WordPress.org
Get WordPress

Plugin Directory

Changeset 3184249


Ignore:
Timestamp:
11/08/2024 08:00:43 AM (16 months ago)
Author:
nimeshatxecurify
Message:

Login Using WordPress Users v1.15.7

  • Compatibility with WordPress 6.7.
  • Improved security for SQL Queries executed by the plugin.
Location:
miniorange-wp-as-saml-idp
Files:
234 added
5 edited

Legend:

Unmodified
Added
Removed

  • miniorange-wp-as-saml-idp/trunk/MoIDPAutoload.php

    r3158222 r3184249  
    1212use IDP\SplClassLoader;
    1313
    14 define( 'MSI_VERSION', '1.15.6' );
     14define( 'MSI_VERSION', '1.15.7' );
    1515define( 'MSI_DB_VERSION', '1.5' );
    1616define( 'MSI_DIR', plugin_dir_path( __FILE__ ) );

  • miniorange-wp-as-saml-idp/trunk/MoIDPSettings.php

    r3158222 r3184249  
    44 * Plugin URI: https://plugins.miniorange.com/wordpress-saml-idp
    55 * Description: Convert your WordPress into an IDP.
    6  * Version: 1.15.6
     6 * Version: 1.15.7
    77 * Author: miniOrange
    88 * Author URI: https://plugins.miniorange.com/

  • miniorange-wp-as-saml-idp/trunk/helper/database/MoDbQueries.php

    r3132583 r3184249  
    203203    private function mo_update_protocol_type() {
    204204        global $wpdb;
    205         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_idp_protocol_type longtext NOT NULL', $this->sp_data_table_name ) );
    206         // $wpdb->query( $wpdb->prepare( 'UPDATE %i SET mo_idp_protocol_type = "SAML"', $this->sp_data_table_name ) );
    207205        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . ' ADD COLUMN mo_idp_protocol_type longtext NOT NULL' );
    208206        $wpdb->query( 'UPDATE ' . $this->sp_data_table_name . " SET mo_idp_protocol_type = 'SAML'" );
     
    217215    private function mo_update_logout() {
    218216        global $wpdb;
    219         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_idp_logout_url longtext NULL', $this->sp_data_table_name ) );
    220         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_idp_logout_binding_type varchar(15) DEFAULT "HttpRedirect" NOT NULL', $this->sp_data_table_name ) );
    221217        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . ' ADD COLUMN mo_idp_logout_url longtext NULL' );
    222218        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . " ADD COLUMN mo_idp_logout_binding_type varchar(15) DEFAULT 'HttpRedirect' NOT NULL" );
     
    231227    private function mo_update_cert() {
    232228        global $wpdb;
    233         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_idp_cert_encrypt longtext NULL', $this->sp_data_table_name ) );
    234         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_idp_encrypted_assertion smallint NULL', $this->sp_data_table_name ) );
    235229        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . ' ADD COLUMN mo_idp_cert_encrypt longtext NULL' );
    236230        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . ' ADD COLUMN mo_idp_encrypted_assertion smallint NULL' );
     
    245239    private function mo_update_relay() {
    246240        global $wpdb;
    247         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_idp_default_relayState longtext NULL', $this->sp_data_table_name ) );
    248241        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . ' ADD COLUMN mo_idp_default_relayState longtext NULL' );
    249242    }
     
    257250    private function mo_update_custom_attr() {
    258251        global $wpdb;
    259         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i ADD COLUMN mo_attr_type smallint DEFAULT 0 NOT NULL', $this->sp_attr_table_name ) );
    260         // $wpdb->update( $this->sp_attr_table_name, array( 'mo_attr_type' => '1' ), array( 'mo_sp_attr_name' => 'groupMapName' ) );
    261252        $wpdb->query( 'ALTER TABLE ' . $this->sp_attr_table_name . ' ADD COLUMN mo_attr_type smallint DEFAULT 0 NOT NULL' );
    262253        $wpdb->update( $this->sp_attr_table_name, array( 'mo_attr_type' => '1' ), array( 'mo_sp_attr_name' => 'groupMapName' ) );
     
    270261    public function get_sp_list() {
    271262        global $wpdb;
    272         // return $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM %i', $this->sp_data_table_name ) );
    273263        return $wpdb->get_results( 'SELECT * FROM ' . $this->sp_data_table_name );
    274264    }
     
    283273    public function get_sp_data( $id ) {
    284274        global $wpdb;
    285         // return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM %i WHERE id=%s', array( $this->sp_data_table_name, $id ) ) );
    286         return $wpdb->get_row( 'SELECT * FROM ' . $this->sp_data_table_name . ' WHERE id=' . $id );
     275        return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $this->sp_data_table_name . ' WHERE id=%s', $id ) );
    287276    }
    288277
     
    294283    public function get_sp_count() {
    295284        global $wpdb;
    296         // return $wpdb->get_var( $wpdb->prepare( 'SELECT COUNT(*) FROM %i', $this->sp_data_table_name ) );
    297285        $sql = 'SELECT COUNT(*) FROM ' . $this->sp_data_table_name;
    298286        return $wpdb->get_var( $sql );
     
