Changeset 2871614

Timestamp:

02/27/2023 10:58:46 AM (3 years ago)

Author:

anthonyeden

Message:

Version 1.3.0

Location:

restful-syndication

Files:

• tags/1.3.0 (copied) (copied from restful-syndication/trunk)
• tags/1.3.0/index.php (copied) (copied from restful-syndication/trunk/index.php) (20 diffs)
• tags/1.3.0/readme.txt (copied) (copied from restful-syndication/trunk/readme.txt) (3 diffs)
• trunk/index.php (modified) (20 diffs)
• trunk/readme.txt (modified) (3 diffs)

restful-syndication/tags/1.3.0/index.php

@@ -4 +4 @@
 Plugin URI: https://mediarealm.com.au/
 Description: Import content from the Wordpress REST API on another Wordpress site
-Version: 1.2.1
+Version: 1.3.0
 Author: Media Realm
 Author URI: https://www.mediarealm.com.au/
@@ -74 +74 @@
             "options" => array()
         ),
+        "purge_media_days" => array(
+            "title" => "Auto Purge Media After X Days",
+            "type" => "text",
+            "default" => "",
+        ),
+        "purge_posts_days" => array(
+            "title" => "Auto Purge Posts After X Days",
+            "type" => "text",
+            "default" => "",
+        ),
         "remote_push_key" => array(
             "title" => "Remote Content Push - Secure Key",
@@ -84 +94 @@
         
     );
+
+    public $errors_logged = array();
 
     public function __construct() {
@@ -90 +102 @@
         add_action('restful-syndication_cron', array($this, 'syndicate'));
         add_filter('cron_schedules', array($this, 'cron_schedules'));
+
+        add_shortcode('restful_syndication_iframe', array($this, 'sc_iframe'));
 
         add_action('rest_api_init', function () {
@@ -106 +120 @@
         if(is_array($log) || is_object($log)) {
            error_log($this->errors_prefix . print_r($log, true));
+           $errors_logged[] = print_r($log, true);
         } else {
            error_log($this->errors_prefix . $log);
+           $errors_logged[] = $log;
         }
      }
@@ -177 +193 @@
         if($field['type'] == "text") {
             // Text fields
-            echo '<input type="text" name="restful-syndication_settings['.$args['field_key'].']" value="'.htmlspecialchars($value, ENT_QUOTES).'" />';
+            echo '<input type="text" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="'.esc_attr($value).'" />';
         }  elseif($field['type'] == "textarea") {
             // Textarea fields
-            echo '<textarea name="restful-syndication_settings['.$args['field_key'].']">'.htmlspecialchars($value, ENT_QUOTES).'</textarea>';
+            echo '<textarea name="restful-syndication_settings['.esc_attr($args['field_key']).']">'.esc_html($value).'</textarea>';
         } elseif($field['type'] == "password") {
             // Password fields
-            echo '<input type="password" name="restful-syndication_settings['.$args['field_key'].']" value="'.htmlspecialchars($value, ENT_QUOTES).'" />';
+            echo '<input type="password" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="'.esc_attr($value).'" />';
         } elseif($field['type'] == "select") {
             // Select / drop-down fields
             echo '<select name="restful-syndication_settings['.$args['field_key'].']">';
             foreach($field['options'] as $selectValue => $name) {
-                echo '<option value="'.$selectValue.'" '.($value == $selectValue ? "selected" : "").'>'.$name.'</option>';
+                echo '<option value="'.esc_attr($selectValue).'" '.($value == $selectValue ? "selected" : "").'>'.esc_html($name).'</option>';
             }
             echo '</select>';
         } elseif($field['type'] == "checkbox") {
             // Checkbox fields
-            echo '<input type="checkbox" name="restful-syndication_settings['.$args['field_key'].']" value="true" '.("true" == $value ? "checked" : "").' />';
+            echo '<input type="checkbox" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="true" '.("true" == $value ? "checked" : "").' />';
         } elseif($field['type'] == "readonly") {
             // Readonly field
-            echo '<input type="text" name="restful-syndication_settings['.$args['field_key'].']" value="'.htmlspecialchars($value, ENT_QUOTES).'" readonly />';
+            echo '<input type="text" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="'.esc_attr($value).'" readonly />';
         }
     }
@@ -212 +228 @@
         // Display a history of successful syndication runs
         $runs = get_option($this->settings_prefix . 'history', array());
+        $runs_delete = get_option($this->settings_prefix . 'history_delete', array());
+        $runs_delete_media = get_option($this->settings_prefix . 'history_delete_media', array());
         $last_attempt = get_option($this->settings_prefix . 'last_attempt', 0);
         krsort($runs);
+        krsort($runs_delete);
+        krsort($runs_delete_media);
 
         echo '<h2>Syndication History</h2>';
@@ -230 +250 @@
             echo '<li>No posts have ever been ingested by this plugin</li>';
         }
+        $runCount = 0;
+        foreach($runs_delete as $time => $count) {
+            echo '<li>'.date("Y-m-d H:i:s", $time).': '.$count.' '.($count == 1 ? "post" : "posts").' deleted</li>';
+            $runCount++;
+
+            if($runCount > 10)
+                break;
+        }
+        $runCount = 0;
+        foreach($runs_delete_media as $time => $count) {
+            echo '<li>'.date("Y-m-d H:i:s", $time).': '.$count.' media files deleted</li>';
+            $runCount++;
+
+            if($runCount > 10)
+                break;
+        }
         echo '</ul>';
 
