Changeset 3293562

online-accessibility/tags/4.19/CHANGELOG.md

-                      r3268067
+                      r3293562
 # Changelog
 All notable changes to this project will be documented in this file.
+.19
+- Updated patch for arbitrary file upload vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-plugin-4-17-arbitrary-file-upload-vulnerability?_a_id=15
+- Updated patch for broken access control vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-16-multiple-broken-access-control-vulnerability?_a_id=15
+- Patched sql injection vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-17-sql-injection-vulnerability?_a_id=15
+- Tested up to WordPress 6.8.1
 .18
 - Patched arbitrary file upload vulnerability - https://patchstack.com/database/report-preview/dedfa172-1348-46f1-afdb-3ca0104afb90
 - Patched broken access control vulnerability - https://patchstack.com/database/report-preview/ccae245c-4b01-4081-a687-150ff6ad0627
+- Patched arbitrary file upload vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-plugin-4-17-arbitrary-file-upload-vulnerability?_a_id=15
+- Patched broken access control vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-16-multiple-broken-access-control-vulnerability?_a_id=15
 - Tested up to WordPress 6.7.2
+-

online-accessibility/tags/4.19/README.txt

-                      r3268067
+                      r3293562
 Author URI: https://adaplugin.com
 Author: Ability, Inc
 Tested up to: 6.7.2
 Stable tag: "4.18"
 Version 4.18
+Tested up to: 6.8.1
+Stable tag: "4.19"
+Version 4.19
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

online-accessibility/tags/4.19/includes/ajax_functions/core.php

-                      r3091769
+                      r3293562
+{
     Helper::verify_security($_GET);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $details = [];
 …
+{
     Helper::verify_security($_GET);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     update_post_meta($scan->ID, '_oadaas_scan-dismissed', 1);
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = new WCAG_Scan((int)$_POST['scan_id']);
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
 …
+{
     Helper::verify_security($_GET);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $page = $_GET["page"];
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $result = $scan->step_complete();
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $step = get_post_meta($scan->ID, "_filter_step", true);
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     set_transient("_oadaas_upgrade_banner_dismissed", 1, 120 * DAY_IN_SECONDS);
     wp_send_json(["message" => "success"], 200);
 …
 function get_scan_results(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $results = Helper::get_scan_data($_POST["scan_id"], $_POST["offset"], $_POST["limit"]);
     $rows = Helper::get_row_count($_POST["scan_id"]);

online-accessibility/tags/4.19/includes/ajax_functions/site-updates.php

-                      r3091769
+                      r3293562
 function save_changes(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     foreach($_POST["modified"] AS $ID => $changes){
 …
 function get_list(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     global $wpdb;
     $pageLength = $_POST["pageLength"];
 …
 function get_image_count(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $valid = $_POST["valid"];
     global $wpdb;

