diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
| commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
| tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/PostmanUtils.php | |
| parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
| download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip | |
Security issues
Diffstat (limited to 'Postman/PostmanUtils.php')
| -rw-r--r-- | Postman/PostmanUtils.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Postman/PostmanUtils.php b/Postman/PostmanUtils.php index 6858fe3..335d0f3 100644 --- a/Postman/PostmanUtils.php +++ b/Postman/PostmanUtils.php @@ -1,4 +1,7 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} require_once 'PostmanLogger.php'; require_once 'PostmanState.php'; @@ -368,9 +371,9 @@ class PostmanUtils { */ static function postmanGetServerName() { if ( ! empty( $_SERVER ['SERVER_NAME'] ) ) { - $serverName = $_SERVER ['SERVER_NAME']; + $serverName = sanitize_text_field($_SERVER ['SERVER_NAME']); } else if ( ! empty( $_SERVER ['HTTP_HOST'] ) ) { - $serverName = $_SERVER ['HTTP_HOST']; + $serverName = sanitize_text_field($_SERVER ['HTTP_HOST']); } else { $serverName = 'localhost.localdomain'; } @@ -410,6 +413,7 @@ class PostmanUtils { * @param mixed $callbackName */ public static function registerAjaxHandler( $actionName, $class, $callbackName ) { + if ( is_admin() ) { $fullname = 'wp_ajax_' . $actionName; // $this->logger->debug ( 'Registering ' . 'wp_ajax_' . $fullname . ' Ajax handler' ); |