From 0647e9d66dd3a1c784f9717fef5e25e416582b5f Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Wed, 15 Feb 2017 18:24:30 +0100
Subject: [PATCH 1/7] Unique prefix for options and functions

WordPress Plugin Directory requires all functions and options to
use a unique prefix to avoid collision with core or other plugins.
No upgrade code, so notify users in update message.

Removed generic 'Tipsy' string in favor of the blog's own name.
Could use author name, but would require more logic for pages
without a given author or multi-author pages.

Use `esc_html` to escape user input.
---
 wp-tipsy-payment-info/TipsyInjection.php | 32 ++++++++++++------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/wp-tipsy-payment-info/TipsyInjection.php b/wp-tipsy-payment-info/TipsyInjection.php
index c50578b..ea34614 100755
--- a/wp-tipsy-payment-info/TipsyInjection.php
+++ b/wp-tipsy-payment-info/TipsyInjection.php
@@ -8,44 +8,44 @@
 License: GPL
 */
 
-add_option("paypal_email");
-add_option("dwolla_key");
-add_action("admin_menu" , 'wp_admin_options_page');
-add_action("wp_head" , 'inject');
+add_option("tipsy_paypal_email");
+add_option("tipsy_dwolla_key");
+add_action("admin_menu" , 'tipsy_wp_admin_options_page');
+add_action("wp_head" , 'tipsy_inject');
 
-function wp_admin_options_page(){
-	add_management_page("Insert Tipsy Info" , "Insert Tipsy Info" , "administrator" , "Tipsy-Injection" , "inputs");
+function tipsy_wp_admin_options_page(){
+	add_management_page("Insert Tipsy Info" , "Insert Tipsy Info" , "administrator" , "Tipsy-Injection" , "tipsy_options_input");
 }
 
-function inputs(){
+function tipsy_options_input(){
 	$inputs  = "<div><h2>Insert Tipsy Payment Info</h2></br>" ;
 	$inputs .= "<form method='post' action='options.php'>" . wp_nonce_field('update-options');
-	$inputs .= "<p>Enter your PayPal email: <br><input type='email' value = '" . get_option(paypal_email) . "' name= 'paypal_email'/></input></p><br/>" ;
-	$inputs .= "<p>Enter your Dwolla key : <br> <input type='text' value =  '" . get_option(dwolla_key) . "' name= 'dwolla_key'/></input></p><br/>" ;
+	$inputs .= "<p>Enter your PayPal email: <br><input type='email' value = '" . esc_html(get_option(tipsy_paypal_email)) . "' name='paypal_email'/></input></p><br/>" ;
+	$inputs .= "<p>Enter your Dwolla key : <br> <input type='text' value =  '" . esc_html(get_option(tipsy_dwolla_key)) . "' name='dwolla_key'/></input></p><br/>" ;
 	$inputs .= "<input type='submit' value='Update' /><input type='hidden' name='action' value='update' />
 				<input type='hidden' name='page_options' value='paypal_email, dwolla_key' /></form></div>"; 
 	echo $inputs;
 }
 
-function inject($content){
-    	$ppe = get_option(paypal_email);
-	$dwk = get_option(dwolla_key);
+function tipsy_inject($content){
+    	$ppe = esc_html(get_option(tipsy_paypal_email));
+	$dwk = esc_html(get_option(tipsy_dwolla_key));
 	
 	if ($ppe === '' && $dwk === '' ) {
 		return; 
 	}
-	$string = "<link rel='author' name='Tipsy'";
+	$string = '<link rel="author" name="' . bloginfo('name') . '"';
 
 	if ($ppe !== '') {
-		$string .= " data-paypal='".$ppe . "'";
+		$string .= ' data-paypal="' . $ppe . '"';
 	}
 
 	if ($dwk !== '') {
-		$string .= " data-dwolla='".$dwk . "'";
+		$string .= ' data-dwolla="' . $dwk . '"';
 	}
 	
 	$string .= ">\n";
-	echo $string; 
+	print($string); 
 	return;
 }
 ?>

From b6afa251c371bed1a3b3abc3613da7ab5e2e3410 Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Sat, 18 Feb 2017 01:45:37 +0100
Subject: [PATCH 2/7] Added myself to WP plugin contributors

---
 wp-tipsy-payment-info/ReadMe.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-tipsy-payment-info/ReadMe.txt b/wp-tipsy-payment-info/ReadMe.txt
index 74d827b..c0f82bb 100755
--- a/wp-tipsy-payment-info/ReadMe.txt
+++ b/wp-tipsy-payment-info/ReadMe.txt
@@ -1,5 +1,5 @@
 === Plugin Name ===
-Contributors: schilippe
+Contributors: schilippe, geekysoft
 Tags: code insert, head tag, tipsy
 Requires at least: 2.1
 Tested up to: 4

