PluginProbe ʕ •ᴥ•ʔ
JetFormBuilder — Dynamic Blocks Form Builder / 3.4.1
JetFormBuilder — Dynamic Blocks Form Builder v3.4.1
3.6.3.1 3.6.3 3.6.2.2 3.6.2.1 3.6.2 3.6.1.1 3.6.1 3.6.0.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.0 1.3.1 1.3.2 1.3.3 1.4.0 1.4.1 1.4.2 1.4.3 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.1.0 2.1.1 2.1.10 2.1.11 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 3.0.0 3.0.0.1 3.0.0.2 3.0.0.3 3.0.1 3.0.1.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.1.0 3.1.0.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.3.2 3.3.3 3.3.3.1 3.3.4 3.3.4.1 3.3.4.2 3.4.0 3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.5.1 3.4.5.2 3.4.6 3.4.7 3.4.7.1 3.5.0 3.5.1 3.5.1.1 3.5.1.2 3.5.2 3.5.2.1 3.5.3 3.5.4 3.5.5 3.5.6 3.5.6.1 3.5.6.2 3.5.6.3 3.6.0
jetformbuilder / modules / security / csrf / module.php
jetformbuilder / modules / security / csrf Last commit date
csrf-token-model.php 2 years ago csrf-token-view.php 2 years ago csrf-tools.php 1 year ago module.php 2 years ago
module.php
102 lines
1 <?php
2
3
4 namespace JFB_Modules\Security\Csrf;
5
6 // If this file is called directly, abort.
7 if ( ! defined( 'WPINC' ) ) {
8 die;
9 }
10
11 use JFB_Components\Module\Base_Module_After_Install_It;
12 use JFB_Components\Module\Base_Module_Dir_It;
13 use JFB_Components\Module\Base_Module_Dir_Trait;
14 use JFB_Components\Module\Base_Module_Handle_It;
15 use JFB_Components\Module\Base_Module_Handle_Trait;
16 use JFB_Components\Module\Base_Module_It;
17 use JFB_Components\Module\Base_Module_Url_It;
18 use JFB_Components\Module\Base_Module_Url_Trait;
19 use JFB_Modules\Security\Exceptions\Spam_Exception;
20
21 class Module implements Base_Module_It, Base_Module_Url_It, Base_Module_Handle_It, Base_Module_Dir_It {
22
23 use Base_Module_Dir_Trait;
24 use Base_Module_Url_Trait;
25 use Base_Module_Handle_Trait;
26
27 private $token;
28 private $client;
29
30 public function rep_item_id() {
31 return 'csrf';
32 }
33
34 public function condition(): bool {
35 return true;
36 }
37
38 public function init_hooks() {
39 add_filter( 'jet-form-builder/request-handler/request', array( $this, 'handle_request' ) );
40 add_filter( 'jet-form-builder/message-types', array( $this, 'handle_messages' ) );
41 add_filter( 'jet-form-builder/after-start-form', array( $this, 'on_render_form' ) );
42 }
43
44 public function remove_hooks() {
45 remove_filter( 'jet-form-builder/request-handler/request', array( $this, 'handle_request' ) );
46 remove_filter( 'jet-form-builder/message-types', array( $this, 'handle_messages' ) );
47 remove_filter( 'jet-form-builder/after-start-form', array( $this, 'on_render_form' ) );
48 }
49
50 public function on_render_form( string $html ): string {
51 if ( ! jet_fb_live_args()->is_use_csrf() ) {
52 return $html;
53 }
54
55 return ( $html . Csrf_Tools::get_field() );
56 }
57
58 /**
59 * @param array $request
60 *
61 * @return array
62 * @throws Spam_Exception
63 */
64 public function handle_request( array $request ): array {
65 if ( ! jet_fb_live_args()->is_use_csrf() ) {
66 return $request;
67 }
68
69 $this->token = $request[ Csrf_Tools::FIELD ] ?? false;
70 $this->client = Csrf_Tools::client_id( jet_fb_live()->form_id );
71
72 // delete all old tokens
73 Csrf_Token_Model::clear();
74
75 if ( ! Csrf_Tools::verify( $this->token, $this->client ) ) {
76 throw new Spam_Exception( 'csrf_failed' );
77 }
78
79 // delete verified token only on success
80 add_action( 'jet-form-builder/form-handler/after-send', array( $this, 'handle_after_send' ) );
81
82 return $request;
83 }
84
85 public function handle_after_send() {
86 if ( ! jet_fb_handler()->is_success ) {
87 return;
88 }
89
90 Csrf_Tools::delete( $this->token, $this->client );
91 }
92
93 public function handle_messages( array $messages ): array {
94 $messages['csrf_failed'] = array(
95 'label' => __( 'CSRF token validation failed', 'jet-form-builder' ),
96 'value' => __( 'Invalid token', 'jet-form-builder' ),
97 );
98
99 return $messages;
100 }
101 }
102