Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2711798

Timestamp:

04/20/2022 01:05:31 AM (4 years ago)

Author:

macbookandrew

Message:

Update to version 1.8.1 from GitHub

Location:

wp-youtube-live

Files:

: 8 edited
: 1 copied

assets/banner-1544x500.png (modified) (previous)
assets/banner-772x250.png (modified) (previous)
assets/icon-128x128.png (modified) (previous)
assets/icon-256x256.png (modified) (previous)
tags/1.8.1 (copied) (copied from wp-youtube-live/trunk)
tags/1.8.1/inc/admin.php (modified) (3 diffs)
tags/1.8.1/wp-youtube-live.php (modified) (9 diffs)
trunk/inc/admin.php (modified) (3 diffs)
trunk/wp-youtube-live.php (modified) (9 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-youtube-live/tags/1.8.1/inc/admin.php

-                      r2709508
+                      r2711798
  * @param string $action action to perform.
  * @param string $nonce  security nonce.
  * @return string JSON string of upcoming videos
+ * @return string|void JSON string of upcoming videos
  */
 function refresh_youtube_live_upcoming_cache( $action = null, $nonce = null ) {
 …
             $output = wp_json_encode( format_upcoming_videos( get_transient( 'youtube-live-upcoming-videos' ) ) );
             if ( $_POST ) {
                 echo $output; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+                echo wp_kses_post( $output );
                 die();
             } else {
 …
     global $wpdb;
     $transient_expire_time = $wpdb->get_col(
+    $transient_expire_time = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- no functions exist to get the transient expiration time, and caching would defeat the purpose of determining the expiration time.
         $wpdb->prepare(
+            'SELECT option_value FROM %1$soptions WHERE option_name = "%2$s";',
+            $wpdb->prefix,
+            'SELECT option_value FROM ' . $wpdb->options . ' WHERE option_name = "%1$s";',
             '_transient_timeout_youtube-live-upcoming-videos'
         ),

