Instagram Gallery - Version 2.4.8

Version Description

  • Fix. nonce validation added to qligg_dismiss_notice ajax action
  • Fix. nonce validation added to qligg_form_item_delete ajax action
  • Fix. current_user_can validation added to all ajax actions
  • Fix. scape data output in admin backend added
Download this release

Release Info

Developer quadlayers
Plugin Icon 128x128 Instagram Gallery
Version 2.4.8
Comparing to
See all releases

Code changes from version 2.4.7 to 2.4.8

Files changed (8) hide show
  1. assets/js/qligg-admin.js +2 -1
  2. assets/js/qligg-admin.min.js +1 -1
  3. includes/ajax.php +144 -116
  4. includes/pages/views/edit.php +3 -3
  5. includes/pages/views/list.php +1 -1
  6. includes/widget.php +1 -1
  7. insta-gallery.php +11 -6
  8. readme.txt +7 -1
assets/js/qligg-admin.js CHANGED
@@ -457,7 +457,8 @@
457
  type: 'post',
458
  data: {
459
  action: 'qligg_form_item_delete',
460
- item_id: $item.data('item_id')
 
461
  },
462
  beforeSend: function () {
463
  $spinner.addClass('is-active');
457
  type: 'post',
458
  data: {
459
  action: 'qligg_form_item_delete',
460
+ item_id: $item.data('item_id'),
461
+ ig_nonce: $item.data('item_nonce'),
462
  },
463
  beforeSend: function () {
464
  $spinner.addClass('is-active');
assets/js/qligg-admin.min.js CHANGED
@@ -1 +1 @@
1
- (function(c){c.fn.serializeArrayAll=function(){var g={};var f=this.serializeArray();c.each(f,function(){if(g[this.name]!==undefined){if(!g[this.name].push){g[this.name]=[g[this.name]]}g[this.name].push(this.value||"")}else{g[this.name]=this.value||""}});var e=c("input[type=radio],input[type=checkbox]",this);c.each(e,function(){if(!g.hasOwnProperty(this.name)){g[this.name]=""}});return g};c(".ig-list-images > li").on("click",function(f){c(this).addClass("active");c(this).siblings().removeClass("active");c(this).find("input[type=radio]").prop("checked",true).trigger("change");c(this).siblings().find("input[type=radio]").prop("checked",false)});c("input[name=insta_source]").on("change",function(f){if(this.value=="username"){c("#ig-select-tag-wrap").hide(500,function(g){c("#ig-select-username-wrap").show().addClass("active")}).removeClass("active")}else{c("#ig-select-username-wrap").hide(500,function(g){c("#ig-select-tag-wrap").show().addClass("active")}).removeClass("active")}});c("input[name=insta_box]").on("change",function(f){if(this.checked){c("#ig-section-box").show("slow").addClass("active")}else{c("#ig-section-box").hide("slow").removeClass("active")}});c("input[name=insta_layout]").on("change",function(f){if(this.value=="carousel"){c("#ig-section-gallery, #ig-section-masonry").hide(500,function(g){c("#ig-section-carousel").show().addClass("active")}).removeClass("active")}else{if(this.value=="gallery"){c("#ig-section-carousel, #ig-section-masonry").hide(500,function(g){c("#ig-section-gallery").show().addClass("active")}).removeClass("active")}else{c("#ig-section-carousel").hide(500,function(g){c("#ig-section-masonry").show().addClass("active");c("#ig-section-gallery").show().addClass("active")}).removeClass("active")}}});c("input[name=insta_button]").on("change",function(f){if(this.checked){c("#ig-section-button").show("slow").addClass("active")}else{c("#ig-section-button").hide("slow").removeClass("active")}});c("input[name=insta_button_load]").on("change",function(f){if(this.checked){c("#ig-section-button_load").show("slow").addClass("active")}else{c("#ig-section-button_load").hide("slow").removeClass("active")}});c("input[name=insta_hover]").on("change",function(f){if(this.checked){c("#ig-section-hover").show("slow").addClass("active")}else{c("#ig-section-hover").hide("slow").removeClass("active")}});c("input[name=insta_popup]").on("change",function(f){if(this.checked){c("#ig-section-popup").show("slow").addClass("active")}else{c("#ig-section-popup").hide("slow").removeClass("active")}});c("input[name=insta_card]").on("change",function(f){if(this.checked){c("#ig-section-card").show("slow").addClass("active")}else{c("#ig-section-card").hide("slow").removeClass("active")}});function b(f){if(f){if(!c("#ig-save-settings .insta-gallery-spinner img").length){var e='<img src="'+f+'" class="ig-spin" />';c("#ig-save-settings .insta-gallery-spinner").append(e)}else{c("#ig-save-settings .insta-gallery-spinner img").attr("src",f)}c("#ig-save-settings .insta-gallery-spinner .ig-spin").hide();c("#ig-save-settings .insta-gallery-spinner img").show()}else{c("#ig-save-settings .insta-gallery-spinner .ig-spin").show();c("#ig-save-settings .insta-gallery-spinner img").remove()}}var d=c("input[name=insta_spinner_image_id]"),a=c("#ig-spinner-reset");c("#ig-save-settings").on("submit",function(h){h.preventDefault();var f=c(this),g=f.find(".spinner");c.ajax({url:ajaxurl,type:"post",dataType:"JSON",data:c.param(f.serializeArrayAll())+"&"+c.param({action:"qligg_save_settings"}),beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){window.location.reload()}},complete:function(){g.removeClass("is-active")},error:function(e,i){console.log(i)}})});a.click(function(){d.val("");b();c(this).hide()});if(d.val()==""){a.hide()}if(d.data("misrc")!