PluginProbe ʕ •ᴥ•ʔ
JetFormBuilder — Dynamic Blocks Form Builder / 3.4.7
JetFormBuilder — Dynamic Blocks Form Builder v3.4.7
3.6.3.1 3.6.3 3.6.2.2 3.6.2.1 3.6.2 3.6.1.1 3.6.1 3.6.0.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.0 1.3.1 1.3.2 1.3.3 1.4.0 1.4.1 1.4.2 1.4.3 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.1.0 2.1.1 2.1.10 2.1.11 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 3.0.0 3.0.0.1 3.0.0.2 3.0.0.3 3.0.1 3.0.1.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.1.0 3.1.0.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.3.2 3.3.3 3.3.3.1 3.3.4 3.3.4.1 3.3.4.2 3.4.0 3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.5.1 3.4.5.2 3.4.6 3.4.7 3.4.7.1 3.5.0 3.5.1 3.5.1.1 3.5.1.2 3.5.2 3.5.2.1 3.5.3 3.5.4 3.5.5 3.5.6 3.5.6.1 3.5.6.2 3.5.6.3 3.6.0
jetformbuilder / modules / security / wp-nonce / module.php
jetformbuilder / modules / security / wp-nonce Last commit date
module.php 1 year ago
module.php
115 lines
1 <?php
2
3
4 namespace JFB_Modules\Security\Wp_Nonce;
5
6 use JFB_Components\Module\Base_Module_It;
7 use JFB_Modules\Security\Exceptions\Spam_Exception;
8
9 // If this file is called directly, abort.
10 if ( ! defined( 'WPINC' ) ) {
11 die;
12 }
13
14 class Module implements Base_Module_It {
15
16 const KEY = '_wpnonce';
17 const NONCE_ACTION_PREF = 'jet-form-builder-wp-nonce-';
18 const SPAM_EXCEPTION = 'nonce_failed';
19
20 public function __construct() {
21 add_filter( 'jet-form-builder/security/spam-statuses', array( $this, 'add_spam_statuses' ) );
22 }
23 public function add_spam_statuses( $statuses ) {
24 $statuses[] = self::SPAM_EXCEPTION;
25 return $statuses;
26 }
27
28 public function rep_item_id() {
29 return 'wp-nonce';
30 }
31
32 public function condition(): bool {
33 return true;
34 }
35
36 public function init_hooks() {
37 add_filter(
38 'jet-form-builder/request-handler/request',
39 array( $this, 'handle_request' )
40 );
41 add_filter(
42 'jet-form-builder/message-types',
43 array( $this, 'handle_messages' )
44 );
45 add_filter(
46 'jet-form-builder/after-start-form',
47 array( $this, 'on_render_form' )
48 );
49 }
50
51 public function remove_hooks() {
52 remove_filter(
53 'jet-form-builder/request-handler/request',
54 array( $this, 'handle_request' )
55 );
56 remove_filter(
57 'jet-form-builder/message-types',
58 array( $this, 'handle_messages' )
59 );
60 remove_filter(
61 'jet-form-builder/after-start-form',
62 array( $this, 'on_render_form' )
63 );
64 }
65
66 public function on_render_form( string $html ): string {
67 if ( ! jet_fb_live_args()->is_use_nonce() ) {
68 return $html;
69 }
70
71 return ( $html . $this->get_nonce_field() );
72 }
73
74 public function get_nonce_id(): string {
75 $form_id = jet_fb_live()->form_id;
76
77 return self::NONCE_ACTION_PREF . $form_id;
78 }
79
80 public function get_nonce_field(): string {
81 return wp_nonce_field( $this->get_nonce_id(), self::KEY, true, false );
82 }
83
84 public function verify( $nonce ): bool {
85 return ( ! jet_fb_live_args()->is_use_nonce() || wp_verify_nonce( $nonce, $this->get_nonce_id() ) );
86 }
87
88 /**
89 * @param array $request
90 *
91 * @return array
92 * @throws Spam_Exception
93 */
94 public function handle_request( array $request ): array {
95 $nonce = $request[ self::KEY ] ?? '';
96
97 if ( ! $this->verify( $nonce ) ) {
98 // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
99 throw new Spam_Exception( self::SPAM_EXCEPTION );
100 }
101
102 return $request;
103 }
104
105 public function handle_messages( array $messages ): array {
106 $messages[ self::SPAM_EXCEPTION ] = array(
107 'label' => __( 'WP nonce validation failed', 'jet-form-builder' ),
108 'value' => __( 'Invalid nonce', 'jet-form-builder' ),
109 );
110
111 return $messages;
112 }
113
114 }
115