diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
| commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
| tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php | |
| parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
| download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip | |
Security issues
Diffstat (limited to 'Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php')
| -rw-r--r-- | Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php index b423c05..3e17dbd 100644 --- a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php +++ b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php @@ -1,4 +1,7 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} class PostmanConnectivityTestController { @@ -137,6 +140,9 @@ class PostmanConnectivityTestController { print '<p>'; print __( 'This test determines which well-known ports are available for Postman to use.', 'post-smtp' ); print '<form id="port_test_form_id" method="post">'; + + wp_nonce_field('post-smtp', 'security' ); + printf( '<label for="hostname">%s</label>', __( 'Outgoing Mail Server Hostname', 'post-smtp' ) ); $this->port_test_hostname_callback(); submit_button( _x( 'Begin Test', 'Button Label', 'post-smtp' ), 'primary', 'begin-port-test', true ); @@ -205,6 +211,9 @@ class PostmanPortTestAjaxController { * combinations to run the connectivity test on */ function getPortsToTestViaAjax() { + + check_admin_referer('post-smtp', 'security'); + $queryHostname = PostmanUtils::getRequestParameter( 'hostname' ); // originalSmtpServer is what SmtpDiscovery thinks the SMTP server should be, given an email address $originalSmtpServer = PostmanUtils::getRequestParameter( 'original_smtp_server' ); @@ -222,6 +231,9 @@ class PostmanPortTestAjaxController { * This Ajax function retrieves whether a TCP port is open or not */ function runPortQuizTest() { + + check_admin_referer('post-smtp', 'security'); + $hostname = 'portquiz.net'; $port = intval( PostmanUtils::getRequestParameter( 'port' ) ); $this->logger->debug( 'testing TCP port: hostname ' . $hostname . ' port ' . $port ); @@ -235,6 +247,9 @@ class PostmanPortTestAjaxController { * This is called by both the Wizard and Port Test */ function runSmtpTest() { + + check_admin_referer('post-smtp', 'security'); + $hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) ); $port = intval( PostmanUtils::getRequestParameter( 'port' ) ); $transport = trim( PostmanUtils::getRequestParameter( 'transport' ) ); @@ -258,6 +273,9 @@ class PostmanPortTestAjaxController { * This Ajax function retrieves whether a TCP port is open or not */ function runSmtpsTest() { + + check_admin_referer('post-smtp', 'security'); + $hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) ); $port = intval( PostmanUtils::getRequestParameter( 'port' ) ); $transport = trim( PostmanUtils::getRequestParameter( 'transport' ) ); |