SoundCloud Is Gold - Version 2.3.2

Version Description

minor XSS security update

Release Info

Developer	realTM
Plugin	SoundCloud Is Gold
Version	2.3.2
Comparing to
See all releases

Code changes from version 2.3.1 to 2.3.2

Files changed (4) hide show

readme.txt +5 -6
soundcloud-is-gold-functions.php +28 -13
soundcloud-is-gold-js.js +1 -1
soundcloud-is-gold.php +12 -1

readme.txt CHANGED Viewed

	@@ -3,17 +3,13 @@ Contributors: Thomas Michalak
3	Donate link: http://www.mightymess.com/soundcloud-is-gold-wordpress-plugin
4	Tags: soundcloud, integrated, media, shortcode, browse, design, easy, simple, music, sound, js, live preview, flash, html5
5	Requires at least: 3.2
6	- Tested up to: 4.0.1
7	- Stable tag: 2.3.1
8
9	Browse through your soundcloud tracks, sets and favourites. Select and add tracks, sets or favourites to your posts. Live preview, easy.
10
11	== Description ==
12
13	- Compatible with new WP 4.0.1
14	-
15	- Now with soundcloud's official html5 player!
16	-
17	New Widget to display latest and random track, favorites or sets for one user, multiple users or random users.
18
19	Soundcloud is Gold integrates perfectly into wordpress. Browse through your soundcloud tracks, sets and favorites from the 'Soundcloud is gold' tab in the post's 'upload media' popup window. Select, set and add track, sets, favorites to your post using the soundcloud player. Live Preview, easy, smart and straightforward.
	@@ -156,6 +152,9 @@ When updating to 2.0, if you're experiencing issues, deactivate and reactivate t
156
157	== Changelog ==
158



159	= 2.3 =
160	* Updated plugin to new Soundcloud API (Json only)
161	* Small styling fix


3	Donate link: http://www.mightymess.com/soundcloud-is-gold-wordpress-plugin
4	Tags: soundcloud, integrated, media, shortcode, browse, design, easy, simple, music, sound, js, live preview, flash, html5
5	Requires at least: 3.2
6	+ Tested up to: 4.3.1
7	+ Stable tag: 2.3.2
8
9	Browse through your soundcloud tracks, sets and favourites. Select and add tracks, sets or favourites to your posts. Live preview, easy.
10
11	== Description ==
12




13	New Widget to display latest and random track, favorites or sets for one user, multiple users or random users.
14
15	Soundcloud is Gold integrates perfectly into wordpress. Browse through your soundcloud tracks, sets and favorites from the 'Soundcloud is gold' tab in the post's 'upload media' popup window. Select, set and add track, sets, favorites to your post using the soundcloud player. Live Preview, easy, smart and straightforward.

152
153	== Changelog ==
154
155	+ = 2.3.2 =
156	+ * minor XSS security update
157	+
158	= 2.3 =
159	* Updated plugin to new Soundcloud API (Json only)
160	* Small styling fix

