Changeset 3202017
- Timestamp:
- 12/04/2024 01:02:16 AM (14 months ago)
- Location:
- allaccessible/trunk
- Files:
-
- 3 edited
-
README.txt (modified) (3 diffs)
-
allaccessible.php (modified) (7 diffs)
-
assets/allaccessible-custom.js (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
allaccessible/trunk/README.txt
r3129364 r3202017 5 5 Tags: accessibility, wcag, ada, section 508, accessible, wp accessibility 6 6 Requires at least: 5.0 7 Tested up to: 6. 6.18 Stable tag: 1.3. 47 Tested up to: 6.7.1 8 Stable tag: 1.3.5 9 9 License: GPLv2 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 88 88 * And More! 89 89 90 Partners receive additional benefits including: 90 Partners receive additional benefits including: 91 91 92 92 * A free AllAccessible License for their website 93 * Discounted Licensing Costs 93 * Discounted Licensing Costs 94 94 * A listing on our partner directory 95 95 * Access to our partner portal with free resources such as SOWs and marketing material to help drive revenue … … 147 147 5. Make adjusts to the widget position, size, icon, color, and other options on the settings screen. Settings are automatically saved. 148 148 149 6. Verify the plugin is working on the homepage of the website. 149 6. Verify the plugin is working on the homepage of the website. 150 150 151 151 == Changelog == 152 153 = 1.3.5 = 154 * Security: Added authorization checks and nonce verification to settings updates. Thanks to 1337_Wannabe for the responsible security disclosure. 155 * Security: Restricted option updates to specific plugin settings only. 156 * Improved efficiency of settings handling. 157 * Tested compatibility with WP 6.7.1 152 158 153 159 = 1.3.4 = -
allaccessible/trunk/allaccessible.php
r3101358 r3202017 4 4 Plugin URI: https://www.allaccessible.org/platform/wordpress/ 5 5 Description: Unlock true digital accessibility with AllAccessible - a comprehensive WordPress plugin driving your website towards WCAG/ADA compliance. Empower your users with a fully customizable accessibility widget, and enhance their experience with our premium AI-powered features. 6 Version: 1.3. 46 Version: 1.3.5 7 7 Requires PHP: 7 8 8 Author: AllAccessible Team … … 13 13 14 14 /** 15 * Copyright (C) 202 3AllAccessible.15 * Copyright (C) 2024 AllAccessible. 16 16 * 17 17 * This program is free software: you can redistribute it and/or modify … … 31 31 /** 32 32 * @package AllAccessible 33 * @version 1.3. 433 * @version 1.3.5 34 34 * @since 1.0 35 35 * @author AllAccessible Team 36 * @copyright Copyright (c) 202 2AllAccessible36 * @copyright Copyright (c) 2024 AllAccessible 37 37 * @link https://www.allaccessible.org/ 38 38 * @license http://www.gnu.org/licenses/gpl.html … … 49 49 // $aacb_siteOptions = aacb_siteOptions(); 50 50 define('AACB_NAME', isset($aacb_siteOptions->isWhitelabel) && $aacb_siteOptions->isWhitelabel ? _e( "Accessibility", 'allaccessible' ) : 'AllAccessible'); 51 define('AACB_VERSION','1.3. 4');51 define('AACB_VERSION','1.3.5'); 52 52 define('AACB_WP_MIN_VERSION','5.0'); 53 53 define('AACB_TEXT','allaccessible'); … … 174 174 wp_enqueue_style('allaccessible-admin-style', AACB_CSS .'allaccessible-style.css',array(),AACB_VERSION); 175 175 wp_register_script('allaccessible-custom', AACB_JS .'allaccessible-custom.js',array(),AACB_VERSION); 176 $nonce = wp_create_nonce('allaccessible_save_settings'); 176 177 $ajax_data = array( 177 'ajax_url' => admin_url('admin-ajax.php') 178 'ajax_url' => admin_url('admin-ajax.php'), 179 'nonce' => $nonce 178 180 ); 179 181 wp_localize_script('allaccessible-custom', 'ajax_object', $ajax_data); … … 188 190 } 189 191 add_action('wp_ajax_aacb_dismiss_notice', 'aacb_dismiss_notice'); 192 193 /** 194 * AllAccessible Setting Saver 195 * Securely saves plugin settings with proper authorization and validation 196 * 197 * @since 1.3.5 198 */ 199 function AllAccessible_save_settings() { 200 // Verify user has admin capabilities 201 if (!current_user_can('install_plugins')) { 202 wp_send_json_error('Unauthorized access'); 203 return; 204 } 205 206 // Verify nonce 207 $nonce = isset($_POST['nonce']) ? sanitize_text_field($_POST['nonce']) : ''; 208 if (empty($nonce) || !wp_verify_nonce($nonce, 'allaccessible_save_settings')) { 209 wp_send_json_error('Invalid security token'); 210 return; 211 } 212 213 // Get and sanitize input 214 $opt_name = isset($_POST['opt_name']) ? sanitize_text_field($_POST['opt_name']) : ''; 