WD Facebook Feed – Custom Facebook Feed Plugin

Version Description

Fixed: XSS vulnerability.
Fixed: Statuses data in timeline is not available.
Fixed: "Image Onclick" option not working properly.
Fixed: Error when connecting pages.
Fixed: Delete data from DB on reset cache.

Release Info

Developer	10web
Plugin	WD Facebook Feed – Custom Facebook Feed Plugin
Version	1.2.4
Comparing to
See all releases

Code changes from version 1.2.3 to 1.2.4

Files changed (13) hide show

admin/controllers/FFWDControllerOptions_ffwd.php +15 -13
admin/models/FFWDModelInfo_ffwd.php +1 -1
admin/views/FFWDViewInfo_ffwd.php +1 -2
admin/views/FFWDViewOptions_ffwd.php +4 -33
facebook-feed-wd.php +15 -13
framework/WDFacebookFeed.php +44 -7
framework/WDW_FFWD_Library.php +47 -0
frontend/controllers/FFWDControllerMain.php +1 -1
frontend/views/FFWDViewBlog_style.php +15 -10
js/ffwd.js +9 -5
js/ffwd_frontend.js +14 -13
js/ffwd_gallery_box.js +3 -3
readme.txt +8 -1

admin/controllers/FFWDControllerOptions_ffwd.php CHANGED Viewed

	@@ -53,26 +53,29 @@ class FFWDControllerOptions_ffwd {
53	public function save_db() {
54	//facebook user_id pahel autoupdate_interval
55	global $wpdb;
56	-
57	$id = 1;
58	$autoupdate_interval = (isset($_POST['autoupdate_interval_hour']) && isset($_POST['autoupdate_interval_min']) ? ((int) $_POST['autoupdate_interval_hour'] * 60 + (int) $_POST['autoupdate_interval_min']) : 30);
59	/minimum autoupdate interval is 1 min/
60	$autoupdate_interval = ($autoupdate_interval >= 1 ? $autoupdate_interval : 1 );
61	$facebook_app_id = (isset($_POST[WD_FB_PREFIX . '_app_id']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_app_id'])) : '');
62	$facebook_app_secret = (isset($_POST[ WD_FB_PREFIX . '_app_secret']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_app_secret'])) : '');

63	$date_timezone = (isset($_POST[ WD_FB_PREFIX . '_date_timezone']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_date_timezone'])) : 'Pacific/Midway');
64	- ~~$post_date_format~~ = (~~isset(~~$~~_POST[~~ ~~WD_FB_PREFIX~~ ~~. '_post_date_format']~~) ? ~~sanitize_text_field~~(~~stripslashes(~~$~~_POST[WD_FB_PREFIX~~ . ~~'_post_date_format']~~)) ~~: 'Pacific/Midway');~~
65	- $~~event_date_format~~ = ~~(isset($_POST[ WD_FB_PREFIX .~~ '~~_event_date_format~~'~~]) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_event_date_format'])) : 'Pacific/Midway')~~;
66	-
67	- $~~save~~ = $~~wpdb->update~~($~~wpdb->prefix~~ . '~~wd_fb_option~~', ~~array(~~
68	- '~~autoupdate_interval~~' => $~~autoupdate_interval~~,
69	- 'app_id' => $facebook_app_id,
70	- 'app_secret' => $facebook_app_secret,
71	- 'date_timezone' => $date_timezone,
72	- 'post_date_format' => $post_date_format,
73	- 'event_date_format' =>$event_date_format,
74	- ), array('id' => 1));
75









76	if ($save !== FALSE) {
77	echo WDW_FFWD_Library::message('Item Succesfully Saved.', 'updated');
78	/*
	@@ -87,7 +90,6 @@ class FFWDControllerOptions_ffwd {
87	add_filter( 'cron_schedules', 'wd_fb_add_autoupdate_interval' );
88	wp_schedule_event( time(), 'wd_fb_autoupdate_interval', 'wd_fb_schedule_event_hook' );
89	// $schedule_info = wp_get_schedules();
90	- // print_r($schedule_info);
91	}
92	else {
93	echo WDW_FFWD_Library::message('Error. Please install plugin again.', 'error');


53	public function save_db() {
54	//facebook user_id pahel autoupdate_interval
55	global $wpdb;

56	$id = 1;
57	$autoupdate_interval = (isset($_POST['autoupdate_interval_hour']) && isset($_POST['autoupdate_interval_min']) ? ((int) $_POST['autoupdate_interval_hour'] * 60 + (int) $_POST['autoupdate_interval_min']) : 30);
58	/minimum autoupdate interval is 1 min/
59	$autoupdate_interval = ($autoupdate_interval >= 1 ? $autoupdate_interval : 1 );
60	$facebook_app_id = (isset($_POST[WD_FB_PREFIX . '_app_id']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_app_id'])) : '');
61	$facebook_app_secret = (isset($_POST[ WD_FB_PREFIX . '_app_secret']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_app_secret'])) : '');
62	+ $timezone_lists = WDW_FFWD_Library::getTimezoneList();
63	$date_timezone = (isset($_POST[ WD_FB_PREFIX . '_date_timezone']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_date_timezone'])) : 'Pacific/Midway');
64	+ if ( !empty($date_timezone) && !empty($timezone_lists) && !in_array($date_timezone, $timezone_lists) ) {
65	+ $date_timezone = '';
66	+ }
67	+ $post_date_format = (isset($_POST[ WD_FB_PREFIX . '_post_date_format']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_post_date_format'])) : 'ago');
68	+ $event_date_format = (isset($_POST[ WD_FB_PREFIX . '_event_date_format']) ? sanitize_text_field(stripslashes($_POST[WD_FB_PREFIX . '_event_date_format'])) : 'F j, Y, g:i a');






69
70	+ $upd_data = array(
71	+ 'autoupdate_interval' => $autoupdate_interval,
72	+ 'app_id' => $facebook_app_id,
73	+ 'app_secret' => $facebook_app_secret,
74	+ 'date_timezone' => $date_timezone,
75	+ 'post_date_format' => $post_date_format,
76	+ 'event_date_format' =>$event_date_format,
77	+ );
78	+ $save = $wpdb->update($wpdb->prefix . 'wd_fb_option', $upd_data, array('id' => 1));
79	if ($save !== FALSE) {
80	echo WDW_FFWD_Library::message('Item Succesfully Saved.', 'updated');
81	/*

90	add_filter( 'cron_schedules', 'wd_fb_add_autoupdate_interval' );
91	wp_schedule_event( time(), 'wd_fb_autoupdate_interval', 'wd_fb_schedule_event_hook' );
92	// $schedule_info = wp_get_schedules();

93	}
94	else {
95	echo WDW_FFWD_Library::message('Error. Please install plugin again.', 'error');

admin/models/FFWDModelInfo_ffwd.php CHANGED Viewed

	@@ -390,7 +390,7 @@ $row->fb_plugin= 0;
390	$row->fb_name= 0;
391	$row->pagination_type= 1;
392	$row->objects_per_page= 10;
393	- $row->image_onclick_action= '~~lightbox~~';
394	$row->album_image_thumb_width= 200;
395	$row->album_image_thumb_height= 150;
396	$row->album_image_max_columns= 5;


390	$row->fb_name= 0;
391	$row->pagination_type= 1;
392	$row->objects_per_page= 10;
393	+ $row->image_onclick_action= 'facebook';
394	$row->album_image_thumb_width= 200;
395	$row->album_image_thumb_height= 150;
396	$row->album_image_max_columns= 5;

admin/views/FFWDViewInfo_ffwd.php CHANGED Viewed

	@@ -2248,9 +2248,8 @@ class FFWDViewInfo_ffwd {
2248
2249	jQuery(document).ready(function () {
2250	ffwd_view_type('<?php echo WD_FB_PREFIX; ?>', '<?php echo $row->fb_view_type ?>', jQuery('.<?php echo WD_FB_PREFIX; ?>_<?php echo $row->fb_view_type ?>'))
2251	- choose_fb_content_type('<?php echo WD_FB_PREFIX; ?>', '<?php echo $row->content_type ?>', '<?php echo $row->content ?>', '<?php echo $row->fb_view_type ?>')
2252	bwg_popup_fullscreen(<?php echo $row->popup_fullscreen ?>);
2253	-
2254	<?php if ( $row->comments_filter == 'stream' ) { ?>
2255	ffwd_show_hide_options('tr_comments_replies', 'none');
2256	<?php } ?>


2248
2249	jQuery(document).ready(function () {
2250	ffwd_view_type('<?php echo WD_FB_PREFIX; ?>', '<?php echo $row->fb_view_type ?>', jQuery('.<?php echo WD_FB_PREFIX; ?>_<?php echo $row->fb_view_type ?>'))
2251	+ choose_fb_content_type('<?php echo WD_FB_PREFIX; ?>', '<?php echo $row->content_type ?>', '<?php echo $row->content ?>', '<?php echo $row->fb_view_type ?>', true)
2252	bwg_popup_fullscreen(<?php echo $row->popup_fullscreen ?>);

2253	<?php if ( $row->comments_filter == 'stream' ) { ?>
2254	ffwd_show_hide_options('tr_comments_replies', 'none');
2255	<?php } ?>

admin/views/FFWDViewOptions_ffwd.php CHANGED Viewed

	@@ -1,7 +1,6 @@
1	<?php
2
3	class FFWDViewOptions_ffwd {
4	-
5	private $model;
6
7	public function __construct( $model ) {
	@@ -93,43 +92,16 @@ class FFWDViewOptions_ffwd {
93	<div class="spider_div_options" id="div_content_1" style="">
94	<table style="width: 100%;">
95	<tbody>
96	- <!-- <tr>
97	- <td class="spider_label_options">
98	- <label for="facebook_log_in">Facebook login / logout: </label>
99	- </td>
100	- <td>
101	- <?php //echo $this->model->log_in_log_out();
102	- ?>
103	- </td>
104	- </tr>
105	-
106	- <tr>
107	- <td class="spider_label_options">
108	- <label>Feed autoupdate interval:</label>
109	- </td>
110	- <td>
111	- <input type="number" id="autoupdate_interval_hour" class="spider_int_input"
112	- name="autoupdate_interval_hour" min="0" max="24"
113	- value="<?php //echo floor($row->autoupdate_interval / 60);
114	- ?>"/>
115	- hour
116	- <input type="number" id="autoupdate_interval_min" class="spider_int_input"
117	- name="autoupdate_interval_min" min="0" max="59"
118	- value="<?php //echo floor($row->autoupdate_interval % 60);
119	- ?>"/>
120	- min
121	- <div class="spider_description">Minimum 1 min.</div>
122	- </td>
123	- </tr>-->
124	<tr>
125	<td class="spider_label_options">
126	<label>Timezone:</label>
127	</td>
128	<td>
129	- <input type="text" value="<?php echo $row->date_timezone ?>"
130	name="<?php echo WD_FB_PREFIX; ?>_date_timezone"/>
131	-
132	- ~~<div class="spider_description">If left empty, the server timezone will be used</div>~~

133	</td>
134	</tr>
135
	@@ -181,7 +153,6 @@ class FFWDViewOptions_ffwd {
181	<a href="#" class="ffwd_reset_cache button">Reset cache</a>
182	<span class="ffwd_reset_cache_res"></span>
183	<div class="spider_description">Click to get new data from Facebook</div>
184	-
185	</td>
186	</tr>
187	<tr>


1	<?php
2
3	class FFWDViewOptions_ffwd {

4	private $model;
5
6	public function __construct( $model ) {

92	<div class="spider_div_options" id="div_content_1" style="">
93	<table style="width: 100%;">
94	<tbody>




























95	<tr>
96	<td class="spider_label_options">
97	<label>Timezone:</label>
98	</td>
99	<td>
100	+ <input type="text" value="<?php echo $row->date_timezone; ?>"
101	name="<?php echo WD_FB_PREFIX; ?>_date_timezone"/>
102	+ <div class="spider_description">If left empty, the server timezone will be used. Example
103	+ Europe/London.
104	+ </div>
105	</td>
106	</tr>
107

153	<a href="#" class="ffwd_reset_cache button">Reset cache</a>
154	<span class="ffwd_reset_cache_res"></span>
155	<div class="spider_description">Click to get new data from Facebook</div>

156	</td>
157	</tr>
158	<tr>

facebook-feed-wd.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: 10Web Social Feed
4	* Plugin URI: https://10web.io/plugins/wordpress-facebook-feed/?utm_source=facebook_feed&utm_medium=free_plugin
5	* Description: 10Web Social Feed is a completely customizable, responsive solution to help you display your Facebook feed on your WordPress website.
6	- * Version: 1.2.3
7	* Author: 10Web
8	* Author URI: https://10web.io/plugins/?utm_source=facebook_feed&utm_medium=free_plugin
9	* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
	@@ -15,7 +15,7 @@ define('WD_FFWD_MAIN_FILE', plugin_basename(__FILE__));
15	define('WD_FB_PREFIX', 'ffwd');
16	define('WD_FB_IS_FREE', true);
17	if ( !defined('FFWD_VERSION') ) {
18	- define('FFWD_VERSION', '1.2.3');
19	}
20	add_action( 'admin_init', 'ffwd_init' );
21
	@@ -242,7 +242,7 @@ Multiple Feeds per Post/Page", "wd_ads"),
242	"plugin_wizard_link" => NULL,
243	"plugin_menu_title" => "Facebook Feed by 10Web",
244	"plugin_menu_icon" => WD_FFWD_URL . '/images/ffwd/ffwd_logo_small.png',
245	- "deactivate" => ~~FALSE~~,
246	"subscribe" => FALSE,
247	"custom_post" => 'info_ffwd',
248	"display_overview" => FALSE,
	@@ -317,6 +317,8 @@ add_action( 'wp_ajax_ffwd_reset_cache', 'ffwd_reset_cache' );
317	function ffwd_reset_cache(){
318	if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['nonce']), WD_FFWD_URL . '_ajax_nonce' )) {
319	delete_option("ffwd_autoupdate_time");


320	echo json_encode(array("success"=>true));die;
321	}
322	echo json_encode(array("success"=>false));die;
	@@ -369,16 +371,16 @@ function ffwd_shortcode($params) {
369	add_shortcode('WD_FB', 'ffwd_shortcode');
370
371	$ffwd = 0;
372	- function ffwd_front_end( $params ) {
373	- /* Enqueue css/js in frontend */
374	- do_action("wp_enqueue_ffwd_front_end_scripts");
375	- global $ffwd;
376	- ~~require_once(WD_FFWD_DIR~~ ~~. '/frontend/controllers/FFWDControllerMain.php')~~;
377	- ~~$fb_view_type~~ = '~~Blog_style~~';
378	- $~~controller~~ = ~~new FFWDControllerMain~~($~~params,~~ 1, $~~ffwd~~, ~~ucfirst(~~$~~fb_view_type~~));
379	- $ffwd~~++;~~
380	-
381	- return;
382	}
383
384	// Add the Facebook Feed by 10Web button.


3	* Plugin Name: 10Web Social Feed
4	* Plugin URI: https://10web.io/plugins/wordpress-facebook-feed/?utm_source=facebook_feed&utm_medium=free_plugin
5	* Description: 10Web Social Feed is a completely customizable, responsive solution to help you display your Facebook feed on your WordPress website.
6	+ * Version: 1.2.4
7	* Author: 10Web
8	* Author URI: https://10web.io/plugins/?utm_source=facebook_feed&utm_medium=free_plugin
9	* License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html

15	define('WD_FB_PREFIX', 'ffwd');
16	define('WD_FB_IS_FREE', true);
17	if ( !defined('FFWD_VERSION') ) {
18	+ define('FFWD_VERSION', '1.2.4');
19	}
20	add_action( 'admin_init', 'ffwd_init' );
21

242	"plugin_wizard_link" => NULL,
243	"plugin_menu_title" => "Facebook Feed by 10Web",
244	"plugin_menu_icon" => WD_FFWD_URL . '/images/ffwd/ffwd_logo_small.png',
245	+ "deactivate" => TRUE,
246	"subscribe" => FALSE,
247	"custom_post" => 'info_ffwd',
248	"display_overview" => FALSE,

317	function ffwd_reset_cache(){
318	if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['nonce']), WD_FFWD_URL . '_ajax_nonce' )) {
319	delete_option("ffwd_autoupdate_time");
320	+ require_once(WD_FFWD_DIR . '/framework/WDW_FFWD_Library.php');
321	+ WDW_FFWD_Library::remove_feed_data();
322	echo json_encode(array("success"=>true));die;
323	}
324	echo json_encode(array("success"=>false));die;

371	add_shortcode('WD_FB', 'ffwd_shortcode');
372
373	$ffwd = 0;
374	+ function ffwd_front_end($params) {
375	+ /* Enqueue css/js in frontend */
376	+ do_action("wp_enqueue_ffwd_front_end_scripts");
377	+ global $ffwd;
378	+ global $wpdb;
379	+ require_once(WD_FFWD_DIR . '/frontend/controllers/FFWDControllerMain.php');
380	+ $fb_view_type = $wpdb->get_var($wpdb->prepare("SELECT fb_view_type FROM " . $wpdb->prefix . "wd_fb_info WHERE id='%s'", $params['fb_id']));
381	+ $controller = new FFWDControllerMain($params, 1, $ffwd, ucfirst($fb_view_type));
382	+ $ffwd++;
383	+ return;
384	}
385
386	// Add the Facebook Feed by 10Web button.

framework/WDFacebookFeed.php CHANGED Viewed

	@@ -483,7 +483,6 @@ class WDFacebookFeed {
483
484	public static function update_version()
485	{
486	-
487	global $wpdb;
488	$data = self::$data['data'];
489	$id = self::$fb_id;
	@@ -721,7 +720,7 @@ class WDFacebookFeed {
721	$edge,
722	'access_token=' . self::$access_token . '&',
723	$fields,
724	- 'locale=' . get_locale() . '&',
725	''
726	),
727	self::$graph_url
	@@ -896,9 +895,11 @@ class WDFacebookFeed {
896	$width = '';
897	$height = '';
898	$attachments = (!empty($next['attachments']['data'][0])) ? $next['attachments']['data'][0] : array();
899	- ~~if ( self::$content_type == 'timeline' && empty($attachments) ) {~~

900	continue;
901	}

902	if ( !empty($attachments) ) {
903	$type = $attachments['media_type'];
904	// @todo API V10.0 Temporary solution for photos!
	@@ -1092,6 +1093,41 @@ class WDFacebookFeed {
1092	}
1093	}
1094



































1095	public static function ffwd_event_data_sort( $a, $b ) {
1096	$date1 = strtotime($a['start_time']);
1097	$date2 = strtotime($b['start_time']);
	@@ -1126,7 +1162,6 @@ class WDFacebookFeed {
1126	* Check errors.
1127	*/
1128	public static function specific() {
1129	- // @TODO This is a PRO functionality.
1130	return;
1131	}
1132
	@@ -1386,7 +1421,6 @@ class WDFacebookFeed {
1386	}
1387	array_multisort($start_time, SORT_DESC, $data);
1388	}
1389	-
1390	foreach ( $data as $key => $next ) {
1391	$type = '';
1392	$source = '';
	@@ -1396,7 +1430,10 @@ class WDFacebookFeed {
1396	$width = '';
1397	$height = '';
1398	$attachments = (!empty($next['attachments']['data'][0])) ? $next['attachments']['data'][0] : array();
1399	- if ( self::$content_type == 'timeline' && ~~empty($attachments) &&~~ !~~in_array~~(~~"statuses",~~ self::$content) ) {



1400	continue;
1401	}
1402	if ( !empty($attachments) ) {
	@@ -1898,7 +1935,7 @@ class WDFacebookFeed {
1898	$fb_url = add_query_arg(array(
1899	'client_id' => $app_id,
1900	'redirect_uri' => $redirect_uri,
1901	- 'scope' => 'pages_show_list,pages_read_engagement',
1902	), "https://www.facebook.com/dialog/oauth");
1903
1904	$fb_url .= '&scope=pages_read_engagement,pages_manage_metadata,pages_read_user_content&state=' . base64_encode(json_encode($state));


483
484	public static function update_version()
485	{

486	global $wpdb;
487	$data = self::$data['data'];
488	$id = self::$fb_id;

720	$edge,
721	'access_token=' . self::$access_token . '&',
722	$fields,
723	+ 'locale=' . get_locale() . '&limit=100&',
724	''
725	),
726	self::$graph_url

895	$width = '';
896	$height = '';
897	$attachments = (!empty($next['attachments']['data'][0])) ? $next['attachments']['data'][0] : array();
898	+
899	+ if( !self::check_post_type( self::$content, $next ) ) {
900	continue;
901	}
902	+
903	if ( !empty($attachments) ) {
904	$type = $attachments['media_type'];
905	// @todo API V10.0 Temporary solution for photos!

1093	}
1094	}
1095
1096	+ /**
1097	+ * check if the post have type which mention in feed settings (Statuses, Photos, Videos, Links)
1098	+ *
1099	+ * @param $post_types array
1100	+ * @param $post_data array
1101	+ *
1102	+ * @return bool
1103	+ */
1104	+ public static function check_post_type( $post_types, $post_data ) {
1105	+ $media_type = (!empty($post_data['attachments']['data'][0])) ? $post_data['attachments']['data'][0]['media_type'] : '';
1106	+ foreach ( $post_types as $post_type ) {
1107	+ if ( $post_type == "statuses" ) {
1108	+ if( empty($media_type) && isset($post_data['message']) && $post_data['message'] !== '' ) {
1109	+ return true;
1110	+ }
1111	+ }
1112	+ if ( $post_type == "photos" ) {
1113	+ if( !empty($media_type) && $media_type == 'photo') {
1114	+ return true;
1115	+ }
1116	+ }
1117	+ if ( $post_type == "videos" ) {
1118	+ if( !empty($media_type) && $media_type == 'video') {
1119	+ return true;
1120	+ }
1121	+ }
1122	+ if ( $post_type == "links" ) {
1123	+ if( !empty($media_type) && $media_type == 'link') {
1124	+ return true;
1125	+ }
1126	+ }
1127	+ }
1128	+ return FALSE;
1129	+ }
1130	+
1131	public static function ffwd_event_data_sort( $a, $b ) {
1132	$date1 = strtotime($a['start_time']);
1133	$date2 = strtotime($b['start_time']);

1162	* Check errors.
1163	*/
1164	public static function specific() {

1165	return;
1166	}
1167

1421	}
1422	array_multisort($start_time, SORT_DESC, $data);
1423	}

1424	foreach ( $data as $key => $next ) {
1425	$type = '';
1426	$source = '';

1430	$width = '';
1431	$height = '';
1432	$attachments = (!empty($next['attachments']['data'][0])) ? $next['attachments']['data'][0] : array();
1433	+ if ( self::$content_type == 'timeline' && !self::check_post_type( self::$content, $next ) ) {
1434	+ continue;
1435	+ }
1436	+ if( self::$content_type == 'specific' && self::$content[0] == 'photos' && empty($attachments)) {
1437	continue;
1438	}
1439	if ( !empty($attachments) ) {

1935	$fb_url = add_query_arg(array(
1936	'client_id' => $app_id,
1937	'redirect_uri' => $redirect_uri,
1938	+ 'scope' => 'pages_show_list,pages_read_engagement,pages_read_user_content',
1939	), "https://www.facebook.com/dialog/oauth");
1940
1941	$fb_url .= '&scope=pages_read_engagement,pages_manage_metadata,pages_read_user_content&state=' . base64_encode(json_encode($state));

framework/WDW_FFWD_Library.php CHANGED Viewed

@@ -902,4 +902,51 @@ class WDW_FFWD_Library {
                 <?php
                 echo ob_get_clean();
+              }
+            }


902	<?php
903	echo ob_get_clean();
904	}
905	+
906	+ /**
907	+ * Get HTML Tag Attributes string.
908	+ *
909	+ * @param array $attributes
910	+ *
911	+ * @return string
912	+ */
913	+ public static function getHTMLTagAttributesString( $attributes = array() ) {
914	+ $str = '';
915	+ foreach ( $attributes as $key => $value ) {
916	+ if ( !empty($value) ) {
917	+ $str .= $key . '="' . $value . '" ';
918	+ }
919	+ }
920	+
921	+ return $str;
922	+ }
923	+
924	+ /**
925	+ * Get timezone List.
926	+ *
927	+ * @return array
928	+ */
929	+ public static function getTimezoneList() {
930	+ $out = array();
931	+ $tza = timezone_abbreviations_list();
932	+ foreach ( $tza as $zone ) {
933	+ foreach ( $zone as $item ) {
934	+ $out[$item['timezone_id']] = 1;
935	+ }
936	+ }
937	+ unset($out['']);
938	+ ksort($out);
939	+
940	+ return array_keys($out);
941	+ }
942	+
943	+ /**
944	+ * Remove all data from wd_fb_data table
945	+ *
946	+ * @return bool
947	+ */
948	+ public static function remove_feed_data() {
949	+ global $wpdb;
950	+ return $wpdb->query('DELETE FROM ' . $wpdb->prefix . 'wd_fb_data');
951	+ }
952	}

frontend/controllers/FFWDControllerMain.php CHANGED Viewed

	@@ -4,7 +4,7 @@ class FFWDControllerMain {
4
5	private $view;
6
7	- public function __construct($params = array(), $from_shortcode = 0, $ffwd = 0, $view = '~~Blog_style~~') {
8	$this->view = $view;
9	wd_fb_update(1);
10	$this->display($params, $from_shortcode, $ffwd);


