Skip to content

Commit

Permalink
Add log viewer checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@angusmcleod
angusmcleod committed Apr 5, 2024
1 parent 21a1453 commit 89f5b39
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 5 deletions.
5 changes: 3 additions & 2 deletions admin/js/admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,8 @@
url: wpdc.ajax,
type: 'post',
data: {
action: 'wpdc_view_logs_metafile'
action: 'wpdc_view_logs_metafile',
nonce: wpdc.nonce
},
success: function(response) {
if (response.success) {
Expand All @@ -208,7 +209,7 @@

$logControls.find('.button.download-logs').on('click', function() {
var xhr = new XMLHttpRequest();
xhr.open('POST', wpdc.ajax + '?action=wpdc_download_logs', true);
xhr.open('POST', wpdc.ajax + `?action=wpdc_download_logs&nonce=${wpdc.nonce}`, true);
xhr.onload = function() {
if (xhr.readyState === 4 && xhr.status === 200) {
var blob = new Blob([ xhr.response ], { type: 'application/zip' });
Expand Down
26 changes: 23 additions & 3 deletions admin/log-viewer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ public function setup_log_viewer( $file_handler = null ) {
}

$handler_enabled = $this->file_handler->enabled();
$this->enabled = ! empty( $this->options['logs-enabled'] ) && $handler_enabled;
$this->enabled = ! empty( $this->options['logs-enabled'] ) && $handler_enabled;

if ( $this->enabled ) {
$this->setup_logs();
Expand Down Expand Up @@ -254,8 +254,14 @@ function ( $result, $log_file ) use ( $file_handler ) {
* Return log file contents for selected key.
*/
public function log_file_contents() {
// See further https://github.com/WordPress/WordPress-Coding-Standards/issues/869.
if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) || ! isset( $_POST['key'] ) ) {
if ( ! current_user_can( 'manage_options' ) ||
! isset( $_REQUEST['nonce'] ) ||
! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) ) {
wp_send_json_error();
return;
}

if ( ! isset( $_POST['key'] ) ) {
wp_send_json_error();
return;
}
Expand All @@ -281,6 +287,13 @@ public function log_file_contents() {
* Return log meta file contents.
*/
public function meta_file_contents() {
if ( ! current_user_can( 'manage_options' ) ||
! isset( $_REQUEST['nonce'] ) ||
! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) ) {
wp_send_json_error();
return;
}

$metafile_contents = $this->build_metafile_contents();

$response = array(
Expand All @@ -294,6 +307,13 @@ public function meta_file_contents() {
* Download bundled log files.
*/
public function download_logs() {
if ( ! current_user_can( 'manage_options' ) ||
! isset( $_REQUEST['nonce'] ) ||
! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) ) {
wp_send_json_error();
return;
}

$log_files = $this->file_handler->list_files();
$date_range = $this->build_date_range( $log_files );

Expand Down

0 comments on commit 89f5b39

Please sign in to comment.