online-accessibility/tags/4.19/includes/ajax_functions/sitemap.php

-                      r3268067
+                      r3293562
 function server_validate_upload($file)
+{
+    $is_csv = true;
+    // Verify user has appropriate permissions
+    if (!current_user_can('manage_options')) {
+        return "Unauthorized access";
+    }
+    // Validate file exists and has no errors
+    if (!isset($file) || $file['error'] !== UPLOAD_ERR_OK) {
+        return "File upload error: " . (isset($file['error']) ? $file['error'] : 'Unknown error');
+    }
+    // Get file extension and validate
     $pathinfo = pathinfo($file['name']);
+    if ($pathinfo["extension"] !== "csv") {
+        $is_csv = false;
+    }
+    if (getimagesize($file["tmp_name"])) {
+        return "Incorrect file format: " . $pathinfo["extension"];
+        wp_die();
+    }
+    $extension = strtolower($pathinfo["extension"] ?? '');
+    // Define allowed file formats
     $supportedFormats = ['csv', 'txt', 'xml', 'xls', 'xlsx'];
+    if (in_array($pathinfo["extension"], $supportedFormats)) {
+        //Store the uploaded file to the server
+        $basedir = wp_upload_dir()["basedir"];
+        $rel_path = "/oadaas/sitemap/";
+        $filename = "sitemap." . $pathinfo["extension"];
+        $path = $basedir . $rel_path . $filename;
+        if (!file_exists($basedir . $rel_path)) {
+            wp_mkdir_p($basedir . $rel_path, 0777, true);
+        }
+        $success = move_uploaded_file($file["tmp_name"], $path);  // phpcs:ignore
+    if (!in_array($extension, $supportedFormats)) {
+        return "Incorrect file format: " . esc_html($extension);
+    }
+    // Additional security check - prevent image uploads disguised as other formats
+    $finfo = new \finfo(FILEINFO_MIME_TYPE);
+    $mime_type = $finfo->file($file["tmp_name"]);
+    $allowed_mime_types = [
+        'text/csv', 'text/plain', 'application/xml', 'text/xml',
+        'application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+    ];
+    if (!in_array($mime_type, $allowed_mime_types)) {
+        return "Invalid file type detected: " . esc_html($mime_type);
+    }
+    // Set up directory with secure permissions
+    $basedir = wp_upload_dir()["basedir"];
+    $rel_path = "/oadaas/sitemap/";
+    $upload_dir = $basedir . $rel_path;
+    // Create directory with secure permissions if it doesn't exist
+    if (!file_exists($upload_dir)) {
+        if (!wp_mkdir_p($upload_dir, 0755, true)) {
+            return "Failed to create upload directory";
+        }
+    }
+    // Set secure file path
+    $filename = "sitemap." . $extension;
+    $path = $upload_dir . $filename;
+    // Move uploaded file
+    if (!move_uploaded_file($file["tmp_name"], $path)) {
+        return "Failed to move uploaded file";
+    }
+    // Process file based on type
+    if ($extension === 'csv') {
+        // Process CSV file
         try {
+            if ($success && !$is_csv) {
+                $new_filename = "sitemap.csv";
+                //Convert the file to CSV
+                switch ($pathinfo["extension"]) {
+                    case "xml":
+                        if (file_exists($path)) {
+                            $xml = simplexml_load_file($path);
+                            $f = fopen($basedir . $rel_path . $new_filename, 'w');  // phpcs:ignore
+                            convert_xml_to_csv($xml, $f);
+                            $stat = fstat($f);
+                            ftruncate($f, $stat['size'] - 1);
+                            fclose($f);  // phpcs:ignore
+                            wp_delete_file($path);
+                        }
+                        break;
+                }
+                return "success";
+            }
+        }
+        catch(\Exception $e) {
+            $put_arr = [];
+            $f = fopen($path, 'r');
+            if (!$f) {
+                wp_delete_file($path);
+                return "Failed to open CSV file";
+            }
+            while (($line = fgetcsv($f, 0, ",")) !== false) {
+                $put_arr[] = $line;
+            }
+            fclose($f);
+            // Only proceed if we have data
+            if (empty($put_arr) || empty($put_arr[0])) {
+                wp_delete_file($path);
+                return "CSV file is empty or invalid";
+            }
+            // Rewrite the CSV file securely
+            $f = fopen($path, "w");
+            if (!$f) {
+                wp_delete_file($path);
+                return "Failed to write CSV file";
+            }
+            foreach ($put_arr[0] as $item) {
+                fputcsv($f, [sanitize_text_field($item)], ',', '"');
+            }
+            $stat = fstat($f);
+            ftruncate($f, $stat['size'] - 1);
+            fclose($f);
+            return "success";
+        } catch (\Exception $e) {
+            // Clean up on error
+            if (file_exists($path)) {
+                wp_delete_file($path);
+            }
+            return "Error processing CSV: " . esc_html($e->getMessage());
+        }
+    } else if ($extension === 'xml') {
+        // Convert XML to CSV
+        try {
+            if (!file_exists($path)) {
+                return "XML file not found after upload";
+            }
+            // Validate XML structure before processing
+            $xml = @simplexml_load_file($path);
+            if ($xml === false) {
+                wp_delete_file($path);
+                return "Invalid XML file";
+            }
+            $csv_path = $upload_dir . "sitemap.csv";
+            $f = fopen($csv_path, 'w');
+            if (!$f) {
+                wp_delete_file($path);
+                return "Failed to create CSV file";
+            }
+            // Convert XML to CSV with proper error handling
+            $result = convert_xml_to_csv($xml, $f);
+            if ($result === false) {
+                fclose($f);
+                wp_delete_file($csv_path);
+                wp_delete_file($path);
+                return "Failed to convert XML to CSV";
+            }
+            $stat = fstat($f);
+            ftruncate($f, $stat['size'] - 1);
+            fclose($f);
+            // Remove the original XML file after successful conversion
             wp_delete_file($path);
+        }
+        if ($is_csv) {
+            $put_arr = [];
+            return "success";
+        } catch (\Exception $e) {
+            // Clean up on error
             if (file_exists($path)) {
+                //Read and store contents of uploaded CSV file into an array
+                $f = fopen($path, 'r');  // phpcs:ignore
+                while (($line = fgetcsv($f, 0, ",")) !== false) {
+                    $put_arr[] = $line;
+                }
+                fclose($f);  // phpcs:ignore
+                //Rewrite the CSV file to use '/n' after delimiter
+                $f = fopen($path, "w");  // phpcs:ignore
+                foreach ($put_arr[0] as $item) {
+                    fputcsv($f, [$item], ',', '"');
+                }
+                $stat = fstat($f);
+                ftruncate($f, $stat['size'] - 1);
+                fclose($f);  // phpcs:ignore
+                return "success";
+            }
+        }
+    }
+    return "Incorrect file format: " . $pathinfo["extension"];
+    wp_die();
+}
+                wp_delete_file($path);
+            }
+            if (file_exists($upload_dir . "sitemap.csv")) {
+                wp_delete_file($upload_dir . "sitemap.csv");
+            }
+            return "Error processing XML: " . esc_html($e->getMessage());
+        }
+    } else {
+        // For other file types that need conversion but aren't implemented yet
+        wp_delete_file($path);
+        return "File type " . esc_html($extension) . " is supported but conversion is not implemented";
+    }
+}
 function convert_xml_to_csv($xml, $f)

