = $this->sanitize_ids_sql($link_ids);
110
111	// Convert to MySQL list literal.
112	- return "('".implode("', '", $link_ids)."')";
113	} /* FeedWordPressSyndicationPage::requested_link_ids_sql () */
114
115	function updates_requested () {
	@@ -225,23 +230,25 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
225	}
226
227	function display_multiadd_line ($line) {
228	- $short_feed = ~~esc_html(~~feedwordpress_display_url($line['feed']));
229	- $feed = ~~esc_html(~~$line['feed']);
230	- $link = ~~esc_html(~~$line['link']);
231	- $title = ~~esc_html(~~$line['title']);
232	- $~~checked~~ = $line['~~checked~~'];
233	- $i = esc_html($line['i']);
234
235	- print "<li><label><input type='checkbox' name='multilookup[$i][add]' value='yes' ~~$checked />~~
236	- $~~title</label~~> ~~·~~ ~~<a href='$feed'>$short_feed</a>";~~



237
238	if (isset($line['extra'])) :
239	print " · ".esc_html($line['extra']);
240	endif;
241
242	- print "<input type='hidden' name='multilookup[$i][url]' value='$feed' />
243	- <input type='hidden' name='multilookup[$i][link]' value='$link' />
244	- <input type='hidden' name='multilookup[$i][title]' value='$title' />
245	</li>\n";
246
247	flush();
	@@ -280,12 +287,12 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
280
281	$i = 0;
282	?>
283	- <form id="multiadd-form" action="<?php print $this->form_action(); ?>" method="post">
284	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
285	- <input type="hidden" name="multiadd" value="<?php print FWP_SYNDICATE_NEW; ?>" />
286	<input type="hidden" name="confirm" value="multiadd" />
287
288	- <input type="hidden" name="multiadd" value="<?php print FWP_SYNDICATE_NEW; ?>" />
289	<input type="hidden" name="confirm" value="multiadd" /></div>
290
291	<div id="multiadd-status">
	@@ -326,12 +333,6 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
326	if (!is_wp_error($pie)) :
327	$found = true;
328
329	- $short_feed = esc_html(feedwordpress_display_url($feed));
330	- $feed = esc_html($feed);
331	- $title = esc_html($pie->get_title());
332	- $checked = ' checked="checked"';
333	- $link = esc_html($pie->get_link());
334	-
335	$this->display_multiadd_line(array(
336	'feed' => $feed,
337	'title' => $pie->get_title(),
	@@ -344,7 +345,7 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
344
345	if (!$merge_all) : // Break out after first find
346	break;
347	- endif;
348	endif;
349	endforeach;
350	endif;
	@@ -475,13 +476,14 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
475	$update_setting = 'using a cron job or manual check-ins';
476	endif;
477


478	// Hey ho, let's go...
479	- $syndicatedLinks_formAction = esc_url( sprintf('%s&visibility=%s', $hrefPrefix, urlencode($visibility)) );
480	?>
481	- <div style="float: left; background: #F5F5F5; padding-top: 5px; padding-right: 5px;"><a href="<?php print $this->form_action(); ?>"><img src="<?php print esc_url(plugins_url( "feedwordpress.png", __FILE__ ) ); ?>" alt="" /></a></div>
482
483	<p class="info" style="margin-bottom: 0px; border-bottom: 1px dotted black;">Managed by <a href="http://feedwordpress.radgeek.com/">FeedWordPress</a>
484	- <?php print FEEDWORDPRESS_VERSION; ?>.</p>
485	<?php if (FEEDWORDPRESS_BLEG) : ?>
486	<p class="info" style="margin-top: 0px; font-style: italic; font-size: 75%; color: #666;">If you find this tool useful for your daily work, you can
487	contribute to ongoing support and development with
	@@ -492,11 +494,11 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
492	<div class="feedwordpress-actions">
493	<h4>Updates</h4>
494	<ul class="options">
495	- <li><strong>Scheduled:</strong> <?php print $update_setting; ?>
496	- (<a href="<?php print $this->form_action('feeds-page.php'); ?>">change setting</a>)</li>
497
498	<li><?php if (!is_null($lastUpdate)) : ?>
499	- <strong>Last checked:</strong> <?php print fwp_time_elapsed($lastUpdate); ?>
500	<?php else : ?>
501	<strong>Last checked:</strong> none yet
502	<?php endif; ?> </li>
	@@ -509,27 +511,27 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
509	<table>
510	<tbody>
511	<tr class="first">
512	- <td class="first b b-active"><a href="<?php print ~~esc_html~~($activeHref); ?>"><?php print count($sources['Y']); ?></a></td>
513	- <td class="t active"><a href="<?php print ~~esc_html~~($activeHref); ?>">Active</a></td>
514	</tr>
515
516	<tr>
517	- <td class="b b-inactive"><a href="<?php print ~~esc_html~~($inactiveHref); ?>"><?php print count($sources['N']); ?></a></td>
518	- <td class="t inactive"><a href="<?php print ~~esc_html~~($inactiveHref); ?>">Inactive</a></td>
519	</tr>
520	</table>
521	</div>
522
523	<div id="add-single-uri">
524	<?php if (count($sources['Y']) > 0) : ?>
525	- <form id="check-for-updates" action="<?php print $this->form_action(); ?>" method="POST">
526	- <div class="container"><input type="submit" class="button-primary" name"update" value="<?php print FWP_CHECK_FOR_UPDATES; ?>" />
527	<?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
