WordPress Social Tools, Related Posts, Monetization – Shareaholic - Version 7.6.1.0

Version Description

  • Bugfix: fix for security vulnerability. Upgrade immediately.
Download this release

Release Info

Developer hngu_shareaholic
Plugin Icon 128x128 WordPress Social Tools, Related Posts, Monetization – Shareaholic
Version 7.6.1.0
Comparing to
See all releases

Code changes from version 7.6.0.9 to 7.6.1.0

Files changed (6) hide show
  1. admin.php +13 -0
  2. assets/js/main.js +1 -0
  3. public.php +4 -4
  4. readme.txt +7 -1
  5. shareaholic.php +3 -3
  6. templates/settings.php +4 -3
admin.php CHANGED
@@ -85,6 +85,19 @@ class ShareaholicAdmin {
85
  public static function add_location() {
86
  $location = $_POST['location'];
87
  $app_name = $location['app_name'];
 
 
 
 
 
 
 
 
 
 
 
 
 
88
  ShareaholicUtilities::update_options(array(
89
  'location_name_ids' => array(
90
  $app_name => array(
85
  public static function add_location() {
86
  $location = $_POST['location'];
87
  $app_name = $location['app_name'];
88
+
89
+ // if location id is not numeric throw bad request
90
+ // or user lacks permissions
91
+ // or does not have the nonce token
92
+ // otherwise forcibly change it to a number
93
+ if (!wp_verify_nonce( $_REQUEST['nonce'], 'shareaholic_add_location') ||
94
+ !current_user_can('publish_posts') || !is_numeric($location['id'])) {
95
+ header('HTTP/1.1 400 Bad Request', true, 400);
96
+ die();
97
+ } else {
98
+ $location['id'] = intval($location['id']);
99
+ }
100
+
101
  ShareaholicUtilities::update_options(array(
102
  'location_name_ids' => array(
103
  $app_name => array(
assets/js/main.js CHANGED
@@ -132,6 +132,7 @@
132
  data: data,
133
  success: function(data, status, jqxhr) {
134
  data['action'] = 'shareaholic_add_location';
 
135
  button.data('location_id', data['location']['id']);
136
  Shareaholic.disable_buttons();
137
  Shareaholic.submit_to_admin(data, function(stuff) {
132
  data: data,
133
  success: function(data, status, jqxhr) {
134
  data['action'] = 'shareaholic_add_location';
135
+ data['nonce'] = window.shareaholic_add_location_nonce;
136
  button.data('location_id', data['location']['id']);
137
  Shareaholic.disable_buttons();
138
  Shareaholic.submit_to_admin(data, function(stuff) {
public.php CHANGED
@@ -592,7 +592,7 @@ class ShareaholicPublic {
592
 
593
  // Input Params
594
  $post_type = isset($_GET['post_type']) ? $_GET['post_type'] : "any";
595
- $n = isset($_GET['n']) ? $_GET['n'] : -1;
596
  $format = isset($_GET['format']) ? $_GET['format'] : "json";
597
 
598
  $permalink_list = array();
@@ -621,12 +621,12 @@ class ShareaholicPublic {
621
  }
622
  }
623
 
624
- if ($format == "text"){
625
  header('Content-Type: text/plain; charset=utf-8');
626
  foreach($permalink_list as $link) {
627
  echo $link. "\r\n";
628
  }
629
- } elseif ($format == "json"){
630
  header('Content-Type: application/json; charset=utf-8');
631
  echo json_encode($permalink_list);
632
  }
@@ -768,7 +768,7 @@ class ShareaholicPublic {
768
  // Input Params
769
  $permalink = isset($_GET['permalink']) ? $_GET['permalink'] : NULL;
770
  $match = isset($_GET['match']) ? $_GET['match'] : "random"; // match method
771
- $n = isset($_GET['n']) ? $_GET['n'] : 10; // number of related permalinks to return
772
 
773
  $related_permalink_list = array();
774
 
592
 
593
  // Input Params
594
  $post_type = isset($_GET['post_type']) ? $_GET['post_type'] : "any";
595
+ $n = isset($_GET['n']) ? intval($_GET['n']) : -1;
596
  $format = isset($_GET['format']) ? $_GET['format'] : "json";
597
 
598
  $permalink_list = array();
621
  }
622
  }
623
 
624
+ if ($format === "text"){
625
  header('Content-Type: text/plain; charset=utf-8');
626
  foreach($permalink_list as $link) {
627
  echo $link. "\r\n";
628
  }
629
+ } elseif ($format === "json"){
630
  header('Content-Type: application/json; charset=utf-8');
631
  echo json_encode($permalink_list);
632
  }
768
  // Input Params
769
  $permalink = isset($_GET['permalink']) ? $_GET['permalink'] : NULL;
770
  $match = isset($_GET['match']) ? $_GET['match'] : "random"; // match method
771
+ $n = isset($_GET['n']) ? intval($_GET['n']) : 10; // number of related permalinks to return
772
 
773
  $related_permalink_list = array();
774
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: shareaholic
3
  Tags: sexybookmarks, shareaholic, shareholic, facebook, twitter, linkedin, URL Shortener, bitly, tinyurl, Goo.gl, Google+1, Google Analytics, Google Plus, Google, Instapaper, Wish List, Digg, Gmail, Google Bookmarks, Translate, Tumblr, AIM, Yahoo Messenger, Delicious, StumbleUpon, mister wong, evernote, add this, addtoany, share this, sharethis, share and follow, share and enjoy, sharing is sexy, sharing is caring, yahoo, reddit, hackernews, houzz, yummly, tweet button, twitter button, fark, buffer, myspace, orkut, netlog, hubspot, weheartit, printfriendly, yammer, wanelo, pinterest, google translate, bookmarks, social, email button, social share, socialize, sociable, sharebar, bookmark button, share button, social bookmarking, bookmarks menu, bookmarking, share, seo, analytics, stats, sharing, facebook like, facebook recommend, WPMU, mutisite, sumome, shortcode, yaarp, yarpp, nrelate, outbrain, linkwithin, related content, related posts, related, popular posts, popular, thumbnails, recommendations
4
  Requires at least: 3.0
5
  Tested up to: 4.1
6
- Stable tag: 7.6.0.9
7
 
8
  The easiest, most effective way to grow your website traffic, effectively engage your audience, monetize, and gain insights for free.
9
 
@@ -169,6 +169,9 @@ Please see here: [Usage & Installation Instructions](http://support.shareaholic.
169
 
170
  == Changelog ==
171
 
 
 
 
172
  = 7.6.0.9 =
173
  * Bugfix: Added isset checks for undefined indexes being thrown
174
  * Bugfix: Parse out BOM character from HTTP responses
@@ -1188,6 +1191,9 @@ Please see here: [Usage & Installation Instructions](http://support.shareaholic.
1188
 
1189
  == Upgrade Notice ==
1190
 
 
 
 
1191
  = 7.6.0.9 =
1192
  Many improvements and bug fixes.
1193
 
3
  Tags: sexybookmarks, shareaholic, shareholic, facebook, twitter, linkedin, URL Shortener, bitly, tinyurl, Goo.gl, Google+1, Google Analytics, Google Plus, Google, Instapaper, Wish List, Digg, Gmail, Google Bookmarks, Translate, Tumblr, AIM, Yahoo Messenger, Delicious, StumbleUpon, mister wong, evernote, add this, addtoany, share this, sharethis, share and follow, share and enjoy, sharing is sexy, sharing is caring, yahoo, reddit, hackernews, houzz, yummly, tweet button, twitter button, fark, buffer, myspace, orkut, netlog, hubspot, weheartit, printfriendly, yammer, wanelo, pinterest, google translate, bookmarks, social, email button, social share, socialize, sociable, sharebar, bookmark button, share button, social bookmarking, bookmarks menu, bookmarking, share, seo, analytics, stats, sharing, facebook like, facebook recommend, WPMU, mutisite, sumome, shortcode, yaarp, yarpp, nrelate, outbrain, linkwithin, related content, related posts, related, popular posts, popular, thumbnails, recommendations
4
  Requires at least: 3.0
5
  Tested up to: 4.1
6
+ Stable tag: 7.6.1.0
7
 
8
  The easiest, most effective way to grow your website traffic, effectively engage your audience, monetize, and gain insights for free.
9
 
169
 
170
  == Changelog ==
171
 
172
+ = 7.6.1.0 =
173
+ * Bugfix: fix for security vulnerability. Upgrade immediately.
174
+
175
  = 7.6.0.9 =
176
  * Bugfix: Added isset checks for undefined indexes being thrown
177
  * Bugfix: Parse out BOM character from HTTP responses
1191
 
1192
  == Upgrade Notice ==
1193
 
1194
+ = 7.6.1.0 =
1195
+ Fix for security vulnerability. Upgrade immediately.
1196
+
1197
  = 7.6.0.9 =
1198
  Many improvements and bug fixes.
1199
 
shareaholic.php CHANGED
@@ -3,14 +3,14 @@
3
  * The main file!
4
  *
5
  * @package shareaholic
6
- * @version 7.6.0.9
7
  */
8
 
