WordPress.org
Get WordPress

Plugin Directory

Changeset 3047140


Ignore:
Timestamp:
03/07/2024 01:32:33 PM (2 years ago)
Author:
tagembed
Message:

Fixed Ajax Call Request Nonce.

Location:
tagembed-widget
Files:
301 added
12 edited

Legend:

Unmodified
Added
Removed

  • tagembed-widget/trunk/assets/js/account/tagembed.account.script.js

    r2833563 r3047140  
    6565        formData = new FormData(formData);
    6666        formData.append('action', 'data');
     67        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    6768        formData.append('__tagembed__ajax_action', '__tagembed__register');
    6869        fetch(__tagembed__ajax_url, {
     
    126127        formData = new FormData(formData);
    127128        formData.append('action', 'data');
     129        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    128130        formData.append('__tagembed__ajax_action', '__tagembed__login');
    129131        fetch(__tagembed__ajax_url, {

  • tagembed-widget/trunk/assets/js/customize/tagembed.customize.script.js

    r2979045 r3047140  
    2626    formData.append('action', 'data');
    2727    formData.append('widgetId', widgetId);
     28    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    2829    formData.append('__tagembed__ajax_action', '__tagembed__get_customization_option');
    2930    __tagembed__open_loader();
     
    285286    formData.append('action', 'data');
    286287    formData.append('widgetId', widgetId);
     288    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    287289    formData.append('__tagembed__ajax_action', '__tagembed__update_' + __tagembed__optionType + '_customization_option');
    288290    __tagembed__open_loader();

  • tagembed-widget/trunk/assets/js/feed/tagembed.feed.create.script.js

    r3040127 r3047140  
    5151            formData.append('filterId', __tagembed__feed_data.filterId);
    5252            formData.append('filterName', __tagembed__feed_data.filterName);
     53            formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    5354            formData.append('__tagembed__ajax_action', '__tagembed__create_feed');
    5455            fetch(__tagembed__ajax_url, {

  • tagembed-widget/trunk/assets/js/feed/tagembed.feed.script.js

    r3040127 r3047140  
    196196        formData.append('action', 'data');
    197197        formData.append('connectedAccountsId', __tagembed__connected_accountsId);
     198        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    198199        formData.append('__tagembed__ajax_action', '__tagembed__get_facebook_page_albums');
    199200        fetch(__tagembed__ajax_url, {
     
    276277            formData.append('action', 'data');
    277278            formData.append('facebookPageData', __tagembed__facebook_search_page);
     279            formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    278280            formData.append('__tagembed__ajax_action', '__tagembed__search_facebook_page');
    279281            fetch(__tagembed__ajax_url, {method: 'POST', headers: {'x-requested-with': 'XMLHttpRequest'}, body: formData,
     
    354356        formData.append('action', 'data');
    355357        formData.append('googleLocationName', __tagembed__google_location);
     358        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    356359        formData.append('__tagembed__ajax_action', '__tagembed__search_google_location');
    357360        fetch(__tagembed__ajax_url, {
     
    516519        formData.append('action', 'data');
    517520        formData.append('youtubeChannelData', __tagembed__youtube_channel_data);
     521        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    518522        formData.append('__tagembed__ajax_action', '__tagembed__search_youtube_channel');
    519523        fetch(__tagembed__ajax_url, {
     
    581585    let formData = new FormData();
    582586    formData.append('action', 'data');
     587    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    583588    formData.append('__tagembed__ajax_action', '__tagembed__get_youtube_playlist');
    584589    formData.append('youtubeId', youtubeId);
     
    802807        formData.append('connectedAccountsId', __tagembed__get_connected_accountsId);
    803808        formData.append('__tagembed__ajax_action', '__tagembed__get_slack_channel_list');
     809        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    804810        fetch(__tagembed__ajax_url, {method: 'POST', headers: {'x-requested-with': 'XMLHttpRequest'}, body: formData,
    805811        }).then(response => {
     
    955961        formData.append('action', 'data');
    956962        formData.append('vkCommunitiesName', __tagembed__vk_communities);
     963        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    957964        formData.append('__tagembed__ajax_action', '__tagembed__search_vk_communities');
    958965        fetch(__tagembed__ajax_url, {
     
    11321139    formData.append('status', __tagembed__feed_status);
    11331140    formData.append('action', 'data');
     1141    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    11341142    formData.append('__tagembed__ajax_action', '__tagembed__update_feed_status');
    11351143    __tagembed__open_loader();
     
    11801188        formData.append('widgetId', __tagembed__widget_id);
    11811189        formData.append('action', 'data');
     1190        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    11821191        formData.append('__tagembed__ajax_action', '__tagembed__delete_feed');
    11831192        __tagembed__open_loader();
     
    12241233    let formData = new FormData();
    12251234    formData.append('action', 'data');
     1235    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    12261236    formData.append('__tagembed__ajax_action', '__tagembed__get_feed');
    12271237    formData.append('widgetId', __tagembed__widgetId);

  • tagembed-widget/trunk/assets/js/lazyload.js

    r2833563 r3047140  
    1 /*!
    2  * Lazy Load - JavaScript plugin for lazy loading images
    3  *
    4  * Copyright (c) 2007-2019 Mika Tuupola
    5  *
    6  * Licensed under the MIT license:
    7  *   http://www.opensource.org/licenses/mit-license.php
    8  *
    9  * Project home:
    10  *   https://appelsiini.net/projects/lazyload
    11  *
    12  * Version: 2.0.0-rc.2
    13  *
    14  */
    15 
    161(function (root, factory) {
    172    if (typeof exports === "object") {
     
    227        root.LazyLoad = factory(root);
    238    }
    24 }) (typeof global !== "undefined" ? global : this.window || this.global, function (root) {
    25 
     9})(typeof global !== "undefined" ? global : this.window || this.global, function (root) {
    2610    "use strict";
    27 
    28     if (typeof define === "function" && define.amd){
     11    if (typeof define === "function" && define.amd) {
    2912        root = window;
    3013    }
    31 
    3214    const defaults = {
    3315        src: "data-src",
     
    3820        threshold: 0
    3921    };
    40 
    41     /**
    42     * Merge two or more objects. Returns a new object.
    43     * @private
    44     * @param {Boolean}  deep     If true, do a deep (or recursive) merge [optional]
    45     * @param {Object}   objects  The objects to merge together
    46     * @returns {Object}          Merged values of defaults and options
    47     */
    48     const extend = function ()  {
     22    const extend = function () {
    4923
    5024        let extended = {};
     
    5226        let i = 0;
    5327        let length = arguments.length;
    54 
    55         /* Check if a deep merge */
    5628        if (Object.prototype.toString.call(arguments[0]) === "[object Boolean]") {
    5729            deep = arguments[0];
    5830            i++;
    5931        }
    60 
    61         /* Merge the object into the extended object */
    6232        let merge = function (obj) {
    6333            for (let prop in obj) {
     
    7242            }
    7343        };
    74 
    75         /* Loop through each object and conduct a merge */
    7644        for (; i < length; i++) {
    7745            let obj = arguments[i];
    7846            merge(obj);
    7947        }
    80 
    8148        return extended;
    8249    };
    83 
    8450    function LazyLoad(images, options) {
    8551        this.settings = extend(defaults, options || {});
     
    8854        this.init();
    8955    }
    90 
    9156    LazyLoad.prototype = {
    92         init: function() {
    93 
    94             /* Without observers load everything and bail out early. */
     57        init: function () {
    9558            if (!root.IntersectionObserver) {
    9659                this.loadImages();
    9760                return;
    9861            }
    99 
    10062            let self = this;
    10163            let observerConfig = {
     
    10466                threshold: [this.settings.threshold]
    10567            };
    106 
    107             this.observer = new IntersectionObserver(function(entries) {
     68            this.observer = new IntersectionObserver(function (entries) {
    10869                Array.prototype.forEach.call(entries, function (entry) {
    10970                    if (entry.isIntersecting) {
     
    12485                });
    12586            }, observerConfig);
    126 
    12787            Array.prototype.forEach.call(this.images, function (image) {
    12888                self.observer.observe(image);
    12989            });
    13090        },
    131 
    13291        loadAndDestroy: function () {
    133             if (!this.settings) { return; }
     92            if (!this.settings) {
     93                return;
     94            }
    13495            this.loadImages();
    13596            this.destroy();
    13697        },
    137 
    13898        loadImages: function () {
    139             if (!this.settings) { return; }
    140 
     99            if (!this.settings) {
     100                return;
     101            }
    141102            let self = this;
    142103            Array.prototype.forEach.call(this.images, function (image) {
     
