WordPress.org
Get WordPress

Plugin Directory

Changeset 2825867


Ignore:
Timestamp:
11/29/2022 11:23:07 AM (3 years ago)
Author:
contentstudio
Message:

tagging version 1.1.9

Location:
contentstudio
Files:
2 edited
1 copied

Legend:

Unmodified
Added
Removed

  • contentstudio/tags/1.1.9/trunk/contentstudio-plugin.php

    r2785963 r2825867  
    33Plugin Name: ContentStudio
    44Description: ContentStudio provides you with powerful blogging & social media tools to keep your audience hooked by streamlining the process for you to discover and share engaging content on multiple blogging & social media networks
    5 Version: 1.1.8
     5Version: 1.1.9
    66Author: ContentStudio
    77Author URI: http://contentstudio.io/
     
    4040        protected $assets = 'https://contentstudio.io/img';
    4141
    42         private $version = "1.1.8";
     42        private $version = "1.1.9";
    4343
    4444        protected $contentstudio_id = '';
     
    118118            add_action('init', [$this, 'cstu_verfiy_wp_user']);
    119119            add_action('init', [$this, 'cstu_check_token']);
    120             add_action('init', [$this, 'cstu_set_token']);
     120            // add_action('init', [$this, 'cstu_set_token']);  //remmoved due to security issue
    121121            add_action('init', [$this, 'cstu_get_blog_authors']);
    122122            add_action('init', [$this, 'cstu_get_blog_categories']);
     
    463463
    464464        /**
    465          * verify wordpress user
     465         * verify wordpress user and set token
    466466         */
    467467        public function cstu_verfiy_wp_user()
     
    469469            if (isset($_REQUEST['cstu_verfiy_wp_user']) && $_REQUEST['cstu_verfiy_wp_user']) {
    470470                try {
    471                     if (isset($_REQUEST['username'], $_REQUEST['password']) && $_REQUEST['username'] && $_REQUEST['password']) {
    472                         $user = get_user_by('login', $_REQUEST['username']);
     471                    if (isset($_REQUEST['username'], $_REQUEST['password'], $_REQUEST['token']) && $_REQUEST['username'] && $_REQUEST['password'] && $_REQUEST['token']) {
     472                        $user = get_user_by('login', $_REQUEST['username']); // validate username
    473473                        if ($user && $user->ID != 0) {
    474                             if (wp_check_password($_REQUEST['password'], $user->data->user_pass, $user->ID)) {
     474                            if (wp_check_password($_REQUEST['password'], $user->data->user_pass, $user->ID)) { // validate password
    475475                                if ($user->has_cap('publish_posts') && $user->has_cap('edit_posts')) {
     476                                    // set token for later requests validation.
     477                                    sanitize_text_field($_REQUEST['token']);
     478                                    update_option('contentstudio_token', $_REQUEST['token']);
     479                                   
    476480                                    echo json_encode(['status' => true, 'message' => 'User verification completed successfully!']);
    477481                                    die();
     
    499503                }
    500504            }
    501         }
    502 
    503         /**
    504          * check token direct ajax request.
    505          */
    506         public function cstu_set_token()
    507         {
    508             try {
    509                 if (isset($_REQUEST['cstu_set_token']) && isset($_REQUEST['token'])) {
    510                     /*$valid = get_option('contentstudio_token');
    511                     if (!$valid) {*/
    512                     sanitize_text_field($_REQUEST['token']);
    513                     update_option('contentstudio_token', $_REQUEST['token']);
    514 
    515                     echo json_encode(['status' => true, 'message' => 'Your token has been updated successfully!']);
    516                     die();
    517                     /*}
    518                     else {
    519                         // TODO: altenrative approach later on...
    520                         echo json_encode(['status' => false, 'message' => 'Token already exists on your website.']);
    521                         die();
    522                     }*/
    523                 }
    524             }
    525             catch (Exception $e) {
    526                 echo json_encode(['status' => false, 'message' => self::UNKNOWN_ERROR_MESSAGE,
    527                     'line'=>$e->getLine(), 'error_message' =>  $e->getMessage()]);
    528             }
    529 
    530505        }
    531506
     