    300288
    301289    /**
    302      * Get all the profile attribute mapping done for the
    303      * SP from the Attribute table. Doesn't return the role
    304      * mapping or the custom attributes. There are separate
    305      * functions for that.
     290     * Gets all the Attribute mapping done for the
     291     * SP from the Attribute table.
    306292     *
    307293     * @param string $id References the ID of the SP in the database.
    308294     * @return array|object|null
    309295     */
    310     public function get_sp_attributes( $id ) {
    311         global $wpdb;
    312         // return $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_sp_id = %s AND mo_sp_attr_name <> "groupMapName" AND mo_attr_type = 0', array( $this->sp_attr_table_name, $id ) ) );
    313         return $wpdb->get_results( 'SELECT * FROM ' . $this->sp_attr_table_name . " WHERE mo_sp_id = $id AND mo_sp_attr_name <> 'groupMapName' AND mo_attr_type = 0" );
    314     }
    315 
    316     /**
    317      * Get all the Role attribute mapping done for the
    318      * SP from the Attribute table.
    319      *
    320      * @param string $id References the ID of the SP in the database.
    321      * @return array|object|null|void
    322      */
    323     public function get_sp_role_attribute( $id ) {
    324         global $wpdb;
    325         // return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_sp_id = %s AND mo_sp_attr_name = "groupMapName"', array( $this->sp_attr_table_name, $id ) ) );
    326         return $wpdb->get_row( 'SELECT * FROM ' . $this->sp_attr_table_name . " WHERE mo_sp_id = $id AND mo_sp_attr_name = 'groupMapName'" );
    327     }
    328 
    329     /**
    330      * Gets all the Attribute mapping done for the
    331      * SP from the Attribute table.
    332      *
    333      * @param string $id References the ID of the SP in the database.
    334      * @return array|object|null
    335      */
    336296    public function get_all_sp_attributes( $id ) {
    337297        global $wpdb;
    338         // return $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_sp_id = %s', array( $this->sp_attr_table_name, $id ) ) );
    339         return $wpdb->get_results( 'SELECT * FROM ' . $this->sp_attr_table_name . " WHERE mo_sp_id = $id " );
     298        return $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $this->sp_attr_table_name . ' WHERE mo_sp_id = %s', $id ) );
    340299    }
    341300
     
    349308    public function get_sp_from_issuer( $issuer ) {
    350309        global $wpdb;
    351         // return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_idp_sp_issuer = %s', array( $this->sp_attr_table_name, $issuer ) ) );
    352         return $wpdb->get_row( 'SELECT * FROM ' . $this->sp_data_table_name . " WHERE mo_idp_sp_issuer = '$issuer'" );
     310        return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $this->sp_data_table_name . ' WHERE mo_idp_sp_issuer = %s', $issuer ) );
    353311    }
    354312
     
    362320    public function get_sp_from_name( $name ) {
    363321        global $wpdb;
    364         // return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_idp_sp_name = %s', array( $this->sp_attr_table_name, $name ) ) );
    365         return $wpdb->get_row( 'SELECT * FROM ' . $this->sp_data_table_name . " WHERE mo_idp_sp_name = '$name'" );
     322        return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $this->sp_data_table_name . ' WHERE mo_idp_sp_name = %s',  $name ) );
    366323    }
    367324
     
    375332    public function get_sp_from_acs( $acs ) {
    376333        global $wpdb;
    377         // return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_idp_acs_url = %s', array( $this->sp_attr_table_name, $acs ) ) );
    378         return $wpdb->get_row( 'SELECT * FROM ' . $this->sp_data_table_name . " WHERE mo_idp_acs_url = '$acs'" );
     334        return $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $this->sp_data_table_name . ' WHERE mo_idp_acs_url = %s', $acs ) );
    379335    }
    380336
     
    444400    public function update_metadata_data() {
    445401        global $wpdb;
    446         // $wpdb->query( $wpdb->prepare( 'DELETE FROM %i', $this->sp_data_table_name ) );
    447         // $wpdb->query( $wpdb->prepare( 'ALTER TABLE %i AUTO_INCREMENT=0', $this->sp_data_table_name ) );
    448402        $wpdb->query( 'DELETE FROM ' . $this->sp_data_table_name );
    449403        $wpdb->query( 'ALTER TABLE ' . $this->sp_data_table_name . ' AUTO_INCREMENT=0' );
     
    490444    }
    491445
    492 
    493446    /**
    494447     * Deletes the SP attribute data from the Attribute table.
     
    500453        global $wpdb;
    501454        $wpdb->delete( $this->sp_attr_table_name, $attr_where, $where_format = null );
    502     }
    503 
    504     /**
    505      * Insert the SP attribute data into Attribute table.
    506      *
    507      * @param array $data_attr References the data to be put in the table.
    508      * @return void
    509      */
    510     public function insert_sp_attributes( $data_attr ) {
    511         global $wpdb;
    512         $wpdb->insert( $this->sp_attr_table_name, $data_attr );
    513     }
    514 
    515     /**
    516      * Fetch the Custom Attributes for the SP from the Attribute
    517      * Table.
    518      *
    519      * @param string $id References the ID of the SP in the database.
    520      * @return array|object|null
    521      */
    522     public function get_custom_sp_attr( $id ) {
    523         global $wpdb;
    524         // return $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM %i WHERE mo_sp_id = %s AND mo_attr_type = 2', array( $this->sp_attr_table_name, $id ) ) );
    525         return $wpdb->get_results( 'SELECT * FROM ' . $this->sp_attr_table_name . " WHERE mo_sp_id = $id AND mo_attr_type = 2" );
    526     }
    527 
    528     /**
    529      * Fetch the number of users who have performed SSO using the plugin.
    530      * Checks the user_meta table for users who have mo_idp_user_type
    531      * as a meta key.
    532      *
    533      * @return string|null
    534      */
    535     public function get_users() {
    536         global $wpdb;
    537         // return $wpdb->get_var( $wpdb->prepare( 'SELECT COUNT(*) FROM %i WHERE meta_key="mo_idp_user_type"', $this->user_meta_table ) );
    538         return $wpdb->get_var( 'SELECT COUNT(*) FROM ' . $wpdb->prefix . "usermeta WHERE meta_key='mo_idp_user_type'" );
    539     }
    540 
    541     /**
    542      * Get protocol type from SP data table.
    543      *
    544      * @return array|object|null
    545      */
    546     public function get_protocol() {
    547         global $wpdb;
    548         // return $wpdb->get_results( $wpdb->prepare( 'SELECT mo_idp_protocol_type FROM %i', $this->sp_data_table_name ) );
    549         return $wpdb->get_results( 'SELECT mo_idp_protocol_type FROM ' . $this->sp_data_table_name );
    550455    }
    551456
     
    558463    public function get_distinct_meta_attributes() {
    559464        global $wpdb;
    560         // return $wpdb->get_results( $wpdb->prepare( 'SELECT DISTINCT meta_key FROM %i', $this->user_meta_table ) );
    561465        return $wpdb->get_results( 'SELECT DISTINCT meta_key FROM ' . $this->user_meta_table );
    562466    }

  • miniorange-wp-as-saml-idp/trunk/readme.txt

    r3158222 r3184249  
    44Tags: Login with WordPress, single sign on, SSO, identity provider, WordPress login, LMS, SAML IDP, Tableau, Moodle LMS Integration, Zoom, Nextcloud Login, Thinkific
    55Requires at least: 4.8
    6 Tested up to: 6.6
    7 Stable tag: 1.15.6
     6Tested up to: 6.7
     7Stable tag: 1.15.7
    88Requires PHP: 5.6
    99License: MIT/Expat
     
    154154== Changelog ==
    155155
     156= 1.15.7 =
     157* Compatibility with WordPress 6.7.
     158* Improved security for SQL Queries executed by the plugin.
     159
    156160= 1.15.6 =
    157161* Migrated the php fopen and unlink calls to relevant WP Filesystem calls
     
    364368== Upgrade Notice ==
    365369
     370= 1.15.7 =
     371* Compatibility with WordPress 6.7.
     372* Improved security for SQL Queries executed by the plugin.
     373
    366374= 1.15.6 =
    367375* Migrated the php fopen and unlink calls to relevant WP Filesystem calls

  • miniorange-wp-as-saml-idp/trunk/views/idp-delete.php

    r2903389 r3184249  
    1717                            <br>';
    1818if ( isset( $sp ) && ! empty( $sp ) ) {
     19        if ( ! $disabled ) {
     20                echo '<div><form method="post" id="mo_idp_delete_sp_settings_form" action="' . esc_url( $post_url ) . '">
     21                                    <input type="hidden" name="option" value="mo_idp_delete_sp_settings"/>
     22                                    <input type="hidden" name="sp_id" value="' . esc_attr( $sp->id ) . '"/>';
     23                                        wp_nonce_field( $idp_sp_settings_nonce );
     24                echo '</form></div>';
     25        }
    1926    echo '<div class="">
    2027                                <span class="mo-idp-mt-5 mo-idp-home-card-link" >
     
    3946                echo '   </div>
    4047                </div>';
    41 if ( ! $disabled ) {
    42     echo '<form method="post" id="mo_idp_delete_sp_settings_form" action="' . esc_url( $post_url ) . '">
    43                 <input type="hidden" name="option" value="mo_idp_delete_sp_settings"/>
    44                 <input type="hidden" name="sp_id" value="' . esc_attr( $sp->id ) . '"/>';
    45                 wp_nonce_field( $idp_sp_settings_nonce );
    46     echo '</form>';
    47 }
Note: See TracChangeset for help on using the changeset viewer.