Plugin Directory

Changeset 3190327


Ignore:
Timestamp:
11/16/2024 06:00:09 PM (15 months ago)
Author:
projectopia
Message:

Fixing access control vulnerability

Location:
projectopia-core
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • projectopia-core/tags/5.1.8/includes/functions/teams/team_functions.php

    r3187310 r3190327  
    170170add_action( "wp_ajax_pto_reset_password", "pto_reset_password");
    171171function pto_reset_password() {
    172     // check_ajax_referer( PTO_GLOBAL_NONCE, 'pto_nonce' );
    173     if ( ! isset($_POST['team_password_change_nonce']) || ! wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['team_password_change_nonce']), 'team_password_change_action') ) ) {
    174         pto_send_json( array(
    175                 'error'   => true,
    176                 'message' => '<div class="cqpim-alert cqpim-alert-warning alert-display">' . esc_html__('Security check failed.', 'projectopia-core') . '</div>',
     172
     173    if ( ! isset( $_POST['team_password_change_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['team_password_change_nonce'] ) ), 'team_password_change_action' ) ) {
     174        pto_send_json( array(
     175            'error'   => true,
     176            'message' => '<div class="cqpim-alert cqpim-alert-warning alert-display">' . esc_html__( 'Security check failed.', 'projectopia-core' ) . '</div>',
    177177        ) );
     178    }
     179
     180    if ( ! current_user_can( 'cqpim_reset_team_passwords' ) || ! current_user_can( 'cqpim_reset_client_passwords' ) ) {
     181        pto_send_json( array(
     182            'error'   => true,
     183            'message' => '<div class="cqpim-alert cqpim-alert-warning alert-display">' . esc_html__( 'You do not have permission to perform this action.', 'projectopia-core' ) . '</div>',
     184        ) );
    178185    }
     186   
    179187    $user_id = isset($_POST['user_id']) ? sanitize_text_field( wp_unslash( $_POST['user_id'] ) ) : '';
    180188    $entity_id = isset($_POST['entity_id']) ? sanitize_text_field( wp_unslash( $_POST['entity_id'] ) ) : '';
  • projectopia-core/tags/5.1.8/includes/meta/clients/contact_details.php

    r2762311 r3190327  
    141141                    ?>
    142142                    <div id="password_messages"></div>
     143                    <?php wp_nonce_field('team_password_change_action', 'team_password_change_nonce'); ?>
    143144                    <button class="cancel-colorbox piaBtn redColor mt-1"><?php esc_html_e( 'Cancel', 'projectopia-core' ); ?></button>
    144145                    <button id="reset_pass_ajax" class="piaBtn mt-1 right" value="<?php echo esc_attr( $client_user ); ?>"><?php esc_html_e( 'Reset Password', 'projectopia-core' ); ?></button>
  • projectopia-core/tags/5.1.8/includes/meta/teams/team_details.php

    r3187310 r3190327  
    104104                    <?php wp_nonce_field('team_password_change_action', 'team_password_change_nonce'); ?>
    105105                    <button class="cancel-colorbox piaBtn btn redColor"><?php esc_html_e('Cancel', 'projectopia-core'); ?></button>
    106                     <?php wp_nonce_field('team_password_change_action', 'team_password_change_nonce'); ?>
    107106                    <button id="reset_pass_ajax" class="btn piaBtn right" value="<?php echo esc_attr( $team_user ); ?>"><?php esc_html_e('Reset Password', 'projectopia-core'); ?></button><div class="ajax_spinner" style="display: none;"></div>
    108107                </div>
  • projectopia-core/tags/5.1.8/includes/scripts/client/admin_custom.js

    r3187310 r3190327  
    390390                    'entity_id' : entity_id,
    391391                    'type' : type,
    392                     'pto_nonce' : localisation.global_nonce,
     392                    // 'pto_nonce' : localisation.global_nonce,
    393393                    'team_password_change_nonce' : team_password_change_nonce,
    394394                };
  • projectopia-core/tags/5.1.8/readme.txt

