Changeset 1486767
- Timestamp:
- 08/30/2016 11:03:57 PM (10 years ago)
- Location:
- ose-firewall/trunk
- Files:
-
- 4 edited
-
ose_firewall_badge.php (modified) (1 diff)
-
ose_wordpress_firewall.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
vendor/oseframework/ajax/oseAjax.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ose-firewall/trunk/ose_firewall_badge.php
r1486760 r1486767 4 4 Description: Plugin For Showing Centrora Security Badge 5 5 Author: Centrora Security 6 Version: 6.5. 76 Version: 6.5.8 7 7 */ 8 8 //include(dirname(__FILE__).'/includes/oseBadgeWidget.php'); -
ose-firewall/trunk/ose_wordpress_firewall.php
r1486760 r1486767 5 5 Description: Centrora Security (previously OSE Firewall) - A WordPress Security Firewall plugin created by Centrora. Protect your WordPress site by identify any malicious codes, spam, virus, SQL injection, and security vulnerabilities. 6 6 Author: Centrora (Previously ProWeb) 7 Version: 6.5. 77 Version: 6.5.8 8 8 Author URI: http://www.centrora.com/ 9 9 */ -
ose-firewall/trunk/readme.txt
r1486760 r1486767 6 6 Requires at least: 3.7 7 7 Tested up to: 4.5.2 8 Stable tag: 6.5. 78 Stable tag: 6.5.8 9 9 License: GPLv2 or later 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 164 164 165 165 == Changelog == 166 167 = 6.5.8 = 168 * Add administrator checking to improve AJAX security check function to enhance CSRF protection 166 169 167 170 = 6.5.7 = -
ose-firewall/trunk/vendor/oseframework/ajax/oseAjax.php
r1486760 r1486767 26 26 if (!defined('OSE_FRAMEWORK') && !defined('OSE_ADMINPATH') && !defined('_JEXEC')) 27 27 { 28 28 die('Direct Access Not Allowed'); 29 29 } 30 30 31 31 class oseAjax 32 32 { 33 34 35 36 33 public static function runAction() 34 { 35 $centrora = oseFirewall::runApp(); 36 self::secureCheck(); 37 37 $requst = $centrora->runController($_REQUEST['controller'] . 'Controller', $_REQUEST['task']); 38 38 $requst->execute(); 39 39 40 } 41 private static function secureCheck() 42 { 43 if (!empty($_REQUEST['centnounceForm'])) { 44 $centnounce = (isset($_REQUEST['centnounceForm'])) ? $_REQUEST['centnounceForm'] : ''; 45 } 46 else { 47 $centnounce = (isset($_REQUEST['centnounce'])) ? $_REQUEST['centnounce'] : ''; 48 } 49 if (oseFirewall::isadmin()) { 40 } 41 private static function secureCheck() 42 { 43 if (!empty($_REQUEST['centnounceForm'])) { 44 $centnounce = (isset($_REQUEST['centnounceForm'])) ? $_REQUEST['centnounceForm'] : ''; 45 } 46 else { 47 $centnounce = (isset($_REQUEST['centnounce'])) ? $_REQUEST['centnounce'] : ''; 48 } 49 osefirewall::loadUsers(); 50 $user = new oseUsers (); 51 if ($user->isadmin()) { 50 52 if (!self::verifyNounce($centnounce)) 51 53 { … … 56 58 die('Sorry, this is for administrator only.'); 57 59 } 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 60 } 61 private static function verifyNounce($centnounce) 62 { 63 if (OSE_CMS == 'joomla') 64 { 65 return true; 66 } 67 else 68 { 69 if (isset($_SESSION['centnounce']) && $_SESSION['centnounce'] == $centnounce) { 70 return true; 71 } else { 72 return false; 73 } 74 } 75 } 76 public static function addActions($func) 77 { 78 if (class_exists('oseWordpress')) 79 { 80 add_action('wp_ajax_'.$func, 'oseAjax::runAction'); 81 } 82 else 83 { 84 if (isset($_REQUEST['controller']) && isset($_REQUEST['task'])) 85 { 86 self::runAction(); 87 } 88 } 89 } 90 public static function loadActions($actions) 91 { 92 foreach ($actions as $action) 93 { 94 self::addActions($action); 95 } 96 } 97 public static function aJaxReturn($result, $status, $msg, $continue = false, $id = null, $qatest = false ) 98 { 99 oseFramework::loadJSON(); 100 oseFramework::loadRequest(); 101 $return = array( 102 'success' => (boolean) $result, 103 'status' => $status, 104 'result' => $msg, 105 'cont' => (boolean) $continue, 106 'id' => (int) $id 107 ); 108 $tmp = oseJSON::encode($return); 109 $callback = oRequest::getVar('callback', null); 110 if ($qatest == true) { 111 return $tmp; 112 } 113 else { 114 if ($callback == null) { 115 print_r($tmp); 116 } else { 117 header("Content-Type: text/javascript"); 118 $return = $callback . '(' . $tmp . ');'; 119 print_r($return); 120 } 121 exit; 122 } 123 } 124 public static function returnJSON($var, $mobiledevice = false) 125 { 126 oseFramework::loadJSON(); 127 oseFramework::loadRequest(); 128 $callback = oRequest::getVar('callback', null); 129 if ($callback == null) 130 { 131 print_r(oseJSON::encode($var)); 132 } 133 else 134 { 135 header("Content-Type: text/javascript"); 136 $return = $callback.'('.oseJSON::encode($var).');'; 137 print_r($return); 138 } 139 exit; 140 } 141 public static function throwAjaxRecursive($result, $status, $msg, $continue, $step) 142 { 143 $return = array( 144 'success' => (boolean) $result, 145 'status' => $status, 146 'result' => $msg, 147 'cont' => (boolean) $continue, 148 'step' => (int) $step, 149 ); 150 $tmp = oseJSON::encode($return); 151 print_r($tmp); 152 exit; 153 } 152 154 }
Note: See TracChangeset
for help on using the changeset viewer.