FV Flowplayer Video Player - Version 7.3.15.727

Version Description

  • 2019/05/16 =

  • Security - fix for SQL injection vulnerability in email subscription

  • Security - fix for email subscription CSV export capability available to guest users

Download this release

Release Info

Developer FolioVision
Plugin Icon 128x128 FV Flowplayer Video Player
Version 7.3.15.727
Comparing to
See all releases

Code changes from version 7.3.13.727 to 7.3.15.727

controller/editor.php CHANGED
File without changes
controller/frontend.php CHANGED
File without changes
controller/shortcodes.php CHANGED
File without changes
css/flowplayer.css CHANGED
@@ -341,6 +341,7 @@
341
font-size: 16px;
342
position: relative;
343
max-height: 100%;
344
border-radius: .24em;
345
background-position: center;
346
background-repeat: no-repeat;
341
font-size: 16px;
342
position: relative;
343
max-height: 100%;
344
+ overflow: visible;
345
border-radius: .24em;
346
background-position: center;
347
background-repeat: no-repeat;
css/img/flowplayer.png CHANGED
File without changes
css/img/no_play_white-x2.png CHANGED
File without changes
css/img/no_play_white.png CHANGED
File without changes
flowplayer.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: FV Player
4
Plugin URI: http://foliovision.com/wordpress/plugins/fv-wordpress-flowplayer
5
Description: Formerly FV WordPress Flowplayer. Supports MP4, HLS, MPEG-DASH, WebM and OGV. Advanced features such as overlay ads or popups. Uses Flowplayer 7.2.7.
6
- Version: 7.3.13.727
7
Author URI: http://foliovision.com/
8
License: GPL-3.0
9
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -27,7 +27,7 @@ License URI: http://www.gnu.org/licenses/gpl-3.0.txt
27
*/
28
29
global $fv_wp_flowplayer_ver;
30
- $fv_wp_flowplayer_ver = '7.3.13.727';
31
$fv_wp_flowplayer_core_ver = '7.2.7.1';
32
33
include_once( dirname( __FILE__ ) . '/includes/extra-functions.php' );
3
Plugin Name: FV Player
4
Plugin URI: http://foliovision.com/wordpress/plugins/fv-wordpress-flowplayer
5
Description: Formerly FV WordPress Flowplayer. Supports MP4, HLS, MPEG-DASH, WebM and OGV. Advanced features such as overlay ads or popups. Uses Flowplayer 7.2.7.
6
+ Version: 7.3.15.727
7
Author URI: http://foliovision.com/
8
License: GPL-3.0
9
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
27
*/
28
29
global $fv_wp_flowplayer_ver;
30
+ $fv_wp_flowplayer_ver = '7.3.15.727';
31
$fv_wp_flowplayer_core_ver = '7.2.7.1';
32
33
include_once( dirname( __FILE__ ) . '/includes/extra-functions.php' );
flowplayer/fv-flowplayer.min.js CHANGED
File without changes
js/shortcode-editor.js CHANGED
File without changes
models/checker.php CHANGED
File without changes
models/custom-videos.php CHANGED
File without changes
models/email-subscription.php CHANGED
@@ -506,9 +506,8 @@ class FV_Player_Email_Subscription {
506
$result['text'] = __('Malformed Email Address.', 'fv-wordpress-flowplayer');
507
die(json_encode($result));
508
};
509
-
510
- $count = $wpdb->get_var('SELECT COUNT(*) FROM ' . $wpdb->prefix . 'fv_player_emails WHERE email="' . addslashes($data['email']) . '" AND id_list = "'. addslashes($list_id) .'"' );
511
-
512
513
if(intval($count) === 0){
514
$wpdb->insert($table_name, array(
@@ -550,6 +549,8 @@ class FV_Player_Email_Subscription {
550
}
551
552
function csv_export(){
553
$list_id = $_GET['fv-email-export'];
554
$aLists = get_option('fv_player_email_lists');
555
$list = $aLists[$list_id];
@@ -625,7 +626,7 @@ class FV_Player_Email_Subscription {
625
$item = $tmp['title'];
626
}
627
}
628
- echo '<td>' . $item . '</td>';
629
}
630
echo '</tr>';
631
}
506
$result['text'] = __('Malformed Email Address.', 'fv-wordpress-flowplayer');
