From 5ad26624eeccaa30ae57a9a5d0e1f335bb6794bb Mon Sep 17 00:00:00 2001
From: Hasnain Shahid <69379555+hasnain37@users.noreply.github.com>
Date: Thu, 8 Feb 2024 05:27:35 +0500
Subject: [PATCH] Fix WP nonce verification issue #130 (#131)
* Fix WP nonce verification issue #130
* WPFEP_VERSION update
---
CHANGELOG.md | 9 +-
functions/wpfep-functions.php | 38 +++++----
inc/class-wpfep-login.php | 137 ++++++++++++++++---------------
inc/class-wpfep-registration.php | 24 ++++--
readme.txt | 18 ++--
wp-frontend-profile.php | 4 +-
6 files changed, 125 insertions(+), 105 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c402f3..771216a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file, per [the Ke
## [Unreleased]
+## [1.3.3] - 2023-01-29
+- Fix WP nonce verification issue #130
+
## [1.3.2] - 2023-01-06
- Tested with WordPress version 6.4.2
- fix logout issue from frontend #123
@@ -74,9 +77,9 @@ All notable changes to this project will be documented in this file, per [the Ke
## [1.2.0] - 2020-04-04
### Added
-- Implement Add/Edit/Remove/Clone Role #36 #37 #39 #38
-- Implement Assign Capabilities to Roles #44
-- Implement Unassign Capabilities of Role #45
+- Implement Add/Edit/Remove/Clone Role #36 #37 #39 #38
+- Implement Assign Capabilities to Roles #44
+- Implement Unassign Capabilities of Role #45
- Implement Shortcode Role Assignment #35
### Fixed
diff --git a/functions/wpfep-functions.php b/functions/wpfep-functions.php
index b5cc731..e4c68dd 100644
--- a/functions/wpfep-functions.php
+++ b/functions/wpfep-functions.php
@@ -567,13 +567,16 @@ function wpfep_decryption($id)
*/
function wpfep_hide_review_ask()
{
- if (isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action');
- }
- $ask_review_date = isset($_POST['Ask_Review_Date']) ? sanitize_text_field(wp_unslash($_POST['Ask_Review_Date'])) : '';
- if (get_option('wpfep_Ask_Review_Date') < time() + 3600 * 24 * $ask_review_date) {
- update_option('wpfep_Ask_Review_Date', time() + 3600 * 24 * $ask_review_date);
+ if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action')) {
+ $ask_review_date = isset($_POST['Ask_Review_Date']) ? sanitize_text_field(wp_unslash($_POST['Ask_Review_Date'])) : '';
+
+ if (get_option('wpfep_Ask_Review_Date') < time() + 3600 * 24 * $ask_review_date) {
+ update_option('wpfep_Ask_Review_Date', time() + 3600 * 24 * $ask_review_date);
+ }
+ } else {
+ wp_die();
}
+
die();
}
add_action('wp_ajax_wpfep_hide_review_ask', 'wpfep_hide_review_ask');
@@ -583,20 +586,21 @@ function wpfep_hide_review_ask()
*/
function wpfep_send_feedback()
{
- if (isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action');
+ if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_feedback_action')) {
+ $headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
+ $feedback = 'Feedback:
';
+ $feedback .= isset($_POST['Feedback']) ? sanitize_text_field(wp_unslash($_POST['Feedback'])) : '';
+ $feedback .= '
site url: ' . site_url() . '';
+ $feedback .= '
Email Address: ';
+ $feedback .= isset($_POST['EmailAddress']) ? sanitize_text_field(wp_unslash($_POST['EmailAddress'])) : '';
+ wp_mail('support@glowlogix.com', 'WP Frontend Profile Plugin Feedback', $feedback, $headers);
+ } else {
+ wp_die();
}
- $headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
- $feedback = 'Feedback:
';
- $feedback .= isset($_POST['Feedback']) ? sanitize_text_field(wp_unslash($_POST['Feedback'])) : '';
- $feedback .= '
site url: ' . site_url() . '';
- $feedback .= '
Email Address: ';
- $feedback .= isset($_POST['EmailAddress']) ? sanitize_text_field(wp_unslash($_POST['EmailAddress'])) : '';
- wp_mail('support@glowlogix.com', 'WP Frontend Profile Plugin Feedback', $feedback, $headers);
- die();
}
add_action('wp_ajax_wpfep_send_feedback', 'wpfep_send_feedback');
+
/**
* Wpfep_let_to_num function.
*
@@ -975,7 +979,7 @@ function update_action()
{
if (! empty($_GET['action']) ? sanitize_text_field(wp_unslash($_GET['action'])) : '' && in_array(sanitize_text_field(wp_unslash($_GET['action'])), array( 'approve', 'rejected' )) && ! empty($_GET['new_role'] ? sanitize_text_field(wp_unslash($_GET['new_role'])) : '')) {
$request = sanitize_text_field(wp_unslash($_GET['action']));
- $request_id = intval(isset($_GET['user']));
+ $request_id = intval($_GET['user']);
$user_data = get_userdata($request_id);
if ('approve' == $request) {
update_user_meta($request_id, 'wpfep_user_status', $request);
diff --git a/inc/class-wpfep-login.php b/inc/class-wpfep-login.php
index d2a60d6..8943a6f 100644
--- a/inc/class-wpfep-login.php
+++ b/inc/class-wpfep-login.php
@@ -259,11 +259,11 @@ public function login_form()
public function process_login()
{
if (! empty($_POST['wpfep_login']) && ! empty($_POST['_wpnonce'])) {
+ if (!wp_verify_nonce(sanitize_key($_POST['_wpnonce']), 'wpfep_login_action')) {
+ wp_die();
+ }
$creds = array();
$manually_approve_user = wpfep_get_option('admin_manually_approve', 'wpfep_profile', 'on');
- if (isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_key($_POST['_wpnonce']), 'wpfep_login_action');
- }
$validation_error = new WP_Error();
$validation_error = apply_filters('wpfep_process_login_errors', $validation_error, sanitize_text_field(wp_unslash(isset($_POST['log']))), sanitize_text_field(wp_unslash(isset($_POST['pwd']))));
@@ -346,7 +346,6 @@ public function process_login()
if (is_wp_error($user)) {
$this->login_errors[] = $user->get_error_message();
-
return;
} else {
$redirect = $this->login_redirect();
@@ -365,10 +364,15 @@ public function login_redirect()
{
$redirect_to = wpfep_get_option('redirect_after_login_page', 'wpfep_profile', false);
- if ('previous_page' == $redirect_to && ! empty($_POST['redirect_to'])) {
- return esc_url(wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['redirect_to']))));
+ if ('previous_page' == $redirect_to && !empty($_POST['redirect_to'])) {
+ if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_login_action')) {
+ return esc_url($_POST['redirect_to']);
+ } else {
+ return home_url();
+ }
}
+
$redirect = get_permalink($redirect_to);
if (! empty($redirect)) {
@@ -386,6 +390,7 @@ public function login_redirect()
public function process_logout()
{
if (isset($_GET['action']) && 'logout' == $_GET['action']) {
+ check_admin_referer('log-out');
wp_logout();
$redirect_to = ! empty($_REQUEST['redirect_to']) ? sanitize_text_field(wp_unslash($_REQUEST['redirect_to'])) : add_query_arg(array( 'loggedout' => 'true' ), $this->get_login_url());
@@ -407,12 +412,14 @@ public function process_reset_password()
// process lost password form.
if (isset($_POST['user_login']) && isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass');
-
- if ($this->retrieve_password()) {
- $url = add_query_arg(array( 'checkemail' => 'confirm' ), $this->get_login_url());
- wp_redirect($url);
- exit;
+ if (wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass')) {
+ if ($this->retrieve_password()) {
+ $url = add_query_arg(array('checkemail' => 'confirm'), $this->get_login_url());
+ wp_redirect($url);
+ exit;
+ }
+ } else {
+ wp_die();
}
}
@@ -426,69 +433,69 @@ public function process_reset_password()
$args['key'] = $_POST['key'];
$args['login'] = sanitize_text_field(wp_unslash($_POST['login']));
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_reset_pass');
-
- if (empty($_POST['pass1']) || empty($_POST['pass2'])) {
- $this->login_errors[] = __('Please enter your password.', 'wpfep');
-
- return;
- }
-
- if ($_POST['pass1'] !== $_POST['pass2']) {
- $this->login_errors[] = __('Passwords do not match.', 'wpfep');
-
- return;
- }
- $enable_strong_pwd = wpfep_get_option('strong_password', 'wpfep_general');
- if ('off' != $enable_strong_pwd) {
- /* get the length of the password entered */
- $password = $_POST['pass1'];
- $pass_length = strlen($password);
-
- /* check the password match the correct length */
- if ($pass_length < 12) {
- /* add message indicating length issue!! */
-
- $this->login_errors[] = '' . __('Error', 'wpfep') . ': ' . __('Please make sure your password is a minimum of 12 characters long', 'wpfep');
+ if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_reset_pass')) {
+ if (empty($_POST['pass1']) || empty($_POST['pass2'])) {
+ $this->login_errors[] = __('Please enter your password.', 'wpfep');
+ return;
+ }
+ if ($_POST['pass1'] !== $_POST['pass2']) {
+ $this->login_errors[] = __('Passwords do not match.', 'wpfep');
return;
}
- /**
- * Match the password against a regex of complexity
- * at least 1 upper, 1 lower case letter and 1 number.
- */
- $pass_complexity = preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[\d,.;:]).+$/', $password);
+ $enable_strong_pwd = wpfep_get_option('strong_password', 'wpfep_general');
+
+ if ('off' != $enable_strong_pwd) {
+ /* get the length of the password entered */
+ $password = $_POST['pass1'];
+ $pass_length = strlen($password);
+
+ /* check the password match the correct length */
+ if ($pass_length < 12) {
+ /* add message indicating length issue!! */
+ $this->login_errors[] = '' . __('Error', 'wpfep') . ': ' . __('Please make sure your password is a minimum of 12 characters long', 'wpfep');
+ return;
+ }
+
+ /**
+ * Match the password against a regex of complexity
+ * at least 1 upper, 1 lower case letter and 1 number.
+ */
+ $pass_complexity = preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[\d,.;:]).+$/', $password);
+
+ /* check whether the password passed the regex check of complexity */
+ if (false == $pass_complexity) {
+ /* add message indicating complexity issue */
+ $this->login_errors[] = '' . __('Error', 'wpfep') . ': ' . __('Your password must contain at least 1 uppercase, 1 lowercase letter and at least 1 number.', 'wpfep');
+ return;
+ }
+ }
+
+ $errors = new WP_Error();
- /* check whether the password passed the regex check of complexity */
- if (false == $pass_complexity) {
- /* add message indicating complexity issue */
- $this->login_errors[] = '' . __('Error', 'wpfep') . ': ' . __('Your password must contain at least 1 uppercase, 1 lowercase letter and at least 1 number.', 'wpfep');
+ do_action('validate_password_reset', $errors, $user);
+ if ($errors->get_error_messages()) {
+ foreach ($errors->get_error_messages() as $error) {
+ $this->login_errors[] = $error;
+ }
return;
}
- }
- $errors = new WP_Error();
+ if (! $this->login_errors) {
+ $this->reset_password($user, $_POST['pass1']);
- do_action('validate_password_reset', $errors, $user);
+ do_action('wpfep_customer_reset_password', $user);
- if ($errors->get_error_messages()) {
- foreach ($errors->get_error_messages() as $error) {
- $this->login_errors[] = $error;
+ wp_redirect(add_query_arg('reset', 'true', remove_query_arg(array('key', 'login'))));
+ exit;
}
-
+ } else {
+ // Nonce is not valid, handle the error or exit
+ $this->login_errors[] = __('Invalid nonce.', 'wpfep');
return;
}
-
- if (! $this->login_errors) {
- $this->reset_password($user, $_POST['pass1']);
-
- do_action('wpfep_customer_reset_password', $user);
-
- wp_redirect(add_query_arg('reset', 'true', remove_query_arg(array( 'key', 'login' ))));
- exit;
- }
}
}
}
@@ -504,23 +511,18 @@ public function retrieve_password()
{
global $wpdb, $wp_hasher;
- if (isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass');
+ if (isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_lost_pass')) {
if (empty($_POST['user_login'])) {
$this->login_errors[] = __('Enter a username or e-mail address.', 'wpfep');
-
return;
} elseif (strpos(sanitize_text_field(wp_unslash($_POST['user_login'])), '@') && apply_filters('wpfep_get_username_from_email', true)) {
$user_data = get_user_by('email', sanitize_text_field(wp_unslash($_POST['user_login'])));
-
if (empty($user_data)) {
$this->login_errors[] = __('There is no user registered with that email address.', 'wpfep');
-
return;
}
} else {
$login = sanitize_text_field(wp_unslash($_POST['user_login']));
-
$user_data = get_user_by('login', $login);
}
}
@@ -533,7 +535,6 @@ public function retrieve_password()
if (! $user_data) {
$this->login_errors[] = __('Invalid username or e-mail.', 'wpfep');
-
return false;
}
diff --git a/inc/class-wpfep-registration.php b/inc/class-wpfep-registration.php
index d269148..ca484cb 100644
--- a/inc/class-wpfep-registration.php
+++ b/inc/class-wpfep-registration.php
@@ -105,12 +105,14 @@ public function registration_form()
