WordPress.org
Get WordPress

Plugin Directory

Changeset 3189733


Ignore:
Timestamp:
11/15/2024 05:20:21 PM (17 months ago)
Author:
vincent06
Message:

Enforce user capability check on AJAX actions

Location:
kolorweb-log-manager
Files:
1509 added
2 deleted
4 edited

Legend:

Unmodified
Added
Removed

  • kolorweb-log-manager/trunk/kw-log-manager.php

    r3173115 r3189733  
    44 * Plugin URI:  https://kolorweb.it
    55 * Description: WordPress Debug log Manager
    6  * Version:     1.1.5
     6 * Version:     1.1.6
    77 * Author:      Vincenzo Casu
    88 * Author URI:  https://kolorweb.it
     
    4141 * Define Constants.
    4242 */
    43 define( 'KWLOGMANAGER_VERSION', '1.1.5' );
     43define( 'KWLOGMANAGER_VERSION', '1.1.6' );
    4444define( 'KWLOGMANAGER_BASE', __DIR__ . '/' );
    4545define( 'KWLOGMANAGER_URL', plugin_dir_url( __FILE__ ) );

  • kolorweb-log-manager/trunk/libs/class-ajax.php

    r3173088 r3189733  
    5959
    6060    /**
     61     * Check if user has permission to access KolorWeb Log Manager
     62     *
     63     * @since 1.1.6
     64     */
     65    public function check_if_authorized() {
     66        $authorized = \current_user_can( 'manage_options' );
     67        return apply_filters( 'kwlm_user_authorized', $authorized );
     68    }
     69
     70    /**
    6171     * Get log file details.
    6272     *
     
    6474     */
    6575    public function get_log_details() {
     76
     77        if ( ! $this->check_if_authorized() ) {
     78            die( 'Busted!' );
     79        }
    6680
    6781        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    92106    public function check_if_log_modified() {
    93107
     108        if ( ! $this->check_if_authorized() ) {
     109            die( 'Busted!' );
     110        }
     111
    94112        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
    95113            die( 'Busted!' );
     
    115133    public function check_if_log_exists() {
    116134
     135        if ( ! $this->check_if_authorized() ) {
     136            die( 'Busted!' );
     137        }
     138
    117139        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
    118140            die( 'Busted!' );
     
    135157     */
    136158    public function check_if_debug_enabled() {
     159
     160        if ( ! $this->check_if_authorized() ) {
     161            die( 'Busted!' );
     162        }
    137163
    138164        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    157183     */
    158184    public function toggle_debugging_status() {
     185
     186        if ( ! $this->check_if_authorized() ) {
     187            die( 'Busted!' );
     188        }
    159189
    160190        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    182212     */
    183213    public function get_log_entries() {
     214
     215        if ( ! $this->check_if_authorized() ) {
     216            die( 'Busted!' );
     217        }
    184218
    185219        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    209243     */
    210244    public function get_log_entries_if_modified() {
     245
     246        if ( ! $this->check_if_authorized() ) {
     247            die( 'Busted!' );
     248        }
    211249
    212250        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    246284    public function clear_log() {
    247285
     286        if ( ! $this->check_if_authorized() ) {
     287            die( 'Busted!' );
     288        }
     289
    248290        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
    249291            die( 'Busted!' );
     
    266308     */
    267309    public function get_global_settings() {
     310
     311        if ( ! $this->check_if_authorized() ) {
     312            die( 'Busted!' );
     313        }
    268314
    269315        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    288334     */
    289335    public function update_global_settings() {
     336
     337        if ( ! $this->check_if_authorized() ) {
     338            die( 'Busted!' );
     339        }
    290340
    291341        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
     
    314364    public function get_user_settings() {
    315365
     366        if ( ! $this->check_if_authorized() ) {
     367            die( 'Busted!' );
     368        }
     369
    316370        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {
    317371            die( 'Busted!' );
     
    339393     */
    340394    public function update_user_settings() {
     395
     396        if ( ! $this->check_if_authorized() ) {
     397            die( 'Busted!' );
     398        }
    341399
    342400        if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'kwlm-nonce' ) ) {

  • kolorweb-log-manager/trunk/libs/class-plugin.php

    r3173088 r3189733  
    7878     */
    7979    public function plugin_activate() {
    80 
    8180        $config = Config::get_instance();
    8281        $config->enable_debugging();

  • kolorweb-log-manager/trunk/readme.txt

    r3173115 r3189733  
    66Requires at least: 3.9
    77Tested up to: 6.7
    8 Stable tag: 1.1.5
     8Stable tag: 1.1.6
    99
    1010Really one click enable/disable debugging, clear debug.log, search, sort, and filter errors. See new errors automatically without refreshing.
     
    225225All notable changes will be tracked in this change log.
    226226
     227= 1.1.6 =
     228
     229* Enforce user capability check on AJAX actions.
     230
    227231= 1.1.5 =
    228232
Note: See TracChangeset for help on using the changeset viewer.