Twitter Widget Pro - Version 2.9.0

Version Description

Updates to the Twitter oAuth and changes to make the plugin play nicer with other Twitter plugins that re-use it's classes

Download this release

Release Info

Developer aaroncampbell
Plugin Icon wp plugin Twitter Widget Pro
Version 2.9.0
Comparing to
See all releases

Code changes from version 2.8.0 to 2.9.0

Files changed (4) hide show
  1. lib/oauth-util.php +7 -7
  2. lib/wp-twitter.php +62 -25
  3. readme.txt +12 -3
  4. wp-twitter-widget.php +5 -18
lib/oauth-util.php CHANGED
@@ -1,8 +1,8 @@
1
  <?php
2
- class twpOAuthUtil {
3
  public static function urlencode_rfc3986( $input ) {
4
  if ( is_array( $input ) )
5
- return array_map( array( 'twpOAuthUtil', 'urlencode_rfc3986' ), $input );
6
  else if ( is_scalar( $input ) )
7
  return str_replace( '+', ' ', str_replace( '%7E', '~', rawurlencode( $input ) ) );
8
  else
@@ -28,7 +28,7 @@ class twpOAuthUtil {
28
  $header_name = $matches[2][0];
29
  $header_content = ( isset( $matches[5] ) ) ? $matches[5][0] : $matches[4][0];
30
  if ( preg_match( '/^oauth_/', $header_name ) || ! $only_allow_oauth_parameters )
31
- $params[$header_name] = twpOAuthUtil::urldecode_rfc3986($header_content);
32
 
33
  $offset = $match[1] + strlen($match[0]);
34
  }
@@ -87,8 +87,8 @@ class twpOAuthUtil {
87
  $parsed_parameters = array();
88
  foreach ( $pairs as $pair ) {
89
  $split = explode( '=', $pair, 2 );
90
- $parameter = twpOAuthUtil::urldecode_rfc3986( $split[0] );
91
- $value = isset( $split[1] ) ? twpOAuthUtil::urldecode_rfc3986( $split[1] ) : '';
92
 
93
  if ( isset( $parsed_parameters[$parameter] ) ) {
94
  // We have already recieved parameter(s) with this name, so add to the
@@ -112,8 +112,8 @@ class twpOAuthUtil {
112
  return '';
113
 
114
  // Urlencode both keys and values
115
- $keys = twpOAuthUtil::urlencode_rfc3986( array_keys( $params ) );
116
- $values = twpOAuthUtil::urlencode_rfc3986( array_values( $params ) );
117
  $params = array_combine( $keys, $values );
118
 
119
  // Parameters are sorted by name, using lexicographical byte value ordering.
1
  <?php
2
+ class wpOAuthUtil {
3
  public static function urlencode_rfc3986( $input ) {
4
  if ( is_array( $input ) )
5
+ return array_map( array( 'wpOAuthUtil', 'urlencode_rfc3986' ), $input );
6
  else if ( is_scalar( $input ) )
7
  return str_replace( '+', ' ', str_replace( '%7E', '~', rawurlencode( $input ) ) );
8
  else
28
  $header_name = $matches[2][0];
29
  $header_content = ( isset( $matches[5] ) ) ? $matches[5][0] : $matches[4][0];
30
  if ( preg_match( '/^oauth_/', $header_name ) || ! $only_allow_oauth_parameters )
31
+ $params[$header_name] = wpOAuthUtil::urldecode_rfc3986($header_content);
32
 
33
  $offset = $match[1] + strlen($match[0]);
34
  }
87
  $parsed_parameters = array();
88
  foreach ( $pairs as $pair ) {
89
  $split = explode( '=', $pair, 2 );
90
+ $parameter = wpOAuthUtil::urldecode_rfc3986( $split[0] );
91
+ $value = isset( $split[1] ) ? wpOAuthUtil::urldecode_rfc3986( $split[1] ) : '';
92
 
93
  if ( isset( $parsed_parameters[$parameter] ) ) {
94
  // We have already recieved parameter(s) with this name, so add to the
112
  return '';
113
 
114
  // Urlencode both keys and values
115
+ $keys = wpOAuthUtil::urlencode_rfc3986( array_keys( $params ) );
116
+ $values = wpOAuthUtil::urlencode_rfc3986( array_values( $params ) );
117
  $params = array_combine( $keys, $values );
118
 
119
  // Parameters are sorted by name, using lexicographical byte value ordering.
lib/wp-twitter.php CHANGED
@@ -1,5 +1,4 @@
1
  <?php
2
- require_once( 'oauth-util.php' );
3
  class wpTwitter {
4
  /**
5
  * @var string Twitter App Consumer Key
@@ -12,13 +11,17 @@ class wpTwitter {
12
  private $_consumer_secret;
13
 
