diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
| commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
| tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/Postman-Connectivity-Test | |
| parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
| download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip | |
Security issues
Diffstat (limited to 'Postman/Postman-Connectivity-Test')
3 files changed, 30 insertions, 4 deletions
diff --git a/Postman/Postman-Connectivity-Test/Postman-PortTest.php b/Postman/Postman-Connectivity-Test/Postman-PortTest.php index 91d18f1..adbe530 100644 --- a/Postman/Postman-Connectivity-Test/Postman-PortTest.php +++ b/Postman/Postman-Connectivity-Test/Postman-PortTest.php @@ -1,4 +1,8 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} + require_once ("registered-domain-libs-master/PHP/effectiveTLDs.inc.php"); require_once ("registered-domain-libs-master/PHP/regDomain.inc.php"); diff --git a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php index b423c05..3e17dbd 100644 --- a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php +++ b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php @@ -1,4 +1,7 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} class PostmanConnectivityTestController { @@ -137,6 +140,9 @@ class PostmanConnectivityTestController { print '<p>'; print __( 'This test determines which well-known ports are available for Postman to use.', 'post-smtp' ); print '<form id="port_test_form_id" method="post">'; + + wp_nonce_field('post-smtp', 'security' ); + printf( '<label for="hostname">%s</label>', __( 'Outgoing Mail Server Hostname', 'post-smtp' ) ); $this->port_test_hostname_callback(); submit_button( _x( 'Begin Test', 'Button Label', 'post-smtp' ), 'primary', 'begin-port-test', true ); @@ -205,6 +211,9 @@ class PostmanPortTestAjaxController { * combinations to run the connectivity test on */ function getPortsToTestViaAjax() { + + check_admin_referer('post-smtp', 'security'); + $queryHostname = PostmanUtils::getRequestParameter( 'hostname' ); // originalSmtpServer is what SmtpDiscovery thinks the SMTP server should be, given an email address $originalSmtpServer = PostmanUtils::getRequestParameter( 'original_smtp_server' ); @@ -222,6 +231,9 @@ class PostmanPortTestAjaxController { * This Ajax function retrieves whether a TCP port is open or not */ function runPortQuizTest() { + + check_admin_referer('post-smtp', 'security'); + $hostname = 'portquiz.net'; $port = intval( PostmanUtils::getRequestParameter( 'port' ) ); $this->logger->debug( 'testing TCP port: hostname ' . $hostname . ' port ' . $port ); @@ -235,6 +247,9 @@ class PostmanPortTestAjaxController { * This is called by both the Wizard and Port Test */ function runSmtpTest() { + + check_admin_referer('post-smtp', 'security'); + $hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) ); $port = intval( PostmanUtils::getRequestParameter( 'port' ) ); $transport = trim( PostmanUtils::getRequestParameter( 'transport' ) ); @@ -258,6 +273,9 @@ class PostmanPortTestAjaxController { * This Ajax function retrieves whether a TCP port is open or not */ function runSmtpsTest() { + + check_admin_referer('post-smtp', 'security'); + $hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) ); $port = intval( PostmanUtils::getRequestParameter( 'port' ) ); $transport = trim( PostmanUtils::getRequestParameter( 'transport' ) ); diff --git a/Postman/Postman-Connectivity-Test/postman_port_test.js b/Postman/Postman-Connectivity-Test/postman_port_test.js index 138b4ef..1d5c3fb 100644 --- a/Postman/Postman-Connectivity-Test/postman_port_test.js +++ b/Postman/Postman-Connectivity-Test/postman_port_test.js @@ -23,7 +23,8 @@ jQuery(document).ready(function() { var hostname = jQuery(postman_hostname_element_name).val(); var data = { 'action' : 'postman_get_hosts_to_test', - 'hostname' : hostname + 'hostname' : hostname, + 'security' : jQuery('#security').val(), }; totalPortsTested = 0; @@ -71,7 +72,8 @@ function portQuizTest(socket, hostname, port) { var data = { 'action' : 'postman_port_quiz_test', 'hostname' : hostname, - 'port' : port + 'port' : port, + '_wpnonce' : jQuery('#_wpnonce').val(), }; jQuery.post( ajaxurl, @@ -104,7 +106,8 @@ function firstServiceTest(socket, hostname, port, open) { var data = { 'action' : 'postman_test_port', 'hostname' : hostname, - 'port' : port + 'port' : port, + 'security' : jQuery('#security').val(), }; jQuery .post( @@ -197,7 +200,8 @@ function portTest3(socket, hostname, port, open) { var data = { 'action' : 'postman_test_smtps', 'hostname' : hostname, - 'port' : port + 'port' : port, + '_wpnonce' : jQuery('#_wpnonce').val(), }; jQuery .post( |