summaryrefslogtreecommitdiff
path: root/Postman
diff options
context:
space:
mode:
authoryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-19 20:57:47 +0000
committeryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-19 20:57:47 +0000
commitd1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch)
treeba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman
parent7aa4390a6702059342aad220e53e3aa4efc9caad (diff)
downloadPost-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip
Security issues
Diffstat (limited to 'Postman')
-rw-r--r--Postman/Phpmailer/PostsmtpMailer.php3
-rw-r--r--Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php3
-rw-r--r--Postman/Postman-Auth/PostmanAuthenticationManager.php3
-rw-r--r--Postman/Postman-Auth/PostmanAuthenticationManagerFactory.php3
-rw-r--r--Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php3
-rw-r--r--Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php3
-rw-r--r--Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php3
-rw-r--r--Postman/Postman-Auth/PostmanStateIdMissingException.php3
-rw-r--r--Postman/Postman-Auth/PostmanYahooAuthenticationManager.php3
-rw-r--r--Postman/Postman-Configuration/PostmanConfigurationController.php21
-rw-r--r--Postman/Postman-Configuration/PostmanImportableConfiguration.php4
-rw-r--r--Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php6
-rw-r--r--Postman/Postman-Configuration/PostmanSmtpDiscovery.php4
-rw-r--r--Postman/Postman-Configuration/postman_manual_config.js2
-rw-r--r--Postman/Postman-Configuration/postman_wizard.js22
-rw-r--r--Postman/Postman-Connectivity-Test/Postman-PortTest.php4
-rw-r--r--Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php18
-rw-r--r--Postman/Postman-Connectivity-Test/postman_port_test.js12
-rw-r--r--Postman/Postman-Controller/PostmanAdminPointer.php4
-rw-r--r--Postman/Postman-Controller/PostmanDashboardWidgetController.php4
-rw-r--r--Postman/Postman-Controller/PostmanManageConfigurationAjaxHandler.php4
-rw-r--r--Postman/Postman-Controller/PostmanWelcomeController.php3
-rw-r--r--Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php12
-rw-r--r--Postman/Postman-Diagnostic-Test/postman_diagnostics.js3
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogController.php22
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogPostType.php3
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogService.php4
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogView.php10
-rw-r--r--Postman/Postman-Mail/PostmanContactForm7.php3
-rw-r--r--Postman/Postman-Mail/PostmanDefaultModuleTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanEmailAddress.php4
-rw-r--r--Postman/Postman-Mail/PostmanGmailApiModuleTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanGmailApiModuleZendMailTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanMailEngine.php4
-rw-r--r--Postman/Postman-Mail/PostmanMailgunMailEngine.php4
-rw-r--r--Postman/Postman-Mail/PostmanMailgunTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanMandrillMailEngine.php4
-rw-r--r--Postman/Postman-Mail/PostmanMandrillTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanMessage.php4
-rw-r--r--Postman/Postman-Mail/PostmanModuleTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanMyMailConnector.php4
-rw-r--r--Postman/Postman-Mail/PostmanSendGridMailEngine.php3
-rw-r--r--Postman/Postman-Mail/PostmanSendGridTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanSmtpModuleTransport.php4
-rw-r--r--Postman/Postman-Mail/PostmanTransportRegistry.php4
-rw-r--r--Postman/Postman-Mail/PostmanWooCommerce.php3
-rw-r--r--Postman/Postman-Mail/PostmanZendMailEngine.php4
-rw-r--r--Postman/Postman-Mail/PostmanZendMailTransportConfigurationFactory.php4
-rw-r--r--Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php9
-rw-r--r--Postman/Postman-Send-Test-Email/postman_send_test_email.js3
-rw-r--r--Postman/Postman.php33
-rw-r--r--Postman/PostmanAdminController.php4
-rw-r--r--Postman/PostmanAjaxController.php4
-rw-r--r--Postman/PostmanConfigTextHelper.php4
-rw-r--r--Postman/PostmanEmailLogs.php4
-rw-r--r--Postman/PostmanInputSanitizer.php3
-rw-r--r--Postman/PostmanInstaller.php4
-rw-r--r--Postman/PostmanLogger.php4
-rw-r--r--Postman/PostmanMessageHandler.php3
-rw-r--r--Postman/PostmanOAuthToken.php3
-rw-r--r--Postman/PostmanOptions.php3
-rw-r--r--Postman/PostmanPluginFeedback.php6
-rw-r--r--Postman/PostmanPreRequisitesCheck.php3
-rw-r--r--Postman/PostmanSession.php3
-rw-r--r--Postman/PostmanState.php3
-rw-r--r--Postman/PostmanUtils.php8
-rw-r--r--Postman/PostmanViewController.php14
-rw-r--r--Postman/PostmanWpMail.php6
-rw-r--r--Postman/PostmanWpMailBinder.php3
-rw-r--r--Postman/notifications/INotify.php3
-rw-r--r--Postman/notifications/PostmanMailNotify.php4
-rw-r--r--Postman/notifications/PostmanNotify.php3
-rw-r--r--Postman/notifications/PostmanPushoverNotify.php4
-rw-r--r--Postman/notifications/PostmanSlackNotify.php4
74 files changed, 344 insertions, 67 deletions
diff --git a/Postman/Phpmailer/PostsmtpMailer.php b/Postman/Phpmailer/PostsmtpMailer.php
index 9eee0a7..b3a421b 100644
--- a/Postman/Phpmailer/PostsmtpMailer.php
+++ b/Postman/Phpmailer/PostsmtpMailer.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
require_once ABSPATH . WPINC . '/class-phpmailer.php';
require_once ABSPATH . WPINC . '/class-smtp.php';
diff --git a/Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php b/Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php
index 75d734b..7402ba7 100644
--- a/Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php
+++ b/Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanAbstractAuthenticationManager" )) {
require_once 'PostmanAuthenticationManager.php';
diff --git a/Postman/Postman-Auth/PostmanAuthenticationManager.php b/Postman/Postman-Auth/PostmanAuthenticationManager.php
index 56cc697..c405459 100644
--- a/Postman/Postman-Auth/PostmanAuthenticationManager.php
+++ b/Postman/Postman-Auth/PostmanAuthenticationManager.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! interface_exists ( "PostmanAuthenticationManager" )) {
interface PostmanAuthenticationManager {
const POSTMAN_AUTHORIZATION_IN_PROGRESS = 'request_oauth_permission';
diff --git a/Postman/Postman-Auth/PostmanAuthenticationManagerFactory.php b/Postman/Postman-Auth/PostmanAuthenticationManagerFactory.php
index fec81a1..799b999 100644
--- a/Postman/Postman-Auth/PostmanAuthenticationManagerFactory.php
+++ b/Postman/Postman-Auth/PostmanAuthenticationManagerFactory.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanAuthenticationManagerFactory" )) {
require_once 'PostmanGoogleAuthenticationManager.php';
diff --git a/Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php b/Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php
index 4bbe27b..c00afba 100644
--- a/Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php
+++ b/Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanGoogleAuthenticationManager" )) {
require_once 'PostmanAbstractAuthenticationManager.php';
diff --git a/Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php b/Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php
index a724f04..96fb529 100644
--- a/Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php
+++ b/Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanMicrosoftAuthenticationManager" )) {
require_once 'PostmanAbstractAuthenticationManager.php';
diff --git a/Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php b/Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php
index 7ab1b5a..ed4f0c3 100644
--- a/Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php
+++ b/Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanNonOAuthAuthenticationManager" )) {
require_once 'PostmanAuthenticationManager.php';
diff --git a/Postman/Postman-Auth/PostmanStateIdMissingException.php b/Postman/Postman-Auth/PostmanStateIdMissingException.php
index 94a973d..afa16c2 100644
--- a/Postman/Postman-Auth/PostmanStateIdMissingException.php
+++ b/Postman/Postman-Auth/PostmanStateIdMissingException.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanStateIdMissingException' )) {
class PostmanStateIdMissingException extends Exception {
}
diff --git a/Postman/Postman-Auth/PostmanYahooAuthenticationManager.php b/Postman/Postman-Auth/PostmanYahooAuthenticationManager.php
index 56d7b9e..86c35d9 100644
--- a/Postman/Postman-Auth/PostmanYahooAuthenticationManager.php
+++ b/Postman/Postman-Auth/PostmanYahooAuthenticationManager.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanYahooAuthenticationManager" )) {
require_once 'PostmanAbstractAuthenticationManager.php';
diff --git a/Postman/Postman-Configuration/PostmanConfigurationController.php b/Postman/Postman-Configuration/PostmanConfigurationController.php
index a81605a..4cade58 100644
--- a/Postman/Postman-Configuration/PostmanConfigurationController.php
+++ b/Postman/Postman-Configuration/PostmanConfigurationController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once( 'PostmanRegisterConfigurationSettings.php' );
class PostmanConfigurationController {
const CONFIGURATION_SLUG = 'postman/configuration';
@@ -207,6 +211,9 @@ class PostmanConfigurationController {
print '</ul>';
print '<form method="post" action="options.php">';
+
+ wp_nonce_field('post-smtp', 'security');
+
// This prints out all hidden setting fields
settings_fields( PostmanAdminController::SETTINGS_GROUP_NAME );
@@ -441,6 +448,8 @@ class PostmanConfigurationController {
printf( '<input type="hidden" id="input_%2$s" name="%1$s[%2$s]" value="%3$s" />', PostmanOptions::POSTMAN_OPTIONS, PostmanOptions::STEALTH_MODE, $this->options->isStealthModeEnabled() );
printf( '<input type="hidden" id="input_%2$s" name="%1$s[%2$s]" value="%3$s" />', PostmanOptions::POSTMAN_OPTIONS, PostmanOptions::TEMPORARY_DIRECTORY, $this->options->getTempDirectory() );
+ wp_nonce_field('post-smtp', 'security' );
+
// display the setting text
settings_fields( PostmanAdminController::SETTINGS_GROUP_NAME );
@@ -622,6 +631,9 @@ class PostmanGetHostnameByEmailAjaxController extends PostmanAbstractAjaxHandler
* This Ajax function retrieves the smtp hostname for a give e-mail address
*/
function getAjaxHostnameByEmail() {
+
+ check_admin_referer('post-smtp', 'security');
+
$goDaddyHostDetected = $this->getBooleanRequestParameter( 'go_daddy' );
$email = $this->getRequestParameter( 'email' );
$d = new PostmanSmtpDiscovery( $email );
@@ -656,6 +668,9 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
* @throws Exception
*/
function getManualConfigurationViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$queryTransportType = $this->getTransportTypeFromRequest();
$queryAuthType = $this->getAuthenticationTypeFromRequest();
$queryHostname = $this->getHostnameFromRequest();
@@ -686,6 +701,9 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
* The UI response is built so the user may choose a different socket with different options.
*/
function getWizardConfigurationViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$this->logger->debug( 'in getWizardConfiguration' );
$originalSmtpServer = $this->getRequestParameter( 'original_smtp_server' );
$queryHostData = $this->getHostDataFromRequest();
@@ -895,6 +913,9 @@ class PostmanImportConfigurationAjaxController extends PostmanAbstractAjaxHandle
* and pushes them into the Postman configuration screen.
*/
function getConfigurationFromExternalPluginViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$importableConfiguration = new PostmanImportableConfiguration();
$plugin = $this->getRequestParameter( 'plugin' );
$this->logger->debug( 'Looking for config=' . $plugin );
diff --git a/Postman/Postman-Configuration/PostmanImportableConfiguration.php b/Postman/Postman-Configuration/PostmanImportableConfiguration.php
index ba807d3..0008221 100644
--- a/Postman/Postman-Configuration/PostmanImportableConfiguration.php
+++ b/Postman/Postman-Configuration/PostmanImportableConfiguration.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! interface_exists ( 'PostmanPluginOptions' )) {
interface PostmanPluginOptions {
public function getPluginSlug();
diff --git a/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php b/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
index 84305a3..6ddebd7 100644
--- a/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
+++ b/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
class PostmanSettingsRegistry {
private $options;
@@ -11,7 +15,7 @@ class PostmanSettingsRegistry {
* Fires on the admin_init method
*/
public function on_admin_init() {
- $this->registerSettings();
+ $this->registerSettings();
}
/**
diff --git a/Postman/Postman-Configuration/PostmanSmtpDiscovery.php b/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
index 44da3bb..67a58b3 100644
--- a/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
+++ b/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( 'PostmanSmtpMappings' )) {
class PostmanSmtpMappings {
// if an email is in this domain array, it is a known smtp server (easy lookup)
diff --git a/Postman/Postman-Configuration/postman_manual_config.js b/Postman/Postman-Configuration/postman_manual_config.js
