Version Description
Fixed: Security issue.
Download this release
Release Info
| Developer | 10web |
| Plugin |  WD Instagram Feed – Instagram Gallery |
| Version | 1.4.29 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4.28 to 1.4.29
- config.php +1 -1
- frontend/views/WDIViewGalleryBox.php +4 -6
- readme.txt +4 -1
- wd-instagram-feed.php +9 -1
- wd/includes/deactivate.php +3 -0
config.php
CHANGED
|
@@ -3,7 +3,7 @@ if ( !defined('ABSPATH') ) {
|
|
| 3 |
exit;
|
| 4 |
}
|
| 5 |
|
| 6 |
-
define('WDI_VERSION', '1.4.
|
| 7 |
define('WDI_IS_FREE', TRUE);
|
| 8 |
define('WDI_PREFIX', 'wdi');
|
| 9 |
define('WDI_DIR', WP_PLUGIN_DIR . "/" . plugin_basename(dirname(__FILE__)));
|
| 3 |
exit;
|
| 4 |
}
|
| 5 |
|
| 6 |
+
define('WDI_VERSION', '1.4.29');
|
| 7 |
define('WDI_IS_FREE', TRUE);
|
| 8 |
define('WDI_PREFIX', 'wdi');
|
| 9 |
define('WDI_DIR', WP_PLUGIN_DIR . "/" . plugin_basename(dirname(__FILE__)));
|
frontend/views/WDIViewGalleryBox.php
CHANGED
|
@@ -60,8 +60,7 @@ class WDIViewGalleryBox {
|
|
| 60 |
$current_image_index = WDILibrary::get('current_image_index', 0, 'intval', 'POST');
|
| 61 |
$theme_id = (isset($current_feed['theme_id']) ? esc_html($current_feed['theme_id']) : 1);
|
| 62 |
|
| 63 |
-
$carousel_media_row = isset($_POST["carousel_media_row"]) ?
|
| 64 |
-
$carousel_media_row = str_replace(""", '"', $carousel_media_row);
|
| 65 |
$carousel_media = json_decode(stripslashes($carousel_media_row), true);
|
| 66 |
$carousel_media = WDILibrary::get('', $carousel_media, 'sanitize_text_field', '');
|
| 67 |
$carousel_media = is_array($carousel_media) ? $carousel_media : array();
|
|
@@ -131,10 +130,9 @@ class WDIViewGalleryBox {
|
|
| 131 |
$image_filmstrip_width = 0;
|
| 132 |
}
|
| 133 |
|
| 134 |
-
$json = isset($_POST['image_rows']) ?
|
| 135 |
-
$json = str_replace(""", '"', $json);
|
| 136 |
-
|
| 137 |
$image_rows = json_decode(stripslashes($json));
|
|
|
|
| 138 |
$image_rows_count = WDILibrary::get('image_rows_count', 0, 'intval', 'POST');//parseint
|
| 139 |
$image_rows = WDILibrary::arrayToObject($image_rows);
|
| 140 |
|
|
@@ -356,7 +354,7 @@ class WDIViewGalleryBox {
|
|
| 356 |
<div class="wdi_carousel_btn_content">
|
| 357 |
<?php foreach($carousel_media as $key => $media){
|
| 358 |
$class = ($key == 0 ? "active" : ($key > 9 ? "small" : "")); ?>
|
| 359 |
-
<span class="<?php echo $class; ?>" data-id="<?php echo $key; ?>"></span>
|
| 360 |
<?php } ?>
|
| 361 |
</div>
|
| 362 |
</div>
|
| 60 |
$current_image_index = WDILibrary::get('current_image_index', 0, 'intval', 'POST');
|
| 61 |
$theme_id = (isset($current_feed['theme_id']) ? esc_html($current_feed['theme_id']) : 1);
|
| 62 |
|
| 63 |
+
$carousel_media_row = isset($_POST["carousel_media_row"]) ? $_POST["carousel_media_row"] : '';
|
|
|
|
| 64 |
$carousel_media = json_decode(stripslashes($carousel_media_row), true);
|
| 65 |
$carousel_media = WDILibrary::get('', $carousel_media, 'sanitize_text_field', '');
|
| 66 |
$carousel_media = is_array($carousel_media) ? $carousel_media : array();
|
| 130 |
$image_filmstrip_width = 0;
|
| 131 |
}
|
| 132 |
|
| 133 |
+
$json = isset($_POST['image_rows']) ? $_POST['image_rows']: '';
|
|
|
|
|
|
|
| 134 |
$image_rows = json_decode(stripslashes($json));
|
| 135 |
+
$image_rows = WDILibrary::get('', $image_rows, 'sanitize_text_field', '');
|
| 136 |
$image_rows_count = WDILibrary::get('image_rows_count', 0, 'intval', 'POST');//parseint
|
| 137 |
$image_rows = WDILibrary::arrayToObject($image_rows);
|
| 138 |
|
| 354 |
<div class="wdi_carousel_btn_content">
|
| 355 |
<?php foreach($carousel_media as $key => $media){
|
| 356 |
$class = ($key == 0 ? "active" : ($key > 9 ? "small" : "")); ?>
|
| 357 |
+
<span class="<?php echo $class; ?>" data-id="<?php echo esc_attr($key); ?>"></span>
|
| 358 |
<?php } ?>
|
| 359 |
</div>
|
| 360 |
</div>
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Tags: custom instagram feed, feed, instagram, hashtag, Instagram feed, instagram
|
|
| 4 |
Requires at least: 3.9
|
| 5 |
Requires PHP: 5.2
|
| 6 |
Tested up to: 5.8
|
| 7 |
-
Stable tag: 1.4.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -505,6 +505,9 @@ Please make sure you don't have any important information before you proceed.