=""){b(d.data("misrc"))}c("#ig-spinner-upload").click(function(g){g.preventDefault();var f;if(f){f.open()}f=wp.media({title:"Select Media",multiple:false,library:{type:"image",}});f.on("close",function(){var k=f.state().get("selection");if(k.length){var e=new Array();var h=0,l;k.each(function(i){e[h]=i.id;l=i.attributes.url;h++});var j=e.join(",");d.val(j);b(l)}if(d.val()==""){a.hide()}else{a.show()}});f.on("open",function(){var h=f.state().get("selection");var e=d.val().split(",");e.forEach(function(i){attachment=wp.media.attachment(i);attachment.fetch();h.add(attachment?[attachment]:[])})});f.open()});c(document).on("click","[data-qligg-toggle]",function(f){f.preventDefault();c(c(this).data("qligg-toggle")).slideToggle()});c(document).on("click","[data-qligg-copy]",function(f){f.preventDefault();c(c(this).data("qligg-copy")).select();document.execCommand("copy")});c("#ig-remove-data").on("click",function(g){var f=c(this).is(":checked");if(f){var h=confirm(qligg.remove_data);if(!h){return false}}});c(document).on("ready",function(i){var h=window.location.hash,j=h.substring(14);if(j.length>40){var g=c("#ig-generate-token").find(".btn-instagram"),f=c("#ig-generate-token").find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_generate_token",ig_access_token:j,ig_nonce:qligg.nonce},beforeSend:function(){g.css({opacity:".5","pointer-events":"none"});f.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.reload()},300)}else{alert(e.data)}},complete:function(){g.removeAttr("style");f.removeClass("is-active");window.location.hash="";window.location.href.split("#")[0]},error:function(e,k){console.log(k)}})}});c("#ig-update-token").on("submit",function(h){h.preventDefault();var f=c(this),g=f.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_generate_token",ig_access_token:f.find("input[name=ig_access_token]").val(),ig_nonce:qligg.nonce},beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.reload()},300)}else{alert(e.data)}},complete:function(){g.removeClass("is-active")},error:function(e,i){console.log(i)},})});c(".ig-remove-token").on("click",function(i){i.preventDefault();var j=confirm(qligg.remove_token);if(!j){return false}var f=c(this),h=f.closest("tr"),g=h.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_remove_token",item_id:f.data("item_id"),ig_nonce:qligg.nonce},beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){h.fadeOut();setTimeout(function(){window.location.reload()},300)}else{alert(e.data)}},complete:function(){g.removeClass("is-active")},error:function(e,k){console.log(k)}})});c("#ig-update-form").on("submit",function(h){h.preventDefault();var f=c(this),g=f.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:c.param(f.serializeArrayAll())+"&"+c.param({action:"qligg_update_form"}),beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.href=e.data},300)}else{alert(e.data)}},complete:function(){g.removeClass("is-active")},error:function(e,i){console.log(i)},})});c(".ig-form-item-delete").on("click",function(i){i.preventDefault();var j=confirm(qligg.remove_gallery);if(!j){return false}var f=c(this),h=f.closest("tr"),g=h.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_form_item_delete",item_id:f.data("item_id")},beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.href=e.data},300)}else{alert(e.data)}},complete:function(){setTimeout(function(){h.remove()},600)},error:function(e,k){console.log(k)},})});c(document).on("ready",function(){c(".color-picker").wpColorPicker()})})(jQuery);
1
+ (function(c){c.fn.serializeArrayAll=function(){var g={};var f=this.serializeArray();c.each(f,function(){if(g[this.name]!==undefined){if(!g[this.name].push){g[this.name]=[g[this.name]]}g[this.name].push(this.value||"")}else{g[this.name]=this.value||""}});var e=c("input[type=radio],input[type=checkbox]",this);c.each(e,function(){if(!g.hasOwnProperty(this.name)){g[this.name]=""}});return g};c(".ig-list-images > li").on("click",function(f){c(this).addClass("active");c(this).siblings().removeClass("active");c(this).find("input[type=radio]").prop("checked",true).trigger("change");c(this).siblings().find("input[type=radio]").prop("checked",false)});c("input[name=insta_source]").on("change",function(f){if(this.value=="username"){c("#ig-select-tag-wrap").hide(500,function(g){c("#ig-select-username-wrap").show().addClass("active")}).removeClass("active")}else{c("#ig-select-username-wrap").hide(500,function(g){c("#ig-select-tag-wrap").show().addClass("active")}).removeClass("active")}});c("input[name=insta_box]").on("change",function(f){if(this.checked){c("#ig-section-box").show("slow").addClass("active")}else{c("#ig-section-box").hide("slow").removeClass("active")}});c("input[name=insta_layout]").on("change",function(f){if(this.value=="carousel"){c("#ig-section-gallery, #ig-section-masonry").hide(500,function(g){c("#ig-section-carousel").show().addClass("active")}).removeClass("active")}else{if(this.value=="gallery"){c("#ig-section-carousel, #ig-section-masonry").hide(500,function(g){c("#ig-section-gallery").show().addClass("active")}).removeClass("active")}else{c("#ig-section-carousel").hide(500,function(g){c("#ig-section-masonry").show().addClass("active");c("#ig-section-gallery").show().addClass("active")}).removeClass("active")}}});c("input[name=insta_button]").on("change",function(f){if(this.checked){c("#ig-section-button").show("slow").addClass("active")}else{c("#ig-section-button").hide("slow").removeClass("active")}});c("input[name=insta_button_load]").on("change",function(f){if(this.checked){c("#ig-section-button_load").show("slow").addClass("active")}else{c("#ig-section-button_load").hide("slow").removeClass("active")}});c("input[name=insta_hover]").on("change",function(f){if(this.checked){c("#ig-section-hover").show("slow").addClass("active")}else{c("#ig-section-hover").hide("slow").removeClass("active")}});c("input[name=insta_popup]").on("change",function(f){if(this.checked){c("#ig-section-popup").show("slow").addClass("active")}else{c("#ig-section-popup").hide("slow").removeClass("active")}});c("input[name=insta_card]").on("change",function(f){if(this.checked){c("#ig-section-card").show("slow").addClass("active")}else{c("#ig-section-card").hide("slow").removeClass("active")}});function