Skip to content

Commit

Permalink
Fix WP nonce verification issue #130 (#131)
Browse files Browse the repository at this point in the history 
* Fix WP nonce verification issue   #130

* WPFEP_VERSION update
  • Loading branch information
@hasnain37
hasnain37 authored Feb 8, 2024
1 parent bcc8ba2 commit 5ad2662
Show file tree
Hide file tree
Showing 6 changed files with 125 additions and 105 deletions.
9 changes: 6 additions & 3 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file, per [the Ke

## [Unreleased]

## [1.3.3] - 2023-01-29
- Fix WP nonce verification issue #130

## [1.3.2] - 2023-01-06
- Tested with WordPress version 6.4.2
- fix logout issue from frontend #123
Expand Down Expand Up @@ -74,9 +77,9 @@ All notable changes to this project will be documented in this file, per [the Ke

## [1.2.0] - 2020-04-04
### Added
- Implement Add/Edit/Remove/Clone Role #36 #37 #39 #38
- Implement Assign Capabilities to Roles #44
- Implement Unassign Capabilities of Role #45
- Implement Add/Edit/Remove/Clone Role #36 #37 #39 #38
- Implement Assign Capabilities to Roles #44
- Implement Unassign Capabilities of Role #45
- Implement Shortcode Role Assignment #35

### Fixed
Expand Down
38 changes: 21 additions & 17 deletions functions/wpfep-functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -567,13 +567,16 @@ function wpfep_decryption($id)
*/
function wpfep_hide_review_ask()
{
if (isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action');
}
$ask_review_date = isset($_POST['Ask_Review_Date']) ? sanitize_text_field(wp_unslash($_POST['Ask_Review_Date'])) : '';
if (get_option('wpfep_Ask_Review_Date') < time() + 3600 * 24 * $ask_review_date) {
update_option('wpfep_Ask_Review_Date', time() + 3600 * 24 * $ask_review_date);
if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action')) {
$ask_review_date = isset($_POST['Ask_Review_Date']) ? sanitize_text_field(wp_unslash($_POST['Ask_Review_Date'])) : '';

if (get_option('wpfep_Ask_Review_Date') < time() + 3600 * 24 * $ask_review_date) {
update_option('wpfep_Ask_Review_Date', time() + 3600 * 24 * $ask_review_date);
}
} else {
wp_die();
}

die();
}
add_action('wp_ajax_wpfep_hide_review_ask', 'wpfep_hide_review_ask');
Expand All @@ -583,20 +586,21 @@ function wpfep_hide_review_ask()
*/
function wpfep_send_feedback()
{
if (isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action');
if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action')) {
$headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
$feedback = 'Feedback: <br>';
$feedback .= isset($_POST['Feedback']) ? sanitize_text_field(wp_unslash($_POST['Feedback'])) : '';
$feedback .= '<br /><br /> site url: <a href=' . site_url() . '>' . site_url() . '</a>';
$feedback .= '<br />Email Address: ';
$feedback .= isset($_POST['EmailAddress']) ? sanitize_text_field(wp_unslash($_POST['EmailAddress'])) : '';
wp_mail('[email protected]', 'WP Frontend Profile Plugin Feedback', $feedback, $headers);
} else {
wp_die();
}
$headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
$feedback = 'Feedback: <br>';
$feedback .= isset($_POST['Feedback']) ? sanitize_text_field(wp_unslash($_POST['Feedback'])) : '';
$feedback .= '<br /><br /> site url: <a href=' . site_url() . '>' . site_url() . '</a>';
$feedback .= '<br />Email Address: ';
$feedback .= isset($_POST['EmailAddress']) ? sanitize_text_field(wp_unslash($_POST['EmailAddress'])) : '';
wp_mail('[email protected]', 'WP Frontend Profile Plugin Feedback', $feedback, $headers);
die();
}
add_action('wp_ajax_wpfep_send_feedback', 'wpfep_send_feedback');


/**
* Wpfep_let_to_num function.
*
Expand Down Expand Up @@ -975,7 +979,7 @@ function update_action()
{
if (! empty($_GET['action']) ? sanitize_text_field(wp_unslash($_GET['action'])) : '' && in_array(sanitize_text_field(wp_unslash($_GET['action'])), array( 'approve', 'rejected' )) && ! empty($_GET['new_role'] ? sanitize_text_field(wp_unslash($_GET['new_role'])) : '')) {
$request = sanitize_text_field(wp_unslash($_GET['action']));
$request_id = intval(isset($_GET['user']));
$request_id = intval($_GET['user']);
$user_data = get_userdata($request_id);
if ('approve' == $request) {
update_user_meta($request_id, 'wpfep_user_status', $request);
Expand Down
137 changes: 69 additions & 68 deletions inc/class-wpfep-login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,11 +259,11 @@ public function login_form()
public function process_login()
{
if (! empty($_POST['wpfep_login']) && ! empty($_POST['_wpnonce'])) {
if (!wp_verify_nonce(sanitize_key($_POST['_wpnonce']), 'wpfep_login_action')) {
wp_die();
}
$creds = array();
$manually_approve_user = wpfep_get_option('admin_manually_approve', 'wpfep_profile', 'on');
if (isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_key($_POST['_wpnonce']), 'wpfep_login_action');
}

