diff --git a/wp-content/plugins/feedwordpress/feeds-page.php b/wp-content/plugins/feedwordpress/feeds-page.php
index 011d92e832fd096510d534697abcc1adadb20249..84b3f87a8677bd5ba6069ceeb0e3f368ca055688 100644
--- a/wp-content/plugins/feedwordpress/feeds-page.php
+++ b/wp-content/plugins/feedwordpress/feeds-page.php
@@ -194,15 +194,25 @@ class FeedWordPressFeedsPage extends FeedWordPressAdminPage {
</select>
<div id="cron-job-explanation" class="setting-description">
<p><?php
- $path = `which curl`; $opts = '--silent %s';
- if (is_null($path) or strlen(trim($path))==0) :
+ // Do we have shell_exec() available from here, or is it disabled for security reasons?
+ // If it's available, use it to execute `which` to try to get a realistic path to curl,
+ // or to wget. If everything fails or shell_exec() isn't available, then just make
+ // up something for the sake of example.
+ $shellExecAvailable = (is_callable('shell_exec') && false === stripos(ini_get('disable_functions'), 'shell_exec'));
+
+ if ($shellExecAvailable) :
+ $path = `which curl`; $opts = '--silent %s';
+ endif;
+
+ if ($shellExecAvailable and (is_null($path) or strlen(trim($path))==0)) :
$path = `which wget`; $opts = '-q -O - %s';
- if (is_null($path) or strlen(trim($path))==0) :
- $path = '/usr/bin/curl'; $opts = '--silent %s';
- endif;
endif;
+
+ if (is_null($path) or strlen(trim($path))==0) :
+ $path = '/usr/bin/curl'; $opts = '--silent %s';
+ endif;
+
$path = preg_replace('/\n+$/', '', $path);
- $crontab = `crontab -l`;
$cmdline = $path . ' ' . sprintf($opts, get_bloginfo('url').'?update_feedwordpress=1');
diff --git a/wp-content/plugins/feedwordpress/feedwordpress.php b/wp-content/plugins/feedwordpress/feedwordpress.php
index 6526acbd570bbd406e94a65ad2e9fcac7a97b1ca..1f1b2fc81f260380ba72b73d3c40871f971fddbd 100644
--- a/wp-content/plugins/feedwordpress/feedwordpress.php
+++ b/wp-content/plugins/feedwordpress/feedwordpress.php
@@ -3,7 +3,7 @@
Plugin Name: FeedWordPress
Plugin URI: http://feedwordpress.radgeek.com/
Description: simple and flexible Atom/RSS syndication for WordPress
-Version: 2016.1213
+Version: 2017.1004
Author: Charles Johnson
Author URI: http://radgeek.com/
License: GPL
@@ -11,7 +11,7 @@ License: GPL
/**
* @package FeedWordPress
- * @version 2016.1213
+ * @version 2017.1004
*/
# This uses code derived from:
@@ -32,7 +32,7 @@ License: GPL
# -- Don't change these unless you know what you're doing...
-define ('FEEDWORDPRESS_VERSION', '2016.1213');
+define ('FEEDWORDPRESS_VERSION', '2017.1004');
define ('FEEDWORDPRESS_AUTHOR_CONTACT', 'http://radgeek.com/contact');
if (!defined('FEEDWORDPRESS_BLEG')) :
@@ -634,7 +634,7 @@ function syndication_comments_feed_link ($link) {
$source = get_syndication_feed_object();
$replacement = NULL;
- if ($source->setting('munge comments feed links', 'munge_comments_feed_links', 'yes') != 'no') :
+ if (is_object($source) && $source->setting('munge comments feed links', 'munge_comments_feed_links', 'yes') != 'no') :
$commentFeeds = get_post_custom_values('wfw:commentRSS');
if (
is_array($commentFeeds)
@@ -1823,7 +1823,8 @@ class FeedWordPress {
// Explicit update request in the HTTP request (e.g. from a cron job)
if (self::update_requested()) :
-
+ /*DBG*/ header("Content-Type: text/plain");
+
$this->update_hooked = "Initiating a CRON JOB CHECK-IN ON UPDATE SCHEDULE due to URL parameter = ".trim($this->val($_REQUEST['update_feedwordpress']));
$this->update($this->update_requested_url());
diff --git a/wp-content/plugins/feedwordpress/feedwordpresslocalpost.class.php b/wp-content/plugins/feedwordpress/feedwordpresslocalpost.class.php
index 743f65122a7f1bab75f65eb626b6894d0c74d875..3d6ff5a7fd321cdf310c1a089a688e0570013a4d 100644
--- a/wp-content/plugins/feedwordpress/feedwordpresslocalpost.class.php
+++ b/wp-content/plugins/feedwordpress/feedwordpresslocalpost.class.php
@@ -93,7 +93,9 @@ class FeedWordPressLocalPost {
public function feed () {
global $feedwordpress;
- $this->link = $feedwordpress->subscription($this->feed_id());
+ if (is_object($feedwordpress) and method_exists($feedwordpress, 'subscription')) :
+ $this->link = $feedwordpress->subscription($this->feed_id());
+ endif;
return $this->link;
}
diff --git a/wp-content/plugins/feedwordpress/feedwordpresssyndicationpage.class.php b/wp-content/plugins/feedwordpress/feedwordpresssyndicationpage.class.php
index cd1b71299bf6ffcc67136c0fa9803a29328d7a3b..64025e5612c1348093489840c5da28954e09bf7c 100644
--- a/wp-content/plugins/feedwordpress/feedwordpresssyndicationpage.class.php
+++ b/wp-content/plugins/feedwordpress/feedwordpresssyndicationpage.class.php
@@ -701,7 +701,7 @@ class FeedWordPressSyndicationPage extends FeedWordPressAdminPage {
var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
s.type = 'text/javascript';
s.async = true;
- s.src = 'http://api.flattr.com/js/0.6/load.js?mode=auto';
+ s.src = 'https://api.flattr.com/js/0.6/load.js?mode=auto';
t.parentNode.insertBefore(s, t);
})();
/* ]]> */</script>
@@ -723,7 +723,7 @@ support, and documentation.</p>
<div style="display: inline-block; vertical-align: middle; ">
<a class="FlattrButton" style="display:none;" href="http://feedwordpress.radgeek.com/"></a>
<noscript>
-<a href="http://flattr.com/thing/1380856/FeedWordPress" target="_blank"><img src="http://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a>
+<a href="https://flattr.com/thing/1380856/FeedWordPress" target="_blank"><img src="https://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a>
</noscript>
<div>via Flattr</div>
@@ -865,7 +865,7 @@ regular donation</a>) using an existing PayPal account or any major credit card.
foreach ($alter as $sql) :
$result = $wpdb->query($sql);
if (!$result):
- $errs[] = mysql_error();
+ $errs[] = $wpdb->last_error;
endif;
endforeach;
@@ -988,7 +988,7 @@ regular donation</a>) using an existing PayPal account or any major credit card.
foreach ($alter as $sql) :
$result = $wpdb->query($sql);
if (!$result):
- $errs[] = mysql_error();
+ $errs[] = $wpdb->last_error;
endif;
endforeach;
@@ -1218,7 +1218,7 @@ has been added as a contributing site, using the feed at
<<a href="<?php print $fwp_post['feed']; ?>"><?php print esc_html($fwp_post['feed']); ?></a>>.
| <a href="admin.php?page=<?php print $fwp_path; ?>/feeds-page.php&link_id=<?php print $link_id; ?>">Configure settings</a>.</p></div>
<?php else: ?>
-<div class="updated"><p>There was a problem adding the feed. [SQL: <?php echo esc_html(mysql_error()); ?>]</p></div>
+<div class="updated"><p>There was a problem adding the feed. [SQL: <?php echo esc_html($wpdb->last_error); ?>]</p></div>
<?php endif;
elseif (isset($fwp_post['save_link_id'])):
$existingLink = new SyndicatedLink($fwp_post['save_link_id']);
diff --git a/wp-content/plugins/feedwordpress/readme.txt b/wp-content/plugins/feedwordpress/readme.txt
index bae4f062072cb8d3a295c2702dea0a90255569f1..e59fdc681bea23ac256fe7c0549c2d13da4c1c4e 100644
--- a/wp-content/plugins/feedwordpress/readme.txt
+++ b/wp-content/plugins/feedwordpress/readme.txt
@@ -3,8 +3,8 @@ Contributors: Charles Johnson
Donate link: http://feedwordpress.radgeek.com/
Tags: syndication, aggregation, feed, atom, rss
Requires at least: 4.5
-Tested up to: 4.7
-Stable tag: 2016.1213
+Tested up to: 4.8.2
+Stable tag: 2017.1004
FeedWordPress syndicates content from feeds you choose into your WordPress weblog.
@@ -93,9 +93,42 @@ outs, see the documentation at the [FeedWordPress project homepage][].
== Changelog ==
+= 2017.0913 =
+
+* PARTIAL FIX FOR 2X DUPLICATE POSTS APPEARING ON DUAL HTTP/HTTPS SITES: Some
+ users reported an issue in which their FeedWordPress sites, which are over
+ both insecure HTTP and over HTTPS, would pick up exactly 2 copies of every
+ post or almost every post from certain feeds, and where the guids for each
+ of the pair of duplicate posts would look exactly alike, except for a
+ difference in the protocol, for example:
+
+ http://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545
+ https://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545
+
+ ... where www.example.com is the server that your own copy of FeedWordPress
+ is installed. This release of FeedWordPress normalizes post guid prefixes
+ so as to avoid or limit the scope of this problem.
+
+* PHP 7 Compatibility: eliminate remaining sources of PHP 7 compatibility-check
+ failures -- remove the use of depreciated mysql_error() function, and make
+ sure all classes make use of __construct() convention for constructors.
+
+* AVOID "PHP Warning: shell_exec() has been disabled for security reasons in
+ [...]/feedwordpress/feeds-page.php on line 197": FeedWordPress uses the PHP
+ shell_exec() function in a very narrowly limited way for information gathering,
+ trying to find the real path to curl or wget on your system, so that it can
+ give as realistic as possible a recommendation for the sample crontab line
+ displayed in Syndication > Feeds & Updates. Some web hosting environments
+ disable shell_exec for security reasons (since it could in theory be used to
+ do a lot more stuff than the very limited information gathering FWP uses it
+ for); in which case, this part of the code in FeedWordPress could spit out
+ a nasty-looking and potentially worrisome-looking error message. So, now this
+ code is fenced with checks to make sure that shell_exec is available, before
+ FWP attempts to make use of it.
+
= 2016.1213 =
-* WORDPRSS BACKWARD COMPATIBILITY FOR VERSIONS [4.5, 4.7]: This change fixes
+* WORDPRESS BACKWARD COMPATIBILITY FOR VERSIONS [4.5, 4.7]: This change fixes
a fatal PHP error (on some web server configurations you'd see the message
"Fatal error: require_once(): Failed opening required '[...]/wp-includes/class-wp-feed-cache.php'"
on others, you might just see an HTTP 500 Internal Server Error or a blank
diff --git a/wp-content/plugins/feedwordpress/syndicatedpost.class.php b/wp-content/plugins/feedwordpress/syndicatedpost.class.php
index 8d1b1f4db362382d89721305c48f835eb014d9f1..00f701f73aa615da41d1ff90b8a6c50893b4a9d7 100644
--- a/wp-content/plugins/feedwordpress/syndicatedpost.class.php
+++ b/wp-content/plugins/feedwordpress/syndicatedpost.class.php
@@ -12,7 +12,7 @@ require_once(dirname(__FILE__).'/syndicatedpostxpathquery.class.php');
* different feed formats, which may be useful to FeedWordPress users
* who make use of feed data in PHP add-ons and filters.
*
- * @version 2013.0525
+ * @version 2017.1004
*/
class SyndicatedPost {
var $item = null; // MagpieRSS representation
@@ -129,6 +129,7 @@ class SyndicatedPost {
);
$excerpt = apply_filters('syndicated_item_excerpt', $this->excerpt(), $this);
+
if (!empty($excerpt)):
$this->post['post_excerpt'] = $excerpt;
endif;
@@ -258,7 +259,6 @@ class SyndicatedPost {
$this->post['post_type'] = apply_filters('syndicated_post_type', $this->link->setting('syndicated post type', 'syndicated_post_type', 'post'), $this);
endif;
-
} /* SyndicatedPost::__construct() */
#####################################
@@ -413,18 +413,23 @@ class SyndicatedPost {
$content = $this->content();
// Ignore whitespace, case, and tag cruft.
- $theExcerpt = preg_replace('/\s+/', '', strtolower(strip_tags($excerpt)));
- $theContent = preg_replace('/\s+/', '', strtolower(strip_tags($content)));
-
+ $theExcerpt = preg_replace('/\s+/', '', strtolower(strip_tags(html_entity_decode($excerpt))));
+ $theContent = preg_replace('/\s+/', '', strtolower(strip_tags(html_entity_decode($content))));
if ( empty($excerpt) or $theExcerpt == $theContent ) :
# If content is available, generate an excerpt.
if ( strlen(trim($content)) > 0 ) :
$excerpt = strip_tags($content);
if (strlen($excerpt) > 255) :
- $excerpt = substr($excerpt,0,252).'...';
+ if (is_object($this->link) and is_object($this->link->simplepie)) :
+ $encoding = $this->link->simplepie->get_encoding();
+ else :
+ $encoding = get_option('blog_charset', 'utf8');
+ endif;
+ $excerpt = mb_substr($excerpt,0,252,$encoding).'...';
endif;
endif;
endif;
+
return $excerpt;
} /* SyndicatedPost::excerpt() */
@@ -584,9 +589,24 @@ class SyndicatedPost {
return $hash;
} /* SyndicatedPost::update_hash() */
+ /**
+ * SyndicatedPost::normalize_guid_prefix(): generates a normalized URL
+ * prefix (including scheme, authority, full path, and the beginning of
+ * a query string) for creating guids that conform to WordPress's
+ * internal constraints on the URL space for valid guids. To create a
+ * normalized guid, just concatenate a valid URL query parameter value
+ * to the returned URL.
+ *
+ * @return string The URL prefix generated.
+ *
+ * @uses trailingslashit()
+ * @uses home_url()
+ * @uses apply_filters()
+ */
static function normalize_guid_prefix () {
- return trailingslashit(get_bloginfo('url')).'?guid=';
- }
+ $url = trailingslashit(home_url(/*path=*/ '', /*scheme=*/ 'http'));
+ return apply_filters('syndicated_item_guid_normalized_prefix', $url . '?guid=');
+ } /* SyndicatedPost::normalize_guid_prefix() */
static function normalize_guid ($guid) {
$guid = trim($guid);
@@ -596,6 +616,23 @@ class SyndicatedPost {
$guid = SyndicatedPost::normalize_guid_prefix().md5($guid);
endif;
$guid = trim($guid);
+
+ return $guid;
+ } /* SyndicatedPost::normalize_guid() */
+
+ static function alternative_guid_prefix () {
+ $url = trailingslashit(home_url(/*path=*/ '', /*scheme=*/ 'https'));
+ return apply_filters('syndicated_item_guid_normalized_prefix', $url . '?guid=');
+ }
+ static function alternative_guid ($guid) {
+ $guid = trim($guid);
+ if (preg_match('/^[0-9a-z]{32}$/i', $guid)) : // MD5
+ $guid = SyndicatedPost::alternative_guid_prefix().strtolower($guid);
+ elseif ((strlen(esc_url($guid)) == 0) or (esc_url($guid) != $guid)) :
+ $guid = SyndicatedPost::alternative_guid_prefix().md5($guid);
+ endif;
+ $guid = trim($guid);
+
return $guid;
} /* SyndicatedPost::normalize_guid() */
@@ -1417,7 +1454,7 @@ class SyndicatedPost {
return $this->_wp_id;
}
- function store () {
+ public function store () {
global $wpdb;
if ($this->filtered()) : // This should never happen.
@@ -1679,6 +1716,7 @@ class SyndicatedPost {
// Go ahead and insert the first post record to
// anchor the revision history.
+
$this->_wp_id = wp_insert_post($sdbpost, /*return wp_error=*/ true);
$dbpost['ID'] = $this->_wp_id;
diff --git a/wp-content/plugins/feedwordpress/syndicationdataqueries.class.php b/wp-content/plugins/feedwordpress/syndicationdataqueries.class.php
index 2588fbdd4053131598f923ff9218580deea03afa..4c8a5086d9d64227600d265fee1f028275f57820 100644
--- a/wp-content/plugins/feedwordpress/syndicationdataqueries.class.php
+++ b/wp-content/plugins/feedwordpress/syndicationdataqueries.class.php
@@ -15,7 +15,7 @@ class SyndicationDataQueries {
$wp->add_query_var('guid');
}
- function parse_query (&$q) {
+ function parse_query ($q) {
if ($q->get('guid')) :
$q->is_single = false; // Causes nasty side-effects.
$q->is_singular = true; // Doesn't?
@@ -27,18 +27,18 @@ class SyndicationDataQueries {
endif;
} /* SyndicationDataQueries::parse_query () */
- function pre_get_posts (&$q) {
+ function pre_get_posts ($q) {
//
}
- function posts_request ($sql, &$query) {
+ function posts_request ($sql, $query) {
if ($query->get('fields') == '_synfresh') :
FeedWordPress::diagnostic('feed_items:freshness:sql', "SQL: ".$sql);
endif;
return $sql;
}
- function posts_search ($search, &$query) {
+ function posts_search ($search, $query) {
global $wpdb;
if ($guid = $query->get('guid')) :
if (strlen(trim($guid)) > 0) :
@@ -47,6 +47,7 @@ class SyndicationDataQueries {
// MD5 hashes
if (preg_match('/^[0-9a-f]{32}$/i', $guid)) :
$seek[] = SyndicatedPost::normalize_guid_prefix().$guid;
+ $seek[] = SyndicatedPost::alternative_guid_prefix().$guid;
endif;
// Invalid URIs, URIs that WordPress just doesn't like, and URIs
@@ -54,8 +55,9 @@ class SyndicationDataQueries {
$nGuid = SyndicatedPost::normalize_guid($guid);
if ($guid != $nGuid) :
$seek[] = $nGuid;
+ $seek[] = SyndicatedPost::alternative_guid($guid);
endif;
-
+
// Escape to prevent frak-ups, injections, etc.
$seek = array_map('esc_sql', $seek);
@@ -75,7 +77,7 @@ class SyndicationDataQueries {
return $search;
} /* SyndicationDataQueries::posts_search () */
- function posts_where ($where, &$q) {
+ function posts_where ($where, $q) {
global $wpdb;
// Ugly hack to ensure we ONLY check by guid in syndicated freshness
@@ -92,7 +94,7 @@ class SyndicationDataQueries {
return $where;
} /* SyndicationDataQueries::post_where () */
- function posts_fields ($fields, &$query) {
+ function posts_fields ($fields, $query) {
global $wpdb;
if ($f = $query->get('fields')) :
switch ($f) :