wp-youtube-live/tags/1.8.1/wp-youtube-live.php

-                      r2709508
+                      r2711798
  * Plugin URI: https://github.com/macbookandrew/wp-youtube-live
  * Description: Displays the current YouTube live video from a specified channel
  * Version: 1.8.0
+ * Version: 1.8.1
  * Author: Andrew Minion
  * Author URI: https://andrewrminion.com/
 …
+}
 define( 'WP_YOUTUBE_LIVE_VERSION', '1.8.0' );
+define( 'WP_YOUTUBE_LIVE_VERSION', '1.8.1' );
 /**
 …
     wp_register_script( 'wp-youtube-live', plugin_dir_url( __FILE__ ) . 'js/wp-youtube-live.min.js', array( 'jquery' ), WP_YOUTUBE_LIVE_VERSION, true );
     wp_register_style( 'wp-youtube-live', plugin_dir_url( __FILE__ ) . 'css/wp-youtube-live.css', array(), WP_YOUTUBE_LIVE_VERSION );
     wp_register_script( 'youtube-iframe-api', 'https://www.youtube.com/iframe_api', array(), null, true ); // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion
+    wp_register_script( 'youtube-iframe-api', 'https://www.youtube.com/iframe_api', array(), null, true ); // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion -- because it’s a third-party script that we can’t version.
+}
 add_action( 'wp_enqueue_scripts', 'youtube_live_scripts' );
 …
     // set up player.
+    // phpcs:disable WordPress.Security.NonceVerification.Missing -- because we have to allow unauthenticated users the ability to check for live videos, as well as handle statically-cached markup that might contain a stale nonce.
     $youtube_live                     = new EmbedYoutubeLiveStreaming( esc_attr( $youtube_options['youtube_live_channel_id'] ), esc_attr( $youtube_options['youtube_live_api_key'] ) );
     $youtube_live->subdomain          = $youtube_options['subdomain']
         ? esc_attr( $youtube_options['subdomain'] )
         : 'www';
     $youtube_live->embed_width        = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['width'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->embed_width        = wp_youtube_live_is_ajax() && array_key_exists( 'width', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['width'] ) )
         : sanitize_key( $request_options['width'] );
     $youtube_live->embed_height       = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['height'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->embed_height       = wp_youtube_live_is_ajax() && array_key_exists( 'height', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['height'] ) )
         : sanitize_key( $request_options['height'] );
     $youtube_live->embed_autoplay     = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['autoplay'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->embed_autoplay     = wp_youtube_live_is_ajax() && array_key_exists( 'autoplay', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['autoplay'] ) )
         : sanitize_key( $request_options['autoplay'] );
     $youtube_live->show_related       = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['show_related'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->show_related       = wp_youtube_live_is_ajax() && array_key_exists( 'show_related', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['show_related'] ) )
         : sanitize_key( $request_options['showRelated'] );
     $youtube_live->completed_video_id = wp_youtube_live_is_ajax() && array_key_exists( 'completedVideoID', $_POST ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
         ? sanitize_key( wp_unslash( $_POST['completedVideoID'] ) )  // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->completed_video_id = wp_youtube_live_is_ajax() && array_key_exists( 'completedVideoID', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['completedVideoID'] ) )
         : '';
+    // phpcs:enable WordPress.Security.NonceVerification.Missing
     if ( strlen( $youtube_live->completed_video_id ) > 0 ) {
 …
             <li><strong>Extended help:</strong> ' . wp_kses_post( $error['extendedHelp'] ) . '</li>';
+        }
         if ( $youtube_options['fallback_behavior'] === 'video' && empty( $youtube_options['fallback_video'] ) ) {
+        if ( 'video' === $youtube_options['fallback_behavior'] && empty( $youtube_options['fallback_video'] ) ) {
             $error_message .= '<li>Please double-check that you have set a fallback video.</li>';
+        }
 …
     // debugging.
     if ( get_option( 'youtube_live_settings', 'debugging' ) && is_user_logged_in() ) {
         $debugging_code = var_export( $youtube_live, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_var_export
         echo '<!-- YouTube Live debugging: ' . "\n" . $debugging_code . "\n" . ' -->'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+        $debugging_code = var_export( $youtube_live, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_var_export -- because this is only available for admins if they enable the debug option.
+        echo '<!-- YouTube Live debugging: ' . "\n" . $debugging_code . "\n" . ' -->'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- because this is only available for admins if they enable the debug option.
         $json_data['error'] . $debugging_code;
+    }
 …
  * Set default oembed size for video/playlist fallback behavior
+ *
+ * @param  array $size default oembed sizes
+ * @return array moified oembed size
+ * @param  array $size Default oembed sizes.
+ *
+ * @return array Modified oembed size
  */
 function wp_ytl_set_embed_size( $size ) {
     $request_options = get_option( 'youtube_live_settings' );
+    $size['width']  = ( wp_youtube_live_is_ajax() && array_key_exists( 'width', $_POST ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+        ? sanitize_key( wp_unslash( $_POST['width'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+    // phpcs:disable WordPress.Security.NonceVerification.Missing -- because we have to allow unauthenticated users the ability to check for live videos, as well as handle statically-cached markup that might contain a stale nonce.
+    $size['width']  = ( wp_youtube_live_is_ajax() && array_key_exists( 'width', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['width'] ) )
         : $request_options['default_width'] );
     $size['height'] = ( wp_youtube_live_is_ajax() && array_key_exists( 'height', $_POST ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
         ? sanitize_key( wp_unslash( $_POST['height'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+    $size['height'] = ( wp_youtube_live_is_ajax() && array_key_exists( 'height', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['height'] ) )
         : $request_options['default_height'] );
+    // phpcs:enable WordPress.Security.NonceVerification.Missing
     return $size;
 …
     // removed in v1.7.0.
     if ( array_key_exists( 'show_channel_if_dead', $request_options ) && 'true' == $request_options['show_channel_if_dead'] ) {
+    if ( array_key_exists( 'show_channel_if_dead', $request_options ) && 'true' === $request_options['show_channel_if_dead'] ) {
         $request_options['fallback_behavior'] = 'channel';
+    }
 …
  */
 function wp_youtube_live_is_ajax() {
     return isset( $_POST['isAjax'] ) && (bool) sanitize_key( wp_unslash( $_POST['isAjax'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing
+    return isset( $_POST['isAjax'] ) && (bool) sanitize_key( wp_unslash( $_POST['isAjax'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing -- because we have to allow unauthenticated users the ability to check for live videos, as well as handle statically-cached markup that might contain a stale nonce.
+}