$validation_error = new WP_Error();
$validation_error = apply_filters('wpfep_process_login_errors', $validation_error, sanitize_text_field(wp_unslash(isset($_POST['log']))), sanitize_text_field(wp_unslash(isset($_POST['pwd']))));
Expand Down Expand Up @@ -346,7 +346,6 @@ public function process_login()

if (is_wp_error($user)) {
$this->login_errors[] = $user->get_error_message();

return;
} else {
$redirect = $this->login_redirect();
Expand All @@ -365,10 +364,15 @@ public function login_redirect()
{
$redirect_to = wpfep_get_option('redirect_after_login_page', 'wpfep_profile', false);

if ('previous_page' == $redirect_to && ! empty($_POST['redirect_to'])) {
return esc_url(wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['redirect_to']))));
if ('previous_page' == $redirect_to && !empty($_POST['redirect_to'])) {
if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_login_action')) {
return esc_url($_POST['redirect_to']);
} else {
return home_url();
}
}


$redirect = get_permalink($redirect_to);

if (! empty($redirect)) {
Expand All @@ -386,6 +390,7 @@ public function login_redirect()
public function process_logout()
{
if (isset($_GET['action']) && 'logout' == $_GET['action']) {
check_admin_referer('log-out');
wp_logout();

$redirect_to = ! empty($_REQUEST['redirect_to']) ? sanitize_text_field(wp_unslash($_REQUEST['redirect_to'])) : add_query_arg(array( 'loggedout' => 'true' ), $this->get_login_url());
Expand All @@ -407,12 +412,14 @@ public function process_reset_password()

// process lost password form.
if (isset($_POST['user_login']) && isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass');

if ($this->retrieve_password()) {
$url = add_query_arg(array( 'checkemail' => 'confirm' ), $this->get_login_url());
wp_redirect($url);
exit;
if (wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass')) {
if ($this->retrieve_password()) {
$url = add_query_arg(array('checkemail' => 'confirm'), $this->get_login_url());
wp_redirect($url);
exit;
}
} else {
wp_die();
}
}

Expand All @@ -426,69 +433,69 @@ public function process_reset_password()
$args['key'] = $_POST['key'];
$args['login'] = sanitize_text_field(wp_unslash($_POST['login']));

wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_reset_pass');

if (empty($_POST['pass1']) || empty($_POST['pass2'])) {
$this->login_errors[] = __('Please enter your password.', 'wpfep');

return;
}

if ($_POST['pass1'] !== $_POST['pass2']) {
$this->login_errors[] = __('Passwords do not match.', 'wpfep');

return;
}
$enable_strong_pwd = wpfep_get_option('strong_password', 'wpfep_general');
if ('off' != $enable_strong_pwd) {
/* get the length of the password entered */
$password = $_POST['pass1'];
$pass_length = strlen($password);

/* check the password match the correct length */
if ($pass_length < 12) {
/* add message indicating length issue!! */

$this->login_errors[] = '<strong>' . __('Error', 'wpfep') . ':</strong> ' . __('Please make sure your password is a minimum of 12 characters long', 'wpfep');
if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_reset_pass')) {
if (empty($_POST['pass1']) || empty($_POST['pass2'])) {
$this->login_errors[] = __('Please enter your password.', 'wpfep');
return;
}

if ($_POST['pass1'] !== $_POST['pass2']) {
$this->login_errors[] = __('Passwords do not match.', 'wpfep');
return;
}

/**
* Match the password against a regex of complexity
* at least 1 upper, 1 lower case letter and 1 number.
*/
$pass_complexity = preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[\d,.;:]).+$/', $password);
$enable_strong_pwd = wpfep_get_option('strong_password', 'wpfep_general');

if ('off' != $enable_strong_pwd) {
/* get the length of the password entered */
$password = $_POST['pass1'];
$pass_length = strlen($password);

/* check the password match the correct length */
if ($pass_length < 12) {
/* add message indicating length issue!! */
$this->login_errors[] = '<strong>' . __('Error', 'wpfep') . ':</strong> ' . __('Please make sure your password is a minimum of 12 characters long', 'wpfep');
return;
}

/**
* Match the password against a regex of complexity
* at least 1 upper, 1 lower case letter and 1 number.
*/
$pass_complexity = preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[\d,.;:]).+$/', $password);

/* check whether the password passed the regex check of complexity */
if (false == $pass_complexity) {
/* add message indicating complexity issue */
$this->login_errors[] = '<strong>' . __('Error', 'wpfep') . ':</strong> ' . __('Your password must contain at least 1 uppercase, 1 lowercase letter and at least 1 number.', 'wpfep');
return;
}
}

$errors = new WP_Error();

/* check whether the password passed the regex check of complexity */
if (false == $pass_complexity) {
/* add message indicating complexity issue */
$this->login_errors[] = '<strong>' . __('Error', 'wpfep') . ':</strong> ' . __('Your password must contain at least 1 uppercase, 1 lowercase letter and at least 1 number.', 'wpfep');
do_action('validate_password_reset', $errors, $user);

if ($errors->get_error_messages()) {
foreach ($errors->get_error_messages() as $error) {
$this->login_errors[] = $error;
}
return;
}
}

$errors = new WP_Error();
if (! $this->login_errors) {
$this->reset_password($user, $_POST['pass1']);

do_action('validate_password_reset', $errors, $user);
do_action('wpfep_customer_reset_password', $user);

if ($errors->get_error_messages()) {
foreach ($errors->get_error_messages() as $error) {
$this->login_errors[] = $error;
wp_redirect(add_query_arg('reset', 'true', remove_query_arg(array('key', 'login'))));
exit;
}

} else {
// Nonce is not valid, handle the error or exit
$this->login_errors[] = __('Invalid nonce.', 'wpfep');
return;
}

if (! $this->login_errors) {
$this->reset_password($user, $_POST['pass1']);

do_action('wpfep_customer_reset_password', $user);

wp_redirect(add_query_arg('reset', 'true', remove_query_arg(array( 'key', 'login' ))));
exit;
}
}
}
}
Expand All @@ -504,23 +511,18 @@ public function retrieve_password()
{
global $wpdb, $wp_hasher;

if (isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass');
if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass')) {
if (empty($_POST['user_login'])) {
$this->login_errors[] = __('Enter a username or e-mail address.', 'wpfep');

return;
} elseif (strpos(sanitize_text_field(wp_unslash($_POST['user_login'])), '@') && apply_filters('wpfep_get_username_from_email', true)) {
$user_data = get_user_by('email', sanitize_text_field(wp_unslash($_POST['user_login'])));

if (empty($user_data)) {
$this->login_errors[] = __('There is no user registered with that email address.', 'wpfep');

return;
}
} else {
$login = sanitize_text_field(wp_unslash($_POST['user_login']));

$user_data = get_user_by('login', $login);
}
}
Expand All @@ -533,7 +535,6 @@ public function retrieve_password()

if (! $user_data) {
$this->login_errors[] = __('Invalid username or e-mail.', 'wpfep');

return false;
}

Expand Down
24 changes: 18 additions & 6 deletions inc/class-wpfep-registration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,12 +105,14 @@ public function registration_form()
public function process_registration()
{
if (! empty($_POST['wpfep_registration']) && ! empty($_POST['_wpnonce'])) {
$userdata = array();

if (isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_registration_action');
$nonce_action = 'wpfep_registration_action';
if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), $nonce_action)) {
wp_die();
}
}

$userdata = array();
$validation_error = new WP_Error();
$validation_error = apply_filters('wpfep_process_registration_errors', $validation_error, sanitize_text_field(wp_unslash(isset($_POST['wpfep_reg_email']))), sanitize_text_field(wp_unslash(isset($_POST['wpfep_reg_uname']))), sanitize_text_field(wp_unslash(isset($_POST['pwd1']))), sanitize_text_field(wp_unslash(isset($_POST['pwd2']))));

Expand Down Expand Up @@ -427,16 +429,26 @@ public function show_errors()
*/
public function get_post_value($key)
{
// Check if the nonce is set in the POST request
if (isset($_POST['_wpnonce'])) {
wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_registration_action');
// Verify the nonce
$nonce_verified = wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_registration_action');

if (!$nonce_verified) {
return '';
}
}
if (isset($_POST[ $key ])) {
return esc_attr(sanitize_text_field(wp_unslash($_POST[ $key ])));

// Check if the key is set in the POST request
if (isset($_POST[$key])) {
return esc_attr(sanitize_text_field(wp_unslash($_POST[$key])));
}

return '';
}



/**
* Show messages on the form.
*
Expand Down
Loading

0 comments on commit 5ad2662

Please sign in to comment.