From c9a042a05d0b4a8b85a477487f780abd51b84f58 Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Sat, 18 Feb 2017 01:55:30 +0100
Subject: [PATCH 3/7] Fix'up WordPress plugin meta information

* Promote browser extension
* Reassure it will work with all themes
* Correct URI
* More attractive tags
---
 wp-tipsy-payment-info/ReadMe.txt         | 8 ++++----
 wp-tipsy-payment-info/TipsyInjection.php | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/wp-tipsy-payment-info/ReadMe.txt b/wp-tipsy-payment-info/ReadMe.txt
index c0f82bb..dd3cb42 100755
--- a/wp-tipsy-payment-info/ReadMe.txt
+++ b/wp-tipsy-payment-info/ReadMe.txt
@@ -1,15 +1,15 @@
-=== Plugin Name ===
+=== Tipsy Payment Info ===
 Contributors: schilippe, geekysoft
-Tags: code insert, head tag, tipsy
+Tags: tipsy, monetization, micropayments, paypal, dwolla
 Requires at least: 2.1
 Tested up to: 4
 Stable tag: 2.0
 
-Inserts Tipsy Payment Info into head tag of wordpress webpage
+Enables micropayments from visitors with the [Tipsy browser extension](http://tipsy.csail.mit.edu/).
 
 == Description ==
 
-This plugin makes it easy for content creators to include the necessary information in their page's source so that they can be paid by Tipsy users. It opens as a simple form under the Tools menu.
+This plugin makes it easy for content creators to include the necessary information in their page's source so that they can be paid by Tipsy users. Invisible metadata with payment information is added to your pages, so Tipsy works with any and all theme.
 
 
 == Installation ==
diff --git a/wp-tipsy-payment-info/TipsyInjection.php b/wp-tipsy-payment-info/TipsyInjection.php
index ea34614..9268437 100755
--- a/wp-tipsy-payment-info/TipsyInjection.php
+++ b/wp-tipsy-payment-info/TipsyInjection.php
@@ -1,8 +1,8 @@
 <?php
 /*
-Plugin Name: Insert Tipsy Payment Info
-Plugin URI: tipsy.csail.mit.edu
-Description: Inserts Tipsy payment info into your site's head tag.
+Plugin Name: Tipsy Payment Info
+Plugin URI: http://tipsy.csail.mit.edu/
+Description: Enables micropayments from visitors with the Tipsy browser extension.
 Version: 2.0
 Author: schilippe
 License: GPL

From 3f27308be9f2bb6a23c497e4dfd0ce0357baaed5 Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Sat, 18 Feb 2017 01:59:25 +0100
Subject: [PATCH 4/7] Rename WordPress plugin file and directory

Main file must have the same name as the parent directory. This becomes
the plugin's URI slug when uploaded to the WordPress Plugin Directory.
---
 .../ReadMe.txt => wordpress-plugin/tipsy-payments/readme.txt      | 0
 .../tipsy-payments/tipsy-payments.php                             | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename wp-tipsy-payment-info/ReadMe.txt => wordpress-plugin/tipsy-payments/readme.txt (100%)
 rename wp-tipsy-payment-info/TipsyInjection.php => wordpress-plugin/tipsy-payments/tipsy-payments.php (100%)

diff --git a/wp-tipsy-payment-info/ReadMe.txt b/wordpress-plugin/tipsy-payments/readme.txt
similarity index 100%
rename from wp-tipsy-payment-info/ReadMe.txt
rename to wordpress-plugin/tipsy-payments/readme.txt
diff --git a/wp-tipsy-payment-info/TipsyInjection.php b/wordpress-plugin/tipsy-payments/tipsy-payments.php
similarity index 100%
rename from wp-tipsy-payment-info/TipsyInjection.php
rename to wordpress-plugin/tipsy-payments/tipsy-payments.php

From d5cc6c9c4018d475fe466643590df53304f52251 Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Sat, 18 Feb 2017 02:20:55 +0100
Subject: [PATCH 5/7] Fix my mistakes in the WordPress plugin

---
 wordpress-plugin/tipsy-payments/tipsy-payments.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/wordpress-plugin/tipsy-payments/tipsy-payments.php b/wordpress-plugin/tipsy-payments/tipsy-payments.php
index 9268437..ca47ada 100755
--- a/wordpress-plugin/tipsy-payments/tipsy-payments.php
+++ b/wordpress-plugin/tipsy-payments/tipsy-payments.php
@@ -14,16 +14,16 @@
 add_action("wp_head" , 'tipsy_inject');
 
 function tipsy_wp_admin_options_page(){
-	add_management_page("Insert Tipsy Info" , "Insert Tipsy Info" , "administrator" , "Tipsy-Injection" , "tipsy_options_input");
+	add_management_page("Tipsy Payment Info" , "Tipsy Payment Info", "administrator" , "tipsy-payments" , "tipsy_options_input");
 }
 
 function tipsy_options_input(){
 	$inputs  = "<div><h2>Insert Tipsy Payment Info</h2></br>" ;
 	$inputs .= "<form method='post' action='options.php'>" . wp_nonce_field('update-options');
-	$inputs .= "<p>Enter your PayPal email: <br><input type='email' value = '" . esc_html(get_option(tipsy_paypal_email)) . "' name='paypal_email'/></input></p><br/>" ;
-	$inputs .= "<p>Enter your Dwolla key : <br> <input type='text' value =  '" . esc_html(get_option(tipsy_dwolla_key)) . "' name='dwolla_key'/></input></p><br/>" ;
+	$inputs .= "<p>Enter your PayPal email: <br><input type='email' value = '" . esc_html(get_option(tipsy_paypal_email)) . "' name='tipsy_paypal_email'/></p><br/>" ;
+	$inputs .= "<p>Enter your Dwolla key : <br> <input type='text' value =  '" . esc_html(get_option(tipsy_dwolla_key)) . "' name='tipsy_dwolla_key'/></p><br/>" ;
 	$inputs .= "<input type='submit' value='Update' /><input type='hidden' name='action' value='update' />
-				<input type='hidden' name='page_options' value='paypal_email, dwolla_key' /></form></div>"; 
+				<input type='hidden' name='page_options' value='tipsy_paypal_email,tipsy_dwolla_key' /></form></div>";
 	echo $inputs;
 }
 
@@ -34,7 +34,7 @@ function tipsy_inject($content){
 	if ($ppe === '' && $dwk === '' ) {
 		return; 
 	}
-	$string = '<link rel="author" name="' . bloginfo('name') . '"';
+	$string = '<link rel="author" name="' . get_bloginfo('name') . '"';
 
 	if ($ppe !== '') {
 		$string .= ' data-paypal="' . $ppe . '"';

From f20c55bb1cd44f7d88c33e24e44703756cf192b0 Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Sat, 18 Feb 2017 02:21:38 +0100
Subject: [PATCH 6/7] Bump WordPress tested and version number

---
 wordpress-plugin/tipsy-payments/readme.txt         | 4 ++--
 wordpress-plugin/tipsy-payments/tipsy-payments.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wordpress-plugin/tipsy-payments/readme.txt b/wordpress-plugin/tipsy-payments/readme.txt
index dd3cb42..d062160 100755
--- a/wordpress-plugin/tipsy-payments/readme.txt
+++ b/wordpress-plugin/tipsy-payments/readme.txt
@@ -2,8 +2,8 @@
 Contributors: schilippe, geekysoft
 Tags: tipsy, monetization, micropayments, paypal, dwolla
 Requires at least: 2.1
-Tested up to: 4
-Stable tag: 2.0
+Tested up to: 4.7.2
+Stable tag: 2.1
 
 Enables micropayments from visitors with the [Tipsy browser extension](http://tipsy.csail.mit.edu/).
 
diff --git a/wordpress-plugin/tipsy-payments/tipsy-payments.php b/wordpress-plugin/tipsy-payments/tipsy-payments.php
index ca47ada..82dc237 100755
--- a/wordpress-plugin/tipsy-payments/tipsy-payments.php
+++ b/wordpress-plugin/tipsy-payments/tipsy-payments.php
@@ -3,7 +3,7 @@
 Plugin Name: Tipsy Payment Info
 Plugin URI: http://tipsy.csail.mit.edu/
 Description: Enables micropayments from visitors with the Tipsy browser extension.
-Version: 2.0
+Version: 2.1
 Author: schilippe
 License: GPL
 */

From 2c1aa64987ed923f1311d76b846ae24944bd4ba3 Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Sat, 18 Feb 2017 02:23:34 +0100
Subject: [PATCH 7/7] WordPress plugin script access controls

---
 wordpress-plugin/tipsy-payments/tipsy-payments.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wordpress-plugin/tipsy-payments/tipsy-payments.php b/wordpress-plugin/tipsy-payments/tipsy-payments.php
index 82dc237..ba8fe91 100755
--- a/wordpress-plugin/tipsy-payments/tipsy-payments.php
+++ b/wordpress-plugin/tipsy-payments/tipsy-payments.php
@@ -8,6 +8,11 @@
 License: GPL
 */
 
+if (!defined('ABSPATH')) {
+    header('HTTP/1.1 403 Forbidden');
+    exit('HTTP/1.1 403 Forbidden');
+}
+
 add_option("tipsy_paypal_email");
 add_option("tipsy_dwolla_key");
 add_action("admin_menu" , 'tipsy_wp_admin_options_page');