Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0403: SWP_Options_Page.php in social-warfare/trunk/lib/options – WordPress Plugin Repository

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
#js#java#wordpress#php#oauth#auth

1<?php23/**4* The core Social Warfare admin settings page.5*6* This extensive method instantiates each of the five main tabs:7* Display, Styles, Social Identity, Advanced, and Registration.8*9* For each of these tabs all of the core sections and options10* are also created.11*12* Addons, such as Pro, can hook into this object to add13* their own sections and options by using the one of the14*15* @package SocialWarfare\Functions\Social-Networks16* @copyright Copyright © 2018, Warfare Plugins, LLC17* @license GPL-3.0+18* @since 3.0.0 | Created | 02 MAR 201719* @access public20* @todo Clean out all array bracket notations.21*22*/23class SWP_Options_Page extends SWP_Option_Abstract {242526 /**27 * The Options Page Tabs28 *29 * An object holding each of the tabs by index name.30 * The tab is required to be either an SWP_Options_Page_Tab31 * object, or a class which extends this object.32 *33 */34 public $tabs;353637 /**38 * Boolean indicating whether the plugin is registered or not.39 *40 * @var bool $swp_registration41 *42 */43 public $swp_registration;444546 /**47 * The user’s selected icons to display.48 *49 * As defined in the Display tab on the settings page.50 *51 */52 public $icons = array();535455 /**56 * The magic construct method to instatiate the options object.57 *58 * This class method provides the framework for the entire options page.59 * It outlines the chronology of loading order and makes it so that addons60 * can easily access this object to add their own tabs, sections, and61 * options as needed prior to the final output of the page and it’s HTML.62 *63 * @since 3.0.0 | 01 MAR 2018 | Created64 * @param void65 * @return object $this The options page object. Allows for method chaining.66 *67 */68 public function __construct() {69 // Create a ‘tabs’ object to which we can begin adding tabs.70 $this->tabs = new stdClass();717273 /**74 * STEP #1: We create the initial options object immediately when75 * this class is loaded which takes place while WordPress is loading76 * all of the installed plugins on the site.77 *78 */79 $this->init_display_tab()80 ->init_styles_tab()81 ->init_social_tab()82 ->init_advanced_tab();8384 add_action('wp_loaded’, [$this, ‘load_deferred_options’]);858687 /**88 * STEP #2: Addons can now access this object to add their own89 * tabs, sections, and options prior to the page being rendered.90 * They will need to use the ‘plugins_loaded’ hook to ensure that91 * the first step above has already occurred.92 *93 */949596 /**97 * STEP #3: We take the final options object and render the98 * options page and it’s necessary HTML. We defer this step until99 * much later using the admin_menu hook to ensure that all addons100 * have had an opportunity to modify the options object as needed.101 *102 */103 add_action( 'admin_menu’, array( $this, ‘options_page’) );104105106 // Checks the URL for a new access_token.107 SWP_Credential_Helper::options_page_scan_url();108109 add_action( 'wp_ajax_swp_delete_network_tokens’, array( $this, ‘delete_network_tokens’ ) );110 }111112113 /**114 * Load Deferred Options115 *116 * The buttons position table needs deferred via a hook. This method117 * takes care of that.118 *119 * @since 3.0.0 | 01 MAR 2018 | Created120 * @param void121 * @return void122 */123 public function load_deferred_options() {124 $this->tabs->display->sections->button_position->options->button_position_table->do_button_position_table();125126 $authorizations = $this->establish_authorizations();127 if ( count( $authorizations ) > 0 ) {128129 $auths = new SWP_Options_Page_Section( __( 'Social Network Connections’, ‘social-warfare’ ), ‘addon_authorizations’ );130 $auths->set_priority( 20 );131132 foreach( $authorizations as $auth ) {133 $auths->add_option( $auth );134 }135136 $this->tabs->social_identity->add_section( $auths );137 }138 }139140141 /**142 * Create the admin menu options page143 *144 * @since 3.0.0 | 01 MAR 2018 | Created145 * @param void146 * @return void147 *148 */149 public function options_page() {150151 // Declare the menu link152 $swp_menu = add_menu_page(153 'Social Warfare’,154 'Social Warfare’,155 'manage_options’,156 'social-warfare’,157 array( $this, ‘render_HTML’),158 'none’159 );160161 add_submenu_page(162 'social-warfare’,163 'Social Warfare Settings’,164 'Settings’,165 'manage_options’,166 'social-warfare’,167 array( $this, ‘render_HTML’),168 1169 );170171 // Hook into the CSS and Javascript Enqueue process for this specific page172 add_action( 'admin_print_styles-' . $swp_menu, array( $this, ‘admin_css’ ) );173 add_action( 'admin_print_scripts-' . $swp_menu, array( $this, ‘admin_js’ ) );174 }175176177 /**178 * Add a tab to the Options Page object.179 *180 * @since 3.0.0 | 01 MAR 2018 | Created181 * @param object $tab The SWP_Options_Page_Tab object to add.182 * @return object $this The calling instance, for method chaining.183 *184 */185 public function add_tab( $tab ) {186 $class = get_class( $tab );187 if ( !( $class === ‘SWP_Options_Page_Tab’ || is_subclass_of( $class, ‘SWP_Options_Page_Tab’ ) ) ) :188 $this->_throw( ‘Requires an instance of SWP_Options_Page_Tab or a class which inherits this class.’ );189 endif;190191 if ( empty( $tab->name ) ):192 $this->_throw( ‘Tab name can not be empty.’ );193 endif;194195 $this->tabs[$tab->name] = $tab;196197 return $this;198 }199200201 /**202 * Enqueue the Settings Page CSS & Javascript203 *204 * @since 3.0.0 | 01 MAR 2018 | Created205 * @see $this->options_page()206 * @param void207 * @return void208 *209 */210 public function admin_css() {211 $suffix = SWP_Script::get_suffix();212 $wp_scripts = wp_scripts();213214 wp_enqueue_style(215 'swp-admin-ui-css’,216 ‘//code.jquery.com/ui/’ . $wp_scripts->registered[‘jquery-ui-core’]->ver . '/themes/smoothness/jquery-ui.min.css’,217 false,218 SWP_VERSION,219 false220 );221222 wp_enqueue_style(223 ‘swp_admin_options_css’,224 SWP_PLUGIN_URL . “/assets/css/admin-options-page{$suffix}.css",225 array(),226 SWP_VERSION227 );228229 wp_enqueue_style(230 'social_warfare_admin_mobile’,231 SWP_PLUGIN_URL . “/assets/css/admin-mobile{$suffix}.css",232 array(),233 SWP_VERSION234 );235 }236237238 /**239 * Enqueue the admin javascript240 *241 * @since 3.0.0 | 01 MAR 2018 | Created242 * @see $this->options_page()243 * @param void244 * @return void245 * @todo: Are we still using the tooltip for anything?246 *247 */248 public function admin_js() {249 $suffix = SWP_Script::get_suffix();250251 wp_enqueue_script( ‘jquery’ );252 wp_enqueue_script( ‘jquery-effects-core’ );253 wp_enqueue_script( ‘jquery-ui-core’ );254 wp_enqueue_script( ‘jquery-ui-sortable’ );255 wp_enqueue_script( ‘jquery-ui-tooltip’ );256 wp_enqueue_script( ‘jquery-ui-widget’ );257 wp_enqueue_script( ‘jquery-ui-position’ );258 wp_enqueue_media();259 wp_enqueue_script(260 'swp_admin_options_js’,261 SWP_PLUGIN_URL . “/assets/js/admin-options-page{$suffix}.js",262 array( 'jquery’, ‘social_warfare_script’ ),263 SWP_VERSION264 );265266 wp_localize_script( 'swp_admin_options_js’, 'swpAdminOptionsData’, array(267 ‘registerNonce’ => wp_create_nonce( ‘swp_plugin_registration’ ),268 ‘optionsNonce’ => wp_create_nonce( ‘swp_plugin_options_save’ ),269 ));270 }271272273 /**274 * Creates the commonly used color choides for choice settings.275 *276 * @since 3.0.0 | 01 MAR 2018 | Created277 * @param void278 * @return array The key/value pairs of color choides.279 *280 */281 public static function get_color_choices_array() {282 return [283 ‘full_color’ => __( 'Full Color’, ‘social-warfare’ ),284 ‘light_gray’ => __( 'Light Gray’, ‘social-warfare’ ),285 ‘medium_gray’ => __( 'Medium Gray’, ‘social-warfare’ ),286 ‘dark_gray’ => __( 'Dark Gray’, ‘social-warfare’ ),287 ‘light_gray_outlines’ => __( 'Light Gray Outlines’, ‘social-warfare’ ),288 ‘medium_gray_outlines’ => __( 'Medium Gray Outlines’, ‘social-warfare’ ),289 ‘dark_gray_outlines’ => __( 'Dark Gray Outlines’, ‘social-warfare’ ),290 ‘color_outlines’ => __( 'Color Outlines’, ‘social-warfare’ ),291 ‘custom_color’ => __( 'Custom Color’, ‘social-warfare’ ),292 ‘custom_color_outlines’ => __( 'Custom Color Outlines’, ‘social-warfare’ )293 ];294 }295296297 /**298 * Calls rendering methods to assemble HTML for the Admin Settings page.299 *300 * @since 3.0.0 | 01 MAR 2018 | Created301 * @param void302 * @return object $this The calling object for method chaining.303 *304 */305 public function render_HTML() {306 //* Fetch all the addons the user has installed,307 //* whether or not they are actively registered.308 $addons = apply_filters( 'swp_registrations’, array() );309 $this->is_registered = 0;310 $addon_templates = array();311 $active_addons = '’;312 $registered_addons = ‘’;313314 if ( !empty( $addons ) ) :315316 foreach( $addons as $addon ) {317 if ( gettype($addon) !== ‘object’ ) :318 continue;319 endif;320321322 $addon_templates[] = new SWP_Registration_Tab_Template( $addon );323 $active_addons .= " $addon->key “;324325 if ( true === $addon->is_registered ) :326 $registered_addons .= " $addon->key “;327 $this->is_registered = 1;328 endif;329 }330331 endif;332333 $this->init_registration_tab( $addon_templates );334 $menu = $this->create_menu( $addon_templates );335 $tabs = $this->create_tabs( $active_addons, $registered_addons );336337 $html = $menu . $tabs;338 $this->html = $html;339340 echo $html;341342 return $this;343 }344345346 /**347 * Handwritten list of OG Meta types.348 *349 * @since 3.0.0 | 01 MAR 2018 | Created350 * @since 3.1.0 | 13 JUN 2018 | Replaced array bracket notation.351 * @param void352 * @return array Custom Post Types.353 *354 */355 protected function get_og_post_types() {356 return array(357 'article’,358 'book’,359 'books.author’,360 'books.book’,361 'books.genre’,362 'business.business’,363 'fitness.course’,364 'game.achievement’,365 'music.album’,366 'music.playlist’,367 'music.radio_station’,368 'music.song’,369 'place’,370 'product’,371 'product.group’,372 'product.item’,373 'profile’,374 'restaurant.menu’,375 'restaurant.menu_item’,376 'restaurant.menu_section’,377 'restaurant.restaurant’,378 'video.episode’,379 'video.movie’,380 'video.other’,381 'video.tv_show’,382 );383 }384385386 /**387 * Provides the common placement choices for the buttons.388 *389 * @since 3.0.0 | 01 MAR 2018 | Created390 * @since 3.1.0 | 13 JUN 2018 | Replaced Array bracket notation.391 * @param void392 * @return array Key/Value pairs of button placement options.393 *394 */395 protected function get_static_options_array() {396 return array(397 ‘above’ => __( 'Above the Content’, ‘social-warfare’ ),398 ‘below’ => __( 'Below the Content’, ‘social-warfare’ ),399 ‘both’ => __( 'Both Above and Below the Content’, ‘social-warfare’ ),400 ‘none’ => __( 'None/Manual Placement’, ‘social-warfare’ )401 );402 }403404405 /**406 * Create the Advanced section of the display tab.407 *408 * This section offers miscellaneous advanced settings for finer control of the plugin.409 *410 * @since 3.0.0 | 01 MAR 2018 | Created411 * @param void412 * @return object $this The calling object for method chaining.413 *414 */415 protected function init_advanced_tab() {416417 $advanced = new SWP_Options_Page_Tab( __( 'Advanced’, ‘social-warfare’ ), ‘advanced’ );418 $advanced->set_priority( 40 );419420 $gutenberg = new SWP_Options_Page_Section( __( 'Gutenberg Blocks<sup>beta</sup>’, ‘social-warfare’ ), ‘gutenberg’ );421 $gutenberg->set_priority( 5 )422 ->set_description( ‘If you want to try Social Warfare blocks with Gutenberg, turn this on. <b>Tested with: WP Core 4.9, WP Core 5.1</b>. <em><br/>We are keeping up the best we can, but Gutenberg development is very rapid and can break our blocks overnight. <br/>If this happens, please turn this setting OFF. Your shortcodes will stay in place.</em>’ );423 // ->set_information_link( ‘https://warfareplugins.com/support/using-shortcodes-and-php-snippets/’ );424425 $gutenberg_switch = new SWP_Option_Toggle( __( ‘Enable Gutenberg Blocks’), ‘gutenberg_switch’ );426 $gutenberg_switch->set_default( true )427 ->set_size( ‘sw-col-300’ );428429 $gutenberg->add_option( $gutenberg_switch );430431 $frame_buster = new SWP_Options_Page_Section( __( 'Frame Buster’, ‘social-warfare’ ), ‘frame_buster’ );432 $frame_buster->set_priority( 10 )433 ->set_description( __( 'If you want to stop content pirates from framing your content, turn this on.’, ‘social-warfare’ ) )434 ->set_information_link( ‘https://warfareplugins.com/support/options-page-advanced-tab-frame-buster/’);435436 //* sniplyBuster => frame_buster437 $frame_buster_toggle = new SWP_Option_Toggle( __( 'Frame Buster’, ‘social-warfare’ ), ‘frame_buster’ );438 $frame_buster_toggle->set_default( true )439 ->set_size( ‘sw-col-300’ );440441 $frame_buster->add_option( $frame_buster_toggle );442443 $full_content = new SWP_Options_Page_Section( __( 'Full Content vs. Excerpts’, ‘social-warfare’ ), ‘full_content’ );444 $full_content->set_priority( 70 )445 ->set_description( __( 'If your theme does not use excerpts, but instead displays the full post content on archive, category, and home pages, activate this toggle to allow the buttons to appear in those areas.’, ‘social-warfare’ ) )446 ->set_information_link( ‘https://warfareplugins.com/support/options-page-advanced-tab-full-content-vs-excerpts/’ );447448 $full_content_toggle = new SWP_Option_Toggle( __( 'Full Content?’, ‘social-warfare’ ), ‘full_content’ );449 $full_content_toggle->set_default( false )450 ->set_size( ‘sw-col-300’ );451452 $full_content->add_option( $full_content_toggle );453454 $advanced->add_sections( [$gutenberg, $frame_buster, $full_content] );455456 $this->tabs->advanced = $advanced;457458 return $this;459 }460461462 /**463 * Create the Display section and its child options.464 *465 * This tab offers genereral layout setings for the front end of the site.466 *467 * @since 3.0.0 | 01 MAR 2018 | Created468 * @param void469 * @return object $this The calling object for method chaining.470 *471 */472 protected function init_display_tab() {473 $display = new SWP_Options_Page_Tab( __( 'Display’, ‘social-warfare’ ), ‘display’ );474 $display->set_priority( 10 );475476 $social_networks = new SWP_Options_Page_Section( __( 'Social Networks’, ‘social-warfare’ ), ‘social_networks’ );477 $social_networks->set_priority( 10 )478 ->set_description( __( 'Drag & Drop to activate and order your share buttons.’, ‘social-warfare’ ) )479 ->set_information_link( ‘https://warfareplugins.com/support/options-page-display-tab-social-networks/’ );480481 //* These two sections are unique and need special HTML.482 $active = new SWP_Option_Icons( __( 'Active’, ‘social-warfare’ ), ‘active’ );483 $active->do_active_icons()->set_priority( 10 );484485 $inactive = new SWP_Option_Icons( __( 'Inactive’, ‘social-warfare’ ), ‘inactive’ );486 $inactive->do_inactive_icons()->set_priority( 20 );487488 $social_networks->add_options( [$active, $inactive] );489490 $share_counts = new SWP_Options_Page_Section( __( 'Share Counts’, ‘social-warfare’ ), ‘share_counts’ );491 $share_counts->set_description( __( 'Use the toggles below to determine how to display your social proof.’, ‘social-warfare’ ) )492 ->set_priority( 20 )493 ->set_information_link( ‘https://warfareplugins.com/support/options-page-display-tab-share-counts/’ );494495 //* toteseach => network_count496 $network_shares = new SWP_Option_Toggle( __( 'Button Counts’, ‘social-warfare’ ), ‘network_shares’ );497 $network_shares->set_default( true )498 ->set_priority( 10 )499 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ );500501 //* totes => totals502 $total_shares = new SWP_Option_Toggle( __( 'Total Counts’, ‘social-warfare’ ), ‘total_shares’ );503 $total_shares->set_default( true )504 ->set_priority( 20 )505 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ );506507 //* swDecimals => decimals508 $decimals = new SWP_Option_Select( __( 'Decimal Places’, ‘social-warfare’ ), ‘decimals’ );509 $decimals->set_choices( [510 ‘0’ => 'Zero’,511 ‘1’ => 'One’,512 ‘2’ => 'Two’,513 ])514 ->set_default( ‘0’ )515 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ )516 ->set_priority( 30 );517518 //* swp_decimal_separator => decimal_separator519 $decimal_separator = new SWP_Option_Select( __( 'Decimal Separator’, ‘social-warfare’ ), ‘decimal_separator’ );520 $decimal_separator->set_choices( [521 ‘period’ => 'Period’,522 ‘comma’ => 'Comma’,523 ])524 ->set_default( ‘period’ )525 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ )526 ->set_priority( 50 );527528 //* swTotesFormat => totals_alignment529 $totals_alignment = new SWP_Option_Select( __( 'Alignment’, ‘social-warfare’ ), ‘totals_alignment’ );530 $totals_alignment->set_choices( [531 ‘totals_right’ => 'Right’,532 ‘totals_left’ => 'Left’533 ])534 ->set_default( ‘totals_right’ )535 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ )536 ->set_priority( 60 );537538 $share_counts->add_options( [$network_shares, $total_shares, $decimals, $decimal_separator, $totals_alignment] );539540 $button_position = new SWP_Options_Page_Section( __( 'Position Share Buttons’, ‘social-warfare’ ), ‘button_position’ );541 $button_position->set_description( __( 'These settings let you decide where the share buttons should go for each post type.’, ‘social-warfare’ ) )542 ->set_priority( 40 )543 ->set_information_link( ‘https://warfareplugins.com/support/options-page-display-tab-position-share-buttons/’ );544545 $button_position_table = new SWP_Section_HTML( __( 'Position Table’, ‘social-warfare’ ), ‘button_position_table’ );546 // $button_position_table->do_button_position_table();547548 $button_position->add_option( $button_position_table );549550 $display->add_sections( [$social_networks, $share_counts, $button_position] );551552 $this->tabs->display = $display;553554 return $this;555 }556557558 /**559 * Create the Registration section of the display tab.560 *561 * This section allows users to register activation keys for the premium plugin features.562 *563 * @since 3.0.0 | 01 MAR 2018 | Created564 * @param void565 * @return object $this The calling object for method chaining.566 *567 */568 protected function init_registration_tab( $addons ) {569 $registration = new SWP_Options_Page_Tab( __( 'Registration’, ‘social-warfare’ ), ‘registration’ );570571572 $registration->set_priority( 50 );573574 $wrap = new SWP_Options_Page_Section( __( 'Addon Registrations’, ‘social-warfare’ ), ‘addon_registrations’ );575 $wrap->set_priority( 10 );576577 foreach( $addons as $addon ) {578 $wrap->add_option( $addon );579 }580581 $registration->add_section( $wrap );582583 $this->tabs->registration = $registration;584585 return $this;586 }587588589 /**590 *591 * @since 3.5.0 | 03 JAN 2018 | Created.592 * @param void593 * @hook filter | swp_authorizations | Array of network keys requesting oAuth access.594 * @return array $authorization_options The qualified SWP_Options ready to render_HTML().595 *596 */597 public function establish_authorizations() {598 $authorizations = apply_filters( ‘swp_authorizations’, array() );599 $authorization_options = array();600601 // Set up an ‘Authorize’ or ‘Disconnect’ button for social network oAuth.602 foreach ( $authorizations as $network_key) {603604 $instance = new SWP_Auth_Helper ( $network_key );605 $access_token = $instance->get_access_token();606607 // No access tokens exists for this network.608 if ( false === $instance->has_valid_token() ) {609 $link = $instance->get_authorization_link();610 $display_text = $instance->get_auth_button_text();611 $classname = “swp-button swp-{$network_key} swp-authorization-button";612 $option = new SWP_Option_Button( $display_text, $network_key, $classname, $link );613614 }615616 // Provide the option to revoke the connection.617 else {618 $link = $instance->get_revoke_access_url();619 $display_text = 'Disconnect ' . ucfirst ( $network_key );620621 /**622 * JavaScript needs to delete the tokens when this button is clicked.623 * The SWP_Option_Button does not provide access for data-attributes,624 * so we’ll hack together a CSS classname to parse in JS.625 *626 */627 $js_class = 'swp-network-‘.$network_key;628 $class = “button sw-navy-button swp-revoke-button $js_class";629 $option = new SWP_Option_Button( $display_text, $network_key, $class, $link, true );630631 }632633 $option->set_size( ‘sw-col-300’ );634 $authorization_options[$network_key] = $option;635636 }637638639 return $authorization_options;640 }641642643 /**644 * Create the Social Identity section of the display tab.645 *646 * This section allows the user to set social network handles and OG metadata.647 *648 * @since 3.0.0 | 01 MAR 2018 | Created649 * @param void650 * @return SWP_Options_Page $this The calling object for method chaining.651 *652 */653 protected function init_social_tab() {654 $social_identity = new SWP_Options_Page_Tab( __( 'Social Identity’, ‘social-warfare’ ), ‘social_identity’ );655 $social_identity->set_priority( 30 );656657 $sitewide_identity = new SWP_Options_Page_Section( 'Sitewide Identity’, ‘sitewide_identity’ );658 $sitewide_identity->set_description( __( 'If you would like to set sitewide defaults for your social identity, add them below.’, ‘social-warfare’ ) )659 ->set_information_link( ‘https://warfareplugins.com/support/options-page-social-identity-tab-sitewide-identity/’ );660661 $twitter_id = new SWP_Option_Text( __( 'Twitter Username’, ‘social-warfare’ ), ‘twitter_id’ );662 $twitter_id->set_size( ‘sw-col-300’ )663 ->set_priority( 10 )664 ->set_default( ‘’ );665666 //* pinterestID => pinterest_id667 $pinterest_id = new SWP_Option_Text( __( 'Pinterest Username’, ‘social-warfare’ ), ‘pinterest_id’ );668 $pinterest_id->set_size( ‘sw-col-300’ )669 ->set_priority( 20 )670 ->set_default( ‘’ );671672 //* facebookPublisherUrl => facebook_publisher_url673 $facebook_publisher_url = new SWP_Option_Text( __( 'Facebook Page URL’, ‘social-warfare’ ), ‘facebook_publisher_url’ );674 $facebook_publisher_url->set_size( ‘sw-col-300’ )675 ->set_priority( 30 )676 ->set_default( ‘’ );677678 //* facebookAppID => facebook_app_id679 $facebook_app_id = new SWP_Option_Text( __( 'Facebook App ID’, ‘social-warfare’ ), ‘facebook_app_id’ );680 $facebook_app_id->set_size( ‘sw-col-300’ )681 ->set_priority( 40 )682 ->set_default( ‘’ );683684 $sitewide_identity->add_options( [$twitter_id, $pinterest_id, $facebook_publisher_url, $facebook_app_id] );685 $social_identity->add_section( $sitewide_identity );686687 $this->tabs->social_identity = $social_identity;688689 return $this;690 }691692693 /**694 * Create the Styles section of the display tab.695 *696 * This section allows the user to refine the look, feel, and placement of buttons.697 *698 * @since 3.0.0 | 01 MAR 2018 | Created699 * @param void700 * @return SWP_Options_Page $this The calling object for method chaining.701 *702 */703 protected function init_styles_tab() {704 $styles = new SWP_Options_Page_Tab( __( ‘Styles’ , ‘social-warfare’ ) , ‘styles’ );705 $styles->set_priority( 20 );706707 $buttons_preview = new SWP_Section_HTML( __( 'Buttons Preview’, ‘social-warfare’ ) );708 $buttons_preview->set_priority( 1000 )709 ->do_buttons_preview();710711712 $buttons_preview_section = new SWP_Options_Page_Section( __( 'Buttons Preview’, ‘social-warfare’ ), ‘buttons_preview_section’ );713 $buttons_preview_section->add_option( $buttons_preview );714715 $styles->add_section( $buttons_preview_section );716 //717 //718 // $total_counts = new SWP_Options_Page_Section( __( 'Total Counts’, ‘social-warfare’ ), ‘total_counts’ );719 // $total_counts->set_description( __( 'Customize how the “Total Shares” section of your share buttons look.’, ‘social-warfare’ ) )720 // ->set_priority( 20 )721 // ->set_information_link( ‘https://warfareplugins.com/support/options-page-styles-tab-total-counts/’ );722723724725 // $total_counts->add_options( [$decimals, $decimal_separator, $totals_alignment] );726727 $floating_share_buttons = new SWP_Options_Page_Section( __( 'Floating Share Buttons’, ‘social-warfare’ ), ‘floating_share_buttons’ );728 $floating_share_buttons->set_description( __( 'If you would like to activate floating share buttons, turn this on.’, ‘social-warfare’ ) )729 ->set_priority( 30 )730 ->set_information_link( ‘https://warfareplugins.com/support/options-page-styles-tab-floating-share-buttons/’ );731732 //* float => floating_panel733 $floating_panel = new SWP_Option_Toggle( __( 'Floating Share Buttons’, ‘social-warfare’ ), ‘floating_panel’ );734 $floating_panel->set_default( false )735 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’)736 ->set_priority( 10 );737738 //* floatOption => float_location739 $float_location = new SWP_Option_Select( __( 'Float Position’, ‘social-warfare’ ), ‘float_location’ );740 $float_location->set_choices( [741 ‘top’ => __( ‘Top of the Page’ , ‘social-warfare’ ),742 ‘bottom’ => __( ‘Bottom of the Page’ , ‘social-warfare’ ),743 ‘left’ => __( ‘On the left side of the page’ , ‘social-warfare’ ),744 ‘right’ => __( ‘On the right side of the page’ , ‘social-warfare’ )745 ] )746 ->set_default( ‘bottom’ )747 ->set_priority( 20 )748 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’)749 ->set_dependency( 'floating_panel’, [true] );750751 //* floatBgColor => float_background_color752 $float_background_color = new SWP_Option_Text( __( 'Background Color’, ‘social-warfare’ ), ‘float_background_color’ );753 $float_background_color->set_default( ‘#ffffff’ )754 ->set_priority( 25 )755 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ )756 ->set_dependency( 'float_location’, ['top’, ‘bottom’] );757758 //* swp_float_scr_sz => float_screen_width759 $float_screen_width = new SWP_Option_Text( __( 'Minimum Screen Width’, ‘social-warfare’ ), ‘float_screen_width’ );760 $float_screen_width->set_default( ‘1100’ )761 ->set_priority( 30 )762 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’ )763 ->set_dependency( 'float_location’, ['left’, ‘right’] );764765 //* sideReveal => transition766 $float_transition = new SWP_Option_Select( __( 'Transition’, ‘social-warfare’ ), ‘transition’ );767 $float_transition->set_priority( 40 )768 ->set_choices( [769 ‘slide’ => __( ‘Slide In / Slide Out’ , ‘social-warfare’ ) ,770 ‘fade’ => __( ‘Fade In / Fade Out’ , ‘social-warfare’ )771 ] )772 ->set_default( ‘slide’ )773 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’)774 ->set_dependency( 'float_location’, ['left’, ‘right’] );775776 $color_choices = $this::get_color_choices_array();777778 $float_before_content = new SWP_Option_Toggle( __( 'Float Before Content’, ‘social-warfare’ ), ‘float_before_content’);779 $float_before_content->set_default( false )780 ->set_priority( 140 )781 ->set_size( 'sw-col-460’, ‘sw-col-460 sw-fit’)782 ->set_dependency( 'floating_panel’, true );783784 $floating_share_buttons->add_options( [$floating_panel, $float_location, $float_transition,785 $float_screen_width, $float_background_color, $float_before_content] );786787788789 $styles->add_sections( [/*$total_counts,*/ $floating_share_buttons] );790791 $this->tabs->styles = $styles;792793 return $this;794 }795796797 /**798 * Creates the HTML for the admin top menu (Logo, tabs, and save button).799 *800 * @since 3.0.0 | 01 MAR 2018 | Created801 * @param void802 * @return string $html The fully qualified HTML for the menu.803 *804 */805 private function create_menu( $addons ) {806 //* Open the admin top menu wrapper.807 $html = '<div class="sw-header-wrapper">’;808 $html .= '<div class="sw-grid sw-col-940 sw-top-menu” sw-registered="’ . $this->is_registered . '">’;809810 //* Menu wrapper and tabs.811 $html .= '<div class="sw-grid sw-col-700">’;812 $html .= '<img class="sw-header-logo” src="’ . SWP_PLUGIN_URL . '/assets/images/admin-options-page/social-warfare-light.png” />’;813 $html .= '<img class="sw-header-logo-pro” src="’ . SWP_PLUGIN_URL . '/assets/images/admin-options-page/social-warfare-pro-light.png” />’;814 $html .= '<ul class="sw-header-menu">’;815816 $tab_map = $this->sort_by_priority( $this->tabs );817818 $activated = true;819820 foreach( $tab_map as $prioritized_tab) {821 foreach( $this->tabs as $index => $tab ) {822823 if ( $prioritized_tab[‘key’] === $tab->key ) :824825 //* Skip the registration tab if there are no addons.826 if ( ‘registration’ == $tab->key && 0 === count( $addons ) ) :827 continue;828 endif;829830 $active = $activated ? ‘sw-active-tab’ : '’;831 $activated = false;832833 $html .= ‘<li class="’ . $active . '">’;834 $html .= '<a class="sw-tab-selector” href="#” data-link="swp_’ . $tab->link . '">’;835 $html .= ‘<span>’ . $tab->name . '</span>’;836 $html .= '</a>’;837 $html .= '</li>’;838839 endif;840 }841 }842843 $html .= '</ul>’;844 $html .= '</div>’;845846 //* “Save Changes” button.847 $html .= '<div class="sw-grid sw-col-220 sw-fit">’;848 $html .= '<a href="#" class="button sw-navy-button sw-save-settings">’. __( ‘Save Changes’ , ‘social-warfare’ ) .’</a>’;849 $html .= '</div>’;850851 $html .= '<div class="sw-clearfix"></div>’;852853 $html .= '</div>’;854 $html .= '</div>’;855856 return $html;857 }858859860 /**861 * Renders HTML for each tab and assembles for outputting.862 *863 * Note: We have to utilize a $map varaible for this and each864 * other render() method. This is because the data are all865 * stored as objects, when can not be iterated by index,866 * only by key. Since they keys are arbitrary (for a plugin867 * or addon, for example), this is no good, hence the map.868 *869 * @since 3.0.0 | 01 MAR 2018 | Created870 * @param void871 * @return string $container The Admin tab HTML container.872 *873 */874 private function create_tabs( $active_addons, $registered_addons ) {875 $sidebar = new SWP_Section_HTML( ‘Sidebar’ );876 $tab_map = $this->sort_by_priority( $this->tabs );877 $registered = false;878 $notices = apply_filters( 'swp_admin_notices’, ‘’ );879880 $container = ‘<div class="sw-admin-wrapper" sw-registered="’. $this->is_registered .’" swp-addons="’ . $active_addons . ‘" swp-registrations="’ . $registered_addons . '">’;881 $container .= '<div class="swp-notice-wrapper">’;882 $container .= $notices;883 $container .= '</div>’;884885 $container .= '<form class="sw-admin-settings-form">’;886 $container .= '<div class="sw-tabs-container sw-grid sw-col-700">’;887888 foreach( $tab_map as $prioritized_tab ) {889 $key = $prioritized_tab[‘key’];890891 foreach( $this->tabs as $tab ) {892 if ( $key === $tab->key ) :893894 if ( ‘registration’ === $key ) :895 $container .= $tab->render_HTML( $registered_addons );896 continue;897 endif;898899 $container .= $tab->render_HTML();900901 endif;902 }903 }904905 $container .= '</div>’;906 $container .= '</form>’;907 $container .= $sidebar->do_admin_sidebar();908909 $container .= '</div>’;910911 return $container;912 }913914915 /**916 * Called when a ‘Revoke Access’ button is clicked on the Social Identity tab.917 *918 * @since 3.5.0 | 25 JAN 2019 | Created.919 * @param void920 * @return void921 *922 */923 public function delete_network_tokens() {924 $network = $_POST[‘network’];925 $response = array(‘ok’ => false);926 $response[‘ok’] = SWP_Credential_Helper::delete_token($network);927 SWP_Credential_Helper::delete_token($network, ‘access_secret’);928929 if ( $response[‘ok’] ) {930 $response[‘url’] = SWP_Utility::settings_page_redirect();931 }932933 die(json_encode($response));934935 }936}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907