soundcloud-is-gold-functions.php CHANGED Viewed

	@@ -361,11 +361,11 @@ function get_soundcloud_is_gold_user_tracks(){
361	//Default Pagination Settings
362	$soundcloudIsGoldTracksPerPage = 25;
363	$soundcloudIsGoldPage = isset($_REQUEST['paged']) ? $_REQUEST['paged'] : '1';
364	- $post_id = $_REQUEST['post_id'];
365	$soundcloudIsGoldApiOffset = $soundcloudIsGoldTracksPerPage*($soundcloudIsGoldPage-1);
366
367	//API Call
368	- $soundcloudIsGoldSelectedFormat = isset($_REQUEST['selectFormat']) ? $_REQUEST['selectFormat'] : 'tracks';
369	if($soundcloudIsGoldSelectedFormat == 'tracks') $soundcloudIsGoldApiCall = 'http://api.soundcloud.com/users/'.$soundcloudIsGoldActiveUser.'/tracks.json?limit='.$soundcloudIsGoldTracksPerPage.'&offset='.$soundcloudIsGoldApiOffset.'&client_id=9rD2GrGrajkmkw5eYFDp2g';
370	if($soundcloudIsGoldSelectedFormat == 'sets') $soundcloudIsGoldApiCall = 'http://api.soundcloud.com/users/'.$soundcloudIsGoldActiveUser.'/playlists.json?limit='.$soundcloudIsGoldTracksPerPage.'&offset='.$soundcloudIsGoldApiOffset.'&client_id=9rD2GrGrajkmkw5eYFDp2g';
371	if($soundcloudIsGoldSelectedFormat == 'favorites') $soundcloudIsGoldApiCall = 'http://api.soundcloud.com/users/'.$soundcloudIsGoldActiveUser.'/favorites.json?limit='.$soundcloudIsGoldTracksPerPage.'&offset='.$soundcloudIsGoldApiOffset.'&client_id=9rD2GrGrajkmkw5eYFDp2g';
	@@ -578,7 +578,6 @@ function soundcloud_is_gold_shortcode($atts){
578	}
579
580
581	-
582	/******************************************************/
583	/ /
584	/ OUTPUT /
	@@ -588,11 +587,7 @@ function soundcloud_is_gold_shortcode($atts){
588
589	/ The Player /
590	function soundcloud_is_gold_player($id, $user, $autoPlay, $comments, $width, $classes, $playerTypes, $color, $artwork, $format){
591	- ~~//XSS Protection on data coming from fields~~
592	- //$xssProtection = "/^[A-Za-z0-9 \,]{2,15}$/";
593	- //if (!preg_match($xssProtection, $width)) $width == NULL;
594	- //if (!preg_match($xssProtection, $classes)) $classes == NULL;
595	-
596
597	$options = get_option('soundcloud_is_gold_options');
598	$soundcloudIsGoldSettings = isset($options['soundcloud_is_gold_settings']) ? $options['soundcloud_is_gold_settings'] : '';
	@@ -616,10 +611,10 @@ function soundcloud_is_gold_player($id, $user, $autoPlay, $comments, $width, $cl
616	$color = str_replace('#', '', $color);
617
618	//In case of requesting latest track
619	- if(isset($user) && $user != "null"){
620	$returnedId = get_soundcloud_is_gold_latest_track_id($user, $format);
621	if($returnedId != "") $id = $returnedId;
622	- }
623
624	if($format == 'favorites') $format = "tracks"; //Reset Favorites to tracks as soundcloud treats them as tracks.
625
	@@ -660,11 +655,31 @@ function soundcloud_is_gold_player($id, $user, $autoPlay, $comments, $width, $cl
660	}
661	$player .= '</div>';
662
663	-
664	return $player;
665
666	}
667





















668	/*******************************************/
669	/ /
670	/ AJAX /
	@@ -673,14 +688,14 @@ function soundcloud_is_gold_player($id, $user, $autoPlay, $comments, $width, $cl
673	/ Preview /
674	add_action('wp_ajax_soundcloud_is_gold_player_preview', 'soundcloud_is_gold_player_preview');
675	function soundcloud_is_gold_player_preview(){
676	- if(isset($_POST['request'])) echo soundcloud_is_gold_player($_POST['ID'], $_POST['user'], $_POST['autoPlay'], $_POST['comments'], $_POST['width'], $_POST['classes'], $_POST['playerType'], $_POST['color'], $_POST['artwork'], $_POST['format']);
677	die;
678	}
679	/ viewer Ajax /
680	add_action('wp_ajax_get_soundcloud_player', 'get_soundcloud_player');
681	add_action('wp_ajax_nopriv_get_soundcloud_player', 'get_soundcloud_player');
682	function get_soundcloud_player(){
683	- echo soundcloud_is_gold_player($_POST['id'], $_POST['width'], $_POST['comments'], $_POST['autoPlay'], $_POST['type'], $_POST['color'], $_POST['format']);
684	die();
685	}
686	/ Add username /


