WordPress Social Sharing Plugin – Sassy Social Share

Version Description

[17 September 2021] = * [Important] Fixed PHP Object Injection vulnerability * [Improvement] Admin UI improvement

Release Info

Developer	Heateor
Plugin	WordPress Social Sharing Plugin – Sassy Social Share
Version	3.3.24
Comparing to
See all releases

Code changes from version 3.3.23 to 3.3.24

Files changed (5) hide show

admin/class-sassy-social-share-admin.php +67 -26
admin/js/sassy-social-share-options.js +5 -3
admin/partials/sassy-social-share-options-page.php +1 -1
readme.txt +11 -3
sassy-social-share.php +2 -2

admin/class-sassy-social-share-admin.php CHANGED Viewed

	@@ -317,7 +317,12 @@ class Sassy_Social_Share_Admin {
317	public function admin_options_scripts() {
318
319	wp_enqueue_script( 'heateor_sss_admin_options_script', plugins_url( 'js/sassy-social-share-options.js', __FILE__ ), array( 'jquery', 'jquery-ui-sortable' ), $this->version );
320	- ~~wp_add_inline_script~~( 'heateor_sss_admin_options_script', '~~var heateorSssPluginPageUrl = "~~' ~~. admin_url() . 'admin.php?page=heateor-sss-options";var heateorSssAjaxLoader = "' . plugins_url( '../images/ajax_loader.gif'~~, ~~__FILE__ ) . '"', $position = 'before' );~~





321
322	}
323
	@@ -420,13 +425,17 @@ class Sassy_Social_Share_Admin {
420	*/
421	public function export_config() {
422
423	- ~~$config~~ = ~~get_option~~( '~~heateor_sss~~' );
424	- ~~header~~( '~~Content-Type:~~ ~~application/json~~' );
425	- die~~( json_encode(~~
426	- ~~array(~~
427	- 'config' => ~~base64_encode~~( ~~maybe_serialize(~~ ~~$config~~ ) )
428	- )
429	- ~~) );~~




430
431	}
432
	@@ -437,19 +446,23 @@ class Sassy_Social_Share_Admin {
437	*/
438	public function import_config() {
439
440	- if ( ~~isset~~( ~~$_POST[~~'~~config~~'] ) ~~&& strlen( trim( $_POST['config']~~ ) ~~) > 0 )~~ {
441	- ~~$config~~ ~~= maybe_unserialize~~( ~~base64_decode~~( ~~trim(~~ ~~$_POST[~~'~~config~~'] ) ) );
442	- ~~if ( is_array( $config ) && count( $config ) > 0 ) {~~
443	- ~~update_option( 'heateor_sss', $config );~~
444	- ~~header~~( '~~Content-Type:~~ ~~application/json~~' );
445	- ~~die~~( ~~json_encode~~(
446	- ~~array~~(
447	- '~~success~~' => 1
448	- )
449	- ~~) );~~




450	}

451	}
452	- die;
453
454	}
455
	@@ -512,8 +525,13 @@ class Sassy_Social_Share_Admin {
512	*/
513	public function clear_shorturl_cache() {
514
515	- ~~global~~ ~~$wpdb;~~
516	- ~~$wpdb->query~~( ~~"DELETE~~ ~~FROM~~ ~~$wpdb->postmeta~~ ~~WHERE~~ ~~meta_key~~ = ~~'_heateor_sss_bitly_url'"~~ );





517	die;
518
519	}
	@@ -525,8 +543,13 @@ class Sassy_Social_Share_Admin {
525	*/
526	public function clear_share_count_cache() {
527
528	- ~~global~~ ~~$wpdb;~~
529	- ~~$wpdb->query~~( ~~"DELETE~~ ~~FROM~~ ~~$wpdb->options~~ ~~WHERE~~ ~~option_name~~ ~~LIKE~~ ~~'_transient_heateor_sss_share_count_%'"~~ );





530	die;
531
532	}
	@@ -538,7 +561,12 @@ class Sassy_Social_Share_Admin {
538	*/
539	public function twitter_share_notification_read() {
540
541	- ~~update_option~~( ~~'heateor_sss_twitter_share_notification_read',~~ '1' );





542	die;
543
544	}
	@@ -550,7 +578,12 @@ class Sassy_Social_Share_Admin {
550	*/
551	public function twitcount_notification_read() {
552
553	- ~~update_option~~( ~~'heateor_sss_twitcount_notification_read',~~ '1' );





554	die;
555
556	}
	@@ -562,7 +595,12 @@ class Sassy_Social_Share_Admin {
562	*/
563	public function gdpr_notification_read() {
564
565	- ~~update_option~~( ~~'heateor_sss_gdpr_notification_read',~~ '1' );