b(f){if(f){if(!c("#ig-save-settings .insta-gallery-spinner img").length){var e='<img src="'+f+'" class="ig-spin" />';c("#ig-save-settings .insta-gallery-spinner").append(e)}else{c("#ig-save-settings .insta-gallery-spinner img").attr("src",f)}c("#ig-save-settings .insta-gallery-spinner .ig-spin").hide();c("#ig-save-settings .insta-gallery-spinner img").show()}else{c("#ig-save-settings .insta-gallery-spinner .ig-spin").show();c("#ig-save-settings .insta-gallery-spinner img").remove()}}var d=c("input[name=insta_spinner_image_id]"),a=c("#ig-spinner-reset");c("#ig-save-settings").on("submit",function(h){h.preventDefault();var f=c(this),g=f.find(".spinner");c.ajax({url:ajaxurl,type:"post",dataType:"JSON",data:c.param(f.serializeArrayAll())+"&"+c.param({action:"qligg_save_settings"}),beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){window.location.reload()}},complete:function(){g.removeClass("is-active")},error:function(e,i){console.log(i)}})});a.click(function(){d.val("");b();c(this).hide()});if(d.val()==""){a.hide()}if(d.data("misrc")!=""){b(d.data("misrc"))}c("#ig-spinner-upload").click(function(g){g.preventDefault();var f;if(f){f.open()}f=wp.media({title:"Select Media",multiple:false,library:{type:"image",}});f.on("close",function(){var k=f.state().get("selection");if(k.length){var e=new Array();var h=0,l;k.each(function(i){e[h]=i.id;l=i.attributes.url;h++});var j=e.join(",");d.val(j);b(l)}if(d.val()==""){a.hide()}else{a.show()}});f.on("open",function(){var h=f.state().get("selection");var e=d.val().split(",");e.forEach(function(i){attachment=wp.media.attachment(i);attachment.fetch();h.add(attachment?[attachment]:[])})});f.open()});c(document).on("click","[data-qligg-toggle]",function(f){f.preventDefault();c(c(this).data("qligg-toggle")).slideToggle()});c(document).on("click","[data-qligg-copy]",function(f){f.preventDefault();c(c(this).data("qligg-copy")).select();document.execCommand("copy")});c("#ig-remove-data").on("click",function(g){var f=c(this).is(":checked");if(f){var h=confirm(qligg.remove_data);if(!h){return false}}});c(document).on("ready",function(i){var h=window.location.hash,j=h.substring(14);if(j.length>40){var g=c("#ig-generate-token").find(".btn-instagram"),f=c("#ig-generate-token").find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_generate_token",ig_access_token:j,ig_nonce:qligg.nonce},beforeSend:function(){g.css({opacity:".5","pointer-events":"none"});f.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.reload()},300)}else{alert(e.data)}},complete:function(){g.removeAttr("style");f.removeClass("is-active");window.location.hash="";window.location.href.split("#")[0]},error:function(e,k){console.log(k)}})}});c("#ig-update-token").on("submit",function(h){h.preventDefault();var f=c(this),g=f.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_generate_token",ig_access_token:f.find("input[name=ig_access_token]").val(),ig_nonce:qligg.nonce},beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.reload()},300)}else{alert(e.data)}},complete:function(){g.removeClass("is-active")},error:function(e,i){console.log(i)},})});c(".ig-remove-token").on("click",function(i){i.preventDefault();var j=confirm(qligg.remove_token);if(!j){return false}var f=c(this),h=f.closest("tr"),g=h.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_remove_token",item_id:f.data("item_id"),ig_nonce:qligg.nonce},beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){h.fadeOut();setTimeout(function(){window.location.reload()},300)}else{alert(e.data)}},complete:function(){g.removeClass("is-active")},error:function(e,k){console.log(k)}})});c("#ig-update-form").on("submit",function(h){h.preventDefault();var f=c(this),g=f.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:c.param(f.serializeArrayAll())+"&"+c.param({action:"qligg_update_form"}),beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.href=e.data},300)}else{alert(e.data)}},complete:function(){g.removeClass("is-active")},error:function(e,i){console.log(i)},})});c(".ig-form-item-delete").on("click",function(i){i.preventDefault();var j=confirm(qligg.remove_gallery);if(!j){return false}var f=c(this),h=f.closest("tr"),g=h.find(".spinner");c.ajax({url:ajaxurl,type:"post",data:{action:"qligg_form_item_delete",item_id:f.data("item_id"),ig_nonce:f.data("item_nonce"),},beforeSend:function(){g.addClass("is-active")},success:function(e){if(e.success){setTimeout(function(){window.location.href=e.data},300)}else{alert(e.data)}},complete:function(){setTimeout(function(){h.remove()},600)},error:function(e,k){console.log(k)},})});c(document).on("ready",function(){c(".color-picker").wpColorPicker()})})(jQuery);
includes/ajax.php CHANGED
@@ -9,23 +9,45 @@ if (!class_exists('QLIGG_AJAX')) {
9
 