|
|
| 505 |
10Web Social Photo Feed for Instagram plugin uses Instagram API on website front end. You have to authorize the plugin via sign in to get data from Instagram on your behalf. The plugin does not send any user’s data to Instagram. All the data received from Instagram via API is cached in WordPress database for some short customizable period to provide front end optimization. You can delete or update cached data. Instagram saves some cookies in browsers of website visitors via API data. These cookies are mostly used for security purposes. They are regulated under terms of Instagram’s privacy policy https://instagram.com/legal/privacy. The plugin asks for your consent to collect site administrator’s email address and site URL to offer customer support, deals and discounts on premium products and more.
|
| 506 |
|
| 507 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 508 |
= 1.4.28 =
|
| 509 |
Fixed: Security issue.
|
| 510 |
|
| 4 |
Requires at least: 3.9
|
| 5 |
Requires PHP: 5.2
|
| 6 |
Tested up to: 5.8
|
| 7 |
+
Stable tag: 1.4.29
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 505 |
10Web Social Photo Feed for Instagram plugin uses Instagram API on website front end. You have to authorize the plugin via sign in to get data from Instagram on your behalf. The plugin does not send any user’s data to Instagram. All the data received from Instagram via API is cached in WordPress database for some short customizable period to provide front end optimization. You can delete or update cached data. Instagram saves some cookies in browsers of website visitors via API data. These cookies are mostly used for security purposes. They are regulated under terms of Instagram’s privacy policy https://instagram.com/legal/privacy. The plugin asks for your consent to collect site administrator’s email address and site URL to offer customer support, deals and discounts on premium products and more.
|
| 506 |
|
| 507 |
== Changelog ==
|
| 508 |
+
= 1.4.29 =
|
| 509 |
+
Fixed: Security issue.
|
| 510 |
+
|
| 511 |
= 1.4.28 =
|
| 512 |
Fixed: Security issue.
|
| 513 |
|
wd-instagram-feed.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: 10Web Social Photo Feed
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-instagram-feed/?utm_source=instagram_feed&utm_medium=free_plugin
|
| 5 |
* Description: 10Web Social Photo Feed is a user-friendly tool for displaying user or hashtag-based feeds on your website. You can create feeds with one of the available layouts. It allows displaying image metadata, open up images in lightbox, download them and even share in social networking websites.
|
| 6 |
-
* Version: 1.4.
|
| 7 |
* Author: 10Web
|
| 8 |
* Author URI: https://10Web.io/plugins/?utm_source=instagram_feed&utm_medium=free_plugin
|
| 9 |
* License: GPLv2 or later
|
|
@@ -894,6 +894,14 @@ function wdi_elementor(){
|
|
| 894 |
}
|
| 895 |
|
| 896 |
function wdi_backend_ajax() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 897 |
require_once( WDI_DIR . '/framework/WDILibrary.php' );
|
| 898 |
$page = WDILibrary::get('page');
|
| 899 |
$action = WDILibrary::get('action');
|
| 3 |
* Plugin Name: 10Web Social Photo Feed
|
| 4 |
* Plugin URI: https://10web.io/plugins/wordpress-instagram-feed/?utm_source=instagram_feed&utm_medium=free_plugin
|
| 5 |
* Description: 10Web Social Photo Feed is a user-friendly tool for displaying user or hashtag-based feeds on your website. You can create feeds with one of the available layouts. It allows displaying image metadata, open up images in lightbox, download them and even share in social networking websites.
|
| 6 |
+
* Version: 1.4.29
|
| 7 |
* Author: 10Web
|
| 8 |
* Author URI: https://10Web.io/plugins/?utm_source=instagram_feed&utm_medium=free_plugin
|
| 9 |
* License: GPLv2 or later
|
| 894 |
}
|
| 895 |
|
| 896 |
function wdi_backend_ajax() {
|
| 897 |
+
if ( function_exists('current_user_can') ) {
|
| 898 |
+
if ( !current_user_can('manage_options') ) {
|
| 899 |
+
die('Access Denied');
|
| 900 |
+
}
|
| 901 |
+
}
|
| 902 |
+
else {
|
| 903 |
+
die('Access Denied');
|
| 904 |
+
}
|
| 905 |
require_once( WDI_DIR . '/framework/WDILibrary.php' );
|
| 906 |
$page = WDILibrary::get('page');
|
| 907 |
$action = WDILibrary::get('action');
|
wd/includes/deactivate.php
CHANGED
|
@@ -108,6 +108,9 @@ class TenWebLibDeactivate
|
|
| 108 |
|
| 109 |
public function submit_and_deactivate()
|
| 110 |
{
|
|
|
|
|
|
|
|
|
|
| 111 |
$wd_options = $this->config;
|
| 112 |
$submit_and_deactivate = WDILibrary::get($wd_options->prefix . "_submit_and_deactivate");
|
| 113 |
if ( !empty($submit_and_deactivate) ) {
|
| 108 |
|
| 109 |
public function submit_and_deactivate()
|
| 110 |
{
|
| 111 |
+
if ( !class_exists('WDILibrary') ) {
|
| 112 |
+
require_once(WDI_DIR . '/framework/WDILibrary.php');
|
| 113 |
+
}
|
| 114 |
$wd_options = $this->config;
|
| 115 |
$submit_and_deactivate = WDILibrary::get($wd_options->prefix . "_submit_and_deactivate");
|
| 116 |
if ( !empty($submit_and_deactivate) ) {
|