online-accessibility/tags/4.19/includes/classes/Helper.php

-                      r3268067
+                      r3293562
     static function save_false_positive($scan_id, $issue_id){
         global $wpdb;
+        $table_name = $wpdb->prefix.'oada_false_positives';
+        if(! is_admin()) {
+            return '';
+        }
+        $table_name = $wpdb->prefix.'oada_false_positives';
+        if(! is_admin()) {
+            return '';
+        }
+        // Validate inputs
+        $scan_id = absint($scan_id); // Ensure scan_id is a positive integer
+        if (!$scan_id) {
+            return ["status" => "failed", "msg" => "Invalid scan ID"];
+        }
         try{
+            //Get list
+            $list = json_decode(
+                $wpdb->get_results($wpdb->prepare("SELECT list FROM  $table_name WHERE scan_id = $scan_id"))[0]->list // phpcs:ignore
+            // Get list using properly prepared query
+            $query = $wpdb->prepare(
+                "SELECT list FROM %i WHERE scan_id = %d",
+                $table_name,
+                $scan_id
             );
+            //Add to list
+            $result = $wpdb->get_results($query);
+            if (empty($result)) {
+                return ["status" => "failed", "msg" => "Scan not found"];
+            }
+            $list = json_decode($result[0]->list);
+            // Validate list is an array
+            if (!is_array($list)) {
+                $list = [];
+            }
+            // Add to list
             $list[] = $issue_id;
+            $list = $wpdb->_real_escape(json_encode($list));
+            //Save new list
+            $wpdb->query($wpdb->prepare("UPDATE $table_name SET list = '$list' WHERE scan_id =$scan_id")); // phpcs:ignore
+            // Prepare the JSON string properly
+            $json_list = wp_json_encode($list);
+            // Update with properly prepared query
+            $updated = $wpdb->update(
+                $table_name,
+                ['list' => $json_list],
+                ['scan_id' => $scan_id],
+                ['%s'],
+                ['%d']
+            );
+            if ($updated === false) {
+                return ["status" => "failed", "msg" => "Database update failed"];
+            }
             return ["status" => "success"];
+        }catch(\Exception $e){
+            return ["status" => "failed", "msg" => $e];
+        }
+    }
+        } catch(\Exception $e){
+            return ["status" => "failed", "msg" => $e->getMessage()];
+        }
+    }
     static function delete_false_positive($scan_id, $issue_id){