9
  /*
10
  Plugin Name: Shareaholic | share buttons, analytics, related content
11
  Plugin URI: https://shareaholic.com/publishers/
12
  Description: Whether you want to get people sharing, grow your fans, make money, or know who's reading your content, Shareaholic will help you get it done. See <a href="admin.php?page=shareaholic-settings">configuration panel</a> for more settings.
13
- Version: 7.6.0.9
14
  Author: Shareaholic
15
  Author URI: https://shareaholic.com
16
  Text Domain: shareaholic
@@ -64,7 +64,7 @@ if (!class_exists('Shareaholic')) {
64
  const CM_API_URL = 'https://cm-web.shareaholic.com'; // uses static IPs for firewall whitelisting
65
  const REC_API_URL = 'http://recommendations.shareaholic.com';
66
 
67
- const VERSION = '7.6.0.9';
68
 
69
  /**
70
  * Starts off as false so that ::get_instance() returns
3
  * The main file!
4
  *
5
  * @package shareaholic
6
+ * @version 7.6.1.0
7
  */
8
 
9
  /*
10
  Plugin Name: Shareaholic | share buttons, analytics, related content
11
  Plugin URI: https://shareaholic.com/publishers/
12
  Description: Whether you want to get people sharing, grow your fans, make money, or know who's reading your content, Shareaholic will help you get it done. See <a href="admin.php?page=shareaholic-settings">configuration panel</a> for more settings.
13
+ Version: 7.6.1.0
14
  Author: Shareaholic
15
  Author URI: https://shareaholic.com
16
  Text Domain: shareaholic
64
  const CM_API_URL = 'https://cm-web.shareaholic.com'; // uses static IPs for firewall whitelisting
65
  const REC_API_URL = 'http://recommendations.shareaholic.com';
66
 
67
+ const VERSION = '7.6.1.0';
68
 
69
  /**
70
  * Starts off as false so that ::get_instance() returns
templates/settings.php CHANGED
@@ -9,7 +9,8 @@
9
 
10
  <script>
11
  window.first_part_of_url = '<?php echo Shareaholic::URL . '/publisher_tools/' . $settings['api_key']?>/';
12
- window.verification_key = '<?php echo $settings['verification_key'] ?>'
 
13
  </script>
14
 
15
  <div class='unit size3of5'>
@@ -38,7 +39,7 @@ window.verification_key = '<?php echo $settings['verification_key'] ?>'
38
  <?php } ?>>
39
  <label for="recommendations_<?php echo "{$page_type}_below_content" ?>"><?php echo ucfirst($position) ?> Content</label>
40
  <button data-app='recommendations'
41
- data-location_id='<?php echo $location_id ?>'
42
  data-href="recommendations/locations/{{id}}/edit"
43
  class="mll btn btn-success">
44
  <?php _e('Customize', 'shareaholic'); ?></button>
@@ -81,7 +82,7 @@ window.verification_key = '<?php echo $settings['verification_key'] ?>'
81
  <?php } ?>>
82
  <label for="share_buttons_<?php echo "{$page_type}_{$position}_content" ?>"><?php echo ucfirst($position) ?> Content</label>
83
  <button data-app='share_buttons'
84
- data-location_id='<?php echo $location_id ?>'
85
  data-href='share_buttons/locations/{{id}}/edit'
86
  class="mll btn btn-success">
87
  <?php _e('Customize', 'shareaholic'); ?></button>
9
 
10
  <script>
11
  window.first_part_of_url = '<?php echo Shareaholic::URL . '/publisher_tools/' . $settings['api_key']?>/';
12
+ window.verification_key = '<?php echo $settings['verification_key'] ?>';
13
+ window.shareaholic_add_location_nonce = '<?php echo wp_create_nonce("shareaholic_add_location"); ?>';
14
  </script>
15
 
16
  <div class='unit size3of5'>
39
  <?php } ?>>
40
  <label for="recommendations_<?php echo "{$page_type}_below_content" ?>"><?php echo ucfirst($position) ?> Content</label>
41
  <button data-app='recommendations'
42
+ data-location_id='<?php echo intval($location_id); ?>'
43
  data-href="recommendations/locations/{{id}}/edit"
44
  class="mll btn btn-success">
45
  <?php _e('Customize', 'shareaholic'); ?></button>
82
  <?php } ?>>
83
  <label for="share_buttons_<?php echo "{$page_type}_{$position}_content" ?>"><?php echo ucfirst($position) ?> Content</label>
84
  <button data-app='share_buttons'
85
+ data-location_id='<?php echo intval($location_id); ?>'
86
  data-href='share_buttons/locations/{{id}}/edit'
87
  class="mll btn btn-success">
88
  <?php _e('Customize', 'shareaholic'); ?></button>