    r3187310 r3190327  
    33Tags: project, project management
    44Requires at least: 5.3.0
    5 Tested up to: 6.6.2
     5Tested up to: 6.7
    66Stable tag: 5.1.8
    77Requires PHP: 5.6
  • projectopia-core/trunk/includes/functions/teams/team_functions.php

    r3187256 r3190327  
    170170add_action( "wp_ajax_pto_reset_password", "pto_reset_password");
    171171function pto_reset_password() {
    172     // check_ajax_referer( PTO_GLOBAL_NONCE, 'pto_nonce' );
    173     if ( ! isset($_POST['team_password_change_nonce']) || ! wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['team_password_change_nonce']), 'team_password_change_action') ) ) {
    174         pto_send_json( array(
    175                 'error'   => true,
    176                 'message' => '<div class="cqpim-alert cqpim-alert-warning alert-display">' . esc_html__('Security check failed.', 'projectopia-core') . '</div>',
     172
     173    if ( ! isset( $_POST['team_password_change_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['team_password_change_nonce'] ) ), 'team_password_change_action' ) ) {
     174        pto_send_json( array(
     175            'error'   => true,
     176            'message' => '<div class="cqpim-alert cqpim-alert-warning alert-display">' . esc_html__( 'Security check failed.', 'projectopia-core' ) . '</div>',
    177177        ) );
     178    }
     179
     180    if ( ! current_user_can( 'cqpim_reset_team_passwords' ) || ! current_user_can( 'cqpim_reset_client_passwords' ) ) {
     181        pto_send_json( array(
     182            'error'   => true,
     183            'message' => '<div class="cqpim-alert cqpim-alert-warning alert-display">' . esc_html__( 'You do not have permission to perform this action.', 'projectopia-core' ) . '</div>',
     184        ) );
    178185    }
     186   
    179187    $user_id = isset($_POST['user_id']) ? sanitize_text_field( wp_unslash( $_POST['user_id'] ) ) : '';
    180188    $entity_id = isset($_POST['entity_id']) ? sanitize_text_field( wp_unslash( $_POST['entity_id'] ) ) : '';
  • projectopia-core/trunk/includes/meta/clients/contact_details.php

    r2762311 r3190327  
    141141                    ?>
    142142                    <div id="password_messages"></div>
     143                    <?php wp_nonce_field('team_password_change_action', 'team_password_change_nonce'); ?>
    143144                    <button class="cancel-colorbox piaBtn redColor mt-1"><?php esc_html_e( 'Cancel', 'projectopia-core' ); ?></button>
    144145                    <button id="reset_pass_ajax" class="piaBtn mt-1 right" value="<?php echo esc_attr( $client_user ); ?>"><?php esc_html_e( 'Reset Password', 'projectopia-core' ); ?></button>
  • projectopia-core/trunk/includes/meta/teams/team_details.php

    r3187256 r3190327  
    104104                    <?php wp_nonce_field('team_password_change_action', 'team_password_change_nonce'); ?>
    105105                    <button class="cancel-colorbox piaBtn btn redColor"><?php esc_html_e('Cancel', 'projectopia-core'); ?></button>
    106                     <?php wp_nonce_field('team_password_change_action', 'team_password_change_nonce'); ?>
    107106                    <button id="reset_pass_ajax" class="btn piaBtn right" value="<?php echo esc_attr( $team_user ); ?>"><?php esc_html_e('Reset Password', 'projectopia-core'); ?></button><div class="ajax_spinner" style="display: none;"></div>
    108107                </div>
  • projectopia-core/trunk/includes/scripts/client/admin_custom.js

    r3187256 r3190327  
    390390                    'entity_id' : entity_id,
    391391                    'type' : type,
    392                     'pto_nonce' : localisation.global_nonce,
     392                    // 'pto_nonce' : localisation.global_nonce,
    393393                    'team_password_change_nonce' : team_password_change_nonce,
    394394                };
  • projectopia-core/trunk/readme.txt

    r3187256 r3190327  
    33Tags: project, project management
    44Requires at least: 5.3.0
    5 Tested up to: 6.6.2
     5Tested up to: 6.7
    66Stable tag: 5.1.8
    77Requires PHP: 5.6
Note: See TracChangeset for help on using the changeset viewer.