Merge pull request #1630 from rtMediaWP/develop

Version update v4.6.2

Author: thrijith

README.md

@@ -11,7 +11,7 @@ Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & mor
 ![BrowserStack Status](https://www.browserstack.com/automate/badge.svg?badge_key=MU1JamdmRnppK0hhQy9QMU8wdDJ2MUEyb1ZuS0ljVFQvSHZ6anFvNzUxTT0tLXhUNnliTnZGcE5CcW93N0I1eXdnM3c9PQ==--8c124e667dd0c317618efde1bed2b260000916b6)
 
 
-* **Contributors:** [rtcamp](http://profiles.wordpress.org/rtcamp), [mangeshp](http://profiles.wordpress.org/mangeshp), [sanket.parmar](http://profiles.wordpress.org/sanket.parmar), [pranalipatel](http://profiles.wordpress.org/pranalipatel), [jignesh.nakrani](http://profiles.wordpress.org/jignesh.nakrani), [manishsongirkar36](http://profiles.wordpress.org/manishsongirkar36), [kiranpotphode](http://profiles.wordpress.org/kiranpotphode), [yahil](http://profiles.wordpress.org/yahil), [1naveengiri](http://profiles.wordpress.org/1naveengiri), [bhargavbhandari90](http://profiles.wordpress.org/bhargavbhandari90), [deepak1191](http://profiles.wordpress.org/deepak1191), [rittesh.patel](http://profiles.wordpress.org/rittesh.patel), [sagarjadhav](http://profiles.wordpress.org/sagarjadhav), [pushpak.pop](http://profiles.wordpress.org/pushpak.pop), [faishal](http://profiles.wordpress.org/faishal), [desaiuditd](http://profiles.wordpress.org/desaiuditd), [rahul286](http://profiles.wordpress.org/rahul286), [JoshuaAbenazer](http://profiles.wordpress.org/JoshuaAbenazer), [gagan0123](http://profiles.wordpress.org/gagan0123), [saurabhshukla](http://profiles.wordpress.org/saurabhshukla), [nitun.lanjewar](http://profiles.wordpress.org/nitun.lanjewar), [umesh.nevase](http://profiles.wordpress.org/umesh.nevase), [suhasgirgaonkar](http://profiles.wordpress.org/suhasgirgaonkar), [neerukoul](http://profiles.wordpress.org/neerukoul), [hrishiv90](http://profiles.wordpress.org/hrishiv90), [kanakiyajay](http://profiles.wordpress.org/kanakiyajay), [jarretc](http://profiles.wordpress.org/jarretc), [tobiaskluge](http://profiles.wordpress.org/tobiaskluge), [rafaelfunchal](http://profiles.wordpress.org/rafaelfunchal), [UmeshSingla](http://profiles.wordpress.org/UmeshSingla), [mehulkaklotar](http://profiles.wordpress.org/mehulkaklotar), [tannermirabel](http://profiles.wordpress.org/tannermirabel), [kishores](http://profiles.wordpress.org/kishores), [chandrapatel](http://profiles.wordpress.org/chandrapatel), [rahul3883](http://profiles.wordpress.org/rahul3883/), [nomnom99](http://profiles.wordpress.org/nomnom99), [sayanchakraborty](https://profiles.wordpress.org/sayanchakraborty), [milindmore22](https://profiles.wordpress.org/milindmore22), [thrijith](https://profiles.wordpress.org/thrijith), [abhijitrakas](https://profiles.wordpress.org/abhijitrakas), [sid177](https://profiles.wordpress.org/sid177), [montu3366](https://profiles.wordpress.org/montu3366), [jashwini](https://profiles.wordpress.org/jashwini), [juhise](https://profiles.wordpress.org/juhise), [ravatparmar](https://profiles.wordpress.org/ravatparmar), [dharmin16](https://profiles.wordpress.org/dharmin16), [malavvasita](https://profiles.wordpress.org/malavvasita), [pooja1210](https://profiles.wordpress.org/pooja1210), [krupajnanda](https://profiles.wordpress.org/krupajnanda), [kanumalivad](https://profiles.wordpress.org/kanumalivad), [surajkumarsingh](https://profiles.wordpress.org/surajkumarsingh), [dishitpala](https://profiles.wordpress.org/dishitpala)
+* **Contributors:** [rtcamp](http://profiles.wordpress.org/rtcamp), [mangeshp](http://profiles.wordpress.org/mangeshp), [sanket.parmar](http://profiles.wordpress.org/sanket.parmar), [pranalipatel](http://profiles.wordpress.org/pranalipatel), [jignesh.nakrani](http://profiles.wordpress.org/jignesh.nakrani), [manishsongirkar36](http://profiles.wordpress.org/manishsongirkar36), [kiranpotphode](http://profiles.wordpress.org/kiranpotphode), [yahil](http://profiles.wordpress.org/yahil), [1naveengiri](http://profiles.wordpress.org/1naveengiri), [bhargavbhandari90](http://profiles.wordpress.org/bhargavbhandari90), [deepak1191](http://profiles.wordpress.org/deepak1191), [rittesh.patel](http://profiles.wordpress.org/rittesh.patel), [sagarjadhav](http://profiles.wordpress.org/sagarjadhav), [pushpak.pop](http://profiles.wordpress.org/pushpak.pop), [faishal](http://profiles.wordpress.org/faishal), [desaiuditd](http://profiles.wordpress.org/desaiuditd), [rahul286](http://profiles.wordpress.org/rahul286), [JoshuaAbenazer](http://profiles.wordpress.org/JoshuaAbenazer), [gagan0123](http://profiles.wordpress.org/gagan0123), [saurabhshukla](http://profiles.wordpress.org/saurabhshukla), [nitun.lanjewar](http://profiles.wordpress.org/nitun.lanjewar), [umesh.nevase](http://profiles.wordpress.org/umesh.nevase), [suhasgirgaonkar](http://profiles.wordpress.org/suhasgirgaonkar), [neerukoul](http://profiles.wordpress.org/neerukoul), [hrishiv90](http://profiles.wordpress.org/hrishiv90), [kanakiyajay](http://profiles.wordpress.org/kanakiyajay), [jarretc](http://profiles.wordpress.org/jarretc), [tobiaskluge](http://profiles.wordpress.org/tobiaskluge), [rafaelfunchal](http://profiles.wordpress.org/rafaelfunchal), [UmeshSingla](http://profiles.wordpress.org/UmeshSingla), [mehulkaklotar](http://profiles.wordpress.org/mehulkaklotar), [tannermirabel](http://profiles.wordpress.org/tannermirabel), [kishores](http://profiles.wordpress.org/kishores), [chandrapatel](http://profiles.wordpress.org/chandrapatel), [rahul3883](http://profiles.wordpress.org/rahul3883/), [nomnom99](http://profiles.wordpress.org/nomnom99), [sayanchakraborty](https://profiles.wordpress.org/sayanchakraborty), [milindmore22](https://profiles.wordpress.org/milindmore22), [thrijith](https://profiles.wordpress.org/thrijith), [abhijitrakas](https://profiles.wordpress.org/abhijitrakas), [sid177](https://profiles.wordpress.org/sid177), [montu3366](https://profiles.wordpress.org/montu3366), [jashwini](https://profiles.wordpress.org/jashwini), [juhise](https://profiles.wordpress.org/juhise), [ravatparmar](https://profiles.wordpress.org/ravatparmar), [dharmin16](https://profiles.wordpress.org/dharmin16), [malavvasita](https://profiles.wordpress.org/malavvasita), [pooja1210](https://profiles.wordpress.org/pooja1210), [krupajnanda](https://profiles.wordpress.org/krupajnanda), [kanumalivad](https://profiles.wordpress.org/kanumalivad), [surajkumarsingh](https://profiles.wordpress.org/surajkumarsingh), [dishitpala](https://profiles.wordpress.org/dishitpala), [shobhit2412](https://profiles.wordpress.org/shobhit2412/)
 
