Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2834661

Timestamp:

12/15/2022 08:19:16 PM (3 years ago)

Author:

infracontentools

Message:

Data sanitizing and escaping

Location:

wp-contentools/trunk

Files:

: 4 edited

admin/js/contentools-admin.js (modified) (1 diff)
admin/js/md5.js (modified) (19 diffs)
admin/partials/contentools-admin-display.php (modified) (3 diffs)
includes/class-contentools-rest.php (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-contentools/trunk/admin/js/contentools-admin.js

-                      r2031437
+                      r2834661
 (function( $ ) {
     'use strict';
+(function ($) {
+  "use strict";
     /**
      * All of the code for your admin-facing JavaScript source
      * should reside in this file.
+     *
      * Note: It has been assumed you will write jQuery code here, so the
      * $ function reference has been prepared for usage within the scope
      * of this function.
+     *
      * This enables you to define handlers, for when the DOM is ready:
+     *
      * $(function() {
+     *
      * });
+     *
      * When the window is loaded:
+     *
      * $( window ).load(function() {
+     *
      * });
+     *
      * ...and/or other possibilities.
+     *
      * Ideally, it is not considered best practise to attach more than a
      * single DOM-ready or window-load handler for a particular page.
      * Although scripts in the WordPress core, Plugins and Themes may be
      * practising this, we should strive to set a better example in our own work.
     */
+  /**
+   * All of the code for your admin-facing JavaScript source
+   * should reside in this file.
+   *
+   * Note: It has been assumed you will write jQuery code here, so the
+   * $ function reference has been prepared for usage within the scope
+   * of this function.
+   *
+   * This enables you to define handlers, for when the DOM is ready:
+   *
+   * $(function() {
+   *
+   * });
+   *
+   * When the window is loaded:
+   *
+   * $( window ).load(function() {
+   *
+   * });
+   *
+   * ...and/or other possibilities.
+   *
+   * Ideally, it is not considered best practise to attach more than a
+   * single DOM-ready or window-load handler for a particular page.
+   * Although scripts in the WordPress core, Plugins and Themes may be
+   * practising this, we should strive to set a better example in our own work.
+   */
     function generateHash(s){
         return rstr2b64(hex_md5(hex_md5(s)));
+    }
+  function generateHash(s) {
+    return rstr2b64(hex_md5(hex_md5(s)));
+  }
+    $(document).on('click', '#contentools-generate-token', function(){
+        var random = Math.random(11111111111111111111,99999999999999999999);
+        var d = new Date();
+        var token = "";
+        token = token.concat(
+            random, d.getHours(), d.getMinutes(),
+            d.getSeconds(), d.getHours(), random,
+            d.getMinutes(), d.getDay(), d.getSeconds(),
+            random
+        );
+        $('#contentools-token').val(generateHash(token))
+    });
+  $(document).on("click", "#contentools-generate-token", function () {
+    var random = Math.random(11111111111111111111, 99999999999999999999);
+    var d = new Date();
+    var token = "";
+    token = token.concat(
+      random,
+      d.getHours(),
+      d.getMinutes(),
+      d.getSeconds(),
+      d.getHours(),
+      random,
+      d.getMinutes(),
+      d.getDay(),
+      d.getSeconds(),
+      random
+    );
+    $("#contentools-token").val(generateHash(token));
+  });
     $(document).on('click', '#contentools-clear-token', function(){
+        $('#contentools-token').val("")
     });
+  $(document).on("click", "#contentools-clear-token", function () {
+    $("#contentools-token").val("");
+  });
+})( jQuery );
+  $(document).on("click", "#contentools-copy-token", function () {
+    navigator.clipboard.writeText($("#contentools-token").val());
+  });
+})(jQuery);

wp-contentools/trunk/admin/js/md5.js

-                      r2031438
+                      r2834661
  * the server-side, but the defaults work in most cases.
  */
 var hexcase = 0;   /* hex output format. 0 - lowercase; 1 - uppercase        */
 var b64pad  = "";  /* base-64 pad character. "=" for strict RFC compliance   */
+var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase        */
+var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance   */
 /*
 …
  * They take string arguments and return either hex or base-64 encoded strings
  */
+function hex_md5(s)    { return rstr2hex(rstr_md5(str2rstr_utf8(s))); }
+function b64_md5(s)    { return rstr2b64(rstr_md5(str2rstr_utf8(s))); }
+function any_md5(s, e) { return rstr2any(rstr_md5(str2rstr_utf8(s)), e); }
+function hex_hmac_md5(k, d)
+  { return rstr2hex(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d))); }
+function b64_hmac_md5(k, d)
+  { return rstr2b64(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d))); }
+function any_hmac_md5(k, d, e)
+  { return rstr2any(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d)), e); }
+function hex_md5(s) {
+  return rstr2hex(rstr_md5(str2rstr_utf8(s)));
+}
+function b64_md5(s) {
+  return rstr2b64(rstr_md5(str2rstr_utf8(s)));
+}
+function any_md5(s, e) {
+  return rstr2any(rstr_md5(str2rstr_utf8(s)), e);
+}
+function hex_hmac_md5(k, d) {
+  return rstr2hex(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d)));
+}
+function b64_hmac_md5(k, d) {
+  return rstr2b64(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d)));
+}
+function any_hmac_md5(k, d, e) {
+  return rstr2any(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d)), e);
+}
 /*
  * Perform a simple self-test to see if the VM is working
  */
+function md5_vm_test()
+{
+function md5_vm_test() {
   return hex_md5("abc").toLowerCase() == "900150983cd24fb0d6963f7d28e17f72";
+}
 …
  * Calculate the MD5 of a raw string
  */
+function rstr_md5(s)
+{
+  return binl2rstr(binl_md5(rstr2binl(s), (s.length + Math.random(11,99)) * 128));
+function rstr_md5(s) {
+  return binl2rstr(
+    binl_md5(rstr2binl(s), (s.length + Math.random(11, 99)) * 128)
+  );
+}
 …
  * Calculate the HMAC-MD5, of a key and some data (raw strings)
  */
+function rstr_hmac_md5(key, data)
+{
+function rstr_hmac_md5(key, data) {
   var bkey = rstr2binl(key);
   if(bkey.length > 16) bkey = binl_md5(bkey, key.length * 8);
   var ipad = Array(16), opad = Array(16);
   for(var i = 0; i < 16; i++)
+  {
+  if (bkey.length > 16) bkey = binl_md5(bkey, key.length * 8);
+  var ipad = Array(16),
+    opad = Array(16);
+  for (var i = 0; i < 16; i++) {
     ipad[i] = bkey[i] ^ 0x36363636;
     opad[i] = bkey[i] ^ 0x5C5C5C5C;
+    opad[i] = bkey[i] ^ 0x5c5c5c5c;
+  }
 …
  * Convert a raw string to a hex string
  */
+function rstr2hex(input)
+{
+  try { hexcase } catch(e) { hexcase=0; }
+function rstr2hex(input) {
+  try {
+    hexcase;
+  } catch (e) {
+    hexcase = 0;
+  }
   var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
   var output = "";
   var x;
+  for(var i = 0; i < input.length; i++)
+  {
+  for (var i = 0; i < input.length; i++) {
     x = input.charCodeAt(i);
+    output += hex_tab.charAt((x >>> 4) & 0x0F)
+           +  hex_tab.charAt( x        & 0x0F);
+    output += hex_tab.charAt((x >>> 4) & 0x0f) + hex_tab.charAt(x & 0x0f);
+  }
   return output;
 …
  * Convert a raw string to a base-64 string
  */
+function rstr2b64(input)
+{
+  try { b64pad } catch(e) { b64pad=''; }
+function rstr2b64(input) {
+  try {
+    b64pad;
+  } catch (e) {
+    b64pad = "";
+  }
   var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
   var output = "";
   var len = input.length;
+  for(var i = 0; i < len; i += 3)
+  {
+    var triplet = (input.charCodeAt(i) << 16)
+                | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
+                | (i + 2 < len ? input.charCodeAt(i+2)      : 0);
+    for(var j = 0; j < 4; j++)
+    {
+      if(i * 8 + j * 6 > input.length * 8) output += b64pad;
+      else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
+  for (var i = 0; i < len; i += 3) {
+    var triplet =
+      (input.charCodeAt(i) << 16) |
+      (i + 1 < len ? input.charCodeAt(i + 1) << 8 : 0) |
+      (i + 2 < len ? input.charCodeAt(i + 2) : 0);
+    for (var j = 0; j < 4; j++) {
+      if (i * 8 + j * 6 > input.length * 8) output += b64pad;
+      else output += tab.charAt((triplet >>> (6 * (3 - j))) & 0x3f);
+    }
+  }
 …
  * Convert a raw string to an arbitrary string encoding
  */
+function rstr2any(input, encoding)
+{
+function rstr2any(input, encoding) {
   var divisor = encoding.length;
   var i, j, q, x, quotient;
 …
   /* Convert to an array of 16-bit big-endian values, forming the dividend */
   var dividend = Array(Math.ceil(input.length / 2));
+  for(i = 0; i < dividend.length; i++)
+  {
+  for (i = 0; i < dividend.length; i++) {
     dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1);
+  }
 …
    * use.
    */
+  var full_length = Math.ceil(input.length * 8 /
+                                    (Math.log(encoding.length) / Math.log(2)));
+  var full_length = Math.ceil(
+    (input.length * 8) / (Math.log(encoding.length) / Math.log(2))
+  );
   var remainders = Array(full_length);
+  for(j = 0; j < full_length; j++)
+  {
+  for (j = 0; j < full_length; j++) {
     quotient = Array();
     x = 0;
+    for(i = 0; i < dividend.length; i++)
+    {
+    for (i = 0; i < dividend.length; i++) {
       x = (x << 16) + dividend[i];
       q = Math.floor(x / divisor);
       x -= q * divisor;
+      if(quotient.length > 0 || q > 0)
+        quotient[quotient.length] = q;
+      if (quotient.length > 0 || q > 0) quotient[quotient.length] = q;
+    }
     remainders[j] = x;
 …
   /* Convert the remainders to the output string */
   var output = "";
   for(i = remainders.length - 1; i >= 0; i--)
+  for (i = remainders.length - 1; i >= 0; i--)
     output += encoding.charAt(remainders[i]);
 …
  * For efficiency, this assumes the input is valid utf-16.
  */
+function str2rstr_utf8(input)
+{
+function str2rstr_utf8(input) {
   var output = "";
   var i = -1;
   var x, y;
+  while(++i < input.length)
+  {
+  while (++i < input.length) {
     /* Decode utf-16 surrogate pairs */
     x = input.charCodeAt(i);
     y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;
+    if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF)
+    {
+      x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);
+    if (0xd800 <= x && x <= 0xdbff && 0xdc00 <= y && y <= 0xdfff) {
+      x = 0x10000 + ((x & 0x03ff) << 10) + (y & 0x03ff);
       i++;
+    }
     /* Encode output as utf-8 */
+    if(x <= 0x7F)
+      output += String.fromCharCode(x);
+    else if(x <= 0x7FF)
+      output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F),
+x80 | ( x         & 0x3F));
+    else if(x <= 0xFFFF)
+      output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F),
+x80 | ((x >>> 6 ) & 0x3F),
+x80 | ( x         & 0x3F));
+    else if(x <= 0x1FFFFF)
+      output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07),
+x80 | ((x >>> 12) & 0x3F),
+x80 | ((x >>> 6 ) & 0x3F),
+x80 | ( x         & 0x3F));
+    if (x <= 0x7f) output += String.fromCharCode(x);
+    else if (x <= 0x7ff)
+      output += String.fromCharCode(
+xc0 | ((x >>> 6) & 0x1f),
+x80 | (x & 0x3f)
+      );
+    else if (x <= 0xffff)
+      output += String.fromCharCode(
+xe0 | ((x >>> 12) & 0x0f),
+x80 | ((x >>> 6) & 0x3f),
+x80 | (x & 0x3f)
+      );
+    else if (x <= 0x1fffff)
+      output += String.fromCharCode(
+xf0 | ((x >>> 18) & 0x07),
+x80 | ((x >>> 12) & 0x3f),
+x80 | ((x >>> 6) & 0x3f),
+x80 | (x & 0x3f)
+      );
+  }
   return output;
 …
  * Encode a string as utf-16
  */
+function str2rstr_utf16le(input)
+{
+  var output = "";
+  for(var i = 0; i < input.length; i++)
+    output += String.fromCharCode( input.charCodeAt(i)        & 0xFF,
+                                  (input.charCodeAt(i) >>> 8) & 0xFF);
+  return output;
+}
+function str2rstr_utf16be(input)
+{
+  var output = "";
+  for(var i = 0; i < input.length; i++)
+    output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF,
+                                   input.charCodeAt(i)        & 0xFF);
+function str2rstr_utf16le(input) {
+  var output = "";
+  for (var i = 0; i < input.length; i++)
+    output += String.fromCharCode(
+      input.charCodeAt(i) & 0xff,
+      (input.charCodeAt(i) >>> 8) & 0xff
+    );
+  return output;
+}
+function str2rstr_utf16be(input) {
+  var output = "";
+  for (var i = 0; i < input.length; i++)
+    output += String.fromCharCode(
+      (input.charCodeAt(i) >>> 8) & 0xff,
+      input.charCodeAt(i) & 0xff
+    );
   return output;
+}
 …
  * Characters >255 have their high-byte silently ignored.
  */
+function rstr2binl(input)
+{
+function rstr2binl(input) {
   var output = Array(input.length >> 2);
+  for(var i = 0; i < output.length; i++)
+    output[i] = 0;
+  for(var i = 0; i < input.length * 8; i += 8)
+    output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (i%32);
+  for (var i = 0; i < output.length; i++) output[i] = 0;
+  for (var i = 0; i < input.length * 8; i += 8)
+    output[i >> 5] |= (input.charCodeAt(i / 8) & 0xff) << i % 32;
   return output;
+}
 …
  * Convert an array of little-endian words to a string
  */
+function binl2rstr(input)
+{
+  var output = "";
+  for(var i = 0; i < input.length * 32; i += 8)
+    output += String.fromCharCode((input[i>>5] >>> (i % 32)) & 0xFF);
+function binl2rstr(input) {
+  var output = "";
+  for (var i = 0; i < input.length * 32; i += 8)
+    output += String.fromCharCode((input[i >> 5] >>> i % 32) & 0xff);
   return output;
+}
 …
  * Calculate the MD5 of an array of little-endian words, and a bit length.
  */
+function binl_md5(x, len)
+{
+function binl_md5(x, len) {