14
  /**
15
- * @var string Twitter Request or Access Token
16
  */
17
  private $_token;
18
 
19
  private static $_api_url;
20
 
21
  public function __construct( $args ) {
 
 
 
 
22
  $defaults = array(
23
  'api-url' => 'https://api.twitter.com/',
24
  );
@@ -43,9 +46,11 @@ class wpTwitter {
43
  /**
44
  * Get a request_token from Twitter
45
  *
46
- * @returns a key/value array containing oauth_token and oauth_token_secret
 
 
47
  */
48
- public function getRequestToken( $oauth_callback = null ) {
49
  $parameters = array(
50
  'oauth_nonce' => md5( microtime() . mt_rand() ),
51
  );
@@ -62,24 +67,18 @@ class wpTwitter {
62
  private function _get_request_defaults() {
63
  $params = array(
64
  'sslverify' => apply_filters( 'twp_sslverify', false ),
65
- 'body' => array(
66
- 'oauth_version' => '1.0',
67
- 'oauth_nonce' => md5( microtime() . mt_rand() ),
68
- 'oauth_timestamp' => time(),
69
- 'oauth_consumer_key' => $this->_consumer_key,
70
- ),
71
  );
72
 
73
- if ( ! empty( $this->_token['oauth_token'] ) )
74
- $params['body']['oauth_token'] = $this->_token['oauth_token'];
75
-
76
  return $params;
77
  }
78
 
79
  /**
80
  * Get the authorize URL
81
  *
82
- * @returns a string
 
 
83
  */
84
  public function get_authorize_url( $screen_name = '' ) {
85
  if ( empty( $this->_token['oauth_token'] ) )
@@ -97,16 +96,24 @@ class wpTwitter {
97
 
98
  /**
99
  * Format and sign an OAuth / API request
 
 
 
 
 
 
100
  */
101
  public function send_authed_request( $request_url, $method, $body_parameters = array() ) {
102
  $parameters = $this->_get_request_defaults();
103
  $parameters['body'] = wp_parse_args( $body_parameters, $parameters['body'] );
104
- if ( ! filter_var( $request_url , FILTER_VALIDATE_URL ) )
105
  $request_url = self::get_api_endpoint( $request_url );
106
- $this->sign_request( $parameters, $request_url );
 
 
107
  switch ($method) {
108
  case 'GET':
109
- $request_url = $this->get_normalized_http_url( $request_url ) . '?' . twpOAuthUtil::build_http_query( $parameters['body'] );
110
  unset( $parameters['body'] );
111
  $resp = wp_remote_get( $request_url, $parameters );
112
  break;
@@ -142,6 +149,10 @@ class wpTwitter {
142
  /**
143
  * parses the url and rebuilds it to be
144
  * scheme://host/path
 
 
 
 
145
  */
146
  public function get_normalized_http_url( $url ) {
147
  $parts = parse_url( $url );
@@ -158,21 +169,45 @@ class wpTwitter {
158
  }
159
 
160
  public function sign_request( &$parameters, $request_url, $method = 'GET' ) {
161
- $parameters['body']['oauth_signature_method'] = 'HMAC-SHA1';
162
- $parameters['body']['oauth_signature'] = $this->build_signature( $parameters['body'], $request_url, $method );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
163
  }
164
 
165
  /**
166
- * The request parameters, sorted and concatenated into a normalized string.
167
- * @return string
168
- */
 
 
 
169
  public function get_signable_parameters( $parameters ) {
170
  // Remove oauth_signature if present
171
  // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
172
  if ( isset( $parameters['oauth_signature'] ) )
173
  unset( $parameters['oauth_signature'] );
174
 
175
- return twpOAuthUtil::build_http_query( $parameters );
176
  }
177
 
178
  public function build_signature( $parameters, $request_url, $method = 'GET' ) {
@@ -182,7 +217,7 @@ class wpTwitter {
182
  $this->get_signable_parameters( $parameters )
183
  );
184
 
185
- $parts = twpOAuthUtil::urlencode_rfc3986($parts);
186
 
187
  $base_string = implode('&', $parts);
188
  $token_secret = '';
@@ -195,7 +230,7 @@ class wpTwitter {
195
  $token_secret,
196
  );
197
 
198
- $key_parts = twpOAuthUtil::urlencode_rfc3986( $key_parts );
199
  $key = implode( '&', $key_parts );
200
 