507
die(json_encode($result));
508
};
509
+
510
+ $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM ".$wpdb->prefix."fv_player_emails WHERE email = %s AND id_list = %s", strip_tags($data['email']), intval($list_id) ) );
511
512
if(intval($count) === 0){
513
$wpdb->insert($table_name, array(
549
}
550
551
function csv_export(){
552
+ if( !current_user_can('manage_options') ) return;
553
+
554
$list_id = $_GET['fv-email-export'];
555
$aLists = get_option('fv_player_email_lists');
556
$list = $aLists[$list_id];
626
$item = $tmp['title'];
627
}
628
}
629
+ echo '<td>' . strip_tags($item) . '</td>';
630
}
631
echo '</tr>';
632
}
models/flowplayer-frontend.php CHANGED
File without changes
models/flowplayer.php CHANGED
@@ -1165,7 +1165,7 @@ class flowplayer extends FV_Wordpress_Flowplayer_Plugin_Private {
1165
$sURL = FV_FP_RELATIVE_PATH.'/css/flowplayer.css';
1166
$sVer = $fv_wp_flowplayer_ver;
1167
1168
- if( apply_filters('fv_flowplayer_css_writeout', true ) && $this->_get_option($this->css_option()) ) {
1169
if( @file_exists($this->css_path()) ) {
1170
$sURL = $this->css_path('url');
1171
$sVer = $this->_get_option($this->css_option());
@@ -1192,7 +1192,7 @@ class flowplayer extends FV_Wordpress_Flowplayer_Plugin_Private {
1192
}
1193
1194
if( $this->bCSSInline ) {
1195
- add_action( 'wp_head', array( $this, 'css_generate' ) );
1196
add_action( 'admin_head', array( $this, 'css_generate' ) );
1197
}
1198
@@ -1744,7 +1744,12 @@ class flowplayer extends FV_Wordpress_Flowplayer_Plugin_Private {
1744
1745
1746
public function get_playlist_class($aCaptions) {
1747
- $sPlaylistClass = 'fv-playlist-design-'.$this->_get_option('playlist-design');
1748
1749
if( isset($this->aCurArgs['liststyle']) && in_array($this->aCurArgs['liststyle'], array('horizontal','slider') ) ) {
1750
$sPlaylistClass .= ' fp-playlist-horizontal';
@@ -1809,16 +1814,20 @@ class flowplayer extends FV_Wordpress_Flowplayer_Plugin_Private {
1809
}
1810
if( strpos($media,'http://') !== 0 && strpos($media,'https://') !== 0 && strpos($media,'//') !== 0 ) {
1811
$http = is_ssl() ? 'https://' : 'http://';
1812
// strip the first / from $media
1813
if($media[0]=='/') $media = substr($media, 1);
1814
if((dirname($_SERVER['PHP_SELF'])!='/')&&(file_exists($_SERVER['DOCUMENT_ROOT'].dirname($_SERVER['PHP_SELF']).VIDEO_DIR.$media))){ //if the site does not live in the document root
1815
- $media = $http.$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']).VIDEO_DIR.$media;
1816
}
1817
else if(file_exists($_SERVER['DOCUMENT_ROOT'].VIDEO_DIR.$media)){ // if the videos folder is in the root
1818
- $media = $http.$_SERVER['SERVER_NAME'].VIDEO_DIR.$media;//VIDEO_PATH.$media;
1819
}
1820
else{ // if the videos are not in the videos directory but they are adressed relatively
1821
- $media_path = str_replace('//','/',$_SERVER['SERVER_NAME'].'/'.$media);
1822
$media = $http.$media_path;
1823
}
1824
}
1165
$sURL = FV_FP_RELATIVE_PATH.'/css/flowplayer.css';
1166
$sVer = $fv_wp_flowplayer_ver;
1167
1168
+ if( !$this->_get_option('css_disable') && $this->_get_option($this->css_option()) ) {
1169
if( @file_exists($this->css_path()) ) {
1170
$sURL = $this->css_path('url');
1171
$sVer = $this->_get_option($this->css_option());
1192
}
1193
1194
if( $this->bCSSInline ) {
1195
+ add_action( did_action('wp_footer') ? 'wp_footer' : 'wp_head', array( $this, 'css_generate' ) );
1196
add_action( 'admin_head', array( $this, 'css_generate' ) );
1197
}
1198
1744
1745
1746
public function get_playlist_class($aCaptions) {
1747
+ $sPlaylistClass = 'fv-playlist-design-';
1748
+ if( !empty($this->aCurArgs['listdesign']) ) {
1749
