Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3440394

Timestamp:

01/15/2026 02:08:26 PM (3 months ago)

Author:

Skimlinks

Message:

Release 1.3.1 – add plugin deprecation and security fix (CWE-862)

Location:

skimlinks/trunk

Files:

: 2 edited

functions.php (modified) (3 diffs)
readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

skimlinks/trunk/functions.php

-                      r1774811
+                      r3440394
  */
 function sl_verify_footer_js() {
+    $request = wp_remote_get( add_query_arg( 'sl_verify_footer_js', '1', get_bloginfo( 'url' ) ) );
+    // One-time token to prevent unauthenticated option updates
+    $token = wp_generate_password( 20, false, false );
+    set_transient( 'sl_verify_footer_js_token', $token, 5 * MINUTE_IN_SECONDS );
+    $url = add_query_arg(
+            array( 'sl_verify_footer_js' => '1', 'sl_verify_token' => $token ),
+            get_bloginfo( 'url' )
+    );
+    $request = wp_remote_get( $url );
     $body = wp_remote_retrieve_body( $request );
+}
 …
 function sl_footer_js() {
+    // set an option to say footer js is being shown (so the theme is working)
+    if( isset( $_GET['sl_verify_footer_js'] ) && untrailingslashit( $_GET['sl_verify_footer_js'] ) == '1' ) {
+        update_option( 'sl_footer_js_works_for', get_current_theme() );
+    }
+  if (
+      isset( $_GET['sl_verify_footer_js'], $_GET['sl_verify_token'] ) &&
+      untrailingslashit( $_GET['sl_verify_footer_js'] ) === '1'
+  ) {
+      $expected = get_transient( 'sl_verify_footer_js_token' );
+      if ( is_string( $expected ) && hash_equals( $expected, (string) $_GET['sl_verify_token'] ) ) {
+          update_option( 'sl_footer_js_works_for', get_current_theme() );
+          delete_transient( 'sl_verify_footer_js_token' ); // one-time use
+      }
+  }
     // if the plugin is not configered, don't show anything
 …
 function skimlinks_footer() {
+    // set an option to say footer js is being shown (so the theme is working)
+    if( $_GET['sl_verify_footer_js'] == '1' ) {
+        update_option( 'sl_footer_js_works_for', get_current_theme() );
+    }
+  // Keep legacy function aligned with the same verification guard
+  if (
+      isset( $_GET['sl_verify_footer_js'], $_GET['sl_verify_token'] ) &&
+      $_GET['sl_verify_footer_js'] === '1'
+  ) {
+      $expected = get_transient( 'sl_verify_footer_js_token' );
+      if ( is_string( $expected ) && hash_equals( $expected, (string) $_GET['sl_verify_token'] ) ) {
+          update_option( 'sl_footer_js_works_for', get_current_theme() );
+          delete_transient( 'sl_verify_footer_js_token' );
+      }
+  }
     echo sl_get_footer_js();

