WordPress.org
Get WordPress

Plugin Directory

Changeset 830388


Ignore:
Timestamp:
12/30/2013 07:08:19 PM (12 years ago)
Author:
Henrik.Schack
Message:

Spaces in the description field should now work on iPhones.
Some depricated function calls replaced.
Code inputfield easier to use for .jp users now.
Sanitize description field input.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • google-authenticator/trunk/google-authenticator.php

    r648435 r830388  
    55Description: Two-Factor Authentication for WordPress using the Android/iPhone/Blackberry app as One Time Password generator.
    66Author: Henrik Schack
    7 Version: 0.44
     7Version: 0.45
    88Author URI: http://henrik.schack.dk/
    9 Compatibility: WordPress 3.5
     9Compatibility: WordPress 3.8
    1010Text Domain: google-authenticator
    1111Domain Path: /lang
     
    1919    Thanks to Dion Hulse for his bugfixes.
    2020    Thanks to Aldo Latino for his Italian translation.
    21     Thanks to Kaijia Feng for his Simplified Chinese translation.
     21    Thanks to Kaijia Feng for his Simplified Chinese translation.
     22    Thanks to Ian Dunn for fixing some depricated function calls.
     23    Thanks to Kimmo Suominen for fixing the iPhone description issue.
    2224
    2325----------------------------------------------------------------------------
     
    114116        $value = $value & 0x7FFFFFFF;
    115117        $value = $value % 1000000;
    116         if ( $value == $thistry ) {
     118        if ( $value === $thistry ) {
    117119            return true;
    118120        }   
     
    142144    echo "\t<p>\n";
    143145    echo "\t\t<label title=\"".__('If you don\'t have Google Authenticator enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('Google Authenticator code','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
    144     echo "\t\t<input type=\"text\" name=\"googleotp\" id=\"user_email\" class=\"input\" value=\"\" size=\"20\" /></label>\n";
     146    echo "\t\t<input type=\"text\" name=\"googleotp\" id=\"user_email\" class=\"input\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
    145147    echo "\t</p>\n";
    146148}
     
    169171    // Get information on user, we need this in case an app password has been enabled,
    170172    // since the $user var only contain an error at this point in the login flow.
    171     $user = get_userdatabylogin( $username );
     173    $user = get_user_by( 'login', $username );
    172174
    173175    // Does the user have the Google Authenticator enabled ?
    174     if ( trim(get_user_option( 'googleauthenticator_enabled', $user->ID ) ) == 'enabled' ) {
     176    if ( isset( $user->ID ) && trim(get_user_option( 'googleauthenticator_enabled', $user->ID ) ) == 'enabled' ) {
    175177
    176178        // Get the users secret
     
    254256
    255257    // Create URL for the Google charts QR code generator.
    256     $chl = urlencode( "otpauth://totp/{$GA_description}?secret={$GA_secret}" );
     258    $chl = rawurlencode( 'otpauth://totp/'.rawurlencode( $GA_description ).'?secret='.rawurlencode( $GA_secret ) );
    257259    $qrcodeurl = "https://chart.googleapis.com/chart?cht=qr&amp;chs=300x300&amp;chld=H|0&amp;chl={$chl}";
    258260
     
    376378
    377379    $GA_enabled = ! empty( $_POST['GA_enabled'] );
    378     $GA_description = trim( $_POST['GA_description'] );
     380    $GA_description = trim( sanitize_text_field($_POST['GA_description'] ) );
    379381    $GA_relaxedmode = ! empty( $_POST['GA_relaxedmode'] );
    380382    $GA_secret  = trim( $_POST['GA_secret'] );
Note: See TracChangeset for help on using the changeset viewer.