Merge pull request #280 from rtCamp/develop

Version update v1.3.5 (master)

README.md

@@ -9,7 +9,7 @@ Transcoding services for ANY WordPress website. Convert audio/video files of any
  <img src="https://rtmedia.io/wp-content/uploads/2016/08/trancoder-banner-01.png" alt="Transcoder Banner"/>
 </p>
 
-* **Contributors:** [rtcamp](http://profiles.wordpress.org/rtcamp), [mangeshp](http://profiles.wordpress.org/mangeshp), [chandrapatel](http://profiles.wordpress.org/chandrapatel), [manishsongirkar36](http://profiles.wordpress.org/manishsongirkar36), [bhargavbhandari90](http://profiles.wordpress.org/bhargavbhandari90), [kiranpotphode](http://profiles.wordpress.org/kiranpotphode), [thrijith](http://profiles.wordpress.org/thrijith), [devikvekariya](http://profiles.wordpress.org/devikvekariya), [sagarnasit](http://profiles.wordpress.org/sagarnasit), [sudhiryadav](http://profiles.wordpress.org/sudhiryadav), [sid177](https://profiles.wordpress.org/sid177/), [pooja1210](https://profiles.wordpress.org/pooja1210/), [vaishu.agola27](https://profiles.wordpress.org/vaishuagola27/), [ravatparmar](https://profiles.wordpress.org/ravatparmar/), [tremidkhar](https://profiles.wordpress.org/tremidkhar/)
+* **Contributors:** [rtcamp](http://profiles.wordpress.org/rtcamp), [mangeshp](http://profiles.wordpress.org/mangeshp), [chandrapatel](http://profiles.wordpress.org/chandrapatel), [manishsongirkar36](http://profiles.wordpress.org/manishsongirkar36), [bhargavbhandari90](http://profiles.wordpress.org/bhargavbhandari90), [kiranpotphode](http://profiles.wordpress.org/kiranpotphode), [thrijith](http://profiles.wordpress.org/thrijith), [devikvekariya](http://profiles.wordpress.org/devikvekariya), [sagarnasit](http://profiles.wordpress.org/sagarnasit), [sudhiryadav](http://profiles.wordpress.org/sudhiryadav), [sid177](https://profiles.wordpress.org/sid177/), [pooja1210](https://profiles.wordpress.org/pooja1210/), [vaishu.agola27](https://profiles.wordpress.org/vaishuagola27/), [ravatparmar](https://profiles.wordpress.org/ravatparmar/), [tremidkhar](https://profiles.wordpress.org/tremidkhar/), [utsavladani](https://profiles.wordpress.org/utsavladani/), [vishalkakadiya](https://profiles.wordpress.org/vishalkakadiya/), [pavanpatil1](https://profiles.wordpress.org/pavanpatil1/)
 
 * **License:** [GPL v2 or later]( http://www.gnu.org/licenses/gpl-2.0.html)
 
@@ -65,6 +65,13 @@ Read [Documentation](https://rtmedia.io/docs/transcoder/?utm_source=readme&utm_m
 1. Transcoder Settings
 
 ## Changelog ##
+#### 1.3.5 [October 19, 2023] ####
+
+* FIXED
+
+ * Compatible with PHP8.1
+ * Enhance security checks and fixed deprecation errors.
+
 #### 1.3.4 [August 17, 2021] ####
 
 * FIXED

admin/rt-retranscode-admin.php

@@ -122,7 +122,6 @@ public function add_admin_menu() {
 			'rt-retranscoder',
 			array( $this, 'retranscode_interface' )
 		);
-
 	}
 