wp-youtube-live/trunk/inc/admin.php

-                      r2709508
+                      r2711798
  * @param string $action action to perform.
  * @param string $nonce  security nonce.
  * @return string JSON string of upcoming videos
+ * @return string|void JSON string of upcoming videos
  */
 function refresh_youtube_live_upcoming_cache( $action = null, $nonce = null ) {
 …
             $output = wp_json_encode( format_upcoming_videos( get_transient( 'youtube-live-upcoming-videos' ) ) );
             if ( $_POST ) {
                 echo $output; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+                echo wp_kses_post( $output );
                 die();
             } else {
 …
     global $wpdb;
     $transient_expire_time = $wpdb->get_col(
+    $transient_expire_time = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- no functions exist to get the transient expiration time, and caching would defeat the purpose of determining the expiration time.
         $wpdb->prepare(
+            'SELECT option_value FROM %1$soptions WHERE option_name = "%2$s";',
+            $wpdb->prefix,
+            'SELECT option_value FROM ' . $wpdb->options . ' WHERE option_name = "%1$s";',
             '_transient_timeout_youtube-live-upcoming-videos'
         ),

wp-youtube-live/trunk/wp-youtube-live.php

-                      r2709508
+                      r2711798
  * Plugin URI: https://github.com/macbookandrew/wp-youtube-live
  * Description: Displays the current YouTube live video from a specified channel
  * Version: 1.8.0
+ * Version: 1.8.1
  * Author: Andrew Minion
  * Author URI: https://andrewrminion.com/
 …
+}
 define( 'WP_YOUTUBE_LIVE_VERSION', '1.8.0' );
+define( 'WP_YOUTUBE_LIVE_VERSION', '1.8.1' );
 /**
 …
     wp_register_script( 'wp-youtube-live', plugin_dir_url( __FILE__ ) . 'js/wp-youtube-live.min.js', array( 'jquery' ), WP_YOUTUBE_LIVE_VERSION, true );
     wp_register_style( 'wp-youtube-live', plugin_dir_url( __FILE__ ) . 'css/wp-youtube-live.css', array(), WP_YOUTUBE_LIVE_VERSION );
     wp_register_script( 'youtube-iframe-api', 'https://www.youtube.com/iframe_api', array(), null, true ); // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion
+    wp_register_script( 'youtube-iframe-api', 'https://www.youtube.com/iframe_api', array(), null, true ); // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion -- because it’s a third-party script that we can’t version.
+}
 add_action( 'wp_enqueue_scripts', 'youtube_live_scripts' );
 …
     // set up player.
+    // phpcs:disable WordPress.Security.NonceVerification.Missing -- because we have to allow unauthenticated users the ability to check for live videos, as well as handle statically-cached markup that might contain a stale nonce.
     $youtube_live                     = new EmbedYoutubeLiveStreaming( esc_attr( $youtube_options['youtube_live_channel_id'] ), esc_attr( $youtube_options['youtube_live_api_key'] ) );
     $youtube_live->subdomain          = $youtube_options['subdomain']
         ? esc_attr( $youtube_options['subdomain'] )
         : 'www';
     $youtube_live->embed_width        = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['width'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->embed_width        = wp_youtube_live_is_ajax() && array_key_exists( 'width', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['width'] ) )
         : sanitize_key( $request_options['width'] );
     $youtube_live->embed_height       = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['height'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->embed_height       = wp_youtube_live_is_ajax() && array_key_exists( 'height', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['height'] ) )
         : sanitize_key( $request_options['height'] );
     $youtube_live->embed_autoplay     = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['autoplay'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->embed_autoplay     = wp_youtube_live_is_ajax() && array_key_exists( 'autoplay', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['autoplay'] ) )
         : sanitize_key( $request_options['autoplay'] );
     $youtube_live->show_related       = wp_youtube_live_is_ajax()
         ? sanitize_key( wp_unslash( $_POST['show_related'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->show_related       = wp_youtube_live_is_ajax() && array_key_exists( 'show_related', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['show_related'] ) )
         : sanitize_key( $request_options['showRelated'] );
     $youtube_live->completed_video_id = wp_youtube_live_is_ajax() && array_key_exists( 'completedVideoID', $_POST ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
         ? sanitize_key( wp_unslash( $_POST['completedVideoID'] ) )  // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+    $youtube_live->completed_video_id = wp_youtube_live_is_ajax() && array_key_exists( 'completedVideoID', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['completedVideoID'] ) )
         : '';
+    // phpcs:enable WordPress.Security.NonceVerification.Missing
     if ( strlen( $youtube_live->completed_video_id ) > 0 ) {
 …
             <li><strong>Extended help:</strong> ' . wp_kses_post( $error['extendedHelp'] ) . '</li>';
+        }
         if ( $youtube_options['fallback_behavior'] === 'video' && empty( $youtube_options['fallback_video'] ) ) {
+        if ( 'video' === $youtube_options['fallback_behavior'] && empty( $youtube_options['fallback_video'] ) ) {
             $error_message .= '<li>Please double-check that you have set a fallback video.</li>';
+        }
 …
     // debugging.
     if ( get_option( 'youtube_live_settings', 'debugging' ) && is_user_logged_in() ) {
         $debugging_code = var_export( $youtube_live, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_var_export
         echo '<!-- YouTube Live debugging: ' . "\n" . $debugging_code . "\n" . ' -->'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+        $debugging_code = var_export( $youtube_live, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_var_export -- because this is only available for admins if they enable the debug option.
+        echo '<!-- YouTube Live debugging: ' . "\n" . $debugging_code . "\n" . ' -->'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- because this is only available for admins if they enable the debug option.
         $json_data['error'] . $debugging_code;
+    }
 …
  * Set default oembed size for video/playlist fallback behavior
+ *
+ * @param  array $size default oembed sizes
+ * @return array moified oembed size
+ * @param  array $size Default oembed sizes.
+ *
+ * @return array Modified oembed size
  */
 function wp_ytl_set_embed_size( $size ) {
     $request_options = get_option( 'youtube_live_settings' );
+    $size['width']  = ( wp_youtube_live_is_ajax() && array_key_exists( 'width', $_POST ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+        ? sanitize_key( wp_unslash( $_POST['width'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+    // phpcs:disable WordPress.Security.NonceVerification.Missing -- because we have to allow unauthenticated users the ability to check for live videos, as well as handle statically-cached markup that might contain a stale nonce.
+    $size['width']  = ( wp_youtube_live_is_ajax() && array_key_exists( 'width', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['width'] ) )
         : $request_options['default_width'] );
     $size['height'] = ( wp_youtube_live_is_ajax() && array_key_exists( 'height', $_POST ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
         ? sanitize_key( wp_unslash( $_POST['height'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+    $size['height'] = ( wp_youtube_live_is_ajax() && array_key_exists( 'height', $_POST )
+        ? sanitize_key( wp_unslash( $_POST['height'] ) )
         : $request_options['default_height'] );
+    // phpcs:enable WordPress.Security.NonceVerification.Missing
     return $size;
 …
     // removed in v1.7.0.
     if ( array_key_exists( 'show_channel_if_dead', $request_options ) && 'true' == $request_options['show_channel_if_dead'] ) {
+    if ( array_key_exists( 'show_channel_if_dead', $request_options ) && 'true' === $request_options['show_channel_if_dead'] ) {
         $request_options['fallback_behavior'] = 'channel';
+    }
 …
  */
 function wp_youtube_live_is_ajax() {
     return isset( $_POST['isAjax'] ) && (bool) sanitize_key( wp_unslash( $_POST['isAjax'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing
+    return isset( $_POST['isAjax'] ) && (bool) sanitize_key( wp_unslash( $_POST['isAjax'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing -- because we have to allow unauthenticated users the ability to check for live videos, as well as handle statically-cached markup that might contain a stale nonce.
+}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: