WP to Twitter - Version 3.6.2

Version Description

Bug fix: YOURLS returns a 400 error if a URL is re-submitted, but WP to Twitter only handled JSON object if a 200 was returned.
Bug fix: Provide context labels for wp_die and die calls
Bug fix: Hum shortener threw errors if you attempted to shorten a link, since it only works for posts.
Bug fix: Missing sanitization in AJAX Tweet requests from admin.
Bug fix: Correctly handle YOURLS url shortening requests when there is already an existing shortened URL for that path.

Release Info

Developer	joedolson
Plugin	WP to Twitter
Version	3.6.2
Comparing to
See all releases

Code changes from version 3.6.1 to 3.6.2

Files changed (5) hide show

readme.txt +15 -7
wp-to-twitter-manager.php +1 -1
wp-to-twitter-shorteners.php +37 -7
wp-to-twitter.php +5 -5
wpt-functions.php +4 -3

readme.txt CHANGED Viewed

	@@ -1,13 +1,13 @@
1	=== WP to Twitter ===
2	Contributors: joedolson
3	- Donate link: ~~http~~://www.joedolson.com/donate/
4	Tags: twitter, microblogging, bitly, yourls, redirect, shortener, post, links, social, sharing, media, tweet
5	Requires at least: 4.9.8
6	- Tested up to: 6.0
7	Requires PHP: 5.6
8	License: GPLv2 or later
9	Text Domain: wp-to-twitter
10	- Stable tag: 3.6.1
11
12	Posts a Twitter update when you update your WordPress blog or add a link, with your chosen URL shortening service.
13
	@@ -31,15 +31,15 @@ WP to Twitter uses a customizable Tweet template for Tweets sent when updating o
31	* Use alternate URLs in place of post permalinks
32	* Support for Google Analytics
33	* Support for XMLRPC remote clients
34	- * ~~Select~~ ~~from~~ YOURLS~~, Goo~~.gl, Bit.ly, jotURL, or Su.pr as external URL shorteners.
35	* Rate limiting: make sure you don't exceed Twitter's API rate limits.
36
37	= Premium Features =
38
39	- Upgrade to [WP Tweets Pro](~~http~~://www.joedolson.com/wp-tweets-pro/) for extra features, including:
40
41	* Authors can set up their own Twitter accounts in their profiles
42	- * Time delayed Tweeting
43	* Scheduled Tweet management
44	* Simultaneously Tweet to site and author Twitter accounts
45	* Preview and Tweet comments
	@@ -48,7 +48,7 @@ Upgrade to [WP Tweets Pro](http://www.joedolson.com/wp-tweets-pro/) for extra fe
48	* Integrated Twitter Card support
49	* Support for Player Cards with integrated captions
50	* Automatically schedule Tweets of old posts
51	- * [Get a license for WP Tweets PRO!](~~http~~://www.joedolson.com/wp-tweets-pro/)
52
53	Want to stay up to date on WP to Twitter? [Follow me on Twitter!](https://twitter.com/joedolson)
54
	@@ -64,6 +64,14 @@ Check out my <a href="https://github.com/joedolson/plugin-extensions/tree/master
64
65	== Changelog ==
66








67	= 3.6.1 =
68
69	* Bug fix: Don't expect a nonce or attempt to handle post meta if post not submitted from WordPress admin.


1	=== WP to Twitter ===
2	Contributors: joedolson
3	+ Donate link: https://www.joedolson.com/donate/
4	Tags: twitter, microblogging, bitly, yourls, redirect, shortener, post, links, social, sharing, media, tweet
5	Requires at least: 4.9.8
6	+ Tested up to: 6.1
7	Requires PHP: 5.6
8	License: GPLv2 or later
9	Text Domain: wp-to-twitter
10	+ Stable tag: 3.6.2
11
12	Posts a Twitter update when you update your WordPress blog or add a link, with your chosen URL shortening service.
13

31	* Use alternate URLs in place of post permalinks
32	* Support for Google Analytics
33	* Support for XMLRPC remote clients
34	+ * Use [YOURLS](https://yourls.org), [Bit.ly]you(https://wordpress.org/plugins/codehaveli-bitly-url-shortener/), [jotURL](https://joturl.com), or [Hum](https://wordpress.org/plugins/hum/) as external URL shorteners.
35	* Rate limiting: make sure you don't exceed Twitter's API rate limits.
36
37	= Premium Features =
38
39	+ [Upgrade to WP Tweets Pro](https://www.joedolson.com/wp-tweets-pro/) for extra features, including:
40
41	* Authors can set up their own Twitter accounts in their profiles
42	+ * Time delayed Tweeting
43	* Scheduled Tweet management
44	* Simultaneously Tweet to site and author Twitter accounts
45	* Preview and Tweet comments

48	* Integrated Twitter Card support
49	* Support for Player Cards with integrated captions
50	* Automatically schedule Tweets of old posts
51	+ * [Get a license for WP Tweets PRO!](https://www.joedolson.com/wp-tweets-pro/)
52
53	Want to stay up to date on WP to Twitter? [Follow me on Twitter!](https://twitter.com/joedolson)
54

64
65	== Changelog ==
66
67	+ = 3.6.2 =
68	+
69	+ * Bug fix: YOURLS returns a 400 error if a URL is re-submitted, but WP to Twitter only handled JSON object if a 200 was returned.
70	+ * Bug fix: Provide context labels for wp_die and die calls
71	+ * Bug fix: Hum shortener threw errors if you attempted to shorten a link, since it only works for posts.
72	+ * Bug fix: Missing sanitization in AJAX Tweet requests from admin.
73	+ * Bug fix: Correctly handle YOURLS url shortening requests when there is already an existing shortened URL for that path.
74	+
75	= 3.6.1 =
76
77	* Bug fix: Don't expect a nonce or attempt to handle post meta if post not submitted from WordPress admin.

wp-to-twitter-manager.php CHANGED Viewed

	@@ -25,7 +25,7 @@ function wpt_updated_settings() {
25
26	$nonce = $_REQUEST['_wpnonce'];
27	if ( ! wp_verify_nonce( $nonce, 'wp-to-twitter-nonce' ) ) {
28	- ~~die~~( 'Security check failed' );
29	}
30	if ( isset( $_POST['oauth_settings'] ) ) {
31	$post = map_deep( $_POST, 'sanitize_text_field' );


25
26	$nonce = $_REQUEST['_wpnonce'];
27	if ( ! wp_verify_nonce( $nonce, 'wp-to-twitter-nonce' ) ) {
28	+ wp_die( 'WP to Twitter: Security check failed' );
29	}
30	if ( isset( $_POST['oauth_settings'] ) ) {
31	$post = map_deep( $_POST, 'sanitize_text_field' );

wp-to-twitter-shorteners.php CHANGED Viewed

	@@ -38,6 +38,16 @@ if ( ! function_exists( 'wpt_shorten_url' ) ) {
38
39	return $shrink;
40	}










41	$url = apply_filters( 'wpt_shorten_link', $url, $shortener, $post_ID );
42	if ( false === $testmode ) {
43	if ( '1' === get_option( 'use-twitter-analytics' ) \|\| '1' === get_option( 'use_dynamic_analytics' ) ) {
	@@ -86,7 +96,19 @@ if ( ! function_exists( 'wpt_shorten_url' ) ) {
86	// custom word setting.
87	$keyword_format = ( '1' === get_option( 'jd_keyword_format' ) ) ? $post_ID : '';
88	$keyword_format = ( '2' === get_option( 'jd_keyword_format' ) ) ? get_post_meta( $post_ID, '_yourls_keyword', true ) : $keyword_format;
89	- ~~// Generate and grab the short url.~~












90	$shrink = apply_filters( 'wpt_do_shortening', false, $shortener, $url, $post_title, $post_ID, $testmode );
91	// if an add-on has shortened the link, skip shortening.
92	$error = false;
	@@ -96,7 +118,7 @@ if ( ! function_exists( 'wpt_shorten_url' ) ) {
96	$shrink = $url;
97	break;
98	case 2: // updated to v3 3/31/2010.
99	- // v3 is ~~being~~ ~~sunsetted 3/31/2020~~. ~~Option to enable removed 7~~/4/~~2019.~~
100	$bitlyurl = get_post_meta( $post_ID, '_wbitly_shorturl', true );
101	if ( ! empty( $bitlyurl ) ) {
102	$shrink = $bitlyurl;
	@@ -171,6 +193,7 @@ if ( ! function_exists( 'wpt_shorten_url' ) ) {
171
172	$api_url = add_query_arg( $args, $yourlsurl );
173	$json = wpt_remote_json( $api_url, false );

174	if ( is_object( $json ) ) {
175	$shrink = $json->shorturl;
176	} else {
	@@ -227,17 +250,24 @@ if ( ! function_exists( 'wpt_shorten_url' ) ) {
227	break;
228	case 11:
229	// Hum URL shortener.
230	- if ( ~~class_exists(~~ ~~'Hum'~~ ) ~~&& method_exists( 'Hum', 'get_shortlink' ) )~~ {
231	- ~~$hum =~~ ~~new~~ ~~Hum;~~
232	- $shrink = $hum->get_shortlink( $url, $post_ID, 'post', true );
233	- } else {
234	$shrink = $url;








235	}
236	break;
237	default:
238	$shrink = $url;
239	}
240	}

241	if ( $error ) {
242	update_option( 'wpt_shortener_status', "$shrink : $error" );
243	}
	@@ -305,7 +335,7 @@ if ( ! function_exists( 'wpt_shorten_url' ) ) {
305	$token = get_option( 'yourlstoken' );
306	if ( $token ) {
307	$decoded = wpt_remote_json( $yourl_api . "?action=expand&shorturl=$short_url&format=json&signature=$token" );
308	- if ( '404' === (string) $decoded ) {
309	$short_url = urldecode( $short_url );
310	if ( false === stripos( $short_url, 'https://' ) ) {
311	// Yourls will throw an error for mismatched protocol.


38
39	return $shrink;
40	}
41	+ /**
42	+ * Make modifications to URLs prior to shortening.
43	+ *
44	+ * @hook wpt_shorten_link
45	+ * @param {string} $url Full permalink URL to post.
46	+ * @param {string} $shortener Shortener selected in settings.
47	+ * @param {int} $post_ID Post ID.
48	+ *
49	+ * @return {string}
50	+ */
51	$url = apply_filters( 'wpt_shorten_link', $url, $shortener, $post_ID );
52	if ( false === $testmode ) {
53	if ( '1' === get_option( 'use-twitter-analytics' ) \|\| '1' === get_option( 'use_dynamic_analytics' ) ) {

96	// custom word setting.
97	$keyword_format = ( '1' === get_option( 'jd_keyword_format' ) ) ? $post_ID : '';
98	$keyword_format = ( '2' === get_option( 'jd_keyword_format' ) ) ? get_post_meta( $post_ID, '_yourls_keyword', true ) : $keyword_format;
99	+ /**
100	+ * Apply a custom shortener to your Tweet. Return false to allow the settings to parse the URL or a URL to shortcircuit plugin settings.
101	+ *
102	+ * @hook wpt_do_shortening
103	+ * @param {bool} $shrink False prior to shortening.
104	+ * @param {string} $shortener Shortener selected in settings.
105	+ * @param {string} $url Full permalink URL to post.
106	+ * @param {string} $post_title Title of source post.
107	+ * @param {int} $post_ID Post ID.
108	+ * @param {bool} $testmode True if running a test of WP to twitter.
109	+ *
110	+ * @return {string}
111	+ */
112	$shrink = apply_filters( 'wpt_do_shortening', false, $shortener, $url, $post_title, $post_ID, $testmode );
113	// if an add-on has shortened the link, skip shortening.
114	$error = false;

118	$shrink = $url;
119	break;
120	case 2: // updated to v3 3/31/2010.
121	+ // Bitly supported via https://wordpress.org/plugins/codehaveli-bitly-url-shortener/.
122	$bitlyurl = get_post_meta( $post_ID, '_wbitly_shorturl', true );
123	if ( ! empty( $bitlyurl ) ) {
124	$shrink = $bitlyurl;

193
194	$api_url = add_query_arg( $args, $yourlsurl );
195	$json = wpt_remote_json( $api_url, false );
196	+
197	if ( is_object( $json ) ) {
198	$shrink = $json->shorturl;
199	} else {

250	break;
251	case 11:
252	// Hum URL shortener.
253	+ if ( $testmode ) {
254	+ // Hum does not support shortening links without IDs.


255	$shrink = $url;
256	+ } else {
257	+ if ( class_exists( 'Hum' ) && method_exists( 'Hum', 'get_shortlink' ) ) {
258	+ $hum = new Hum;
259	+ $shrink = $hum->get_shortlink( $url, $post_ID, 'post', true );
260	+
261	+ } else {
262	+ $shrink = $url;
263	+ }
264	}
265	break;
266	default:
267	$shrink = $url;
268	}
269	}
270	+
271	if ( $error ) {
272	update_option( 'wpt_shortener_status', "$shrink : $error" );
273	}

335	$token = get_option( 'yourlstoken' );
336	if ( $token ) {
337	$decoded = wpt_remote_json( $yourl_api . "?action=expand&shorturl=$short_url&format=json&signature=$token" );
338	+ if ( '404' === (string) $decoded['errorCode'] ) {
339	$short_url = urldecode( $short_url );
340	if ( false === stripos( $short_url, 'https://' ) ) {
341	// Yourls will throw an error for mismatched protocol.

wp-to-twitter.php CHANGED Viewed

	@@ -17,7 +17,7 @@
17	* License: GPL-2.0+
18	* License URI: http://www.gnu.org/license/gpl-2.0.txt
19	* Domain Path: lang
20	- * Version: 3.6.1
21	*/
22
23	/*
	@@ -65,7 +65,7 @@ require_once( plugin_dir_path( __FILE__ ) . 'wpt-widget.php' );
65	require_once( plugin_dir_path( __FILE__ ) . 'wpt-rate-limiting.php' );
66
67	global $wpt_version;
68	- $wpt_version = '3.6.1';
69
70	add_action( 'init', 'wpt_load_textdomain' );
71	/**
	@@ -1596,8 +1596,8 @@ function wpt_ajax_tweet() {
1596	die;
1597	}
1598	$action = ( 'tweet' === $_REQUEST['tweet_action'] ) ? 'tweet' : 'schedule';
1599	- $authors = ( isset( $_REQUEST['tweet_auth'] ) && null !== $_REQUEST['tweet_auth'] ) ? $_REQUEST['tweet_auth'] : false;
1600	- $upload = ( isset( $_REQUEST['tweet_upload'] ) && null !== $_REQUEST['tweet_upload'] ) ? $_REQUEST['tweet_upload'] : '1';
1601	$current_user = wp_get_current_user();
1602	if ( function_exists( 'wpt_pro_exists' ) && wpt_pro_exists() ) {
1603	if ( wtt_oauth_test( $current_user->ID, 'verify' ) ) {
	@@ -1718,7 +1718,7 @@ function wpt_save_post( $id, $post ) {
1718	if ( isset( $_POST['wp_to_twitter_meta'] ) ) {
1719	$nonce = ( isset( $_POST['wp_to_twitter_nonce'] ) ) ? $_POST['wp_to_twitter_nonce'] : false;
1720	if ( ! ( $nonce && wp_verify_nonce( $nonce, 'wp-to-twitter-nonce' ) ) ) {
1721	- ~~die~~( 'WP to Twitter: Security check failed' );
1722	}
1723	if ( isset( $_POST['_yourls_keyword'] ) ) {
1724	$yourls = sanitize_text_field( $_POST['_yourls_keyword'] );


17	* License: GPL-2.0+
18	* License URI: http://www.gnu.org/license/gpl-2.0.txt
19	* Domain Path: lang
20	+ * Version: 3.6.2
21	*/
22
23	/*

65	require_once( plugin_dir_path( __FILE__ ) . 'wpt-rate-limiting.php' );
66
67	global $wpt_version;
68	+ $wpt_version = '3.6.2';
69
70	add_action( 'init', 'wpt_load_textdomain' );
71	/**

