diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
| commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
| tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/Postman-Diagnostic-Test | |
| parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
| download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip | |
Security issues
Diffstat (limited to 'Postman/Postman-Diagnostic-Test')
| -rw-r--r-- | Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php | 12 | ||||
| -rw-r--r-- | Postman/Postman-Diagnostic-Test/postman_diagnostics.js | 3 |
2 files changed, 14 insertions, 1 deletions
diff --git a/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php b/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php index 82eb558..18a3ec5 100644 --- a/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php +++ b/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php @@ -1,4 +1,7 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} class PostmanDiagnosticTestController { const DIAGNOSTICS_SLUG = 'postman/diagnostics'; @@ -100,6 +103,12 @@ class PostmanDiagnosticTestController { PostmanViewController::outputChildPageHeader( __( 'Diagnostic Test', 'post-smtp' ) ); + ?> + <form> + <?php wp_nonce_field('post-smtp', 'security' ); ?> + </form> + <?php + printf( '<h4>%s</h4>', __( 'Are you having issues with Postman?', 'post-smtp' ) ); /* translators: where %1$s and %2$s are the URLs to the Troubleshooting and Support Forums on WordPress.org */ printf( '<p style="margin:0 10px">%s</p>', sprintf( __( 'Please check the <a href="%1$s">troubleshooting and error messages</a> page and the <a href="%2$s">support forum</a>.', 'post-smtp' ), 'https://wordpress.org/plugins/post-smtp/other_notes/', 'https://wordpress.org/support/plugin/post-smtp' ) ); @@ -208,6 +217,9 @@ class PostmanGetDiagnosticsViaAjax { /** */ public function getDiagnostics() { + + check_admin_referer('post-smtp', 'security'); + $curl = curl_version(); $transportRegistry = PostmanTransportRegistry::getInstance(); $this->addToDiagnostics( 'Mailer', PostmanOptions::getInstance()->getSmtpMailer() ); diff --git a/Postman/Postman-Diagnostic-Test/postman_diagnostics.js b/Postman/Postman-Diagnostic-Test/postman_diagnostics.js index 4aeaa5c..140668e 100644 --- a/Postman/Postman-Diagnostic-Test/postman_diagnostics.js +++ b/Postman/Postman-Diagnostic-Test/postman_diagnostics.js @@ -6,7 +6,8 @@ jQuery(document).ready(function() { */ function getDiagnosticData() { var data = { - 'action' : 'postman_diagnostics' + 'action' : 'postman_diagnostics', + 'security' : jQuery('#security').val() }; jQuery.post(ajaxurl, data, function(response) { if (response.success) { |