WD Facebook Feed – Custom Facebook Feed Plugin

Version Description

Fixed: Security issues

Release Info

Developer	10web
Plugin	WD Facebook Feed – Custom Facebook Feed Plugin
Version	1.1.13
Comparing to
See all releases

Code changes from version 1.1.12 to 1.1.13

Files changed (12) hide show

admin/models/FFWDModelInfo_ffwd.php +4 -4
admin/models/FFWDModelThemes_ffwd.php +2 -2
admin/views/FFWDViewFFWDShortcode.php +0 -4
facebook-feed-wd-notices.php +1 -1
facebook-feed-wd.php +3 -3
framework/WDFacebookFeed.php +3 -3
framework/WDW_FFWD_Library.php +23 -3
frontend/views/FFWDViewAlbum_compact.php +10 -31
frontend/views/FFWDViewPopupBox.php +1 -1
readme.txt +2 -2
wd/includes/deactivate.php +0 -2
wd/includes/notices.php +1 -1

admin/models/FFWDModelInfo_ffwd.php CHANGED Viewed

	@@ -177,7 +177,7 @@ class FFWDModelInfo_ffwd {
177	$asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
178	$image_order_by = ' ORDER BY `' . ((isset($_POST['image_order_by']) && sanitize_text_field(stripslashes($_POST['image_order_by'])) != '') ? sanitize_text_field(stripslashes($_POST['image_order_by'])) : 'order') . '` ' . $asc_or_desc;
179	if (isset($_POST['page_number']) && $_POST['page_number']) {
180	- $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
181	}
182	else {
183	$limit = 0;
	@@ -282,7 +282,7 @@ class FFWDModelInfo_ffwd {
282	$asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
283	$order_by = ' ORDER BY `' . ((isset($_POST['order_by']) && sanitize_text_field(stripslashes($_POST['order_by'])) != '') ? sanitize_text_field(stripslashes($_POST['order_by'])) : 'order') . '` ' . $asc_or_desc;
284	if (isset($_POST['page_number']) && $_POST['page_number']) {
285	- $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
286	}
287	else {
288	$limit = 0;
	@@ -416,7 +416,7 @@ $row->album_image_max_columns= 5;
416	$total = $wpdb->get_var($query);
417	$page_nav['total'] = $total;
418	if (isset($_POST['page_number']) && $_POST['page_number']) {
419	- $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
420	}
421	else {
422	$limit = 0;
	@@ -438,7 +438,7 @@ $row->album_image_max_columns= 5;
438	$total = $wpdb->get_var($query);
439	$page_nav['total'] = $total;
440	if (isset($_POST['page_number']) && $_POST['page_number']) {
441	- $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
442	}
443	else {
444	$limit = 0;


177	$asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
178	$image_order_by = ' ORDER BY `' . ((isset($_POST['image_order_by']) && sanitize_text_field(stripslashes($_POST['image_order_by'])) != '') ? sanitize_text_field(stripslashes($_POST['image_order_by'])) : 'order') . '` ' . $asc_or_desc;
179	if (isset($_POST['page_number']) && $_POST['page_number']) {
180	+ $limit = ((int) sanitize_text_field($_POST['page_number']) - 1) * $this->per_page;
181	}
182	else {
183	$limit = 0;

282	$asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
283	$order_by = ' ORDER BY `' . ((isset($_POST['order_by']) && sanitize_text_field(stripslashes($_POST['order_by'])) != '') ? sanitize_text_field(stripslashes($_POST['order_by'])) : 'order') . '` ' . $asc_or_desc;
284	if (isset($_POST['page_number']) && $_POST['page_number']) {
285	+ $limit = ((int) sanitize_text_field($_POST['page_number']) - 1) * $this->per_page;
286	}
287	else {
288	$limit = 0;

416	$total = $wpdb->get_var($query);
417	$page_nav['total'] = $total;
418	if (isset($_POST['page_number']) && $_POST['page_number']) {
419	+ $limit = ((int) sanitize_text_field($_POST['page_number']) - 1) * $this->per_page;
420	}
421	else {
422	$limit = 0;

438	$total = $wpdb->get_var($query);
439	$page_nav['total'] = $total;
440	if (isset($_POST['page_number']) && $_POST['page_number']) {
441	+ $limit = ((int) sanitize_text_field($_POST['page_number']) - 1) * $this->per_page;
442	}
443	else {
444	$limit = 0;

admin/models/FFWDModelThemes_ffwd.php CHANGED Viewed

	@@ -35,7 +35,7 @@ class FFWDModelThemes_ffwd {
35	$asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
36	$order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && sanitize_text_field($_POST['order_by']) != '') ? sanitize_text_field($_POST['order_by']) : 'id') . ' ' . $asc_or_desc;
37	if (isset($_POST['page_number']) && $_POST['page_number']) {
38	- $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
39	}
40	else {
41	$limit = 0;
	@@ -367,7 +367,7 @@ class FFWDModelThemes_ffwd {
367	$total = $wpdb->get_var($query);
368	$page_nav['total'] = $total;
369	if (isset($_POST['page_number']) && $_POST['page_number']) {
370	- $limit = ((int) $_POST['page_number'] - 1) * $this->per_page;
371	}
372	else {
373	$limit = 0;


35	$asc_or_desc = ($asc_or_desc != 'asc') ? 'desc' : 'asc';
36	$order_by = ' ORDER BY ' . ((isset($_POST['order_by']) && sanitize_text_field($_POST['order_by']) != '') ? sanitize_text_field($_POST['order_by']) : 'id') . ' ' . $asc_or_desc;
37	if (isset($_POST['page_number']) && $_POST['page_number']) {
38	+ $limit = ((int) sanitize_text_field($_POST['page_number']) - 1) * $this->per_page;
39	}
40	else {
41	$limit = 0;

367	$total = $wpdb->get_var($query);
368	$page_nav['total'] = $total;
369	if (isset($_POST['page_number']) && $_POST['page_number']) {
370	+ $limit = ((int) sanitize_text_field($_POST['page_number']) - 1) * $this->per_page;
371	}
372	else {
373	$limit = 0;

admin/views/FFWDViewFFWDShortcode.php CHANGED Viewed

	@@ -59,10 +59,6 @@ class FFWDViewFFWDShortcode
59	<base target="_self">
60	</head>
61	<body id="link" dir="ltr" class="forceColors">
62	- <?php /* if (isset($_POST['tagtext'])) {
63	- echo '<script>tinyMCEPopup.close();</script></body></html>';
64	- die();
65	- } */?>
66	<form method="post" action="#" id="bwg_shortcode_form">
67	<?php wp_nonce_field('FFWDShortcode', 'ffwd_nonce'); ?>
68	<div class="tabs" role="tablist" tabindex="-1">


59	<base target="_self">
60	</head>
61	<body id="link" dir="ltr" class="forceColors">




62	<form method="post" action="#" id="bwg_shortcode_form">
63	<?php wp_nonce_field('FFWDShortcode', 'ffwd_nonce'); ?>
64	<div class="tabs" role="tablist" tabindex="-1">

facebook-feed-wd-notices.php CHANGED Viewed

	@@ -150,7 +150,7 @@ class FFWD_Notices {
150	$admin_notices_option = get_option($this->prefix . '_admin_notice', array());
151	$current_date = current_time("n/j/Y");
152	$date_array = explode('/', $current_date);
153	- $interval = (isset($_GET['wd_int']) ? intval($_GET['wd_int']) : 14);
154	$date_array[1] += $interval;
155	$new_start = date("n/j/Y", mktime(0, 0, 0, $date_array[0], $date_array[1], $date_array[2]));
156


150	$admin_notices_option = get_option($this->prefix . '_admin_notice', array());
151	$current_date = current_time("n/j/Y");
152	$date_array = explode('/', $current_date);
153	+ $interval = (isset($_GET['wd_int']) ? intval(sanitize_text_field($_GET['wd_int'])) : 14);
154	$date_array[1] += $interval;
155	$new_start = date("n/j/Y", mktime(0, 0, 0, $date_array[0], $date_array[1], $date_array[2]));
156

facebook-feed-wd.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	* Plugin Name: 10Web Social Feed
5	* Plugin URI: https://10web.io/plugins/wordpress-facebook-feed/?utm_source=facebook_feed&utm_medium=free_plugin
6	* Description: 10Web Social Feed is a completely customizable, responsive solution to help you display your Facebook feed on your WordPress website.
7	- * Version: 1.1.12
8	* Author: 10Web
9	* Author URI: https://10web.io/plugins/?utm_source=facebook_feed&utm_medium=free_plugin
10	* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
	@@ -15,7 +15,7 @@ define( 'WD_FFWD_URL', plugins_url( plugin_basename( dirname( __FILE__ ) ) ) );
15	define( 'WD_FB_PREFIX', 'ffwd' );
16	define( 'WD_FB_IS_FREE', TRUE );
17	if (! defined( 'FFWD_VERSION' ) ){
18	- define ('FFWD_VERSION',"1.1.12");
19	}
20
21	add_action('admin_notices', 'ffwd_login_notice');
	@@ -75,7 +75,7 @@ function ffwd_use_home_url() {
75	}
76
77	if ( ffwd_use_home_url() ) {
78	- define( 'WD_FFWD_FRONT_URL', ~~home_url~~( ~~"wp-content/plugins/" .~~ plugin_basename( dirname( __FILE__ ) ) ) );
79	} else {
80	define( 'WD_FFWD_FRONT_URL', WD_FFWD_URL );
81	}


4	* Plugin Name: 10Web Social Feed
5	* Plugin URI: https://10web.io/plugins/wordpress-facebook-feed/?utm_source=facebook_feed&utm_medium=free_plugin
6	* Description: 10Web Social Feed is a completely customizable, responsive solution to help you display your Facebook feed on your WordPress website.
7	+ * Version: 1.1.13
8	* Author: 10Web
9	* Author URI: https://10web.io/plugins/?utm_source=facebook_feed&utm_medium=free_plugin
10	* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html

15	define( 'WD_FB_PREFIX', 'ffwd' );
16	define( 'WD_FB_IS_FREE', TRUE );
17	if (! defined( 'FFWD_VERSION' ) ){
18	+ define ('FFWD_VERSION',"1.1.13");
19	}
20
21	add_action('admin_notices', 'ffwd_login_notice');

75	}
76
77	if ( ffwd_use_home_url() ) {
78	+ define( 'WD_FFWD_FRONT_URL', plugins_url( plugin_basename( dirname( __FILE__ ) ) ));
79	} else {
80	define( 'WD_FFWD_FRONT_URL', WD_FFWD_URL );
81	}

framework/WDFacebookFeed.php CHANGED Viewed

	@@ -509,7 +509,7 @@ $ffwd_info_options[$ffwd_option_db] =((isset($_POST[$ffwd_option_db])) ? sanitiz
509	$_POST['page_access_token'] = $fb_page->access_token;
510
511
512	- self::$content_url = ((isset($_POST['content_url'])) ? ~~sanitize_text_field~~(~~stripslashes(~~$_POST['content_url'])) : '');
513	self::$limit = ((isset($_POST['limit'])) ? sanitize_text_field(stripslashes($_POST['limit'])) : '');
514	self::set_access_token();
515	self::check_fb_page_url();
	@@ -583,7 +583,7 @@ $ffwd_info_options[$ffwd_option_db] =((isset($_POST[$ffwd_option_db])) ? sanitiz
583
584	public static function set_content() {
585	$content_type = ((isset($_POST['content_type'])) ? sanitize_text_field(stripslashes($_POST['content_type'])) : '');
586	- $content = (~~isset($_POST[~~'content'~~]))~~ ~~? $_POST['content'] :~~ array();
587	self::$content_type = in_array($content_type, self::$valid_content_types) ? $content_type : false;
588	// If right content type
589	if(self::$content_type)
	@@ -594,7 +594,7 @@ $ffwd_info_options[$ffwd_option_db] =((isset($_POST[$ffwd_option_db])) ? sanitiz
594
595	public static function set_access_token() {
596	if(isset($_POST["page_access_token"]) && $_POST["page_access_token"] != ""){
597	- self::$access_token = $_POST["page_access_token"];
598	self::$exist_access = true;
599	}else{
600	if(!isset(self::$access_token) \|\| empty(self::$access_token)){


509	$_POST['page_access_token'] = $fb_page->access_token;
510
511
512	+ self::$content_url = ((isset($_POST['content_url'])) ? esc_url($_POST['content_url']) : '');
513	self::$limit = ((isset($_POST['limit'])) ? sanitize_text_field(stripslashes($_POST['limit'])) : '');
514	self::set_access_token();
515	self::check_fb_page_url();

583
584	public static function set_content() {
585	$content_type = ((isset($_POST['content_type'])) ? sanitize_text_field(stripslashes($_POST['content_type'])) : '');
586	+ $content = WDW_FFWD_Library::validate_string('content', array());
587	self::$content_type = in_array($content_type, self::$valid_content_types) ? $content_type : false;
588	// If right content type
589	if(self::$content_type)

594
595	public static function set_access_token() {
596	if(isset($_POST["page_access_token"]) && $_POST["page_access_token"] != ""){
597	+ self::$access_token = sanitize_text_field(stripcslashes($_POST["page_access_token"]));
598	self::$exist_access = true;
599	}else{
600	if(!isset(self::$access_token) \|\| empty(self::$access_token)){

framework/WDW_FFWD_Library.php CHANGED Viewed

	@@ -323,7 +323,7 @@ class WDW_FFWD_Library {
323	</span>
324	</div>
325	<?php if (!$pager) { ?>
326	- <input type="hidden" id="page_number" name="page_number" value="<?php echo ((isset($_POST['page_number'])) ? (int) $_POST['page_number'] : 1); ?>" />
327	<input type="hidden" id="search_or_not" name="search_or_not" value="<?php echo ((isset($_POST['search_or_not'])) ? sanitize_text_field($_POST['search_or_not']) : ''); ?>"/>
328	<?php
329	}
	@@ -473,7 +473,7 @@ class WDW_FFWD_Library {
473	</span>
474	</div>
475	<?php if (!$pager) { ?>
476	- <input type="hidden" id="page_number" name="page_number" value="<?php echo ((isset($_POST['page_number'])) ? (int) $_POST['page_number'] : 1); ?>" />
477	<input type="hidden" id="search_or_not" name="search_or_not" value="<?php echo ((isset($_POST['search_or_not'])) ? sanitize_text_field($_POST['search_or_not']) : ''); ?>"/>
478	<?php
479	}
	@@ -589,7 +589,7 @@ class WDW_FFWD_Library {
589	}
590	}
591	?>
592	- <input type="hidden" id="page_number_<?php echo $current_view; ?>" name="page_number_<?php echo $current_view; ?>" value="<?php echo ((isset($_POST['page_number_' . $current_view])) ? (int) $_POST['page_number_' . $current_view] : 1); ?>" />
593	<script type="text/javascript">
594	function spider_page_<?php echo $current_view; ?>(cur, x, y, load_more) {
595	if (typeof load_more == "undefined") {
	@@ -975,6 +975,26 @@ class WDW_FFWD_Library {
975	$default_params_array=array($params);
976	return shortcode_atts($default_params_array, $params);
977	}




















978	////////////////////////////////////////////////////////////////////////////////////////
979	// Private Methods //
980	////////////////////////////////////////////////////////////////////////////////////////


323	</span>
324	</div>
325	<?php if (!$pager) { ?>
326	+ <input type="hidden" id="page_number" name="page_number" value="<?php echo ((isset($_POST['page_number'])) ? (int) sanitize_text_field($_POST['page_number']) : 1); ?>" />
327	<input type="hidden" id="search_or_not" name="search_or_not" value="<?php echo ((isset($_POST['search_or_not'])) ? sanitize_text_field($_POST['search_or_not']) : ''); ?>"/>
328	<?php
329	}

473	</span>
474	</div>
475	<?php if (!$pager) { ?>
476	+ <input type="hidden" id="page_number" name="page_number" value="<?php echo ((isset($_POST['page_number'])) ? (int) sanitize_text_field($_POST['page_number']) : 1); ?>" />
477	<input type="hidden" id="search_or_not" name="search_or_not" value="<?php echo ((isset($_POST['search_or_not'])) ? sanitize_text_field($_POST['search_or_not']) : ''); ?>"/>
478	<?php
479	}

589	}
590	}
591	?>
592	+ <input type="hidden" id="page_number_<?php echo $current_view; ?>" name="page_number_<?php echo $current_view; ?>" value="<?php echo ((isset($_POST['page_number_' . $current_view])) ? (int) sanitize_text_field($_POST['page_number_' . $current_view]) : 1); ?>" />
593	<script type="text/javascript">
594	function spider_page_<?php echo $current_view; ?>(cur, x, y, load_more) {
595	if (typeof load_more == "undefined") {

975	$default_params_array=array($params);
976	return shortcode_atts($default_params_array, $params);
977	}
978	+ public static function validate_string($key , $default){
979	+ if (isset($_GET[$key])) {
980	+ $data = $_GET[$key];
981	+ }
982	+ elseif (isset($_POST[$key])) {
983	+ $data = $_POST[$key];
984	+ }
985	+ elseif (isset($_REQUEST[$key])) {
986	+ $data = $_REQUEST[$key];
987	+ }
988	+ else {
989	+ $data = $default;
990	+ }
991	+ if(is_array($data)){
992	+ $arr_data = array_map(array('WDW_FFWD_Library','validate_string'), $data );
993	+ return $arr_data;
994	+ }
995	+ $return_data = sanitize_text_field($data);
996	+ return $return_data;
997	+ }
998	////////////////////////////////////////////////////////////////////////////////////////
999	// Private Methods //
1000	////////////////////////////////////////////////////////////////////////////////////////

frontend/views/FFWDViewAlbum_compact.php CHANGED Viewed

	@@ -26,35 +26,26 @@ class FFWDViewAlbum_compact {
26	global $wp;
27	$current_url = $wp->query_string;
28	require_once(WD_FFWD_DIR . '/framework/WDW_FFWD_Library.php');
29	- ~~//$options_row~~ = $~~this->model->get_ffwd_options~~();
30	- $from = (isset($ffwd_info['from']) ? esc_html($ffwd_info['from']) : 0);
31	- $type = (isset($_REQUEST['type_' . $ffwd]) ? sanitize_text_field($_REQUEST['type_' . $ffwd]) : (isset($ffwd_info['type']) ? $ffwd_info['type'] : 'albums'));
32	- // $bwg_search = ((isset($_POST['bwg_search_' . $ffwd]) && esc_html($_POST['bwg_search_' . $ffwd]) != '') ? esc_html($_POST['bwg_search_' . $ffwd]) : '');
33	- $sort_direction = ' ASC ';
34
35	$ffwd_info = $this->model->get_ffwd_info($params['fb_id']);
36	if ($ffwd_info == NULL \|\| $ffwd_info["success"] === false) {
37	echo WDW_FFWD_Library::message(__('There is no facebook feed selected or it was deleted.', 'ffwd'), 'error');
38	return;
39	}
40	- if(isset($params['from']) and $params['from']=='widget')
41	- {
42	- $ffwd_info['~~objects_per_page~~']= $params['~~objects_per_page~~'];
43	- $ffwd_info['~~theme~~']= $params['~~theme_id~~'];
44	- $ffwd_info['~~album_image_thumb_width~~']= $params['~~thumb_width~~'];
45	- $ffwd_info['thumb_height']= $params['album_image_thumb_height'];
46	-
47	}
48
49	-
50	-
51	$theme_row = $this->model->get_theme_row_data($ffwd_info['theme']);
52	if (!$theme_row) {
53	echo WDW_FFWD_Library::message(__('There is no theme selected or the theme was deleted.', 'ffwd'), 'error');
54	return;
55	}
56	- $ffwd_data = $this->model->get_ffwd_data($params['fb_id'], $ffwd_info['objects_per_page'], ~~/$ffwd_info[~~'~~sort_by~~'~~]/''~~, $ffwd, ~~/$sort_direction/~~ ' ASC', $ffwd_info['pagination_type']);
57	- $ffwd_objects_count = count($ffwd_data);
58	if ($ffwd_info == NULL) {
59	echo WDW_FFWD_Library::message(__('There is no facebook feed selected or it was deleted.', 'ffwd'), 'error');
60	return;
	@@ -82,7 +73,6 @@ class FFWDViewAlbum_compact {
82	$form_child_div_style = 'background-color:rgba(0, 0, 0, 0); position:relative; text-align:' . $theme_row->album_compact_thumb_align . '; width:100%;';
83
84	}
85	- $ffwd_previous_album_id = (isset($_REQUEST['ffwd_previous_album_id_' . $ffwd]) ? sanitize_text_field($_REQUEST['ffwd_previous_album_id_' . $ffwd]) : 0);
86	$album_page_number_ = (isset($_REQUEST['album_page_number_' . $ffwd]) ? sanitize_text_field($_REQUEST['album_page_number_' . $ffwd]) : 0);
87
88	$rgb_page_nav_font_color = WDW_FFWD_Library::spider_hex2rgb($theme_row->page_nav_font_color);
	@@ -121,7 +111,6 @@ class FFWDViewAlbum_compact {
121	'enable_image_google' => $ffwd_info['popup_enable_google'],
122	'current_url' => $current_url
123	);
124	- $ffwd_info_array_hash = $ffwd_info_array;
125	?>
126	<style>
127	/* Style for album thumbnail view.*/
	@@ -592,7 +581,7 @@ class FFWDViewAlbum_compact {
592	<div id="ffwd_container2_<?php echo $ffwd; ?>">
593	<?php if($ffwd_info['type'] == "page" && $ffwd_info["fb_plugin"] && $ffwd_info['page_plugin_pos'] == "top") { ?>
594	<div class="ffwd_page_plugin_<?php echo $ffwd; ?>">
595	- <div class="fb-page" data-href="https://www.facebook.com/<?php echo $ffwd_info['from']; ?>" data-width="<?php echo $ffwd_info['page_plugin_width']; ?>" data-small-header="<?php echo $options_row->page_plugin_header; ?>" data-adapt-container-width="true" data-hide-cover="<?php echo $options_row->page_plugin_cover; ?>" data-show-facepile="<?php echo $options_row->page_plugin_fans; ?>" data-show-posts="false">
596	<div class="fb-xfbml-parse-ignore">
597	</div>
598	</div>
	@@ -619,7 +608,7 @@ class FFWDViewAlbum_compact {
619	</div>
620	<?php
621	if ($type != 'gallery' && $ffwd_info['pagination_type'] && $items_per_page && ($theme_row->page_nav_position == 'top') && $page_nav['total']) {
622	- WDW_FFWD_Library::ajax_html_frontend_page_nav($theme_row, $page_nav['total'], $page_nav['limit'], 'ffwd_front_form_' . $ffwd, $items_per_page, $ffwd, $album_gallery_div_id, '', $type, ~~/$options_row->enable_seo/~~true, $ffwd_info['pagination_type']);
623	}
624	if ($type == 'gallery') {
625	?>
	@@ -705,7 +694,7 @@ class FFWDViewAlbum_compact {
705	</div>
706	<?php
707	if ($type != 'gallery' && $ffwd_info['pagination_type'] && $items_per_page && ($theme_row->page_nav_position == 'bottom') && $page_nav['total']) {
708	- WDW_FFWD_Library::ajax_html_frontend_page_nav($theme_row, $page_nav['total'], $page_nav['limit'], 'ffwd_front_form_' . $ffwd, $items_per_page, $ffwd, $album_gallery_div_id, '', $type, ~~/$options_row->enable_seo/~~true, $ffwd_info['pagination_type']);
709	}
710	?>
711	</div>
	@@ -752,14 +741,4 @@ class FFWDViewAlbum_compact {
752	die();
753	}
754	}
755	-
756	- ////////////////////////////////////////////////////////////////////////////////////////
757	- // Getters & Setters //
758	- ////////////////////////////////////////////////////////////////////////////////////////
759	- ////////////////////////////////////////////////////////////////////////////////////////
760	- // Private Methods //
761	- ////////////////////////////////////////////////////////////////////////////////////////
762	- ////////////////////////////////////////////////////////////////////////////////////////
763	- // Listeners //
764	- ////////////////////////////////////////////////////////////////////////////////////////
765	}


26	global $wp;
27	$current_url = $wp->query_string;
28	require_once(WD_FFWD_DIR . '/framework/WDW_FFWD_Library.php');
29	+ $type = (isset($_REQUEST['type_' . $ffwd]) ? sanitize_text_field($_REQUEST['type_' . $ffwd]) : 'albums');




30
31	$ffwd_info = $this->model->get_ffwd_info($params['fb_id']);
32	if ($ffwd_info == NULL \|\| $ffwd_info["success"] === false) {
33	echo WDW_FFWD_Library::message(__('There is no facebook feed selected or it was deleted.', 'ffwd'), 'error');
34	return;
35	}
36	+ if ( isset($params['from']) and $params['from'] == 'widget' ) {
37	+ $ffwd_info['objects_per_page'] = $params['objects_per_page'];
38	+ $ffwd_info['theme'] = $params['theme_id'];
39	+ $ffwd_info['album_image_thumb_width'] = $params['thumb_width'];
40	+ $ffwd_info['thumb_height'] = $params['album_image_thumb_height'];


41	}
42


43	$theme_row = $this->model->get_theme_row_data($ffwd_info['theme']);
44	if (!$theme_row) {
45	echo WDW_FFWD_Library::message(__('There is no theme selected or the theme was deleted.', 'ffwd'), 'error');
46	return;
47	}
48	+ $ffwd_data = $this->model->get_ffwd_data($params['fb_id'], $ffwd_info['objects_per_page'], '', $ffwd, ' ASC', $ffwd_info['pagination_type']);

49	if ($ffwd_info == NULL) {
50	echo WDW_FFWD_Library::message(__('There is no facebook feed selected or it was deleted.', 'ffwd'), 'error');
51	return;

73	$form_child_div_style = 'background-color:rgba(0, 0, 0, 0); position:relative; text-align:' . $theme_row->album_compact_thumb_align . '; width:100%;';
74
75	}

76	$album_page_number_ = (isset($_REQUEST['album_page_number_' . $ffwd]) ? sanitize_text_field($_REQUEST['album_page_number_' . $ffwd]) : 0);
77
78	$rgb_page_nav_font_color = WDW_FFWD_Library::spider_hex2rgb($theme_row->page_nav_font_color);

111	'enable_image_google' => $ffwd_info['popup_enable_google'],
112	'current_url' => $current_url
113	);

114	?>
115	<style>
116	/* Style for album thumbnail view.*/

581	<div id="ffwd_container2_<?php echo $ffwd; ?>">
582	<?php if($ffwd_info['type'] == "page" && $ffwd_info["fb_plugin"] && $ffwd_info['page_plugin_pos'] == "top") { ?>
583	<div class="ffwd_page_plugin_<?php echo $ffwd; ?>">
584	+ <div class="fb-page" data-href="https://www.facebook.com/<?php echo $ffwd_info['from']; ?>" data-width="<?php echo $ffwd_info['page_plugin_width']; ?>" data-small-header="<?php //echo $options_row->page_plugin_header; ?>" data-adapt-container-width="true" data-hide-cover="<?php //echo $options_row->page_plugin_cover; ?>" data-show-facepile="<?php //echo $options_row->page_plugin_fans; ?>" data-show-posts="false">
585	<div class="fb-xfbml-parse-ignore">
586	</div>
587	</div>

608	</div>
609	<?php
610	if ($type != 'gallery' && $ffwd_info['pagination_type'] && $items_per_page && ($theme_row->page_nav_position == 'top') && $page_nav['total']) {
611	+ WDW_FFWD_Library::ajax_html_frontend_page_nav($theme_row, $page_nav['total'], $page_nav['limit'], 'ffwd_front_form_' . $ffwd, $items_per_page, $ffwd, $album_gallery_div_id, '', $type, true, $ffwd_info['pagination_type']);
612	}
613	if ($type == 'gallery') {
614	?>

694	</div>
695	<?php
696	if ($type != 'gallery' && $ffwd_info['pagination_type'] && $items_per_page && ($theme_row->page_nav_position == 'bottom') && $page_nav['total']) {
697	+ WDW_FFWD_Library::ajax_html_frontend_page_nav($theme_row, $page_nav['total'], $page_nav['limit'], 'ffwd_front_form_' . $ffwd, $items_per_page, $ffwd, $album_gallery_div_id, '', $type, true, $ffwd_info['pagination_type']);
698	}
699	?>
700	</div>

741	die();
742	}
743	}










744	}

frontend/views/FFWDViewPopupBox.php CHANGED Viewed

	@@ -127,7 +127,7 @@ class FFWDViewPopupBox {
127	}
128	$image_rows = $this->model->get_image_rows_data($fb_id, $sort_by, $order_by);
129	$image_rows = ($from_album) ? json_decode($ffwd_album) : $image_rows;
130	- $image_id = (isset($_POST['image_id']) ? (int) $_POST['image_id'] : $current_image_id);
131	$filmstrip_thumb_margin = $theme_row->lightbox_filmstrip_thumb_margin;
132	$margins_split = explode(" ", $filmstrip_thumb_margin);
133	$filmstrip_thumb_margin_right = 0;


127	}
128	$image_rows = $this->model->get_image_rows_data($fb_id, $sort_by, $order_by);
129	$image_rows = ($from_album) ? json_decode($ffwd_album) : $image_rows;
130	+ $image_id = (isset($_POST['image_id']) ? (int) sanitize_text_field($_POST['image_id']) : $current_image_id);
131	$filmstrip_thumb_margin = $theme_row->lightbox_filmstrip_thumb_margin;
132	$margins_split = explode(" ", $filmstrip_thumb_margin);
133	$filmstrip_thumb_margin_right = 0;

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: customizable facebook feed, facebook, facebook feed, facebook group, faceb
4	Requires at least: 3.4
5	Requires PHP: 5.2
6	Tested up to: 5.2
7	- Stable tag: 1.1.12
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -105,7 +105,7 @@ The plugin uses Facebook API to get public data from Facebook. All the received
105
106	== Changelog ==
107
108	- = 1.1.12 =
109	* Fixed: Security issues
110
111	= 1.1.11 =


4	Requires at least: 3.4
5	Requires PHP: 5.2
6	Tested up to: 5.2
7	+ Stable tag: 1.1.13
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

105
106	== Changelog ==
107
108	+ = 1.1.13 =
109	* Fixed: Security issues
110
111	= 1.1.11 =

wd/includes/deactivate.php CHANGED Viewed

	@@ -112,8 +112,6 @@ class TenWebLibDeactivate
112	if (isset($_POST[$wd_options->prefix . "_submit_and_deactivate"])) {
113
114	if ( intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 2 \|\| intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 3) {
115	- //$api = new TenWebLibApi( $wd_options );
116	-
117	$data = array();
118
119	$data["reason"] = isset($_POST[$wd_options->prefix . "_reasons"]) ? sanitize_text_field($_POST[$wd_options->prefix . "_reasons"]) : "";


112	if (isset($_POST[$wd_options->prefix . "_submit_and_deactivate"])) {
113
114	if ( intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 2 \|\| intval($_POST[$wd_options->prefix . "_submit_and_deactivate"]) == 3) {


115	$data = array();
116
117	$data["reason"] = isset($_POST[$wd_options->prefix . "_reasons"]) ? sanitize_text_field($_POST[$wd_options->prefix . "_reasons"]) : "";

wd/includes/notices.php CHANGED Viewed

	@@ -149,7 +149,7 @@ class TenWebLibNotices {
149	$admin_notices_option = get_option( $wd_options->prefix . '_admin_notice', array() );
150	$current_date = current_time( "n/j/Y" );
151	$date_array = explode( '/', $current_date );
152	- $interval = (isset($_GET['wd_int']) ? intval($_GET['wd_int']) : 14);
153	$date_array[1] += $interval;
154	$new_start = date( "n/j/Y", mktime( 0, 0, 0, $date_array[0], $date_array[1], $date_array[2] ) );
155


149	$admin_notices_option = get_option( $wd_options->prefix . '_admin_notice', array() );
150	$current_date = current_time( "n/j/Y" );
151	$date_array = explode( '/', $current_date );
152	+ $interval = (isset($_GET['wd_int']) ? intval(sanitize_text_field($_GET['wd_int'])) : 14);
153	$date_array[1] += $interval;
154	$new_start = date( "n/j/Y", mktime( 0, 0, 0, $date_array[0], $date_array[1], $date_array[2] ) );
155

WD Facebook Feed – Custom Facebook Feed Plugin - Version 1.1.13

Version Description

Release Info

Code changes from version 1.1.12 to 1.1.13