    15491524    return new ContentStudio();
    15501525}
     1526

  • contentstudio/trunk/contentstudio-plugin.php

    r2785963 r2825867  
    33Plugin Name: ContentStudio
    44Description: ContentStudio provides you with powerful blogging & social media tools to keep your audience hooked by streamlining the process for you to discover and share engaging content on multiple blogging & social media networks
    5 Version: 1.1.8
     5Version: 1.1.9
    66Author: ContentStudio
    77Author URI: http://contentstudio.io/
     
    4040        protected $assets = 'https://contentstudio.io/img';
    4141
    42         private $version = "1.1.8";
     42        private $version = "1.1.9";
    4343
    4444        protected $contentstudio_id = '';
     
    118118            add_action('init', [$this, 'cstu_verfiy_wp_user']);
    119119            add_action('init', [$this, 'cstu_check_token']);
    120             add_action('init', [$this, 'cstu_set_token']);
     120            // add_action('init', [$this, 'cstu_set_token']);  //remmoved due to security issue
    121121            add_action('init', [$this, 'cstu_get_blog_authors']);
    122122            add_action('init', [$this, 'cstu_get_blog_categories']);
     
    463463
    464464        /**
    465          * verify wordpress user
     465         * verify wordpress user and set token
    466466         */
    467467        public function cstu_verfiy_wp_user()
     
    469469            if (isset($_REQUEST['cstu_verfiy_wp_user']) && $_REQUEST['cstu_verfiy_wp_user']) {
    470470                try {
    471                     if (isset($_REQUEST['username'], $_REQUEST['password']) && $_REQUEST['username'] && $_REQUEST['password']) {
    472                         $user = get_user_by('login', $_REQUEST['username']);
     471                    if (isset($_REQUEST['username'], $_REQUEST['password'], $_REQUEST['token']) && $_REQUEST['username'] && $_REQUEST['password'] && $_REQUEST['token']) {
     472                        $user = get_user_by('login', $_REQUEST['username']); // validate username
    473473                        if ($user && $user->ID != 0) {
    474                             if (wp_check_password($_REQUEST['password'], $user->data->user_pass, $user->ID)) {
     474                            if (wp_check_password($_REQUEST['password'], $user->data->user_pass, $user->ID)) { // validate password
    475475                                if ($user->has_cap('publish_posts') && $user->has_cap('edit_posts')) {
     476                                    // set token for later requests validation.
     477                                    sanitize_text_field($_REQUEST['token']);
     478                                    update_option('contentstudio_token', $_REQUEST['token']);
     479                                   
    476480                                    echo json_encode(['status' => true, 'message' => 'User verification completed successfully!']);
    477481                                    die();
     
    499503                }
    500504            }
    501         }
    502 
    503         /**
    504          * check token direct ajax request.
    505          */
    506         public function cstu_set_token()
    507         {
    508             try {
    509                 if (isset($_REQUEST['cstu_set_token']) && isset($_REQUEST['token'])) {
    510                     /*$valid = get_option('contentstudio_token');
    511                     if (!$valid) {*/
    512                     sanitize_text_field($_REQUEST['token']);
    513                     update_option('contentstudio_token', $_REQUEST['token']);
    514 
    515                     echo json_encode(['status' => true, 'message' => 'Your token has been updated successfully!']);
    516                     die();
    517                     /*}
    518                     else {
    519                         // TODO: altenrative approach later on...
    520                         echo json_encode(['status' => false, 'message' => 'Token already exists on your website.']);
    521                         die();
    522                     }*/
    523                 }
    524             }
    525             catch (Exception $e) {
    526                 echo json_encode(['status' => false, 'message' => self::UNKNOWN_ERROR_MESSAGE,
    527                     'line'=>$e->getLine(), 'error_message' =>  $e->getMessage()]);
    528             }
    529 
    530505        }
    531506
     
    15491524    return new ContentStudio();
    15501525}
     1526
Note: See TracChangeset for help on using the changeset viewer.