summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-26 13:21:06 +0000
committeryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-26 13:21:06 +0000
commitaeb5cf0276bb7b658997281ba34abf6e69fe17bb (patch)
tree16a8f22e32115fced2607535ae99613fe2e6fa14
parent59be4e796441e494f25b18ece7438dbf02442e47 (diff)
downloadPost-SMTP-aeb5cf0276bb7b658997281ba34abf6e69fe17bb.zip
security + bugs
-rw-r--r--Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php10
-rw-r--r--Postman/Postman-Connectivity-Test/postman_port_test.js4
-rw-r--r--Postman/Postman-Mail/PostmanSmtpModuleTransport.php2
-rw-r--r--Postman/PostmanInputSanitizer.php7
-rw-r--r--Postman/PostmanViewController.php2
5 files changed, 20 insertions, 5 deletions
diff --git a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
index 3e17dbd..6ff5a69 100644
--- a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
+++ b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
@@ -98,6 +98,14 @@ class PostmanConnectivityTestController {
wp_enqueue_script( 'postman_port_test_script' );
$warning = __( 'Warning', 'post-smtp' );
wp_localize_script( PostmanViewController::POSTMAN_SCRIPT, 'postman_hostname_element_name', '#input_' . PostmanOptions::HOSTNAME );
+ wp_localize_script( PostmanViewController::POSTMAN_SCRIPT, 'postman_email_test', array(
+ 'recipient' => '#' . PostmanSendTestEmailController::RECIPIENT_EMAIL_FIELD_NAME,
+ 'not_started' => _x( 'In Outbox', 'Email Test Status', 'post-smtp' ),
+ 'sending' => _x( 'Sending...', 'Email Test Status', 'post-smtp' ),
+ 'success' => _x( 'Success', 'Email Test Status', 'post-smtp' ),
+ 'failed' => _x( 'Failed', 'Email Test Status', 'post-smtp' ),
+ 'ajax_error' => __( 'Ajax Error', 'post-smtp' ),
+ ) );
PostmanConnectivityTestController::addLocalizeScriptForPortTest();
}
static function addLocalizeScriptForPortTest() {
@@ -135,6 +143,8 @@ class PostmanConnectivityTestController {
public function outputPortTestContent() {
print '<div class="wrap">';
+ wp_nonce_field('post-smtp', 'security');
+
PostmanViewController::outputChildPageHeader( __( 'Connectivity Test', 'post-smtp' ) );
print '<p>';
diff --git a/Postman/Postman-Connectivity-Test/postman_port_test.js b/Postman/Postman-Connectivity-Test/postman_port_test.js
index 1d5c3fb..8667c06 100644
--- a/Postman/Postman-Connectivity-Test/postman_port_test.js
+++ b/Postman/Postman-Connectivity-Test/postman_port_test.js
@@ -73,7 +73,7 @@ function portQuizTest(socket, hostname, port) {
'action' : 'postman_port_quiz_test',
'hostname' : hostname,
'port' : port,
- '_wpnonce' : jQuery('#_wpnonce').val(),
+ 'security' : jQuery('#security').val(),
};
jQuery.post(
ajaxurl,
@@ -201,7 +201,7 @@ function portTest3(socket, hostname, port, open) {
'action' : 'postman_test_smtps',
'hostname' : hostname,
'port' : port,
- '_wpnonce' : jQuery('#_wpnonce').val(),
+ 'security' : jQuery('#security').val(),
};
jQuery
.post(
diff --git a/Postman/Postman-Mail/PostmanSmtpModuleTransport.php b/Postman/Postman-Mail/PostmanSmtpModuleTransport.php
index f7d8009..7442972 100644
--- a/Postman/Postman-Mail/PostmanSmtpModuleTransport.php
+++ b/Postman/Postman-Mail/PostmanSmtpModuleTransport.php
@@ -542,6 +542,8 @@ class PostmanSmtpModuleTransport extends PostmanAbstractZendModuleTransport impl
printf( '<legend>%s</legend>', _x( 'Which host will relay the mail?', 'Wizard Step Title', 'post-smtp' ) );
printf( '<p>%s</p>', __( 'This is the Outgoing (SMTP) Mail Server, or Mail Submission Agent (MSA), which Postman delegates mail delivery to. This server is specific to your email account, and if you don\'t know what to use, ask your email service provider.', 'post-smtp' ) );
printf( '<p>%s</p>', __( 'Note that many WordPress hosts, such as GoDaddy, Bluehost and Dreamhost, require that you use their mail accounts with their mail servers, and prevent you from using others.', 'post-smtp' ) );
+
+ printf( '<div><strong><u>%s</u></strong></div><br>', __( 'If you plan to use An API and not SMTP just type any value.', 'post-smtp' ) );
printf( '<label for="hostname">%s</label>', __( 'Outgoing Mail Server Hostname', 'post-smtp' ) );
print $this->hostname_callback();
printf( '<p class="ajax-loader" style="display:none"><img src="%s"/></p>', plugins_url( 'post-smtp/style/ajax-loader.gif' ) );
diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php
index e33f6c4..1b73378 100644
--- a/Postman/PostmanInputSanitizer.php
+++ b/Postman/PostmanInputSanitizer.php
@@ -93,6 +93,8 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
$this->sanitizeString( 'Fallback username', PostmanOptions::FALLBACK_SMTP_USERNAME, $input, $new_input );
$this->sanitizePassword( 'Fallback password', PostmanOptions::FALLBACK_SMTP_PASSWORD, $input, $new_input, $this->options->getFallbackPassword() );
+ $new_input = apply_filters( 'post_smtp_sanitize', $new_input, $input, $this );
+
if ( $new_input [ PostmanOptions::CLIENT_ID ] != $this->options->getClientId() || $new_input [ PostmanOptions::CLIENT_SECRET ] != $this->options->getClientSecret() || $new_input [ PostmanOptions::HOSTNAME ] != $this->options->getHostname() ) {
$this->logger->debug( 'Recognized new Client ID' );
// the user entered a new client id and we should destroy the stored auth token
@@ -115,7 +117,8 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
return $new_input;
}
- private function sanitizeString( $desc, $key, $input, &$new_input ) {
+
+ public function sanitizeString( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$this->logSanitize( $desc, $input [ $key ] );
$new_input [ $key ] = trim( $input [ $key ] );
@@ -130,7 +133,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
* @param mixed $input
* @param mixed $new_input
*/
- private function sanitizePassword( $desc, $key, $input, &$new_input, $existingPassword ) {
+ public function sanitizePassword( $desc, $key, $input, &$new_input, $existingPassword ) {
// WordPress calling Sanitize twice is a known issue
// https://core.trac.wordpress.org/ticket/21989
$action = PostmanSession::getInstance()->getAction();
diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php
index 7d5c35d..e41234c 100644
--- a/Postman/PostmanViewController.php
+++ b/Postman/PostmanViewController.php
@@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
}
function enqueueHomeScreenStylesheet() {
wp_enqueue_style( PostmanViewController::POSTMAN_STYLE );
- wp_enqueue_script( 'postman_script' );
+ wp_enqueue_script( PostmanViewController::POSTMAN_SCRIPT );
}
/**