index 293df28..a47df1a 100644
--- a/Postman/Postman-Configuration/postman_manual_config.js
+++ b/Postman/Postman-Configuration/postman_manual_config.js
@@ -77,11 +77,13 @@ function reloadOauthSection() {
var hostname = jQuery(postman_hostname_element_name).val();
var transport = jQuery('#input_transport_type').val();
var authtype = jQuery('select#input_auth_type').val();
+ var security = jQuery('#security').val();
var data = {
'action' : 'manual_config',
'auth_type' : authtype,
'hostname' : hostname,
'transport' : transport,
+ 'security' : security
};
jQuery.post(ajaxurl, data, function(response) {
if (response.success) {
diff --git a/Postman/Postman-Configuration/postman_wizard.js b/Postman/Postman-Configuration/postman_wizard.js
index c29edb4..d844322 100644
--- a/Postman/Postman-Configuration/postman_wizard.js
+++ b/Postman/Postman-Configuration/postman_wizard.js
@@ -33,7 +33,8 @@ function checkGoDaddyAndCheckEmail(email) {
'action' : 'postman_wizard_port_test',
'hostname' : 'relay-hosting.secureserver.net',
'port' : 25,
- 'timeout' : 3
+ 'timeout' : 3,
+ 'security' : jQuery('#security').val(),
};
goDaddy = 'unknown';
checkedEmail = false;
@@ -50,7 +51,8 @@ function checkEmail(goDaddyHostDetected, email) {
var data = {
'action' : 'postman_check_email',
'go_daddy' : goDaddyHostDetected,
- 'email' : email
+ 'email' : email,
+ 'security' : jQuery('#security').val()
};
jQuery.post(
ajaxurl,
@@ -282,7 +284,8 @@ function getHostsToCheck(hostname) {
var data = {
'action' : 'postman_get_hosts_to_test',
'hostname' : hostname,
- 'original_smtp_server' : smtpDiscovery.hostname
+ 'original_smtp_server' : smtpDiscovery.hostname,
+ 'security' : jQuery('#security').val(),
};
jQuery.post(ajaxurl, data, function(response) {
if (postmanValidateAjaxResponseWithPopup(response)) {
@@ -311,7 +314,8 @@ function handleHostsToCheckResponse(response) {
'action' : 'postman_wizard_port_test',
'hostname' : hostname,
'port' : port,
- 'transport' : transport
+ 'transport' : transport,
+ 'security' : jQuery('#security').val(),
};
postThePortTest(hostname, port, data);
}
@@ -358,6 +362,7 @@ function handlePortTestResponse(hostname, port, data, response) {
} else {
// SMTP failed, try again on the SMTPS port
data['action'] = 'postman_wizard_port_test_smtps';
+ data['security'] = jQuery('#security').val();
postThePortTest(hostname, port, data);
}
}
@@ -386,7 +391,8 @@ function afterPortsChecked() {
var data = {
'action' : 'get_wizard_configuration_options',
'original_smtp_server' : smtpDiscovery.hostname,
- 'host_data' : connectivtyTestResults
+ 'host_data' : connectivtyTestResults,
+ 'security': jQuery('#security').val()
};
postTheConfigurationRequest(data);
hide('#connectivity_test_status');
@@ -403,7 +409,8 @@ function userOverrideMenu() {
"input:radio[name='user_socket_override']:checked").val(),
'user_auth_override' : jQuery(
"input:radio[name='user_auth_override']:checked").val(),
- 'host_data' : connectivtyTestResults
+ 'host_data' : connectivtyTestResults,
+ 'security' : jQuery('#security').val()
};
postTheConfigurationRequest(data);
}
@@ -544,7 +551,8 @@ function getConfiguration() {
if (plugin != '') {
var data = {
'action' : 'import_configuration',
- 'plugin' : plugin
+ 'plugin' : plugin,
+ '_wpnonce' : jQuery('#_wpnonce').val(),
};
jQuery
.post(
diff --git a/Postman/Postman-Connectivity-Test/Postman-PortTest.php b/Postman/Postman-Connectivity-Test/Postman-PortTest.php
index 91d18f1..adbe530 100644
--- a/Postman/Postman-Connectivity-Test/Postman-PortTest.php
+++ b/Postman/Postman-Connectivity-Test/Postman-PortTest.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once ("registered-domain-libs-master/PHP/effectiveTLDs.inc.php");
require_once ("registered-domain-libs-master/PHP/regDomain.inc.php");
diff --git a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
index b423c05..3e17dbd 100644
--- a/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
+++ b/Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanConnectivityTestController {
@@ -137,6 +140,9 @@ class PostmanConnectivityTestController {
print '<p>';
print __( 'This test determines which well-known ports are available for Postman to use.', 'post-smtp' );
print '<form id="port_test_form_id" method="post">';
+
+ wp_nonce_field('post-smtp', 'security' );
+
printf( '<label for="hostname">%s</label>', __( 'Outgoing Mail Server Hostname', 'post-smtp' ) );
$this->port_test_hostname_callback();
submit_button( _x( 'Begin Test', 'Button Label', 'post-smtp' ), 'primary', 'begin-port-test', true );
@@ -205,6 +211,9 @@ class PostmanPortTestAjaxController {
* combinations to run the connectivity test on
*/
function getPortsToTestViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$queryHostname = PostmanUtils::getRequestParameter( 'hostname' );
// originalSmtpServer is what SmtpDiscovery thinks the SMTP server should be, given an email address
$originalSmtpServer = PostmanUtils::getRequestParameter( 'original_smtp_server' );
@@ -222,6 +231,9 @@ class PostmanPortTestAjaxController {
* This Ajax function retrieves whether a TCP port is open or not
*/
function runPortQuizTest() {
+
+ check_admin_referer('post-smtp', 'security');
+
$hostname = 'portquiz.net';
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
$this->logger->debug( 'testing TCP port: hostname ' . $hostname . ' port ' . $port );
@@ -235,6 +247,9 @@ class PostmanPortTestAjaxController {
* This is called by both the Wizard and Port Test
*/
function runSmtpTest() {
+
+ check_admin_referer('post-smtp', 'security');
+
$hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) );
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
$transport = trim( PostmanUtils::getRequestParameter( 'transport' ) );
@@ -258,6 +273,9 @@ class PostmanPortTestAjaxController {
* This Ajax function retrieves whether a TCP port is open or not
*/
function runSmtpsTest() {
+
+ check_admin_referer('post-smtp', 'security');
+
$hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) );
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
$transport = trim( PostmanUtils::getRequestParameter( 'transport' ) );
diff --git a/Postman/Postman-Connectivity-Test/postman_port_test.js b/Postman/Postman-Connectivity-Test/postman_port_test.js
index 138b4ef..1d5c3fb 100644
--- a/Postman/Postman-Connectivity-Test/postman_port_test.js
+++ b/Postman/Postman-Connectivity-Test/postman_port_test.js
@@ -23,7 +23,8 @@ jQuery(document).ready(function() {
var hostname = jQuery(postman_hostname_element_name).val();
var data = {
'action' : 'postman_get_hosts_to_test',
- 'hostname' : hostname
+ 'hostname' : hostname,
+ 'security' : jQuery('#security').val(),
};
totalPortsTested = 0;
@@ -71,7 +72,8 @@ function portQuizTest(socket, hostname, port) {
var data = {
'action' : 'postman_port_quiz_test',
'hostname' : hostname,
- 'port' : port
+ 'port' : port,
+ '_wpnonce' : jQuery('#_wpnonce').val(),
};
jQuery.post(
ajaxurl,
@@ -104,7 +106,8 @@ function firstServiceTest(socket, hostname, port, open) {
var data = {
'action' : 'postman_test_port',
'hostname' : hostname,
- 'port' : port
+ 'port' : port,
+ 'security' : jQuery('#security').val(),
};
jQuery
.post(
@@ -197,7 +200,8 @@ function portTest3(socket, hostname, port, open) {
var data = {
'action' : 'postman_test_smtps',
'hostname' : hostname,
- 'port' : port
+ 'port' : port,
+ '_wpnonce' : jQuery('#_wpnonce').val(),
};
jQuery
.post(
diff --git a/Postman/Postman-Controller/PostmanAdminPointer.php b/Postman/Postman-Controller/PostmanAdminPointer.php
index 15fb52d..a05376b 100644
--- a/Postman/Postman-Controller/PostmanAdminPointer.php
+++ b/Postman/Postman-Controller/PostmanAdminPointer.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( 'PostmanAdminPointer' )) {
/**
diff --git a/Postman/Postman-Controller/PostmanDashboardWidgetController.php b/Postman/Postman-Controller/PostmanDashboardWidgetController.php
index 6233315..8f6bae6 100644
--- a/Postman/Postman-Controller/PostmanDashboardWidgetController.php
+++ b/Postman/Postman-Controller/PostmanDashboardWidgetController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( "PostmanDashboardWidgetController" )) {
//
diff --git a/Postman/Postman-Controller/PostmanManageConfigurationAjaxHandler.php b/Postman/Postman-Controller/PostmanManageConfigurationAjaxHandler.php
index 1260dad..82472c3 100644
--- a/Postman/Postman-Controller/PostmanManageConfigurationAjaxHandler.php
+++ b/Postman/Postman-Controller/PostmanManageConfigurationAjaxHandler.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
class PostmanWizardSocket {
// these variables are populated by the Port Test
diff --git a/Postman/Postman-Controller/PostmanWelcomeController.php b/Postman/Postman-Controller/PostmanWelcomeController.php
index 869848a..e37d3e8 100644
--- a/Postman/Postman-Controller/PostmanWelcomeController.php
+++ b/Postman/Postman-Controller/PostmanWelcomeController.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanWelcomeController {
diff --git a/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php b/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php
index 82eb558..18a3ec5 100644
--- a/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php
+++ b/Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanDiagnosticTestController {
const DIAGNOSTICS_SLUG = 'postman/diagnostics';
@@ -100,6 +103,12 @@ class PostmanDiagnosticTestController {
PostmanViewController::outputChildPageHeader( __( 'Diagnostic Test', 'post-smtp' ) );
+ ?>
+ <form>
+ <?php wp_nonce_field('post-smtp', 'security' ); ?>
+ </form>
+ <?php
+
printf( '<h4>%s</h4>', __( 'Are you having issues with Postman?', 'post-smtp' ) );
/* translators: where %1$s and %2$s are the URLs to the Troubleshooting and Support Forums on WordPress.org */
printf( '<p style="margin:0 10px">%s</p>', sprintf( __( 'Please check the <a href="%1$s">troubleshooting and error messages</a> page and the <a href="%2$s">support forum</a>.', 'post-smtp' ), 'https://wordpress.org/plugins/post-smtp/other_notes/', 'https://wordpress.org/support/plugin/post-smtp' ) );
@@ -208,6 +217,9 @@ class PostmanGetDiagnosticsViaAjax {
/**
*/
public function getDiagnostics() {
+
+ check_admin_referer('post-smtp', 'security');
+
$curl = curl_version();
$transportRegistry = PostmanTransportRegistry::getInstance();
$this->addToDiagnostics( 'Mailer', PostmanOptions::getInstance()->getSmtpMailer() );
diff --git a/Postman/Postman-Diagnostic-Test/postman_diagnostics.js b/Postman/Postman-Diagnostic-Test/postman_diagnostics.js
index 4aeaa5c..140668e 100644
--- a/Postman/Postman-Diagnostic-Test/postman_diagnostics.js
+++ b/Postman/Postman-Diagnostic-Test/postman_diagnostics.js
@@ -6,7 +6,8 @@ jQuery(document).ready(function() {
*/
function getDiagnosticData() {
var data = {
- 'action' : 'postman_diagnostics'
+ 'action' : 'postman_diagnostics',
+ 'security' : jQuery('#security').val()
};
jQuery.post(ajaxurl, data, function(response) {
if (response.success) {
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php
index 79751f3..d22b265 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogController.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once dirname(__DIR__) . '/PostmanEmailLogs.php';
require_once 'PostmanEmailLogService.php';
require_once 'PostmanEmailLogView.php';
@@ -73,7 +77,7 @@ class PostmanEmailLogController {
/**
*/
public function resendMail() {
- check_ajax_referer( 'resend', 'security' );
+ check_admin_referer( 'resend', 'security' );
// get the email address of the recipient from the HTTP Request
$postid = $this->getRequestParameter( 'email' );
@@ -200,8 +204,13 @@ class PostmanEmailLogController {
// only do this for administrators
if ( PostmanUtils::isAdmin() ) {
$this->logger->trace( 'handling view item' );
- $postid = $_REQUEST ['email'];
+ $postid = absint( $_REQUEST ['email'] );
$post = get_post( $postid );
+
+ if ( $post->post_type !== 'postman_sent_mail' ) {
+ return;
+ }
+
$meta_values = PostmanEmailLogs::get_data( $postid );
// https://css-tricks.com/examples/hrs/
print '<html><head><style>body {font-family: monospace;} hr {
@@ -369,18 +378,21 @@ class PostmanEmailLogController {
?>
<form id="postman-email-log-filter" method="post">
+ <input type="hidden" action="post-smtp-filter" value="1">
+ <?php wp_nonce_field('post-smtp', 'post-smtp-log'); ?>
+
<div id="email-log-filter" class="postman-log-row">
<div class="form-control">
<label for="from_date"><?php _e( 'From Date', 'post-smtp' ); ?></label>
- <input id="from_date" class="email-log-date" value="<?php echo $from_date; ?>" type="text" name="from_date" placeholder="<?php _e( 'From Date', 'post-smtp' ); ?>">
+ <input id="from_date" class="email-log-date" value="<?php echo esc_attr($from_date); ?>" type="text" name="from_date" placeholder="<?php _e( 'From Date', 'post-smtp' ); ?>">
</div>
<div class="form-control">
<label for="to_date"><?php _e( 'To Date', 'post-smtp' ); ?></label>
- <input id="to_date" class="email-log-date" value="<?php echo $to_date; ?>" type="text" name="to_date" placeholder="<?php _e( 'To Date', 'post-smtp' ); ?>">
+ <input id="to_date" class="email-log-date" value="<?php echo esc_attr($to_date); ?>" type="text" name="to_date" placeholder="<?php _e( 'To Date', 'post-smtp' ); ?>">
</div>
<div class="form-control">
<label for="search"><?php _e( 'Search', 'post-smtp' ); ?></label>
- <input id="search" type="text" name="search" value="<?php echo $search; ?>" placeholder="<?php _e( 'Search', 'post-smtp' ); ?>">
+ <input id="search" type="text" name="search" value="<?php echo esc_attr($search); ?>" placeholder="<?php _e( 'Search', 'post-smtp' ); ?>">
</div>
<div class="form-control">
<label id="postman_page_records"><?php _e( 'Records per page', 'post-smtp' ); ?></label>
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogPostType.php b/Postman/Postman-Email-Log/PostmanEmailLogPostType.php
index 38ab1d0..cf297db 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogPostType.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogPostType.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanEmailLogPostType' )) {
/**
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogService.php b/Postman/Postman-Email-Log/PostmanEmailLogService.php
index b1b1dff..75c3879 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogService.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogService.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if ( ! class_exists( 'PostmanEmailLog' ) ) {
class PostmanEmailLog {
public $sender;
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php
index a9722bd..02da123 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogView.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
require_once dirname(__DIR__) . '/PostmanEmailLogs.php';
/**
@@ -260,8 +262,12 @@ class PostmanEmailLogView extends WP_List_Table {
* ************************************************************************
*/
function prepare_items() {
+ if ( isset( $_POST['action'] ) && $_POST['action'] == 'post-smtp-filter' ) {
+ if ( ! wp_verify_nonce( $_REQUEST['post-smtp-log'], 'post-smtp' ) )
+ die( 'Security check' );
+ }
- /**
+ /**
* First, lets decide how many records per page to show
*/
$per_page = isset( $_POST['postman_page_records'] ) ? absint( $_POST['postman_page_records'] ) : 10;
diff --git a/Postman/Postman-Mail/PostmanContactForm7.php b/Postman/Postman-Mail/PostmanContactForm7.php
index 40fd698..8792b08 100644
--- a/Postman/Postman-Mail/PostmanContactForm7.php
+++ b/Postman/Postman-Mail/PostmanContactForm7.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class Postsmtp_ContactForm7 {
private $result_error;
diff --git a/Postman/Postman-Mail/PostmanDefaultModuleTransport.php b/Postman/Postman-Mail/PostmanDefaultModuleTransport.php
index 3234a26..e52c754 100644
--- a/Postman/Postman-Mail/PostmanDefaultModuleTransport.php
+++ b/Postman/Postman-Mail/PostmanDefaultModuleTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
if (! class_exists ( 'PostmanSmtpModuleTransport' )) {
class PostmanDefaultModuleTransport extends PostmanAbstractZendModuleTransport implements PostmanZendModuleTransport {
diff --git a/Postman/Postman-Mail/PostmanEmailAddress.php b/Postman/Postman-Mail/PostmanEmailAddress.php
index 123064d..d29b0f4 100644
--- a/Postman/Postman-Mail/PostmanEmailAddress.php
+++ b/Postman/Postman-Mail/PostmanEmailAddress.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( 'PostmanEmailAddress' )) {
class PostmanEmailAddress {
private $name;
diff --git a/Postman/Postman-Mail/PostmanGmailApiModuleTransport.php b/Postman/Postman-Mail/PostmanGmailApiModuleTransport.php
index 98fc1f1..fc9e351 100644
--- a/Postman/Postman-Mail/PostmanGmailApiModuleTransport.php
+++ b/Postman/Postman-Mail/PostmanGmailApiModuleTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
/**
diff --git a/Postman/Postman-Mail/PostmanGmailApiModuleZendMailTransport.php b/Postman/Postman-Mail/PostmanGmailApiModuleZendMailTransport.php
index 544d5fb..b190772 100644
--- a/Postman/Postman-Mail/PostmanGmailApiModuleZendMailTransport.php
+++ b/Postman/Postman-Mail/PostmanGmailApiModuleZendMailTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
/**
* Zend Framework
*
diff --git a/Postman/Postman-Mail/PostmanMailEngine.php b/Postman/Postman-Mail/PostmanMailEngine.php
index 16c799a..046178b 100644
--- a/Postman/Postman-Mail/PostmanMailEngine.php
+++ b/Postman/Postman-Mail/PostmanMailEngine.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! interface_exists ( "PostmanMailEngine" )) {
interface PostmanMailEngine {
diff --git a/Postman/Postman-Mail/PostmanMailgunMailEngine.php b/Postman/Postman-Mail/PostmanMailgunMailEngine.php
index abb0466..ce1ebb7 100644
--- a/Postman/Postman-Mail/PostmanMailgunMailEngine.php
+++ b/Postman/Postman-Mail/PostmanMailgunMailEngine.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'mailgun/mailgun.php';
use Mailgun\Mailgun;
diff --git a/Postman/Postman-Mail/PostmanMailgunTransport.php b/Postman/Postman-Mail/PostmanMailgunTransport.php
index 63173db..b56cadf 100644
--- a/Postman/Postman-Mail/PostmanMailgunTransport.php
+++ b/Postman/Postman-Mail/PostmanMailgunTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
/**
* Postman Mailgun module
diff --git a/Postman/Postman-Mail/PostmanMandrillMailEngine.php b/Postman/Postman-Mail/PostmanMandrillMailEngine.php
index 6ecc156..74980d3 100644
--- a/Postman/Postman-Mail/PostmanMandrillMailEngine.php
+++ b/Postman/Postman-Mail/PostmanMandrillMailEngine.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if ( ! class_exists( 'PostmanMandrillMailEngine' ) ) {
require_once 'mailchimp-mandrill-api-php-da3adc10042e/src/Mandrill.php';
diff --git a/Postman/Postman-Mail/PostmanMandrillTransport.php b/Postman/Postman-Mail/PostmanMandrillTransport.php
index 8284660..3279f2b 100644
--- a/Postman/Postman-Mail/PostmanMandrillTransport.php
+++ b/Postman/Postman-Mail/PostmanMandrillTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
/**
* Postman Mandrill module
diff --git a/Postman/Postman-Mail/PostmanMessage.php b/Postman/Postman-Mail/PostmanMessage.php
index 7f8949e..12099ba 100644
--- a/Postman/Postman-Mail/PostmanMessage.php
+++ b/Postman/Postman-Mail/PostmanMessage.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if ( ! class_exists( 'PostmanMessage' ) ) {
require_once 'PostmanEmailAddress.php';
diff --git a/Postman/Postman-Mail/PostmanModuleTransport.php b/Postman/Postman-Mail/PostmanModuleTransport.php
index 12d3d17..a0874e3 100644
--- a/Postman/Postman-Mail/PostmanModuleTransport.php
+++ b/Postman/Postman-Mail/PostmanModuleTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
/**
* Keep the interface_exists check here for Postman Gmail API Extension users!
*
diff --git a/Postman/Postman-Mail/PostmanMyMailConnector.php b/Postman/Postman-Mail/PostmanMyMailConnector.php
index f6b7e54..507b4e0 100644
--- a/Postman/Postman-Mail/PostmanMyMailConnector.php
+++ b/Postman/Postman-Mail/PostmanMyMailConnector.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
define( 'MAILSTER_POSTMAN_REQUIRED_VERSION', '2.0' );
define( 'MAILSTER_POSTMAN_ID', 'postman' );
diff --git a/Postman/Postman-Mail/PostmanSendGridMailEngine.php b/Postman/Postman-Mail/PostmanSendGridMailEngine.php
index 311d7cc..2ffb8e2 100644
--- a/Postman/Postman-Mail/PostmanSendGridMailEngine.php
+++ b/Postman/Postman-Mail/PostmanSendGridMailEngine.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! class_exists( 'PostmanSendGridMailEngine' ) ) {
diff --git a/Postman/Postman-Mail/PostmanSendGridTransport.php b/Postman/Postman-Mail/PostmanSendGridTransport.php
index efac416..47a0638 100644
--- a/Postman/Postman-Mail/PostmanSendGridTransport.php
+++ b/Postman/Postman-Mail/PostmanSendGridTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
/**
* Postman SendGrid module
diff --git a/Postman/Postman-Mail/PostmanSmtpModuleTransport.php b/Postman/Postman-Mail/PostmanSmtpModuleTransport.php
index 08e833f..f7d8009 100644
--- a/Postman/Postman-Mail/PostmanSmtpModuleTransport.php
+++ b/Postman/Postman-Mail/PostmanSmtpModuleTransport.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
/**
diff --git a/Postman/Postman-Mail/PostmanTransportRegistry.php b/Postman/Postman-Mail/PostmanTransportRegistry.php
index 5af2493..4de782a 100644
--- a/Postman/Postman-Mail/PostmanTransportRegistry.php
+++ b/Postman/Postman-Mail/PostmanTransportRegistry.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once 'PostmanModuleTransport.php';
require_once 'PostmanZendMailTransportConfigurationFactory.php';
diff --git a/Postman/Postman-Mail/PostmanWooCommerce.php b/Postman/Postman-Mail/PostmanWooCommerce.php
index feee32e..1768881 100644
--- a/Postman/Postman-Mail/PostmanWooCommerce.php
+++ b/Postman/Postman-Mail/PostmanWooCommerce.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! class_exists( 'PostmanWoocommerce' ) ) {
class PostmanWoocommerce {
diff --git a/Postman/Postman-Mail/PostmanZendMailEngine.php b/Postman/Postman-Mail/PostmanZendMailEngine.php
index 86905f8..82da37c 100644
--- a/Postman/Postman-Mail/PostmanZendMailEngine.php
+++ b/Postman/Postman-Mail/PostmanZendMailEngine.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if ( ! class_exists( 'PostmanZendMailEngine' ) ) {
require_once 'Zend-1.12.10/Loader.php';
diff --git a/Postman/Postman-Mail/PostmanZendMailTransportConfigurationFactory.php b/Postman/Postman-Mail/PostmanZendMailTransportConfigurationFactory.php
index 08e1810..23fdc41 100644
--- a/Postman/Postman-Mail/PostmanZendMailTransportConfigurationFactory.php
+++ b/Postman/Postman-Mail/PostmanZendMailTransportConfigurationFactory.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! interface_exists ( 'PostmanZendMailTransportConfigurationFactory' )) {
interface PostmanZendMailTransportConfigurationFactory {
static function createConfig(PostmanTransport $transport);
diff --git a/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php b/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php
index b569c98..1a207c8 100644
--- a/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php
+++ b/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
class PostmanSendTestEmailController {
const EMAIL_TEST_SLUG = 'postman/email_test';
const RECIPIENT_EMAIL_FIELD_NAME = 'postman_recipient_email';
@@ -127,6 +131,8 @@ class PostmanSendTestEmailController {
printf( '<form id="postman_test_email_wizard" method="post" action="%s">', PostmanUtils::getSettingsPageUrl() );
+ wp_nonce_field('post-smtp', 'security' );
+
// Step 1
printf( '<h5>%s</h5>', __( 'Specify the Recipient', 'post-smtp' ) );
print '<fieldset>';
@@ -199,6 +205,9 @@ class PostmanSendTestEmailAjaxController extends PostmanAbstractAjaxHandler {
* This Ajax sends a test email
*/
function sendTestEmailViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
// get the email address of the recipient from the HTTP Request
$email = $this->getRequestParameter( 'email' );
diff --git a/Postman/Postman-Send-Test-Email/postman_send_test_email.js b/Postman/Postman-Send-Test-Email/postman_send_test_email.js
index c3e9f07..ab69d1f 100644
--- a/Postman/Postman-Send-Test-Email/postman_send_test_email.js
+++ b/Postman/Postman-Send-Test-Email/postman_send_test_email.js
@@ -107,7 +107,8 @@ function postHandleStepChange(event, currentIndex, priorIndex, myself) {
jQuery('li').addClass('disabled');
var data = {
'action' : 'postman_send_test_email',
- 'email' : jQuery(postman_email_test.recipient).val()
+ 'email' : jQuery(postman_email_test.recipient).val(),
+ 'security' : jQuery('#security').val()
};
jQuery('#postman_test_message_status').html(postman_email_test.sending);
jQuery('#postman_test_message_status').css('color', 'blue');
diff --git a/Postman/Postman.php b/Postman/Postman.php
index 71c7cfd..0f36edf 100644
--- a/Postman/Postman.php
+++ b/Postman/Postman.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
/**
* Postman execution begins here:
* - the default Postman transports are loaded
@@ -155,9 +157,6 @@ class Postman {
$active_plugins = (array)get_option('active_plugins', array());
if (in_array('sitepress-multilingual-cms/sitepress.php', $active_plugins) && !get_option('postman_wpml_fixed')) {
add_action('admin_notices', array($this, 'post_smtp_wpml_admin_notice'));
-
- // Temp: Just a quick solution, need to find a better option.
- add_action('admin_init', array($this, 'postman_fix_wpml'));
}
}
@@ -181,30 +180,6 @@ class Postman {
}
- public function post_smtp_wpml_admin_notice() {
- $class = 'notice notice-error';
- $title = __( 'Post SMTP notice!', 'post-smtp' );
- $intro = __( 'WPML is installed and has a known bug with Post SMTP and few other plugins - you better upgrade, but we can try to fix it.', 'post-smtp' );
- $text = __( 'Click here to fix', 'post-smtp' );
- $message = '<br><a href="' . esc_url( add_query_arg( 'action', 'postman_fix_wpml', get_permalink() ) ) . '">' . $text . '</a>';
-
- printf( '<div class="%1$s"><h2>%2$s</h2><p>%3$s</p><p>%4$s</p></div>', esc_attr( $class ), $title, $intro, $message );
- }
-
- public function postman_fix_wpml() {
- if ( isset( $_GET['action'] ) && $_GET['action'] == 'postman_fix_wpml' ) {
- $wpml_file_path = WP_PLUGIN_DIR . '/sitepress-multilingual-cms/inc/utilities/wpml-data-encryptor.class.php';
-
- if ( file_exists( $wpml_file_path ) ) {
- $content = file_get_contents( $wpml_file_path );
- $content = str_replace( "require_once ABSPATH . '/wp-includes/pluggable.php';", "//require_once ABSPATH . '/wp-includes/pluggable.php';", $content );
- file_put_contents( $wpml_file_path, $content );
- }
-
- update_option( 'postman_wpml_fixed', true );
- wp_redirect( esc_url( remove_query_arg( 'action' ) ) );
- }
- }
/**
* Functions to execute on the plugins_loaded event
@@ -436,7 +411,7 @@ class Postman {
$message .= (sprintf( ' %s | %s', $goToEmailLog, $goToSettings ));
$message .= '<input type="hidden" name="security" class="security" value="' . wp_create_nonce('postsmtp') . '">';
- $hide = get_option('postman_release_version_not_configured' );
+ $hide = get_option('postman_release_version' );
if ( $msg['error'] == true && ! $hide ) {
$this->messageHandler->printMessage( $message, 'postman-not-configured-notice notice notice-error is-dismissible' );
diff --git a/Postman/PostmanAdminController.php b/Postman/PostmanAdminController.php
index f92bc2c..e871821 100644
--- a/Postman/PostmanAdminController.php
+++ b/Postman/PostmanAdminController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if ( ! class_exists( 'PostmanAdminController' ) ) {
require_once 'PostmanOptions.php';
diff --git a/Postman/PostmanAjaxController.php b/Postman/PostmanAjaxController.php
index 88ec369..e8e54b6 100644
--- a/Postman/PostmanAjaxController.php
+++ b/Postman/PostmanAjaxController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( 'PostmanAbstractAjaxHandler' )) {
require_once ('PostmanPreRequisitesCheck.php');
diff --git a/Postman/PostmanConfigTextHelper.php b/Postman/PostmanConfigTextHelper.php
index 6bc23fe..8ba5ef0 100644
--- a/Postman/PostmanConfigTextHelper.php
+++ b/Postman/PostmanConfigTextHelper.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if ( ! interface_exists( 'PostmanConfigTextHelper' ) ) {
interface PostmanConfigTextHelper {
public function isOauthHost();
diff --git a/Postman/PostmanEmailLogs.php b/Postman/PostmanEmailLogs.php
index c7b6175..b25bfbb 100644
--- a/Postman/PostmanEmailLogs.php
+++ b/Postman/PostmanEmailLogs.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanEmailLogs {
private $db;
diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php
index 561ce28..e33f6c4 100644
--- a/Postman/PostmanInputSanitizer.php
+++ b/Postman/PostmanInputSanitizer.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
class PostmanInputSanitizer {
private $logger;
diff --git a/Postman/PostmanInstaller.php b/Postman/PostmanInstaller.php
index 0563679..01c6a07 100644
--- a/Postman/PostmanInstaller.php
+++ b/Postman/PostmanInstaller.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once( 'PostmanOAuthToken.php' );
require_once( 'PostmanOptions.php' );
diff --git a/Postman/PostmanLogger.php b/Postman/PostmanLogger.php
index c606e25..5454c60 100644
--- a/Postman/PostmanLogger.php
+++ b/Postman/PostmanLogger.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( "PostmanLogger" )) {
//
diff --git a/Postman/PostmanMessageHandler.php b/Postman/PostmanMessageHandler.php
index 7a218e8..cd9220d 100644
--- a/Postman/PostmanMessageHandler.php
+++ b/Postman/PostmanMessageHandler.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanMessageHandler' )) {
require_once ('PostmanSession.php');
diff --git a/Postman/PostmanOAuthToken.php b/Postman/PostmanOAuthToken.php
index 1f4de78..1cd9634 100644
--- a/Postman/PostmanOAuthToken.php
+++ b/Postman/PostmanOAuthToken.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanOAuthToken.php' )) {
class PostmanOAuthToken {
diff --git a/Postman/PostmanOptions.php b/Postman/PostmanOptions.php
index 57fe658..d890124 100644
--- a/Postman/PostmanOptions.php
+++ b/Postman/PostmanOptions.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! interface_exists( 'PostmanOptionsInterface' ) ) {
interface PostmanOptionsInterface {
/**
diff --git a/Postman/PostmanPluginFeedback.php b/Postman/PostmanPluginFeedback.php
index b31011d..7465377 100644
--- a/Postman/PostmanPluginFeedback.php
+++ b/Postman/PostmanPluginFeedback.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanPluginFeedback {
function __construct() {
add_filter( 'plugin_action_links_' . plugin_basename( POST_BASE ), array( $this, 'insert_deactivate_link_id' ) );
@@ -152,4 +154,4 @@ class PostmanPluginFeedback {
<?php
}
}
-new PostmanPluginFeedback;
+//new PostmanPluginFeedback;
diff --git a/Postman/PostmanPreRequisitesCheck.php b/Postman/PostmanPreRequisitesCheck.php
index 884ecdf..c187a9b 100644
--- a/Postman/PostmanPreRequisitesCheck.php
+++ b/Postman/PostmanPreRequisitesCheck.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanPreRequisitesCheck' )) {
class PostmanPreRequisitesCheck {
public static function checkIconv() {
diff --git a/Postman/PostmanSession.php b/Postman/PostmanSession.php
index 4243f2b..f1128b4 100644
--- a/Postman/PostmanSession.php
+++ b/Postman/PostmanSession.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanSession' )) {
/**
diff --git a/Postman/PostmanState.php b/Postman/PostmanState.php
index ac251fa..4b077e0 100644
--- a/Postman/PostmanState.php
+++ b/Postman/PostmanState.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( "PostmanState" )) {
/**
diff --git a/Postman/PostmanUtils.php b/Postman/PostmanUtils.php
index 6858fe3..335d0f3 100644
--- a/Postman/PostmanUtils.php
+++ b/Postman/PostmanUtils.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
require_once 'PostmanLogger.php';
require_once 'PostmanState.php';
@@ -368,9 +371,9 @@ class PostmanUtils {
*/
static function postmanGetServerName() {
if ( ! empty( $_SERVER ['SERVER_NAME'] ) ) {
- $serverName = $_SERVER ['SERVER_NAME'];
+ $serverName = sanitize_text_field($_SERVER ['SERVER_NAME']);
} else if ( ! empty( $_SERVER ['HTTP_HOST'] ) ) {
- $serverName = $_SERVER ['HTTP_HOST'];
+ $serverName = sanitize_text_field($_SERVER ['HTTP_HOST']);
} else {
$serverName = 'localhost.localdomain';
}
@@ -410,6 +413,7 @@ class PostmanUtils {
* @param mixed $callbackName
*/
public static function registerAjaxHandler( $actionName, $class, $callbackName ) {
+
if ( is_admin() ) {
$fullname = 'wp_ajax_' . $actionName;
// $this->logger->debug ( 'Registering ' . 'wp_ajax_' . $fullname . ' Ajax handler' );
diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php
index 55a56e9..7d5c35d 100644
--- a/Postman/PostmanViewController.php
+++ b/Postman/PostmanViewController.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! class_exists( 'PostmanViewController' ) ) {
class PostmanViewController {
private $logger;
@@ -46,19 +49,19 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
function dismiss_version_notify() {
- check_ajax_referer( 'postsmtp', 'security' );
+ check_admin_referer( 'postsmtp', 'security' );
$result = update_option('postman_release_version', true );
}
function dismiss_donation_notify() {
- check_ajax_referer( 'postsmtp', 'security' );
+ check_admin_referer( 'postsmtp', 'security' );
$result = update_option('postman_dismiss_donation', true );
}
function delete_lock_file() {
- check_ajax_referer( 'postman', 'security' );
+ check_admin_referer( 'postman', 'security' );
if ( ! PostmanUtils::lockFileExists() ) {
echo __('No lock file found.', 'post-smtp' );
@@ -295,7 +298,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
print '</section>';
print '<section id="delete_settings">';
printf( '<h3><span>%s<span></h3>', $resetTitle );
- print '<form method="POST" action="' . get_admin_url() . 'admin-post.php">';
+ print '<form class="post-smtp-reset-options" method="POST" action="' . get_admin_url() . 'admin-post.php">';
wp_nonce_field( PostmanAdminController::PURGE_DATA_SLUG );
printf( '<input type="hidden" name="action" value="%s" />', PostmanAdminController::PURGE_DATA_SLUG );
printf( '<p><span>%s</span></p><p><span>%s</span></p>', __( 'This will purge all of Postman\'s settings, including account credentials and the email log.', 'post-smtp' ), __( 'Are you sure?', 'post-smtp' ) );
@@ -375,9 +378,6 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
printf( '<li><img class="align-middle" src="' . plugins_url( 'style/images/new.gif', dirname( __DIR__ ) . '/postman-smtp.php' ) . '"><a target="blank" class="align-middle" href="https://postmansmtp.com/category/guides/" class="welcome-icon postman_guides">%s</a></li>', __( 'Guides', 'post-smtp' ) );
print '</ul></div></div></div></div>';
?>
- <div class="twitter-iframe-wrap" style="min-width: 300px;">
- <a class="twitter-timeline" data-height="304" href="https://twitter.com/PostSMTP?ref_src=twsrc%5Etfw">Tweets by PostSMTP</a> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
- </div>
</div>
<?php
}
diff --git a/Postman/PostmanWpMail.php b/Postman/PostmanWpMail.php
index 66b3279..85f3ebd 100644
--- a/Postman/PostmanWpMail.php
+++ b/Postman/PostmanWpMail.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! class_exists( 'PostmanWpMail' ) ) {
/**
@@ -75,7 +77,7 @@ if ( ! class_exists( 'PostmanWpMail' ) ) {
$id = md5(uniqid(time()));
if (isset($_SERVER["SERVER_NAME"])) {
- $hostName = $_SERVER["SERVER_NAME"];
+ $hostName = sanitize_text_field($_SERVER["SERVER_NAME"]);
} else {
$hostName = php_uname('n');
}
diff --git a/Postman/PostmanWpMailBinder.php b/Postman/PostmanWpMailBinder.php
index 95eb898..575e1bb 100644
--- a/Postman/PostmanWpMailBinder.php
+++ b/Postman/PostmanWpMailBinder.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if (! class_exists ( 'PostmanWpMailBinder' )) {
class PostmanWpMailBinder {
private $logger;
diff --git a/Postman/notifications/INotify.php b/Postman/notifications/INotify.php
index d330cbe..f40548d 100644
--- a/Postman/notifications/INotify.php
+++ b/Postman/notifications/INotify.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
interface Postman_Notify {
public function send_message( $message );
} \ No newline at end of file
diff --git a/Postman/notifications/PostmanMailNotify.php b/Postman/notifications/PostmanMailNotify.php
index a76fb2a..922c304 100644
--- a/Postman/notifications/PostmanMailNotify.php
+++ b/Postman/notifications/PostmanMailNotify.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanMailNotify implements Postman_Notify {
public function send_message($message)
diff --git a/Postman/notifications/PostmanNotify.php b/Postman/notifications/PostmanNotify.php
index 365d708..7654ecb 100644
--- a/Postman/notifications/PostmanNotify.php
+++ b/Postman/notifications/PostmanNotify.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
require_once 'INotify.php';
require_once 'PostmanMailNotify.php';
require_once 'PostmanPushoverNotify.php';
diff --git a/Postman/notifications/PostmanPushoverNotify.php b/Postman/notifications/PostmanPushoverNotify.php
index 1c483b3..14ef7d2 100644
--- a/Postman/notifications/PostmanPushoverNotify.php
+++ b/Postman/notifications/PostmanPushoverNotify.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanPushoverNotify implements Postman_Notify {
public function send_message($message)
diff --git a/Postman/notifications/PostmanSlackNotify.php b/Postman/notifications/PostmanSlackNotify.php
index 41094ed..5b6fae3 100644
--- a/Postman/notifications/PostmanSlackNotify.php
+++ b/Postman/notifications/PostmanSlackNotify.php
@@ -1,5 +1,7 @@
<?php
-
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
class PostmanSlackNotify implements Postman_Notify {
public function send_message($message)