online-accessibility/tags/4.19/index.php

r3268067	r3293562
6	6	* Plugin URI: https://adaplugin.com
7	7	* Description: The most powerful and comprehensive Accessibility Suite. Achieve and maintain ADA/WCAG compliance faster than ever before. Audit, identify, get instruction, and fix.
8		* Version: 4.18
	8	* Version: 4.19
9	9	* Author: Ability, Inc
10	10	* Author URI: https://adaplugin.com

online-accessibility/trunk/CHANGELOG.md

-                      r3268067
+                      r3293562
 # Changelog
 All notable changes to this project will be documented in this file.
+.19
+- Updated patch for arbitrary file upload vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-plugin-4-17-arbitrary-file-upload-vulnerability?_a_id=15
+- Updated patch for broken access control vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-16-multiple-broken-access-control-vulnerability?_a_id=15
+- Patched sql injection vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-17-sql-injection-vulnerability?_a_id=15
+- Tested up to WordPress 6.8.1
 .18
 - Patched arbitrary file upload vulnerability - https://patchstack.com/database/report-preview/dedfa172-1348-46f1-afdb-3ca0104afb90
 - Patched broken access control vulnerability - https://patchstack.com/database/report-preview/ccae245c-4b01-4081-a687-150ff6ad0627
+- Patched arbitrary file upload vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-plugin-4-17-arbitrary-file-upload-vulnerability?_a_id=15
+- Patched broken access control vulnerability - https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-16-multiple-broken-access-control-vulnerability?_a_id=15
 - Tested up to WordPress 6.7.2
+-

online-accessibility/trunk/README.txt

-                      r3268067
+                      r3293562
 Author URI: https://adaplugin.com
 Author: Ability, Inc
 Tested up to: 6.7.2
 Stable tag: "4.18"
 Version 4.18
+Tested up to: 6.8.1
+Stable tag: "4.19"
+Version 4.19
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

online-accessibility/trunk/includes/ajax_functions/core.php

-                      r3091769
+                      r3293562
+{
     Helper::verify_security($_GET);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $details = [];
 …
+{
     Helper::verify_security($_GET);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     update_post_meta($scan->ID, '_oadaas_scan-dismissed', 1);
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = new WCAG_Scan((int)$_POST['scan_id']);
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
 …
+{
     Helper::verify_security($_GET);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $page = $_GET["page"];
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $result = $scan->step_complete();
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $scan = get_active_scan();
     $step = get_post_meta($scan->ID, "_filter_step", true);
 …
+{
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     set_transient("_oadaas_upgrade_banner_dismissed", 1, 120 * DAY_IN_SECONDS);
     wp_send_json(["message" => "success"], 200);
 …
 function get_scan_results(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $results = Helper::get_scan_data($_POST["scan_id"], $_POST["offset"], $_POST["limit"]);
     $rows = Helper::get_row_count($_POST["scan_id"]);

