Plugin Directory


Ignore:
Timestamp:
11/11/2014 03:12:17 AM (10 years ago)
Author:
k3davis
Message:

security and google breakage redux

Location:
google-document-embedder
Files:
74 added
5 edited
1 moved

Legend:

Unmodified
Added
Removed
  • google-document-embedder/trunk/gviewer.php

    r939380 r1023572  
    99Text Domain: gde
    1010Domain Path: /languages/
    11 Version: 2.5.14
     11Version: 2.5.15
    1212License: GPLv2
    1313*/
     
    3333 * @package    google-document-embedder
    3434 * @author     Kevin Davis <wpp@tnw.org>
    35  * @copyright  Copyright 2013 Kevin Davis
     35 * @copyright  Copyright 2014 Kevin Davis
    3636 * @license    http://www.gnu.org/licenses/gpl.txt GPL 2.0
    3737 * @link       http://www.davistribe.org/gde/
     
    3939
    4040// boring init junk
    41 $gde_ver                = "2.5.14.98";
     41$gde_ver                = "2.6.0.01";
    4242$gde_db_ver             = "1.2";        // update also in gde_activate()
    4343
     
    239239       
    240240            // which viewer?
    241             if ( $profile['viewer'] == "enhanced" ) {
    242                 $lnk = GDE_PLUGIN_URL . "view.php?url=" . urlencode( $links[0] ) . "&hl=" . $lang . "&gpid=" . $pid;
     241            //if ( $profile['viewer'] == "enhanced" ) {
     242            //  $lnk = GDE_PLUGIN_URL . "view.php?url=" . urlencode( $links[0] ) . "&hl=" . $lang . "&gpid=" . $pid;
    243243                // make protocol-agnostic
    244                 $lnk = preg_replace( '/^https?:/i', '', $lnk );
    245             } else {
     244            //  $lnk = preg_replace( '/^https?:/i', '', $lnk );
     245            //} else {
    246246                $lnk = "//docs.google.com/viewer?url=" . urlencode( $links[0]  ) . "&hl=" . $lang;
    247             }
     247            //}
    248248           
    249249            // what mode?
    250             if ( $profile['tb_mobile'] == "always" ) {
    251                 $lnk .= "&mobile=true";
    252             } else {
     250            //if ( $profile['tb_mobile'] == "always" ) {
     251            //  $lnk .= "&mobile=true";
     252            //} else {
    253253                $lnk .= "&embedded=true";
    254             }
     254            //}
    255255           
    256256            // build viewer
  • google-document-embedder/trunk/js/gde-jquery.js

    r889795 r1023572  
    101101        allowSecure();
    102102    });
     103    $('#block').click(function() {
     104        if (($('#block').is(':checked')) && ($('#gdet_h').is(':checked'))) {
     105            $('#gdet_n').attr('checked', false);
     106        }
     107    });
    103108   
    104109    $('#vw_bgcolor').attr('data-default-color', '#EBEBEB');
     
    153158        var isSecurable = false;
    154159        if ($('#link_show').val() == "none") {
    155             if ($('#gdet_n').is(':checked') && $('#tb_fullscr').val() !== "default") {
     160            if ($('#gdet_h').is(':checked')) {
     161                isSecurable = true;
     162            } else if (! $('#gdet_h').is(':checked') && $('#tb_fullscr').val() !== "default") {
    156163                isSecurable = true;
    157164            } else if (! $('#gdet_n').is(':checked')) {
     
    163170        } else {
    164171            $('#linkblock').hide();
     172            $('#block').attr('checked', false);
    165173        }
    166174    }
  • google-document-embedder/trunk/libs/lib-eddialog.php

    r787790 r1023572  
    11<?php
     2
     3// make it work with localization (ie cyrillic languages)
     4header('Content-type: text/html; charset=UTF-8');
    25
    36// access wp functions externally
  • google-document-embedder/trunk/libs/lib-profile.php

    r889795 r1023572  
    5353<?php
    5454    gde_profile_option( $p['viewer'], 'standard', __('Standard Viewer', 'gde'), __('Embed the basic viewer only', 'gde') );
    55     gde_profile_option( $p['viewer'], 'enhanced', __('Enhanced Viewer', 'gde'), __('Enable extended viewer options', 'gde') );
     55    //gde_profile_option( $p['viewer'], 'enhanced', __('Enhanced Viewer', 'gde'), __('Enable extended viewer options', 'gde') );
    5656?>
    5757                        </select><br/>
     
    6161            </tbody>
    6262        </table>
    63        
     63        <!--
    6464        <fieldset class="gde-inner<?php echo $hideenh; ?>" id="gde-enh-fs">
    6565            <legend><?php _e('Enhanced Viewer Settings', 'gde'); ?></legend>
     
    159159            </table>
    160160        </fieldset>
    161        
     161        -->
    162162        <table class="form-table">
    163163            <tbody>
  • google-document-embedder/trunk/readme.txt

    r939380 r1023572  
    55Donate link: http://www.davistribe.org/gde/donate/
    66Requires at least: 3.5
    7 Tested up to: 3.9
     7Tested up to: 4.0
    88Stable tag: trunk
    99License: GPLv2 or later
     
    1212
    1313== Description ==
     14
     15**NOTE: A recent unannounced Google Viewer update removed much of the functionality of this plugin. Pending a rewrite of the Enhanced Viewer functionality or
     16finding another maintainer, this plugin only works in "Standard Viewer" mode for the time being and does not support the full feature set documented. I regret
     17this inconvenience.**
    1418
    1519Google Doc Embedder lets you embed several types of files into your WordPress pages using the Google Docs Viewer - allowing inline viewing (and optional downloading) of the following file types, with no Flash or PDF browser plug-ins required:
     
    4751* French (fr\_FR) by [Erwan](http://profiles.wordpress.org/erwanlescop "Erwan"), thanks!
    4852* Hungarian (hu\_HU) by [szemcse](http://profiles.wordpress.org/szemcse "szemcse"), thanks!
     53* Italian (it\_IT) by [Marco](https://plus.google.com/+MarcoMardegan "Marco"), thanks!
    4954* Russian (ru\_RU) by J&#243;zek, thanks!
    5055* Spanish (es\_ES) by [elarequi](http://elarequi.com/propuestastic/ "elarequi"), thanks!
     
    136141
    137142(E) Enhanced Viewer
     143
     144= 2.5.15 =
     145* Removed: Enhanced Viewer and moble option, pending rewrite after Google breakage
     146* Added: Italian translation (thanks Marco)
     147* Fixed: Potential block download and hidden toolbar conflict (thanks Tom)
     148* Fixed: Garbled Cyrillic text in editor dialog (thanks bones852)
    138149
    139150= 2.5.14 =
     
    218229* Fixed: Erroneous error message when file validation is blocked
    219230
    220 = 2.5 =
    221 * Added: "Profiles" allow each viewer instance to have its own settings
    222 * Added: (E) Private document support (block downloads of source file)
    223 * Added: (E) Customize viewer color scheme
    224 * Added: (E) Full toolbar customization, including removal
    225 * Added: Backup/Import of settings and viewer profiles
    226 * Added: page= shortcode attribute to start viewer on designated page
    227 * Added: Beta delivery API for automatic updates of pre-release versions
    228 * Added: Media Library and editor integration improvements
    229 * Added: Support for dynamic protocol document links (thanks Clifford)
    230 * Added: French translation (thanks Erwan)
    231 * Added: Ukrainian translation (thanks J&#243;zek)
    232 * Fixed: Uses WordPress HTTP API instead of cURL etc. throughout
    233 * Fixed: (E) Hidden toolbar buttons still narrowly clickable (thanks rohan)
    234 * Fixed: Editor dialog and default base URL with non-standard include
    235 * Fixed: File validation fails if content-length missing (thanks paulod)
    236 * Fixed: Invalid HTML in support form
    237 * Changed: Completely rewritten core and administrative interface
    238 * Changed: (E) Improved default viewer toolbar style
    239 * Changed: Now requires WordPress 3.2+ (due to necessary PHP5 functions)
    240 * Changed: Errors now show inline instead of as HTML comments by default
    241 * Removed: force= shortcode attribute (redundant and confusing)
    242 
    243231[Full history...](http://www.davistribe.org/gde/changelog/ "Full history")
    244232
  • google-document-embedder/trunk/~view.php

    r889795 r1023572  
    5050    // get profile
    5151    if ( isset( $_GET['gpid'] ) ) {
    52         if ( $profile = gde_get_profile( $_GET['gpid'] ) ) {
     52        $gpid = mysql_real_escape_string( $_GET['gpid'] );
     53        if ( $profile = gde_get_profile( $gpid ) ) {
    5354            $tb = $profile['tb_flags'];
    5455            $vw = $profile['vw_flags'];
Note: See TracChangeset for help on using the changeset viewer.