Changeset 3064569

Timestamp:

04/04/2024 10:44:39 AM (23 months ago)

Author:

Unyson

Message:

Version 2.7.30

Location:

unyson

Files:

• tags/2.7.30 (copied) (copied from unyson/trunk)
• tags/2.7.30/framework/core/components/extensions/manager/class--fw-extensions-manager.php (copied) (copied from unyson/trunk/framework/core/components/extensions/manager/class--fw-extensions-manager.php) (3 diffs)
• tags/2.7.30/framework/core/components/extensions/manager/includes/download-source/types/class-fw-download-source-github.php (copied) (copied from unyson/trunk/framework/core/components/extensions/manager/includes/download-source/types/class-fw-download-source-github.php)
• tags/2.7.30/framework/core/components/extensions/manager/static/extensions-page.js (modified) (3 diffs)
• tags/2.7.30/framework/extensions/update/extensions/github-update/class-fw-extension-github-update.php (copied) (copied from unyson/trunk/framework/extensions/update/extensions/github-update/class-fw-extension-github-update.php)
• tags/2.7.30/framework/manifest.php (copied) (copied from unyson/trunk/framework/manifest.php)
• tags/2.7.30/readme.txt (copied) (copied from unyson/trunk/readme.txt)
• tags/2.7.30/unyson.php (copied) (copied from unyson/trunk/unyson.php)
• trunk/framework/core/components/extensions/manager/class--fw-extensions-manager.php (modified) (3 diffs)
• trunk/framework/core/components/extensions/manager/static/extensions-page.js (modified) (3 diffs)

unyson/tags/2.7.30/framework/core/components/extensions/manager/class--fw-extensions-manager.php

@@ -278 +278 @@
     public function _action_ajax_check_direct_fs_access()
     {
-        if (!$this->can_install()) {
+        if ( ! $this->can_install() || empty( $_POST['extAction'] ) ) {
             // if can't install, no need to know if has access or not
+            wp_send_json_error();
+        }
+
+        $nonce = $this->get_nonce( $_POST['extAction'] );
+
+        if ( ! isset( $_POST[ $nonce['name'] ] ) || ! wp_verify_nonce( $_POST[ $nonce['name'] ], $nonce['action'] ) ) {
             wp_send_json_error();
         }
@@ -300 +306 @@
         }
 
+        $nonce = $this->get_nonce( 'install' );
+
+        if ( ! isset( $_POST[ $nonce['name'] ] ) || ! wp_verify_nonce( $_POST[ $nonce['name'] ], $nonce['action'] ) ) {
+            wp_send_json_error();
+        }
+
         if ( ! FW_WP_Filesystem::has_direct_access( fw_get_framework_directory( '/extensions' ) ) ) {
             wp_send_json_error();
@@ -322 +334 @@
         if (!$this->can_install()) {
             // if can't install, no need to know if has access or not
+            wp_send_json_error();
+        }
+
+        $nonce = $this->get_nonce( 'delete' );
+
+        if ( ! isset( $_POST[ $nonce['name'] ] ) || ! wp_verify_nonce( $_POST[ $nonce['name'] ], $nonce['action'] ) ) {
             wp_send_json_error();
         }

unyson/tags/2.7.30/framework/core/components/extensions/manager/static/extensions-page.js

@@ -27 +27 @@
             var $form = $(this);
 
-            var confirmMessage = $form.attr('data-confirm-message');
+            var confirmMessage = $form.attr('data-confirm-message'),
+                action         = $form.attr('data-extension-action'),
+                action         = action === 'uninstall' ? 'delete' : action,
+                nonceName      = '_nonce_fw_extensions_' + action;
 
             inst.isBusy = true;
@@ -36 +39 @@
                 type: 'POST',
                 data: {
-                    action: 'fw_extensions_check_direct_fs_access'
+                    action: 'fw_extensions_check_direct_fs_access',
+                    [nonceName]: $form.find('#' + nonceName).val(),
+                    extAction: action
                 },
                 dataType: 'json'
@@ -52 +57 @@
                         type: 'POST',
                         data: {
-                            action: 'fw_extensions_'+ $form.attr('data-extension-action'),
-                            extension: $form.attr('data-extension-name')
+                            action: 'fw_extensions_' + (action === 'delete' ? 'uninstall' : action),
+                            extension: $form.attr('data-extension-name'),
+                            [nonceName]: $form.find('#' + nonceName).val()
                         },
                         dataType: 'json'

unyson/trunk/framework/core/components/extensions/manager/class--fw-extensions-manager.php

@@ -278 +278 @@
     public function _action_ajax_check_direct_fs_access()
     {
-        if (!$this->can_install()) {
+        if ( ! $this->can_install() || empty( $_POST['extAction'] ) ) {
             // if can't install, no need to know if has access or not
+            wp_send_json_error();
+        }
+
+        $nonce = $this->get_nonce( $_POST['extAction'] );
+
+        if ( ! isset( $_POST[ $nonce['name'] ] ) || ! wp_verify_nonce( $_POST[ $nonce['name'] ], $nonce['action'] ) ) {
             wp_send_json_error();
         }
@@ -300 +306 @@
         }
 
+        $nonce = $this->get_nonce( 'install' );
+
+        if ( ! isset( $_POST[ $nonce['name'] ] ) || ! wp_verify_nonce( $_POST[ $nonce['name'] ], $nonce['action'] ) ) {
+            wp_send_json_error();
+        }
+
         if ( ! FW_WP_Filesystem::has_direct_access( fw_get_framework_directory( '/extensions' ) ) ) {
             wp_send_json_error();
@@ -322 +334 @@
         if (!$this->can_install()) {
             // if can't install, no need to know if has access or not
+            wp_send_json_error();
+        }
+
+        $nonce = $this->get_nonce( 'delete' );
+
+        if ( ! isset( $_POST[ $nonce['name'] ] ) || ! wp_verify_nonce( $_POST[ $nonce['name'] ], $nonce['action'] ) ) {
             wp_send_json_error();
         }

unyson/trunk/framework/core/components/extensions/manager/static/extensions-page.js

@@ -27 +27 @@
             var $form = $(this);
 
-            var confirmMessage = $form.attr('data-confirm-message');
+            var confirmMessage = $form.attr('data-confirm-message'),
+                action         = $form.attr('data-extension-action'),
+                action         = action === 'uninstall' ? 'delete' : action,
+                nonceName      = '_nonce_fw_extensions_' + action;
 
             inst.isBusy = true;
@@ -36 +39 @@
                 type: 'POST',
                 data: {
-                    action: 'fw_extensions_check_direct_fs_access'
+                    action: 'fw_extensions_check_direct_fs_access',
+                    [nonceName]: $form.find('#' + nonceName).val(),
+                    extAction: action
                 },
                 dataType: 'json'
@@ -52 +57 @@
                         type: 'POST',
                         data: {
-                            action: 'fw_extensions_'+ $form.attr('data-extension-action'),
-                            extension: $form.attr('data-extension-name')
+                            action: 'fw_extensions_' + (action === 'delete' ? 'uninstall' : action),
+                            extension: $form.attr('data-extension-name'),
+                            [nonceName]: $form.find('#' + nonceName).val()
                         },
                         dataType: 'json'