Social Share Buttons by Supsystic - Version 2.2.7

Version Description

/ 06.07.2022 = * Fixes for SQLi

Download this release

Release Info

Developer supsystic.com
Plugin Icon 128x128 Social Share Buttons by Supsystic
Version 2.2.7
Comparing to
See all releases

Code changes from version 2.2.6 to 2.2.7

Files changed (10) hide show
  1. app/SupsysticSocialSharing.php +1 -1
  2. index.php +1 -1
  3. readme.txt +4 -1
  4. src/SocialSharing/Core/BaseController.php +1 -1
  5. src/SocialSharing/Core/BaseModel.php +11 -1
  6. src/SocialSharing/Networks/Model/ProjectNetworks.php +8 -2
  7. src/SocialSharing/Projects/Controller.php +3 -3
  8. src/SocialSharing/Projects/Model/Projects.php +34 -16
  9. src/SocialSharing/Shares/Model/Shares.php +1 -1
  10. vendor/BarsMaster/ChainQueryBuilder.php +1 -1
app/SupsysticSocialSharing.php CHANGED
@@ -18,7 +18,7 @@ class SupsysticSocialSharing
18
  $pluginName = 'sss';
19
  $pluginTitleName = 'Social Share by Supsystic';
20
  $pluginSlug = 'supsystic-social-sharing';
21
- $environment = new Rsc_Environment($pluginName, '2.2.6', $pluginPath);
22
 
23
  /* Configure */
24
  $environment->configure(
18
  $pluginName = 'sss';
19
  $pluginTitleName = 'Social Share by Supsystic';
20
  $pluginSlug = 'supsystic-social-sharing';
21
+ $environment = new Rsc_Environment($pluginName, '2.2.7', $pluginPath);
22
 
23
  /* Configure */
24
  $environment->configure(
index.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Social Share Buttons by Supsystic
5
  * Plugin URI: http://supsystic.com
6
  * Description: Social share buttons to increase social traffic and popularity. Social sharing to Facebook, Twitter and other social networks
7
- * Version: 2.2.6
8
  * Author: supsystic.com
9
  * Author URI: http://supsystic.com
10
  **/
4
  * Plugin Name: Social Share Buttons by Supsystic
5
  * Plugin URI: http://supsystic.com
6
  * Description: Social share buttons to increase social traffic and popularity. Social sharing to Facebook, Twitter and other social networks
7
+ * Version: 2.2.7
8
  * Author: supsystic.com
9
  * Author URI: http://supsystic.com
10
  **/
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Contributors: supsystic.com
3
  Tags: share counter, social media share, social network share, social share, social share buttons, social sharing, facebook like, facebook share, facebook share button, like, share buttons, share links, sharebar, social buttons, facebook, facebook integration, facebook connect, google+, twitter, twitter share, linkedin share, pinterest button, button, share
4
  Tested up to: 6.0
5
- Stable tag: 2.2.6
6
 
7
  Social share buttons to increase social traffic and popularity. Social sharing to Facebook like and share, Twitter, Pinterest and other social networks
8
 
@@ -198,6 +198,9 @@ Here you can set when to show social share buttons:
198
 
199
 
200
  == Changelog ==
 
 
 
201
  = 2.2.6 / 17.06.2022 =
202
  * WP review fixes
203
 
2
  Contributors: supsystic.com
3
  Tags: share counter, social media share, social network share, social share, social share buttons, social sharing, facebook like, facebook share, facebook share button, like, share buttons, share links, sharebar, social buttons, facebook, facebook integration, facebook connect, google+, twitter, twitter share, linkedin share, pinterest button, button, share
4
  Tested up to: 6.0
5
+ Stable tag: 2.2.7
6
 
7
  Social share buttons to increase social traffic and popularity. Social sharing to Facebook like and share, Twitter, Pinterest and other social networks
8
 
198
 
199
 
200
  == Changelog ==
201
+ = 2.2.7 / 06.07.2022 =
202
+ * Fixes for SQLi
203
+
204
  = 2.2.6 / 17.06.2022 =
205
  * WP review fixes
206
 
src/SocialSharing/Core/BaseController.php CHANGED
@@ -132,7 +132,7 @@ class SocialSharing_Core_BaseController extends Rsc_Mvc_Controller
132
  if (!empty($request->query->get('nonce'))) {
133
  $nonce = $request->query->get('nonce');
134
  }
135
- if ( !empty($nonce) && wp_verify_nonce( $nonce, 'ssbs_nonce') ) {
136
  return true;
137
  }
138
  return false;
132
  if (!empty($request->query->get('nonce'))) {
133
  $nonce = $request->query->get('nonce');
134
  }
135
+ if ( !empty($nonce) && wp_verify_nonce($nonce, 'ssbs_nonce') && is_admin() && current_user_can('administrator') ) {
136
  return true;
137
  }
138
  return false;
src/SocialSharing/Core/BaseModel.php CHANGED
@@ -73,4 +73,14 @@ abstract class SocialSharing_Core_BaseModel extends Rsc_Mvc_Model implements Rsc
73
 
74
  return $string;
75
  }
76
- }
 
 
 
 
 
 
 
 
 
 
73
 
74
  return $string;
75
  }
76
+
77
+ protected function beforeValuesSet($fields) {
78
+ $values = array();
79
+
80
+ for($i = 0; $i < count($fields); $i++) {
81
+ $values[] = '%s';
82
+ }
83
+
84
+ return $values;
85
+ }
86
+ }
src/SocialSharing/Networks/Model/ProjectNetworks.php CHANGED
@@ -226,13 +226,19 @@ class SocialSharing_Networks_Model_ProjectNetworks extends SocialSharing_Core_Ba
226
  */
227
  protected function updateSomething($projectId, $networkId, $field, $value)
228
  {
 
 
 
 
 
229
  $query = $this->getQueryBuilder()
230
  ->update($this->getTable())
231
  ->where('project_id', '=', (int)$projectId)
232
  ->andWhere('network_id', '=', (int)$networkId)
233
- ->set($field, htmlspecialchars($value));
 
234
 
235
- $this->db->query($query->build());
236
 
237
  if ($this->db->last_error) {
238
  throw new RuntimeException($this->db->last_error);
226
  */
227
  protected function updateSomething($projectId, $networkId, $field, $value)
228
  {
229
+ $fields = array(
230
+ $field => htmlspecialchars($value),
231
+ );
232
+ $values = $this->beforeValuesSet($fields);
233
+
234
  $query = $this->getQueryBuilder()
235
  ->update($this->getTable())
236
  ->where('project_id', '=', (int)$projectId)
237
  ->andWhere('network_id', '=', (int)$networkId)
238
+ ->fields(array_keys($fields))
239
+ ->values($values);
240
 
241
+ $this->db->query($this->db->prepare($query->build(), array_values($fields)));
242
 
243
  if ($this->db->last_error) {
244
  throw new RuntimeException($this->db->last_error);
src/SocialSharing/Projects/Controller.php CHANGED
@@ -42,7 +42,7 @@ class SocialSharing_Projects_Controller extends SocialSharing_Core_BaseControlle
42
  */
43
  public function addAction(Rsc_Http_Request $request)
44
  {
45
- $title = $request->post->get('title');
46
  $design = $request->post->get('design');
47
  $networksInProject = $request->post->get('networks');
48
  $networks = $this->modelsFactory->get('networks')->all();
@@ -59,13 +59,13 @@ class SocialSharing_Projects_Controller extends SocialSharing_Core_BaseControlle
59
  } else {
60
  if (!$this->_checkNonce($request)) die();
61
  try {
62
- $insertId = $this->modelsFactory->get('projects')->create(
63
  $title,
64
  $design
65
  );
66
 