skimlinks/trunk/readme.txt

-                      r1783196
+                      r3440394
 === Skimlinks Affiliate Marketing Tool ===
 Contributors: skimlinks
 Tags: skimlinks, Affiliate, Marketing, Links, Monetization, Monetisation, Javascript, Easy, Make Money, Advertising, Affiliate Widget, Referral, Plugin, RSS, Feeds, Text Links, Earn Money, Revenue, Free, Tool
+Tags: skimlinks, affiliate, marketing, links, monetization
 Requires at least: 2.7.1
 Tested up to: 4.9
+Stable tag: 1.3
+Stable tag: 1.3.1
+== IMPORTANT NOTICE ==
+⚠️ **This plugin is no longer supported or maintained.**
+Skimlinks no longer recommends using this WordPress plugin. It will not receive updates, security fixes, or compatibility support for newer versions of WordPress or PHP.
+**Do not install this plugin on new WordPress sites.**
+---
+## Recommended Integration Method
+To integrate Skimlinks with WordPress, please follow the **official Skimlinks guide**:
+👉 https://support.skimlinks.com/hc/en-us/articles/223836108-Installing-Skimlinks-on-a-WordPress-site
+This guide explains how to correctly add Skimlinks to your WordPress site using the supported JavaScript-based integration.
+---
 == Description ==
 Skimlinks is the leading content-to-commerce platform globally, helping more than 4 million websites monetize their editorial content.
+Skimlinks is a content-to-commerce platform that helps publishers monetize outbound links to merchants.
+Skimlinks works behind-the scenes to take away all the manual effort usually associated with affiliate marketing. After you install the plugin you can start earning commission from every link to merchants you include in your posts.
+This WordPress plugin was previously provided as a convenience integration. However, it has now been **deprecated** in favour of a simpler, more reliable, and fully supported integration method.
+With a decade’s experience working with blogs of all shapes and sizes, we’re confident our technology can help take your content monetization efforts to the next level:
+**This plugin remains available for legacy sites only.**
+* **Easy to install**: Install our plugin and instantly monetize links on your Wordpress site.
+* **Earn from your RSS feed**: Monetize more activity on your blog when users click on an external link in your RSS feed, Skimlinks automatically turns these into affiliate links
+* **Earn more from affiliate marketing with Skimlinks**: Access to over 24,000 merchant in our network. There's no need to manually apply for each merchant. Once you are approved as a Skimlinks publisher you get instant access to all programs.
+* **Zero admin**: You can focus on creating great content and link to merchant products as normal and we’ll do all the work to create and maintain affiliate links for you.
+* **Increase your click-through rates**: We only turn links into affiliate links when they are clicked, so they don't look suspicious to your users.
+To use our Plugin you’ll need to [sign up for a Skimlinks account](https://signup.skimlinks.com). Once you’re approved, all you need to do is install the plugin and our technology will get to work.
+---
 == Installation ==
+**N.B.** To use Skimlinks' Wordpress Plugin you’ll need to [sign up for a Skimlinks account](https://signup.skimlinks.com).
+❌ **New installations are not recommended.**
+. Upload the entire Skimlinks folder to the /wp-content/plugins/ directory.
 . Activate the Skimlinks plugin through the 'Plugins' menu in WordPress.
 . Configure the Skimlinks plugin through the menu option 'Settings > Skimlinks'. On this step you'll need to provide your Site ID, obtained from the [Publisher Hub](https://hub.skimlinks.com/settings/sites).
+If you are currently using this plugin:
+- We recommend migrating to the supported integration method as soon as possible.
+- Follow the official guide linked above to remove the plugin and install Skimlinks correctly.
+If you have Skimlinks already added to your footer template please remove it before installing the Skimlinks WordPress Plugin.
+---
 == Frequently Asked Questions ==
 = Q. What is Skimlinks? =
+= Q. Is this plugin still supported? =
 Skimlinks is a clever technology that helps you easily monetize online content by converting normal product links from thousands of retailers into their equivalent affiliate links so you can earn a commission effortlessly every time a purchase is made.
+No. This plugin is deprecated and no longer supported or maintained.
+---
 = Q. How do I install the Skimlinks WordPress Plugin =
+= Q. Should I install this plugin on a new WordPress site? =
+To install the Plugin you need to be a Skimlinks publisher and get the Plugin from the [WordPress Plugin Directory](http://wordpress.org/extend/plugins/skimlinks/). If you are not a Skimlinks publisher already, apply for an account [here](https://signup.skimlinks.com).
+No. New installations should follow the official Skimlinks WordPress integration guide instead.
+---
 = Q. I already have Skimlinks installed in my WordPress blog template, what should I do? =
+= Q. Where can I find the supported integration instructions? =
+We recommend you remove it from the template and replace it with the Plugin to enjoy all the new features. If you have any questions feel free to [check our support pages](http://support.skimlinks.com)
+You can find the up-to-date guide here:
+https://support.skimlinks.com/hc/en-us/articles/223836108-Installing-Skimlinks-on-a-WordPress-site
+= Q. What's the advantage of signing up to Skimlinks? =
+Of course you could spend time and money creating, tracking and maintaining your own affiliate links and signing up to thousands of merchant programs, but why not let us do all the hard work for you?
+* Create content and link to merchants as normal and we'll convert your links into affiliate links on-the-fly so there is no effect on the users' experience
+* With one sign-up to Skimlinks, you get access to 24,000+ merchants' affiliate programs
+* Use our comprehensive reporting suite to keep track of exactly which merchants your users like
+* First-class account management
+* Free access to our powerful publisher tools
+* Publisher newsletters and affiliate marketing resources
+= Q. How can I calculate what revenue I could earn from using Skimlinks? =
+There are a huge number of factors influencing the potential to earn revenue from links on your blog, including the volume of users and their profile, the type of content, seasonality and the amount of other advertising you have on your site. Years of experience and lots of happy customers tell us that Skimlinks has a real impact on publishers businesses but why not give Skimlinks a try and see what it can do for you!
+Q. What costs are involved in signing-up to Skimlinks?
+It's completely free to sign-up to Skimlinks. Once approved as a Skimlinks' publisher you get full access to our suite of reports and tools.
+= Q. Will I earn the same amount I would earn if I created the affiliate links myself? =
+Because of our scale we can negotiate the very best commissions for our publishers, which means you can earn up to 110% of what you would have earned if you managed your affiliate links program yourself.  Skimlinks retains 25% of the commission payment from the merchant, and the rest we pay to you.
+= Q. Which Merchants do you work with? =
+We currently work with more than 24,000 merchants from all different verticals. Use the [Skimlinks Merchant Search](https://merchant.skimlinks.com) to browse through the list.
+= Q. Is Skimlinks visible to my blog readers? =
+Skimlinks lets the normal link appear, and turns it into an affiliate link only when the user clicks through, so there is no visible difference to the user. This gives users more trust in your site, and increases the likelihood they will click on the link.
+= Q. What happens in the event that the Skimlinks' service is unavailable? =
+The Skimlinks technology is monitored 24/7, and is fully redundant. If, in the unlikely event, our technology stops working, links will not be affiliated for a temporary period but the user experience is not affected.
+= Q. Where can I get more help? =
+For more FAQ's and information on Skimlinks, please visit [Skimlinks support pages](https://support.skimlinks.com)
+== Screenshots ==
+. The Skimlinks settings page
+. Skimlinks publisher dashboard
+---
 == Changelog ==
+= 1.3.1 =
+* Mark plugin as deprecated
+* Documentation update to direct users to supported integration method
 = 1.3 =
 …
 = 1.2.5 =
 * bug fixes and improvements
 = 1.2.4 =
 * fixes url to skimlinks js library to be protocol-agnostic

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3440394

Legend:

skimlinks/trunk/functions.php

skimlinks/trunk/readme.txt

Download in other formats: