Changeset 2991088

Timestamp:

11/07/2023 05:57:05 PM (2 years ago)

Author:

datafeedr.com

Message:

Update to version 1.2.0 from GitHub

Location:

ads-by-datafeedrcom

Files:

• assets/screenshot-1.jpg (modified) (1 prop) (previous)
• assets/screenshot-2.jpg (modified) (1 prop) (previous)
• assets/screenshot-3.jpg (modified) (1 prop) (previous)
• assets/screenshot-4.jpg (modified) (1 prop) (previous)
• assets/screenshot-5.jpg (modified) (1 prop) (previous)
• assets/screenshot-6.jpg (modified) (1 prop) (previous)
• assets/screenshot-7.jpg (modified) (1 prop) (previous)
• assets/screenshot-8.jpg (modified) (1 prop) (previous)
• tags/1.2.0 (copied) (copied from ads-by-datafeedrcom/trunk)
• tags/1.2.0/dfads.php (modified) (3 diffs)
• tags/1.2.0/inc/dfads.class.php (modified) (5 diffs)
• tags/1.2.0/inc/functions.php (added)
• tags/1.2.0/lib/metabox (deleted)
• tags/1.2.0/readme.txt (modified) (3 diffs)
• trunk/dfads.php (modified) (3 diffs)
• trunk/inc/dfads.class.php (modified) (5 diffs)
• trunk/inc/functions.php (added)
• trunk/lib/metabox (deleted)
• trunk/readme.txt (modified) (3 diffs)

ads-by-datafeedrcom/tags/1.2.0/dfads.php

@@ -4 +4 @@
 Plugin URI: https://www.datafeedr.com/
 Description: Randomly display any type of advertisement anywhere on your site.  Add rotating banner ads, Google Adsense, videos, text links and more to your sidebar, widget areas, posts and pages.
-Version: 1.1.3
-Tested up to: 5.7
+Version: 1.2.0
+Tested up to: 6.3.3-alpha
 Author: datafeedr.com
 Author URI: https://www.datafeedr.com/
 
-Copyright 2021 Ads by datafeedr.com
+Copyright 2023 Ads by datafeedr.com
 
 This program is free software; you can redistribute it and/or modify
@@ -30 +30 @@
 define( 'DFADS_CONTEXT', 'dfads' );
 define( 'DFADS_DOCS_URL', 'http://www.datafeedr.com/dfads/' );
-define( 'DFADS_VERSION', '1.1.3' );
+define( 'DFADS_VERSION', '1.2.0' );
 
 /**
  * Require necessary files.
  */
+require_once( DFADS_PLUGIN_PATH . 'inc/functions.php' );
 require_once( DFADS_PLUGIN_PATH . 'inc/cpt.class.php' );
 require_once( DFADS_PLUGIN_PATH . 'inc/dfads.class.php' );
@@ -66 +67 @@
  */
 function dfads_ajax_load_ads(){
-    echo dfads( $_REQUEST );
+
+    $request = $_REQUEST;
+
+    $user_signature = trim( $request['signature'] ?? '' );
+
+    if ( empty( $user_signature ) ) {
+        die( 'Missing signature' );
+    }
+
+    unset( $request['signature'] );
+
+    $allowed_params = array_keys( DFADS::get_default_params() );
+
+    foreach ( $request as $k => $v ) {
+
+        // These are added here: DFADS::get_javascript();
+        if ( in_array( $k, [ '_block_id', 'action' ] ) ) {
+            continue;
+        }
+
+        // Remove any other keys provided that aren't allowed.
+        if ( ! in_array( $k, $allowed_params, true ) ) {
+            unset( $request[ $k ] );
+        }
+    }
+
+    $known_signature = dfads_hash_hmac( serialize( $request ) );
+
+    if ( ! hash_equals( $known_signature, $user_signature ) ) {
+        die( 'Invalid signature' );
+    }
+
+    echo dfads( $request );
     die;
 }
+
 add_action('wp_ajax_nopriv_dfads_ajax_load_ads', 'dfads_ajax_load_ads');
 add_action('wp_ajax_dfads_ajax_load_ads', 'dfads_ajax_load_ads');

ads-by-datafeedrcom/tags/1.2.0/inc/dfads.class.php

@@ -30 +30 @@
         $this->update_impression_count( $ads );
         
-        // Return user's own callback function.
-        if ( function_exists( $this->args['callback_function'] ) ) {
+        // Return user's own callback function if exists and is allowed.
+        if ( function_exists( $this->args['callback_function'] ) && in_array( $this->args['callback_function'], dfads_allowed_callback_functions(), true ) ) {
             return call_user_func_array($this->args['callback_function'], array( $ads, $this->args ));
         }
@@ -65 +65 @@
         }
 
-        $defaults = array (
-            'groups'            => '-1',
-            'limit'             => '-1',
-            'orderby'           => 'random',
-            'order'             => 'ASC',
-            'container_id'      => '',
-            'container_html'    => 'div',
-            'container_class'   => '',
-            'ad_html'           => 'div',
-            'ad_class'          => '',
-            'callback_function' => '',
-            'return_javascript' => '',
-        );
+        $defaults = $this->get_default_params();
                 
         $this->args = wp_parse_args( $new_args, $defaults );
@@ -277 +265 @@
         $args['_block_id'] = $id;
         $args['container_html'] = 'none'; // Set to 'none' so we don't display the container HTML twice.
+        $args['action']            = 'dfads_ajax_load_ads';
+
+        // Sign the request.
+        $signature         = dfads_hash_hmac( serialize( $args ) );
+        $args['signature'] = $signature;
         
         return '
@@ -282 +275 @@
         <script>
         (function($) { 
-            $("#'.$id .'").load("'.admin_url( 'admin-ajax.php?action=dfads_ajax_load_ads&'.http_build_query( $args ) ).'" );            
+            $("#' . $id . '").load("' . admin_url( 'admin-ajax.php?' . http_build_query( $args ) ) . '" );          
         })( jQuery );
         </script>
         <noscript>'.dfads( http_build_query( $args )  ).'</noscript>
         ';
-        
     }
     
@@ -361 +353 @@
         return $randomString;
     }
+
+    public static function get_default_params() {
+        return array(
+            'groups'            => '-1',
+            'limit'             => '-1',
+            'orderby'           => 'random',
+            'order'             => 'ASC',
+            'container_id'      => '',
+            'container_html'    => 'div',
+            'container_class'   => '',
+            'ad_html'           => 'div',
+            'ad_class'          => '',
+            'callback_function' => '',
+            'return_javascript' => '',
+        );
+    }
 }

ads-by-datafeedrcom/tags/1.2.0/readme.txt

@@ -4 +4 @@
 Tags: ads, random ads, rotating ads, datafeedr, advertisements, advertising, banner ads, banners, adsense, google adsense
 Requires at least: 3.5
-Tested up to: 5.7
-Stable tag: 1.1.3
+Tested up to: 6.3.3-alpha
+Stable tag: 1.2.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -16 +16 @@
 
 You have full control over how many ads get displayed as well as their sort order.
+
+**Important**
+
+As of version 1.2.0, all custom callback functions (ie. `callback_function`) need to be returned by the `dfads_allowed_callback_functions()` function. To do this, add your allowed custom callback functions like this:
+
+```
+add_filter( 'dfads_allowed_callback_functions', function ( array $functions ) {
+    $functions[] = 'my_first_custom_callback_function';
+    $functions[] = 'my_second_custom_callback_function';
+
+    return $functions;
+} );
+```
 
 [youtube http://www.youtube.com/watch?v=tPL8ND0nh4o]
@@ -100 +113 @@
 == Changelog ==
 
+= 1.2.0 - 2023/11/07 =
+* Added signed requests for ad blocks rendered via Javascript.
+
 = 1.1.3 - 2020/03/08 =
 * Updated jQuery for upgrade.

ads-by-datafeedrcom/trunk/dfads.php

@@ -4 +4 @@
 Plugin URI: https://www.datafeedr.com/
 Description: Randomly display any type of advertisement anywhere on your site.  Add rotating banner ads, Google Adsense, videos, text links and more to your sidebar, widget areas, posts and pages.
-Version: 1.1.3
-Tested up to: 5.7
+Version: 1.2.0
+Tested up to: 6.3.3-alpha
 Author: datafeedr.com
 Author URI: https://www.datafeedr.com/
 
-Copyright 2021 Ads by datafeedr.com
+Copyright 2023 Ads by datafeedr.com
 
 This program is free software; you can redistribute it and/or modify
@@ -30 +30 @@
 define( 'DFADS_CONTEXT', 'dfads' );
 define( 'DFADS_DOCS_URL', 'http://www.datafeedr.com/dfads/' );
-define( 'DFADS_VERSION', '1.1.3' );
+define( 'DFADS_VERSION', '1.2.0' );
 