201
  return base64_encode( hash_hmac( 'sha1', $base_string, $key, true ) );
@@ -205,6 +240,8 @@ class wpTwitter {
205
  * Exchange request token and secret for an access token and
206
  * secret, to sign API calls.
207
  *
 
 
208
  * @returns array containing oauth_token,
209
  * oauth_token_secret,
210
  * user_id
1
  <?php
 
2
  class wpTwitter {
3
  /**
4
  * @var string Twitter App Consumer Key
11
  private $_consumer_secret;
12
 
13
  /**
14
+ * @var array Twitter Request or Access Token
15
  */
16
  private $_token;
17
 
18
  private static $_api_url;
19
 
20
  public function __construct( $args ) {
21
+ if ( ! class_exists( 'wpOAuthUtil' ) ) {
22
+ require_once( 'oauth-util.php' );
23
+ }
24
+
25
  $defaults = array(
26
  'api-url' => 'https://api.twitter.com/',
27
  );
46
  /**
47
  * Get a request_token from Twitter
48
  *
49
+ * @param string Oauth Callback
50
+ *
51
+ * @returns array key/value array containing oauth_token and oauth_token_secret
52
  */
53
+ public function get_request_token( $oauth_callback = null ) {
54
  $parameters = array(
55
  'oauth_nonce' => md5( microtime() . mt_rand() ),
56
  );
67
  private function _get_request_defaults() {
68
  $params = array(
69
  'sslverify' => apply_filters( 'twp_sslverify', false ),
70
+ 'body' => array(),
 
 
 
 
 
71
  );
72
 
 
 
 
73
  return $params;
74
  }
75
 
76
  /**
77
  * Get the authorize URL
78
  *
79
+ * @param string $screen_name Twitter user name
80
+ *
81
+ * @returns bool|string false on failure or URL as string
82
  */
83
  public function get_authorize_url( $screen_name = '' ) {
84
  if ( empty( $this->_token['oauth_token'] ) )
96
 
97
  /**
98
  * Format and sign an OAuth / API request
99
+ *
100
+ * @param string $request_url Twitter URL to request
101
+ * @param string $method Usually GET or POST
102
+ * @param array $body_parameters Data to send with request
103
+ *
104
+ * @return object Twitter response or WP_Error
105
  */
106
  public function send_authed_request( $request_url, $method, $body_parameters = array() ) {
107
  $parameters = $this->_get_request_defaults();
108
  $parameters['body'] = wp_parse_args( $body_parameters, $parameters['body'] );
109
+ if ( ! filter_var( $request_url , FILTER_VALIDATE_URL ) ) {
110
  $request_url = self::get_api_endpoint( $request_url );
111
+ }
112
+
113
+ $this->sign_request( $parameters, $request_url, $method );
114
  switch ($method) {
115
  case 'GET':
116
+ $request_url = $this->get_normalized_http_url( $request_url ) . '?' . wpOAuthUtil::build_http_query( $parameters['body'] );
117
  unset( $parameters['body'] );
118
  $resp = wp_remote_get( $request_url, $parameters );
119
  break;
149
  /**
150
  * parses the url and rebuilds it to be
151
  * scheme://host/path
152
+ *
153
+ * @param string $url
154
+ *
155
+ * @return string
156
  */
157
  public function get_normalized_http_url( $url ) {
158
  $parts = parse_url( $url );
169
  }
170
 
171
  public function sign_request( &$parameters, $request_url, $method = 'GET' ) {
172
+ $auth_params = array(
173
+ 'oauth_version' => '1.0',
174
+ 'oauth_nonce' => md5( microtime() . mt_rand() ),
175
+ 'oauth_timestamp' => time(),
176
+ 'oauth_consumer_key' => $this->_consumer_key,
177
+ 'oauth_signature_method' => 'HMAC-SHA1',
178
+ );
179
+ if ( ! empty( $this->_token['oauth_token'] ) ) {
180
+ $auth_params['oauth_token'] = $this->_token['oauth_token'];
181
+ }
182
+
183
+ // For GET requests, oauth parameters are sent in the URL
184
+ if ( 'GET' === $method ) {
185
+ $parameters['body'] = array_merge( $parameters['body'], $auth_params );
186
+ $parameters['body']['oauth_signature'] = $this->build_signature( $parameters['body'], $request_url, $method );
187
+ } else {
188
+ // for non-GET requests oauth parameters are sent via headers
189
+ $auth_params['oauth_signature'] = $this->build_signature( array_merge( $parameters['body'], $auth_params ), $request_url, $method );
190
+ foreach ( $auth_params as $key => $value ) {
191
+ $auth_params[$key] = $key . '="' . rawurlencode( $value ) . '"';
192
+ }
193
+ $parameters['headers']['Authorization'] = 'OAuth ' . implode( ", ", $auth_params );
194
+ }
195
  }
196
 