online-accessibility/trunk/includes/ajax_functions/site-updates.php

-                      r3091769
+                      r3293562
 function save_changes(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     foreach($_POST["modified"] AS $ID => $changes){
 …
 function get_list(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     global $wpdb;
     $pageLength = $_POST["pageLength"];
 …
 function get_image_count(){
     Helper::verify_security($_POST);
+    // Add capability check to ensure user has proper permissions
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized access', 403);
+        wp_die();
+    }
+    // Add referrer check to ensure request comes from your admin pages
+    $referer = wp_get_referer();
+    if (!$referer || strpos($referer, admin_url()) !== 0) {
+        wp_send_json_error('Invalid request origin', 403);
+        wp_die();
+    }
     $valid = $_POST["valid"];
     global $wpdb;

online-accessibility/trunk/includes/ajax_functions/sitemap.php

-                      r3268067
+                      r3293562
 function server_validate_upload($file)
+{
+    $is_csv = true;
+    // Verify user has appropriate permissions
+    if (!current_user_can('manage_options')) {
+        return "Unauthorized access";
+    }
+    // Validate file exists and has no errors
+    if (!isset($file) || $file['error'] !== UPLOAD_ERR_OK) {
+        return "File upload error: " . (isset($file['error']) ? $file['error'] : 'Unknown error');
+    }
+    // Get file extension and validate
     $pathinfo = pathinfo($file['name']);
+    if ($pathinfo["extension"] !== "csv") {
+        $is_csv = false;
+    }
+    if (getimagesize($file["tmp_name"])) {
+        return "Incorrect file format: " . $pathinfo["extension"];
+        wp_die();
+    }
+    $extension = strtolower($pathinfo["extension"] ?? '');
+    // Define allowed file formats
     $supportedFormats = ['csv', 'txt', 'xml', 'xls', 'xlsx'];
+    if (in_array($pathinfo["extension"], $supportedFormats)) {
+        //Store the uploaded file to the server
+        $basedir = wp_upload_dir()["basedir"];
+        $rel_path = "/oadaas/sitemap/";
+        $filename = "sitemap." . $pathinfo["extension"];
+        $path = $basedir . $rel_path . $filename;
+        if (!file_exists($basedir . $rel_path)) {
+            wp_mkdir_p($basedir . $rel_path, 0777, true);
+        }
+        $success = move_uploaded_file($file["tmp_name"], $path);  // phpcs:ignore
+    if (!in_array($extension, $supportedFormats)) {
+        return "Incorrect file format: " . esc_html($extension);
+    }
+    // Additional security check - prevent image uploads disguised as other formats
+    $finfo = new \finfo(FILEINFO_MIME_TYPE);
+    $mime_type = $finfo->file($file["tmp_name"]);
+    $allowed_mime_types = [
+        'text/csv', 'text/plain', 'application/xml', 'text/xml',
+        'application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+    ];
+    if (!in_array($mime_type, $allowed_mime_types)) {
+        return "Invalid file type detected: " . esc_html($mime_type);
+    }
+    // Set up directory with secure permissions
+    $basedir = wp_upload_dir()["basedir"];
+    $rel_path = "/oadaas/sitemap/";
+    $upload_dir = $basedir . $rel_path;
+    // Create directory with secure permissions if it doesn't exist
+    if (!file_exists($upload_dir)) {
+        if (!wp_mkdir_p($upload_dir, 0755, true)) {
+            return "Failed to create upload directory";
+        }
+    }
+    // Set secure file path
+    $filename = "sitemap." . $extension;
+    $path = $upload_dir . $filename;
+    // Move uploaded file
+    if (!move_uploaded_file($file["tmp_name"], $path)) {
+        return "Failed to move uploaded file";
+    }
+    // Process file based on type
+    if ($extension === 'csv') {
+        // Process CSV file
         try {
+            if ($success && !$is_csv) {
+                $new_filename = "sitemap.csv";
+                //Convert the file to CSV
+                switch ($pathinfo["extension"]) {
+                    case "xml":
+                        if (file_exists($path)) {
+                            $xml = simplexml_load_file($path);
+                            $f = fopen($basedir . $rel_path . $new_filename, 'w');  // phpcs:ignore
+                            convert_xml_to_csv($xml, $f);
+                            $stat = fstat($f);
+                            ftruncate($f, $stat['size'] - 1);
+                            fclose($f);  // phpcs:ignore
+                            wp_delete_file($path);
+                        }
+                        break;
+                }
+                return "success";
+            }
+        }
+        catch(\Exception $e) {
+            $put_arr = [];
+            $f = fopen($path, 'r');
+            if (!$f) {
+                wp_delete_file($path);
+                return "Failed to open CSV file";
+            }
+            while (($line = fgetcsv($f, 0, ",")) !== false) {
+                $put_arr[] = $line;
+            }
+            fclose($f);
+            // Only proceed if we have data
+            if (empty($put_arr) || empty($put_arr[0])) {
+                wp_delete_file($path);
+                return "CSV file is empty or invalid";
+            }
+            // Rewrite the CSV file securely
+            $f = fopen($path, "w");
+            if (!$f) {
+                wp_delete_file($path);
+                return "Failed to write CSV file";
+            }
+            foreach ($put_arr[0] as $item) {
+                fputcsv($f, [sanitize_text_field($item)], ',', '"');
+            }
+            $stat = fstat($f);
+            ftruncate($f, $stat['size'] - 1);
+            fclose($f);
+            return "success";
+        } catch (\Exception $e) {
+            // Clean up on error
+            if (file_exists($path)) {
+                wp_delete_file($path);
+            }
+            return "Error processing CSV: " . esc_html($e->getMessage());
+        }
+    } else if ($extension === 'xml') {
+        // Convert XML to CSV
+        try {
+            if (!file_exists($path)) {
+                return "XML file not found after upload";
+            }
+            // Validate XML structure before processing
+            $xml = @simplexml_load_file($path);
+            if ($xml === false) {
+                wp_delete_file($path);
+                return "Invalid XML file";
+            }
+            $csv_path = $upload_dir . "sitemap.csv";
+            $f = fopen($csv_path, 'w');
+            if (!$f) {
+                wp_delete_file($path);
+                return "Failed to create CSV file";
+            }
+            // Convert XML to CSV with proper error handling
+            $result = convert_xml_to_csv($xml, $f);
+            if ($result === false) {
+                fclose($f);
+                wp_delete_file($csv_path);
+                wp_delete_file($path);
+                return "Failed to convert XML to CSV";
+            }
+            $stat = fstat($f);
+            ftruncate($f, $stat['size'] - 1);
+            fclose($f);
+            // Remove the original XML file after successful conversion
             wp_delete_file($path);
+        }
+        if ($is_csv) {
+            $put_arr = [];
+            return "success";
+        } catch (\Exception $e) {
+            // Clean up on error
             if (file_exists($path)) {
+                //Read and store contents of uploaded CSV file into an array
+                $f = fopen($path, 'r');  // phpcs:ignore
+                while (($line = fgetcsv($f, 0, ",")) !== false) {
+                    $put_arr[] = $line;
+                }
+                fclose($f);  // phpcs:ignore
+                //Rewrite the CSV file to use '/n' after delimiter
+                $f = fopen($path, "w");  // phpcs:ignore
+                foreach ($put_arr[0] as $item) {
+                    fputcsv($f, [$item], ',', '"');
+                }
+                $stat = fstat($f);
+                ftruncate($f, $stat['size'] - 1);
+                fclose($f);  // phpcs:ignore
+                return "success";
+            }
+        }
+    }
+    return "Incorrect file format: " . $pathinfo["extension"];
+    wp_die();
+}
+                wp_delete_file($path);
+            }
+            if (file_exists($upload_dir . "sitemap.csv")) {
+                wp_delete_file($upload_dir . "sitemap.csv");
+            }
+            return "Error processing XML: " . esc_html($e->getMessage());
+        }
+    } else {
+        // For other file types that need conversion but aren't implemented yet
+        wp_delete_file($path);
+        return "File type " . esc_html($extension) . " is supported but conversion is not implemented";
+    }
+}
 function convert_xml_to_csv($xml, $f)