    155116            });
    156117        },
    157 
    158118        destroy: function () {
    159             if (!this.settings) { return; }
     119            if (!this.settings) {
     120                return;
     121            }
    160122            this.observer.disconnect();
    161123            this.settings = null;
    162124        }
    163125    };
    164 
    165     root.lazyload = function(images, options) {
     126    root.lazyload = function (images, options) {
    166127        return new LazyLoad(images, options);
    167128    };
    168 
    169129    if (root.jQuery) {
    170130        const $ = root.jQuery;
     
    176136        };
    177137    }
    178 
    179138    return LazyLoad;
    180139});

  • tagembed-widget/trunk/assets/js/network/tagembed.networks.script.js

    r2886376 r3047140  
    99    let formData = new FormData();
    1010    formData.append('action', 'data');
     11    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    1112    formData.append('__tagembed__ajax_action', '__tagembed__source_networks');
    1213    __tagembed__open_loader();
     
    5556        formData.append('networkId', networkId);
    5657        formData.append('action', 'data');
     58        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    5759        formData.append('__tagembed__ajax_action', '__tagembed__get_network_filter');
    5860        fetch(__tagembed__ajax_url, {

  • tagembed-widget/trunk/assets/js/tagembed.common.js

    r2979045 r3047140  
    3131    let formData = new FormData();
    3232    formData.append('action', 'data');
     33    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    3334    formData.append('__tagembed__ajax_action', '__tagembed__plugin_version');
    3435    fetch(__tagembed__ajax_url, {
     
    146147            let formData = new FormData();
    147148            formData.append('action', 'data');
     149            formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    148150            formData.append('__tagembed__ajax_action', '__tagembed__logout');
    149151            __tagembed__open_loader();
     
    183185    formData.append('action', 'data');
    184186    formData.append('menueId', __tagembed__menu_id);
     187    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    185188    formData.append('__tagembed__ajax_action', '__tagembed__menue');
    186189    fetch(__tagembed__ajax_url, {
     
    214217    formData.append('networkId', __tagembed__network_id);
    215218    formData.append('action', 'data');
     219    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    216220    formData.append('__tagembed__ajax_action', '__tagembed__get_already_exist_auth');
    217221    fetch(__tagembed__ajax_url, {
     
    258262    let formData = new FormData();
    259263    formData.append('action', 'data');
     264    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    260265    formData.append('__tagembed__ajax_action', '__tagembed__manage_active_widget');
    261266    formData.append('widgetId', __tagembed__widgetId);
     
    307312                let __tagembed__toast = new TagembedToast;
    308313                formData.append('action', 'data');
     314                formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    309315                formData.append('__tagembed__ajax_action', '__tagembed__create_widget');
    310316                fetch(__tagembed__ajax_url, {
     
    375381        let formData = new FormData();
    376382        formData.append('action', 'data');
     383        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    377384        formData.append('__tagembed__ajax_action', '__tagembed__add_or_update_account');
    378385        formData.append('type', __tagembed__type);

  • tagembed-widget/trunk/assets/js/theme/tagembed.theme.script.js

    r2979045 r3047140  
    1212    formData.append('action', 'data');
    1313    formData.append('widgetId', widgetId);
     14    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    1415    formData.append('__tagembed__ajax_action', '__tagembed__get_themes');
    1516    __tagembed__open_loader();
     
    6970    formData.append('widgetId', __tagembed__widget_id);
    7071    formData.append('themeId', __tagembed__theme_id);
     72    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    7173    formData.append('__tagembed__ajax_action', '__tagembed__edit_themes');
    7274    __tagembed__open_loader();

  • tagembed-widget/trunk/assets/js/upgrade/tagembed.upgrade.script.js

    r2979045 r3047140  
    6161    let formData = new FormData();
    6262    formData.append('action', 'data');
     63    formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    6364    formData.append('__tagembed__ajax_action', '__tagembed__get_account_details');
    6465    __tagembed__open_loader();
     
    207208        let formData = new FormData();
    208209        formData.append('action', 'data');
     210        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    209211        formData.append('__tagembed__ajax_action', '__tagembed__make_payment');
    210212        formData.append('planId', planId);
     
    241243        formData.append('planId', planId);
    242244        formData.append('action', 'data');
     245        formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    243246        formData.append('__tagembed__ajax_action', '__tagembed__cancel_subscription');
    244247        __tagembed__open_loader();

  • tagembed-widget/trunk/readme.txt

    r3040127 r3047140  
    77Tested up to: 6.4
    88Requires PHP: 5.6
    9 Stable tag: 4.7
     9Stable tag: 4.8
    1010License: GPLv2 or later
    1111License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    1919
    2020The Tagembed: Social Media Feed WordPress plugin also offers content moderation panel for filtering and moderating the content before embedding them live on the website. Users can analyze the performance of the social media feeds by getting proper insights. The platform has an ever-active back support team for assisting the users if they come across any glitch or hindrance while using the plugin.
     21
     22== New Updates v4.8 ==
     23**Fix Security Nounce**
    2124
    2225== New Updates v4.7 ==
     
    255258
    256259== Changelog ==
     260= 4.8 =
     261  * Fix Security Nounce
     262
    257263= 4.7 =
    258264  * New: Instagram Handle Feed - Now you can collect public Instagram Profile posts and then embed Instagram Handle Feed on website.
     
    497503
    498504== Upgrade Notice ==
     505= 4.8 =
     506  * Fix Security Nounce
     507
    499508= 4.7 =
    500509  * New: Instagram Handle Feed - Now you can collect public Instagram Profile posts and then embed Instagram Handle Feed on website.

  • tagembed-widget/trunk/tagembed.php

    r3040127 r3047140  
    44 * Plugin URI:        https://tagembed.com/
    55 * Description:       Display Facebook feed, Instagram feed, Twitter feed, YouTube Videos and more social feeds from 15+ social networks on any page, posts or widgets using shortcode. Beautifully clean, customizable, and responsive Social Media Feed Widget Plugin for WordPress.
    6  * Version:           4.7
     6 * Version:           4.8
    77 * Author:            Tagembed
    88 * Author URI:        https://tagembed.com/
     
    1111    die;
    1212/* --Start-- Create Constant */
    13 !defined('TAGEMBED_PLUGIN_VERSION') && define('TAGEMBED_PLUGIN_VERSION', '4.7');
     13!defined('TAGEMBED_PLUGIN_VERSION') && define('TAGEMBED_PLUGIN_VERSION', '4.8');
    1414!defined('TAGEMBED_PLUGIN_DIR_PATH') && define('TAGEMBED_PLUGIN_DIR_PATH', plugin_dir_path(__FILE__));
    1515!defined('TAGEMBED_PLUGIN_URL') && define('TAGEMBED_PLUGIN_URL', plugin_dir_url(__FILE__));
     
    9696    $data = __tagembed__sanitizeRequestData($_REQUEST);
    9797    $data = (object) $data;
     98
     99    /* --Start-- Manage Ajax call Request Security */
     100    $__tagembed__ajaxCallSecurityNones = isset($data->__tagembed__ajax_call_nones) ? sanitize_text_field($data->__tagembed__ajax_call_nones) : '';
     101    if (!wp_verify_nonce($__tagembed__ajaxCallSecurityNones, "__tagembed__ajax_call_security_nones"))
     102        return __tagembed__exitWithDanger();
     103    /* --End-- Manage Ajax call Request Security */
     104
    98105    /* --Start__ Sanetize All Input */
    99106    foreach ($data as $key => $value):

  • tagembed-widget/trunk/views/includes/headView.php

    r2979045 r3047140  
    11<script type="text/javascript">
     2    var __tagembed__ajax_call_nones = "<?php echo wp_create_nonce("__tagembed__ajax_call_security_nones"); ?>";
    23    var __tagembed__ajax_url = "<?php echo esc_html(admin_url('admin-ajax.php')); ?>";
    34    var __tagembed__plugin_server_url = "<?php echo esc_html(TAGEMBED_PLUGIN_SERVER_URL); ?>";
     
    4041            let formData = new FormData();
    4142            formData.append('action', 'data');
     43            formData.append('__tagembed__ajax_call_nones', __tagembed__ajax_call_nones);
    4244            formData.append('__tagembed__ajax_action', '__tagembed__check_user_token');
    4345            fetch(__tagembed__ajax_url, {
Note: See TracChangeset for help on using the changeset viewer.