215 $opt_value = isset($_POST['opt_value']) ? sanitize_text_field($_POST['opt_value']) : ''; 216 217 // List of allowed options 218 $allowed_options = array( 219 'aacb_accountID', 220 'aacb_siteID', 221 'aacb_options', 222 'aacb_installed' 223 ); 224 225 // Validate option name 226 if (!in_array($opt_name, $allowed_options)) { 227 wp_send_json_error('Invalid option name'); 228 return; 229 } 230 231 // Update option 232 $result = update_option($opt_name, $opt_value); 233 234 if ($result) { 235 wp_send_json_success(array( 236 'message' => 'Option updated successfully', 237 'option' => $opt_name 238 )); 239 } else { 240 wp_send_json_error(array( 241 'message' => 'Failed to update option', 242 'option' => $opt_name 243 )); 244 } 245 } 246 add_action('wp_ajax_AllAccessible_save_settings', 'AllAccessible_save_settings'); 190 247 191 248 // =================================================== … … 245 302 246 303 /** 247 * AllAccessible Setting Saver248 */249 function AllAccessible_save_settings() {250 251 $opt_name = isset($_POST['opt_name']) ? sanitize_text_field($_POST['opt_name']) : null;252 $opt_value = isset($_POST['opt_value']) ? sanitize_text_field($_POST['opt_value']) : null;253 $update = update_option($opt_name, $opt_value);254 255 }256 add_action('wp_ajax_AllAccessible_save_settings','AllAccessible_save_settings');257 258 /**259 304 * AllAccessible Deactivation 260 305 */ -
allaccessible/trunk/assets/allaccessible-custom.js
r2911378 r3202017 1 1 jQuery(document).ready(function ($) { 2 3 $('#AACB_optionsForm').on('submit', function(event){ 4 2 // Options Form Handler 3 $('#AACB_optionsForm').on('submit', function(event) { 5 4 event.preventDefault(); 6 5 7 $('#aacb-save-opt-btn').prop('disabled', true); 8 var $this = $(this); 9 // $this.after('<span class="aacb_loader"></span>'); 10 $('.aacb_message').after('<span class="aacb_loader"></span>'); 6 var $btn = $('#aacb-save-opt-btn').prop('disabled', true); 7 var $loader = $('<span class="aacb_loader"></span>').insertAfter('.aacb_message'); 11 8 var id = $('#siteDetails').attr('data-siteid'); 9 10 var formData = new FormData($(this)[0]); 12 11 var obj = {}; 13 var formData = new FormData($('#AACB_optionsForm')[0]);14 12 for (var key of formData.keys()) { 15 if (key === 'isWhiteLabel') { 16 obj[key] = (formData.get(key) === 'true'); 17 } else { 18 obj[key] = formData.get(key); 19 } 13 obj[key] = key === 'isWhiteLabel' ? 14 (formData.get(key) === 'true') : 15 formData.get(key); 20 16 } 21 var xhr = new XMLHttpRequest();22 xhr.open("POST", 'https://app.allaccessible.org/api/save-site-options/'+id);23 24 xhr.setRequestHeader("Accept", "application/json");25 xhr.setRequestHeader("Content-Type", "application/json");26 27 xhr.onreadystatechange = function () {28 if (xhr.readyState === 4) {29 $('.aacb_loader').hide();30 // $this.after('<span class="aacb_success"> Saved<div alt="f147" class="dashicons dashicons-yes"></div></a>');31 $('.aacb_message').after('<span class="aacb_success"> Saved<div alt="f147" class="dashicons dashicons-yes"></div></a>');32 $('.aacb_success').delay(3000).fadeOut(300);33 $('#aacb-save-opt-btn').prop('disabled', false);34 } else {35 $('.aacb_loader').hide();36 $('#aacb-save-opt-btn').prop('disabled', false);37 }};38 xhr.send(JSON.stringify(obj));39 40 });41 42 /* update option meta */43 $('#AACB_accountForm').on('submit', function() {44 45 var accountID = $( "#aacb_accountID" ).val();46 17 47 18 $.ajax({ 48 url : ajaxurl, 49 type : 'POST', 50 dataType : 'json', 51 data : { 52 action:'AllAccessible_save_settings', 53 opt_name: 'aacb_accountID', 54 opt_value: accountID 19 type: "POST", 20 url: 'https://app.allaccessible.org/api/save-site-options/' + id, 21 data: JSON.stringify(obj), 22 contentType: "application/json", 23 success: function() { 24 var $success = $('<span class="aacb_success"> Saved<div alt="f147" class="dashicons dashicons-yes"></div></span>') 25 .insertAfter('.aacb_message') 26 .delay(3000) 27 .fadeOut(300); 55 28 }, 56 beforeSend: function (xhr) {57 29 error: function() { 30 alert('Failed to save options. Please try again.'); 58 31 }, 59 success: function (data, textStatus, jqXHR) { 60 61 location.reload(); 62 63 if (data.status === 'OK') { 64 $('.error').html(data.message); 65 66 } else if (data.status === 'KO') { 67 $('.error').html(data.v_error); 68 } 69 }, 70 error: function (jqXHR, textStatus, errorThrown) { 