 	/**
@@ -230,7 +229,7 @@ public function add_bulk_actions_via_javascript() {
 		?>
 		<script type="text/javascript">
 			jQuery(document).ready(function($){
-				$('select[name^="action"] option:last-child').before('<option value="bulk_retranscode_media"><?php echo esc_attr( __( 'Retranscode Media', 'transcoder' ) ); ?></option>');
+				$('select[name^="action"] option:last-child').before('<option value="bulk_retranscode_media"><?php esc_html_e( 'Retranscode Media', 'transcoder' ); ?></option>');
 			});
 		</script>
 		<?php
@@ -372,7 +371,7 @@ public function retranscode_interface() {
 									<table border=0>
 									?>
 										<tr>
-											<td><input type="submit" class="button button-primary button-small" value="<?php echo esc_html__( 'Proceed with retranscoding', 'transcoder' ); ?>"></td>
+											<td><input type="submit" class="button button-primary button-small" value="<?php esc_attr_e( 'Proceed with retranscoding', 'transcoder' ); ?>"></td>
 											<td></td>
 										</tr>
 									<?php
@@ -386,7 +385,7 @@ public function retranscode_interface() {
 									}
 									?>
 										<tr>
-											<td><input type="submit" class="button button-primary button-small" value="<?php esc_html_e( 'Proceed with retranscoding', 'transcoder' ); ?>" ></td>
+											<td><input type="submit" class="button button-primary button-small" value="<?php esc_attr_e( 'Proceed with retranscoding', 'transcoder' ); ?>" ></td>
 											<td></td>
 										</tr>
 									</table>
@@ -422,7 +421,7 @@ public function retranscode_interface() {
 		<div id="retranscodemedia-bar-percent" style="position:absolute;left:50%;top:50%;width:300px;margin-left:-150px;height:25px;margin-top:-9px;font-weight:bold;text-align:center;"></div>
 	</div>
 
-	<p><input type="button" class="button hide-if-no-js" name="retranscodemedia-stop" id="retranscodemedia-stop" value="<?php esc_html_e( 'Abort the Operation', 'transcoder' ); ?>" /></p>
+	<p><input type="button" class="button hide-if-no-js" name="retranscodemedia-stop" id="retranscodemedia-stop" value="<?php esc_attr_e( 'Abort the Operation', 'transcoder' ); ?>" /></p>
 
 	<h3 class="title"><?php esc_html_e( 'Debugging Information', 'transcoder' ); ?></h3>
 
@@ -594,7 +593,7 @@ function RetranscodeMedia( id ) {
 
 	<p><?php esc_html_e( 'To begin, just press the button below.', 'transcoder' ); ?></p>
 
-	<p><input type="submit" class="button hide-if-no-js button button-primary" name="rt-retranscoder" id="rt-retranscoder" value="<?php esc_html_e( 'Retranscode All Media', 'transcoder' ); ?>" /></p>
+	<p><input type="submit" class="button hide-if-no-js button button-primary" name="rt-retranscoder" id="rt-retranscoder" value="<?php esc_attr_e( 'Retranscode All Media', 'transcoder' ); ?>" /></p>
 
 	<noscript><p><em><?php esc_html_e( 'You must enable Javascript in order to proceed!', 'transcoder' ); ?></em></p></noscript>
 
@@ -717,10 +716,10 @@ public function die_json_error_msg( $id, $message ) {
 	/**
 	 * Helper function to escape quotes in strings for use in Javascript
 	 *
-	 * @param string $string String to escape quotes from.
+	 * @param string $str String to escape quotes from.
 	 */
-	public function esc_quotes( $string ) {
-		return str_replace( '"', '\"', $string );
+	public function esc_quotes( $str ) {
+		return str_replace( '"', '\"', $str );
 	}
 
 	/**
@@ -744,7 +743,7 @@ private function retranscode_admin_error_notice() {
 	 * @param  number $media_id     Post ID of the media.
 	 * @param  array  $post_request Post request coming for the transcoder API.
 	 */
-	public function rtt_before_thumbnail_store( $media_id = '', $post_request = '' ) {
+	public function rtt_before_thumbnail_store( $media_id = '', $post_request = '' ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed
 		if ( empty( $media_id ) ) {
 			return;
 		}
@@ -767,7 +766,6 @@ public function rtt_before_thumbnail_store( $media_id = '', $post_request = '' )
 			rtt_delete_transcoded_files( $previous_thumbs );
 		}
 		delete_post_meta( $media_id, '_rt_media_thumbnails' );
-
 	}
 
 	/**
@@ -776,7 +774,7 @@ public function rtt_before_thumbnail_store( $media_id = '', $post_request = '' )
 	 * @param  number $media_id     Post ID of the media.
 	 * @param  array  $transcoded_files Post request coming for the transcoder API.
 	 */
-	public function rtt_before_transcoded_media_store( $media_id = '', $transcoded_files = '' ) {
+	public function rtt_before_transcoded_media_store( $media_id = '', $transcoded_files = '' ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed
 		if ( empty( $media_id ) ) {
 			return;
 		}
@@ -791,7 +789,6 @@ public function rtt_before_transcoded_media_store( $media_id = '', $transcoded_f
 			}
 		}
 		delete_post_meta( $media_id, '_rt_media_transcoded_files' );
-
 	}
 
