From 7094c53fe1f092373c34309512bde146bee57571 Mon Sep 17 00:00:00 2001
From: Chris Mospaw <mospaw@crowdfavorite.com>
Date: Tue, 4 Nov 2014 13:07:35 -0700
Subject: [PATCH] add Social::wp39_nonce_url() function, and replace
 wp_nonce_url with it.

---
 social-twitter.php                     |  2 +-
 social.php                             | 23 +++++++++++++++++++----
 views/wp-admin/options.php             |  2 +-
 views/wp-admin/post/meta/log/shell.php |  4 ++--
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/social-twitter.php b/social-twitter.php
index f9487a1f..e7da5782 100755
--- a/social-twitter.php
+++ b/social-twitter.php
@@ -87,7 +87,7 @@ public static function comments_array(array $comments, $post_id) {
 					$broadcasted_social_ids[] = $id;
 					// if we don't have a message saved for a tweet, try to get it so that we can use it next time
 					if (empty($data['message'])) {
-						$url = wp_nonce_url(home_url('index.php?social_controller=aggregation&social_action=retrieve_twitter_content&broadcasted_id='.$id.'&post_id='.$post_id), 'retrieve_twitter_content');
+						$url = Social::wp39_nonce_url(home_url('index.php?social_controller=aggregation&social_action=retrieve_twitter_content&broadcasted_id='.$id.'&post_id='.$post_id), 'retrieve_twitter_content');
 						wp_remote_get(str_replace('&amp;', '&', $url), array(
 							'timeout' => 0.01,
 							'blocking' => false,
diff --git a/social.php b/social.php
index f71cf445..faecb7ed 100755
--- a/social.php
+++ b/social.php
@@ -1722,7 +1722,7 @@ public function post_row_actions(array $actions, $post) {
 			&& $post->post_status == 'publish'
 			&& Social::option('aggregate_comments'))
 		{
-			$actions['social_aggregation'] = sprintf(__('<a href="%s" rel="%s">Social Comments</a>', 'social'), esc_url(wp_nonce_url(admin_url('options-general.php?social_controller=aggregation&social_action=run&post_id='.$post->ID), 'run')), $post->ID).
+			$actions['social_aggregation'] = sprintf(__('<a href="%s" rel="%s">Social Comments</a>', 'social'), esc_url(Social::wp39_nonce_url(admin_url('options-general.php?social_controller=aggregation&social_action=run&post_id='.$post->ID), 'run')), $post->ID).
 				'<img src="'.esc_url(admin_url('images/wpspin_light.gif')).'" class="social_run_aggregation_loader" />';
 		}
 		return $actions;
@@ -1758,13 +1758,13 @@ public function admin_bar_menu() {
 						<span class="social-dot">.</span>
 						<span class="social-dot">.</span>
 					)</span>',
-				'href' => esc_url(wp_nonce_url(admin_url('options-general.php?social_controller=aggregation&social_action=run&post_id='.$current_object->ID), 'run')),
+				'href' => esc_url(Social::wp39_nonce_url(admin_url('options-general.php?social_controller=aggregation&social_action=run&post_id='.$current_object->ID), 'run')),
 			));
 			$wp_admin_bar->add_menu(array(
 				'parent' => 'comments',
 				'id' => 'social-add-tweet-by-url',
 				'title' => __('Add Tweet by URL', 'social')
-					.'<form class="social-add-tweet" style="display: none;" method="get" action="'.esc_url(wp_nonce_url(admin_url('options-general.php?social_controller=import&social_action=from_url&social_service=twitter&post_id='.$current_object->ID), 'from_url')).'">
+					.'<form class="social-add-tweet" style="display: none;" method="get" action="'.esc_url(Social::wp39_nonce_url(admin_url('options-general.php?social_controller=import&social_action=from_url&social_service=twitter&post_id='.$current_object->ID), 'from_url')).'">
 						<input type="text" size="20" name="url" value="" autocomplete="off" />
 						<input type="submit" name="social-add-tweet-button" name="social-add-tweet-button" value="'.__('Add Tweet by URL', 'social').'" />
 					</form>',
@@ -1968,7 +1968,7 @@ public function kses($object) {
 	 */
 	private function request($url, $nonce_key = null, $post = false) {
 		if ($nonce_key !== null) {
-			$url = str_replace('&amp;', '&', wp_nonce_url($url, $nonce_key));
+			$url = str_replace('&amp;', '&', Social::wp39_nonce_url($url, $nonce_key));
 		}
 