71 console.log('Something went wrong!'); 32 complete: function() { 33 $loader.hide(); 34 $btn.prop('disabled', false); 72 35 } 73 36 }); 74 37 }); 75 38 76 // process the form 77 $('#AACB_trialForm').on('submit', function(event) { 39 // Account Form Handler 40 $('#AACB_accountForm').on('submit', function(event) { 41 event.preventDefault(); 78 42 79 $('#aacb-trial-btn').prop('disabled', true); 43 var accountID = $("#aacb_accountID").val(); 44 if (!accountID) { 45 alert('Please enter an account ID'); 46 return; 47 } 80 48 81 // process the form82 49 $.ajax({ 83 type : 'POST', // define the type of HTTP verb we want to use (POST for our form) 84 url : 'https://app.allaccessible.org/api/add-site', // the url where we want to POST 85 data : JSON.stringify({ 86 email: $( "#aacb_email" ).val(), 87 url: $( "#aacb_url" ).val(), 88 source: 'wordpress' 89 }), 90 dataType : 'text', 91 encode : true, 92 contentType: 'application/json; charset=utf-8', 93 success: function(data){ 94 if(data.error){ 95 //show error message here 96 data.errors 97 $('#aacb-trial-btn').prop('disabled', false); 98 }else{ 99 //handle success part 100 data.message 101 102 $.ajax({ 103 url: ajaxurl, 104 type: 'POST', 105 dataType: 'json', 106 data: { 107 action: 'AllAccessible_save_settings', 108 opt_name: 'aacb_accountID', 109 opt_value: data 110 }, 111 success: function (data, textStatus, jqXHR) { 112 113 location.reload(); 114 115 } 116 }); 117 50 url: ajax_object.ajax_url, 51 type: 'POST', 52 dataType: 'json', 53 data: { 54 action: 'AllAccessible_save_settings', 55 nonce: ajax_object.nonce, 56 opt_name: 'aacb_accountID', 57 opt_value: accountID 58 }, 59 success: function(response) { 60 if (response.success) { 61 location.reload(); 62 } else { 63 alert(response.data.message || 'Failed to save settings'); 118 64 } 119 65 }, 120 error: function(jqXHR, textStatus, errorThrown){ 121 //request error 122 $('#aacb-trial-btn').prop('disabled', false); 123 console.log('jqXHR:'); 124 console.log(jqXHR); 125 console.log('textStatus:'); 126 console.log(textStatus); 127 console.log('errorThrown:'); 128 console.log(errorThrown); 66 error: function() { 67 alert('Failed to save settings. Please try again.'); 129 68 } 130 });131 132 // stop the form from submitting the normal way and refreshing the page133 event.preventDefault();134 });135 136 $(document).on('click', '#aacb-premium-notice .notice-dismiss', function() {137 138 //console.log('dismiss clicked');139 140 var data = {141 'action': 'aacb_dismiss_notice'142 };143 144 $.post(ajax_object.ajax_url, data, function (response) {145 //console.log('Notice dismissed: ' + response);146 69 }); 147 70 }); 148 71 72 // Trial Form Handler 73 $('#AACB_trialForm').on('submit', function(event) { 74 event.preventDefault(); 75 76 var $btn = $('#aacb-trial-btn').prop('disabled', true); 77 var email = $("#aacb_email").val(); 78 var url = $("#aacb_url").val(); 79 80 if (!email || !url) { 81 alert('Please fill in all required fields'); 82 $btn.prop('disabled', false); 83 return; 84 } 85 86 $.ajax({ 87 type: 'POST', 88 url: 'https://app.allaccessible.org/api/add-site', 89 data: JSON.stringify({ 90 email: email, 91 url: url, 92 source: 'wordpress' 93 }), 94 contentType: 'application/json; charset=utf-8', 95 success: function(data) { 96 if (data.error) { 97 alert('Error: ' + (data.errors || 'Failed to create trial')); 98 $btn.prop('disabled', false); 99 return; 100 } 101 102 $.ajax({ 103 url: ajax_object.ajax_url, 104 type: 'POST', 105 dataType: 'json', 106 data: { 107 action: 'AllAccessible_save_settings', 108 nonce: ajax_object.nonce, 109 opt_name: 'aacb_accountID', 110 opt_value: data 111 }, 112 success: function(response) { 113 if (response.success) { 114 location.reload(); 115 } else { 116 alert(response.data.message || 'Failed to save settings'); 117 $btn.prop('disabled', false); 118 } 119 }, 120 error: function() { 121 alert('Failed to save settings. Please try again.'); 122 $btn.prop('disabled', false); 123 } 124 }); 125 }, 126 error: function() { 127 alert('Failed to create trial. Please try again.'); 128 $btn.prop('disabled', false); 129 } 130 }); 131 }); 132 133 // Notice Dismiss Handler 134 $(document).on('click', '#aacb-premium-notice .notice-dismiss', function() { 135 $.post(ajax_object.ajax_url, { 'action': 'aacb_dismiss_notice' }); 136 }); 149 137 });
Note: See TracChangeset
for help on using the changeset viewer.