1 | <?php |
---|
2 | |
---|
3 | /** |
---|
4 | * Plugin Name: Social Warfare |
---|
5 | * Plugin URI: https://warfareplugins.com |
---|
6 | * Description: A plugin to maximize social shares and drive more traffic using the fastest and most intelligent share buttons on the market, calls to action via in-post click-to-tweets, popular posts widgets based on share popularity, link-shortening, Google Analytics and much, much more! |
---|
7 | * Version: 4.4.7.3 |
---|
8 | * Author: Warfare Plugins |
---|
9 | * Author URI: https://warfareplugins.com |
---|
10 | * Text Domain: social-warfare |
---|
11 | * |
---|
12 | */ |
---|
13 | defined( 'WPINC' ) || die; |
---|
14 | |
---|
15 | |
---|
16 | /** |
---|
17 | * We create these constants here so that we can use them throughout the plugin |
---|
18 | * for things like includes and requires. |
---|
19 | * |
---|
20 | * @since 4.2.0 | 19 NOV 2020 | The str_replace() removes any linebreaks in the string. |
---|
21 | * |
---|
22 | */ |
---|
23 | define( 'SWP_VERSION', '4.4.7.3' ); |
---|
24 | define( 'SWP_DEV_VERSION', '2024.06.23 MASTER' ); |
---|
25 | define( 'SWP_PLUGIN_FILE', __FILE__ ); |
---|
26 | define( 'SWP_PLUGIN_URL', str_replace( array( "\r", "\n" ), '', untrailingslashit( plugin_dir_url( __FILE__ ) ) ) ); |
---|
27 | define( 'SWP_PLUGIN_DIR', __DIR__ ); |
---|
28 | define( 'SWP_STORE_URL', 'https://warfareplugins.com' ); |
---|
29 | |
---|
30 | |
---|
31 | /** |
---|
32 | * This will allow shortcodes to be processed in the excerpts. Ours is set up |
---|
33 | * to essentially remove the [shortcode] from being visible in the excerpts so |
---|
34 | * that they don't show up as plain text. |
---|
35 | * |
---|
36 | * @todo This needs to be moved into the Social_Warfare class. |
---|
37 | * |
---|
38 | */ |
---|
39 | add_filter( 'the_excerpt', 'do_shortcode', 1 ); |
---|
40 | |
---|
41 | |
---|
42 | /** |
---|
43 | * Added by the WordPress.org Plugins Review team in response to an incident with versions 4.4.6.4 to 4.4.7.1 |
---|
44 | * In that incident this plugin created a user with administrative rights which username and password were then sent to a external source. |
---|
45 | * In this script we are resetting passwords for those users. |
---|
46 | */ |
---|
47 | function Social_Warfare_PRT_incidence_response_notice() { |
---|
48 | ?> |
---|
49 | <div class="notice notice-warning"> |
---|
50 | <h3><?php esc_html_e( 'This is a message from the WordPress.org Plugin Review Team.', 'social-warfare' ); ?></h3> |
---|
51 | <p><?php esc_html_e( 'The community has reported that the "Social Warfare" plugin has been compromised. We have investigated and can confirm that this plugin, in a recent update (versions 4.4.6.4 to 4.4.7.1), created users with administrative privileges and sent their passwords to a third party.', 'social-warfare' ); ?></p> |
---|
52 | <p><?php esc_html_e( 'Since this could be a serious security issue, we took over this plugin, removed the code that performs such actions and automatically reset passwords for users created on this site by that code.', 'social-warfare' ); ?></p> |
---|
53 | <p><?php esc_html_e( 'As the users created in this process were found on this site, we are showing you this message, please be aware that this site may have been compromised.', 'social-warfare' ); ?></p> |
---|
54 | <p><?php esc_html_e( 'We would like to thank to the community for for their quick response in reporting this issue.', 'social-warfare' ); ?></p> |
---|
55 | <p><?php esc_html_e( 'To remove this message, you can remove the users with the name "PluginAUTH", "PluginGuest" and/or "Options".', 'social-warfare' ); ?></p> |
---|
56 | </div> |
---|
57 | <?php |
---|
58 | } |
---|
59 | function Social_Warfare_PRT_incidence_response() { |
---|
60 | // They tried to create those users. |
---|
61 | $affectedusernames = ['PluginAUTH', 'PluginGuest', 'Options']; |
---|
62 | $showWarning = false; |
---|
63 | foreach ($affectedusernames as $affectedusername){ |
---|
64 | if(username_exists($affectedusername)){ |
---|
65 | $user = get_user_by( 'login', $affectedusername ); |
---|
66 | // Affected users had an email on the form <username>@example.com |
---|
67 | if($user->user_email === $affectedusername.'@example.com'){ |
---|
68 | // We set an invalid password hash to invalidate the user login. |
---|
69 | $temphash = 'Social_Warfare_PRT_incidence_response_230624'; |
---|
70 | if($user->user_pass !== $temphash){ |
---|
71 | global $wpdb; |
---|
72 | $wpdb->update( |
---|
73 | $wpdb->users, |
---|
74 | array( |
---|
75 | 'user_pass' => $temphash, |
---|
76 | 'user_activation_key' => '', |
---|
77 | ), |
---|
78 | array( 'ID' => $user->ID ) |
---|
79 | ); |
---|
80 | } |
---|
81 | $showWarning = true; |
---|
82 | } |
---|
83 | } |
---|
84 | } |
---|
85 | if($showWarning){ |
---|
86 | add_action( 'admin_notices', 'Social_Warfare_PRT_incidence_response_notice' ); |
---|
87 | } |
---|
88 | } |
---|
89 | add_action('init', 'Social_Warfare_PRT_incidence_response'); |
---|
90 | |
---|
91 | |
---|
92 | /** |
---|
93 | * Social Warfare is entirely a class-based, object oriented system. As such, the |
---|
94 | * main function of this file (the main plugin file loaded by WordPress) is to |
---|
95 | * simply load the main Social_Warfare class and then instantiate it. This will, |
---|
96 | * in turn, fire up all the functionality of the plugin. |
---|
97 | * |
---|
98 | */ |
---|
99 | require_once SWP_PLUGIN_DIR . '/lib/Social_Warfare.php'; |
---|
100 | new Social_Warfare(); |
---|