Changes in linkworth-wp-plugin [2750802:2754739]

Location:

linkworth-wp-plugin

Files:

• tags/3.3.3 (added)
• tags/3.3.3/LinkWorth_WordPress.php (added)
• tags/3.3.3/lw_includes (added)
• tags/3.3.3/lw_includes/LinkWorth_MU.php (added)
• tags/3.3.3/lw_includes/LinkWorth_admin.php (added)
• tags/3.3.3/lw_includes/LinkWorth_parser.php (added)
• tags/3.3.3/readme.txt (added)
• trunk/LinkWorth_WordPress.php (modified) (7 diffs)
• trunk/lw_includes/LinkWorth_admin.php (modified) (19 diffs)
• trunk/readme.txt (modified) (1 diff)

linkworth-wp-plugin/trunk/LinkWorth_WordPress.php

@@ -5 +5 @@
 Description: LinkWorth Easy Link Syndication for WordPress and WPMU
 Author: LinkWorth
-Version: 3.3.3
+Version: 3.3.4
 Author URI: http://www.linkworth.com/
 License: GPLv2 or later
@@ -308 +308 @@
     }
 
-    function get_contents( $url )
-    {
-        global $lw_debug_information;
-
-        $lw_debug_information .= 'get_contents() running - '.$url.'++';
-
-        if( !empty( $url ) )
-        {
-            $curl_handle = curl_init();
-            curl_setopt( $curl_handle, CURLOPT_URL, $url );
-            curl_setopt( $curl_handle, CURLOPT_CONNECTTIMEOUT, 30 );
-            curl_setopt( $curl_handle, CURLOPT_RETURNTRANSFER, true );
-
-            if( @ini_get('open_basedir') == '' && @ini_get('safe_mode') == 'Off' )
-            {
-                curl_setopt( $curl_handle, CURLOPT_FOLLOWLOCATION, true );
-                curl_setopt( $curl_handle, CURLOPT_MAXREDIRS, 2 );
-            }
-
-            if( curl_exec( $curl_handle ) === false )
-            {
-                $curl_error = 'Curl error: ' . curl_error( $curl_handle );
-            }
-
-            $string = curl_exec( $curl_handle );
-            curl_close( $curl_handle );
-        }
-
-        if( isset( $_GET['debug'] ) )
-        {
-            if( !empty( $curl_error ) )
-            {
-                $lw_debug_information .= $curl_error.'++';
-            }
-
-            if( empty( $string ) )
-            {
-                $lw_debug_information .= 'get_contents() empty++';
-            }
-        }
-
-        return $string;
-    }
+    function get_contents($url)
+    {
+        global $lw_debug_information;
+
+        $string = '';
+        $wp_remote_get_error = '';
+
+        $lw_debug_information .= 'get_contents() running - '.$url.'++';
+
+        if (!empty($url)) {
+
+            $response = wp_remote_get($url);
+            $http_code = wp_remote_retrieve_response_code($response);
+
+            if ($http_code == '200') {
+
+                $string = wp_remote_retrieve_body($response);
+
+            } else {
+
+                $wp_remote_get_error = 'get_contents() error: ' . wp_remote_retrieve_header($response, 'status');
+            }
+        }
+
+        if (isset($_GET['debug'])) {
+
+            if (!empty($wp_remote_get_error)) {
+
+                $lw_debug_information .= $wp_remote_get_error.'++';
+            }
+
+            if (empty($string)) {
+
+                $lw_debug_information .= 'get_contents() empty++';
+            }
+        }
+
+        return $string;
+    }
 
     // ---------------------------------------------------------------------------------------
@@ -651 +647 @@
         }
 
-        if( function_exists( 'curl_init' ) )
+        if( function_exists( 'wp_remote_get' ) )
         {
             $support_array['can_get_ads'] = 1;
@@ -836 +832 @@
                         if( is_numeric( $ad['location'] ) )
                         {
-                            $page_uri = $_SERVER['REQUEST_URI'];
+                            $page_uri = htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, 'UTF-8');
 
                             if( is_home() || is_front_page() )
@@ -1163 +1159 @@
         {
             //SET DEFAULT VARIABLES
-            $current_url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
+            $current_url = $_SERVER['SERVER_NAME'] . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, 'UTF-8');
             $links = array();
             $tags = array();
@@ -1432 +1428 @@
         if( isset( $_POST['linkw-submit'] ) )
         {
-            $options['title'] = strip_tags( stripslashes( $_POST['linkw-title'] ) );
+            $options['title'] = strip_tags( stripslashes( htmlspecialchars($_POST['linkw-title'], ENT_QUOTES, 'UTF-8') ) );
             update_option( 'lw_widget', $options );
         }
@@ -1438 +1434 @@
         if( !empty( $options['title'] ) )
         {
-            $title = htmlspecialchars( $options['title'], ENT_QUOTES );
+            $title = $options['title'];
         }
         else

linkworth-wp-plugin/trunk/lw_includes/LinkWorth_admin.php

@@ -21 +21 @@
 
     //UPDATE DEALS
-    if( isset( $_POST['lw_update_deal_list'] ) )
+    if( isset( $_POST['lw_update_deal_list'] ) && wp_verify_nonce($_POST['update_general_settings_field'], 'update_general_settings_action') )
     {
         update_option( 'lw_cache_time', 0 );
@@ -32 +32 @@
 
     //DELETE SETTINGS
-    if( isset( $_POST['lw_delete_settings'] ) )
+    if( isset( $_POST['lw_delete_settings'] ) && wp_verify_nonce($_POST['update_advanced_options_field'], 'update_advanced_options_action') )
     {
         delete_option('lw_linkintxts');
@@ -46 +46 @@
         $billboard_base = 'pages';
     }
-    elseif( isset( $_POST['lw_update_settings'] ) )
+    elseif( isset( $_POST['lw_update_settings'] ) && wp_verify_nonce($_POST['update_advanced_options_field'], 'update_advanced_options_action') )
     {
         //PROCESS POST BEFOR UPDATING
@@ -72 +72 @@
             }
 
-            $updated_lw_options['loop_number'] = $_POST['lw_ops']['loop_number'];
-            $updated_lw_options['nocontentads'] = $_POST['lw_ops']['nocontentads'];
-            $updated_lw_options['debug'] = $_POST['lw_ops']['debug'];
-            $updated_lw_options['disable_silent'] = $_POST['lw_ops']['disable_silent'];
-            $updated_lw_options['lw_linkscale'] = $_POST['lw_ops']['lw_linkscale'];
+            $updated_lw_options['loop_number'] = sanitize_text_field($_POST['lw_ops']['loop_number']);
+            $updated_lw_options['nocontentads'] = sanitize_text_field($_POST['lw_ops']['nocontentads']);
+            $updated_lw_options['debug'] = sanitize_text_field($_POST['lw_ops']['debug']);
+            $updated_lw_options['disable_silent'] = sanitize_text_field($_POST['lw_ops']['disable_silent']);
+            $updated_lw_options['lw_linkscale'] = sanitize_text_field($_POST['lw_ops']['lw_linkscale']);
         }
         else
         {
-            $updated_lw_options['lw_sidebar'] = $_POST['lw_ops']['lw_sidebar'];
-            $updated_lw_options['lw_sidebarwidget'] = $_POST['lw_ops']['lw_sidebarwidget'];
+            $updated_lw_options['lw_sidebar'] = sanitize_text_field($_POST['lw_ops']['lw_sidebar']);
+            $updated_lw_options['lw_sidebarwidget'] = sanitize_text_field($_POST['lw_ops']['lw_sidebarwidget']);
             $updated_lw_options['lw_cssmod'] = 0;
-            $updated_lw_options['lw_linktype'] = $_POST['lw_ops']['lw_linktype'];
-            $updated_lw_options['lw_linkcolor'] = $_POST['lw_ops']['lw_linkcolor'];
-            $updated_lw_options['website_id'] = $_POST['lw_ops']['website_id'];
-            $updated_lw_options['website_hash'] = $_POST['lw_ops']['website_hash'];
-            $updated_lw_options['billboard_base'] = $_POST['lw_ops']['billboard_base'];
-            $updated_lw_options['lw_linksize'] = $_POST['lw_ops']['lw_linksize'];
+            $updated_lw_options['lw_linktype'] = sanitize_text_field($_POST['lw_ops']['lw_linktype']);
+            $updated_lw_options['lw_linkcolor'] = sanitize_text_field($_POST['lw_ops']['lw_linkcolor']);
+            $updated_lw_options['website_id'] = sanitize_text_field($_POST['lw_ops']['website_id']);
+            $updated_lw_options['website_hash'] = sanitize_text_field($_POST['lw_ops']['website_hash']);
+            $updated_lw_options['billboard_base'] = sanitize_text_field($_POST['lw_ops']['billboard_base']);
+            $updated_lw_options['lw_linksize'] = sanitize_text_field($_POST['lw_ops']['lw_linksize']);
 
             if( isset( $_POST['lw_ops']['site_id'] ) && isset( $_POST['lw_ops']['site_hash'] ) )
             {
-                $updated_lw_options['site_id'] = $_POST['lw_ops']['site_id'];
-                $updated_lw_options['site_hash'] = $_POST['lw_ops']['site_hash'];
+                $updated_lw_options['site_id'] = sanitize_text_field($_POST['lw_ops']['site_id']);
+                $updated_lw_options['site_hash'] = sanitize_text_field($_POST['lw_ops']['site_hash']);
             }
         }
@@ -284 +284 @@
                     <td style="color:#333333; font-weight:bold; background-color:#EAF2FA;"> What is THIS website's SITE ID?</td>
                     <td colspan="2">
-                        <input type="text" name="lw_ops[website_id]" size="10" id="website_id" value="<?php if(defined('LW_WEBSITE_ID')) { echo LW_WEBSITE_ID; } ?>"<?php echo $disabled_option ?> />
+                        <input type="text" name="lw_ops[website_id]" size="10" id="website_id" value="<?php if(defined('LW_WEBSITE_ID')) { echo LW_WEBSITE_ID; } ?>"<?php echo esc_attr($disabled_option) ?> />
                     </td>
                 </tr>
@@ -290 +290 @@
                     <td style="color:#333333; font-weight:bold; background-color:#EAF2FA;"> What is THIS website's HASH ID?</td>
                     <td colspan="2">
-                        <input type="text" name="lw_ops[website_hash]" size="35" id="website_hash" value="<?php if(defined('LW_HASH')) { echo LW_HASH; } ?>"<?php echo $disabled_option ?> />
+                        <input type="text" name="lw_ops[website_hash]" size="35" id="website_hash" value="<?php if(defined('LW_HASH')) { echo LW_HASH; } ?>"<?php echo esc_attr($disabled_option) ?> />
                     </td>
                 </tr>
@@ -362 +362 @@
                         <select name="lw_ops[lw_linkcolor]" style="width:100px;">
                             <option value="">Select One</option>
-                            <option value="1"<?php echo $lw_color_array_selected[1] ?>>AquaMarine</option>
-                            <option value="2"<?php echo $lw_color_array_selected[2] ?>>Forest</option>
-                            <option value="3"<?php echo $lw_color_array_selected[3] ?>>Winter</option>
-                            <option value="4"<?php echo $lw_color_array_selected[4] ?>>Summer</option>
-                            <option value="5"<?php echo $lw_color_array_selected[5] ?>>Fruity</option>
-                            <option value="6"<?php echo $lw_color_array_selected[6] ?>>Baby</option>
-                            <option value="7"<?php echo $lw_color_array_selected[7] ?>>Highway</option>
+                            <option value="1"<?php echo esc_attr($lw_color_array_selected[1]) ?>>AquaMarine</option>
+                            <option value="2"<?php echo esc_attr($lw_color_array_selected[2]) ?>>Forest</option>
+                            <option value="3"<?php echo esc_attr($lw_color_array_selected[3]) ?>>Winter</option>
+                            <option value="4"<?php echo esc_attr($lw_color_array_selected[4]) ?>>Summer</option>
+                            <option value="5"<?php echo esc_attr($lw_color_array_selected[5]) ?>>Fruity</option>
+                            <option value="6"<?php echo esc_attr($lw_color_array_selected[6]) ?>>Baby</option>
+                            <option value="7"<?php echo esc_attr($lw_color_array_selected[7]) ?>>Highway</option>
                         </select>
                     </td>
@@ -383 +383 @@
                 <tr>
                     <td colspan='2'>
-                        <a href="#" style="color:<?php echo $test_color[0];?>; font-size:<?php echo $lw_linksize.$lw_linkscale;?>;">Link 1</a> &nbsp; &nbsp; &nbsp;
-                        <a href="#" style="color:<?php echo $test_color[1];?>; font-size:<?php echo $lw_linksize.$lw_linkscale;?>;">Another Link</a> &nbsp; &nbsp; &nbsp;
-                        <a href="#" style="color:<?php echo $test_color[2];?>; font-size:<?php echo $lw_linksize.$lw_linkscale;?>;">Anchor 4</a> &nbsp; &nbsp; &nbsp;
+                        <a href="#" style="color:<?php echo esc_attr($test_color[0]);?>; font-size:<?php echo esc_attr($lw_linksize.$lw_linkscale);?>;">Link 1</a> &nbsp; &nbsp; &nbsp;
+                        <a href="#" style="color:<?php echo esc_attr($test_color[1]);?>; font-size:<?php echo esc_attr($lw_linksize.$lw_linkscale);?>;">Another Link</a> &nbsp; &nbsp; &nbsp;
+                        <a href="#" style="color:<?php echo esc_attr($test_color[2]);?>; font-size:<?php echo esc_attr($lw_linksize.$lw_linkscale);?>;">Anchor 4</a> &nbsp; &nbsp; &nbsp;
                         <br />
-                        <a href="#" style="color:<?php echo $test_color[3];?>; font-size:<?php echo $lw_linksize.$lw_linkscale;?>;">A Link</a> &nbsp; &nbsp; &nbsp;
-                        <a href="#" style="color:<?php echo $test_color[4];?>; font-size:<?php echo $lw_linksize.$lw_linkscale;?>;">Click me</a> &nbsp; &nbsp; &nbsp;
-                        <a href="#" style="color:<?php echo $test_color[5];?>; font-size:<?php echo $lw_linksize.$lw_linkscale;?>;">Another Anchor</a> &nbsp; &nbsp; &nbsp;
+                        <a href="#" style="color:<?php echo esc_attr($test_color[3]);?>; font-size:<?php echo esc_attr($lw_linksize.$lw_linkscale);?>;">A Link</a> &nbsp; &nbsp; &nbsp;
+                        <a href="#" style="color:<?php echo esc_attr($test_color[4]);?>; font-size:<?php echo esc_attr($lw_linksize.$lw_linkscale);?>;">Click me</a> &nbsp; &nbsp; &nbsp;
+                        <a href="#" style="color:<?php echo esc_attr($test_color[5]);?>; font-size:<?php echo esc_attr($lw_linksize.$lw_linkscale);?>;">Another Anchor</a> &nbsp; &nbsp; &nbsp;
                     </td>
                 </tr>
@@ -426 +426 @@
         <p style="display:inline-block; margin-top:0;"><small><em>(Overview of published adverts.)</em></small></p>
         <p>Information listed here has been generated based on the lists of approved ads in your LinkWorth account on our servers.</p>
-        
+
         <table cellspacing="0" cellpadding="0" class="widefat">
             <thead>
@@ -474 +474 @@
 ?>
             <tr>
-                <td><a href="<?php echo $protocol.$ad['url']?>"><?php echo $ad['anchor']?></a></td>
-                <td><?php echo $lw_humanloc ?></td>
-                <td><?php echo ((!is_array($ad['description']) || !empty($ad['description'])) ? $ad['description'] : '');?></td>
+                <td><a href="<?php echo esc_url($protocol.$ad['url'])?>"><?php echo esc_html($ad['anchor'])?></a></td>
+                <td><?php echo esc_html($lw_humanloc) ?></td>
+                <td><?php echo ((!is_array($ad['description']) || !empty($ad['description'])) ? esc_html($ad['description']) : '');?></td>
             </tr>
 <?php
@@ -514 +514 @@
 ?>
             <tr>
-                <td><a href="<?php echo $ad['url'] ?>"><?php echo $ad['anchor'] ?></a></td>
-                <td><?php echo $lw_humanloc ?></td>
-                <td><?php echo $ad['pagename'] ?> <?php echo $ad['description'] ?></td>
+                <td><a href="<?php echo esc_url($ad['url']) ?>"><?php echo esc_html($ad['anchor']) ?></a></td>
+                <td><?php echo esc_html($lw_humanloc) ?></td>
+                <td><?php echo esc_html($ad['pagename']) ?> <?php echo esc_html($ad['description']) ?></td>
             </tr>
 <?php
@@ -553 +553 @@
 ?>
             <tr>
-                <td style="vertical-align:top;"><a href="<?php echo $protocol.$example_ad['url'] ?>" title="<?php echo $example_ad['description'] ?>"><?php echo $example_ad['anchor'] ?></a></td>
-                <td style="vertical-align:top;"><?php echo $lw_humanloc ?></td>
+                <td style="vertical-align:top;"><a href="<?php echo esc_url($protocol.$example_ad['url']) ?>" title="<?php echo esc_attr($example_ad['description']) ?>"><?php echo esc_html($example_ad['anchor']) ?></a></td>
+                <td style="vertical-align:top;"><?php echo esc_html($lw_humanloc) ?></td>
                 <td>
 <?php
@@ -564 +564 @@
                         $protocol = ($hyperlink['use_https'])? 'https://' : 'http://';
 ?>
-                    <a href="<?php echo $protocol.$hyperlink['url'] ?>" title="<?php echo $hyperlink['description'] ?>"><?php echo $hyperlink['anchor'] ?></a><?php echo (($current_count < $hyperlink_count) ? ' ,' : '')?>
+                    <a href="<?php echo esc_url($protocol.$hyperlink['url']) ?>" title="<?php echo esc_attr($hyperlink['description']) ?>"><?php echo esc_html($hyperlink['anchor']) ?></a><?php echo (($current_count < $hyperlink_count) ? ' ,' : '')?>
 <?php
                         $current_count++;
@@ -596 +596 @@
 ?>
             <tr>
-                <td><a href="<?php echo $protocol.$ad['url'] ?>"><?php echo $ad['anchor'] ?></a></td>
-                <td><?php echo $ad['webpageurl'] ?></td>
+                <td><a href="<?php echo esc_url($protocol.$ad['url']) ?>"><?php echo esc_html($ad['anchor']) ?></a></td>
+                <td><?php echo esc_html($ad['webpageurl']) ?></td>
                 <td></td>
             </tr>
@@ -618 +618 @@
                 </tr>
             </table>
+            <?php wp_nonce_field( 'update_general_settings_action', 'update_general_settings_field' ); ?>
             </form>
         </fieldset>
@@ -663 +664 @@
         <div id="message" class="updated fade">
             <p style="font-weight:bold;">
-                Your theme has <?php echo $loop_count ?> loop. 
+                Your theme has <?php echo $loop_count ?> loop.
                 If you do not have a static page as your home page, your theme could be using more then one instance of 'The Loop.'
                 The number of loops could be higher then <?php echo $loop_count ?>.
@@ -693 +694 @@
             <h2>LinkWorth Advanced Configuration</h2>
 