 
 * **License:** [GPL v2 or later]( http://www.gnu.org/licenses/gpl-2.0.html)
@@ -147,6 +147,16 @@ https://www.youtube.com/watch?v=dJrykKQGDcs
 
 ## Changelog ##
 
+### 4.6.2 [April 22, 2020] ###
+
+* FIXED
+	* Redirection to WallPost album for user with subscriber role
+	* Preview not loading for Docs and Other files in lightbox
+	* Custom css not applying when added from rtMedia settings’ custom css tab
+	* Too many redirections on BuddyPress’ privacy page.
+	* Unable to delete media from lightbox and single media page.
+	* PHP errors and warning
+
 ### 4.6.1 [April 9, 2020] ###
 
 * Enhancement
@@ -1675,8 +1685,8 @@ https://www.youtube.com/watch?v=dJrykKQGDcs
 * HTML5 Audio Tag Support (with fallback)
 * HTML5 Video Tag Support (with fallback)
 
-#### 4.6.1 ####
-rtMedia 4.6.1 with added server side validation for terms of services checkbox, minor bug fixes along with warnings and PHPCS fixes
+#### 4.6.2 ####
+rtMedia 4.6.2 with added fixes for preview not loading of docs and files in lightbox, privacy page redirection on user's profile along with warnings and PHP errors
 