1596	die;
1597	}
1598	$action = ( 'tweet' === $_REQUEST['tweet_action'] ) ? 'tweet' : 'schedule';
1599	+ $authors = ( isset( $_REQUEST['tweet_auth'] ) && null !== $_REQUEST['tweet_auth'] ) ? map_deep( $_REQUEST['tweet_auth'], 'sanitize_text_field' ) : false;
1600	+ $upload = ( isset( $_REQUEST['tweet_upload'] ) && null !== $_REQUEST['tweet_upload'] ) ? (int) $_REQUEST['tweet_upload'] : '1';
1601	$current_user = wp_get_current_user();
1602	if ( function_exists( 'wpt_pro_exists' ) && wpt_pro_exists() ) {
1603	if ( wtt_oauth_test( $current_user->ID, 'verify' ) ) {

1718	if ( isset( $_POST['wp_to_twitter_meta'] ) ) {
1719	$nonce = ( isset( $_POST['wp_to_twitter_nonce'] ) ) ? $_POST['wp_to_twitter_nonce'] : false;
1720	if ( ! ( $nonce && wp_verify_nonce( $nonce, 'wp-to-twitter-nonce' ) ) ) {
1721	+ wp_die( 'WP to Twitter: Security check failed' );
1722	}
1723	if ( isset( $_POST['_yourls_keyword'] ) ) {
1724	$yourls = sanitize_text_field( $_POST['_yourls_keyword'] );

wpt-functions.php CHANGED Viewed

	@@ -217,6 +217,7 @@ function wpt_handle_errors() {
217	</p>
218	</form>
219	</div>';

220	echo $error;
221	}
222	}
	@@ -400,7 +401,7 @@ function wpt_is_valid_url( $url ) {
400	* @param string $headers Headers to add.
401	* @param string $return Array key from fetched object to return.
402	*
403	- * @return value from query.
404	*/
405	function wpt_fetch_url( $url, $method = 'GET', $body = '', $headers = '', $return = 'body' ) {
406	$request = new WP_Http;
	@@ -422,7 +423,7 @@ function wpt_fetch_url( $url, $method = 'GET', $body = '', $headers = '', $retur
422	return $result;
423	}
424	} else {
425	- return $result['~~response~~']~~['code']~~;
426	}
427	// Failure (server problem...).
428	} else {
	@@ -674,7 +675,7 @@ $plugins_string
674	if ( isset( $_POST['wpt_support'] ) ) {
675	$nonce = $_REQUEST['_wpnonce'];
676	if ( ! wp_verify_nonce( $nonce, 'wp-to-twitter-nonce' ) ) {
677	- ~~die~~( 'Security check failed' );
678	}
679	$request = ( ! empty( $_POST['support_request'] ) ) ? stripslashes( sanitize_textarea_field( $_POST['support_request'] ) ) : false;
680	$has_donated = ( isset( $_POST['has_donated'] ) ) ? 'Donor' : 'No donation';


217	</p>
218	</form>
219	</div>';
220	+
221	echo $error;
222	}
223	}

401	* @param string $headers Headers to add.
402	* @param string $return Array key from fetched object to return.
403	*
404	+ * @return string\|false value from query.
405	*/
406	function wpt_fetch_url( $url, $method = 'GET', $body = '', $headers = '', $return = 'body' ) {
407	$request = new WP_Http;

423	return $result;
424	}
425	} else {
426	+ return $result['body'];
427	}
428	// Failure (server problem...).
429	} else {

675	if ( isset( $_POST['wpt_support'] ) ) {
676	$nonce = $_REQUEST['_wpnonce'];
677	if ( ! wp_verify_nonce( $nonce, 'wp-to-twitter-nonce' ) ) {
678	+ wp_die( 'WP to Twitter: Security check failed' );
679	}
680	$request = ( ! empty( $_POST['support_request'] ) ) ? stripslashes( sanitize_textarea_field( $_POST['support_request'] ) ) : false;
681	$has_donated = ( isset( $_POST['has_donated'] ) ) ? 'Donor' : 'No donation';