Merge pull request #10 from oceanwp/dev-oe

Dev oe

changelog.txt

@@ -1,5 +1,12 @@
 == Changelog ==
 
+= 1.6.6 =
+- Fixed: Security issue - If $_REQUEST['_wpnonce'] is not set, it won't be checked.
+
+= 1.6.5 =
+- Fixed: Data saving error - about me widget.
+- Removed: All affiliate links has been removed.
+
 = 1.6.4 =
 - Fixed: Missing Dependencies script 'butterbean'
 - Fixed: Updated Mailchimp API

includes/panel/updater.php

@@ -1,7 +1,6 @@
 <?php
 /**
  * Allows plugins to use their own update API.
- * 
  */
 if (!class_exists('OceanWP_Plugin_Updater')) {
 
@@ -244,7 +243,9 @@ public function add_core_extensions_bundle_block() {
          * @return type
          */
         public function add_core_extensions_bundle_validation() {
-            if (!current_user_can('manage_options') ||(isset($_REQUEST['_wpnonce'])&& !wp_verify_nonce($_REQUEST['_wpnonce'], 'oceanwp_options-options')))
+            if (!current_user_can('manage_options') ||
+            ! isset($_REQUEST['_wpnonce']) ||
+            (isset($_REQUEST['_wpnonce'])&& !wp_verify_nonce($_REQUEST['_wpnonce'], 'oceanwp_options-options')))
                 return;
             static $validation;
 
@@ -561,7 +562,9 @@ public function oceanwp_add_settings_fields() {
          * @return  void
          */
         public function oceanwp_activate_license() {
-            if (!current_user_can('manage_options') || (isset($_REQUEST['_wpnonce'])&&!wp_verify_nonce($_REQUEST['_wpnonce'], 'oceanwp_options-options')))
+            if (!current_user_can('manage_options') ||
+            ! isset($_REQUEST['_wpnonce']) ||
+            (isset($_REQUEST['_wpnonce'])&&!wp_verify_nonce($_REQUEST['_wpnonce'], 'oceanwp_options-options')))
                 return;
 
             if (!isset($_POST['oceanwp_options']) || !isset($_POST['oceanwp_licensekey_activateall'])) {
@@ -634,7 +637,9 @@ public function oceanwp_activate_license() {
          * @return  void
          */
         public function oceanwp_deactivate_license() {
-            if (!current_user_can('manage_options') || (isset($_REQUEST['_wpnonce'])&&!wp_verify_nonce($_REQUEST['_wpnonce'], 'oceanwp_options-options')))
+            if (!current_user_can('manage_options') ||
+            ! isset($_REQUEST['_wpnonce']) ||
+            (isset($_REQUEST['_wpnonce'])&&!wp_verify_nonce($_REQUEST['_wpnonce'], 'oceanwp_options-options')))
                 return;
             if (!isset($_POST['oceanwp_options'])) {
                 return;
@@ -931,9 +936,11 @@ private function api_request($_action, $_data) {
          * @return  void
          */
         public function oceanwp_show_changelog() {
-            if (!current_user_can('manage_options') || (isset($_REQUEST['_wpnonce'])&&!wp_verify_nonce($_REQUEST['_wpnonce'], 'changelog_link_nonce')))
+            if (!current_user_can('manage_options') ||
+            ! isset($_REQUEST['_wpnonce']) ||
+            (isset($_REQUEST['_wpnonce'])&&!wp_verify_nonce($_REQUEST['_wpnonce'], 'changelog_link_nonce')))
                 return;
-            
+
             if (empty($_REQUEST['edd_sl_action']) || 'view_plugin_changelog' != $_REQUEST['edd_sl_action']) {
                 return;
             }

includes/widgets/about-me.php

@@ -127,8 +127,10 @@ public function print_scripts() {
 				( function( $ ){
 					$(document).ajaxSuccess(function(e, xhr, settings) {
 						var widget_id_base = 'ocean_about_me';
-						if ( settings.data.search( 'action=save-widget' ) != -1 && settings.data.search( 'id_base=' + widget_id_base) != -1 ) {
-							oceanwpSortServices();
+						if (typeof(settings.data) !== 'undefined' && typeof(settings.data.search) !== 'undefined') {
+							if ( settings.data.search( 'action=save-widget' ) !== 'undefined' && typeof(settings.data.search( 'id_base=' + widget_id_base)) !== 'undefined' ) {
+								oceanwpSortServices();
+							}
 						}
 					} );
 
@@ -426,4 +428,4 @@ public function form( $instance ) {
 
 	}
 }
-register_widget( 'Ocean_Extra_About_Me_Widget' );
+register_widget( 'Ocean_Extra_About_Me_Widget' );

includes/widgets/social.php

@@ -175,8 +175,10 @@ public function print_scripts() { ?>
 				( function( $ ){
 					$(document).ajaxSuccess(function(e, xhr, settings) {
 						var widget_id_base = 'ocean_social';
-						if ( settings.data.search( 'action=save-widget' ) != -1 && settings.data.search( 'id_base=' + widget_id_base) != -1 ) {
-							oceanwpSortServices();
+						if (typeof(settings.data) !== 'undefined' && typeof(settings.data.search) !== 'undefined') {
+							if ( settings.data.search( 'action=save-widget' ) !== 'undefined' && typeof(settings.data.search( 'id_base=' + widget_id_base)) !== 'undefined' ) {
+								oceanwpSortServices();
+							}
 						}
 					} );
 
@@ -580,4 +582,4 @@ public function colors( $args, $instance ) {
 
 	}
 }
-register_widget( 'Ocean_Extra_Social_Widget' );
+register_widget( 'Ocean_Extra_Social_Widget' );

ocean-extra.php

@@ -3,11 +3,11 @@
  * Plugin Name:			Ocean Extra
  * Plugin URI:			https://oceanwp.org/extension/ocean-extra/
  * Description:			Add extra features like widgets, metaboxes, import/export and a panel to activate the premium extensions.
- * Version:				1.6.4
+ * Version:				1.6.6
  * Author:				OceanWP
  * Author URI:			https://oceanwp.org/
  * Requires at least:	5.3
- * Tested up to:		5.4.2
+ * Tested up to:		5.5
  *
  * Text Domain: ocean-extra
  * Domain Path: /languages
@@ -86,26 +86,20 @@ public function __construct( $widget_areas = array() ) {
 		$this->token 			= 'ocean-extra';
 		$this->plugin_url 		= plugin_dir_url( __FILE__ );
 		$this->plugin_path 		= plugin_dir_path( __FILE__ );
-		$this->version 			= '1.6.4';
+		$this->version 			= '1.6.6';
 
 		define( 'OE_URL', $this->plugin_url );
 		define( 'OE_PATH', $this->plugin_path );
 		define( 'OE_VERSION', $this->version );
         define( 'OE_FILE_PATH', __FILE__ );
 		define( 'OE_ADMIN_PANEL_HOOK_PREFIX', 'theme-panel_page_oceanwp-panel' );
 
-		// WPForms partner ID
-		add_filter( 'wpforms_upgrade_link', array( $this, 'wpforms_upgrade_link' ) );
-
 		// WooCommerce Wishlist partner ID
 		if ( class_exists( 'TInvWL_Wishlist' ) ) {
 			define( 'TINVWL_PARTNER', 'oceanwporg' );
 			define( 'TINVWL_CAMPAIGN', 'oceanwp_theme' );
 		}
 
-		// WooCommerce Variation Swatches partner ID
-		add_filter( 'gwp_affiliate_id', array( $this, 'gwp_affiliate_id' ) );
-
 		register_activation_hook( __FILE__, array( $this, 'install' ) );
 
 		add_action( 'init', array( $this, 'load_plugin_textdomain' ) );
@@ -167,36 +161,6 @@ public static function instance() {
 		return self::$_instance;
 	} // End instance()
 
-	/**
-	 * WPForms partner ID
-	 *
-	 * @since 1.0.0
-	 */
-	public function wpforms_upgrade_link() {
-		$url = 'https://wpforms.com/lite-upgrade/?discount=LITEUPGRADE&utm_source=WordPress&utm_medium=' . sanitize_key( apply_filters( 'wpforms_upgrade_link_medium', 'link' ) ) . '&utm_campaign=liteplugin';
-
-		// Build final URL
-		$final_url = sprintf( 'http://www.shareasale.com/r.cfm?B=837827&U=%s&M=64312&urllink=%s', '1591020', $url );
-
-		// Return URL.
-		return esc_url( $final_url );
-	}
-
-	/**
-	 * WooCommerce Variation Swatches partner ID
-	 *
-	 * @since 1.0.0
-	 */
-	public function gwp_affiliate_id() {
-
-		// Return if the plugin is not active
-		if ( ! class_exists( 'Woo_Variation_Swatches' ) ) {
-			return;
-		}
-
-		return 69;
-	}
-
 	/**
 	 * Load the localisation file.
 	 * @access  public