 /**
  * Require necessary files.
  */
+require_once( DFADS_PLUGIN_PATH . 'inc/functions.php' );
 require_once( DFADS_PLUGIN_PATH . 'inc/cpt.class.php' );
 require_once( DFADS_PLUGIN_PATH . 'inc/dfads.class.php' );
@@ -66 +67 @@
  */
 function dfads_ajax_load_ads(){
-    echo dfads( $_REQUEST );
+
+    $request = $_REQUEST;
+
+    $user_signature = trim( $request['signature'] ?? '' );
+
+    if ( empty( $user_signature ) ) {
+        die( 'Missing signature' );
+    }
+
+    unset( $request['signature'] );
+
+    $allowed_params = array_keys( DFADS::get_default_params() );
+
+    foreach ( $request as $k => $v ) {
+
+        // These are added here: DFADS::get_javascript();
+        if ( in_array( $k, [ '_block_id', 'action' ] ) ) {
+            continue;
+        }
+
+        // Remove any other keys provided that aren't allowed.
+        if ( ! in_array( $k, $allowed_params, true ) ) {
+            unset( $request[ $k ] );
+        }
+    }
+
+    $known_signature = dfads_hash_hmac( serialize( $request ) );
+
+    if ( ! hash_equals( $known_signature, $user_signature ) ) {
+        die( 'Invalid signature' );
+    }
+
+    echo dfads( $request );
     die;
 }
+
 add_action('wp_ajax_nopriv_dfads_ajax_load_ads', 'dfads_ajax_load_ads');
 add_action('wp_ajax_dfads_ajax_load_ads', 'dfads_ajax_load_ads');

ads-by-datafeedrcom/trunk/inc/dfads.class.php

@@ -30 +30 @@
         $this->update_impression_count( $ads );
         
-        // Return user's own callback function.
-        if ( function_exists( $this->args['callback_function'] ) ) {
+        // Return user's own callback function if exists and is allowed.
+        if ( function_exists( $this->args['callback_function'] ) && in_array( $this->args['callback_function'], dfads_allowed_callback_functions(), true ) ) {
             return call_user_func_array($this->args['callback_function'], array( $ads, $this->args ));
         }
@@ -65 +65 @@
         }
 
-        $defaults = array (
-            'groups'            => '-1',
-            'limit'             => '-1',
-            'orderby'           => 'random',
-            'order'             => 'ASC',
-            'container_id'      => '',
-            'container_html'    => 'div',
-            'container_class'   => '',
-            'ad_html'           => 'div',
-            'ad_class'          => '',
-            'callback_function' => '',
-            'return_javascript' => '',
-        );
+        $defaults = $this->get_default_params();
                 
         $this->args = wp_parse_args( $new_args, $defaults );
@@ -277 +265 @@
         $args['_block_id'] = $id;
         $args['container_html'] = 'none'; // Set to 'none' so we don't display the container HTML twice.
+        $args['action']            = 'dfads_ajax_load_ads';
+
+        // Sign the request.
+        $signature         = dfads_hash_hmac( serialize( $args ) );
+        $args['signature'] = $signature;
         
         return '
@@ -282 +275 @@
         <script>
         (function($) { 
-            $("#'.$id .'").load("'.admin_url( 'admin-ajax.php?action=dfads_ajax_load_ads&'.http_build_query( $args ) ).'" );            
+            $("#' . $id . '").load("' . admin_url( 'admin-ajax.php?' . http_build_query( $args ) ) . '" );          
         })( jQuery );
         </script>
         <noscript>'.dfads( http_build_query( $args )  ).'</noscript>
         ';
-        
     }
     
@@ -361 +353 @@
         return $randomString;
     }
+
+    public static function get_default_params() {
+        return array(
+            'groups'            => '-1',
+            'limit'             => '-1',
+            'orderby'           => 'random',
+            'order'             => 'ASC',
+            'container_id'      => '',
+            'container_html'    => 'div',
+            'container_class'   => '',
+            'ad_html'           => 'div',
+            'ad_class'          => '',
+            'callback_function' => '',
+            'return_javascript' => '',
+        );
+    }
 }

ads-by-datafeedrcom/trunk/readme.txt

@@ -4 +4 @@
 Tags: ads, random ads, rotating ads, datafeedr, advertisements, advertising, banner ads, banners, adsense, google adsense
 Requires at least: 3.5
-Tested up to: 5.7
-Stable tag: 1.1.3
+Tested up to: 6.3.3-alpha
+Stable tag: 1.2.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -16 +16 @@
 
 You have full control over how many ads get displayed as well as their sort order.
+
+**Important**
+
+As of version 1.2.0, all custom callback functions (ie. `callback_function`) need to be returned by the `dfads_allowed_callback_functions()` function. To do this, add your allowed custom callback functions like this:
+
+```
+add_filter( 'dfads_allowed_callback_functions', function ( array $functions ) {
+    $functions[] = 'my_first_custom_callback_function';
+    $functions[] = 'my_second_custom_callback_function';
+
+    return $functions;
+} );
+```
 
 [youtube http://www.youtube.com/watch?v=tPL8ND0nh4o]
@@ -100 +113 @@
 == Changelog ==
 
+= 1.2.0 - 2023/11/07 =
+* Added signed requests for ad blocks rendered via Javascript.
+
 = 1.1.3 - 2020/03/08 =
 * Updated jQuery for upgrade.