 	/**
@@ -872,7 +869,7 @@ public function transcoded_thumbnails_added( $media_id = '' ) {
 	 * @param  number $attachment_id      Post ID of the media.
 	 * @param  string $job_id             Unique job ID of the transcoding request.
 	 */
-	public function rtt_handle_callback_finished( $attachment_id = '', $job_id = '' ) {
+	public function rtt_handle_callback_finished( $attachment_id = '', $job_id = '' ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed
 		if ( empty( $attachment_id ) ) {
 			return;
 		}
@@ -884,7 +881,6 @@ public function rtt_handle_callback_finished( $attachment_id = '', $job_id = ''
 			delete_post_meta( $attachment_id, '_rt_retranscoding_sent' );
 
 		}
-
 	}
 
 	/**
@@ -1015,7 +1011,6 @@ public function add_search_mime_types( $where ) {
 		$where .= " AND post_mime_type LIKE 'audio/%' OR post_mime_type LIKE 'video/%'";
 		return $where;
 	}
-
 }
 
 // Start up this plugin.
@@ -1024,11 +1019,9 @@ public function add_search_mime_types( $where ) {
 /**
  * Execute RetranscodeMedia constructor.
  */
-function retranscode_media() {
+function retranscode_media() { // phpcs:ignore Universal.Files.SeparateFunctionsFromOO.Mixed
 
 	global $RetranscodeMedia; // phpcs:ignore WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase
 
 	$RetranscodeMedia = new RetranscodeMedia(); // phpcs:ignore WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase
 }
-
-?>

admin/rt-transcoder-functions.php

@@ -52,6 +52,7 @@ function rt_media_shortcode( $attrs, $content = '' ) {
 	}
 
 	$mime_type = explode( '/', $type );
+	$media_url = '';
 
 	if ( 'video' === $mime_type[0] ) {
 
@@ -81,6 +82,10 @@ function rt_media_shortcode( $attrs, $content = '' ) {
 
 		$content = do_shortcode( "[audio {$audio_shortcode_attributes}]" );
 
+	} elseif ( 'image' === $mime_type[0] ) {
+
+		$content = '<p>' . esc_html__( 'Image attachments are not handled by Transcoder plugin.', 'transcoder' ) . '</p>';
+
 	}
 
 	if ( is_file_being_transcoded( $attachment_id ) ) {
@@ -160,7 +165,6 @@ function rt_media_get_video_thumbnail( $attachment_id ) {
 	}
 
 	return false;
-
 }
 
 /**
@@ -199,7 +203,6 @@ function rtt_get_media_url( $attachment_id, $media_type = 'mp4' ) {
 	}
 
 	return $final_file_url;
-
 }
 
 if ( ! function_exists( 'rtt_update_activity_after_thumb_set' ) ) {
@@ -455,7 +458,7 @@ function rtt_bp_get_activity_content( $content, $activity = null ) {
 			}
 			// If media is sent to the transcoder then show the message.
 			if ( is_file_being_transcoded( $media->media_id ) ) {
-				if ( current_user_can( 'administrator' ) && '1' === get_option( 'rtt_client_check_status_button', false ) ) {
+				if ( current_user_can( 'manage_options' ) && '1' === get_option( 'rtt_client_check_status_button', false ) ) {
 
 					$check_button_text = __( 'Check Status', 'transcoder' );
 
@@ -701,7 +704,6 @@ function rtt_add_status_columns_head( $defaults ) {
 
 	$defaults['convert_status'] = __( 'Transcode Status', 'transcoder' );
 	return $defaults;
-
 }
 
 add_filter( 'manage_media_columns', 'rtt_add_status_columns_head' );
@@ -760,7 +762,6 @@ function rtt_status_column_register_sortable( $columns ) {
 
 	$columns['convert_status'] = 'convert_status';
 	return $columns;
-
 }
 
 add_filter( 'manage_upload_sortable_columns', 'rtt_status_column_register_sortable' );
@@ -773,11 +774,11 @@ function rtt_status_column_register_sortable( $columns ) {
  */
 function rtt_enqueue_scripts() {
 
-	if ( current_user_can( 'administrator' ) ) {
+	if ( current_user_can( 'manage_options' ) ) {
 		wp_register_script( 'rt_transcoder_js', plugins_url( 'js/rt-transcoder.min.js', __FILE__ ), array(), RT_TRANSCODER_VERSION, false );
 
 		$translation_array = array(
-			'load_flag'      => current_user_can( 'administrator' ),
+			'load_flag'      => true,
 			'security_nonce' => esc_js( wp_create_nonce( 'check-transcoding-status-ajax-nonce' ) ),
 		);
 
@@ -806,7 +807,7 @@ function rtt_enqueue_frontend_scripts() {
 	$file_to_use = 'public-assets/js/build/transcoder.min.js';
 
 	$file = path_join( RT_TRANSCODER_PATH, $file_to_use );
-	if ( file_exists( $file ) ) {
+	if ( file_exists( $file ) && class_exists( 'RTMedia' ) ) {
 		wp_enqueue_script( 'rt-transcoder-front-js', RT_TRANSCODER_URL . $file_to_use, array( 'jquery', 'rtmedia-backbone' ), filemtime( $file ), true );
 
 		$rest_url_prefix = get_site_url() . '/' . rest_get_url_prefix();
@@ -854,7 +855,6 @@ function rtt_ajax_process_check_status_request() {
 	}
 
 	wp_die();
-
 }
 
 // Action added to handle check_status onclick request.
@@ -911,7 +911,7 @@ function rtt_add_transcoding_process_status_button_single_media_page( $rtmedia_i
 
 	if ( is_file_being_transcoded( $post_id ) ) {
 
-		if ( current_user_can( 'administrator' ) && '1' === get_option( 'rtt_client_check_status_button', false ) ) {
+		if ( current_user_can( 'manage_options' ) && '1' === get_option( 'rtt_client_check_status_button', false ) ) {
 			$message = sprintf(
 				'<div class="transcoding-in-progress"><button id="btn_check_status%1$s" class="btn_check_transcode_status" name="check_status_btn" data-value="%1$s">%2$s</button> <div class="transcode_status_box" id="span_status%1$s">%3$s</div></div>',
 				esc_attr( $post_id ),
@@ -983,7 +983,7 @@ function rtt_filter_single_media_page_video_markup( $html, $rtmedia_media ) {
  * @param int    $attachment_id  ID of attachment.
  * @param string $autoformat     If true then generating thumbs only else trancode video.
  */
-function rtt_media_update_usage( $wp_metadata, $attachment_id, $autoformat = true ) {
+function rtt_media_update_usage( $wp_metadata, $attachment_id, $autoformat = true ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed
 
 	$stored_key     = get_site_option( 'rt-transcoding-api-key' );
 	$transient_flag = get_transient( 'rtt_usage_update_flag' );
@@ -1022,3 +1022,17 @@ function get_server_var( $server_key, $filter_type = FILTER_SANITIZE_FULL_SPECIA
 	}
 	return $server_val;
 }
+
+/**
+ * Get local ip addresses for block.
+ *
+ * @return array
+ */
+function rtt_get_blacklist_ip_addresses() {
+	// If custom API URL added then don't block local ips.
+	if ( defined( 'TRANSCODER_API_URL' ) ) {
+		return array();
+	}
+
+	return array( '127.0.0.1', '::1' );
+}

admin/rt-transcoder-handler.php

@@ -167,7 +167,7 @@ public function __construct( $no_init = false ) {
 						}
 
 						/* Do not let the user to upload non supported media types on localhost */
-						$blacklist   = array( '127.0.0.1', '::1' );
+						$blacklist   = rtt_get_blacklist_ip_addresses();
 						$remote_addr = rtt_get_remote_ip_address();
 						if ( ! in_array( wp_unslash( $remote_addr ), $blacklist, true ) ) {
 							add_filter( 'rtmedia_plupload_files_filter', array( $this, 'allowed_types' ), 10, 1 );
@@ -319,7 +319,6 @@ public function get_thumbnails_required( $attachment_id = '' ) {
 		$thumb_count = apply_filters( 'rt_media_total_video_thumbnails', $thumb_count, $attachment_id );
 
 		return $thumb_count > 10 ? 10 : $thumb_count;
-
 	}
 
 	/**
@@ -489,12 +488,14 @@ public function save_api_key() {
 			add_action( 'admin_notices', array( $this, 'public_host_needed_notice' ) );
 		}
 