10
  protected static $instance;
11
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  function save_settings() {
13
 
14
  global $qligg;
15
 
16
- if (check_admin_referer('qligg_save_settings', 'ig_nonce')) {
17
 
18
- $keys = array(
19
- 'insta_license' => 0,
20
- 'insta_flush' => 0,
21
- 'insta_spinner_image_id' => 0
22
- );
23
 
24
- $qligg = wp_parse_args(array_intersect_key($_REQUEST, $keys), $qligg);
 
 
 
 
25
 
26
- update_option('insta_gallery_settings', $qligg, false);
27
 
28
- wp_send_json_success(__('Settings updated successfully', 'insta-gallery'));
 
 
 
29
  }
30
 
31
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
@@ -35,34 +57,37 @@ if (!class_exists('QLIGG_AJAX')) {
35
 
36
  global $qligg_token, $qligg_api;
37
 
38
- if (!empty($_REQUEST) && check_admin_referer('qligg_generate_token', 'ig_nonce')) {
39
 
40
- if (empty($_REQUEST['ig_access_token'])) {
41
- wp_send_json_error(__('Empty access token', 'insta-gallery'));
42
- }
43
 
44
- $access_token = sanitize_text_field($_REQUEST['ig_access_token']);
 
 
45
 
46
- if (count($access_token_id = explode('.', $access_token)) == 1) {
47
- wp_send_json_error(__('Invalid access token', 'insta-gallery'));
48
- }
49
 
50
- if (!$qligg_api->validate_token($access_token)) {
51
- wp_send_json_error($qligg_api->get_message());
52
- }
53
 
54
- if (isset($qligg_token[$access_token_id[0]]) && $qligg_token[$access_token_id[0]] == $access_token) {
55
- wp_send_json_error(__('Account already connected. To connect a new account logout from Instagram in this browser.', 'insta-gallery'));
56
- }
 
 
 
 
57
 
58
- $new_token = array(
59
- $access_token_id[0] => $access_token
60
- );
61
 
62
- update_option('insta_gallery_token', apply_filters('qligg_update_insta_gallery_token', $new_token), false);
63
- delete_transient('insta_gallery_user_profile');
64
 
65
- wp_send_json_success(__('Access token created', 'insta-gallery'));
 
66
  }
67
 
68
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
@@ -72,20 +97,23 @@ if (!class_exists('QLIGG_AJAX')) {
72
 
73
  global $qligg_token;
74
 
75
- if (!empty($_REQUEST) && check_admin_referer('qligg_generate_token', 'ig_nonce')) {
76
 
77
- if (!isset($_REQUEST['item_id'])) {
78
- wp_send_json_error(__('Invalid item id', 'insta-gallery'));
79
- }
80
 
81
- $item_id = sanitize_text_field($_REQUEST['item_id']);
 
 
82
 
83
- unset($qligg_token[$item_id]);
84
 
85
- update_option('insta_gallery_token', $qligg_token, false);
86
- delete_transient('insta_gallery_user_profile');
87
 
88
- wp_send_json_success(__('Token removed successfully', 'insta-gallery'));
 
 
 
 
89
  }
90
 
91
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
@@ -95,97 +123,97 @@ if (!class_exists('QLIGG_AJAX')) {
95
 
96
  global $qligg_token, $qligg_api;
97
 
98
- if (!empty($_REQUEST) && check_admin_referer('qligg_update_form', 'ig_nonce')) {
99
-
100
- if (empty($item_type = $_REQUEST['insta_source'])) {
101
- wp_send_json_error(__('Select gallery item type', 'insta-gallery'));
102
- }
103
- if ($item_type == 'username' && empty($_REQUEST['insta_username'])) {
104
- wp_send_json_error(__('Username is empty', 'insta-gallery'));
105
- }
106
- if ($item_type == 'tag' && empty($_REQUEST['insta_tag'])) {
107
- wp_send_json_error(__('Tag is empty', 'insta-gallery'));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
108
  }
109
-
110
- $instagram_feed = array();
111
-
112
- $instagram_feed['insta_source'] = @$_REQUEST['insta_source'];
113
- $instagram_feed['insta_layout'] = @$_REQUEST['insta_layout'];
114
- $instagram_feed['insta_username'] = @$_REQUEST['insta_username'];
115
- $instagram_feed['insta_tag'] = @$_REQUEST['insta_tag'];
116
- $instagram_feed['insta_limit'] = @$_REQUEST['insta_limit'];
117
- $instagram_feed['insta_gal-cols'] = @$_REQUEST['insta_gal-cols'];
118
- $instagram_feed['insta_spacing'] = @$_REQUEST['insta_spacing'];
119
- $instagram_feed['insta_button'] = @$_REQUEST['insta_button'];
120
- $instagram_feed['insta_button-text'] = trim(esc_html(@$_REQUEST['insta_button-text']));
121
- $instagram_feed['insta_button-background'] = sanitize_text_field(@$_REQUEST['insta_button-background']);
122
- $instagram_feed['insta_button-background-hover'] = sanitize_text_field(@$_REQUEST['insta_button-background-hover']);
123
- //$instagram_feed['insta_button_load'] = @$_REQUEST['insta_button_load'];
124
- //$instagram_feed['insta_button_load-text'] = trim(esc_html(@$_REQUEST['insta_button_load-text']));
125
- //$instagram_feed['insta_button_load-background'] = sanitize_text_field(@$_REQUEST['insta_button_load-background']);
126
- //$instagram_feed['insta_button_load-background-hover'] = sanitize_text_field(@$_REQUEST['insta_button_load-background-hover']);
127
- $instagram_feed['insta_car-slidespv'] = @$_REQUEST['insta_car-slidespv'];
128
- $instagram_feed['insta_car-autoplay'] = @$_REQUEST['insta_car-autoplay'];
129
- $instagram_feed['insta_car-autoplay-interval'] = @$_REQUEST['insta_car-autoplay-interval'];
130
- $instagram_feed['insta_car-navarrows'] = @$_REQUEST['insta_car-navarrows'];
131
- $instagram_feed['insta_car-navarrows-color'] = sanitize_text_field(@$_REQUEST['insta_car-navarrows-color']);
132
- $instagram_feed['insta_car-pagination'] = @$_REQUEST['insta_car-pagination'];
133
- $instagram_feed['insta_car-pagination-color'] = sanitize_text_field(@$_REQUEST['insta_car-pagination-color']);
134
- $instagram_feed['insta_size'] = @$_REQUEST['insta_size'];
135
- $instagram_feed['insta_hover'] = @$_REQUEST['insta_hover'];
136
- $instagram_feed['insta_hover-color'] = sanitize_text_field(@$_REQUEST['insta_hover-color']);
137
- $instagram_feed['insta_popup'] = @$_REQUEST['insta_popup'];
138
- //$instagram_feed['insta_popup-profile'] = @$_REQUEST['insta_popup-profile'];
139
- //$instagram_feed['insta_popup-caption'] = @$_REQUEST['insta_popup-caption'];
140
- //$instagram_feed['insta_popup-likes'] = @$_REQUEST['insta_popup-likes'];
141
- //$instagram_feed['insta_popup-align'] = @$_REQUEST['insta_popup-align'];
142
- $instagram_feed['insta_likes'] = @$_REQUEST['insta_likes'];
143
- $instagram_feed['insta_comments'] = @$_REQUEST['insta_comments'];
144
-
145
- // Removing @, # and trimming input
146
- // ---------------------------------------------------------------------
147
- $instagram_feed['insta_username'] = trim($instagram_feed['insta_username']);
148
- $instagram_feed['insta_username'] = str_replace('@', '', $instagram_feed['insta_username']);
149
- $instagram_feed['insta_username'] = str_replace('#', '', $instagram_feed['insta_username']);
150
- $instagram_feed['insta_username'] = str_replace($qligg_api->instagram_url, '', $instagram_feed['insta_username']);
151
- $instagram_feed['insta_username'] = str_replace('/', '', $instagram_feed['insta_username']);
152
-
153
- $instagram_feed['insta_tag'] = trim($instagram_feed['insta_tag']);
154
- $instagram_feed['insta_tag'] = str_replace('@', '', $instagram_feed['insta_tag']);
155
- $instagram_feed['insta_tag'] = str_replace('#', '', $instagram_feed['insta_tag']);
156
- $instagram_feed['insta_tag'] = str_replace("{$qligg_api->instagram_url}/explore/tags/", '', $instagram_feed['insta_tag']);
157
- $instagram_feed['insta_tag'] = str_replace('/', '', $instagram_feed['insta_tag']);
158
-
159
- $instagram_feeds = get_option('insta_gallery_items', array());
160
-
161
- $item_id = isset($_REQUEST['item_id']) ? absint($_REQUEST['item_id']) : count($instagram_feeds) + 1;
162
-
163
- $instagram_feeds[$item_id] = $instagram_feed;
164
-
165
- update_option('insta_gallery_items', apply_filters('qligg_update_insta_gallery_items', $instagram_feeds, $item_id));
166
-
167
- wp_send_json_success(admin_url("admin.php?page=qligg_feeds&tab=edit&item_id={$item_id}"));
168
  }
169
-
170
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
171
  }
172
 
173
  function form_item_delete() {
174
 
175
- if (isset($_REQUEST['item_id'])) {
176
 
177
- $instagram_feeds = get_option('insta_gallery_items');
178
 
179
- $item_id = absint($_REQUEST['item_id']);
180
 
181
- if (isset($instagram_feeds[$item_id])) {
182
 
183
- unset($instagram_feeds[$item_id]);
184
 
185
- update_option('insta_gallery_items', $instagram_feeds, false);
186
- }
187
 
188
- wp_send_json_success(admin_url("admin.php?page=qligg_feeds"));
 
 
 
 
 
 
 
189
  }
190
 
191
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
9
 
10
  protected static $instance;
11
 
12
+ function sanitize_feed($feed) {
13
+
14
+ global $qligg_api;
15
+
16
+ // Removing @, # and trimming input
17
+ // ---------------------------------------------------------------------
18
+
19
+ $feed = sanitize_text_field($feed);
20
+
21
+ $feed = trim($feed);
22
+ $feed = str_replace('@', '', $feed);
23
+ $feed = str_replace('#', '', $feed);
24
+ $feed = str_replace($qligg_api->instagram_url, '', $feed);
25
+ $feed = str_replace('/explore/tags/', '', $feed);
26
+ $feed = str_replace('/', '', $feed);
27
+
28
+ return $feed;
29
+ }
30
+
31
  function save_settings() {
32
 
33
  global $qligg;
34
 
35
+ if (current_user_can('manage_options')) {
36
 
37
+ if (!empty($_REQUEST) && check_admin_referer('qligg_save_settings', 'ig_nonce')) {
 
 
 
 
38
 
39
+ $keys = array(
40
+ 'insta_license' => 0,
41
+ 'insta_flush' => 0,
42
+ 'insta_spinner_image_id' => 0
43
+ );
44
 
45
+ $qligg = wp_parse_args(array_intersect_key($_REQUEST, $keys), $qligg);
46
 
47
+ update_option('insta_gallery_settings', $qligg, false);
48
+
49
+ wp_send_json_success(__('Settings updated successfully', 'insta-gallery'));
50
+ }
51
  }
52
 
53
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
57
 
58
  global $qligg_token, $qligg_api;
59
 
60
+ if (current_user_can('manage_options')) {
61
 
62
+ if (!empty($_REQUEST) && check_admin_referer('qligg_generate_token', 'ig_nonce')) {
 
 
63
 
64
+ if (empty($_REQUEST['ig_access_token'])) {
65
+ wp_send_json_error(__('Empty access token', 'insta-gallery'));
66
+ }
67
 
68
+ $access_token = sanitize_text_field($_REQUEST['ig_access_token']);
 
 
69
 
70
+ if (count($access_token_id = explode('.', $access_token)) == 1) {
71
+ wp_send_json_error(__('Invalid access token', 'insta-gallery'));
72
+ }
73
 
74
+ if (!$qligg_api->validate_token($access_token)) {
75
+ wp_send_json_error($qligg_api->get_message());
76
+ }
77
+
78
+ if (isset($qligg_token[$access_token_id[0]]) && $qligg_token[$access_token_id[0]] == $access_token) {
79
+ wp_send_json_error(__('Account already connected. To connect a new account logout from Instagram in this browser.', 'insta-gallery'));
80
+ }
81
 
82
+ $new_token = array(
83
+ $access_token_id[0] => $access_token
84
+ );
85
 
86
+ update_option('insta_gallery_token', apply_filters('qligg_update_insta_gallery_token', $new_token), false);
87
+ delete_transient('insta_gallery_user_profile');
88
 
89
+ wp_send_json_success(__('Access token created', 'insta-gallery'));
90
+ }
91
  }
92
 
93
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
97
 
98
  global $qligg_token;
99
 
100
+ if (current_user_can('manage_options')) {
101
 
102
+ if (!empty($_REQUEST) && check_admin_referer('qligg_generate_token', 'ig_nonce')) {
 
 
103
 
104
+ if (!isset($_REQUEST['item_id'])) {
105
+ wp_send_json_error(__('Invalid item id', 'insta-gallery'));
106
+ }
107
 
108
+ $item_id = sanitize_text_field($_REQUEST['item_id']);
109
 
110
+ unset($qligg_token[$item_id]);
 
111
 
112
+ update_option('insta_gallery_token', $qligg_token, false);
113
+ delete_transient('insta_gallery_user_profile');
114
+
115
+ wp_send_json_success(__('Token removed successfully', 'insta-gallery'));
116
+ }
117
  }
118
 
119
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
123
 
124
  global $qligg_token, $qligg_api;
125
 
126
+ if (current_user_can('manage_options')) {
127
+
128
+ if (!empty($_REQUEST) && check_admin_referer('qligg_update_form', 'ig_nonce')) {
129
+
130
+ if (empty($item_type = $_REQUEST['insta_source'])) {
131
+ wp_send_json_error(__('Select gallery item type', 'insta-gallery'));
132
+ }
133
+ if ($item_type == 'username' && empty($_REQUEST['insta_username'])) {
134
+ wp_send_json_error(__('Username is empty', 'insta-gallery'));
135
+ }
136
+ if ($item_type == 'tag' && empty($_REQUEST['insta_tag'])) {
137
+ wp_send_json_error(__('Tag is empty', 'insta-gallery'));
138
+ }
139
+
140
+ $instagram_feed = array();
141
+
142
+ $instagram_feed['insta_source'] = sanitize_key(@$_REQUEST['insta_source']);
143
+ $instagram_feed['insta_layout'] = sanitize_key(@$_REQUEST['insta_layout']);
144
+ $instagram_feed['insta_username'] = $this->sanitize_feed(@$_REQUEST['insta_username']);
145
+ $instagram_feed['insta_tag'] = $this->sanitize_feed(@$_REQUEST['insta_tag']);
146
+ $instagram_feed['insta_limit'] = absint(@$_REQUEST['insta_limit']);
147
+ $instagram_feed['insta_gal-cols'] = absint(@$_REQUEST['insta_gal-cols']);
148
+ $instagram_feed['insta_spacing'] = absint(@$_REQUEST['insta_spacing']);
149
+ $instagram_feed['insta_button'] = absint(@$_REQUEST['insta_button']);
150
+ $instagram_feed['insta_button-text'] = trim(esc_html(@$_REQUEST['insta_button-text']));
151
+ $instagram_feed['insta_button-background'] = sanitize_text_field(@$_REQUEST['insta_button-background']);
152
+ $instagram_feed['insta_button-background-hover'] = sanitize_text_field(@$_REQUEST['insta_button-background-hover']);
153
+ $instagram_feed['insta_car-slidespv'] = absint(@$_REQUEST['insta_car-slidespv']);
154
+ $instagram_feed['insta_car-autoplay'] = absint(@$_REQUEST['insta_car-autoplay']);
155
+ $instagram_feed['insta_car-autoplay-interval'] = absint(@$_REQUEST['insta_car-autoplay-interval']);
156
+ $instagram_feed['insta_car-navarrows'] = absint(@$_REQUEST['insta_car-navarrows']);
157
+ $instagram_feed['insta_car-navarrows-color'] = sanitize_text_field(@$_REQUEST['insta_car-navarrows-color']);
158
+ $instagram_feed['insta_car-pagination'] = absint(@$_REQUEST['insta_car-pagination']);
159
+ $instagram_feed['insta_car-pagination-color'] = sanitize_text_field(@$_REQUEST['insta_car-pagination-color']);
160
+ $instagram_feed['insta_size'] = sanitize_key(@$_REQUEST['insta_size']);
161
+ $instagram_feed['insta_hover'] = absint(@$_REQUEST['insta_hover']);
162
+ $instagram_feed['insta_hover-color'] = sanitize_text_field(@$_REQUEST['insta_hover-color']);
163
+ $instagram_feed['insta_popup'] = absint(@$_REQUEST['insta_popup']);
164
+ $instagram_feed['insta_likes'] = absint(@$_REQUEST['insta_likes']);
165
+ $instagram_feed['insta_comments'] = absint(@$_REQUEST['insta_comments']);
166
+
167
+ // Removing @, # and trimming input
168
+ /* ---------------------------------------------------------------------
169
+ $instagram_feed['insta_username'] = trim($instagram_feed['insta_username']);
170
+ $instagram_feed['insta_username'] = str_replace('@', '', $instagram_feed['insta_username']);
171
+ $instagram_feed['insta_username'] = str_replace('#', '', $instagram_feed['insta_username']);
172
+ $instagram_feed['insta_username'] = str_replace($qligg_api->instagram_url, '', $instagram_feed['insta_username']);
173
+ $instagram_feed['insta_username'] = str_replace('/', '', $instagram_feed['insta_username']);
174
+
175
+ $instagram_feed['insta_tag'] = trim($instagram_feed['insta_tag']);
176
+ $instagram_feed['insta_tag'] = str_replace('@', '', $instagram_feed['insta_tag']);
177
+ $instagram_feed['insta_tag'] = str_replace('#', '', $instagram_feed['insta_tag']);
178
+ $instagram_feed['insta_tag'] = str_replace("{$qligg_api->instagram_url}/explore/tags/", '', $instagram_feed['insta_tag']);
179
+ $instagram_feed['insta_tag'] = str_replace('/', '', $instagram_feed['insta_tag']); */
180
+
181
+ $instagram_feeds = get_option('insta_gallery_items', array());
182
+
183
+ $item_id = isset($_REQUEST['item_id']) ? absint($_REQUEST['item_id']) : count($instagram_feeds) + 1;
184
+
185
+ $instagram_feeds[$item_id] = $instagram_feed;
186
+
187
+ update_option('insta_gallery_items', apply_filters('qligg_update_insta_gallery_items', $instagram_feeds, $item_id));
188
+
189
+ wp_send_json_success(admin_url("admin.php?page=qligg_feeds&tab=edit&item_id={$item_id}"));
190
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
191
  }
 
192
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
193
  }
194
 
195
  function form_item_delete() {
196
 
197
+ if (current_user_can('manage_options')) {
198
 
199
+ if (!empty($_REQUEST) && check_admin_referer('qligg_form_item_delete', 'ig_nonce')) {
200
 
201
+ if (isset($_REQUEST['item_id'])) {
202
 
203
+ $instagram_feeds = get_option('insta_gallery_items');
204
 
205
+ $item_id = absint($_REQUEST['item_id']);
206
 
207
+ if (isset($instagram_feeds[$item_id])) {
 
208
 
209
+ unset($instagram_feeds[$item_id]);
210
+
211
+ update_option('insta_gallery_items', $instagram_feeds, false);
212
+ }
213
+
214
+ wp_send_json_success(admin_url("admin.php?page=qligg_feeds"));
215
+ }
216
+ }
217
  }
218
 
219
  wp_send_json_error(__('Invalid Request', 'insta-gallery'));
includes/pages/views/edit.php CHANGED
@@ -2,7 +2,7 @@
2
  if (!defined('ABSPATH'))
3
  exit;
4
  ?>
5
- <form method="post" id="ig-update-form" class="<?php //echo!isset($ig_item_id) ? 'hidden' : ''; ?>">
6
  <table class="widefat form-table ig-table">
7
  <tbody>
8
  <tr>
@@ -275,7 +275,7 @@ if (!defined('ABSPATH'))
275
  <tr>
276
  <th scope="row"><?php _e('Navigation color', 'insta-gallery'); ?></th>
277
  <td>
278
- <input class="color-picker" data-alpha="true" name="insta_car-navarrows-color" type="text" placeholder="#c32a67" value="<?php echo $instagram_feed['insta_car-navarrows-color']; ?>" />
279
  <p class="description"><?php _e('Change navigation arrows color', 'insta-gallery'); ?></p>
280
  </td>
281
  </tr>
@@ -289,7 +289,7 @@ if (!defined('ABSPATH'))
289
  <tr>
290
  <th scope="row"><?php _e('Pagination color', 'insta-gallery'); ?></th>
291
  <td>
292
- <input class="color-picker" data-alpha="true" name="insta_car-pagination-color" type="text" placeholder="#c32a67" value="<?php echo $instagram_feed['insta_car-pagination-color']; ?>" />
293
  <p class="description"><?php _e('Change pagination dotts color', 'insta-gallery'); ?></p>
294
  </td>
295
  </tr>
2
  if (!defined('ABSPATH'))
3
  exit;
4
  ?>
5
+ <form method="post" id="ig-update-form" class="<?php //echo!isset($ig_item_id) ? 'hidden' : ''; ?>">
6
  <table class="widefat form-table ig-table">
7
  <tbody>
8
  <tr>
275
  <tr>
276
  <th scope="row"><?php _e('Navigation color', 'insta-gallery'); ?></th>
277
  <td>
278
+ <input class="color-picker" data-alpha="true" name="insta_car-navarrows-color" type="text" placeholder="#c32a67" value="<?php echo esc_html($instagram_feed['insta_car-navarrows-color']); ?>" />
279
  <p class="description"><?php _e('Change navigation arrows color', 'insta-gallery'); ?></p>
280
  </td>
281
  </tr>
289
  <tr>
290
  <th scope="row"><?php _e('Pagination color', 'insta-gallery'); ?></th>
291
  <td>
292
+ <input class="color-picker" data-alpha="true" name="insta_car-pagination-color" type="text" placeholder="#c32a67" value="<?php echo esc_html($instagram_feed['insta_car-pagination-color']); ?>" />
293
  <p class="description"><?php _e('Change pagination dotts color', 'insta-gallery'); ?></p>
294
  </td>
295
  </tr>
includes/pages/views/list.php CHANGED
@@ -50,7 +50,7 @@ if (!defined('ABSPATH'))
50
  <a href="<?php echo admin_url("admin.php?page=qligg_feeds&tab=edit&item_id={$id}"); ?>" class="btn-instagram">
51
  <span class="dashicons dashicons-edit"></span><?php _e('Edit', 'insta-gallery'); ?>
52
  </a>
53
- <a href="#" data-item_id="<?php echo esc_attr($id); ?>" class="btn-instagram ig-form-item-delete">
54
  <span class="dashicons dashicons-trash"></span><?php _e('Delete', 'insta-gallery'); ?>
55
  </a>
56
  <span class="spinner"></span>
50
  <a href="<?php echo admin_url("admin.php?page=qligg_feeds&tab=edit&item_id={$id}"); ?>" class="btn-instagram">
51
  <span class="dashicons dashicons-edit"></span><?php _e('Edit', 'insta-gallery'); ?>
52
  </a>
53
+ <a href="#" data-item_nonce="<?php echo wp_create_nonce('qligg_form_item_delete'); ?>" data-item_id="<?php echo esc_attr($id); ?>" class="btn-instagram ig-form-item-delete">
54
  <span class="dashicons dashicons-trash"></span><?php _e('Delete', 'insta-gallery'); ?>
55
  </a>
56
  <span class="spinner"></span>
includes/widget.php CHANGED
@@ -54,7 +54,7 @@ class QLIGG_Widget extends WP_Widget {
54
  $label = __('Tagname', 'insta-gallery') . ' / ' . $IGItem['insta_tag'];
55
  }
56
  ?>
57
- <option value="<?php echo $k; ?>" <?php selected($k, $instagal_id) ?>><?php echo $label; ?></option>
58
  <?php } ?>
59
  </select>
60
  </p>
54
  $label = __('Tagname', 'insta-gallery') . ' / ' . $IGItem['insta_tag'];
55
  }
56
  ?>
57
+ <option value="<?php echo esc_html($k); ?>" <?php selected($k, $instagal_id) ?>><?php echo esc_html($label); ?></option>
58
  <?php } ?>
59
  </select>
60
  </p>
insta-gallery.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: WP Social Feed Gallery
4
  * Plugin URI: https://quadlayers.com/portfolio/instagram-gallery/
5
  * Description: Display beautifull and responsive galleries on your website from your Instagram feed account.
6
- * Version: 2.4.7
7
  * Author: Quadlayers
8
  * Author URI: https://quadlayers.com
9
  * License: GPL-2.0+
@@ -18,7 +18,7 @@ if (!defined('QLIGG_PLUGIN_NAME')) {
18
  define('QLIGG_PLUGIN_NAME', 'WP Social Feed Gallery');
19
  }
20
  if (!defined('QLIGG_PLUGIN_VERSION')) {
21
- define('QLIGG_PLUGIN_VERSION', '2.4.7');
22
  }
23
  if (!defined('QLIGG_PLUGIN_FILE')) {
24
  define('QLIGG_PLUGIN_FILE', __FILE__);
@@ -58,14 +58,18 @@ if (!class_exists('QLIGG')) {
58
  protected static $instance;
59
 
60
  function ajax_dismiss_notice() {
 
61
 
62
- if ($notice_id = ( isset($_POST['notice_id']) ) ? sanitize_key($_POST['notice_id']) : '') {
63
 
64
- update_user_meta(get_current_user_id(), $notice_id, true);
65
 
66
- wp_send_json($notice_id);
67
- }
68
 
 
 
 
 
69
  wp_die();
70
  }
71
 
@@ -104,6 +108,7 @@ if (!class_exists('QLIGG')) {
104
  data: {
105
  notice_id: notice_id,
106
  action: 'qligg_dismiss_notice',
 
107
  },
108
  success: function (response) {
109
  console.log(response);
3
  * Plugin Name: WP Social Feed Gallery
4
  * Plugin URI: https://quadlayers.com/portfolio/instagram-gallery/
5
  * Description: Display beautifull and responsive galleries on your website from your Instagram feed account.
6
+ * Version: 2.4.8
7
  * Author: Quadlayers
8
  * Author URI: https://quadlayers.com
9
  * License: GPL-2.0+
18
  define('QLIGG_PLUGIN_NAME', 'WP Social Feed Gallery');
19
  }
20
  if (!defined('QLIGG_PLUGIN_VERSION')) {
21
+ define('QLIGG_PLUGIN_VERSION', '2.4.8');
22
  }
23
  if (!defined('QLIGG_PLUGIN_FILE')) {
24
  define('QLIGG_PLUGIN_FILE', __FILE__);
58
  protected static $instance;
59
 
60
  function ajax_dismiss_notice() {
61
+ if (current_user_can('manage_options')) {
62
 
63
+ if (!empty($_REQUEST) && check_admin_referer('qligg_dismiss_notice', 'ig_nonce')) {
64
 
65
+ if ($notice_id = ( isset($_REQUEST['notice_id']) ) ? sanitize_key($_REQUEST['notice_id']) : '') {
66
 
67
+ update_user_meta(get_current_user_id(), $notice_id, true);
 
68
 
69
+ wp_send_json($notice_id);
70
+ }
71
+ }
72
+ }
73
  wp_die();
74
  }
75
 
108
  data: {
109
  notice_id: notice_id,
110
  action: 'qligg_dismiss_notice',
111
+ ig_nonce: '<?php echo wp_create_nonce('qligg_dismiss_notice'); ?>'
112
  },
113
  success: function (response) {
114
  console.log(response);
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: instagram, instagram feed, instagram widget, instagram gallery, instagram
5
  Requires at least: 4.6
6
  Tested up to: 5.2
7
  Requires PHP: 5.3
8
- Stable tag: 2.4.7
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -88,6 +88,12 @@ There may be some other plugins(like: fancybox, elementor) which also uses image
88
 
89
  == Changelog ==
90
 
 
 
 
 
 
 
91
  = 2.4.7 =
92
  * New. WP Instagram Feed Gallery renamed
93
 
5
  Requires at least: 4.6
6
  Tested up to: 5.2
7
  Requires PHP: 5.3
8
+ Stable tag: 2.4.8
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
88
 
89
  == Changelog ==
90
 
91
+ = 2.4.8 =
92
+ * Fix. nonce validation added to qligg_dismiss_notice ajax action
93
+ * Fix. nonce validation added to qligg_form_item_delete ajax action
94
+ * Fix. current_user_can validation added to all ajax actions
95
+ * Fix. scape data output in admin backend added
96
+
97
  = 2.4.7 =
98
  * New. WP Instagram Feed Gallery renamed
99