Changeset 1654720

Timestamp:

05/11/2017 01:11:24 AM (9 years ago)

Author:

atheken

Message:

Update javascript and admin panel to use wp-nonce security.

Location:

postmark-approved-wordpress-plugin/trunk

Files:

• assets/css/admin.css (modified) (1 diff)
• assets/js/admin.js (modified) (3 diffs)
• page-settings.php (modified) (2 diffs)
• postmark.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)

postmark-approved-wordpress-plugin/trunk/assets/css/admin.css

@@ -30 +30 @@
     display: block;
 }
+
+.footnote {
+    font-size: 13px;
+}
+input[type=text] {
+    width: 300px;
+}

postmark-approved-wordpress-plugin/trunk/assets/js/admin.js

@@ -1 @@
-(function($) {
+(function ($) {
     $(function() {
         var settings = postmark.settings;
@@ -19 +19 @@
 
             $.post(ajaxurl, {
+                '_wpnonce' : $('#_wpnonce').val(),
                 'action': 'postmark_save',
                 'data': JSON.stringify(data)
@@ -30 +31 @@
         $(document).on('click', '.send-test', function() {
             $.post(ajaxurl, {
+                '_wpnonce' : $('#_wpnonce').val(),
                 'action': 'postmark_test',
                 'email': $('.pm-test-email').val(),

postmark-approved-wordpress-plugin/trunk/page-settings.php

@@ -15 +15 @@
         <a class="nav-tab" rel="test">Send Test Email</a>
         <a class="nav-tab" rel="overrides">Overrides</a>
-       <?php if ( 'POSTMARK_PLUGIN_TESTING' == $_ENV['POSTMARK_PLUGIN_TESTING'] ) : ?>
+
+       <?php if ( isset($_ENV['POSTMARK_PLUGIN_TESTING']) && 'POSTMARK_PLUGIN_TESTING' == $_ENV['POSTMARK_PLUGIN_TESTING'] ) : ?>
             <a class="nav-tab" rel="plugin-testing">Plugin Testing</a>
         <?php endif; ?>
@@ -106 +107 @@
         To learn more about <code>wp_mail</code>, see the <a href="https://developer.wordpress.org/reference/functions/wp_mail/">WordPress Codex page.</a>
     </div>
-   <?php if ( 'POSTMARK_PLUGIN_TESTING' == $_ENV['POSTMARK_PLUGIN_TESTING'] ) : ?>
+   <?php if ( isset($_ENV['POSTMARK_PLUGIN_TESTING']) &&'POSTMARK_PLUGIN_TESTING' == $_ENV['POSTMARK_PLUGIN_TESTING'] ) : ?>
     <div class="tab-content tab-plugin-testing">
         <table class="form-table" style="max-width:740px;">

postmark-approved-wordpress-plugin/trunk/postmark.php

@@ -4 +4 @@
 Plugin URI: https://postmarkapp.com/
 Description: Overwrites wp_mail to send emails through Postmark
-Version: 1.9.4
+Version: 1.9.5
 Author: Andrew Yates & Matt Gibbs
 */
@@ -61 +61 @@
         // We check the wp_nonce.
         if ( ! isset($_POST['_wpnonce']) || ! wp_verify_nonce( $_POST['_wpnonce'], 'postmark_nonce' ) ) {
-            wp_die(__('Cheatin’ uh?'));
+            wp_die(__('We were unable to verify this request, please reload the page and try again.'));
         }
         
         // We check that the current user is allowed to update settings.
         if ( ! current_user_can('manage_options') ) {
-            wp_die(__('Cheatin’ uh?'));
+            wp_die(__('We were unable to verify this request, please reload the page and try again.'));
         }
         
@@ -125 +125 @@
         // We check the wp_nonce.
         if ( ! isset($_POST['_wpnonce']) || ! wp_verify_nonce( $_POST['_wpnonce'], 'postmark_nonce' ) ) {
-            wp_die(__('Cheatin’ uh?'));
+            wp_die(__('We were unable to verify this request, please reload the page and try again.'));
         }
                 
         // We check that the current user is allowed to update settings.
         if ( ! current_user_can('manage_options') ) {
-            wp_die(__('Cheatin’ uh?'));
+            wp_die(__('We were unable to verify this request, please reload the page and try again.'));
         }
         
         // We check that we have received some data.
         if ( ! isset($_POST['data']) ) {
-            wp_die(__('Cheatin’ uh?'));
+            wp_die(__('We were unable to verify this request, please reload the page and try again.'));
     }
 

postmark-approved-wordpress-plugin/trunk/readme.txt

@@ -3 +3 @@
 Tags: postmark, email, smtp, notifications, wp_mail, wildbit
 Requires at least: 4.0
-Tested up to: 4.6.1
+Tested up to: 4.7.4
 Stable tag: trunk
 
@@ -62 +62 @@
 == Changelog ==
 
+= v1.9.5 =
+* Update javascript to fix settings update issue.
+
 = v1.9.4 =
 * Added `postmark_error` and `postmark_response` actions to the plugin, to intercept API results after calling wp_mail. You can register callbacks for these using `add_action` (more info here: https://developer.wordpress.org/reference/functions/add_action/)