-            <form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
+            <form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, 'UTF-8') ?>">
             <table cellspacing="0" cellpadding="0" class="widefat" style="width:auto;">
                 <thead>
@@ -723 +724 @@
 ?>
                         <select name="lw_ops[lw_linkscale]">
-                            <option value="px"<?php echo $lw_size_array_selected['px'] ?>>Pixels</option>
-                            <option value="pt"<?php echo $lw_size_array_selected['pt'] ?>>Points</option>
-                            <option value="em"<?php echo $lw_size_array_selected['em'] ?>>Ems</option>
+                            <option value="px"<?php echo esc_attr($lw_size_array_selected['px']) ?>>Pixels</option>
+                            <option value="pt"<?php echo esc_attr($lw_size_array_selected['pt']) ?>>Points</option>
+                            <option value="em"<?php echo esc_attr($lw_size_array_selected['em']) ?>>Ems</option>
                         </select>
                     </td>
@@ -770 +771 @@
 
             <input type="hidden" name="updating_advanced_options" value="1" />
+            <?php wp_nonce_field( 'update_advanced_options_action', 'update_advanced_options_field' ); ?>
             </form>
         </fieldset>

linkworth-wp-plugin/trunk/readme.txt

@@ -4 +4 @@
 Tags: ads, sidebar, post, content, ad, text links, links
 Requires at least: 2.3
-Tested up to: 5.9
-Stable tag: 3.3
+Tested up to: 6.0
+Stable tag: 3.3.3
 
 Easily publish different types of text link products and in-content ads from linkworth.com.