4
5	private $view;
6
7	+ public function __construct($params = array(), $from_shortcode = 0, $ffwd = 0, $view = '') {
8	$this->view = $view;
9	wd_fb_update(1);
10	$this->display($params, $from_shortcode, $ffwd);

frontend/views/FFWDViewBlog_style.php CHANGED Viewed

	@@ -1131,23 +1131,28 @@ class FFWDViewBlog_style {
1131	$href = ($ffwd_data_row->type == 'link') ? $ffwd_data_row->link : "";
1132	$link_to_facebook = ($ffwd_data_row->link != "" && $ffwd_data_row->type != "link" && $ffwd_data_row->type != "video") ? $ffwd_data_row->link : "https://www.facebook.com/".$ffwd_data_row->object_id;
1133
1134	- if($ffwd_info['image_onclick_action']=='facebook' \|\| $ffwd_data_row->type=='video')
1135	- {
1136	- $href=$link_to_facebook;
1137	-
1138	}
1139	- if($ffwd_info['image_onclick_action']=='none')
1140	- {
1141	- $href='#';
1142	-
1143	}
1144	-









1145	?>
1146
1147	<div class="blog_style_image_container_<?php echo $ffwd;?>">
1148	<div class="ffwd_blog_style_object_ver_<?php echo $ffwd; ?>" >
1149	<div class="ffwd_blog_style_object_ver_al_<?php echo $ffwd; ?>">
1150	- <a ~~style="position:relative;" class="~~<?php echo $~~class_name; ?>" href="<?php echo $href; ?>" target="_blank" <?php echo $ffwd_data_row->type == 'video' ? 'data-type="video"' : '' ?> data-id="<?php echo $ffwd_data_row->id; ?>" >~~
1151	<div class="bwg_blog_style_img_cont_<?php echo $ffwd; ?>">
1152	<img id="ffwd_blog_style_img_<?php echo $ffwd_data_row->id; ?>_<?php echo $ffwd; ?>" class="ffwd_blog_style_img_<?php echo $ffwd; ?>" src="<?php echo $src; ?>" />
1153	<?php if($ffwd_data_row->type == 'video' \|\| $ffwd_data_row->type == 'videos'): ?>


1131	$href = ($ffwd_data_row->type == 'link') ? $ffwd_data_row->link : "";
1132	$link_to_facebook = ($ffwd_data_row->link != "" && $ffwd_data_row->type != "link" && $ffwd_data_row->type != "video") ? $ffwd_data_row->link : "https://www.facebook.com/".$ffwd_data_row->object_id;
1133
1134	+ if ( $ffwd_info['image_onclick_action'] == 'facebook' \|\| $ffwd_data_row->type == 'video' ) {
1135	+ $href = $link_to_facebook;


1136	}
1137	+ if ( $ffwd_info['image_onclick_action'] == 'none' ) {
1138	+ $href = 'javascript:void(0)';


1139	}
1140	+ $attributes = array(
1141	+ 'style' => 'position:relative;',
1142	+ 'class' => $class_name,
1143	+ 'href' => $href,
1144	+ 'target' => $href != 'javascript:void(0)' ? '_blank' : '',
1145	+ 'data-type' => 'video',
1146	+ 'data-id' => $ffwd_data_row->id,
1147	+ );
1148	+
1149	+ $attrs = WDW_FFWD_Library::getHTMLTagAttributesString($attributes);
1150	?>
1151
1152	<div class="blog_style_image_container_<?php echo $ffwd;?>">
1153	<div class="ffwd_blog_style_object_ver_<?php echo $ffwd; ?>" >
1154	<div class="ffwd_blog_style_object_ver_al_<?php echo $ffwd; ?>">
1155	+ <a <?php echo $attrs?>>
1156	<div class="bwg_blog_style_img_cont_<?php echo $ffwd; ?>">
1157	<img id="ffwd_blog_style_img_<?php echo $ffwd_data_row->id; ?>_<?php echo $ffwd; ?>" class="ffwd_blog_style_img_<?php echo $ffwd; ?>" src="<?php echo $src; ?>" />
1158	<?php if($ffwd_data_row->type == 'video' \|\| $ffwd_data_row->type == 'videos'): ?>

js/ffwd.js CHANGED Viewed

	@@ -325,18 +325,22 @@ function choose_fb_type( wd_fb_prefix, value ) {
325	}
326	}
327
328	- function choose_fb_content_type( wd_fb_prefix, value, type, view_type ) {
329	if ( value == 'timeline' ) {
330	jQuery('#ffwd_tab_lightbox').hide();
331	- jQuery('#ffwd_image_onclick_action_lightbox').prop('checked', false);
332	jQuery('.ffwd_image_onclick_action_lightbox_wrap').hide();
333	- ~~jQuery~~(~~'#ffwd_image_onclick_action_facebook'~~)~~.prop('checked',~~ ~~true);~~



334	}
335	else {
336	jQuery('#ffwd_tab_lightbox').show();
337	- jQuery('#ffwd_image_onclick_action_lightbox').prop('checked', true);
338	jQuery('.ffwd_image_onclick_action_lightbox_wrap').show();
339	- ~~jQuery~~(~~'#ffwd_image_onclick_action_facebook'~~)~~.prop('checked',~~ ~~false);~~



340	}
341
342	jQuery('#' + wd_fb_prefix + '_content_type_specific').hide();


325	}
326	}
327
328	+ function choose_fb_content_type( wd_fb_prefix, value, type, view_type, isReady ) {
329	if ( value == 'timeline' ) {
330	jQuery('#ffwd_tab_lightbox').hide();

331	jQuery('.ffwd_image_onclick_action_lightbox_wrap').hide();
332	+ if ( !isReady ) {
333	+ jQuery('#ffwd_image_onclick_action_facebook').prop('checked', true);
334	+ jQuery('#ffwd_image_onclick_action_lightbox').prop('checked', false);
335	+ }
336	}
337	else {
338	jQuery('#ffwd_tab_lightbox').show();

339	jQuery('.ffwd_image_onclick_action_lightbox_wrap').show();
340	+ if ( !isReady ) {
341	+ jQuery('#ffwd_image_onclick_action_lightbox').prop('checked', true);
342	+ jQuery('#ffwd_image_onclick_action_facebook').prop('checked', false);
343	+ }
344	}
345
346	jQuery('#' + wd_fb_prefix + '_content_type_specific').hide();

js/ffwd_frontend.js CHANGED Viewed

	@@ -416,17 +416,17 @@ function do_something_with_data_album(result, id, ffwd, type, graph_url, ffwd_al
416	thumb_top = (ffwd_album_info["thumb_height"] - image_thumb_height) / 2;
417
418	main_url = image.source;
419	-
420	if (image_onclick_action == 'facebook') {
421	main_url = data[i]['link'];

422	}
423
424	if (image_onclick_action == 'none') {
425	- main_url = '#';
426	}
427
428	-
429	- content += '<a class="ffwd_lightbox_' + curent_view + '" href="' + main_url + '" data-image-id="' + i + '" data-image-obj-id="' + image_obj_id + '" >' +
430	'<div class="ffwd_standart_thumb_' + curent_view + '">' +
431	'<div class="ffwd_standart_thumb_spun1_' + curent_view + '">' +
432	'<div class="ffwd_standart_thumb_spun2_' + curent_view + '">' +
	@@ -576,7 +576,7 @@ function ffwd_fill_likes_blog_style( id_object_id, ffwd, owner_info, ffwd_params
576	for ( var i = 0; i < ids_array.length; i++ ) {
577	ids = ids_array[i].join(',');
578	url_for_cur_id_likes_blog = graph_url.replace('{FB_ID}', ''),
579	- graph_url_for_likes = url_for_cur_id_likes_blog.replace('{EDGE}', '');
580	graph_url_for_likes = graph_url_for_likes.replace('{FIELDS}', 'ids=' + ids + '&fields=comments.summary(true).limit(0),likes.summary(true).limit(0)&');
581	graph_url_for_likes = graph_url_for_likes.replace('{OTHER}', '');
582	jQuery.getJSON(graph_url_for_likes,
	@@ -608,7 +608,7 @@ function ffwd_fill_likes_blog_style( id_object_id, ffwd, owner_info, ffwd_params
608	graph_url_for_shares = graph_url_for_shares.replace('{OTHER}', '');
609	/For attachments/
610	var graph_url_for_attachments = url_for_cur_id.replace('{EDGE}', 'attachments'),
611	- graph_url_for_attachments = graph_url_for_attachments.replace('{FIELDS}', '');
612	graph_url_for_attachments = graph_url_for_attachments.replace('{OTHER}', '');
613	/For who post/
614	var url_for_who_post = graph_url.replace('{FB_ID}', id_object_id[i]['from']),
	@@ -628,13 +628,14 @@ function ffwd_fill_likes_blog_style( id_object_id, ffwd, owner_info, ffwd_params
628	do_something_with_data_blog_style(id_object_id[i]['attachments'], id_object_id[i]['id'], ffwd, 'attachments', "", ffwd_params, graph_url);
629	}
630	}
631	- if ( id_object_id[i]['comments'] && id_object_id[i]['comments'].data.length > 0 ) {
632	- jQuery.getJSON(graph_url_for_comments, createCallback_blog_style(id_object_id[i]['id'], ffwd, 'comments', "", ffwd_params, graph_url));
633	- // do_something_with_data_blog_style(id_object_id[i]['comments'], id_object_id[i]['id'], ffwd, 'comments', "", ffwd_params, graph_url);
634	- //jQuery.getJSON(id_object_id[i]['comments'], createCallback_blog_style(id_object_id[i]['id'], ffwd, 'comments', "", ffwd_params, graph_url));
635	- //jQuery.getJSON(graph_url_for_who_post, createCallback_blog_style(id_object_id[i], ffwd, 'who_post', owner_info, ffwd_params));
636	- //
637	- }

638	do_something_with_data_blog_style(id_object_id[i]['who_post'], id_object_id[i], ffwd, 'who_post', owner_info, ffwd_params, graph_url);
639	}
640	}


416	thumb_top = (ffwd_album_info["thumb_height"] - image_thumb_height) / 2;
417
418	main_url = image.source;
419	+ var target = '';
420	if (image_onclick_action == 'facebook') {
421	main_url = data[i]['link'];
422	+ target = 'target="_blank"'
423	}
424
425	if (image_onclick_action == 'none') {
426	+ main_url = 'javascript:void(0)';
427	}
428
429	+ content += '<a class="ffwd_lightbox_' + curent_view + '" href="' + main_url + '" ' + target + ' data-image-id="' + i + '" data-image-obj-id="' + image_obj_id + '" >' +

430	'<div class="ffwd_standart_thumb_' + curent_view + '">' +
431	'<div class="ffwd_standart_thumb_spun1_' + curent_view + '">' +
432	'<div class="ffwd_standart_thumb_spun2_' + curent_view + '">' +

576	for ( var i = 0; i < ids_array.length; i++ ) {
577	ids = ids_array[i].join(',');
578	url_for_cur_id_likes_blog = graph_url.replace('{FB_ID}', ''),
579	+ graph_url_for_likes = url_for_cur_id_likes_blog.replace('{EDGE}', '');
580	graph_url_for_likes = graph_url_for_likes.replace('{FIELDS}', 'ids=' + ids + '&fields=comments.summary(true).limit(0),likes.summary(true).limit(0)&');
581	graph_url_for_likes = graph_url_for_likes.replace('{OTHER}', '');
582	jQuery.getJSON(graph_url_for_likes,

608	graph_url_for_shares = graph_url_for_shares.replace('{OTHER}', '');
609	/For attachments/
610	var graph_url_for_attachments = url_for_cur_id.replace('{EDGE}', 'attachments'),
611	+ graph_url_for_attachments = graph_url_for_attachments.replace('{FIELDS}', '');
612	graph_url_for_attachments = graph_url_for_attachments.replace('{OTHER}', '');
613	/For who post/
614	var url_for_who_post = graph_url.replace('{FB_ID}', id_object_id[i]['from']),

628	do_something_with_data_blog_style(id_object_id[i]['attachments'], id_object_id[i]['id'], ffwd, 'attachments', "", ffwd_params, graph_url);
629	}
630	}
631	+ if(id_object_id[i]['comments'] && id_object_id[i]['comments'].data.length > 0) {
632	+ jQuery.getJSON(graph_url_for_comments, createCallback_blog_style(id_object_id[i]['id'], ffwd, 'comments', "", ffwd_params, graph_url));
633	+ // do_something_with_data_blog_style(id_object_id[i]['comments'], id_object_id[i]['id'], ffwd, 'comments', "", ffwd_params, graph_url);
634	+ //jQuery.getJSON(id_object_id[i]['comments'], createCallback_blog_style(id_object_id[i]['id'], ffwd, 'comments', "", ffwd_params, graph_url));
635	+ //jQuery.getJSON(graph_url_for_who_post, createCallback_blog_style(id_object_id[i], ffwd, 'who_post', owner_info, ffwd_params));
636	+ //
637	+ //do_something_with_data_blog_style(id_object_id[i]['who_post'], id_object_id[i], ffwd, 'who_post', owner_info, ffwd_params, graph_url);
638	+ }
639	do_something_with_data_blog_style(id_object_id[i]['who_post'], id_object_id[i], ffwd, 'who_post', owner_info, ffwd_params, graph_url);
640	}
641	}

js/ffwd_gallery_box.js CHANGED Viewed

	@@ -124,11 +124,11 @@ function ffwd_get_passed_time_popup(time) {
124	}
125	}
126
127	- function ffwd_time(object) {
128	var date_format = ffwd_options["post_date_format"];
129	- if(object["type"] == "events")
130	date_format = ffwd_options["event_date_format"];
131	-
132	date = ffwd_set_timezone_format(ffwd_date_timezone_offset, date_format, object["created_time"]);
133	return date;
134	}


124	}
125	}
126
127	+ function ffwd_time( object ) {
128	var date_format = ffwd_options["post_date_format"];
129	+ if ( object["type"] == 'events' ) {
130	date_format = ffwd_options["event_date_format"];
131	+ }
132	date = ffwd_set_timezone_format(ffwd_date_timezone_offset, date_format, object["created_time"]);
133	return date;
134	}

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: customizable facebook feed, facebook, facebook feed, facebook group, faceb
4	Requires at least: 3.4
5	Requires PHP: 5.2
6	Tested up to: 5.8
7	- Stable tag: 1.2.3
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -104,6 +104,13 @@ If you think you found a bug in 10Web Facebook Feed or have any problem/question
104	The plugin uses Facebook API to get public data from Facebook. All the received data is cached in WordPress database for some short customizable period to provide optimization. You can delete or update cached data. You can optionally enable like button for Facebook page. If you do so, Facebook will load some JS and embedded content which may track visitors. Facebook embeds are regulated under terms of Facebook privacy policy https://www.facebook.com/policy.php.
105
106	== Changelog ==







107	= 1.2.3 =
108	* Fixed: Broken images on album view.
109	* Fixed: Comments and likes count.


4	Requires at least: 3.4
5	Requires PHP: 5.2
6	Tested up to: 5.8
7	+ Stable tag: 1.2.4
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

104	The plugin uses Facebook API to get public data from Facebook. All the received data is cached in WordPress database for some short customizable period to provide optimization. You can delete or update cached data. You can optionally enable like button for Facebook page. If you do so, Facebook will load some JS and embedded content which may track visitors. Facebook embeds are regulated under terms of Facebook privacy policy https://www.facebook.com/policy.php.
105
106	== Changelog ==
107	+ = 1.2.4 =
108	+ * Fixed: XSS vulnerability.
109	+ * Fixed: Statuses data in timeline is not available.
110	+ * Fixed: "Image Onclick" option not working properly.
111	+ * Fixed: Error when connecting pages.
112	+ * Fixed: Delete data from DB on reset cache.
113	+
114	= 1.2.3 =
115	* Fixed: Broken images on album view.
116	* Fixed: Comments and likes count.

WD Facebook Feed – Custom Facebook Feed Plugin - Version 1.2.4

Version Description

Release Info

Code changes from version 1.2.3 to 1.2.4