361	//Default Pagination Settings
362	$soundcloudIsGoldTracksPerPage = 25;
363	$soundcloudIsGoldPage = isset($_REQUEST['paged']) ? $_REQUEST['paged'] : '1';
364	+ $post_id = no_more_XSS($_REQUEST['post_id']);
365	$soundcloudIsGoldApiOffset = $soundcloudIsGoldTracksPerPage*($soundcloudIsGoldPage-1);
366
367	//API Call
368	+ $soundcloudIsGoldSelectedFormat = isset($_REQUEST['selectFormat']) ? no_more_XSS($_REQUEST['selectFormat']) : 'tracks';
369	if($soundcloudIsGoldSelectedFormat == 'tracks') $soundcloudIsGoldApiCall = 'http://api.soundcloud.com/users/'.$soundcloudIsGoldActiveUser.'/tracks.json?limit='.$soundcloudIsGoldTracksPerPage.'&offset='.$soundcloudIsGoldApiOffset.'&client_id=9rD2GrGrajkmkw5eYFDp2g';
370	if($soundcloudIsGoldSelectedFormat == 'sets') $soundcloudIsGoldApiCall = 'http://api.soundcloud.com/users/'.$soundcloudIsGoldActiveUser.'/playlists.json?limit='.$soundcloudIsGoldTracksPerPage.'&offset='.$soundcloudIsGoldApiOffset.'&client_id=9rD2GrGrajkmkw5eYFDp2g';
371	if($soundcloudIsGoldSelectedFormat == 'favorites') $soundcloudIsGoldApiCall = 'http://api.soundcloud.com/users/'.$soundcloudIsGoldActiveUser.'/favorites.json?limit='.$soundcloudIsGoldTracksPerPage.'&offset='.$soundcloudIsGoldApiOffset.'&client_id=9rD2GrGrajkmkw5eYFDp2g';

578	}
579
580

581	/******************************************************/
582	/ /
583	/ OUTPUT /

587
588	/ The Player /
589	function soundcloud_is_gold_player($id, $user, $autoPlay, $comments, $width, $classes, $playerTypes, $color, $artwork, $format){
590	+




591
592	$options = get_option('soundcloud_is_gold_options');
593	$soundcloudIsGoldSettings = isset($options['soundcloud_is_gold_settings']) ? $options['soundcloud_is_gold_settings'] : '';

611	$color = str_replace('#', '', $color);
612
613	//In case of requesting latest track
614	+ /*if(isset($user) && $user != "null"){
615	$returnedId = get_soundcloud_is_gold_latest_track_id($user, $format);
616	if($returnedId != "") $id = $returnedId;
617	+ }*/
618
619	if($format == 'favorites') $format = "tracks"; //Reset Favorites to tracks as soundcloud treats them as tracks.
620

655	}
656	$player .= '</div>';
657

658	return $player;
659
660	}
661
662	+
663	+ /*******************/
664	+ /* */
665	+ /* XSS Protect */
666	+ /* */
667	+ /*******************/
668	+ /**
669	+ * XSS Protection on data coming from fields
670	+ * data = value coming from a field
671	+ * return cleaned data
672	+ **/
673	+
674	+ function no_more_XSS($data){
675	+ $xssBlackList = "/^[A-Za-z0-9 \,]{2,15}$/";
676	+ //$check = preg_match($xssBlackList, $data);
677	+ $d = strip_tags($data);
678	+ return $d;
679	+
680	+ }
681	+
682	+
683	/*******************************************/
684	/ /
685	/ AJAX /

688	/ Preview /
689	add_action('wp_ajax_soundcloud_is_gold_player_preview', 'soundcloud_is_gold_player_preview');
690	function soundcloud_is_gold_player_preview(){
691	+ if(isset($_POST['request'])) echo soundcloud_is_gold_player(no_more_XSS($_POST['ID']), no_more_XSS($_POST['user']), no_more_XSS($_POST['autoPlay']), no_more_XSS($_POST['comments']), no_more_XSS($_POST['width']), no_more_XSS($_POST['classes']), no_more_XSS($_POST['playerType']), no_more_XSS($_POST['color']), no_more_XSS($_POST['artwork']), no_more_XSS($_POST['format']));
692	die;
693	}
694	/ viewer Ajax /
695	add_action('wp_ajax_get_soundcloud_player', 'get_soundcloud_player');
696	add_action('wp_ajax_nopriv_get_soundcloud_player', 'get_soundcloud_player');
697	function get_soundcloud_player(){
698	+ echo soundcloud_is_gold_player(no_more_XSS($_POST['id']), no_more_XSS($_POST['width']), no_more_XSS($_POST['comments']), no_more_XSS($_POST['autoPlay']), no_more_XSS($_POST['type']), no_more_XSS($_POST['color']), no_more_XSS($_POST['format']));
699	die();
700	}
701	/ Add username /

soundcloud-is-gold-js.js CHANGED Viewed

	@@ -295,7 +295,7 @@ jQuery(document).ready(function($){
295	color: color,
296	format: format
297	};
298	-
299	//Tell user it's loading
300	$('.soundcloudMMEmbed', parent).fadeOut('fast', function(){
301	$('.soundcloudMMPreviewLoading', parent).fadeIn();


295	color: color,
296	format: format
297	};
298	+
299	//Tell user it's loading
300	$('.soundcloudMMEmbed', parent).fadeOut('fast', function(){
301	$('.soundcloudMMPreviewLoading', parent).fadeIn();

soundcloud-is-gold.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Soundcloud is Gold
4	Plugin URI: http://www.mightymess.com/soundcloud-is-gold-wordpress-plugin
5	Description: <strong><a href="http://www.mightymess.com/soundcloud-is-gold-wordpress-plugin">Soundcloud is gold</a></strong> integrates perfectly into wordpress. Browse through your soundcloud tracks, sets and favorites from the 'soundcloud is gold' tab with the post's 'upload media' popup window. Select, set and add track, sets or favorites to your post using the soundcloud player. Live Preview, easy, smart and straightforward. You can set default settings in the option page, choose your defaut soundcloud player (Mini, Standard, Artwork, html5), its width, extra classes for you CSS lovers and your favorite colors. You'll still be able to set players to different settings before adding to your post if you fancy a one off change. Now with Html5 player and Widget!
6	- Version: 2.3.1
7	Author: Thomas Michalak
8	Author URI: http://www.mightymess.com/thomas-michalak
9	License: GPL2 or Later
	@@ -172,6 +172,17 @@ function soundcloud_is_gold_options(){
172	<?php get_soundcloud_is_gold_default_settings_for_js(); ?>
173	</script>
174











175	<div class="soundcloudMMWrapper soundcloudMMOptions soundcloudMMMainWrapper">
176	<div id="soundcloudMMTop" class="darkGreyGradient">
177	<a id="soundcloudMMLogo" class="orangeGradient" href="http://www.soundcloud.com" title="visit SoundCloud website"><img src="<?php echo SIG_PLUGIN_DIR ?>/images/soundcloud-logo-sc.png" width="107" height="71" alt="Soundcloud Logo"/></a>


3	Plugin Name: Soundcloud is Gold
4	Plugin URI: http://www.mightymess.com/soundcloud-is-gold-wordpress-plugin
5	Description: <strong><a href="http://www.mightymess.com/soundcloud-is-gold-wordpress-plugin">Soundcloud is gold</a></strong> integrates perfectly into wordpress. Browse through your soundcloud tracks, sets and favorites from the 'soundcloud is gold' tab with the post's 'upload media' popup window. Select, set and add track, sets or favorites to your post using the soundcloud player. Live Preview, easy, smart and straightforward. You can set default settings in the option page, choose your defaut soundcloud player (Mini, Standard, Artwork, html5), its width, extra classes for you CSS lovers and your favorite colors. You'll still be able to set players to different settings before adding to your post if you fancy a one off change. Now with Html5 player and Widget!
6	+ Version: 2.3.2
7	Author: Thomas Michalak
8	Author URI: http://www.mightymess.com/thomas-michalak
9	License: GPL2 or Later

172	<?php get_soundcloud_is_gold_default_settings_for_js(); ?>
173	</script>
174
175	+
176	+ <!-- XXS test -->
177	+ <!-- <form method="POST" action="
178	+ http://localhost/~thomas/Others/dev/wp-admin/admin-ajax.php?action=get_soundcloud_player" />
179	+ <input type="text" name="id" value='"></param></object><img src=x
180	+ onerror=alert(1) />' />
181	+ <input type="text" name="format" value="1">
182	+ <input type="submit" name="submit" />
183	+ </form> -->
184	+
185	+
186	<div class="soundcloudMMWrapper soundcloudMMOptions soundcloudMMMainWrapper">
187	<div id="soundcloudMMTop" class="darkGreyGradient">
188	<a id="soundcloudMMLogo" class="orangeGradient" href="http://www.soundcloud.com" title="visit SoundCloud website"><img src="<?php echo SIG_PLUGIN_DIR ?>/images/soundcloud-logo-sc.png" width="107" height="71" alt="Soundcloud Logo"/></a>