summaryrefslogtreecommitdiff
path: root/Postman/Postman-Configuration
diff options
context:
space:
mode:
Diffstat (limited to 'Postman/Postman-Configuration')
-rw-r--r--Postman/Postman-Configuration/PostmanConfigurationController.php21
-rw-r--r--Postman/Postman-Configuration/PostmanImportableConfiguration.php4
-rw-r--r--Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php6
-rw-r--r--Postman/Postman-Configuration/PostmanSmtpDiscovery.php4
-rw-r--r--Postman/Postman-Configuration/postman_manual_config.js2
-rw-r--r--Postman/Postman-Configuration/postman_wizard.js22
6 files changed, 51 insertions, 8 deletions
diff --git a/Postman/Postman-Configuration/PostmanConfigurationController.php b/Postman/Postman-Configuration/PostmanConfigurationController.php
index a81605a..4cade58 100644
--- a/Postman/Postman-Configuration/PostmanConfigurationController.php
+++ b/Postman/Postman-Configuration/PostmanConfigurationController.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
require_once( 'PostmanRegisterConfigurationSettings.php' );
class PostmanConfigurationController {
const CONFIGURATION_SLUG = 'postman/configuration';
@@ -207,6 +211,9 @@ class PostmanConfigurationController {
print '</ul>';
print '<form method="post" action="options.php">';
+
+ wp_nonce_field('post-smtp', 'security');
+
// This prints out all hidden setting fields
settings_fields( PostmanAdminController::SETTINGS_GROUP_NAME );
@@ -441,6 +448,8 @@ class PostmanConfigurationController {
printf( '<input type="hidden" id="input_%2$s" name="%1$s[%2$s]" value="%3$s" />', PostmanOptions::POSTMAN_OPTIONS, PostmanOptions::STEALTH_MODE, $this->options->isStealthModeEnabled() );
printf( '<input type="hidden" id="input_%2$s" name="%1$s[%2$s]" value="%3$s" />', PostmanOptions::POSTMAN_OPTIONS, PostmanOptions::TEMPORARY_DIRECTORY, $this->options->getTempDirectory() );
+ wp_nonce_field('post-smtp', 'security' );
+
// display the setting text
settings_fields( PostmanAdminController::SETTINGS_GROUP_NAME );
@@ -622,6 +631,9 @@ class PostmanGetHostnameByEmailAjaxController extends PostmanAbstractAjaxHandler
* This Ajax function retrieves the smtp hostname for a give e-mail address
*/
function getAjaxHostnameByEmail() {
+
+ check_admin_referer('post-smtp', 'security');
+
$goDaddyHostDetected = $this->getBooleanRequestParameter( 'go_daddy' );
$email = $this->getRequestParameter( 'email' );
$d = new PostmanSmtpDiscovery( $email );
@@ -656,6 +668,9 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
* @throws Exception
*/
function getManualConfigurationViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$queryTransportType = $this->getTransportTypeFromRequest();
$queryAuthType = $this->getAuthenticationTypeFromRequest();
$queryHostname = $this->getHostnameFromRequest();
@@ -686,6 +701,9 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
* The UI response is built so the user may choose a different socket with different options.
*/
function getWizardConfigurationViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$this->logger->debug( 'in getWizardConfiguration' );
$originalSmtpServer = $this->getRequestParameter( 'original_smtp_server' );
$queryHostData = $this->getHostDataFromRequest();
@@ -895,6 +913,9 @@ class PostmanImportConfigurationAjaxController extends PostmanAbstractAjaxHandle
* and pushes them into the Postman configuration screen.
*/
function getConfigurationFromExternalPluginViaAjax() {
+
+ check_admin_referer('post-smtp', 'security');
+
$importableConfiguration = new PostmanImportableConfiguration();
$plugin = $this->getRequestParameter( 'plugin' );
$this->logger->debug( 'Looking for config=' . $plugin );
diff --git a/Postman/Postman-Configuration/PostmanImportableConfiguration.php b/Postman/Postman-Configuration/PostmanImportableConfiguration.php
index ba807d3..0008221 100644
--- a/Postman/Postman-Configuration/PostmanImportableConfiguration.php
+++ b/Postman/Postman-Configuration/PostmanImportableConfiguration.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! interface_exists ( 'PostmanPluginOptions' )) {
interface PostmanPluginOptions {
public function getPluginSlug();
diff --git a/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php b/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
index 84305a3..6ddebd7 100644
--- a/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
+++ b/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
class PostmanSettingsRegistry {
private $options;
@@ -11,7 +15,7 @@ class PostmanSettingsRegistry {
* Fires on the admin_init method
*/
public function on_admin_init() {
- $this->registerSettings();
+ $this->registerSettings();
}
/**
diff --git a/Postman/Postman-Configuration/PostmanSmtpDiscovery.php b/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
index 44da3bb..67a58b3 100644
--- a/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
+++ b/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
@@ -1,4 +1,8 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
+
if (! class_exists ( 'PostmanSmtpMappings' )) {
class PostmanSmtpMappings {
// if an email is in this domain array, it is a known smtp server (easy lookup)
diff --git a/Postman/Postman-Configuration/postman_manual_config.js b/Postman/Postman-Configuration/postman_manual_config.js
index 293df28..a47df1a 100644
--- a/Postman/Postman-Configuration/postman_manual_config.js
+++ b/Postman/Postman-Configuration/postman_manual_config.js
@@ -77,11 +77,13 @@ function reloadOauthSection() {
var hostname = jQuery(postman_hostname_element_name).val();
var transport = jQuery('#input_transport_type').val();
var authtype = jQuery('select#input_auth_type').val();
+ var security = jQuery('#security').val();
var data = {
'action' : 'manual_config',
'auth_type' : authtype,
'hostname' : hostname,
'transport' : transport,
+ 'security' : security
};
jQuery.post(ajaxurl, data, function(response) {
if (response.success) {
diff --git a/Postman/Postman-Configuration/postman_wizard.js b/Postman/Postman-Configuration/postman_wizard.js
index c29edb4..d844322 100644
--- a/Postman/Postman-Configuration/postman_wizard.js
+++ b/Postman/Postman-Configuration/postman_wizard.js
@@ -33,7 +33,8 @@ function checkGoDaddyAndCheckEmail(email) {
'action' : 'postman_wizard_port_test',
'hostname' : 'relay-hosting.secureserver.net',
'port' : 25,
- 'timeout' : 3
+ 'timeout' : 3,
+ 'security' : jQuery('#security').val(),
};
goDaddy = 'unknown';
checkedEmail = false;
@@ -50,7 +51,8 @@ function checkEmail(goDaddyHostDetected, email) {
var data = {
'action' : 'postman_check_email',
'go_daddy' : goDaddyHostDetected,
- 'email' : email
+ 'email' : email,
+ 'security' : jQuery('#security').val()
};
jQuery.post(
ajaxurl,
@@ -282,7 +284,8 @@ function getHostsToCheck(hostname) {
var data = {
'action' : 'postman_get_hosts_to_test',
'hostname' : hostname,
- 'original_smtp_server' : smtpDiscovery.hostname
+ 'original_smtp_server' : smtpDiscovery.hostname,
+ 'security' : jQuery('#security').val(),
};
jQuery.post(ajaxurl, data, function(response) {
if (postmanValidateAjaxResponseWithPopup(response)) {
@@ -311,7 +314,8 @@ function handleHostsToCheckResponse(response) {
'action' : 'postman_wizard_port_test',
'hostname' : hostname,
'port' : port,
- 'transport' : transport
+ 'transport' : transport,
+ 'security' : jQuery('#security').val(),
};
postThePortTest(hostname, port, data);
}
@@ -358,6 +362,7 @@ function handlePortTestResponse(hostname, port, data, response) {
} else {
// SMTP failed, try again on the SMTPS port
data['action'] = 'postman_wizard_port_test_smtps';
+ data['security'] = jQuery('#security').val();
postThePortTest(hostname, port, data);
}
}
@@ -386,7 +391,8 @@ function afterPortsChecked() {
var data = {
'action' : 'get_wizard_configuration_options',
'original_smtp_server' : smtpDiscovery.hostname,
- 'host_data' : connectivtyTestResults
+ 'host_data' : connectivtyTestResults,
+ 'security': jQuery('#security').val()
};
postTheConfigurationRequest(data);
hide('#connectivity_test_status');
@@ -403,7 +409,8 @@ function userOverrideMenu() {
"input:radio[name='user_socket_override']:checked").val(),
'user_auth_override' : jQuery(
"input:radio[name='user_auth_override']:checked").val(),
- 'host_data' : connectivtyTestResults
+ 'host_data' : connectivtyTestResults,
+ 'security' : jQuery('#security').val()
};
postTheConfigurationRequest(data);
}
@@ -544,7 +551,8 @@ function getConfiguration() {
if (plugin != '') {
var data = {
'action' : 'import_configuration',
- 'plugin' : plugin
+ 'plugin' : plugin,
+ '_wpnonce' : jQuery('#_wpnonce').val(),
};
jQuery
.post(
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-22 16:13:48 +0000