@@ -236 +272 @@
         echo "<p>This plugin uses WP-Cron to automatically ingest posts every 15 minutes. If you're impatient, you can do it now using the button below.</p>";
         if(isset($_GET['ingestnow']) && $_GET['ingestnow'] == "true") {
+
+            // Verify nonce
+            check_admin_referer('restful_syndication_ingest');
+
             echo "<p><strong>Attempting syndication now...</strong></p>";
             $this->syndicate();
             echo '<p><strong>Syndication complete!</strong></p>';
         } else {
-            echo '<p class="submit"><a href="?page='.$_GET['page'].'&ingestnow=true" class="button button-primary">Ingest Posts Now</a></p>';
+            echo '<p class="submit"><a href="'.wp_nonce_url('?page='.$_GET['page'].'&ingestnow=true', 'restful_syndication_ingest').'" class="button button-primary">Ingest Posts Now</a></p>';
         }
         
@@ -270 +310 @@
 
         if(is_wp_error($response)) {
-            $this->log("HTTP request failed when calling WP REST API.");
+            $this->log("HTTP request failed when calling WP REST API. " . $response->get_error_message());
             return;
         }
@@ -296 +336 @@
 
         $count = 0;
-
+        $count_delete = 0;
+        $count_delete_media = 0;
+
+        // Loop over every post and create a post entry
         foreach($posts as $post) {
-            // Loop over every post and create a post entry
             $this->syndicate_one($post);
             $count++;
-
+        }
+
+        // Delete media older than a certain date
+        if(is_numeric($options['purge_media_days']) && $options['purge_media_days'] > 7) {
+            $count_delete_media += count($this->clean_media($options['purge_media_days'], 'post'));
+        }
+
+        // Delete posts older than a certain date
+        if(is_numeric($options['purge_posts_days']) && $options['purge_posts_days'] > 7) {
+            $count_delete += count($this->clean_posts($options['purge_posts_days'], 'post'));
         }
 
@@ -308 +359 @@
             $runs[time()] = $count;
             update_option($this->settings_prefix . 'history', $runs);
+        }
+
+        if($count_delete > 0) {
+            $runs = get_option($this->settings_prefix . 'history_delete', array());
+            $runs[time()] = $count_delete;
+            update_option($this->settings_prefix . 'history_delete', $runs);
+        }
+
+        if($count_delete_media > 0) {
+            $runs = get_option($this->settings_prefix . 'history_delete_media', array());
+            $runs[time()] = $count_delete_media;
+            update_option($this->settings_prefix . 'history_delete_media', $runs);
         }
 
@@ -332 +395 @@
         }
 
-        // Download any embedded images found in the HTML
+        // Check for empty fields and fail early
+        if(!isset($post['guid']['rendered']) || empty($post['guid']['rendered'])) {
+            $this->log("Post GUID is empty - skipping.");
+            return;
+        }
+
+        $post['title']['rendered'] = trim($post['title']['rendered']);
+
+        if(empty($post['title']['rendered'])) {
+            $this->log("Post title is empty - skipping. " . $post['guid']['rendered']);
+            return;
+        }
+
+        if(!isset($post['content']['rendered']) || empty($post['content']['rendered'])) {
+            $this->log("Post body is empty - skipping. " . $post['guid']['rendered']);
+            return;
+        }
+
+        // Strip some problematic conditional tags from the HTML
+        $html = $post['content']['rendered'];
+        $html = str_replace("<!--[if lt IE 9]>", "", $html);
+        $html = str_replace("<![endif]-->", "", $html);
+
+        // Parse the HTML
         $dom = new domDocument;
-        $dom->loadHTML('<?xml encoding="utf-8" ?>' . $post['content']['rendered'], LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD);
-
+        $dom->loadHTML('<?xml encoding="utf-8" ?>' . $html, LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD);
+
+        // Find and download any embedded images found in the HTML
         $images = $dom->getElementsByTagName('img');
         $images_to_attach = array();
@@ -375 +462 @@
             $url = $audio_source->item(0)->getAttribute('src');
 
+            if(empty($url)) {
+                continue;
+            }
+
             // There is a bug in Wordpress causing audio URLs with URL Parameters to fail to load the player
             // See https://core.trac.wordpress.org/ticket/30377
-            // As a workaround, we strip URL parameters
+            // As a partial workaround, we strip URL parameters
             if(strpos($url, "?") !== false) {
                 $url = substr($url, 0, strpos($url, "?"));
@@ -383 +474 @@
 
             // Create a new paragraph, and insert the audio shortcode
-            $audio_shortcode = $dom->createElement('p');
-            $audio_shortcode->nodeValue = '[audio src="'.$url.'"]';
-
-            // Replace the original <audio> tag with this new <p>[audio]</p> arrangement
+            $audio_shortcode = $dom->createElement('div');
+            $audio_shortcode->setAttribute('class', 'audio-filter');
+            $audio_shortcode->nodeValue = '[audio src="'.esc_url($url).'"]';
+
+            // Replace the original <audio> tag with this new <div class="audio-filter">[audio]</div> arrangement
             $audio->parentNode->replaceChild($audio_shortcode, $audio);
         }
@@ -396 +488 @@
 
             // Skip non-youtube divs
-            if(!$youtube->hasAttribute('class') || strpos($youtube->getAttribute('class'), 'embed_youtube') === false)
+            if(!$youtube->hasAttribute('class') || (strpos($youtube->getAttribute('class'), 'embed_youtube') === false && strpos($youtube->getAttribute('class'), 'video-filter') === false))
                 continue;
 
@@ -409 +501 @@
 
                 // Create a new paragraph, and insert the audio shortcode
-                $embed_shortcode = $dom->createElement('p');
-                $embed_shortcode->nodeValue = '[embed]'.$url_new.'[/embed]';
-
-                // Replace the original <div class="embed_youtube"> tag with this new <p>[embed]url[/embed]</p> arrangement
+                $embed_shortcode = $dom->createElement('div');
+                $embed_shortcode->setAttribute('class', 'video-filter');
+                $embed_shortcode->nodeValue = '[embed]'.esc_url($url_new).'[/embed]';
+
+                // Replace the original <div class="embed_youtube"> tag with this new <div>[embed]url[/embed]</div> arrangement
                 $youtube->parentNode->replaceChild($embed_shortcode, $youtube);
             }
+        }
+
+        // Find Instagram embeds, and turn them into [restful_syndication_iframe] shortcodes
+        $instagrams = $dom->getElementsByTagName('blockquote');
+
+        foreach($instagrams as $instagram) {
+
+            // Skip non-youtube blockquotes
+            if(!$instagram->hasAttribute('data-instgrm-permalink'))
+                continue;
+
+            // Get the original Instagram URL
+            $url = $instagram->getAttribute('data-instgrm-permalink');
+
+            // Skip empty URLs
+            if(empty($url)) {
+                continue;
+            }
+
+            // Add /embed to URL
+            $url_parsed = parse_url($url);
+            if($url_parsed === false) {
+                continue;
+            }
+            $url = $url_parsed['scheme'] . "://" . $url_parsed['host'] . str_replace("//", "/", $url_parsed['path'] . "/embed") . "?" . $url_parsed['query'];
+
+            // Get width and height
+            $width = '100%';
+            $height = '650';
+
+            // Create a new paragraph, and insert the iframe shortcode
+            $embed_shortcode = $dom->createElement('p');
+            $embed_shortcode->nodeValue = '[restful_syndication_iframe src="'.esc_url($url).'" width="'.esc_attr($width).'" height="'.esc_attr($height).'"]';
+
+            // Replace the original <iframe> tag with this new <p>[restful_syndication_iframe src="url"]</p> arrangement
+            $instagram->parentNode->replaceChild($embed_shortcode, $instagram);
+        }
+
+        // Find iFrames, and turn them into [restful_syndication_iframe] shortcodes
+        $iframes = $dom->getElementsByTagName('iframe');
+
+        foreach($iframes as $iframeKey => $iframe) {
+
+            // Skip iframes without src field
+            if(!$iframe->hasAttribute('src')) {
+                continue;
+            }
+
+            // Get the original iFrame src URL
+            $url = $iframe->getAttribute('src');
+
+            // Skip empty URLs
+            if(empty($url)) {
+                continue;
+            }
+
+            // Get width and height
+            $width = '100%';
+            $height = '300';
+            if($iframe->hasAttribute('height')) {
+                $height = $iframe->getAttribute('height');
+            }
+
+            // Create a new paragraph, and insert the iframe shortcode
+            $embed_shortcode = $dom->createElement('p');
+            $embed_shortcode->nodeValue = '[restful_syndication_iframe src="'.esc_url($url).'" width="'.esc_attr($width).'" height="'.esc_attr($height).'"]';
+
+            // Replace the original <iframe> tag with this new <p>[restful_syndication_iframe src="url"]</p> arrangement
+            $iframe->parentNode->replaceChild($embed_shortcode, $iframe);
         }
 
@@ -609 +771 @@
 
         if(empty($payload) || $payload == null) {
-            return array("error_msg" => 'Failed to fetch post data from API');
+            return array("error_msg" => 'Failed to fetch post data from API', "errors" => $errors_logged);
         }
 