528	<input type="hidden" name="update_uri" value="*" /></div>
529	</form>
530	<?php endif; ?>
531
532	- <form id="syndicated-links" action="<?php print $~~syndicatedLinks_formAction~~; ?>" method="post">
533	<div class="container"><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
534	<label for="add-uri">Add:
535	<input type="text" name="lookup" id="add-uri" placeholder="Source URL"
	@@ -537,7 +539,7 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
537
538	<?php FeedWordPressSettingsUI::magic_input_tip_js('add-uri'); ?>
539	<input type="hidden" name="action" value="<?php print FWP_SYNDICATE_NEW; ?>" />
540	- <input style="vertical-align: middle;" type="image" src="<?php print esc_url(plugins_url('plus.png', __FILE__)); ?>" alt="<?php print FWP_SYNDICATE_NEW; ?>" /></div>
541	</form>
542	</div> <!-- id="add-single-uri" -->
543
	@@ -555,21 +557,21 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
555	$showInactive = $this->show_inactive();
556
557	$hrefPrefix = $this->form_action();
558	- $formHref = ~~esc_url(~~ sprintf( '%s&visibility=%s', $hrefPrefix, urlencode($visibility) ) );
559	?>
560	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
561	<div class="tablenav">
562
563	<div id="add-multiple-uri" class="hide-if-js">
564	- <form action="<?php print $formHref; ?>" method="post">
565	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
566	<h4>Add Multiple Sources</h4>
567	<div>Enter one feed or website URL per line. If a URL links to a website which provides multiple feeds, FeedWordPress will use the first one listed.</div>
568	<div><textarea name="multilookup" rows="8" cols="60"
569	style="vertical-align: top"></textarea></div>
570	<div style="border-top: 1px dotted black; padding-top: 10px">
571	- <div class="alignright"><input type="submit" class="button-primary" name="multiadd" value="<?php print FWP_SYNDICATE_NEW; ?>" /></div>
572	- <div class="alignleft"><input type="button" class="button-secondary" name="action" value="<?php print FWP_CANCEL_BUTTON; ?>" id="turn-off-multiple-sources" /></div>
573	</div>
574	</form>
575	</div> <!-- id="add-multiple-uri" -->
	@@ -580,20 +582,20 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
580	a URL for the OPML document, or by uploading a copy from your
581	computer.</p>
582
583	- <form enctype="multipart/form-data" action="<?php print $formHref; ?>" method="post">
584	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?><input type="hidden" name="MAX_FILE_SIZE" value="100000" /></div>
585	<div style="clear: both"><label for="opml-lookup" style="float: left; width: 8.0em; margin-top: 5px;">From URL:</label> <input type="text" id="opml-lookup" name="opml_lookup" value="OPML document" /></div>
586	<div style="clear: both"><label for="opml-upload" style="float: left; width: 8.0em; margin-top: 5px;">From file:</label> <input type="file" id="opml-upload" name="opml_upload" /></div>
587
588	<div style="border-top: 1px dotted black; padding-top: 10px">
589	- <div class="alignright"><input type="submit" class="button-primary" name="action" value="<?php print FWP_SYNDICATE_NEW; ?>" /></div>
590	- <div class="alignleft"><input type="button" class="button-secondary" name="action" value="<?php print FWP_CANCEL_BUTTON; ?>" id="turn-off-opml-upload" /></div>
591	</div>
592	</form>
593	</div> <!-- id="upload-opml" -->
594
595	<div id="add-single-uri" class="alignright">
596	- <form id="syndicated-links" action="<?php print $formHref; ?>" method="post">
597	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
598	<ul class="subsubsub">
599	<li><label for="add-uri">New source:</label>
	@@ -602,7 +604,7 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
602	<?php FeedWordPressSettingsUI::magic_input_tip_js('add-uri'); FeedWordPressSettingsUI::magic_input_tip_js('opml-lookup'); ?>
603
604	<input type="hidden" name="action" value="feedfinder" />
605	- <input type="submit" class="button-secondary" name="action" value="<?php print FWP_SYNDICATE_NEW; ?>" />
606	<div style="text-align: right; margin-right: 2.0em"><a id="turn-on-multiple-sources" href="#add-multiple-uri"><img style="vertical-align: middle" src="<?php print esc_url(plugins_url('down.png', __FILE__)); ?>" alt="" /> add multiple</a>
607	<span class="screen-reader-text"> or </span>
608	<a id="turn-on-opml-upload" href="#upload-opml"><img src="<?php print esc_url(plugins_url('plus.png', __FILE__)); ?>" alt="" style="vertical-align: middle" /> import source list</a></div>
	@@ -621,7 +623,7 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
621
622	</div> <!-- class="tablenav" -->
623
624	- <form id="syndicated-links" action="<?php print $formHref; ?>" method="post">
625	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
626
627	<?php if ($showInactive) : ?>
	@@ -649,12 +651,14 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
649
650	function manage_page_links_subsubsub ($sources, $showInactive) {
651	$hrefPrefix = $this->admin_page_href("syndication.php");