197
  /**
198
+ * The request parameters, sorted and concatenated into a normalized string.
199
+ *
200
+ * @param array $parameters
201
+ *
202
+ * @return string
203
+ */
204
  public function get_signable_parameters( $parameters ) {
205
  // Remove oauth_signature if present
206
  // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
207
  if ( isset( $parameters['oauth_signature'] ) )
208
  unset( $parameters['oauth_signature'] );
209
 
210
+ return wpOAuthUtil::build_http_query( $parameters );
211
  }
212
 
213
  public function build_signature( $parameters, $request_url, $method = 'GET' ) {
217
  $this->get_signable_parameters( $parameters )
218
  );
219
 
220
+ $parts = wpOAuthUtil::urlencode_rfc3986($parts);
221
 
222
  $base_string = implode('&', $parts);
223
  $token_secret = '';
230
  $token_secret,
231
  );
232
 
233
+ $key_parts = wpOAuthUtil::urlencode_rfc3986( $key_parts );
234
  $key = implode( '&', $key_parts );
235
 
236
  return base64_encode( hash_hmac( 'sha1', $base_string, $key, true ) );
240
  * Exchange request token and secret for an access token and
241
  * secret, to sign API calls.
242
  *
243
+ * @param bool|string $oauth_verifier
244
+ *
245
  * @returns array containing oauth_token,
246
  * oauth_token_secret,
247
  * user_id
readme.txt CHANGED
@@ -2,9 +2,9 @@
2
  Contributors: aaroncampbell
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9993090
4
  Tags: twitter, widget, feed
5
- Requires at least: 3.0
6
- Tested up to: 4.3
7
- Stable tag: 2.8.0
8
 
9
  A widget that properly handles twitter feeds, including parsing @username, #hashtags, and URLs into links.
10
 
@@ -130,6 +130,9 @@ Apparently the database queries required to display the friends feed was causing
130
 
131
  == Upgrade Notice ==
132
 
 
 
 
133
  = 2.8.0 =
134
  Updates to make the plugin translatable with the new translate.wordpress.org
135
 
@@ -156,6 +159,12 @@ Upgrade to the new Twitter API and add support for lists
156
 
157
  == Changelog ==
158
 
 
 
 
 
 
 
159
  = 2.8.0 =
160
  * Move to a static text domain
161
  * Move away from my plugin framework
2
  Contributors: aaroncampbell
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9993090
4
  Tags: twitter, widget, feed
5
+ Requires at least: 4.7
6
+ Tested up to: 4.9
7
+ Stable tag: 2.9.0
8
 
9
  A widget that properly handles twitter feeds, including parsing @username, #hashtags, and URLs into links.
10
 
130
 
131
  == Upgrade Notice ==
132
 
133
+ = 2.9.0 =
134
+ Updates to the Twitter oAuth and changes to make the plugin play nicer with other Twitter plugins that re-use it's classes
135
+
136
  = 2.8.0 =
137
  Updates to make the plugin translatable with the new translate.wordpress.org
138
 
159
 
160
  == Changelog ==
161
 
162
+ = 2.9.0 =
163
+ * Remove screen icon code
164
+ * Update WordPress Twitter helper class
165
+ * Update Twitter oAuth class
166
+ * Load class files conditionally
167
+
168
  = 2.8.0 =
169
  * Move to a static text domain
170
  * Move away from my plugin framework
wp-twitter-widget.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Twitter Widget Pro
4
  * Plugin URI: https://aarondcampbell.com/wordpress-plugin/twitter-widget-pro/
5
  * Description: A widget that properly handles twitter feeds, including @username, #hashtag, and link parsing. It can even display profile images for the users. Requires PHP5.
6
- * Version: 2.8.0
7
  * Author: Aaron D. Campbell
8
  * Author URI: https://aarondcampbell.com/
9
  * License: GPLv2 or later
@@ -114,8 +114,6 @@ class wpTwitterWidget {
114
  * @return void
115
  */
116
  protected function __construct() {
117
- require_once( 'lib/wp-twitter.php' );
118
-
119
  $this->_file = plugin_basename( __FILE__ );
120
  $this->_pageTitle = __( 'Twitter Widget Pro', 'twitter-widget-pro' );
121
  $this->_menuTitle = __( 'Twitter Widget', 'twitter-widget-pro' );
@@ -159,6 +157,9 @@ class wpTwitterWidget {
159
  'consumer-key' => $this->_settings['twp']['consumer-key'],
160
  'consumer-secret' => $this->_settings['twp']['consumer-secret'],
161
  );
 