@@ -623 +785 @@
 
         return array("post_id" => $post_id);
+    }
+
+    private function clean_media($days, $post_type) {
+        // Deletes media after a certain age
+
+        if(!is_numeric($days)) {
+            return;
+        }
+
+        $days = absint($days);
+
+        if($days < 7) {
+            return;
+        }
+
+        // Find posts
+        $post_ids = $this->posts_older_than($days, $post_type);
+
+        $return = array();
+        
+        // Loop over posts and find featured images attached to these posts
+        foreach($post_ids as $post_id) {
+            $image_id = get_post_thumbnail_id($post_id);
+
+            if($image_id === false || $image_id === 0) {
+                continue;
+            }
+
+            // Send the attachment to the trash
+            $delete_image = wp_delete_attachment($image_id, false);
+
+            if($delete_image !== false && $delete_image !== null) {
+                $return[] = $image_id;
+            }
+        }
+
+        return $return;
+    }
+
+    private function clean_posts($days, $post_type) {
+        // Deletes posts after a certain age
+
+        if(!is_numeric($days)) {
+            return;
+        }
+
+        $days = absint($days);
+
+        if($days < 7) {
+            return;
+        }
+
+        // Find posts
+        $post_ids = $this->posts_older_than($days, $post_type);
+
+        $return = array();
+
+        // Loop over posts
+        foreach($post_ids as $post_id) {
+            // Delete featured image first
+            $image_id = get_post_thumbnail_id($post_id);
+
+            if($image_id !== false) {
+                // Send the attachment to the trash
+                $delete_image = wp_delete_attachment($image_id, false);
+
+                if($delete_image !== false) {
+                    $return[] = $image_id;
+                }
+            }
+
+            // Now delete the post itself
+            $delete_post = wp_trash_post($post_id);
+            if($delete_post !== false) {
+                $return[] = $post_id;
+            }
+        }
+
+        return $return;
+    }
+
+    private function posts_older_than($days, $post_type) {
+        // Returns a list of Posts older than a certain age
+
+        if(!is_numeric($days)) {
+            return array();
+        }
+
+        $days = absint($days);
+
+        $options = get_option($this->settings_prefix . 'settings');
+        $domain = parse_url($options['site_url'], PHP_URL_HOST);
+        $domain_1 = 'https://' . $domain;
+        $domain_2 = 'http://' . $domain;
+
+        if($domain_1 == 'https://' || $domain_2 == 'http://') {
+            return array();
+        }
+
+        $posts = new WP_Query(array(
+            'post_type' => $post_type,
+            'orderby'   => 'post_date_gmt',
+            'order' => 'ASC',
+            'meta_query' => array(
+                'relation' => 'OR',
+                'meta_value_1' => array(
+                      'key' => '_'.$this->settings_prefix.'source_guid',
+                      'value' => $domain_1,
+                      'compare' => 'LIKE',
+                ),
+                'meta_value_2' => array(
+                    'key' => '_'.$this->settings_prefix.'source_guid',
+                    'value' => $domain_2,
+                    'compare' => 'LIKE',
+              )
+            ),
+            'date_query' => array(
+                array(
+                    'column' => 'post_date_gmt',
+                    'before' => $days . ' days ago',
+                ),
+            ),
+            'fields' => 'ids',
+            'posts_per_page' => -1,
+        ));
+
+        return $posts->posts;
     }
 
@@ -728 +1017 @@
     }
 
+    public function sc_iframe($atts) {
+        // This iFrame can only be used on posts imported by this plugin
+        // It is a security mechanism instead of just allowing iFrame's for all users accross the site
+        // We assume the source site is at least semi-trusted (trusted enough to embed an iframe at least)
+
+        $a = shortcode_atts(array(
+            "src" => "",
+            "width" => "100%",
+            "height" => "200",
+        ), $atts);
+
+        global $post;
+        if(!isset($post)) {
+            return '';
+        }
+
+        $source_guid = get_post_meta($post->ID, '_'.$this->settings_prefix.'source_guid', true);
+
+        if(empty($source_guid)) {
+            return '';
+        }
+
+        return '<iframe src="'.esc_url($a['src']).'" width="'.esc_attr($a['width']).'" height="'.esc_attr($a['height']).'" border="0"></iframe>';
+    }
+
     private function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-=+`~') {
         // From https://stackoverflow.com/a/31284266/2888733

restful-syndication/tags/1.3.0/readme.txt

@@ -20 +20 @@
 == Installation ==
 
-1. Upload the plugin files to the `/wp-content/plugins/restful-syndication` directory, or install the plugin through the WordPress plugins screen directly.
+1. Install this plugin through the WordPress plugins screen.
 2. Activate the plugin through the 'Plugins' screen in WordPress
-3. Use the Settings->RESTful Syndication screen to configure the plugin
+3. Use the Settings -> RESTful Syndication screen to configure the plugin
  a. Set the 'Master Site URL' to the base URL of the site to pull the content from (e.g. https://example.com/)
- b. Username and Password are not required by default (but may be required by the person running the Master Site)
+ b. Username and Password are not required by default (but may be required by the person running the Master Site). You can use the WordPress Applicaton Password feature for authentication.
  c. Set the other options as desired
  d. Save your settings
@@ -47 +47 @@
 = Something isn't working. What do I do? =
 
-Find the PHP Error log for your website/web-server. Any errors from this plugin should be prefixed with 'RESTful Syndication ERROR'.
+Find the PHP Error Log for your website/web-server. Any errors from this plugin should be prefixed with 'RESTful Syndication ERROR'.
 
 = Do you provide support? =
@@ -58 +58 @@
 
 == Changelog ==
+
+= 1.3.0 =
+
+* Add new options to purge media & posts older than a certain number of days
+* Additional compatibility for YouTube and Audio embeds
+* Allow iFrames to be syndicated
+* Translate Instagram embeds into iFrames
+* Bugfix for Audio embeds
+* Catch errors causing empty posts to be syndicated
+* Security hardening on the admin screen
+* Additional logging details
 
 = 1.2.1 =

restful-syndication/trunk/index.php

@@ -4 +4 @@
 Plugin URI: https://mediarealm.com.au/
 Description: Import content from the Wordpress REST API on another Wordpress site
-Version: 1.2.1
+Version: 1.3.0
 Author: Media Realm
 Author URI: https://www.mediarealm.com.au/
@@ -74 +74 @@
             "options" => array()
         ),
+        "purge_media_days" => array(
+            "title" => "Auto Purge Media After X Days",
+            "type" => "text",
+            "default" => "",
+        ),
+        "purge_posts_days" => array(
+            "title" => "Auto Purge Posts After X Days",
+            "type" => "text",
+            "default" => "",
+        ),
         "remote_push_key" => array(
             "title" => "Remote Content Push - Secure Key",
@@ -84 +94 @@
         
     );
+
+    public $errors_logged = array();
 
     public function __construct() {
@@ -90 +102 @@
         add_action('restful-syndication_cron', array($this, 'syndicate'));
         add_filter('cron_schedules', array($this, 'cron_schedules'));
+
+        add_shortcode('restful_syndication_iframe', array($this, 'sc_iframe'));
 
         add_action('rest_api_init', function () {
@@ -106 +120 @@
         if(is_array($log) || is_object($log)) {
            error_log($this->errors_prefix . print_r($log, true));
+           $errors_logged[] = print_r($log, true);
         } else {
            error_log($this->errors_prefix . $log);
+           $errors_logged[] = $log;
         }
      }
@@ -177 +193 @@
         if($field['type'] == "text") {
             // Text fields
-            echo '<input type="text" name="restful-syndication_settings['.$args['field_key'].']" value="'.htmlspecialchars($value, ENT_QUOTES).'" />';
+            echo '<input type="text" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="'.esc_attr($value).'" />';
         }  elseif($field['type'] == "textarea") {
             // Textarea fields
-            echo '<textarea name="restful-syndication_settings['.$args['field_key'].']">'.htmlspecialchars($value, ENT_QUOTES).'</textarea>';
+            echo '<textarea name="restful-syndication_settings['.esc_attr($args['field_key']).']">'.esc_html($value).'</textarea>';
         } elseif($field['type'] == "password") {
             // Password fields
-            echo '<input type="password" name="restful-syndication_settings['.$args['field_key'].']" value="'.htmlspecialchars($value, ENT_QUOTES).'" />';
+            echo '<input type="password" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="'.esc_attr($value).'" />';
         } elseif($field['type'] == "select") {
             // Select / drop-down fields
             echo '<select name="restful-syndication_settings['.$args['field_key'].']">';
             foreach($field['options'] as $selectValue => $name) {
-                echo '<option value="'.$selectValue.'" '.($value == $selectValue ? "selected" : "").'>'.$name.'</option>';
+                echo '<option value="'.esc_attr($selectValue).'" '.($value == $selectValue ? "selected" : "").'>'.esc_html($name).'</option>';
             }
             echo '</select>';
         } elseif($field['type'] == "checkbox") {
             // Checkbox fields
-            echo '<input type="checkbox" name="restful-syndication_settings['.$args['field_key'].']" value="true" '.("true" == $value ? "checked" : "").' />';
+            echo '<input type="checkbox" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="true" '.("true" == $value ? "checked" : "").' />';
         } elseif($field['type'] == "readonly") {
             // Readonly field
-            echo '<input type="text" name="restful-syndication_settings['.$args['field_key'].']" value="'.htmlspecialchars($value, ENT_QUOTES).'" readonly />';
+            echo '<input type="text" name="restful-syndication_settings['.esc_attr($args['field_key']).']" value="'.esc_attr($value).'" readonly />';
         }
     }
@@ -212 +228 @@
         // Display a history of successful syndication runs
         $runs = get_option($this->settings_prefix . 'history', array());
+        $runs_delete = get_option($this->settings_prefix . 'history_delete', array());
+        $runs_delete_media = get_option($this->settings_prefix . 'history_delete_media', array());
         $last_attempt = get_option($this->settings_prefix . 'last_attempt', 0);
         krsort($runs);
+        krsort($runs_delete);
+        krsort($runs_delete_media);
 
         echo '<h2>Syndication History</h2>';
@@ -230 +250 @@
             echo '<li>No posts have ever been ingested by this plugin</li>';
         }
+        $runCount = 0;
+        foreach($runs_delete as $time => $count) {
+            echo '<li>'.date("Y-m-d H:i:s", $time).': '.$count.' '.($count == 1 ? "post" : "posts").' deleted</li>';
+            $runCount++;
+
+            if($runCount > 10)
+                break;
+        }
+        $runCount = 0;
+        foreach($runs_delete_media as $time => $count) {
+            echo '<li>'.date("Y-m-d H:i:s", $time).': '.$count.' media files deleted</li>';
+            $runCount++;
+
+            if($runCount > 10)
+                break;
+        }
         echo '</ul>';
 
@@ -236 +272 @@
         echo "<p>This plugin uses WP-Cron to automatically ingest posts every 15 minutes. If you're impatient, you can do it now using the button below.</p>";
         if(isset($_GET['ingestnow']) && $_GET['ingestnow'] == "true") {
+
+            // Verify nonce
+            check_admin_referer('restful_syndication_ingest');
+
             echo "<p><strong>Attempting syndication now...</strong></p>";
             $this->syndicate();
             echo '<p><strong>Syndication complete!</strong></p>';
         } else {
-            echo '<p class="submit"><a href="?page='.$_GET['page'].'&ingestnow=true" class="button button-primary">Ingest Posts Now</a></p>';
+            echo '<p class="submit"><a href="'.wp_nonce_url('?page='.$_GET['page'].'&ingestnow=true', 'restful_syndication_ingest').'" class="button button-primary">Ingest Posts Now</a></p>';
         }
         
@@ -270 +310 @@
 
         if(is_wp_error($response)) {
-            $this->log("HTTP request failed when calling WP REST API.");
+            $this->log("HTTP request failed when calling WP REST API. " . $response->get_error_message());
             return;
         }
@@ -296 +336 @@
 
         $count = 0;
-
+        $count_delete = 0;
+        $count_delete_media = 0;
+
+        // Loop over every post and create a post entry
         foreach($posts as $post) {
-            // Loop over every post and create a post entry
             $this->syndicate_one($post);
             $count++;
-
+        }
+
+        // Delete media older than a certain date
+        if(is_numeric($options['purge_media_days']) && $options['purge_media_days'] > 7) {
+            $count_delete_media += count($this->clean_media($options['purge_media_days'], 'post'));
+        }
+
+        // Delete posts older than a certain date
+        if(is_numeric($options['purge_posts_days']) && $options['purge_posts_days'] > 7) {
+            $count_delete += count($this->clean_posts($options['purge_posts_days'], 'post'));
         }
 
@@ -308 +359 @@
             $runs[time()] = $count;
             update_option($this->settings_prefix . 'history', $runs);
+        }
+
+        if($count_delete > 0) {
+            $runs = get_option($this->settings_prefix . 'history_delete', array());
+            $runs[time()] = $count_delete;
+            update_option($this->settings_prefix . 'history_delete', $runs);
+        }
+
+        if($count_delete_media > 0) {
+            $runs = get_option($this->settings_prefix . 'history_delete_media', array());
+            $runs[time()] = $count_delete_media;
+            update_option($this->settings_prefix . 'history_delete_media', $runs);
         }
 
@@ -332 +395 @@
         }
 
-        // Download any embedded images found in the HTML
+        // Check for empty fields and fail early
+        if(!isset($post['guid']['rendered']) || empty($post['guid']['rendered'])) {
+            $this->log("Post GUID is empty - skipping.");
+            return;
+        }
+
+        $post['title']['rendered'] = trim($post['title']['rendered']);
+
+        if(empty($post['title']['rendered'])) {
+            $this->log("Post title is empty - skipping. " . $post['guid']['rendered']);
+            return;
+        }
+
+        if(!isset($post['content']['rendered']) || empty($post['content']['rendered'])) {
+            $this->log("Post body is empty - skipping. " . $post['guid']['rendered']);
+            return;
+        }
+
+        // Strip some problematic conditional tags from the HTML
+        $html = $post['content']['rendered'];
+        $html = str_replace("<!--[if lt IE 9]>", "", $html);
+        $html = str_replace("<![endif]-->", "", $html);
+
+        // Parse the HTML
         $dom = new domDocument;
-        $dom->loadHTML('<?xml encoding="utf-8" ?>' . $post['content']['rendered'], LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD);
-
+        $dom->loadHTML('<?xml encoding="utf-8" ?>' . $html, LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD);
+
+        // Find and download any embedded images found in the HTML
         $images = $dom->getElementsByTagName('img');
         $images_to_attach = array();
@@ -375 +462 @@
             $url = $audio_source->item(0)->getAttribute('src');
 
+            if(empty($url)) {
+                continue;
+            }
+
             // There is a bug in Wordpress causing audio URLs with URL Parameters to fail to load the player
             // See https://core.trac.wordpress.org/ticket/30377
-            // As a workaround, we strip URL parameters
+            // As a partial workaround, we strip URL parameters
             if(strpos($url, "?") !== false) {
                 $url = substr($url, 0, strpos($url, "?"));
@@ -383 +474 @@
 
             // Create a new paragraph, and insert the audio shortcode
-            $audio_shortcode = $dom->createElement('p');
-            $audio_shortcode->nodeValue = '[audio src="'.$url.'"]';
-
-            // Replace the original <audio> tag with this new <p>[audio]</p> arrangement
+            $audio_shortcode = $dom->createElement('div');
+            $audio_shortcode->setAttribute('class', 'audio-filter');
+            $audio_shortcode->nodeValue = '[audio src="'.esc_url($url).'"]';
+
+            // Replace the original <audio> tag with this new <div class="audio-filter">[audio]</div> arrangement
             $audio->parentNode->replaceChild($audio_shortcode, $audio);
         }
@@ -396 +488 @@
 
             // Skip non-youtube divs
-            if(!$youtube->hasAttribute('class') || strpos($youtube->getAttribute('class'), 'embed_youtube') === false)
+            if(!$youtube->hasAttribute('class') || (strpos($youtube->getAttribute('class'), 'embed_youtube') === false && strpos($youtube->getAttribute('class'), 'video-filter') === false))
                 continue;
 
@@ -409 +501 @@
 
                 // Create a new paragraph, and insert the audio shortcode
-                $embed_shortcode = $dom->createElement('p');
-                $embed_shortcode->nodeValue = '[embed]'.$url_new.'[/embed]';
-
-                // Replace the original <div class="embed_youtube"> tag with this new <p>[embed]url[/embed]</p> arrangement
+                $embed_shortcode = $dom->createElement('div');
+                $embed_shortcode->setAttribute('class', 'video-filter');
+                $embed_shortcode->nodeValue = '[embed]'.esc_url($url_new).'[/embed]';
+
+                // Replace the original <div class="embed_youtube"> tag with this new <div>[embed]url[/embed]</div> arrangement
                 $youtube->parentNode->replaceChild($embed_shortcode, $youtube);
             }
+        }
+
+        // Find Instagram embeds, and turn them into [restful_syndication_iframe] shortcodes
+        $instagrams = $dom->getElementsByTagName('blockquote');
+
+        foreach($instagrams as $instagram) {
+
+            // Skip non-youtube blockquotes
+            if(!$instagram->hasAttribute('data-instgrm-permalink'))
+                continue;
+
+            // Get the original Instagram URL
+            $url = $instagram->getAttribute('data-instgrm-permalink');
+
+            // Skip empty URLs
+            if(empty($url)) {
+                continue;
+            }
+
+            // Add /embed to URL
+            $url_parsed = parse_url($url);
+            if($url_parsed === false) {
+                continue;
+            }
+            $url = $url_parsed['scheme'] . "://" . $url_parsed['host'] . str_replace("//", "/", $url_parsed['path'] . "/embed") . "?" . $url_parsed['query'];
+
+            // Get width and height
+            $width = '100%';
+            $height = '650';
+
+            // Create a new paragraph, and insert the iframe shortcode
+            $embed_shortcode = $dom->createElement('p');
+            $embed_shortcode->nodeValue = '[restful_syndication_iframe src="'.esc_url($url).'" width="'.esc_attr($width).'" height="'.esc_attr($height).'"]';
+
+            // Replace the original <iframe> tag with this new <p>[restful_syndication_iframe src="url"]</p> arrangement
+            $instagram->parentNode->replaceChild($embed_shortcode, $instagram);
+        }
+
+        // Find iFrames, and turn them into [restful_syndication_iframe] shortcodes
+        $iframes = $dom->getElementsByTagName('iframe');
+
+        foreach($iframes as $iframeKey => $iframe) {
+
+            // Skip iframes without src field
+            if(!$iframe->hasAttribute('src')) {
+                continue;
+            }
+
+            // Get the original iFrame src URL
+            $url = $iframe->getAttribute('src');
+
+            // Skip empty URLs
+            if(empty($url)) {
+                continue;
+            }
+
+            // Get width and height
+            $width = '100%';
+            $height = '300';
+            if($iframe->hasAttribute('height')) {
+                $height = $iframe->getAttribute('height');
+            }
+
+            // Create a new paragraph, and insert the iframe shortcode
+            $embed_shortcode = $dom->createElement('p');
+            $embed_shortcode->nodeValue = '[restful_syndication_iframe src="'.esc_url($url).'" width="'.esc_attr($width).'" height="'.esc_attr($height).'"]';
+
+            // Replace the original <iframe> tag with this new <p>[restful_syndication_iframe src="url"]</p> arrangement
+            $iframe->parentNode->replaceChild($embed_shortcode, $iframe);
         }
 
@@ -609 +771 @@
 
         if(empty($payload) || $payload == null) {
-            return array("error_msg" => 'Failed to fetch post data from API');
+            return array("error_msg" => 'Failed to fetch post data from API', "errors" => $errors_logged);
         }
 