+ $sPlaylistClass .= $this->aCurArgs['listdesign'];
1750
+ } else {
1751
+ $sPlaylistClass .= $this->_get_option('playlist-design');
1752
+ }
1753
1754
if( isset($this->aCurArgs['liststyle']) && in_array($this->aCurArgs['liststyle'], array('horizontal','slider') ) ) {
1755
$sPlaylistClass .= ' fp-playlist-horizontal';
1814
}
1815
if( strpos($media,'http://') !== 0 && strpos($media,'https://') !== 0 && strpos($media,'//') !== 0 ) {
1816
$http = is_ssl() ? 'https://' : 'http://';
1817
+ $server = $_SERVER['SERVER_NAME'];
1818
+ if( !empty($_SERVER['SERVER_PORT']) && intval($_SERVER['SERVER_PORT']) != 80 ) {
1819
+ $server .= ':'.$_SERVER['SERVER_PORT'];
1820
+ }
1821
// strip the first / from $media
1822
if($media[0]=='/') $media = substr($media, 1);
1823
if((dirname($_SERVER['PHP_SELF'])!='/')&&(file_exists($_SERVER['DOCUMENT_ROOT'].dirname($_SERVER['PHP_SELF']).VIDEO_DIR.$media))){ //if the site does not live in the document root
1824
+ $media = $http.$server.dirname($_SERVER['PHP_SELF']).VIDEO_DIR.$media;
1825
}
1826
else if(file_exists($_SERVER['DOCUMENT_ROOT'].VIDEO_DIR.$media)){ // if the videos folder is in the root
1827
+ $media = $http.$server.VIDEO_DIR.$media;//VIDEO_PATH.$media;
1828
}
1829
else{ // if the videos are not in the videos directory but they are adressed relatively
1830
+ $media_path = str_replace('//','/',$server.'/'.$media);
1831
$media = $http.$media_path;
1832
}
1833
}
models/system-info.php CHANGED
@@ -87,7 +87,7 @@ Host: <?php echo $host . "\n"; ?>
87
Browser: <?php echo isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'none'; ?>
88
89
PHP Version: <?php echo PHP_VERSION . "\n"; ?>
90
- MySQL Version: <?php $connection = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); echo mysqli_get_server_info($connection) . "\n"; ?>
91
Web Server Info: <?php echo $_SERVER['SERVER_SOFTWARE'] . "\n"; ?>
92
93
WordPress Memory Limit: <?php echo WP_MEMORY_LIMIT."\n"; ?>
@@ -190,7 +190,6 @@ print_r( $conf );
190
DATABASE
191
192
<?php
193
- global $wpdb;
194
foreach( array( 'fv_player_players', 'fv_player_playermeta', 'fv_player_videos', 'fv_player_videometa' ) AS $table) {
195
$found = false;
196
$table_name = $wpdb->prefix.$table;
87
Browser: <?php echo isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'none'; ?>
88
89
PHP Version: <?php echo PHP_VERSION . "\n"; ?>
90
+ MySQL Version: <?php echo $wpdb->db_version() . "\n"; ?>
91
Web Server Info: <?php echo $_SERVER['SERVER_SOFTWARE'] . "\n"; ?>
92
93
WordPress Memory Limit: <?php echo WP_MEMORY_LIMIT."\n"; ?>
190
DATABASE
191
192
<?php
193
foreach( array( 'fv_player_players', 'fv_player_playermeta', 'fv_player_videos', 'fv_player_videometa' ) AS $table) {
194
$found = false;
195
$table_name = $wpdb->prefix.$table;
readme.txt CHANGED
@@ -357,6 +357,17 @@ Thank you for being part of the HMTL 5 mobile video revolution!
357
358
== Changelog ==
359
360
= 7.3.13.727 - 2019/04/30 =
361
362
* Ad codes - sensing size of the Google AdSense ad unit, allowing the ad to expand from the player container for maximum ad revenue
357
358
== Changelog ==
359
360
+ = 7.3.15.727 - 2019/05/16 =
361
+
362
+ * Security - fix for SQL injection vulnerability in email subscription
363
+ * Security - fix for email subscription CSV export capability available to guest users
364
+
365
+ = 7.3.14.727 - 2019/05/14 =
366
+
367
+ * Security - fix for XSS vulnerability in email subscription
368
+ * Audio player - loading indiciator fix
369
+ * CSS - removing old unused web fonts and graphics
370
+
371
= 7.3.13.727 - 2019/04/30 =
372
373
* Ad codes - sensing size of the Google AdSense ad unit, allowing the ad to expand from the player container for maximum ad revenue