566	die;
567
568	}
	@@ -604,6 +642,7 @@ class Sassy_Social_Share_Admin {
604	type: 'GET',
605	url: '<?php echo get_admin_url() ?>admin-ajax.php',
606	data: {

607	action: 'heateor_sss_gdpr_notification_read'
608	},
609	success: function(data, textStatus, XMLHttpRequest){
	@@ -630,6 +669,7 @@ class Sassy_Social_Share_Admin {
630	type: 'GET',
631	url: '<?php echo get_admin_url() ?>admin-ajax.php',
632	data: {

633	action: 'heateor_sss_twitter_share_notification_read'
634	},
635	success: function(data, textStatus, XMLHttpRequest){
	@@ -653,6 +693,7 @@ class Sassy_Social_Share_Admin {
653	type: 'GET',
654	url: '<?php echo get_admin_url() ?>admin-ajax.php',
655	data: {

656	action: 'heateor_sss_twitcount_notification_read'
657	},
658	success: function(data, textStatus, XMLHttpRequest){


317	public function admin_options_scripts() {
318
319	wp_enqueue_script( 'heateor_sss_admin_options_script', plugins_url( 'js/sassy-social-share-options.js', __FILE__ ), array( 'jquery', 'jquery-ui-sortable' ), $this->version );
320	+ wp_localize_script( 'heateor_sss_admin_options_script', 'heateor_sss_admin_options_script_object',
321	+ array(
322	+ 'plugin_page_url' => admin_url() . 'admin.php?page=heateor-sss-options',
323	+ 'nonce' => wp_create_nonce( 'heateor_sss_admin_options_script' ),
324	+ )
325	+ );
326
327	}
328

425	*/
426	public function export_config() {
427
428	+ if ( current_user_can( 'manage_options' ) ) {
429	+ if ( check_ajax_referer( 'heateor_sss_admin_options_script', 'nonce' ) === false ) {
430	+ die;
431	+ }
432	+ $config = get_option( 'heateor_sss' );
433	+ die( json_encode(
434	+ array(
435	+ 'config' => json_encode( $config )
436	+ )
437	+ ) );
438	+ }
439
440	}
441

446	*/
447	public function import_config() {
448
449	+ if ( current_user_can( 'manage_options' ) ) {
450	+ if ( check_ajax_referer( 'heateor_sss_admin_options_script', 'nonce' ) === false ) {
451	+ die;
452	+ }
453	+ if ( isset( $_POST['config'] ) && strlen( trim( $_POST['config'] ) ) > 0 ) {
454	+ $config = json_decode( stripslashes( trim( $_POST['config'] ) ), true );
455	+ if ( is_array( $config ) && count( $config ) > 0 ) {
456	+ update_option( 'heateor_sss', $config );
457	+ die( json_encode(
458	+ array(
459	+ 'success' => 1
460	+ )
461	+ ) );
462	+ }
463	}
464	+ die;
465	}

466
467	}
468

525	*/
526	public function clear_shorturl_cache() {
527
528	+ if ( current_user_can( 'manage_options' ) ) {
529	+ if ( check_ajax_referer( 'heateor_sss_admin_options_script', 'nonce' ) === false ) {
530	+ die;
531	+ }
532	+ global $wpdb;
533	+ $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_key = '_heateor_sss_bitly_url'" );
534	+ }
535	die;
536
537	}

543	*/
544	public function clear_share_count_cache() {
545
546	+ if ( current_user_can( 'manage_options' ) ) {
547	+ if ( check_ajax_referer( 'heateor_sss_admin_options_script', 'nonce' ) === false ) {
548	+ die;
549	+ }
550	+ global $wpdb;
551	+ $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_heateor_sss_share_count_%'" );
552	+ }
553	die;
554
555	}

561	*/
562	public function twitter_share_notification_read() {
563
564	+ if ( current_user_can( 'manage_options' ) ) {
565	+ if ( check_ajax_referer( 'heateor_sss_admin_ajax_nonce', 'nonce' ) === false ) {
566	+ die;
567	+ }
568	+ update_option( 'heateor_sss_twitter_share_notification_read', '1' );
569	+ }
570	die;
571
572	}

578	*/
579	public function twitcount_notification_read() {
580
581	+ if ( current_user_can( 'manage_options' ) ) {
582	+ if ( check_ajax_referer( 'heateor_sss_admin_ajax_nonce', 'nonce' ) === false ) {
583	+ die;
584	+ }
585	+ update_option( 'heateor_sss_twitcount_notification_read', '1' );
586	+ }
587	die;
588
589	}

595	*/
596	public function gdpr_notification_read() {
597
598	+ if ( current_user_can( 'manage_options' ) ) {
599	+ if ( check_ajax_referer( 'heateor_sss_admin_ajax_nonce', 'nonce' ) === false ) {
600	+ die;
601	+ }
602	+ update_option( 'heateor_sss_gdpr_notification_read', '1' );
603	+ }
604	die;
605
606	}

642	type: 'GET',
643	url: '<?php echo get_admin_url() ?>admin-ajax.php',
644	data: {
645	+ nonce: '<?php echo wp_create_nonce( 'heateor_sss_admin_ajax_nonce' ) ?>',
646	action: 'heateor_sss_gdpr_notification_read'
647	},
648	success: function(data, textStatus, XMLHttpRequest){

669	type: 'GET',
670	url: '<?php echo get_admin_url() ?>admin-ajax.php',
671	data: {
672	+ nonce: '<?php echo wp_create_nonce( 'heateor_sss_admin_ajax_nonce' ) ?>',
673	action: 'heateor_sss_twitter_share_notification_read'
674	},
675	success: function(data, textStatus, XMLHttpRequest){

693	type: 'GET',
694	url: '<?php echo get_admin_url() ?>admin-ajax.php',
695	data: {
696	+ nonce: '<?php echo wp_create_nonce( 'heateor_sss_admin_ajax_nonce' ) ?>',
697	action: 'heateor_sss_twitcount_notification_read'
698	},
699	success: function(data, textStatus, XMLHttpRequest){

admin/js/sassy-social-share-options.js CHANGED Viewed

	@@ -33,6 +33,7 @@ function heateorSssExportConfig(){
33	dataType: 'json',
34	url: heateorSssSharingAjaxUrl,
35	data: {

36	action: 'heateor_sss_export_config'
37	},
38	success: function(data, textStatus, XMLHttpRequest){
	@@ -52,17 +53,16 @@ function heateorSssImportConfig(){
52	url: heateorSssSharingAjaxUrl,
53	data: {
54	config: jQuery('#heateor_sss_import_config_txt').val().trim(),

55	action: 'heateor_sss_import_config'
56	},
57	success: function(data, textStatus, XMLHttpRequest){
58	jQuery('#import_config_loading').css('display', 'none');
59	if(data != null && typeof data.success != 'undefined' && data.success == 1){
60	- location.href = ~~heateorSssPluginPageUrl~~ + "&settings-updated=true";
61	}else{
62	alert("Something went wrong");
63	}
64	- },
65	- error: function(data, textStatus, XMLHttpRequest){
66	}
67	});
68	}
	@@ -82,6 +82,7 @@ function heateorSssClearShorturlCache(){
82	type: 'GET',
83	url: heateorSssSharingAjaxUrl,
84	data: {

85	action: 'heateor_sss_clear_shorturl_cache'
86	},
87	success: function(data, textStatus, XMLHttpRequest){
	@@ -97,6 +98,7 @@ function heateorSssClearShareCountCache(){
97	type: 'GET',
98	url: heateorSssSharingAjaxUrl,
99	data: {

100	action: 'heateor_sss_clear_share_count_cache'
101	},
102	success: function(data, textStatus, XMLHttpRequest){


33	dataType: 'json',
34	url: heateorSssSharingAjaxUrl,
35	data: {
36	+ nonce: heateor_sss_admin_options_script_object.nonce,
37	action: 'heateor_sss_export_config'
38	},
39	success: function(data, textStatus, XMLHttpRequest){

53	url: heateorSssSharingAjaxUrl,
54	data: {
55	config: jQuery('#heateor_sss_import_config_txt').val().trim(),
56	+ nonce: heateor_sss_admin_options_script_object.nonce,
57	action: 'heateor_sss_import_config'
58	},
59	success: function(data, textStatus, XMLHttpRequest){
60	jQuery('#import_config_loading').css('display', 'none');
61	if(data != null && typeof data.success != 'undefined' && data.success == 1){
62	+ location.href = heateor_sss_admin_options_script_object.plugin_page_url + "&settings-updated=true";
63	}else{
64	alert("Something went wrong");
65	}


66	}
67	});
68	}

82	type: 'GET',
83	url: heateorSssSharingAjaxUrl,
84	data: {
85	+ nonce: heateor_sss_admin_options_script_object.nonce,
86	action: 'heateor_sss_clear_shorturl_cache'
87	},
88	success: function(data, textStatus, XMLHttpRequest){

98	type: 'GET',
99	url: heateorSssSharingAjaxUrl,
100	data: {
101	+ nonce: heateor_sss_admin_options_script_object.nonce,
102	action: 'heateor_sss_clear_share_count_cache'
103	},
104	success: function(data, textStatus, XMLHttpRequest){

admin/partials/sassy-social-share-options-page.php CHANGED Viewed

	@@ -358,7 +358,7 @@ defined( 'ABSPATH' ) or die( "Cheating........Uh!!" );
358	<tr>
359	<td colspan="2">
360	<div>
361	- <a href="https://www.heateor.com/comparison-between-sassy-social-share-and-premium/" target="_blank"><img src="<?php echo plugins_url( '../../images/unlock/responsive-icons.png', __FILE__ ) ?>" /></a>
362	</div>
363	</td>
364	</tr>


358	<tr>
359	<td colspan="2">
360	<div>
361	+ <a href="https://www.heateor.com/comparison-between-sassy-social-share-pro-and-premium/" target="_blank"><img src="<?php echo plugins_url( '../../images/unlock/responsive-icons.png', __FILE__ ) ?>" /></a>
362	</div>
363	</td>
364	</tr>

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: Heateor, jatin8heateor, farhan8heateor
3	Donate link: https://www.heateor.com/donate/?action=Sassy+Social+Share
4	Tags: social share, social sharing, social media share, share facebook, facebook social share, wordpress social share, share buttons, social share buttons, facebook like, twitter tweet, whatsapp share, line share, gab share, parler share
5	Requires at least: 2.5.0
6	- Tested up to: 5.8
7	- Stable tag: 3.3.23
8	License: GPLv2 or later
9
10	Slickest, Simplest and Optimized Share buttons. Facebook, Twitter, Reddit, Pinterest, Whatsapp, Parler, Gab and over 100 more.
	@@ -123,6 +123,10 @@ Yes, we can help you with it. Just drop an email at support[at]heateor[dot]com
123	4. Universal Sharing Popup: Universal Sharing popup having all the supported sharing and bookmarking services
124
125	== Changelog ==




126	= 3.3.23 [29 July 2021] =
127	* [New] Added options to export and import plugin configuration
128
	@@ -1017,4 +1021,8 @@ Yes, we can help you with it. Just drop an email at support[at]heateor[dot]com
1017	* [Improvement] Performance improvement of Social Media Follow widget
1018
1019	= 3.3.23 [29 July 2021] =
1020	- * [New] Added options to export and import plugin configuration


3	Donate link: https://www.heateor.com/donate/?action=Sassy+Social+Share
4	Tags: social share, social sharing, social media share, share facebook, facebook social share, wordpress social share, share buttons, social share buttons, facebook like, twitter tweet, whatsapp share, line share, gab share, parler share
5	Requires at least: 2.5.0
6	+ Tested up to: 5.8.1
7	+ Stable tag: 3.3.24
8	License: GPLv2 or later
9
10	Slickest, Simplest and Optimized Share buttons. Facebook, Twitter, Reddit, Pinterest, Whatsapp, Parler, Gab and over 100 more.

123	4. Universal Sharing Popup: Universal Sharing popup having all the supported sharing and bookmarking services
124
125	== Changelog ==
126	+ = 3.3.24 [17 September 2021] =
127	+ * [Important] Fixed PHP Object Injection vulnerability
128	+ * [Improvement] Admin UI improvement
129	+
130	= 3.3.23 [29 July 2021] =
131	* [New] Added options to export and import plugin configuration
132

1021	* [Improvement] Performance improvement of Social Media Follow widget
1022
1023	= 3.3.23 [29 July 2021] =
1024	+ * [New] Added options to export and import plugin configuration
1025	+
1026	+ = 3.3.24 [17 September 2021] =
1027	+ * [Important] Fixed PHP Object Injection vulnerability
1028	+ * [Improvement] Admin UI improvement

sassy-social-share.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	* Plugin Name: Sassy Social Share
7	* Plugin URI: https://www.heateor.com
8	* Description: Slickest, Simplest and Optimized Share buttons. Facebook, Twitter, Reddit, Pinterest, WhatsApp and over 100 more
9	- * Version: 3.3.23
10	* Author: Team Heateor
11	* Author URI: https://www.heateor.com
12	* Text Domain: sassy-social-share
	@@ -20,7 +20,7 @@ if ( ! defined( 'WPINC' ) ) {
20	die;
21	}
22
23	- define( 'HEATEOR_SSS_VERSION', '3.3.23' );
24	define( 'HEATEOR_SSS_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
25
26	// plugin core class object


6	* Plugin Name: Sassy Social Share
7	* Plugin URI: https://www.heateor.com
8	* Description: Slickest, Simplest and Optimized Share buttons. Facebook, Twitter, Reddit, Pinterest, WhatsApp and over 100 more
9	+ * Version: 3.3.24
10	* Author: Team Heateor
11	* Author URI: https://www.heateor.com
12	* Text Domain: sassy-social-share

20	die;
21	}
22
23	+ define( 'HEATEOR_SSS_VERSION', '3.3.24' );
24	define( 'HEATEOR_SSS_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
25
26	// plugin core class object

WordPress Social Sharing Plugin – Sassy Social Share - Version 3.3.24

Version Description

Release Info

Code changes from version 3.3.23 to 3.3.24