PluginProbe ʕ •ᴥ•ʔ
Check & Log Email – Easy Email Testing & Mail logging / 2.0.3
Check & Log Email – Easy Email Testing & Mail logging v2.0.3
1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 2.0 2.0.1 2.0.10 2.0.11 2.0.12 2.0.13 2.0.13.1 2.0.13.2 2.0.14 2.0.2 2.0.3 2.0.4 2.0.5 2.0.5.1 2.0.6 2.0.7 2.0.8 2.0.9 trunk 0.5.7 0.6.0 0.6.1 0.6.2 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.12.1 1.0.13 1.0.13.1 1.0.2 1.0.3
check-email / include / Core / Request / Check_Email_Nonce_Checker.php
check-email / include / Core / Request Last commit date
Check_Email_Log_List_Action.php 1 year ago Check_Email_Nonce_Checker.php 1 year ago Check_Email_Override_PluginAPI.php 1 year ago
Check_Email_Nonce_Checker.php
82 lines
1 <?php namespace CheckEmail\Core\Request;
2
3 use CheckEmail\Core\Loadie;
4 use CheckEmail\Core\UI\Page\Check_Email_Log_List_Page;
5
6 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
7
8 /**
9 * Check nonce for all Check Email Log requests.
10 */
11 class Check_Email_Nonce_Checker implements Loadie {
12
13 public function load() {
14 add_action( 'admin_init', array( $this, 'check_nonce' ) );
15 }
16
17 public function check_nonce() {
18 if ( ! current_user_can('manage_options') ) {
19 return false;
20 }
21
22 if ( ! isset( $_POST['check-email-action'] ) && ! isset( $_REQUEST['action'] ) && ! isset( $_REQUEST['action2'] ) ) {
23 return;
24 }
25
26 if ( isset( $_POST['check-email-action'] ) ) {
27 $action = sanitize_text_field( wp_unslash( $_POST['check-email-action'] ) );
28
29 // $action is sanitize on line 23
30 // phpcs:ignore
31 if ( ! isset( $_POST[ $action . '_nonce' ] ) ) {
32 return;
33 }
34
35 // $action is sanitize on line 23
36 // phpcs:ignore
37 if ( ! wp_verify_nonce( $_POST[ $action . '_nonce' ], $action ) ) {
38 return;
39 }
40 }
41
42 if ( isset( $_REQUEST['action'] ) || isset( $_REQUEST['action2'] ) ) {
43 $action = sanitize_text_field( wp_unslash($_REQUEST['action']) );
44
45 if ( '-1' === $action ) {
46 if ( ! isset( $_REQUEST['action2'] ) ) {
47 return;
48 }
49
50 $action = sanitize_text_field( wp_unslash($_REQUEST['action2']) );
51 }
52
53 $is_right_page = false;
54
55 // $action is sanitize on line 39 or 46
56 // phpcs:ignore
57 if ( strpos( $action, 'check-email-log-list-' ) === 0 ) {
58 $is_right_page = true;
59 }
60 if ( strpos( $action, 'check-email-error-tracker-' ) === 0 ) {
61 $is_right_page = true;
62 }
63
64 if (!$is_right_page) {
65 return;
66 }
67
68 if ( ! isset( $_REQUEST[ Check_Email_Log_List_Page::LOG_LIST_ACTION_NONCE_FIELD ] ) ) {
69 return;
70 }
71
72 // phpcs:ignore
73 if ( ! wp_verify_nonce( $_REQUEST[ Check_Email_Log_List_Page::LOG_LIST_ACTION_NONCE_FIELD ], Check_Email_Log_List_Page::LOG_LIST_ACTION_NONCE ) ) {
74 return;
75 }
76 }
77
78 do_action( 'check_email_action', $action, $_REQUEST );
79 do_action( $action, $_REQUEST );
80 }
81 }
82