Changeset 3326467
- Timestamp:
- 07/11/2025 06:44:30 PM (9 months ago)
- Location:
- otp-content-protect/trunk
- Files:
-
- 2 edited
-
otp-content-protect.php (modified) (9 diffs)
-
readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
otp-content-protect/trunk/otp-content-protect.php
r3325625 r3326467 4 4 * Plugin URI: https://wordpress.org/plugins/otp-content-protect/ 5 5 * Description: OTP Content Protect allows administrators to create secure one-time passwords for individual posts, pages, and custom post types. Visitors must enter the correct OTP to view the protected content. After a single use, an OTP can optionally be reset for reuse. 6 * Version: 1.3. 26 * Version: 1.3.3 7 7 * Author: Tim Ehling 8 8 * Author URI: https://die-mainagentur.de … … 13 13 * Requires PHP: 7.0 14 14 * Tested up to: 6.8 15 * Stable tag: 1.3. 215 * Stable tag: 1.3.3 16 16 */ 17 17 … … 84 84 $edit_id 85 85 ); 86 // Der `ignore` Kommentar behebt den Fehler aus Zeile 88.87 86 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 88 87 $row = $wpdb->get_row( $sql ); … … 98 97 plugin_dir_url( __FILE__ ) . 'otp-content-protect.js', 99 98 [ 'jquery', 'wp-i18n' ], 100 '1.3. 2',99 '1.3.3', 101 100 true 102 101 ); … … 132 131 $edit_id 133 132 ); 134 // Der `ignore` Kommentar behebt den Fehler aus Zeile 136.135 133 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 136 134 $edit = $wpdb->get_row( $sql ); … … 210 208 <tbody> 211 209 <?php 212 // Der `ignore` Kommentar behebt den Fehler aus Zeile 213.213 210 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 214 211 $rows = $wpdb->get_results( "SELECT * FROM " . self::$table_name . " ORDER BY created DESC" ); … … 331 328 332 329 global $wpdb; 330 // **KORREKTUR 1: Alle gültigen OTPs für die Seite holen, nicht nur eines.** 333 331 $sql = $wpdb->prepare( 334 332 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared … … 337 335 current_time( 'mysql' ) 338 336 ); 339 // Der `ignore` Kommentar behebt den Fehler aus Zeile 340.340 337 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 341 $ row = $wpdb->get_row( $sql );338 $valid_otps = $wpdb->get_results( $sql ); // VON get_row() ZU get_results() GEÄNDERT 342 339 343 if ( ! $row ) { 340 // Wenn es gar keine gültigen OTPs für diese Seite gibt, den Inhalt normal anzeigen. 341 if ( empty( $valid_otps ) ) { 344 342 return $content; 345 343 } … … 350 348 $password = sanitize_text_field( wp_unslash( $_POST['otpcp_protect_password'] ?? '' ) ); 351 349 352 if ( wp_verify_nonce( $nonce, 'otpcp_protect_action' ) && hash_equals( $row->otp, $password ) ) { 353 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 354 $wpdb->update( self::$table_name, [ 'used' => current_time( 'mysql' ) ], [ 'id' => $row->id ] ); 355 return $content; 356 } else { 357 $error_message = '<p style="color:red;">' . esc_html__( 'Falsches Passwort.', 'otp-content-protect' ) . '</p>'; 350 if ( wp_verify_nonce( $nonce, 'otpcp_protect_action' ) ) { 351 // **KORREKTUR 2: Jedes gültige OTP durchgehen und vergleichen.** 352 foreach ( $valid_otps as $valid_otp_row ) { 353 if ( hash_equals( $valid_otp_row->otp, $password ) ) { 354 // Treffer! Nur dieses eine OTP als "benutzt" markieren. 355 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching 356 $wpdb->update( self::$table_name, [ 'used' => current_time( 'mysql' ) ], [ 'id' => $valid_otp_row->id ] ); 357 // Inhalt anzeigen und Funktion beenden. 358 return $content; 359 } 360 } 358 361 } 362 363 // Wenn die Schleife durchgelaufen ist, ohne einen Treffer zu finden, war das Passwort falsch. 364 $error_message = '<p style="color:red;">' . esc_html__( 'Falsches Passwort.', 'otp-content-protect' ) . '</p>'; 359 365 } 360 366 -
otp-content-protect/trunk/readme.txt
r3325625 r3326467 6 6 Requires PHP: 7.0 7 7 Tested up to: 6.8 8 Stable tag: 1.3. 28 Stable tag: 1.3.3 9 9 License: GPLv2 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 54 54 == Changelog == 55 55 56 **= 1.3.2 =** 56 **= 1.3.3 =** 57 * **Fix:** Corrected a bug where only the first created OTP for a page was accepted. Now, multiple different OTPs can be active for the same content simultaneously, and each will be validated correctly. 58 59 = 1.3.2 = 57 60 * **Fix:** Addressed final `WordPress.DB.PreparedSQL.NotPrepared` false-positive errors by adding specific `phpcs:ignore` comments to pass the "Plugin Check" tool cleanly. 58 61 59 **= 1.3.1 =** 62 = 1.3.1 = 60 63 * **Fix:** Resolved several warnings from the "Plugin Check" tool related to direct database queries and input validation. 61 64 62 **= 1.3.0 =** 65 = 1.3.0 = 63 66 * **Security:** Major refactoring to meet official WordPress.org requirements. All functions, classes, hooks, and the database table now use a unique `otpcp_` prefix to prevent conflicts. 64 67 * **Security:** Standardized and improved all nonce checks for better security. … … 93 96 == Upgrade Notice == 94 97 95 **### 1.3.0 ###** 96 **This is a major security and stability update to meet WordPress.org requirements. All plugin functions and database entries are now prefixed to prevent conflicts.** 98 ### 1.3.0 ### 99 This is a major security and stability update to meet WordPress.org requirements. All plugin functions and database entries are now prefixed to prevent conflicts. 97 100 98 101 ### 1.2.0 ###
Note: See TracChangeset
for help on using the changeset viewer.