67
  foreach ((array)$networksInProject as $key => $networkId) {
68
- if (!$networkModel->has($insertId, $networkId)) {
69
  $networkModel->add($insertId, $networkId, $key);
70
  }
71
  }
42
  */
43
  public function addAction(Rsc_Http_Request $request)
44
  {
45
+ $title = sanitize_text_field($request->post->get('title'));
46
  $design = $request->post->get('design');
47
  $networksInProject = $request->post->get('networks');
48
  $networks = $this->modelsFactory->get('networks')->all();
59
  } else {
60
  if (!$this->_checkNonce($request)) die();
61
  try {
62
+ $insertId = $this->modelsFactory->get('projects')->create( //ac ok
63
  $title,
64
  $design
65
  );
66
 
67
  foreach ((array)$networksInProject as $key => $networkId) {
68
+ if (!$networkModel->has($insertId, $networkId)) { //ac ok
69
  $networkModel->add($insertId, $networkId, $key);
70
  }
71
  }
src/SocialSharing/Projects/Model/Projects.php CHANGED
@@ -31,12 +31,19 @@ class SocialSharing_Projects_Model_Projects extends SocialSharing_Core_BaseModel
31
  'design' => $design
32
  );
33
 
 
 
 
 
 
 
 
34
  $query = $this->getQueryBuilder()
35
  ->insertInto($this->getTable())
36
- ->fields('title', 'created_at', 'settings')
37
- ->values($title, date('Y-m-d'), serialize($settings));
38
 
39
- $this->db->query($query->build());
40
 
41
  if ($this->db->last_error) {
42
  throw new RuntimeException(
@@ -66,7 +73,7 @@ class SocialSharing_Projects_Model_Projects extends SocialSharing_Core_BaseModel
66
  if (!$project) {
67
  return null;
68
  }
69
-
70
  return $this->applyFilters($project);
71
  }
72
 
@@ -188,13 +195,18 @@ class SocialSharing_Projects_Model_Projects extends SocialSharing_Core_BaseModel
188
  // $settings['popup_id'] = 0;
189
  // }
190
 
 
 
 
 
 
191
  $query = $this->getQueryBuilder()
192
  ->update($this->getTable())
193
  ->where('id', '=', (int)$id)
194
- ->fields('settings')
195
- ->values(serialize($settings));
196
 
197
- $this->db->query($query->build());
198
 
199
  if ($this->db->last_error) {
200
  throw new RuntimeException(
@@ -208,12 +220,18 @@ class SocialSharing_Projects_Model_Projects extends SocialSharing_Core_BaseModel
208
 
209
  public function rename($id, $title)
210
  {
 
 
 
 
 
211
  $query = $this->getQueryBuilder()
212
  ->update($this->getTable())
213
  ->where('id', '=', (int)$id)
214
- ->set(array('title' => htmlspecialchars($title)));
 
215
 
216
- $this->db->query($query->build());
217
 
218
  if ($this->db->last_error) {
219
  throw new RuntimeException($this->db->last_error);
@@ -250,12 +268,12 @@ class SocialSharing_Projects_Model_Projects extends SocialSharing_Core_BaseModel
250
  $project->networks = $this->db->get_results(
251
  'SELECT
252
  n.*, pn.title, pn.text, pn.tooltip, pn.text_format, pn.use_short_url, pn.icon_image, pn.profile_name, pn.mail_to_default
253
- FROM `' . $this->getTable() . '` AS p
254
- LEFT JOIN `' . $this->getTable('project_networks') . '` AS pn
255
- ON p.id = pn.project_id
256
- LEFT JOIN `' . $this->getTable('networks') . '` AS n
257
- ON pn.network_id = n.id
258
- WHERE p.id = ' . $project->id . '
259
  ORDER BY pn.position ASC'
260
  );
261
 
@@ -264,7 +282,7 @@ class SocialSharing_Projects_Model_Projects extends SocialSharing_Core_BaseModel
264
  }
265
 
266
  $project->settings = unserialize($project->settings);
267
-
268
  return $project;
269
  }
270
 
31
  'design' => $design
32
  );
33
 
34
+ $fields = array(
35
+ 'title' => $title,
36
+ 'created_at' => date('Y-m-d'),
37
+ 'settings' => serialize($settings),
38
+ );
39
+ $values = $this->beforeValuesSet($fields);
40
+
41
  $query = $this->getQueryBuilder()
42
  ->insertInto($this->getTable())
43
+ ->fields(array_keys($fields))
44
+ ->values($values);
45
 
46
+ $this->db->query($this->db->prepare($query->build(), array_values($fields)));
47
 
48
  if ($this->db->last_error) {
49
  throw new RuntimeException(
73
  if (!$project) {
74
  return null;
75
  }
76
+
77
  return $this->applyFilters($project);
78
  }
79
 
195
  // $settings['popup_id'] = 0;
196
  // }
197
 
198
+ $fields = array(
199
+ 'settings' => serialize($settings),
200
+ );
201
+ $values = $this->beforeValuesSet($fields);
202
+
203
  $query = $this->getQueryBuilder()
204
  ->update($this->getTable())
205
  ->where('id', '=', (int)$id)
206
+ ->fields(array_keys($fields))
207
+ ->values($values);
208
 
209
+ $this->db->query($this->db->prepare($query->build(), array_values($fields)));
210
 
211
  if ($this->db->last_error) {
212
  throw new RuntimeException(
220
 
221
  public function rename($id, $title)
222
  {
223
+ $fields = array(
224
+ 'title' => htmlspecialchars($title),
225
+ );
226
+ $values = $this->beforeValuesSet($fields);
227
+
228
  $query = $this->getQueryBuilder()
229
  ->update($this->getTable())
230
  ->where('id', '=', (int)$id)
231
+ ->fields(array_keys($fields))
232
+ ->values($values);
233
 
234
+ $this->db->query($this->db->prepare($query->build(), array_values($fields)));
235
 
236
  if ($this->db->last_error) {
237
  throw new RuntimeException($this->db->last_error);
268
  $project->networks = $this->db->get_results(
269
  'SELECT
270
  n.*, pn.title, pn.text, pn.tooltip, pn.text_format, pn.use_short_url, pn.icon_image, pn.profile_name, pn.mail_to_default
271
+ FROM `' . $this->getTable() . '` AS p
272
+ LEFT JOIN `' . $this->getTable('project_networks') . '` AS pn
273
+ ON p.id = pn.project_id
274
+ LEFT JOIN `' . $this->getTable('networks') . '` AS n
275
+ ON pn.network_id = n.id
276
+ WHERE p.id = ' . $project->id . '
277
  ORDER BY pn.position ASC'
278
  );
279
 
282
  }
283
 
284
  $project->settings = unserialize($project->settings);
285
+
286
  return $project;
287
  }
288
 
src/SocialSharing/Shares/Model/Shares.php CHANGED
@@ -394,7 +394,7 @@ class SocialSharing_Shares_Model_Shares extends SocialSharing_Core_BaseModel
394
  $query = $this->getQueryBuilder()
395
  ->select(array('settings'))
396
  ->from($this->getTable('projects'))
397
- ->where('id', '=', $projectId);
398
  $dbresult = $this->db->get_results($query->build());
399
  $result = unserialize($dbresult[0]->settings);
400
  if (isset($settingName) && isset($result[$settingName]) && !empty($result[$settingName])) {
394
  $query = $this->getQueryBuilder()
395
  ->select(array('settings'))
396
  ->from($this->getTable('projects'))
397
+ ->where('id', '=', (int)$projectId);
398
  $dbresult = $this->db->get_results($query->build());
399
  $result = unserialize($dbresult[0]->settings);
400
  if (isset($settingName) && isset($result[$settingName]) && !empty($result[$settingName])) {
vendor/BarsMaster/ChainQueryBuilder.php CHANGED
@@ -416,4 +416,4 @@ class BarsMaster_ChainQueryBuilder
416
  $statement[] = 'LIMIT ' . $this->_limit;
417
  }
418
  }
419
- }
416
  $statement[] = 'LIMIT ' . $this->_limit;
417
  }
418
  }
419
+ }