online-accessibility/trunk/includes/classes/Helper.php

-                      r3268067
+                      r3293562
     static function save_false_positive($scan_id, $issue_id){
         global $wpdb;
+        $table_name = $wpdb->prefix.'oada_false_positives';
+        if(! is_admin()) {
+            return '';
+        }
+        $table_name = $wpdb->prefix.'oada_false_positives';
+        if(! is_admin()) {
+            return '';
+        }
+        // Validate inputs
+        $scan_id = absint($scan_id); // Ensure scan_id is a positive integer
+        if (!$scan_id) {
+            return ["status" => "failed", "msg" => "Invalid scan ID"];
+        }
         try{
+            //Get list
+            $list = json_decode(
+                $wpdb->get_results($wpdb->prepare("SELECT list FROM  $table_name WHERE scan_id = $scan_id"))[0]->list // phpcs:ignore
+            // Get list using properly prepared query
+            $query = $wpdb->prepare(
+                "SELECT list FROM %i WHERE scan_id = %d",
+                $table_name,
+                $scan_id
             );
+            //Add to list
+            $result = $wpdb->get_results($query);
+            if (empty($result)) {
+                return ["status" => "failed", "msg" => "Scan not found"];
+            }
+            $list = json_decode($result[0]->list);
+            // Validate list is an array
+            if (!is_array($list)) {
+                $list = [];
+            }
+            // Add to list
             $list[] = $issue_id;
+            $list = $wpdb->_real_escape(json_encode($list));
+            //Save new list
+            $wpdb->query($wpdb->prepare("UPDATE $table_name SET list = '$list' WHERE scan_id =$scan_id")); // phpcs:ignore
+            // Prepare the JSON string properly
+            $json_list = wp_json_encode($list);
+            // Update with properly prepared query
+            $updated = $wpdb->update(
+                $table_name,
+                ['list' => $json_list],
+                ['scan_id' => $scan_id],
+                ['%s'],
+                ['%d']
+            );
+            if ($updated === false) {
+                return ["status" => "failed", "msg" => "Database update failed"];
+            }
             return ["status" => "success"];
+        }catch(\Exception $e){
+            return ["status" => "failed", "msg" => $e];
+        }
+    }
+        } catch(\Exception $e){
+            return ["status" => "failed", "msg" => $e->getMessage()];
+        }
+    }
     static function delete_false_positive($scan_id, $issue_id){

online-accessibility/trunk/index.php

r3268067	r3293562
6	6	* Plugin URI: https://adaplugin.com
7	7	* Description: The most powerful and comprehensive Accessibility Suite. Achieve and maintain ADA/WCAG compliance faster than ever before. Audit, identify, get instruction, and fix.
8		* Version: 4.18
	8	* Version: 4.19
9	9	* Author: Ability, Inc
10	10	* Author URI: https://adaplugin.com

Plugin Directory

Context Navigation

Legend:

online-accessibility/tags/4.19/CHANGELOG.md

online-accessibility/tags/4.19/README.txt

online-accessibility/tags/4.19/includes/ajax_functions/core.php

online-accessibility/tags/4.19/includes/ajax_functions/site-updates.php

online-accessibility/tags/4.19/includes/ajax_functions/sitemap.php

online-accessibility/tags/4.19/includes/classes/Helper.php

online-accessibility/tags/4.19/index.php

online-accessibility/trunk/CHANGELOG.md

online-accessibility/trunk/README.txt

online-accessibility/trunk/includes/ajax_functions/core.php

online-accessibility/trunk/includes/ajax_functions/site-updates.php

online-accessibility/trunk/includes/ajax_functions/sitemap.php

online-accessibility/trunk/includes/classes/Helper.php

online-accessibility/trunk/index.php

Download in other formats: