PluginProbe ʕ •ᴥ•ʔ
JetFormBuilder — Dynamic Blocks Form Builder / trunk
JetFormBuilder — Dynamic Blocks Form Builder vtrunk
3.6.3.1 3.6.3 3.6.2.2 3.6.2.1 3.6.2 3.6.1.1 3.6.1 3.6.0.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.0 1.3.1 1.3.2 1.3.3 1.4.0 1.4.1 1.4.2 1.4.3 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.1.0 2.1.1 2.1.10 2.1.11 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 3.0.0 3.0.0.1 3.0.0.2 3.0.0.3 3.0.1 3.0.1.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.1.0 3.1.0.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.3.2 3.3.3 3.3.3.1 3.3.4 3.3.4.1 3.3.4.2 3.4.0 3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.5.1 3.4.5.2 3.4.6 3.4.7 3.4.7.1 3.5.0 3.5.1 3.5.1.1 3.5.1.2 3.5.2 3.5.2.1 3.5.3 3.5.4 3.5.5 3.5.6 3.5.6.1 3.5.6.2 3.5.6.3 3.6.0
jetformbuilder / modules / security / csrf / module.php
jetformbuilder / modules / security / csrf Last commit date
csrf-token-model.php 2 years ago csrf-token-view.php 2 years ago csrf-tools.php 1 year ago module.php 1 year ago
module.php
112 lines
1 <?php
2
3
4 namespace JFB_Modules\Security\Csrf;
5
6 // If this file is called directly, abort.
7 if ( ! defined( 'WPINC' ) ) {
8 die;
9 }
10
11 use JFB_Components\Module\Base_Module_After_Install_It;
12 use JFB_Components\Module\Base_Module_Dir_It;
13 use JFB_Components\Module\Base_Module_Dir_Trait;
14 use JFB_Components\Module\Base_Module_Handle_It;
15 use JFB_Components\Module\Base_Module_Handle_Trait;
16 use JFB_Components\Module\Base_Module_It;
17 use JFB_Components\Module\Base_Module_Url_It;
18 use JFB_Components\Module\Base_Module_Url_Trait;
19 use JFB_Modules\Security\Exceptions\Spam_Exception;
20
21 class Module implements Base_Module_It, Base_Module_Url_It, Base_Module_Handle_It, Base_Module_Dir_It {
22
23 use Base_Module_Dir_Trait;
24 use Base_Module_Url_Trait;
25 use Base_Module_Handle_Trait;
26
27 private $token;
28 private $client;
29
30 public function rep_item_id() {
31 return 'csrf';
32 }
33
34 const SPAM_EXCEPTION = 'csrf_failed';
35 public function __construct() {
36 add_filter( 'jet-form-builder/security/spam-statuses', array( $this, 'add_spam_statuses' ) );
37 }
38 public function add_spam_statuses( $statuses ) {
39 $statuses[] = self::SPAM_EXCEPTION;
40 return $statuses;
41 }
42
43 public function condition(): bool {
44 return true;
45 }
46
47 public function init_hooks() {
48 add_filter( 'jet-form-builder/request-handler/request', array( $this, 'handle_request' ) );
49 add_filter( 'jet-form-builder/message-types', array( $this, 'handle_messages' ) );
50 add_filter( 'jet-form-builder/after-start-form', array( $this, 'on_render_form' ) );
51 }
52
53 public function remove_hooks() {
54 remove_filter( 'jet-form-builder/request-handler/request', array( $this, 'handle_request' ) );
55 remove_filter( 'jet-form-builder/message-types', array( $this, 'handle_messages' ) );
56 remove_filter( 'jet-form-builder/after-start-form', array( $this, 'on_render_form' ) );
57 }
58
59 public function on_render_form( string $html ): string {
60 if ( ! jet_fb_live_args()->is_use_csrf() ) {
61 return $html;
62 }
63
64 return ( $html . Csrf_Tools::get_field() );
65 }
66
67 /**
68 * @param array $request
69 *
70 * @return array
71 * @throws Spam_Exception
72 */
73 public function handle_request( array $request ): array {
74 if ( ! jet_fb_live_args()->is_use_csrf() ) {
75 return $request;
76 }
77
78 $this->token = $request[ Csrf_Tools::FIELD ] ?? false;
79 $this->client = Csrf_Tools::client_id( jet_fb_live()->form_id );
80
81 // delete all old tokens
82 Csrf_Token_Model::clear();
83
84 if ( ! Csrf_Tools::verify( $this->token, $this->client ) ) {
85 // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
86 throw new Spam_Exception( self::SPAM_EXCEPTION );
87 }
88
89 // delete verified token only on success
90 add_action( 'jet-form-builder/form-handler/after-send', array( $this, 'handle_after_send' ) );
91
92 return $request;
93 }
94
95 public function handle_after_send() {
96 if ( ! jet_fb_handler()->is_success ) {
97 return;
98 }
99
100 Csrf_Tools::delete( $this->token, $this->client );
101 }
102
103 public function handle_messages( array $messages ): array {
104 $messages[ self::SPAM_EXCEPTION ] = array(
105 'label' => __( 'CSRF token validation failed', 'jet-form-builder' ),
106 'value' => __( 'Invalid token', 'jet-form-builder' ),
107 );
108
109 return $messages;
110 }
111 }
112