From d1d82adca1dbb02382d7ccf49b8830816e8fa00f Mon Sep 17 00:00:00 2001
From: yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>
Date: Mon, 19 Aug 2019 20:57:47 +0000
Subject: Security issues

---
 .../PostmanConfigurationController.php             | 21 +++++++++++++++++++++
 .../PostmanImportableConfiguration.php             |  4 ++++
 .../PostmanRegisterConfigurationSettings.php       |  6 +++++-
 .../Postman-Configuration/PostmanSmtpDiscovery.php |  4 ++++
 .../Postman-Configuration/postman_manual_config.js |  2 ++
 Postman/Postman-Configuration/postman_wizard.js    | 22 +++++++++++++++-------
 6 files changed, 51 insertions(+), 8 deletions(-)

(limited to 'Postman/Postman-Configuration')

diff --git a/Postman/Postman-Configuration/PostmanConfigurationController.php b/Postman/Postman-Configuration/PostmanConfigurationController.php
index a81605a..4cade58 100644
--- a/Postman/Postman-Configuration/PostmanConfigurationController.php
+++ b/Postman/Postman-Configuration/PostmanConfigurationController.php
@@ -1,4 +1,8 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) {
+    exit; // Exit if accessed directly
+}
+
 require_once( 'PostmanRegisterConfigurationSettings.php' );
 class PostmanConfigurationController {
 	const CONFIGURATION_SLUG = 'postman/configuration';
@@ -207,6 +211,9 @@ class PostmanConfigurationController {
 		print '</ul>';
 
 		print '<form method="post" action="options.php">';
+
+		wp_nonce_field('post-smtp', 'security');
+
 		// This prints out all hidden setting fields
 		settings_fields( PostmanAdminController::SETTINGS_GROUP_NAME );
 
@@ -441,6 +448,8 @@ class PostmanConfigurationController {
 		printf( '<input type="hidden" id="input_%2$s" name="%1$s[%2$s]" value="%3$s" />', PostmanOptions::POSTMAN_OPTIONS, PostmanOptions::STEALTH_MODE, $this->options->isStealthModeEnabled() );
 		printf( '<input type="hidden" id="input_%2$s" name="%1$s[%2$s]" value="%3$s" />', PostmanOptions::POSTMAN_OPTIONS, PostmanOptions::TEMPORARY_DIRECTORY, $this->options->getTempDirectory() );
 
+		wp_nonce_field('post-smtp', 'security' );
+
 		// display the setting text
 		settings_fields( PostmanAdminController::SETTINGS_GROUP_NAME );
 
@@ -622,6 +631,9 @@ class PostmanGetHostnameByEmailAjaxController extends PostmanAbstractAjaxHandler
 	 * This Ajax function retrieves the smtp hostname for a give e-mail address
 	 */
 	function getAjaxHostnameByEmail() {
+
+	    check_admin_referer('post-smtp', 'security');
+
 		$goDaddyHostDetected = $this->getBooleanRequestParameter( 'go_daddy' );
 		$email = $this->getRequestParameter( 'email' );
 		$d = new PostmanSmtpDiscovery( $email );
@@ -656,6 +668,9 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
 	 * @throws Exception
 	 */
 	function getManualConfigurationViaAjax() {
+
+	    check_admin_referer('post-smtp', 'security');
+
 		$queryTransportType = $this->getTransportTypeFromRequest();
 		$queryAuthType = $this->getAuthenticationTypeFromRequest();
 		$queryHostname = $this->getHostnameFromRequest();
@@ -686,6 +701,9 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
 	 * The UI response is built so the user may choose a different socket with different options.
 	 */
 	function getWizardConfigurationViaAjax() {
+
+	    check_admin_referer('post-smtp', 'security');
+
 		$this->logger->debug( 'in getWizardConfiguration' );
 		$originalSmtpServer = $this->getRequestParameter( 'original_smtp_server' );
 		$queryHostData = $this->getHostDataFromRequest();
@@ -895,6 +913,9 @@ class PostmanImportConfigurationAjaxController extends PostmanAbstractAjaxHandle
 	 * and pushes them into the Postman configuration screen.
 	 */
 	function getConfigurationFromExternalPluginViaAjax() {
+
+        check_admin_referer('post-smtp', 'security');
+
 		$importableConfiguration = new PostmanImportableConfiguration();
 		$plugin = $this->getRequestParameter( 'plugin' );
 		$this->logger->debug( 'Looking for config=' . $plugin );
diff --git a/Postman/Postman-Configuration/PostmanImportableConfiguration.php b/Postman/Postman-Configuration/PostmanImportableConfiguration.php
index ba807d3..0008221 100644
--- a/Postman/Postman-Configuration/PostmanImportableConfiguration.php
+++ b/Postman/Postman-Configuration/PostmanImportableConfiguration.php
@@ -1,4 +1,8 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) {
+    exit; // Exit if accessed directly
+}
+
 if (! interface_exists ( 'PostmanPluginOptions' )) {
 	interface PostmanPluginOptions {
 		public function getPluginSlug();
diff --git a/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php b/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
index 84305a3..6ddebd7 100644
--- a/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
+++ b/Postman/Postman-Configuration/PostmanRegisterConfigurationSettings.php
@@ -1,4 +1,8 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) {
+    exit; // Exit if accessed directly
+}
+
 class PostmanSettingsRegistry {
 
 	private $options;
@@ -11,7 +15,7 @@ class PostmanSettingsRegistry {
 	 * Fires on the admin_init method
 	 */
 	public function on_admin_init() {
-				$this->registerSettings();
+        $this->registerSettings();
 	}
 
 	/**
diff --git a/Postman/Postman-Configuration/PostmanSmtpDiscovery.php b/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
index 44da3bb..67a58b3 100644
--- a/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
+++ b/Postman/Postman-Configuration/PostmanSmtpDiscovery.php
@@ -1,4 +1,8 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) {
+    exit; // Exit if accessed directly
+}
+
 if (! class_exists ( 'PostmanSmtpMappings' )) {
 	class PostmanSmtpMappings {
 		// if an email is in this domain array, it is a known smtp server (easy lookup)
diff --git a/Postman/Postman-Configuration/postman_manual_config.js b/Postman/Postman-Configuration/postman_manual_config.js
index 293df28..a47df1a 100644
--- a/Postman/Postman-Configuration/postman_manual_config.js
+++ b/Postman/Postman-Configuration/postman_manual_config.js
@@ -77,11 +77,13 @@ function reloadOauthSection() {
 	var hostname = jQuery(postman_hostname_element_name).val();
 	var transport = jQuery('#input_transport_type').val();
 	var authtype = jQuery('select#input_auth_type').val();
+	var security = jQuery('#security').val();
 	var data = {
 		'action' : 'manual_config',
 		'auth_type' : authtype,
 		'hostname' : hostname,
 		'transport' : transport,
+		'security' : security
 	};
 	jQuery.post(ajaxurl, data, function(response) {
 		if (response.success) {
diff --git a/Postman/Postman-Configuration/postman_wizard.js b/Postman/Postman-Configuration/postman_wizard.js
index c29edb4..d844322 100644
--- a/Postman/Postman-Configuration/postman_wizard.js
+++ b/Postman/Postman-Configuration/postman_wizard.js
@@ -33,7 +33,8 @@ function checkGoDaddyAndCheckEmail(email) {
 		'action' : 'postman_wizard_port_test',
 		'hostname' : 'relay-hosting.secureserver.net',
 		'port' : 25,
-		'timeout' : 3
+		'timeout' : 3,
+		'security' : jQuery('#security').val(),
 	};
 	goDaddy = 'unknown';
 	checkedEmail = false;
@@ -50,7 +51,8 @@ function checkEmail(goDaddyHostDetected, email) {
 	var data = {
 		'action' : 'postman_check_email',
 		'go_daddy' : goDaddyHostDetected,
-		'email' : email
+		'email' : email,
+		'security' : jQuery('#security').val()
 	};
 	jQuery.post(
 			ajaxurl,
@@ -282,7 +284,8 @@ function getHostsToCheck(hostname) {
 	var data = {
 		'action' : 'postman_get_hosts_to_test',
 		'hostname' : hostname,
-		'original_smtp_server' : smtpDiscovery.hostname
+		'original_smtp_server' : smtpDiscovery.hostname,
+		'security' : jQuery('#security').val(),
 	};
 	jQuery.post(ajaxurl, data, function(response) {
 		if (postmanValidateAjaxResponseWithPopup(response)) {
@@ -311,7 +314,8 @@ function handleHostsToCheckResponse(response) {
 			'action' : 'postman_wizard_port_test',
 			'hostname' : hostname,
 			'port' : port,
-			'transport' : transport
+			'transport' : transport,
+			'security' : jQuery('#security').val(),
 		};
 		postThePortTest(hostname, port, data);
 	}
@@ -358,6 +362,7 @@ function handlePortTestResponse(hostname, port, data, response) {
 	} else {
 		// SMTP failed, try again on the SMTPS port
 		data['action'] = 'postman_wizard_port_test_smtps';
+		data['security'] = jQuery('#security').val();
 		postThePortTest(hostname, port, data);
 	}
 }
@@ -386,7 +391,8 @@ function afterPortsChecked() {
 		var data = {
 			'action' : 'get_wizard_configuration_options',
 			'original_smtp_server' : smtpDiscovery.hostname,
-			'host_data' : connectivtyTestResults
+			'host_data' : connectivtyTestResults,
+			'security': jQuery('#security').val()
 		};
 		postTheConfigurationRequest(data);
 		hide('#connectivity_test_status');
@@ -403,7 +409,8 @@ function userOverrideMenu() {
 				"input:radio[name='user_socket_override']:checked").val(),
 		'user_auth_override' : jQuery(
 				"input:radio[name='user_auth_override']:checked").val(),
-		'host_data' : connectivtyTestResults
+		'host_data' : connectivtyTestResults,
+		'security' : jQuery('#security').val()
 	};
 	postTheConfigurationRequest(data);
 }
@@ -544,7 +551,8 @@ function getConfiguration() {
 	if (plugin != '') {
 		var data = {
 			'action' : 'import_configuration',
-			'plugin' : plugin
+			'plugin' : plugin,
+			'_wpnonce' : jQuery('#_wpnonce').val(),
 		};
 		jQuery
 				.post(
-- 
cgit v1.2.3