-		$apikey = trim( transcoder_filter_input( INPUT_GET, 'apikey', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-		$page   = transcoder_filter_input( INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+		$filtered_apikey = transcoder_filter_input( INPUT_GET, 'apikey', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+		$apikey          = ! empty( $filtered_apikey ) ? trim( $filtered_apikey ) : '';
+
+		$page = transcoder_filter_input( INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
 
 		if ( ! empty( $apikey ) && is_admin() && ! empty( $page ) && ( 'rt-transcoder' === $page ) ) {
 			/* Do not activate transcoding service on localhost */
-			$blacklist   = array( '127.0.0.1', '::1' );
+			$blacklist   = rtt_get_blacklist_ip_addresses();
 			$remote_addr = rtt_get_remote_ip_address();
 			if ( in_array( wp_unslash( $remote_addr ), $blacklist, true ) ) {
 				$return_page = add_query_arg(
@@ -650,7 +651,7 @@ public function usage_widget() {
 		}
 
 		if ( ! empty( $api_key ) ) {
-			if ( $usage_details && isset( $usage_details[ $api_key ]->status ) && $usage_details[ $api_key ]->status ) {
+			if ( $usage_details && isset( $usage_details[ $api_key ]->status ) && $usage_details[ $api_key ]->status && 'error' !== $usage_details[ $api_key ]->status ) {
 
 				if ( isset( $usage_details[ $api_key ]->plan->name ) ) {
 					$plan_name = strtolower( $usage_details[ $api_key ]->plan->name );
@@ -1332,14 +1333,12 @@ public function upload_dir( $upload_dir ) {
 				$rtmedia_upload_prefix = 'groups/';
 				$id                    = $this->uploaded['context_id'];
 			}
-		} else {
-			if ( 'group' !== $rtmedia_interaction->context->type ) {
+		} elseif ( 'group' !== $rtmedia_interaction->context->type ) {
 				$rtmedia_upload_prefix = 'users/';
 				$id                    = $this->uploaded['media_author'];
-			} else {
-				$rtmedia_upload_prefix = 'groups/';
-				$id                    = $rtmedia_interaction->context->id;
-			}
+		} else {
+			$rtmedia_upload_prefix = 'groups/';
+			$id                    = $rtmedia_interaction->context->id;
 		}
 
 		if ( ! $id ) {
@@ -1366,11 +1365,15 @@ public function upload_dir( $upload_dir ) {
 	 * @param  string  $message         Email message.
 	 * @param  boolean $include_admin   If true then send an email to admin also else not.
 	 */
-	public function send_notification( $email_ids = array(), $subject, $message, $include_admin = true ) {
+	public function send_notification( $email_ids, $subject, $message, $include_admin = true ) {
 		if ( defined( 'RT_TRANSCODER_NO_MAIL' ) ) {
 			return;
 		}
 
+		if ( ! is_array( $email_ids ) ) {
+			$email_ids = array();
+		}
+
 		if ( empty( $subject ) || empty( $message ) ) {
 			return true;
 		}
@@ -1629,7 +1632,6 @@ class_exists( 'ImagickPixel', false ) &&
 		}
 
 		$this->wp_media_transcoding( array( 'mime_type' => 'application/pdf' ), $post_id );
-
 	}
 
 	/**

inc/helpers/custom-functions.php

@@ -21,7 +21,7 @@
  * @return mixed Value of the requested variable on success, FALSE if the filter fails, or NULL if the
  *               variable_name variable is not set.
  */
-function transcoder_filter_input( $type, $variable_name, $filter = FILTER_DEFAULT, $options = null ) {
+function transcoder_filter_input( $type, $variable_name, $filter = FILTER_DEFAULT, $options = 0 ) {
 
 	if ( php_sapi_name() !== 'cli' ) {
 
@@ -118,5 +118,4 @@ function transcoder_filter_input( $type, $variable_name, $filter = FILTER_DEFAUL
 	// phpcs:enable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing, WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___COOKIE
 
 	return filter_var( $input, $filter );
-
 }