WordPress Social Sharing Plugin – Social Warfare

Version Description

(25 MAR 2019) = * Further security auditing and hardening of files against hacking.

Release Info

Developer	WarfarePlugins
Plugin	WordPress Social Sharing Plugin – Social Warfare
Version	3.5.4
Comparing to
See all releases

Code changes from version 3.5.3 to 3.5.4

Files changed (8) hide show

lib/admin/SWP_User_Profile.php +14 -4
lib/social-networks/SWP_Twitter.php +2 -2
lib/utilities/SWP_Database_Migration.php +16 -9
lib/utilities/SWP_Permalink.php +18 -14
lib/utilities/SWP_Post_Cache.php +96 -12
lib/utilities/SWP_Utility.php +2 -3
readme.txt +4 -1
social-warfare.php +2 -2

lib/admin/SWP_User_Profile.php CHANGED Viewed

	@@ -85,19 +85,29 @@ class SWP_User_Profile {
85	* is updated.
86	*
87	* @param integer $user_id The user ID
88	- * @since ~~Unknown~~
89	* @access public
90	* @return none
91	*
92	*/
93	public function save_user_profile_fields( $user_id ) {
94
95	- if ( ! current_user_can( 'edit_user', ~~$user_id~~ ) ) {
96	return false;
97	}
98
99	- ~~update_user_meta~~( $~~user_id,~~ 'swp_twitter', $_POST['swp_twitter'] );
100	- ~~update_user_meta~~( $~~user_id,~~ ~~'swp_fb_author',~~ ~~$_POST['swp_fb_author']~~ );










101	}
102
103


85	* is updated.
86	*
87	* @param integer $user_id The user ID
88	+ * @since 3.5.4 \| 25 MAR 2018 \| Added strlen checks and sanitization.
89	* @access public
90	* @return none
91	*
92	*/
93	public function save_user_profile_fields( $user_id ) {
94
95	+ if ( !current_user_can( 'edit_user' ) ) {
96	return false;
97	}
98
99	+ $twitter = isset( $_POST['swp_twitter'] ) ? sanitize_text_field( $_POST['swp_twitter'] ) : '';
100	+ if( strlen( $twitter ) > 15 ) {
101	+ $twitter = '';
102	+ }
103	+
104	+ $facebook = isset( $_POST['swp_fb_author']) ? sanitize_text_field( $_POST['swp_fb_author'] ) : '';
105	+ if ( strlen( $facebook ) > 50 ) {
106	+ $facebook = '';
107	+ }
108	+
109	+ update_user_meta( $user_id, 'swp_twitter', $twitter );
110	+ update_user_meta( $user_id, 'swp_fb_author', $facebook );
111	}
112
113

lib/social-networks/SWP_Twitter.php CHANGED Viewed

	@@ -176,7 +176,7 @@ class SWP_Twitter extends SWP_Social_Network {
176	$author = SWP_User_Profile::get_author( $post_data['ID'] );
177	$user_twitter_handle = get_the_author_meta( 'swp_twitter' , $author );
178	if ( !empty( $user_twitter_handle ) ) {
179	- return '&via=' . str_replace( '@', '', $user_twitter_handle );
180	}
181
182
	@@ -187,7 +187,7 @@ class SWP_Twitter extends SWP_Social_Network {
187	*/
188	$twitter_id = SWP_Utility::get_option( 'twitter_id' );
189	if ( !empty( $twitter_id ) ) {
190	- return '&via=' . str_replace( '@', '', $twitter_id );
191	}
192
193	return '';


176	$author = SWP_User_Profile::get_author( $post_data['ID'] );
177	$user_twitter_handle = get_the_author_meta( 'swp_twitter' , $author );
178	if ( !empty( $user_twitter_handle ) ) {
179	+ return '&via=' . str_replace( '@', '', esc_attr( $user_twitter_handle ) );
180	}
181
182

187	*/
188	$twitter_id = SWP_Utility::get_option( 'twitter_id' );
189	if ( !empty( $twitter_id ) ) {
190	+ return '&via=' . str_replace( '@', '', esc_attr( $twitter_id ) );
191	}
192
193	return '';

lib/utilities/SWP_Database_Migration.php CHANGED Viewed

	@@ -218,7 +218,6 @@ class SWP_Database_Migration {
218	// }
219
220
221	-
222	if ( true === SWP_Utility::debug('get_filtered_options') ) :
223	global $swp_user_options;
224	echo "<pre>";
	@@ -228,7 +227,9 @@ class SWP_Database_Migration {
228	endif;
229
230	if ( true == SWP_Utility::debug('get_post_meta') ) :

231	add_action( 'template_redirect', array( $this, 'print_post_meta' ) );

232	endif;
233
234	/**
	@@ -240,7 +241,7 @@ class SWP_Database_Migration {
240	* @since 3.4.2
241	*/
242	if ( true == SWP_Utility::debug('reset_float_location') ) {
243	- if (!~~is_admin~~()) {
244	wp_die('You do not have authorization to view this page.');
245	}
246	$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'page';
	@@ -250,7 +251,7 @@ class SWP_Database_Migration {
250
251	// Migrate settings page if explicitly being called via a debugging parameter.
252	if ( true === SWP_Utility::debug('migrate_db') ) {
253	- if (!~~is_admin~~()) {
254	wp_die('You do not have authorization to view this page.');
255	}
256	$this->migrate();
	@@ -258,7 +259,7 @@ class SWP_Database_Migration {
258
259	// Initialize database if explicitly being called via a debugging parameter.
260	if ( true === SWP_Utility::debug('initialize_db') ) {
261	- if (!~~is_admin~~()) {
262	wp_die('You do not have authorization to view this page.');
263	}
264	$this->initialize_db();
	@@ -266,7 +267,7 @@ class SWP_Database_Migration {
266
267	// Update post meta if explicitly being called via a debugging parameter.
268	if ( true === SWP_Utility::debug('migrate_post_meta') ) {
269	- if (!~~is_admin~~()) {
270	wp_die('You do not have authorization to view this page.');
271	}
272	$this->update_post_meta();
	@@ -275,7 +276,7 @@ class SWP_Database_Migration {
275
276	// Output the last_migrated status if called via a debugging parameter.
277	if ( true === SWP_Utility::debug('get_last_migrated') ) {
278	- if (!~~is_admin~~()) {
279	wp_die('You do not have authorization to view this page.');
280	}
281	$this->get_last_migrated( true );
	@@ -283,7 +284,7 @@ class SWP_Database_Migration {
283
284	// Update the last migrated status if called via a debugging parameter.
285	if ( true === SWP_Utility::debug('update_last_migrated') ) {
286	- if (!~~is_admin~~()) {
287	wp_die('You do not have authorization to view this page.');
288	}
289	$this->update_last_migrated();
	@@ -292,13 +293,19 @@ class SWP_Database_Migration {
292	if ( true === SWP_Utility::debug( ( 'delete_plugin_data' ) ) ) {
293	$password = isset($_GET['swp_confirmation']) ? urldecode($_GET['swp_confirmation']) : '';
294	$user = wp_get_current_user();
295	- if ( !~~is_admin~~()
296	- \|\| false == current_user_can( 'administrator' )
297	\|\| false == wp_check_password( $password, $user->user_pass, $user->ID) ) {
298	wp_die('You do not have authorization to view this page.');
299	}
300	global $wpdb;
301







302	$query =
303	"DELETE FROM {$wpdb->prefix}postmeta
304	WHERE meta_key LIKE '\_%\_shares'


218	// }
219
220

221	if ( true === SWP_Utility::debug('get_filtered_options') ) :
222	global $swp_user_options;
223	echo "<pre>";

227	endif;
228
229	if ( true == SWP_Utility::debug('get_post_meta') ) :
230	+
231	add_action( 'template_redirect', array( $this, 'print_post_meta' ) );
232	+
233	endif;
234
235	/**

241	* @since 3.4.2
242	*/
243	if ( true == SWP_Utility::debug('reset_float_location') ) {
244	+ if (!current_user_can( 'manage_options' )) {
245	wp_die('You do not have authorization to view this page.');
246	}
247	$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'page';

251
252	// Migrate settings page if explicitly being called via a debugging parameter.
253	if ( true === SWP_Utility::debug('migrate_db') ) {
254	+ if (!current_user_can( 'manage_options' )) {
255	wp_die('You do not have authorization to view this page.');
256	}
257	$this->migrate();

259
260	// Initialize database if explicitly being called via a debugging parameter.
261	if ( true === SWP_Utility::debug('initialize_db') ) {
262	+ if (!current_user_can( 'manage_options' )) {
263	wp_die('You do not have authorization to view this page.');
264	}
265	$this->initialize_db();

267
268	// Update post meta if explicitly being called via a debugging parameter.
269	if ( true === SWP_Utility::debug('migrate_post_meta') ) {
270	+ if (!current_user_can( 'manage_options' )) {
271	wp_die('You do not have authorization to view this page.');
272	}
273	$this->update_post_meta();

276
277	// Output the last_migrated status if called via a debugging parameter.
278	if ( true === SWP_Utility::debug('get_last_migrated') ) {
279	+ if (!current_user_can( 'manage_options' )) {
280	wp_die('You do not have authorization to view this page.');
281	}
282	$this->get_last_migrated( true );

284
285	// Update the last migrated status if called via a debugging parameter.
286	if ( true === SWP_Utility::debug('update_last_migrated') ) {
287	+ if (!current_user_can( 'manage_options' )) {
288	wp_die('You do not have authorization to view this page.');
289	}
290	$this->update_last_migrated();

293	if ( true === SWP_Utility::debug( ( 'delete_plugin_data' ) ) ) {
294	$password = isset($_GET['swp_confirmation']) ? urldecode($_GET['swp_confirmation']) : '';
295	$user = wp_get_current_user();
296	+ if ( !current_user_can( 'manage_options' )

297	\|\| false == wp_check_password( $password, $user->user_pass, $user->ID) ) {
298	wp_die('You do not have authorization to view this page.');
299	}
300	global $wpdb;
301
302	+
303	+ /**
304	+ * Looks for any post_meta keys that begin with `swp_` OR begin
305	+ * with `_` AND end with `_shares`. Note that the underscores are
306	+ * escaped, else they would be interpreted as wildcards.
307	+ *
308	+ */
309	$query =
310	"DELETE FROM {$wpdb->prefix}postmeta
311	WHERE meta_key LIKE '\_%\_shares'

lib/utilities/SWP_Permalink.php CHANGED Viewed

	@@ -178,31 +178,35 @@ class SWP_Permalink {
178	endif;
179
180	// Check if they're using cross domain recovery
181	- if ( ~~isset~~( ~~$swp_user_options[~~'current_domain'] ) ~~&& $swp_user_options['current_domain']~~
182	- ~~&& isset(~~ $~~swp_user_options['~~former_domain'] ) && ~~$swp_user_options[~~'former_domain'] ) :
183	- $~~url~~ = ~~str_replace~~( $~~swp_user_options['current_domain'],$swp_user_options['~~former_domain~~'],$url~~ );

184	endif;
185
186	// Filter the Protocol
187	- ~~if (~~ $~~swp_user_options['recovery_protocol']~~ == ~~'https' && strpos~~( ~~$url,~~'~~https~~' ) ~~=== false ) :~~

188	$url = str_replace( 'http','https',$url );
189	- elseif ( $~~swp_user_options['recovery_protocol']~~ == 'http' && strpos( $url,'https' ) !== false ) :
190	$url = str_replace( 'https','http',$url );
191	endif;
192
193	// Filter the prefix
194	- if ( ~~$swp_user_options[~~'recovery_prefix'] ~~== 'unchanged'~~ ) :
195	- ~~elseif~~ ( $~~swp_user_options['~~recovery_prefix'] == '~~www~~' ~~&& strpos( $url,'www'~~ ) ~~=== false )~~ :
196	- $~~url~~ = ~~str_replace~~( ~~'http://'~~,'~~http://~~www.'~~,$url~~ );
197	- $url = str_replace( '~~https~~://','~~https~~://www.',$url );
198	- ~~elseif~~ ( ~~$swp_user_options[~~'~~recovery_prefix~~'] == '~~nonwww~~' ~~&& strpos(~~ $url~~,'www'~~ ) ~~!== false ) :~~
199	- $~~url~~ = ~~str_replace~~( '~~http://~~www.'~~,'http://',$url~~ );
200	- $url = str_replace( '~~https~~://www.','~~https~~://',$url );

201	endif;
202
203	// Filter out the subdomain
204	- ~~if ( isset(~~ $~~swp_user_options['~~recovery_subdomain'] ) && ~~$swp_user_options[~~'recovery_subdomain'] ~~!= ''~~ ) :
205	- ~~$url~~ ~~= str_replace~~( $~~swp_user_options['~~recovery_subdomain'] . ~~'.'~~ , '' , ~~$url );~~

206	endif;
207
208	return $url;


178	endif;
179
180	// Check if they're using cross domain recovery
181	+ $current_domain = SWP_Utility::get_option( 'current_domain' );
182	+ $former_domain = SWP_Utility::get_option( 'former_domain' );
183	+ if ( isset( $current_domain ) && isset( $former_domain ) && $former_domain ) :
184	+ $url = str_replace( $current_domain, $former_domain, $url );
185	endif;
186
187	// Filter the Protocol
188	+ $protocol = SWP_Utility::get_option( 'recovery_protocol' );
189	+ if ( $protocol == 'https' && strpos( $url,'https' ) === false ) :
190	$url = str_replace( 'http','https',$url );
191	+ elseif ( $protocol == 'http' && strpos( $url,'https' ) !== false ) :
192	$url = str_replace( 'https','http',$url );
193	endif;
194
195	// Filter the prefix
196	+ $recovery_prefix = SWP_Utility::get_option( 'recovery_prefix' );
197	+ if ( $recovery_prefix == 'unchanged' ) :
198	+ elseif ( $recovery_prefix == 'www' && strpos( $url,'www' ) === false ) :
199	+ $url = str_replace( 'http://', 'http://www.', $url );
200	+ $url = str_replace( 'https://', 'https://www.', $url );
201	+ elseif ( $recovery_prefix == 'nonwww' && strpos( $url,'www' ) !== false ) :
202	+ $url = str_replace( 'http://www.', 'http://', $url );
203	+ $url = str_replace( 'https://www.', 'https://', $url );
204	endif;
205
206	// Filter out the subdomain
207	+ $recovery_subdomain = SWP_Utility::get_option( 'recovery_subdomain' );
208	+ if ( $recovery_subdomain && $recovery_subdomain != '' ) :
209	+ $url = str_replace( $recovery_subdomain . '.' , '' , $url );
210	endif;
211
212	return $url;

lib/utilities/SWP_Post_Cache.php CHANGED Viewed

	@@ -81,7 +81,6 @@ class SWP_Post_Cache {
81	*
82	*/
83	public function __construct( $post_id ) {
84	-
85	// Set up the post data into local properties.
86	$this->post_id = $post_id;
87	$this->establish_share_counts();
	@@ -124,7 +123,7 @@ class SWP_Post_Cache {
124	endif;
125
126	// Always be true if we're not a single post.
127	- if ( !is_singular() ) :
128	return true;
129	endif;
130
	@@ -250,7 +249,12 @@ class SWP_Post_Cache {
250	* The methods in this section are used to rebuild all of the cached data.
251	*
252	*/
253	-





254
255	/**
256	* A method to rebuild all cached data
	@@ -269,10 +273,12 @@ class SWP_Post_Cache {
269	*
270	*/
271	public function rebuild_cached_data() {




272	if( true === $this->is_post_published() ) {
273	$this->rebuild_share_counts();
274	- $this->update_image_cache( 'swp_pinterest_image' );
275	- $this->update_image_cache( 'swp_og_image' );
276	$this->process_urls();
277	$this->reset_timestamp();
278
	@@ -323,17 +329,82 @@ class SWP_Post_Cache {
323	}
324	}
325

326	/**
327	* Store image url, id, and metadata in post_meta for quicker access later.
328	*
329	* @since 3.5.0 \| 19 DEC 2018 \| Merged old methods into this new method.

330	* @param string $meta_key The image field to update. Known examples include
331	* swp_og_image, swp_pinterest_image, swp_twitter_image
332	* @param int $new_id The attachment ID to update.
333	* @return void

334	*/
335	public function update_image_cache( $meta_key ) {
336	- ~~$new_id = SWP_Utility::get_meta( $this->post_id, $meta_key );~~






























































337
338
339	/**
	@@ -344,7 +415,7 @@ class SWP_Post_Cache {
344	* deleted from the meta field.
345	*
346	*/
347	- if ( ~~false~~ ~~===~~ $new_id ) {
348	delete_post_meta( $this->post_id, $meta_key.'_data' );
349	delete_post_meta( $this->post_id, $meta_key.'_url' );
350	delete_post_meta( $this->post_id, $meta_key );
	@@ -353,21 +424,34 @@ class SWP_Post_Cache {
353
354
355	/**
356	- * Fetch the ~~URL~~ of the new image and the ~~URL~~ of the
357	- * previously cached image so that we can see if anything ~~has changed.~~

358	*
359	*/
360	$new_data = wp_get_attachment_image_src( $new_id, 'full_size' );
361	- $old_data = SWP_Utility::get_meta_array( $this->post_id, $meta_key.'_data' );
362






363	if ( false == $new_data \|\| $new_data === $old_data ) {
364	return;
365	}
366









367	delete_post_meta( $this->post_id, $meta_key.'_data' );
368	delete_post_meta( $this->post_id, $meta_key.'_url' );
369	- delete_post_meta( $this->post_id, $meta_key );
370	-
371	update_post_meta( $this->post_id, $meta_key.'_data', json_encode( $new_data ) );
372	update_post_meta( $this->post_id, $meta_key.'_url', $new_data[0] );
373	}


81	*
82	*/
83	public function __construct( $post_id ) {

84	// Set up the post data into local properties.
85	$this->post_id = $post_id;
86	$this->establish_share_counts();

123	endif;
124
125	// Always be true if we're not a single post.
126	+ if ( !is_singular() && !is_admin() ) :
127	return true;
128	endif;
129

249	* The methods in this section are used to rebuild all of the cached data.
250	*
251	*/
252	+ static function get_image_id( $image_url ) {
253	+ global $wpdb;
254	+ $attachment = $wpdb->get_col($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE guid='%s';", $image_url ));
255	+ // Add a check here for a valid response prior to returning a subset of an array
256	+ return $attachment[0];
257	+ }
258
259	/**
260	* A method to rebuild all cached data

273	*
274	*/
275	public function rebuild_cached_data() {
276	+
277	+ $this->update_image_cache( 'swp_pinterest_image' );
278	+ $this->update_image_cache( 'swp_og_image' );
279	+
280	if( true === $this->is_post_published() ) {
281	$this->rebuild_share_counts();


282	$this->process_urls();
283	$this->reset_timestamp();
284

329	}
330	}
331
332	+
333	/**
334	* Store image url, id, and metadata in post_meta for quicker access later.
335	*
336	* @since 3.5.0 \| 19 DEC 2018 \| Merged old methods into this new method.
337	+ * @since 3.6.0 \| 22 APR 2019 \| Remvoed calls to delete the original field.
338	* @param string $meta_key The image field to update. Known examples include
339	* swp_og_image, swp_pinterest_image, swp_twitter_image
340	* @param int $new_id The attachment ID to update.
341	* @return void
342	+ *
343	*/
344	public function update_image_cache( $meta_key ) {
345	+
346	+
347	+ /**
348	+ * Fetch the ID of the image in question. We will use this to extrapalate
349	+ * the information that we need to prepopulate into the other fields.
350	+ *
351	+ */
352	+ $new_id = SWP_Utility::get_meta( $this->post_id, $meta_key );
353	+ $old_data = SWP_Utility::get_meta_array( $this->post_id, $meta_key . '_data' );
354	+
355	+
356	+ /**
357	+ * The following two processes are designed to fix and restore the image
358	+ * from a bug that was either converting the field from and ID to an array
359	+ * or was deleting the field entirely in which case we restore it from
360	+ * the cached fields.
361	+ *
362	+ * RESTORE FIELD FROM CACHE
363	+ *
364	+ * If the field is empty, but we have the correct cached data, then
365	+ * let's repopulate the field from the cache. The empty field is most
366	+ * likely caused by the bug from 3.5.x that was deleting or altering
367	+ * the data in the field. This will restore it.
368	+ *
369	+ * RESTORE FIELD FROM ARRAY
370	+ *
371	+ * If the meta key was stored as an array, let's find the URL of the
372	+ * image, convert it back to the correct ID of said image, and store that
373	+ * back in the original meta field.
374	+ *
375	+ * This was caused by a bug in a previous version that was overwriting
376	+ * the ID in this field with the image_data array. This will fix that
377	+ * and restore the field to an ID.
378	+ *
379	+ */
380	+ $restore_from_cache = empty( $new_id ) && is_array( $old_data ) && false !== filter_var( $old_data[0], FILTER_VALIDATE_URL );
381	+ $restore_from_array = is_array( $new_id ) && false !== filter_var( $new_id[0], FILTER_VALIDATE_URL );
382	+
383	+ if ( $restore_from_cache \|\| $restore_from_array ) {
384	+ /**
385	+ * This block is for people who are missing a key like `swp_og_image`
386	+ * between v3.5.0 and v3.5.4.
387	+ * The logic below will create the missing key based off of
388	+ * data we have previously saved.
389	+ *
390	+ */
391	+
392	+ // Convert the image URL into a valid WP ID.
393	+ if ( $restore_from_array ) {
394	+ $new_id = self::get_image_id( $new_id[0] );
395	+ } elseif ( $restore_from_cache ) {
396	+ $new_id = self::get_image_id( $old_data[0] );
397	+ }
398	+
399	+ // Bail if we didn't get an ID from the above function.
400	+ if ( empty( $new_id ) ) {
401	+ return;
402	+ }
403	+
404	+ // Delete and update the meta field with the corrected ID.
405	+ delete_post_meta( $this->post_id, $meta_key );
406	+ update_post_meta( $this->post_id, $meta_key, $new_id );
407	+ }
408
409
410	/**

415	* deleted from the meta field.
416	*
417	*/
418	+ if ( empty( $new_id ) ) {
419	delete_post_meta( $this->post_id, $meta_key.'_data' );
420	delete_post_meta( $this->post_id, $meta_key.'_url' );
421	delete_post_meta( $this->post_id, $meta_key );

424
425
426	/**
427	+ * Fetch the data array of the new image and the data array of the old
428	+ * previously cached image (fetchd above) so that we can see if anything
429	+ * has changed.
430	*
431	*/
432	$new_data = wp_get_attachment_image_src( $new_id, 'full_size' );

433
434	+
435	+ /**
436	+ * If the old data is the same as the new data, then there is no need to
437	+ * make any new database calls. Just exit and move on with our lives.
438	+ *
439	+ */
440	if ( false == $new_data \|\| $new_data === $old_data ) {
441	return;
442	}
443
444	+
445	+ /**
446	+ * We are not changing the value of the original field which contains
447	+ * the WordPress attachement ID of the image in question. We are,
448	+ * however, updating two additional fields (_data and _url) so that this
449	+ * data will be preloaded with the post load. We will delete them first
450	+ * to ensure that we never have more than one of the same field.
451	+ *
452	+ */
453	delete_post_meta( $this->post_id, $meta_key.'_data' );
454	delete_post_meta( $this->post_id, $meta_key.'_url' );


455	update_post_meta( $this->post_id, $meta_key.'_data', json_encode( $new_data ) );
456	update_post_meta( $this->post_id, $meta_key.'_url', $new_data[0] );
457	}

lib/utilities/SWP_Utility.php CHANGED Viewed

	@@ -131,7 +131,7 @@ class SWP_Utility {
131	* @return bool Whether or not the options were updated in the database.
132	*/
133	public static function store_settings() {
134	-
135
136	if ( !check_ajax_referer( 'swp_plugin_options_save', 'security', false ) ) {
137	wp_send_json_error( esc_html__( 'Security failed 1.', 'social-warfare' ) );
	@@ -176,7 +176,7 @@ class SWP_Utility {
176	*
177	*/
178	public static function auth() {
179	- if ( !~~is_admin() \|\| !~~current_user_can( '~~administrator~~' ) ) {
180	wp_send_json_error( esc_html__( 'Security failed 2.', 'social-warfare' ) );
181	wp_die();
182	}
	@@ -485,7 +485,6 @@ class SWP_Utility {
485	if ( ( strpos( $meta_key, 'swp_' ) === 0 \|\|
486	( strpos( $meta_key, '_shares' ) > 0 ) &&
487	strpos( $meta_key, '_') === 0 ) ) {
488	- //* Everything comes in as an array, pull out the first value.
489	delete_post_meta( $post_id, $meta_key );
490	}
491	}


131	* @return bool Whether or not the options were updated in the database.
132	*/
133	public static function store_settings() {
134	+
135
136	if ( !check_ajax_referer( 'swp_plugin_options_save', 'security', false ) ) {
137	wp_send_json_error( esc_html__( 'Security failed 1.', 'social-warfare' ) );

176	*
177	*/
178	public static function auth() {
179	+ if ( !current_user_can( 'manage_options' ) ) {
180	wp_send_json_error( esc_html__( 'Security failed 2.', 'social-warfare' ) );
181	wp_die();
182	}

485	if ( ( strpos( $meta_key, 'swp_' ) === 0 \|\|
486	( strpos( $meta_key, '_shares' ) > 0 ) &&
487	strpos( $meta_key, '_') === 0 ) ) {

488	delete_post_meta( $post_id, $meta_key );
489	}
490	}

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: holas84, dustinwstout, webinator, warfareplugins, cdegraff1, ckmah
3	Tags: sharing buttons, social media share, floating share buttons, facebook share, google plus share, linkedin share, pin it, pinterest save, mix button, tweet button, twitter share, click to tweet, social sharing buttons, social share, social sharing, social media sharing, wordpress social sharing plugin, social sharing plugin, share buttons, share counts
4	Requires at least: 4.5.0
5	Tested up to: 5.1
6	- Stable tag: 3.5.3
7	Requires PHP: 5.6
8	License: GNU General Public License v2.0 or later
9
	@@ -194,6 +194,9 @@ We have a growing archive of <a href="https://warfareplugins.com/support/" rel="
194
195	== Changelog ==
196



197	= 3.5.3 (21 MAR 2019) =
198	* Immediate security patch for 3.5.x
199


3	Tags: sharing buttons, social media share, floating share buttons, facebook share, google plus share, linkedin share, pin it, pinterest save, mix button, tweet button, twitter share, click to tweet, social sharing buttons, social share, social sharing, social media sharing, wordpress social sharing plugin, social sharing plugin, share buttons, share counts
4	Requires at least: 4.5.0
5	Tested up to: 5.1
6	+ Stable tag: 3.5.4
7	Requires PHP: 5.6
8	License: GNU General Public License v2.0 or later
9

194
195	== Changelog ==
196
197	+ = 3.5.4 (25 MAR 2019) =
198	+ * Further security auditing and hardening of files against hacking.
199	+
200	= 3.5.3 (21 MAR 2019) =
201	* Immediate security patch for 3.5.x
202

social-warfare.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Social Warfare
4	* Plugin URI: https://warfareplugins.com
5	* Description: A plugin to maximize social shares and drive more traffic using the fastest and most intelligent share buttons on the market, calls to action via in-post click-to-tweets, popular posts widgets based on share popularity, link-shortening, Google Analytics and much, much more!
6	- * Version: 3.5.3
7	* Author: Warfare Plugins
8	* Author URI: https://warfareplugins.com
9	* Text Domain: social-warfare
	@@ -16,7 +16,7 @@ defined( 'WPINC' ) \|\| die;
16	* Define plugin constants for use throughout the plugin (Version and Directories)
17	*
18	*/
19	- define( 'SWP_VERSION' , '3.5.3' );
20	define( 'SWP_PLUGIN_FILE', __FILE__ );
21	define( 'SWP_PLUGIN_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) );
22	define( 'SWP_PLUGIN_DIR', dirname( __FILE__ ) );


3	* Plugin Name: Social Warfare
4	* Plugin URI: https://warfareplugins.com
5	* Description: A plugin to maximize social shares and drive more traffic using the fastest and most intelligent share buttons on the market, calls to action via in-post click-to-tweets, popular posts widgets based on share popularity, link-shortening, Google Analytics and much, much more!
6	+ * Version: 3.5.4
7	* Author: Warfare Plugins
8	* Author URI: https://warfareplugins.com
9	* Text Domain: social-warfare

16	* Define plugin constants for use throughout the plugin (Version and Directories)
17	*
18	*/
19	+ define( 'SWP_VERSION' , '3.5.4' );
20	define( 'SWP_PLUGIN_FILE', __FILE__ );
21	define( 'SWP_PLUGIN_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) );
22	define( 'SWP_PLUGIN_DIR', dirname( __FILE__ ) );

WordPress Social Sharing Plugin – Social Warfare - Version 3.5.4

Version Description

Release Info

Code changes from version 3.5.3 to 3.5.4