@@ -623 +785 @@
 
         return array("post_id" => $post_id);
+    }
+
+    private function clean_media($days, $post_type) {
+        // Deletes media after a certain age
+
+        if(!is_numeric($days)) {
+            return;
+        }
+
+        $days = absint($days);
+
+        if($days < 7) {
+            return;
+        }
+
+        // Find posts
+        $post_ids = $this->posts_older_than($days, $post_type);
+
+        $return = array();
+        
+        // Loop over posts and find featured images attached to these posts
+        foreach($post_ids as $post_id) {
+            $image_id = get_post_thumbnail_id($post_id);
+
+            if($image_id === false || $image_id === 0) {
+                continue;
+            }
+
+            // Send the attachment to the trash
+            $delete_image = wp_delete_attachment($image_id, false);
+
+            if($delete_image !== false && $delete_image !== null) {
+                $return[] = $image_id;
+            }
+        }
+
+        return $return;
+    }
+
+    private function clean_posts($days, $post_type) {
+        // Deletes posts after a certain age
+
+        if(!is_numeric($days)) {
+            return;
+        }
+
+        $days = absint($days);
+
+        if($days < 7) {
+            return;
+        }
+
+        // Find posts
+        $post_ids = $this->posts_older_than($days, $post_type);
+
+        $return = array();
+
+        // Loop over posts
+        foreach($post_ids as $post_id) {
+            // Delete featured image first
+            $image_id = get_post_thumbnail_id($post_id);
+
+            if($image_id !== false) {
+                // Send the attachment to the trash
+                $delete_image = wp_delete_attachment($image_id, false);
+
+                if($delete_image !== false) {
+                    $return[] = $image_id;
+                }
+            }
+
+            // Now delete the post itself
+            $delete_post = wp_trash_post($post_id);
+            if($delete_post !== false) {
+                $return[] = $post_id;
+            }
+        }
+
+        return $return;
+    }
+
+    private function posts_older_than($days, $post_type) {
+        // Returns a list of Posts older than a certain age
+
+        if(!is_numeric($days)) {
+            return array();
+        }
+
+        $days = absint($days);
+
+        $options = get_option($this->settings_prefix . 'settings');
+        $domain = parse_url($options['site_url'], PHP_URL_HOST);
+        $domain_1 = 'https://' . $domain;
+        $domain_2 = 'http://' . $domain;
+
+        if($domain_1 == 'https://' || $domain_2 == 'http://') {
+            return array();
+        }
+
+        $posts = new WP_Query(array(
+            'post_type' => $post_type,
+            'orderby'   => 'post_date_gmt',
+            'order' => 'ASC',
+            'meta_query' => array(
+                'relation' => 'OR',
+                'meta_value_1' => array(
+                      'key' => '_'.$this->settings_prefix.'source_guid',
+                      'value' => $domain_1,
+                      'compare' => 'LIKE',
+                ),
+                'meta_value_2' => array(
+                    'key' => '_'.$this->settings_prefix.'source_guid',
+                    'value' => $domain_2,
+                    'compare' => 'LIKE',
+              )
+            ),
+            'date_query' => array(
+                array(
+                    'column' => 'post_date_gmt',
+                    'before' => $days . ' days ago',
+                ),
+            ),
+            'fields' => 'ids',
+            'posts_per_page' => -1,
+        ));
+
+        return $posts->posts;
     }
 
@@ -728 +1017 @@
     }
 
+    public function sc_iframe($atts) {
+        // This iFrame can only be used on posts imported by this plugin
+        // It is a security mechanism instead of just allowing iFrame's for all users accross the site
+        // We assume the source site is at least semi-trusted (trusted enough to embed an iframe at least)
+
+        $a = shortcode_atts(array(
+            "src" => "",
+            "width" => "100%",
+            "height" => "200",
+        ), $atts);
+
+        global $post;
+        if(!isset($post)) {
+            return '';
+        }
+
+        $source_guid = get_post_meta($post->ID, '_'.$this->settings_prefix.'source_guid', true);
+
+        if(empty($source_guid)) {
+            return '';
+        }
+
+        return '<iframe src="'.esc_url($a['src']).'" width="'.esc_attr($a['width']).'" height="'.esc_attr($a['height']).'" border="0"></iframe>';
+    }
+
     private function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-=+`~') {
         // From https://stackoverflow.com/a/31284266/2888733

restful-syndication/trunk/readme.txt

@@ -20 +20 @@
 == Installation ==
 
-1. Upload the plugin files to the `/wp-content/plugins/restful-syndication` directory, or install the plugin through the WordPress plugins screen directly.
+1. Install this plugin through the WordPress plugins screen.
 2. Activate the plugin through the 'Plugins' screen in WordPress
-3. Use the Settings->RESTful Syndication screen to configure the plugin
+3. Use the Settings -> RESTful Syndication screen to configure the plugin
  a. Set the 'Master Site URL' to the base URL of the site to pull the content from (e.g. https://example.com/)
- b. Username and Password are not required by default (but may be required by the person running the Master Site)
+ b. Username and Password are not required by default (but may be required by the person running the Master Site). You can use the WordPress Applicaton Password feature for authentication.
  c. Set the other options as desired
  d. Save your settings
@@ -47 +47 @@
 = Something isn't working. What do I do? =
 
-Find the PHP Error log for your website/web-server. Any errors from this plugin should be prefixed with 'RESTful Syndication ERROR'.
+Find the PHP Error Log for your website/web-server. Any errors from this plugin should be prefixed with 'RESTful Syndication ERROR'.
 
 = Do you provide support? =
@@ -58 +58 @@
 
 == Changelog ==
+
+= 1.3.0 =
+
+* Add new options to purge media & posts older than a certain number of days
+* Additional compatibility for YouTube and Audio embeds
+* Allow iFrames to be syndicated
+* Translate Instagram embeds into iFrames
+* Bugfix for Audio embeds
+* Catch errors causing empty posts to be syndicated
+* Security hardening on the admin screen
+* Additional logging details
 
 = 1.2.1 =