public function process_registration()
{
if (! empty($_POST['wpfep_registration']) && ! empty($_POST['_wpnonce'])) {
- $userdata = array();
-
if (isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_registration_action');
+ $nonce_action = 'wpfep_registration_action';
+ if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), $nonce_action)) {
+ wp_die();
+ }
}
+ $userdata = array();
$validation_error = new WP_Error();
$validation_error = apply_filters('wpfep_process_registration_errors', $validation_error, sanitize_text_field(wp_unslash(isset($_POST['wpfep_reg_email']))), sanitize_text_field(wp_unslash(isset($_POST['wpfep_reg_uname']))), sanitize_text_field(wp_unslash(isset($_POST['pwd1']))), sanitize_text_field(wp_unslash(isset($_POST['pwd2']))));
@@ -427,16 +429,26 @@ public function show_errors()
*/
public function get_post_value($key)
{
+ // Check if the nonce is set in the POST request
if (isset($_POST['_wpnonce'])) {
- wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_registration_action');
+ // Verify the nonce
+ $nonce_verified = wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'wpfep_registration_action');
+
+ if (!$nonce_verified) {
+ return '';
+ }
}
- if (isset($_POST[ $key ])) {
- return esc_attr(sanitize_text_field(wp_unslash($_POST[ $key ])));
+
+ // Check if the key is set in the POST request
+ if (isset($_POST[$key])) {
+ return esc_attr(sanitize_text_field(wp_unslash($_POST[$key])));
}
return '';
}
+
+
/**
* Show messages on the form.
*
diff --git a/readme.txt b/readme.txt
index b03b141..1070d5c 100644
--- a/readme.txt
+++ b/readme.txt
@@ -5,7 +5,7 @@ Donate link: https://www.glowlogix.com
Tags: profile, users, user meta, register, login
Requires at least: 4.0.1
Tested up to: 6.4.2
-Stable tag: 1.3.2
+Stable tag: 1.3.3
Requires PHP: 5.2.17
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -72,7 +72,7 @@ Tabs can be added using the `wpfep_tabs` filter provided. Below is an example of
`
'wpmark_tab',
@@ -80,10 +80,10 @@ function wpmark_add_tab( $tabs ) {
'tab_class' => 'testing-tab',
'content_class' => 'testing-content',
);
-
+
/* return all the tabs */
return $tabs;
-
+
}
add_filter( 'wpfep_tabs', 'wpmark_add_tab', 30 );
@@ -99,7 +99,7 @@ Fields can be added to a tab using a dynamic filter named `wpfep_fields_$tab_id`
`
'testing_field',
'label' => 'Testing',
@@ -107,7 +107,7 @@ function wpmark_add_tab_fields( $fields ) {
'type' => 'text',
'classes' => 'testing',
);
-
+
return $fields;
}
@@ -123,10 +123,10 @@ Yes there are two field IDs reserved which are `user_email` and `user_url`. This
== Screenshots ==
1. WP frontend profile edit page.
-2. WP frontend profile register page.
-3. WP frontend profile login page.
+2. WP frontend profile register page.
+3. WP frontend profile login page.
4. WP frontend profile setting area.
-5. WP frontend profile tool area.
+5. WP frontend profile tool area.
6. WP frontend profile system status area.
== Changelog ==
diff --git a/wp-frontend-profile.php b/wp-frontend-profile.php
index dceb176..7e5918c 100644
--- a/wp-frontend-profile.php
+++ b/wp-frontend-profile.php
@@ -3,7 +3,7 @@
* Plugin Name: WP Frontend Profile
* Plugin URI: https://wordpress.org/plugins/wp-front-end-profile/
* Description: This plugin allows users to easily edit their profile information on the frontend rather than having to go into the dashboard to make changes to password, email address and other user meta data.
- * Version: 1.3.2
+ * Version: 1.3.3
* @package wp-front-end-profile
* Author: Glowlogix
* Author URI: https://www.glowlogix.com
@@ -17,7 +17,7 @@
* Main class for WP Frontend Profile.
*/
if (! defined('WPFEP_VERSION')) {
- define('WPFEP_VERSION', '1.3.1');
+ define('WPFEP_VERSION', '1.3.3');
}
if (! defined('WPFEP_PATH')) {
define('WPFEP_PATH', plugin_dir_path(__FILE__));