 
 
162
  $this->_wp_twitter_oauth = new wpTwitter( $oauth_settings );
163
 
164
  // We want to fill 'twp-authed-users' but not overwrite them when saving
@@ -206,7 +207,7 @@ class wpTwitterWidget {
206
  if ( 'authorize' == $_GET['action'] ) {
207
  check_admin_referer( 'authorize' );
208
  $auth_redirect = add_query_arg( array( 'action' => 'authorized' ), $this->get_options_url() );
209
- $token = $this->_wp_twitter_oauth->getRequestToken( $auth_redirect );
210
  if ( is_wp_error( $token ) ) {
211
  $this->_error = $token;
212
  return;
@@ -1319,7 +1320,6 @@ class wpTwitterWidget {
1319
  $main_width = empty( $sidebarBoxes )? '100%' : '75%';
1320
  ?>
1321
  <div class="wrap">
1322
- <?php $this->screen_icon_link(); ?>
1323
  <h2><?php echo esc_html($this->_pageTitle); ?></h2>
1324
  <div class="metabox-holder">
1325
  <div class="postbox-container" style="width:<?php echo $main_width; ?>;">
@@ -1459,19 +1459,6 @@ class wpTwitterWidget {
1459
  echo "</div>";
1460
  }
1461
 
1462
- public function screen_icon_link($name = 'aaron') {
1463
- $link = '<a href="http://aarondcampbell.com">';
1464
- if ( function_exists( 'get_screen_icon' ) ) {
1465
- $link .= get_screen_icon( $name );
1466
- } else {
1467
- ob_start();
1468
- screen_icon($name);
1469
- $link .= ob_get_clean();
1470
- }
1471
- $link .= '</a>';
1472
- echo apply_filters('rpf-screen_icon_link', $link, $name );
1473
- }
1474
-
1475
  public function admin_print_scripts() {
1476
  if (isset($_GET['page']) && $_GET['page'] == $this->_hook) {
1477
  wp_enqueue_script('postbox');
3
  * Plugin Name: Twitter Widget Pro
4
  * Plugin URI: https://aarondcampbell.com/wordpress-plugin/twitter-widget-pro/
5
  * Description: A widget that properly handles twitter feeds, including @username, #hashtag, and link parsing. It can even display profile images for the users. Requires PHP5.
6
+ * Version: 2.9.0
7
  * Author: Aaron D. Campbell
8
  * Author URI: https://aarondcampbell.com/
9
  * License: GPLv2 or later
114
  * @return void
115
  */
116
  protected function __construct() {
 
 
117
  $this->_file = plugin_basename( __FILE__ );
118
  $this->_pageTitle = __( 'Twitter Widget Pro', 'twitter-widget-pro' );
119
  $this->_menuTitle = __( 'Twitter Widget', 'twitter-widget-pro' );
157
  'consumer-key' => $this->_settings['twp']['consumer-key'],
158
  'consumer-secret' => $this->_settings['twp']['consumer-secret'],
159
  );
160
+ if ( ! class_exists( 'wpTwitter' ) ) {
161
+ require_once( 'lib/wp-twitter.php' );
162
+ }
163
  $this->_wp_twitter_oauth = new wpTwitter( $oauth_settings );
164
 
165
  // We want to fill 'twp-authed-users' but not overwrite them when saving
207
  if ( 'authorize' == $_GET['action'] ) {
208
  check_admin_referer( 'authorize' );
209
  $auth_redirect = add_query_arg( array( 'action' => 'authorized' ), $this->get_options_url() );
210
+ $token = $this->_wp_twitter_oauth->get_request_token( $auth_redirect );
211
  if ( is_wp_error( $token ) ) {
212
  $this->_error = $token;
213
  return;
1320
  $main_width = empty( $sidebarBoxes )? '100%' : '75%';
1321
  ?>
1322
  <div class="wrap">
 
1323
  <h2><?php echo esc_html($this->_pageTitle); ?></h2>
1324
  <div class="metabox-holder">
1325
  <div class="postbox-container" style="width:<?php echo $main_width; ?>;">
1459
  echo "</div>";
1460
  }
1461
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1462
  public function admin_print_scripts() {
1463
  if (isset($_GET['page']) && $_GET['page'] == $this->_hook) {
1464
  wp_enqueue_script('postbox');