diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-26 13:21:06 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-26 13:21:06 +0000 |
| commit | aeb5cf0276bb7b658997281ba34abf6e69fe17bb (patch) | |
| tree | 16a8f22e32115fced2607535ae99613fe2e6fa14 | |
| parent | 59be4e796441e494f25b18ece7438dbf02442e47 (diff) | |
| download | Post-SMTP-aeb5cf0276bb7b658997281ba34abf6e69fe17bb.zip | |
security + bugs
5 files changed, 20 insertions, 5 deletions
diff --git a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php index 3e17dbd..6ff5a69 100644 --- a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php +++ b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php @@ -98,6 +98,14 @@ class PostmanConnectivityTestController { wp_enqueue_script( 'postman_port_test_script' ); $warning = __( 'Warning', 'post-smtp' ); wp_localize_script( PostmanViewController::POSTMAN_SCRIPT, 'postman_hostname_element_name', '#input_' . PostmanOptions::HOSTNAME ); + wp_localize_script( PostmanViewController::POSTMAN_SCRIPT, 'postman_email_test', array( + 'recipient' => '#' . PostmanSendTestEmailController::RECIPIENT_EMAIL_FIELD_NAME, + 'not_started' => _x( 'In Outbox', 'Email Test Status', 'post-smtp' ), + 'sending' => _x( 'Sending...', 'Email Test Status', 'post-smtp' ), + 'success' => _x( 'Success', 'Email Test Status', 'post-smtp' ), + 'failed' => _x( 'Failed', 'Email Test Status', 'post-smtp' ), + 'ajax_error' => __( 'Ajax Error', 'post-smtp' ), + ) ); PostmanConnectivityTestController::addLocalizeScriptForPortTest(); } static function addLocalizeScriptForPortTest() { @@ -135,6 +143,8 @@ class PostmanConnectivityTestController { public function outputPortTestContent() { print '<div class="wrap">'; + wp_nonce_field('post-smtp', 'security'); + PostmanViewController::outputChildPageHeader( __( 'Connectivity Test', 'post-smtp' ) ); print '<p>'; diff --git a/Postman/Postman-Connectivity-Test/postman_port_test.js b/Postman/Postman-Connectivity-Test/postman_port_test.js index 1d5c3fb..8667c06 100644 --- a/Postman/Postman-Connectivity-Test/postman_port_test.js +++ b/Postman/Postman-Connectivity-Test/postman_port_test.js @@ -73,7 +73,7 @@ function portQuizTest(socket, hostname, port) { 'action' : 'postman_port_quiz_test', 'hostname' : hostname, 'port' : port, - '_wpnonce' : jQuery('#_wpnonce').val(), + 'security' : jQuery('#security').val(), }; jQuery.post( ajaxurl, @@ -201,7 +201,7 @@ function portTest3(socket, hostname, port, open) { 'action' : 'postman_test_smtps', 'hostname' : hostname, 'port' : port, - '_wpnonce' : jQuery('#_wpnonce').val(), + 'security' : jQuery('#security').val(), }; jQuery .post( diff --git a/Postman/Postman-Mail/PostmanSmtpModuleTransport.php b/Postman/Postman-Mail/PostmanSmtpModuleTransport.php index f7d8009..7442972 100644 --- a/Postman/Postman-Mail/PostmanSmtpModuleTransport.php +++ b/Postman/Postman-Mail/PostmanSmtpModuleTransport.php @@ -542,6 +542,8 @@ class PostmanSmtpModuleTransport extends PostmanAbstractZendModuleTransport impl printf( '<legend>%s</legend>', _x( 'Which host will relay the mail?', 'Wizard Step Title', 'post-smtp' ) ); printf( '<p>%s</p>', __( 'This is the Outgoing (SMTP) Mail Server, or Mail Submission Agent (MSA), which Postman delegates mail delivery to. This server is specific to your email account, and if you don\'t know what to use, ask your email service provider.', 'post-smtp' ) ); printf( '<p>%s</p>', __( 'Note that many WordPress hosts, such as GoDaddy, Bluehost and Dreamhost, require that you use their mail accounts with their mail servers, and prevent you from using others.', 'post-smtp' ) ); + + printf( '<div><strong><u>%s</u></strong></div><br>', __( 'If you plan to use An API and not SMTP just type any value.', 'post-smtp' ) ); printf( '<label for="hostname">%s</label>', __( 'Outgoing Mail Server Hostname', 'post-smtp' ) ); print $this->hostname_callback(); printf( '<p class="ajax-loader" style="display:none"><img src="%s"/></p>', plugins_url( 'post-smtp/style/ajax-loader.gif' ) ); diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php index e33f6c4..1b73378 100644 --- a/Postman/PostmanInputSanitizer.php +++ b/Postman/PostmanInputSanitizer.php @@ -93,6 +93,8 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $this->sanitizeString( 'Fallback username', PostmanOptions::FALLBACK_SMTP_USERNAME, $input, $new_input ); $this->sanitizePassword( 'Fallback password', PostmanOptions::FALLBACK_SMTP_PASSWORD, $input, $new_input, $this->options->getFallbackPassword() ); + $new_input = apply_filters( 'post_smtp_sanitize', $new_input, $input, $this ); + if ( $new_input [ PostmanOptions::CLIENT_ID ] != $this->options->getClientId() || $new_input [ PostmanOptions::CLIENT_SECRET ] != $this->options->getClientSecret() || $new_input [ PostmanOptions::HOSTNAME ] != $this->options->getHostname() ) { $this->logger->debug( 'Recognized new Client ID' ); // the user entered a new client id and we should destroy the stored auth token @@ -115,7 +117,8 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { return $new_input; } - private function sanitizeString( $desc, $key, $input, &$new_input ) { + + public function sanitizeString( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); $new_input [ $key ] = trim( $input [ $key ] ); @@ -130,7 +133,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { * @param mixed $input * @param mixed $new_input */ - private function sanitizePassword( $desc, $key, $input, &$new_input, $existingPassword ) { + public function sanitizePassword( $desc, $key, $input, &$new_input, $existingPassword ) { // WordPress calling Sanitize twice is a known issue // https://core.trac.wordpress.org/ticket/21989 $action = PostmanSession::getInstance()->getAction(); diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php index 7d5c35d..e41234c 100644 --- a/Postman/PostmanViewController.php +++ b/Postman/PostmanViewController.php @@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) { } function enqueueHomeScreenStylesheet() { wp_enqueue_style( PostmanViewController::POSTMAN_STYLE ); - wp_enqueue_script( 'postman_script' ); + wp_enqueue_script( PostmanViewController::POSTMAN_SCRIPT ); } /** |