 
@@ -2256,6 +2256,21 @@ public static function wp39_create_nonce($action = -1) {
 	}
 
 
+	/**
+	 * Retrieve URL with nonce added to URL query using Social::wp39_create_nonce()
+	 * instead of Social::wp_create_nonce()
+	 *
+	 * @param string $actionurl URL to add nonce action.
+	 * @param string $action    Optional. Nonce action name. Default -1.
+	 * @param string $name      Optional. Nonce name. Default '_wpnonce'.
+	 * @return string Escaped URL with nonce action added.
+	 */
+	public static function wp39_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
+		$actionurl = str_replace( '&amp;', '&', $actionurl );
+		return esc_html( add_query_arg( $name, Social::wp39_create_nonce( $action ), $actionurl ) );
+	}
+
+
 } // End Social
 
 if (!function_exists('addslashes_deep')) {
diff --git a/views/wp-admin/options.php b/views/wp-admin/options.php
index 68d1eea8..6e248ae8 100755
--- a/views/wp-admin/options.php
+++ b/views/wp-admin/options.php
@@ -187,7 +187,7 @@
 									<div class="social-callout">
 										<h3 class="social-title"><?php _e('CRON Setup', 'social'); ?></h3>
 										<dl class="social-kv">
-											<dt><?php _e('CRON API Key', 'social'); ?> <small>(<a href="<?php echo esc_url(wp_nonce_url(admin_url('options-general.php?page=social.php&social_controller=settings&social_action=regenerate_api_key'), 'regenerate_api_key')); ?>" rel="social_api_key" id="social_regenerate_api_key"><?php _e('regenerate', 'social'); ?></a>)</small></dt>
+											<dt><?php _e('CRON API Key', 'social'); ?> <small>(<a href="<?php echo esc_url(Social::wp39_nonce_url(admin_url('options-general.php?page=social.php&social_controller=settings&social_action=regenerate_api_key'), 'regenerate_api_key')); ?>" rel="social_api_key" id="social_regenerate_api_key"><?php _e('regenerate', 'social'); ?></a>)</small></dt>
 											<dd>
 												<code class="social_api_key"><?php echo esc_html(Social::option('system_cron_api_key')); ?></code>
 											</dd>
diff --git a/views/wp-admin/post/meta/log/shell.php b/views/wp-admin/post/meta/log/shell.php
index 016df589..7d8edd99 100755
--- a/views/wp-admin/post/meta/log/shell.php
+++ b/views/wp-admin/post/meta/log/shell.php
@@ -5,7 +5,7 @@
 	<p>
 		<input type="text" id="social-source-url" name="source_url" style="width:350px" />
 		<span class="submit" style="float:none">
-			<a href="<?php echo esc_url(wp_nonce_url(admin_url('options-general.php?social_controller=import&social_action=from_url&social_service=twitter&post_id='.$post->ID), 'from_url')); ?>" id="import_from_url" class="button"><?php _e('Import Tweet', 'social'); ?></a>
+			<a href="<?php echo esc_url(Social::wp39_nonce_url(admin_url('options-general.php?social_controller=import&social_action=from_url&social_service=twitter&post_id='.$post->ID), 'from_url')); ?>" id="import_from_url" class="button"><?php _e('Import Tweet', 'social'); ?></a>
 		</span>
 		<img src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?>" style="position:relative;top:4px;left:0;display:none" id="import_from_url_loader" />
 		<span id="social-import-error"></span>
@@ -22,7 +22,7 @@
 	</h4>
 
 	<p class="submit" style="clear:both;float:none;padding:0;">
-		<a href="<?php echo esc_url(wp_nonce_url(admin_url('options-general.php?social_controller=aggregation&social_action=run&post_id='.$post->ID), 'run')); ?>" id="run_aggregation" class="button" style="float:left;margin-bottom:10px;"><?php _e('Find Social Comments', 'social'); ?></a>
+		<a href="<?php echo esc_url(Social::wp39_nonce_url(admin_url('options-general.php?social_controller=aggregation&social_action=run&post_id='.$post->ID), 'run')); ?>" id="run_aggregation" class="button" style="float:left;margin-bottom:10px;"><?php _e('Find Social Comments', 'social'); ?></a>
 		<img src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?>" style="float:left;position:relative;top:4px;left:5px;display:none;" id="run_aggregation_loader" />
 	</p>
 </div><!-- .social-meta-box-block -->