652	?>
653	<ul class="subsubsub">
654	- <li><a <?php if (!$showInactive) : ?>class="current" <?php endif; ?>href="<?php print $~~hrefPrefix~~; ~~?>&visibility=Y~~">Subscribed
655	<span class="count">(<?php print count($sources['Y']); ?>)</span></a></li>
656	<?php if ($showInactive or (count($sources['N']) > 0)) : ?>
657	- <li><a <?php if ($showInactive) : ?>class="current" <?php endif; ?>href="<?php print $~~hrefPrefix~~; ~~?>&visibility=N~~">Inactive</a>
658	<span class="count">(<?php print count($sources['N']); ?>)</span></a></li>
659	<?php endif; ?>
660
	@@ -666,11 +670,11 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
666	?>
667	<div style="clear: left" class="alignleft">
668	<?php if ($showInactive) : ?>
669	- <input class="button-secondary" type="submit" name="action" value="<?php print FWP_RESUB_CHECKED; ?>" />
670	- <input class="button-secondary" type="submit" name="action" value="<?php print FWP_DELETE_CHECKED; ?>" />
671	<?php else : ?>
672	- <input class="button-secondary" type="submit" name="action" value="<?php print FWP_UPDATE_CHECKED; ?>" />
673	- <input class="button-secondary delete" type="submit" name="action" value="<?php print FWP_UNSUB_CHECKED; ?>" />
674	<?php endif ; ?>
675	</div> <!-- class="alignleft" -->
676
	@@ -750,7 +754,7 @@ support, and documentation.</p>
750	regular donation</a>) using an existing PayPal account or any major credit card.</p>
751
752	<div class="sod-off">
753	- <form style="text-align: center" action="<?php print $this->form_action(); ?>" method="POST"><div>
754	<input class="button" type="submit" name="maybe_later" value="Maybe Later" />
755	<input class="button" type="submit" name="go_away" value="Dismiss" />
756	</div></form>
	@@ -778,7 +782,7 @@ regular donation</a>) using an existing PayPal account or any major credit card.
778	endif;
779
780	// Get single link ID or multiple link IDs from REQUEST parameters
781	- // if available. Sanitize values for MySQL.
782	$link_list = $this->requested_link_ids_sql();
783
784	if (MyPHP::post('confirm')=='Delete'):
	@@ -880,7 +884,7 @@ regular donation</a>) using an existing PayPal account or any major credit card.
880	WHERE link_id IN ${link_list}
881	");
882	?>
883	- <form action="<?php print $this->form_action(); ?>" method="post">
884	<div class="wrap">
885	<?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
886	<input type="hidden" name="action" value="Unsubscribe" />
	@@ -889,42 +893,38 @@ regular donation</a>) using an existing PayPal account or any major credit card.
889	<h2>Unsubscribe from Syndicated Links:</h2>
890	<?php foreach ($targets as $link) :
891	$subscribed = ('Y' == strtoupper($link->link_visible));
892	- $link_url = esc_html($link->link_url);
893	- $link_name = esc_html($link->link_name);
894	- $link_description = esc_html($link->link_description);
895	- $link_rss = esc_html($link->link_rss);
896	?>
897	<fieldset>
898	- <legend><?php echo $link_name; ?></legend>
899	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
900	<tr><th scope="row" width="20%"><?php _e('Feed URI:') ?></th>
901	- <td width="80%"><a href="<?php echo $link_rss; ?>"><?php echo $link_rss; ?></a></td></tr>
902	<tr><th scope="row" width="20%"><?php _e('Short description:') ?></th>
903	- <td width="80%"><?php echo $link_description; ?></span></td></tr>
904	<tr><th width="20%" scope="row"><?php _e('Homepage:') ?></th>
905	- <td width="80%"><a href="<?php echo $link_url; ?>"><?php echo $link_url; ?></a></td></tr>
906	<tr style="vertical-align:top"><th width="20%" scope="row">Subscription <?php _e('Options') ?>:</th>
907	<td width="80%"><ul style="margin:0; padding: 0; list-style: none">
908	<?php if ($subscribed) : ?>
909	- <li><input type="radio" id="hide-<?php echo $link->link_id; ?>"
910	- name="link_action[<?php echo $link->link_id; ?>]" value="hide" checked="checked" />
911	- <label for="hide-<?php echo $link->link_id; ?>">Turn off the subscription for this
912	syndicated link<br/><span style="font-size:smaller">(Keep the feed information
913	and all the posts from this feed in the database, but don't syndicate any
914	new posts from the feed.)</span></label></li>
915	<?php endif; ?>
916	- <li><input type="radio" id="nuke-<?php echo $link->link_id; ?>"<?php if (!$subscribed) : ?> checked="checked"<?php endif; ?>
917	- name="link_action[<?php echo $link->link_id; ?>]" value="nuke" />
918	- <label for="nuke-<?php echo $link->link_id; ?>">Delete this syndicated link and all the
919	posts that were syndicated from it</label></li>
920	- <li><input type="radio" id="delete-<?php echo $link->link_id; ?>"
921	- name="link_action[<?php echo $link->link_id; ?>]" value="delete" />
922	- <label for="delete-<?php echo $link->link_id; ?>">Delete this syndicated link, but
923	<em>keep</em> posts that were syndicated from it (as if they were authored
924	locally).</label></li>
925	- <li><input type="radio" id="nothing-<?php echo $link->link_id; ?>"
926	- name="link_action[<?php echo $link->link_id; ?>]" value="nothing" />
927	- <label for="nothing-<?php echo $link->link_id; ?>">Keep this feed as it is. I changed
928	my mind.</label></li>
929	</ul>
930	</table>
	@@ -1003,41 +1003,37 @@ regular donation</a>) using an existing PayPal account or any major credit card.
1003	WHERE link_id IN ${link_list}
1004	");
1005	?>
1006	- <form action="<?php print $this->form_action(); ?>" method="post">
1007	<div class="wrap">
1008	<?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
1009	- <input type="hidden" name="action" value="<?php print FWP_RESUB_CHECKED; ?>" />
1010	<input type="hidden" name="confirm" value="Undelete" />
1011
1012	<h2>Re-subscribe to Syndicated Links:</h2>
1013	<?php
1014	foreach ($targets as $link) :
1015	$subscribed = ('Y' == strtoupper($link->link_visible));
1016	- $link_url = esc_html($link->link_url);
1017	- $link_name = esc_html($link->link_name);
1018	- $link_description = esc_html($link->link_description);
1019	- $link_rss = esc_html($link->link_rss);
1020
1021	if (!$subscribed) :
1022	?>
1023	<fieldset>
1024	- <legend><?php echo $link_name; ?></legend>
1025	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
1026	<tr><th scope="row" width="20%"><?php _e('Feed URI:') ?></th>
1027	- <td width="80%"><a href="<?php echo $link_rss; ?>"><?php echo $link_rss; ?></a></td></tr>
1028	<tr><th scope="row" width="20%"><?php _e('Short description:') ?></th>
1029	- <td width="80%"><?php echo $link_description; ?></span></td></tr>
1030	<tr><th width="20%" scope="row"><?php _e('Homepage:') ?></th>
1031	- <td width="80%"><a href="<?php echo $link_url; ?>"><?php echo $link_url; ?></a></td></tr>
1032	<tr style="vertical-align:top"><th width="20%" scope="row">Subscription <?php _e('Options') ?>:</th>
1033	<td width="80%"><ul style="margin:0; padding: 0; list-style: none">
1034	- <li><input type="radio" id="unhide-<?php echo $link->link_id; ?>"
1035	- name="link_action[<?php echo $link->link_id; ?>]" value="unhide" checked="checked" />
1036	- <label for="unhide-<?php echo $link->link_id; ?>">Turn back on the subscription
1037	for this syndication source.</label></li>
1038	- <li><input type="radio" id="nothing-<?php echo $link->link_id; ?>"
1039	- name="link_action[<?php echo $link->link_id; ?>]" value="nothing" />
1040	- <label for="nothing-<?php echo $link->link_id; ?>">Leave this feed as it is.
1041	I changed my mind.</label></li>
1042	</ul>
1043	</table>
	@@ -1141,7 +1137,7 @@ function fwp_syndication_manage_page_update_box ($object = NULL, $box = NULL) {
1141	?>
1142
1143	<form
1144	- action="<?php print $object->form_action(); ?>"
1145	method="POST"
1146	class="update-form<?php if ($bleg_box_ready) : ?> with-donation<?php endif; ?>"
1147	>
	@@ -1156,7 +1152,7 @@ function fwp_syndication_manage_page_update_box ($object = NULL, $box = NULL) {
1156	<p class="heads-up"><strong>Note:</strong> Automatic updates are currently turned
1157	<strong>off</strong>. New posts from your feeds will not be syndicated
1158	until you manually check for them here. You can turn on automatic
1159	- updates under <a href="<?php print $object->admin_page_href('feeds-page.php'); ?>">Feed & Update Settings<a></a>.</p>
1160	<?php
1161	endif;
1162	?>
	@@ -1204,12 +1200,12 @@ function fwp_switchfeed_page () {
1204	$link_id = FeedWordPress::syndicate_link($fwp_post['feed_title'], $fwp_post['feed_link'], $fwp_post['feed']);
1205	if ($link_id):
1206	$existingLink = new SyndicatedLink($link_id);
1207	-
1208	?>
1209	- <div class="updated"><p><a href="<?php print $fwp_post['feed_link']; ?>"><?php print esc_html($fwp_post['feed_title']); ?></a>
1210	has been added as a contributing site, using the feed at
1211	- <<a href="<?php print $fwp_post['feed']; ?>"><?php print esc_html($fwp_post['feed']); ?></a>>.
1212	- \| <a href="~~admin.~~php~~?page=<?php~~ print $~~fwp_path;~~ ~~?>/feeds-page.php&amp~~;~~link_id=<?php~~ ~~print $link_id;~~ ?>">Configure settings</a>.</p></div>
1213	<?php else: ?>
1214	<div class="updated"><p>There was a problem adding the feed. [SQL: <?php echo esc_html($wpdb->last_error); ?>]</p></div>
1215	<?php endif;


58	endif;
59
60	// this may be output into HTML, and it should really only ever be Y or N...
61	+ $sVisibility = (isset($_REQUEST['visibility']) ? sanitize_text_field($_REQUEST['visibility']) : $defaultVisibility);
62	+ $visibility = preg_replace('/[^YyNn]+/', '', $sVisibility);



63
64	return (strlen($visibility) > 0 ? $visibility : $defaultVisibility);
65	} /* FeedWordPressSyndicationPage::visibility_toggle() */

96	* @uses sanitize_ids_sql()
97	*/
98	public function requested_link_ids_sql () {
99	+ // Multiple link IDs passed in link_ids[]=...
100	+ $aLinkIdParameters = (isset($_REQUEST['link_ids']) ? $_REQUEST['link_ids'] : array());
101	+ $link_ids = array();
102	+ foreach ($aLinkIdParameters as $uLinkId) :
103	+ $sLinkId = sanitize_text_field($uLinkId);
104	+ array_push($link_ids, $sLinkId);
105	+ endforeach;
106
107	// Or single in link_id=...
108	+ if (isset($_REQUEST['link_id'])) :
109	+ $sLinkId = sanitize_text_field($_REQUEST['link_id']);
110	+ array_push($link_ids, $sLinkId);
111	+ endif;
112
113	+ // Now use method to sanitize for safe use in MySQL queries.
114	$link_ids = $this->sanitize_ids_sql($link_ids);
115
116	// Convert to MySQL list literal.
117	+ return "('".implode("', '", $link_ids)."')";
118	} /* FeedWordPressSyndicationPage::requested_link_ids_sql () */
119
120	function updates_requested () {

230	}
231
232	function display_multiadd_line ($line) {
233	+ $short_feed = feedwordpress_display_url($line['feed']);
234	+ $feed = $line['feed'];
235	+ $link = $line['link'];
236	+ $title = $line['title'];
237	+ $i = $line['i'];

238
239	+ print "<li><label><input type='checkbox' name='multilookup[".esc_attr($i)."][add]' value='yes'";
240	+ if (strlen($line['checked']) > 0) :
241	+ print ' checked="checked" ';
242	+ endif;
243	+ print "/> ".esc_html($title)."</label> · <a href='".esc_url($feed)."'>".esc_html($short_feed)."</a>";
244
245	if (isset($line['extra'])) :
246	print " · ".esc_html($line['extra']);
247	endif;
248
249	+ print "<input type='hidden' name='multilookup[".esc_attr($i)."][url]' value='".esc_attr($feed)."' />
250	+ <input type='hidden' name='multilookup[".esc_attr($i)."][link]' value='".esc_attr($link)."' />
251	+ <input type='hidden' name='multilookup[".esc_attr($i)."][title]' value='".esc_attr($title)."' />
252	</li>\n";
253
254	flush();

287
288	$i = 0;
289	?>
290	+ <form id="multiadd-form" action="<?php print esc_attr($this->form_action()); ?>" method="post">
291	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
292	+ <input type="hidden" name="multiadd" value="<?php print esc_attr(FWP_SYNDICATE_NEW); ?>" />
293	<input type="hidden" name="confirm" value="multiadd" />
294
295	+ <input type="hidden" name="multiadd" value="<?php print esc_attr(FWP_SYNDICATE_NEW); ?>" />
296	<input type="hidden" name="confirm" value="multiadd" /></div>
297
298	<div id="multiadd-status">

333	if (!is_wp_error($pie)) :
334	$found = true;
335






336	$this->display_multiadd_line(array(
337	'feed' => $feed,
338	'title' => $pie->get_title(),

345
346	if (!$merge_all) : // Break out after first find
347	break;
348	+ endif;
349	endif;
350	endforeach;
351	endif;

476	$update_setting = 'using a cron job or manual check-ins';
477	endif;
478
479	+ $syndicatedLinksFormAction = sprintf('%s&visibility=%s', $hrefPrefix, urlencode($visibility));
480	+
481	// Hey ho, let's go...

482	?>
483	+ <div style="float: left; background: #F5F5F5; padding-top: 5px; padding-right: 5px;"><a href="<?php print esc_url($this->form_action()); ?>"><img src="<?php print esc_url(plugins_url( "feedwordpress.png", __FILE__ ) ); ?>" alt="" /></a></div>
484
485	<p class="info" style="margin-bottom: 0px; border-bottom: 1px dotted black;">Managed by <a href="http://feedwordpress.radgeek.com/">FeedWordPress</a>
486	+ <?php print esc_html(FEEDWORDPRESS_VERSION); ?>.</p>
487	<?php if (FEEDWORDPRESS_BLEG) : ?>
488	<p class="info" style="margin-top: 0px; font-style: italic; font-size: 75%; color: #666;">If you find this tool useful for your daily work, you can
489	contribute to ongoing support and development with

494	<div class="feedwordpress-actions">
495	<h4>Updates</h4>
496	<ul class="options">
497	+ <li><strong>Scheduled:</strong> <?php print esc_html($update_setting); ?>
498	+ (<a href="<?php print esc_url($this->form_action('feeds-page.php')); ?>">change setting</a>)</li>
499
500	<li><?php if (!is_null($lastUpdate)) : ?>
501	+ <strong>Last checked:</strong> <?php print esc_html(fwp_time_elapsed($lastUpdate)); ?>
502	<?php else : ?>
503	<strong>Last checked:</strong> none yet
504	<?php endif; ?> </li>

511	<table>
512	<tbody>
513	<tr class="first">
514	+ <td class="first b b-active"><a href="<?php print esc_url($activeHref); ?>"><?php print esc_html(count($sources['Y'])); ?></a></td>
515	+ <td class="t active"><a href="<?php print esc_url($activeHref); ?>">Active</a></td>
516	</tr>
517
518	<tr>
519	+ <td class="b b-inactive"><a href="<?php print esc_url($inactiveHref); ?>"><?php print esc_html(count($sources['N'])); ?></a></td>
520	+ <td class="t inactive"><a href="<?php print esc_url($inactiveHref); ?>">Inactive</a></td>
521	</tr>
522	</table>
523	</div>
524
525	<div id="add-single-uri">
526	<?php if (count($sources['Y']) > 0) : ?>
527	+ <form id="check-for-updates" action="<?php print esc_url($this->form_action()); ?>" method="POST">
528	+ <div class="container"><input type="submit" class="button-primary" name"update" value="<?php print esc_attr(FWP_CHECK_FOR_UPDATES); ?>" />
529	<?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
530	<input type="hidden" name="update_uri" value="*" /></div>
531	</form>
532	<?php endif; ?>
533
534	+ <form id="syndicated-links" action="<?php print esc_url( $syndicatedLinksFormAction ); ?>" method="post">
535	<div class="container"><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
536	<label for="add-uri">Add:
537	<input type="text" name="lookup" id="add-uri" placeholder="Source URL"

539
540	<?php FeedWordPressSettingsUI::magic_input_tip_js('add-uri'); ?>
541	<input type="hidden" name="action" value="<?php print FWP_SYNDICATE_NEW; ?>" />
542	+ <input style="vertical-align: middle;" type="image" src="<?php print esc_url(plugins_url('plus.png', __FILE__)); ?>" alt="<?php print esc_html(FWP_SYNDICATE_NEW); ?>" /></div>
543	</form>
544	</div> <!-- id="add-single-uri" -->
545

557	$showInactive = $this->show_inactive();
558
559	$hrefPrefix = $this->form_action();
560	+ $formHref = sprintf( '%s&visibility=%s', $hrefPrefix, urlencode($visibility) );
561	?>
562	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
563	<div class="tablenav">
564
565	<div id="add-multiple-uri" class="hide-if-js">
566	+ <form action="<?php print esc_url( $formHref ); ?>" method="post">
567	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
568	<h4>Add Multiple Sources</h4>
569	<div>Enter one feed or website URL per line. If a URL links to a website which provides multiple feeds, FeedWordPress will use the first one listed.</div>
570	<div><textarea name="multilookup" rows="8" cols="60"
571	style="vertical-align: top"></textarea></div>
572	<div style="border-top: 1px dotted black; padding-top: 10px">
573	+ <div class="alignright"><input type="submit" class="button-primary" name="multiadd" value="<?php print esc_attr(FWP_SYNDICATE_NEW); ?>" /></div>
574	+ <div class="alignleft"><input type="button" class="button-secondary" name="action" value="<?php print esc_attr(FWP_CANCEL_BUTTON); ?>" id="turn-off-multiple-sources" /></div>
575	</div>
576	</form>
577	</div> <!-- id="add-multiple-uri" -->

582	a URL for the OPML document, or by uploading a copy from your
583	computer.</p>
584
585	+ <form enctype="multipart/form-data" action="<?php print esc_url( $formHref ); ?>" method="post">
586	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?><input type="hidden" name="MAX_FILE_SIZE" value="100000" /></div>
587	<div style="clear: both"><label for="opml-lookup" style="float: left; width: 8.0em; margin-top: 5px;">From URL:</label> <input type="text" id="opml-lookup" name="opml_lookup" value="OPML document" /></div>
588	<div style="clear: both"><label for="opml-upload" style="float: left; width: 8.0em; margin-top: 5px;">From file:</label> <input type="file" id="opml-upload" name="opml_upload" /></div>
589
590	<div style="border-top: 1px dotted black; padding-top: 10px">
591	+ <div class="alignright"><input type="submit" class="button-primary" name="action" value="<?php print esc_html(FWP_SYNDICATE_NEW); ?>" /></div>
592	+ <div class="alignleft"><input type="button" class="button-secondary" name="action" value="<?php print esc_html(FWP_CANCEL_BUTTON); ?>" id="turn-off-opml-upload" /></div>
593	</div>
594	</form>
595	</div> <!-- id="upload-opml" -->
596
597	<div id="add-single-uri" class="alignright">
598	+ <form id="syndicated-links" action="<?php print esc_url( $formHref ); ?>" method="post">
599	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
600	<ul class="subsubsub">
601	<li><label for="add-uri">New source:</label>

604	<?php FeedWordPressSettingsUI::magic_input_tip_js('add-uri'); FeedWordPressSettingsUI::magic_input_tip_js('opml-lookup'); ?>
605
606	<input type="hidden" name="action" value="feedfinder" />
607	+ <input type="submit" class="button-secondary" name="action" value="<?php print esc_html( FWP_SYNDICATE_NEW ); ?>" />
608	<div style="text-align: right; margin-right: 2.0em"><a id="turn-on-multiple-sources" href="#add-multiple-uri"><img style="vertical-align: middle" src="<?php print esc_url(plugins_url('down.png', __FILE__)); ?>" alt="" /> add multiple</a>
609	<span class="screen-reader-text"> or </span>
610	<a id="turn-on-opml-upload" href="#upload-opml"><img src="<?php print esc_url(plugins_url('plus.png', __FILE__)); ?>" alt="" style="vertical-align: middle" /> import source list</a></div>

623
624	</div> <!-- class="tablenav" -->
625
626	+ <form id="syndicated-links" action="<?php print esc_url( $formHref ); ?>" method="post">
627	<div><?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?></div>
628
629	<?php if ($showInactive) : ?>

651
652	function manage_page_links_subsubsub ($sources, $showInactive) {
653	$hrefPrefix = $this->admin_page_href("syndication.php");
654	+ $hrefY = sprintf( "%s&visibility=%s", $hrefPrefix, "Y" );
655	+ $hrefN = sprintf( "%s&visibility=%s", $hrefPrefix, "N" );
656	?>
657	<ul class="subsubsub">
658	+ <li><a <?php if (!$showInactive) : ?>class="current" <?php endif; ?>href="<?php print esc_url( $hrefY ); ?>">Subscribed
659	<span class="count">(<?php print count($sources['Y']); ?>)</span></a></li>
660	<?php if ($showInactive or (count($sources['N']) > 0)) : ?>
661	+ <li><a <?php if ($showInactive) : ?>class="current" <?php endif; ?>href="<?php print esc_url( $hrefN ); ?>">Inactive</a>
662	<span class="count">(<?php print count($sources['N']); ?>)</span></a></li>
663	<?php endif; ?>
664

670	?>
671	<div style="clear: left" class="alignleft">
672	<?php if ($showInactive) : ?>
673	+ <input class="button-secondary" type="submit" name="action" value="<?php print esc_attr(FWP_RESUB_CHECKED); ?>" />
674	+ <input class="button-secondary" type="submit" name="action" value="<?php print esc_attr(FWP_DELETE_CHECKED); ?>" />
675	<?php else : ?>
676	+ <input class="button-secondary" type="submit" name="action" value="<?php print esc_attr(FWP_UPDATE_CHECKED); ?>" />
677	+ <input class="button-secondary delete" type="submit" name="action" value="<?php print esc_attr(FWP_UNSUB_CHECKED); ?>" />
678	<?php endif ; ?>
679	</div> <!-- class="alignleft" -->
680

754	regular donation</a>) using an existing PayPal account or any major credit card.</p>
755
756	<div class="sod-off">
757	+ <form style="text-align: center" action="<?php print esc_url( $this->form_action() ); ?>" method="POST"><div>
758	<input class="button" type="submit" name="maybe_later" value="Maybe Later" />
759	<input class="button" type="submit" name="go_away" value="Dismiss" />
760	</div></form>

782	endif;
783
784	// Get single link ID or multiple link IDs from REQUEST parameters
785	+ // if available. Sanitize values for MySQL.
786	$link_list = $this->requested_link_ids_sql();
787
788	if (MyPHP::post('confirm')=='Delete'):

884	WHERE link_id IN ${link_list}
885	");
886	?>
887	+ <form action="<?php print esc_url( $this->form_action() ); ?>" method="post">
888	<div class="wrap">
889	<?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
890	<input type="hidden" name="action" value="Unsubscribe" />

893	<h2>Unsubscribe from Syndicated Links:</h2>
894	<?php foreach ($targets as $link) :
895	$subscribed = ('Y' == strtoupper($link->link_visible));




896	?>
897	<fieldset>
898	+ <legend><?php echo esc_html($link->link_name); ?></legend>
899	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
900	<tr><th scope="row" width="20%"><?php _e('Feed URI:') ?></th>
901	+ <td width="80%"><a href="<?php echo esc_url($link->link_rss); ?>"><?php echo esc_html($link->link_rss); ?></a></td></tr>
902	<tr><th scope="row" width="20%"><?php _e('Short description:') ?></th>
903	+ <td width="80%"><?php echo esc_html($link->link_description); ?></span></td></tr>
904	<tr><th width="20%" scope="row"><?php _e('Homepage:') ?></th>
905	+ <td width="80%"><a href="<?php echo esc_url($link->link_url); ?>"><?php echo esc_html($link->link_url); ?></a></td></tr>
906	<tr style="vertical-align:top"><th width="20%" scope="row">Subscription <?php _e('Options') ?>:</th>
907	<td width="80%"><ul style="margin:0; padding: 0; list-style: none">
908	<?php if ($subscribed) : ?>
909	+ <li><input type="radio" id="hide-<?php echo esc_attr($link->link_id); ?>"
910	+ name="link_action[<?php echo esc_attr($link->link_id); ?>]" value="hide" checked="checked" />
911	+ <label for="hide-<?php echo esc_attr($link->link_id); ?>">Turn off the subscription for this
912	syndicated link<br/><span style="font-size:smaller">(Keep the feed information
913	and all the posts from this feed in the database, but don't syndicate any
914	new posts from the feed.)</span></label></li>
915	<?php endif; ?>
916	+ <li><input type="radio" id="nuke-<?php echo esc_attr($link->link_id); ?>"<?php if (!$subscribed) : ?> checked="checked"<?php endif; ?>
917	+ name="link_action[<?php echo esc_attr($link->link_id); ?>]" value="nuke" />
918	+ <label for="nuke-<?php echo esc_attr($link->link_id); ?>">Delete this syndicated link and all the
919	posts that were syndicated from it</label></li>
920	+ <li><input type="radio" id="delete-<?php echo esc_attr($link->link_id); ?>"
921	+ name="link_action[<?php echo esc_attr($link->link_id); ?>]" value="delete" />
922	+ <label for="delete-<?php echo esc_attr($link->link_id); ?>">Delete this syndicated link, but
923	<em>keep</em> posts that were syndicated from it (as if they were authored
924	locally).</label></li>
925	+ <li><input type="radio" id="nothing-<?php echo esc_attr($link->link_id); ?>"
926	+ name="link_action[<?php echo esc_attr($link->link_id); ?>]" value="nothing" />
927	+ <label for="nothing-<?php echo esc_attr($link->link_id); ?>">Keep this feed as it is. I changed
928	my mind.</label></li>
929	</ul>
930	</table>

1003	WHERE link_id IN ${link_list}
1004	");
1005	?>
1006	+ <form action="<?php print esc_url( $this->form_action() ); ?>" method="post">
1007	<div class="wrap">
1008	<?php FeedWordPressCompatibility::stamp_nonce('feedwordpress_feeds'); ?>
1009	+ <input type="hidden" name="action" value="<?php print esc_attr( FWP_RESUB_CHECKED ); ?>" />
1010	<input type="hidden" name="confirm" value="Undelete" />
1011
1012	<h2>Re-subscribe to Syndicated Links:</h2>
1013	<?php
1014	foreach ($targets as $link) :
1015	$subscribed = ('Y' == strtoupper($link->link_visible));




1016
1017	if (!$subscribed) :
1018	?>
1019	<fieldset>
1020	+ <legend><?php echo esc_html($link->link_name); ?></legend>
1021	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
1022	<tr><th scope="row" width="20%"><?php _e('Feed URI:') ?></th>
1023	+ <td width="80%"><a href="<?php echo esc_url($link->link_rss); ?>"><?php echo esc_html($link->link_rss); ?></a></td></tr>
1024	<tr><th scope="row" width="20%"><?php _e('Short description:') ?></th>
1025	+ <td width="80%"><?php echo esc_html($link->link_description); ?></span></td></tr>
1026	<tr><th width="20%" scope="row"><?php _e('Homepage:') ?></th>
1027	+ <td width="80%"><a href="<?php echo esc_url($link->link_url); ?>"><?php echo esc_html($link->link_url); ?></a></td></tr>
1028	<tr style="vertical-align:top"><th width="20%" scope="row">Subscription <?php _e('Options') ?>:</th>
1029	<td width="80%"><ul style="margin:0; padding: 0; list-style: none">
1030	+ <li><input type="radio" id="unhide-<?php echo esc_attr($link->link_id); ?>"
1031	+ name="link_action[<?php echo esc_attr($link->link_id); ?>]" value="unhide" checked="checked" />
1032	+ <label for="unhide-<?php echo esc_attr($link->link_id); ?>">Turn back on the subscription
1033	for this syndication source.</label></li>
1034	+ <li><input type="radio" id="nothing-<?php echo esc_attr($link->link_id); ?>"
1035	+ name="link_action[<?php echo esc_attr($link->link_id); ?>]" value="nothing" />
1036	+ <label for="nothing-<?php echo esc_attr($link->link_id); ?>">Leave this feed as it is.
1037	I changed my mind.</label></li>
1038	</ul>
1039	</table>

1137	?>
1138
1139	<form
1140	+ action="<?php print esc_url( $object->form_action() ); ?>"
1141	method="POST"
1142	class="update-form<?php if ($bleg_box_ready) : ?> with-donation<?php endif; ?>"
1143	>

1152	<p class="heads-up"><strong>Note:</strong> Automatic updates are currently turned
1153	<strong>off</strong>. New posts from your feeds will not be syndicated
1154	until you manually check for them here. You can turn on automatic
1155	+ updates under <a href="<?php print esc_url( $object->admin_page_href('feeds-page.php') ); ?>">Feed & Update Settings<a></a>.</p>
1156	<?php
1157	endif;
1158	?>

1200	$link_id = FeedWordPress::syndicate_link($fwp_post['feed_title'], $fwp_post['feed_link'], $fwp_post['feed']);
1201	if ($link_id):
1202	$existingLink = new SyndicatedLink($link_id);
1203	+ $adminPageHref = $this->admin_page_href('feeds-page.php', array( "link_id" => $link_id ));
1204	?>
1205	+ <div class="updated"><p><a href="<?php print esc_url($fwp_post['feed_link']); ?>"><?php print esc_html($fwp_post['feed_title']); ?></a>
1206	has been added as a contributing site, using the feed at
1207	+ <<a href="<?php print esc_url($fwp_post['feed']); ?>"><?php print esc_html($fwp_post['feed']); ?></a>>.
1208	+ \| <a href="<?php print esc_url( $adminPageHref ); ?>">Configure settings</a>.</p></div>
1209	<?php else: ?>
1210	<div class="updated"><p>There was a problem adding the feed. [SQL: <?php echo esc_html($wpdb->last_error); ?>]</p></div>
1211	<?php endif;

posts-page.php CHANGED Viewed

	@@ -92,10 +92,16 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
92	endif;
93
94	update_option('feedwordpress_custom_settings', serialize($custom_settings));
95	-
96	- ~~update_option~~(~~'feedwordpress_munge_permalink',~~ $_REQUEST['munge_permalink']);
97	- ~~update_option~~(~~'feedwordpress_use_aggregator_source_data',~~ $_REQUEST['use_aggregator_source_data']);
98	- ~~update_option~~(~~'feedwordpress_formatting_filters',~~ $_REQUEST['formatting_filters']);






99
100	if (isset($post['resolve_relative'])) :
101	update_option('feedwordpress_resolve_relative', $post['resolve_relative']);
	@@ -103,13 +109,14 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
103	if (isset($post['munge_comments_feed_links'])) :
104	update_option('feedwordpress_munge_comments_feed_links', $post['munge_comments_feed_links']);
105	endif;
106	- ~~if (isset($_REQUEST['feed_comment_status']) and ($_REQUEST['feed_comment_status'] == 'open')) :~~

107	update_option('feedwordpress_syndicated_comment_status', 'open');
108	else :
109	update_option('feedwordpress_syndicated_comment_status', 'closed');
110	endif;
111
112	- if (~~isset($_REQUEST['feed_ping_status'])~~ ~~and (~~$~~_REQUEST['feed_ping_status']~~ == 'open')) :
113	update_option('feedwordpress_syndicated_ping_status', 'open');
114	else :
115	update_option('feedwordpress_syndicated_ping_status', 'closed');
	@@ -235,7 +242,7 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
235	<?php endif; ?>
236
237	<tr><th scope="row">Relative URIs:</th>
238	- <td><p>If link or image in a syndicated post from <code><?php print $url; ?></code>
239	refers to a partial URI like <code>/about</code>, where should
240	the syndicated copy point to?</p>
241
	@@ -374,7 +381,7 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
374	<table class="edit-form narrow">
375	<?php foreach ($whatsits as $what => $how) : ?>
376
377	- <tr><th scope="row"><?php print $how['label']; ?>:</th>
378	<td><?php
379	$this->setting_radio_control(
380	"$what status", "syndicated_${what}_status",
	@@ -386,7 +393,7 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
386
387	<tr><th scope="row"><?php _e('Comment feeds'); ?></th>
388	<td><p>When WordPress feeds and templates link to comments
389	- feeds for <?php print $page->these_posts_phrase(); ?>, the
390	URLs for the feeds should...</p>
391	<?php
392	$this->setting_radio_control(
	@@ -449,11 +456,11 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
449	foreach ($custom_settings as $key => $value) :
450	?>
451	<tr style="vertical-align:top">
452	- <th width="30%" scope="row"><input type="hidden" name="notes[<?php echo $i; ?>][key0]" value="<?php echo esc_html($key); ?>" />
453	- <input id="notes-<?php echo $i; ?>-key" name="notes[<?php echo $i; ?>][key1]" value="<?php echo esc_html($key); ?>" /></th>
454	- <td width="60%"><textarea rows="2" cols="40" id="notes-<?php echo $i; ?>-value" name="notes[<?php echo $i; ?>][value]"><?php echo esc_html($value); ?></textarea>
455	- <?php print sprintf($testerButton, $i); ?></td>
456	- <td width="10%"><select name="notes[<?php echo $i; ?>][action]">
457	<option value="update">save changes</option>
458	<option value="delete">delete this setting</option>
459	</select></td>
	@@ -465,15 +472,15 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
465	?>
466
467	<tr style="vertical-align: top">
468	- <th scope="row"><input type="text" size="10" name="notes[<?php echo $i; ?>][key1]" value="" /></th>
469	- <td><textarea name="notes[<?php echo $i; ?>][value]" rows="2" cols="40"></textarea><?php print sprintf($testerButton, $i); ?>
470	<p>Enter a text value, or a path to a data element from the syndicated item.<br/>
471	For data elements, you can use an XPath-like syntax wrapped in <code>$( ... )</code>.<br/>
472	<code>hello</code> = the text value <code><span style="background-color: #30FFA0;">hello</span></code><br/>
473	<code>$(author/email)</code> = the contents of <code><author><email><span style="background-color: #30FFA0">...</span></email></author></code><br/>
474	<code>$(media:content/@url)</code> = the contents of <code><media:content url="<span style="background-color: #30FFA0">...</span>">...</media:content></code></p>
475	</td>
476	- <td><em>add new setting...</em><input type="hidden" name="notes[<?php echo $i; ?>][action]" value="update" /></td>
477	</tr>
478	</table>
479	</div> <!-- id="postcustomstuff" -->
	@@ -625,15 +632,15 @@ class FeedWordPressPostsPage extends FeedWordPressAdminPage {
625	$line['class'][] = 'boilerplate-li';
626	?>
627
628	- <li id="boilerplate-<?php print $index; ?>-li" class="<?php print implode(' ', $line['class']); ?>">» <strong>Add</strong> <select id="boilerplate-<?php print $index; ?>-placement" name="boilerplate[<?php print $index; ?>][placement]" style="width: 8.0em">
629	<option value="before"<?php print $selected['before']; ?>>before</option>
630	<option value="after"<?php print $selected['after']; ?>>after</option>
631	- </select> the <select style="width: 8.0em" id="boilerplate-<?php print $index; ?>-element" name="boilerplate[<?php print $index; ?>][element]">
632	<option value="title"<?php print $selected['title']; ?>>title</option>
633	<option value="post"<?php print $selected['post']; ?>>content</option>
634	<option value="excerpt"<?php print $selected['excerpt']; ?>>excerpt</option>
635	</select> of
636	- <?php print $syndicatedPosts; ?>: <textarea style="vertical-align: top; width: 40%;" rows="2" cols="30" class="boilerplate-template" id="boilerplate-<?php print $index; ?>-template" name="boilerplate[<?php print $index; ?>][template]"><?php print ~~htmlspecialchars~~($line['template']); ?></textarea></li>
637	<?php
638	endif;
639	endforeach;


92	endif;
93
94	update_option('feedwordpress_custom_settings', serialize($custom_settings));
95	+
96	+ $sMungePermalink = sanitize_text_field($_REQUEST['munge_permalink']);
97	+ $sUseAggregatorSourceData = sanitize_text_field($_REQUEST['use_aggregator_source_data']);
98	+ $sFormattingFilters = sanitize_text_field($_REQUEST['formatting_filters']);
99	+ $sFeedCommentStatus = (isset($_REQUEST['feed_comment_status']) ? sanitize_text_field($_REQUEST['feed_comment_status']) : '');
100	+ $sFeedPingStatus = (isset($_REQUEST['feed_ping_status']) ? sanitize_text_field($_REQUEST['feed_ping_status']) : '');
101	+
102	+ update_option('feedwordpress_munge_permalink', $sMungePermalink);
103	+ update_option('feedwordpress_use_aggregator_source_data', $sUseAggregatorSourceData);
104	+ update_option('feedwordpress_formatting_filters', $sFormattingFilters);
105
106	if (isset($post['resolve_relative'])) :
107	update_option('feedwordpress_resolve_relative', $post['resolve_relative']);

109	if (isset($post['munge_comments_feed_links'])) :
110	update_option('feedwordpress_munge_comments_feed_links', $post['munge_comments_feed_links']);
111	endif;
112	+
113	+ if ( $sFeedCommentStatus == 'open' ) :
114	update_option('feedwordpress_syndicated_comment_status', 'open');
115	else :
116	update_option('feedwordpress_syndicated_comment_status', 'closed');
117	endif;
118
119	+ if ( $sFeedPingStatus == 'open' ) :
120	update_option('feedwordpress_syndicated_ping_status', 'open');
121	else :
122	update_option('feedwordpress_syndicated_ping_status', 'closed');

242	<?php endif; ?>
243
244	<tr><th scope="row">Relative URIs:</th>
245	+ <td><p>If link or image in a syndicated post from <code><?php print esc_html($url); ?></code>
246	refers to a partial URI like <code>/about</code>, where should
247	the syndicated copy point to?</p>
248

381	<table class="edit-form narrow">
382	<?php foreach ($whatsits as $what => $how) : ?>
383
384	+ <tr><th scope="row"><?php print esc_html($how['label']); ?>:</th>
385	<td><?php
386	$this->setting_radio_control(
387	"$what status", "syndicated_${what}_status",

393
394	<tr><th scope="row"><?php _e('Comment feeds'); ?></th>
395	<td><p>When WordPress feeds and templates link to comments
396	+ feeds for <?php print esc_html($page->these_posts_phrase()); ?>, the
397	URLs for the feeds should...</p>
398	<?php
399	$this->setting_radio_control(

456	foreach ($custom_settings as $key => $value) :
457	?>
458	<tr style="vertical-align:top">
459	+ <th width="30%" scope="row"><input type="hidden" name="notes[<?php echo esc_attr($i); ?>][key0]" value="<?php echo esc_html($key); ?>" />
460	+ <input id="notes-<?php echo $i; ?>-key" name="notes[<?php echo esc_attr($i); ?>][key1]" value="<?php echo esc_html($key); ?>" /></th>
461	+ <td width="60%"><textarea rows="2" cols="40" id="notes-<?php echo esc_attr($i); ?>-value" name="notes[<?php echo esc_attr($i); ?>][value]"><?php echo esc_html($value); ?></textarea>
462	+ <?php print sprintf($testerButton, esc_attr($i) ); ?></td>
463	+ <td width="10%"><select name="notes[<?php echo esc_attr($i); ?>][action]">
464	<option value="update">save changes</option>
465	<option value="delete">delete this setting</option>
466	</select></td>

472	?>
473
474	<tr style="vertical-align: top">
475	+ <th scope="row"><input type="text" size="10" name="notes[<?php echo esc_attr($i); ?>][key1]" value="" /></th>
476	+ <td><textarea name="notes[<?php echo esc_attr($i); ?>][value]" rows="2" cols="40"></textarea><?php print sprintf($testerButton, esc_attr($i)); ?>
477	<p>Enter a text value, or a path to a data element from the syndicated item.<br/>
478	For data elements, you can use an XPath-like syntax wrapped in <code>$( ... )</code>.<br/>
479	<code>hello</code> = the text value <code><span style="background-color: #30FFA0;">hello</span></code><br/>
480	<code>$(author/email)</code> = the contents of <code><author><email><span style="background-color: #30FFA0">...</span></email></author></code><br/>
481	<code>$(media:content/@url)</code> = the contents of <code><media:content url="<span style="background-color: #30FFA0">...</span>">...</media:content></code></p>
482	</td>
483	+ <td><em>add new setting...</em><input type="hidden" name="notes[<?php echo esc_attr($i); ?>][action]" value="update" /></td>
484	</tr>
485	</table>
486	</div> <!-- id="postcustomstuff" -->

632	$line['class'][] = 'boilerplate-li';
633	?>
634
635	+ <li id="boilerplate-<?php print esc_attr($index); ?>-li" class="<?php print esc_attr(implode(' ', $line['class'])); ?>">» <strong>Add</strong> <select id="boilerplate-<?php print esc_attr($index); ?>-placement" name="boilerplate[<?php print esc_attr($index); ?>][placement]" style="width: 8.0em">
636	<option value="before"<?php print $selected['before']; ?>>before</option>
637	<option value="after"<?php print $selected['after']; ?>>after</option>
638	+ </select> the <select style="width: 8.0em" id="boilerplate-<?php print esc_attr($index); ?>-element" name="boilerplate[<?php print esc_attr($index); ?>][element]">
639	<option value="title"<?php print $selected['title']; ?>>title</option>
640	<option value="post"<?php print $selected['post']; ?>>content</option>
641	<option value="excerpt"<?php print $selected['excerpt']; ?>>excerpt</option>
642	</select> of
643	+ <?php print esc_html($syndicatedPosts); ?>: <textarea style="vertical-align: top; width: 40%;" rows="2" cols="30" class="boilerplate-template" id="boilerplate-<?php print esc_attr($index); ?>-template" name="boilerplate[<?php print esc_attr($index); ?>][template]"><?php print esc_html($line['template']); ?></textarea></li>
644	<?php
645	endif;
646	endforeach;

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://feedwordpress.radgeek.com/donate/
4	Tags: syndication, aggregation, feed, atom, rss
5	Requires at least: 4.5
6	Tested up to: 5.9
7	- Stable tag: 2022.~~0123~~
8	License: GPLv2 or later
9	License URI: https://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -65,6 +65,10 @@ FeedWordPress has many options which can be accessed through the WordPress Dashb
65
66	== Changelog ==
67




68	= 2022.0123 =
69
70	* IMPORTANT SECURITY FIX: This version includes an important fix for a security vulnerability reported to me through WPScan and WordPress support channels.


4	Tags: syndication, aggregation, feed, atom, rss
5	Requires at least: 4.5
6	Tested up to: 5.9
7	+ Stable tag: 2022.0203
8	License: GPLv2 or later
9	License URI: https://www.gnu.org/licenses/gpl-2.0.html
10

65
66	== Changelog ==
67
68	+ = 2022.0203 =
69	+
70	+ * ADDITIONAL CODE CLEANUP: This version does some additional code clean-up to remove some obsolete methods of generating output, and to do a better job of sanitizing input and escaping output in the FeedWordPress administrative dashboard.
71	+
72	= 2022.0123 =
73
74	* IMPORTANT SECURITY FIX: This version includes an important fix for a security vulnerability reported to me through WPScan and WordPress support channels.