 ## Sponsors ##
 

app/main/RTMedia.php

@@ -1322,6 +1322,7 @@ public function enqueue_scripts_styles() {
 		wp_localize_script( 'rtmedia-magnific', 'rtmedia_load_more', __( 'Loading media', 'buddypress-media' ) );
 		wp_localize_script( 'rtmedia-main', 'rtmedia_empty_activity_msg', __( 'Please enter some content to post.', 'buddypress-media' ) );
 		wp_localize_script( 'rtmedia-main', 'rtmedia_empty_comment_msg', __( 'Empty comment is not allowed.', 'buddypress-media' ) );
+		wp_localize_script( 'rtmedia-main', 'rtmedia_media_delete_confirmation', __( 'Are you sure you want to delete this media?', 'buddypress-media' ) );
 		wp_localize_script( 'rtmedia-main', 'rtmedia_media_comment_delete_confirmation', __( 'Are you sure you want to delete this comment?', 'buddypress-media' ) );
 		wp_localize_script( 'rtmedia-main', 'rtmedia_album_delete_confirmation', __( 'Are you sure you want to delete this Album?', 'buddypress-media' ) );
 		wp_localize_script( 'rtmedia-main', 'rtmedia_drop_media_msg', __( 'Drop files here', 'buddypress-media' ) );
@@ -1554,6 +1555,15 @@ public function enqueue_scripts_styles() {
 		if ( empty( $is_buddypress_activate ) ) {
 			wp_localize_script( 'rtmedia-main', 'ajaxurl', admin_url( 'admin-ajax.php', is_ssl() ? 'admin' : 'http' ) );
 		}
+
+		$options = $rtmedia->options;
+		// Previously done with rtmedia_custom_css() method on wp_head hook.
+		if ( ! empty( $options['styles_custom'] ) ) {
+			wp_register_style( 'rtmedia-custom-css', false );
+			wp_enqueue_style( 'rtmedia-custom-css' );
+			$css = stripslashes( wp_filter_nohtml_kses( $options['styles_custom'] ) );
+			wp_add_inline_style( 'rtmedia-custom-css', $css );
+		}
 	}
 
 	/**
@@ -1729,6 +1739,13 @@ public function unset_bp_media_image_sizes( $sizes ) {
 	public static function expanded_allowed_tags() {
 		$new_allowed = wp_kses_allowed_html( 'post' );
 
+		// Iframe.
+		$new_allowed['iframe'] = array(
+			'src'   => array(),
+			'class' => array(),
+			'id'    => array(),
+		);
+
 		// form input.
 		$new_allowed['form'] = array(
 			'action' => array(),
@@ -1842,7 +1859,7 @@ function parentlink_global_album( $id ) {
 	$parent_link   = '';
 
 	if ( is_array( $global_albums ) && '' !== $global_albums ) {
-		if ( in_array( $id, $global_albums, true ) && function_exists( 'bp_displayed_user_id' ) ) {
+		if ( in_array( $id, $global_albums, false ) && function_exists( 'bp_displayed_user_id' ) ) { // phpcs:ignore WordPress.PHP.StrictInArray.FoundNonStrictFalse -- This option sometimes comes from buddypress or normal options, so can't be sure.
 			$disp_user = bp_displayed_user_id();
 			$curr_user = get_current_user_id();
 			if ( $disp_user === $curr_user ) {

app/main/controllers/privacy/RTMediaPrivacy.php

@@ -466,8 +466,10 @@ public function rt_privacy_settings_action() {
 		$default_privacy = sanitize_text_field( filter_input( INPUT_POST, 'rtmedia-default-privacy', FILTER_SANITIZE_STRING ) );
 		$nonce           = sanitize_text_field( filter_input( INPUT_POST, 'rtmedia_member_settings_privacy', FILTER_SANITIZE_STRING ) );
 
-		if ( ! empty( $default_privacy ) || 0 === intval( $default_privacy ) ) {
-
+		// Old condition won't work as we've added sanitize_text_field for $default_privacy.
+		// We can't perform empty as 0 could be the possible value, so we check for empty string instead.
+		// Condition intval( $default_privacy ) will always 0 which shouldn't happen.
+		if ( 0 !== strlen( strval( $default_privacy ) ) ) {
 			$status = false;
 			if ( wp_verify_nonce( $nonce, 'rtmedia_member_settings_privacy' ) ) {
 				// todo user attribute.

app/main/controllers/template/RTMediaTemplate.php

@@ -459,12 +459,33 @@ public function media_update_success_messege() {
 
 	/**
 	 * Show error message for media update error.
+	 *
+	 * @return void
 	 */
 	public function media_update_success_error() {
-		$message = apply_filters( 'rtmedia_update_media_message', esc_html__( 'Error in updating Media', 'buddypress-media' ), true );
-		$html    = "<div class='rtmedia-error  media-edit-messge'>" . esc_html( $message ) . '</div>';
+		/**
+		 * To filter error message on media update.
+		 *
+		 * @param string $message Raw error message.
+		 * @param bool   $bool
+		 *
+		 * @return string Raw error message.
+		 */
+		$message = apply_filters( 'rtmedia_update_media_message', __( 'Error in updating Media', 'buddypress-media' ), true );
+		$html    = sprintf( '<div class="rtmedia-warning media-edit-messge">%s</div>', esc_html( $message ) );
+
+		/**
+		 * To filter error message HTML on media update.
+		 *
+		 * @param string $html    HTML of error message.
+		 * @param string $message Raw error message.
+		 * @param bool   $bool
+		 *
+		 * @return string HTML of error message.
+		 */
+		$html = apply_filters( 'rtmedia_update_media_message_html', $html, $message, true );
 
-		echo wp_kses( apply_filters( 'rtmedia_update_media_message_html', $html, $message, true ), RTMedia::expanded_allowed_tags() );
+		echo wp_kses( $html, RTMedia::expanded_allowed_tags() );
 	}
 
 	/**
@@ -871,7 +892,8 @@ public function check_return_comments() {
 					global $wpdb;
 
 					$comments = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_ID = %d limit 100", $id ), ARRAY_A );
-					echo wp_kses( rmedia_single_comment( $comments ), RTMedia::expanded_allowed_tags() );
+					// @todo: Change a.rtmedia-comment-like-click attribute to data-comment-id from data-comment_id in rtmedia-likes (https://github.com/rtCamp/rtmedia-likes) addon.
+					echo rmedia_single_comment( $comments ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Contains data-* attributes.
 					exit;
 				}
 			} else {

app/main/controllers/template/rtmedia-functions.php

@@ -1350,7 +1350,8 @@ function rtmedia_comments( $echo = true ) {
 	}
 
 	if ( $html ) {
-		echo wp_kses( $html, RTMedia::expanded_allowed_tags() );
+		// @todo: Change a.rtmedia-comment-like-click attribute to data-comment-id from data-comment_id in rtmedia-likes (https://github.com/rtCamp/rtmedia-likes) addon.
+		echo $html; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Contains data-* attributes.
 	} else {
 		return $html;
 	}

app/main/routers/RTMediaRouter.php

@@ -242,7 +242,7 @@ public function rt_theme_compat_reset_post( $args = array() ) {
 						break;
 					}
 				}
-			} elseif ( isset( $rtmedia_query->media ) && 1 === count( $rtmedia_query->media ) && $rtmedia_query->media ) {
+			} elseif ( ! empty( $rtmedia_query->media[0] ) && isset( $rtmedia_query->media[0]->media_id ) ) {
 				$wp_query->post = get_post( $rtmedia_query->media[0]->media_id );
 			}
 

bin/.travis.yml

@@ -54,8 +54,8 @@ before_script:
   - unzip BrowserStackLocal-linux-x64.zip
   - nohup ./BrowserStackLocal --key $BROWSERSTACK_ACCESS_KEY &
   - cd $PLUGIN_DIR/tests/codeception/
-  - composer update
-  # - composer install
+  # - composer update
+  - composer install
   - export PATH="$PATH:/home/travis/build/rtMediaWP/rtMedia/tests/codeception/vendor/bin"
     ## PHP_CodeSniffer
   - git clone https://github.com/squizlabs/PHP_CodeSniffer.git

index.php

@@ -3,7 +3,7 @@
   Plugin Name: rtMedia for WordPress, BuddyPress and bbPress
   Plugin URI: https://rtmedia.io/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media
   Description: This plugin adds missing media rich features like photos, videos and audio uploading to BuddyPress which are essential if you are building social network, seriously!
-  Version: 4.6.1
+  Version: 4.6.2
   Author: rtCamp
   Text Domain: buddypress-media
   Author URI: http://rtcamp.com/?utm_source=dashboard&utm_medium=plugin&utm_campaign=buddypress-media
@@ -21,7 +21,7 @@
 	/**
 	 * The version of the plugin
 	 */
-	define( 'RTMEDIA_VERSION', '4.6.1' );
+	define( 'RTMEDIA_VERSION', '4.6.2' );
 }
 
 if ( ! defined( 'RTMEDIA_PATH' ) ) {