   /* append padding */
   x[len >> 5] |= 0x80 << ((len) % 32);
+  x[len >> 5] |= 0x80 << len % 32;
   x[(((len + 64) >>> 9) << 4) + 14] = len;
   var a =  1732584193;
+  var a = 1732584193;
   var b = -271733879;
   var c = -1732584194;
+  var d =  271733878;
+  for(var i = 0; i < x.length; i += 16)
+  {
+  var d = 271733878;
+  for (var i = 0; i < x.length; i += 16) {
     var olda = a;
     var oldb = b;
 …
     var oldd = d;
     a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
     d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
     c = md5_ff(c, d, a, b, x[i+ 2], 17,  606105819);
     b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
     a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
     d = md5_ff(d, a, b, c, x[i+ 5], 12,  1200080426);
     c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
     b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
     a = md5_ff(a, b, c, d, x[i+ 8], 7 ,  1770035416);
     d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
     c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
     b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
     a = md5_ff(a, b, c, d, x[i+12], 7 ,  1804603682);
     d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
     c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
     b = md5_ff(b, c, d, a, x[i+15], 22,  1236535329);
     a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
     d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
     c = md5_gg(c, d, a, b, x[i+11], 14,  643717713);
     b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
     a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
     d = md5_gg(d, a, b, c, x[i+10], 9 ,  38016083);
     c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
     b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
     a = md5_gg(a, b, c, d, x[i+ 9], 5 ,  568446438);
     d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
     c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
     b = md5_gg(b, c, d, a, x[i+ 8], 20,  1163531501);
     a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
     d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
     c = md5_gg(c, d, a, b, x[i+ 7], 14,  1735328473);
     b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
     a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
     d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
     c = md5_hh(c, d, a, b, x[i+11], 16,  1839030562);
     b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
     a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
     d = md5_hh(d, a, b, c, x[i+ 4], 11,  1272893353);
     c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
     b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
     a = md5_hh(a, b, c, d, x[i+13], 4 ,  681279174);
     d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
     c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
     b = md5_hh(b, c, d, a, x[i+ 6], 23,  76029189);
     a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
     d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
     c = md5_hh(c, d, a, b, x[i+15], 16,  530742520);
     b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
     a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
     d = md5_ii(d, a, b, c, x[i+ 7], 10,  1126891415);
     c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
     b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
     a = md5_ii(a, b, c, d, x[i+12], 6 ,  1700485571);
     d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
     c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
     b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
     a = md5_ii(a, b, c, d, x[i+ 8], 6 ,  1873313359);
     d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
     c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
     b = md5_ii(b, c, d, a, x[i+13], 21,  1309151649);
     a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
     d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
     c = md5_ii(c, d, a, b, x[i+ 2], 15,  718787259);
     b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
+    a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936);
+    d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586);
+    c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819);
+    b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330);
+    a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897);
+    d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426);
+    c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341);
+    b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983);
+    a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416);
+    d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417);
+    c = md5_ff(c, d, a, b, x[i + 10], 17, -42063);
+    b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162);
+    a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682);
+    d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101);
+    c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290);
+    b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329);
+    a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510);
+    d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632);
+    c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713);
+    b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302);
+    a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691);
+    d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083);
+    c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335);
+    b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848);
+    a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438);
+    d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690);
+    c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961);
+    b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501);
+    a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467);
+    d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784);
+    c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473);
+    b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734);
+    a = md5_hh(a, b, c, d, x[i + 5], 4, -378558);
+    d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463);
+    c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562);
+    b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556);
+    a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060);
+    d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353);
+    c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632);
+    b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640);
+    a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174);
+    d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222);
+    c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979);
+    b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189);
+    a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487);
+    d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835);
+    c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520);
+    b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651);
+    a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844);
+    d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415);
+    c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905);
+    b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055);
+    a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571);
+    d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606);
+    c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523);
+    b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799);
+    a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359);
+    d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744);
+    c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380);
+    b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649);
+    a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070);
+    d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379);
+    c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259);
+    b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551);
     a = safe_add(a, olda);
 …
  * These functions implement the four basic operations the algorithm uses.
  */
+function md5_cmn(q, a, b, x, s, t)
+{
+  return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
+}
+function md5_ff(a, b, c, d, x, s, t)
+{
+  return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
+}
+function md5_gg(a, b, c, d, x, s, t)
+{
+  return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
+}
+function md5_hh(a, b, c, d, x, s, t)
+{
+function md5_cmn(q, a, b, x, s, t) {
+  return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b);
+}
+function md5_ff(a, b, c, d, x, s, t) {
+  return md5_cmn((b & c) | (~b & d), a, b, x, s, t);
+}
+function md5_gg(a, b, c, d, x, s, t) {
+  return md5_cmn((b & d) | (c & ~d), a, b, x, s, t);
+}
+function md5_hh(a, b, c, d, x, s, t) {
   return md5_cmn(b ^ c ^ d, a, b, x, s, t);
+}
+function md5_ii(a, b, c, d, x, s, t)
+{
+  return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
+function md5_ii(a, b, c, d, x, s, t) {
+  return md5_cmn(c ^ (b | ~d), a, b, x, s, t);
+}
 …
  * to work around bugs in some JS interpreters.
  */
+function safe_add(x, y)
+{
+  var lsw = (x & 0xFFFF) + (y & 0xFFFF);
+function safe_add(x, y) {
+  var lsw = (x & 0xffff) + (y & 0xffff);
   var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
   return (msw << 16) | (lsw & 0xFFFF);
+  return (msw << 16) | (lsw & 0xffff);
+}
 …
  * Bitwise rotate a 32-bit number to the left.
  */
+function bit_rol(num, cnt)
+{
+function bit_rol(num, cnt) {
   return (num << cnt) | (num >>> (32 - cnt));
+}

wp-contentools/trunk/admin/partials/contentools-admin-display.php

-                      r2833993
+                      r2834661
     <tr class="<?php echo $this->plugin_name; ?>-token-wrap">
     <th scope="row">
             <label for="<?php echo sanitize_html_class($this->plugin_name); ?>-token">
+            <label for="<?php echo esc_attr($this->plugin_name); ?>-token">
                 <?php _e('Integration Token', esc_attr($this->plugin_name));?>
             </label>
 …
                 readonly="true"
                 type="text"
                 name="<?php echo sanitize_html_class($this->plugin_name); ?>[token]"
                 id="<?php echo sanitize_html_class($this->plugin_name); ?>-token"
+                name="<?php echo esc_attr($this->plugin_name); ?>[token]"
+                id="<?php echo esc_attr($this->plugin_name); ?>-token"
                 value="<?php if (!empty($options['token'])) {
                     esc_attr_e($options['token']);
 …
             <input
                 type="button"
                 name="<?php echo sanitize_html_class($this->plugin_name); ?>[generate-token]"
                 id="<?php echo sanitize_html_class($this->plugin_name); ?>-generate-token"
+                name="<?php echo esc_attr($this->plugin_name); ?>[generate-token]"
+                id="<?php echo esc_attr($this->plugin_name); ?>-generate-token"
                 class="button"
                 value="Generate Token" />
             <input
                 type="button"
                 name="<?php echo sanitize_html_class($this->plugin_name); ?>[clear-token]"
                 id="<?php echo sanitize_html_class($this->plugin_name); ?>-clear-token"
+                name="<?php echo esc_attr($this->plugin_name); ?>[clear-token]"
+                id="<?php echo esc_attr($this->plugin_name); ?>-clear-token"
                 class="button"
                 value="Clear Token" />
+            <input
+                type="button"
+                name="<?php echo esc_attr($this->plugin_name); ?>[copy-token]"
+                id="<?php echo esc_attr($this->plugin_name); ?>-copy-token"
+                class="button"
+                value="Copy Token" />
         </td>
     </tr>

wp-contentools/trunk/includes/class-contentools-rest.php

-                      r2833993
+                      r2834661
         );
         header((isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0') . ' ' . $status . ' ' . $statuses[$status]);
+        header((isset($_SERVER['SERVER_PROTOCOL']) ? sanitize_text_field($_SERVER['SERVER_PROTOCOL']) : 'HTTP/1.0') . ' ' . $status . ' ' . $statuses[$status]);
         header('Content-Type:application/json; charset=UTF-8');
 …
+        }
+        $php_auth_user = sanitize_user($_SERVER['PHP_AUTH_USER']);
+        $php_auth_pw = sanitize_text_field($_SERVER['PHP_AUTH_PW']);
         if (!isset($_SERVER['PHP_AUTH_USER']) && (isset($_SERVER['HTTP_AUTHORIZATION']) || isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))) {
             if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
                 $header = $_SERVER['HTTP_AUTHORIZATION'];
+                $header = sanitize_text_field($_SERVER['HTTP_AUTHORIZATION']);
             } else {
                 $header = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+                $header = sanitize_text_field($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
+            }
 …
             if (!empty($header)) {
                 list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6)));
+                list($php_auth_user, $php_auth_pw) = explode(':', base64_decode(substr($header, 6)));
+            }
 …
+        }
         $username = $_SERVER['PHP_AUTH_USER'];
         $password = $_SERVER['PHP_AUTH_PW'];
+        $username = $php_auth_user;
+        $password = $php_auth_pw;
         remove_filter('determine_current_user', array($this, 'determine_current_user'), 10);
 …
         if (isset($_POST["author"])) {
             $attachment['post_author'] = intval($_POST['author']);
+            $attachment['post_author'] = sanitize_key($_POST['author']);
+        }
 …
         if (isset($_POST["post"])) {
             $attachment['post_parent'] = intval($_POST['post']) || null;
+            $attachment['post_parent'] = sanitize_key($_POST['post']);
+        }

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory