class-settings-page-email.php
3 years ago
class-settings-page-general.php
3 years ago
class-settings-page-policies.php
3 years ago
class-settings-page-white-label.php
3 years ago
class-settings-page-white-label.php
305 lines
| 1 | <?php |
| 2 | /** |
| 3 | * White label settings class. |
| 4 | * |
| 5 | * @package wp2fa |
| 6 | * @subpackage settings-pages |
| 7 | * @copyright 2023 WP White Security |
| 8 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 9 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 10 | */ |
| 11 | |
| 12 | namespace WP2FA\Admin\SettingsPages; |
| 13 | |
| 14 | use \WP2FA\WP2FA as WP2FA; |
| 15 | use WP2FA\Utils\Debugging; |
| 16 | |
| 17 | /** |
| 18 | * White labeling settings tab |
| 19 | */ |
| 20 | if ( ! class_exists( '\WP2FA\Admin\SettingsPages\Settings_Page_White_Label' ) ) { |
| 21 | /** |
| 22 | * Settings_Page_White_Label - Class for handling settings |
| 23 | * |
| 24 | * @since 2.0.0 |
| 25 | */ |
| 26 | class Settings_Page_White_Label { |
| 27 | |
| 28 | /** |
| 29 | * Render the settings |
| 30 | * |
| 31 | * @return void |
| 32 | * |
| 33 | * @since 2.0.0 |
| 34 | */ |
| 35 | public function render() { |
| 36 | settings_fields( WP_2FA_WHITE_LABEL_SETTINGS_NAME ); |
| 37 | $this->white_labelling_tabs_wrapper(); |
| 38 | submit_button(); |
| 39 | } |
| 40 | |
| 41 | /** |
| 42 | * Validate options before saving |
| 43 | * |
| 44 | * @param array $input The settings array. |
| 45 | * |
| 46 | * @return array|void |
| 47 | * |
| 48 | * @since 2.0.0 |
| 49 | */ |
| 50 | public function validate_and_sanitize( $input ) { |
| 51 | |
| 52 | // Bail if user doesn't have permissions to be here. |
| 53 | if ( ! current_user_can( 'manage_options' ) || ! isset( $_POST['action'] ) && ! check_admin_referer( 'wp2fa-step-choose-method' ) ) { |
| 54 | return; |
| 55 | } |
| 56 | |
| 57 | Debugging::log( 'The following settings will be processed (White Label): ' . "\n" . wp_json_encode( $input ) ); |
| 58 | |
| 59 | $output['default-text-code-page'] = WP2FA::get_wp2fa_white_label_setting( 'default-text-code-page', false, false ); |
| 60 | |
| 61 | if ( isset( $input['default-text-code-page'] ) && '' !== trim( $input['default-text-code-page'] ) ) { |
| 62 | $output['default-text-code-page'] = \wp_strip_all_tags( $input['default-text-code-page'] ); |
| 63 | } |
| 64 | |
| 65 | $output['default-backup-code-page'] = WP2FA::get_wp2fa_white_label_setting( 'default-backup-code-page', false, false ); |
| 66 | |
| 67 | if ( isset( $input['default-backup-code-page'] ) && '' !== trim( $input['default-backup-code-page'] ) ) { |
| 68 | $output['default-backup-code-page'] = \wp_strip_all_tags( $input['default-backup-code-page'] ); |
| 69 | } |
| 70 | |
| 71 | if ( isset( $_REQUEST['_wp_http_referer'] ) ) { |
| 72 | $request_area = wp_parse_url( \wp_unslash( $_REQUEST['_wp_http_referer'] ) ); // phpcs:ignore |
| 73 | $request_area_path = strpos( $request_area['query'], 'white-label-section' ); |
| 74 | |
| 75 | // If we have the input POSTed, we are on the right page so grab it. |
| 76 | if ( isset( $input['enable_wizard_styling'] ) && '' !== trim( $input['enable_wizard_styling'] ) ) { |
| 77 | $output['enable_wizard_styling'] = \wp_strip_all_tags( $input['enable_wizard_styling'] ); |
| 78 | } else { |
| 79 | // Nothing was POSTed, check where we are in case that means we simple an empty/disabled checkbox. |
| 80 | if ( $request_area_path && ! strpos( $request_area['query'], 'custom-css' ) ) { |
| 81 | $input['enable_wizard_styling'] = WP2FA::get_wp2fa_white_label_setting( 'enable_wizard_styling', false ); |
| 82 | $output['enable_wizard_styling'] = WP2FA::get_wp2fa_white_label_setting( 'enable_wizard_styling', false ); |
| 83 | } else { |
| 84 | $output['enable_wizard_styling'] = ''; |
| 85 | $input['enable_wizard_styling'] = ''; |
| 86 | } |
| 87 | } |
| 88 | |
| 89 | if ( isset( $input['show_help_text'] ) && '' !== trim( $input['show_help_text'] ) ) { |
| 90 | $output['show_help_text'] = \wp_strip_all_tags( $input['show_help_text'] ); |
| 91 | } else { |
| 92 | // Nothing was POSTed, check where we are in case that means we simple an empty/disabled checkbox. |
| 93 | if ( $request_area_path && ! strpos( $request_area['query'], 'method_selection' ) ) { |
| 94 | $input['show_help_text'] = WP2FA::get_wp2fa_white_label_setting( 'show_help_text', false ); |
| 95 | $output['show_help_text'] = WP2FA::get_wp2fa_white_label_setting( 'show_help_text', false ); |
| 96 | } else { |
| 97 | $output['show_help_text'] = ''; |
| 98 | $input['show_help_text'] = ''; |
| 99 | } |
| 100 | } |
| 101 | |
| 102 | // Same as above, but for the optional welcome. |
| 103 | if ( isset( $input['enable_welcome'] ) && '' !== trim( $input['enable_welcome'] ) ) { |
| 104 | $output['enable_welcome'] = \wp_strip_all_tags( $input['enable_welcome'] ); |
| 105 | } else { |
| 106 | if ( strpos( $request_area['query'], 'white-label-sub-section' ) && strpos( $request_area['query'], 'welcome' ) ) { |
| 107 | $input['enable_welcome'] = ''; |
| 108 | $output['enable_welcome'] = ''; |
| 109 | } else { |
| 110 | $input['enable_welcome'] = WP2FA::get_wp2fa_white_label_setting( 'enable_welcome', false ); |
| 111 | $output['enable_welcome'] = WP2FA::get_wp2fa_white_label_setting( 'enable_welcome', false ); |
| 112 | } |
| 113 | } |
| 114 | |
| 115 | if ( isset( $input['enable_wizard_logo'] ) && '' !== trim( $input['enable_wizard_logo'] ) ) { |
| 116 | $output['enable_wizard_logo'] = \wp_strip_all_tags( $input['enable_wizard_logo'] ); |
| 117 | } else { |
| 118 | if ( strpos( $request_area['query'], 'white-label-sub-section' ) && strpos( $request_area['query'], 'welcome' ) ) { |
| 119 | $input['enable_wizard_logo'] = ''; |
| 120 | $output['enable_wizard_logo'] = ''; |
| 121 | } else { |
| 122 | $input['enable_wizard_logo'] = WP2FA::get_wp2fa_white_label_setting( 'enable_wizard_logo', false ); |
| 123 | $output['enable_wizard_logo'] = WP2FA::get_wp2fa_white_label_setting( 'enable_wizard_logo', false ); |
| 124 | } |
| 125 | } |
| 126 | } |
| 127 | |
| 128 | |
| 129 | // Remove duplicates from settings errors. We do this as this sanitization callback is actually fired twice, so we end up with duplicates when saving the settings for the FIRST TIME only. The issue is not present once the settings are in the DB as the sanitization wont fire again. For details on this core issue - https://core.trac.wordpress.org/ticket/21989. |
| 130 | global $wp_settings_errors; |
| 131 | if ( isset( $wp_settings_errors ) ) { |
| 132 | $errors = array_map( 'unserialize', array_unique( array_map( 'serialize', $wp_settings_errors ) ) ); |
| 133 | $wp_settings_errors = $errors; // phpcs:ignore |
| 134 | } |
| 135 | |
| 136 | /** |
| 137 | * Filter the values we are about to store in the plugin settings. |
| 138 | * |
| 139 | * @param array $output - The output array with all the data we will store in the settings. |
| 140 | * @param array $input - The input array with all the data we received from the user. |
| 141 | * |
| 142 | * @since 2.0.0 |
| 143 | */ |
| 144 | $output = apply_filters( WP_2FA_PREFIX . 'filter_output_content', $output, $input ); |
| 145 | |
| 146 | Debugging::log( 'The following settings are being saved (White Label): ' . "\n" . wp_json_encode( $output ) ); |
| 147 | |
| 148 | return $output; |
| 149 | } |
| 150 | |
| 151 | /** |
| 152 | * Updates global white label network options |
| 153 | * |
| 154 | * @return void |
| 155 | * |
| 156 | * @since 2.0.0 |
| 157 | * |
| 158 | * @SuppressWarnings(PHPMD.ExitExpressions) |
| 159 | */ |
| 160 | public function update_wp2fa_network_options() { |
| 161 | |
| 162 | if ( isset( $_POST[ WP_2FA_WHITE_LABEL_SETTINGS_NAME ] ) ) { |
| 163 | check_admin_referer( 'wp_2fa_white_label-options' ); |
| 164 | $options = $this->validate_and_sanitize( wp_unslash( $_POST[ WP_2FA_WHITE_LABEL_SETTINGS_NAME ] ) ); // phpcs:ignore |
| 165 | $settings_errors = get_settings_errors( WP_2FA_WHITE_LABEL_SETTINGS_NAME ); |
| 166 | if ( ! empty( $settings_errors ) ) { |
| 167 | |
| 168 | // redirect back to our options page. |
| 169 | wp_safe_redirect( |
| 170 | add_query_arg( |
| 171 | array( |
| 172 | 'page' => 'wp-2fa-settings', |
| 173 | 'wp_2fa_network_settings_error' => urlencode_deep( $settings_errors[0]['message'] ), |
| 174 | ), |
| 175 | network_admin_url( 'settings.php' ) |
| 176 | ) |
| 177 | ); |
| 178 | exit; |
| 179 | |
| 180 | } |
| 181 | WP2FA::update_plugin_settings( $options, false, WP_2FA_WHITE_LABEL_SETTINGS_NAME ); |
| 182 | |
| 183 | // redirect back to our options page. |
| 184 | wp_safe_redirect( |
| 185 | add_query_arg( |
| 186 | array( |
| 187 | 'page' => 'wp-2fa-settings', |
| 188 | 'tab' => 'white-label-settings', |
| 189 | 'wp_2fa_network_settings_updated' => 'true', |
| 190 | ), |
| 191 | network_admin_url( 'admin.php' ) |
| 192 | ) |
| 193 | ); |
| 194 | exit; |
| 195 | } |
| 196 | } |
| 197 | |
| 198 | |
| 199 | /** |
| 200 | * Wrapper which adds special tabbed navigation and content |
| 201 | * |
| 202 | * @return void |
| 203 | * |
| 204 | * @since 2.3.0 |
| 205 | */ |
| 206 | private function white_labelling_tabs_wrapper() { |
| 207 | /** |
| 208 | * Fires right before the white label settings tab HTML, handles tabbed nav. |
| 209 | * |
| 210 | * @since 2.3.0 |
| 211 | */ |
| 212 | do_action( WP_2FA_PREFIX . 'white_labeling_tabbed_navigation' ); |
| 213 | $this->change_default_text_area(); |
| 214 | } |
| 215 | |
| 216 | /** |
| 217 | * Shows default settings input to the user |
| 218 | * |
| 219 | * @return void |
| 220 | * |
| 221 | * @since 2.0.0 |
| 222 | */ |
| 223 | private function change_default_text_area() { |
| 224 | /** |
| 225 | * Fires right before the white label settings tab HTML rendering. |
| 226 | * |
| 227 | * @since 2.0.0 |
| 228 | */ |
| 229 | do_action( WP_2FA_PREFIX . 'white_labeling_settings_page_before_default_text' ); |
| 230 | ?> |
| 231 | |
| 232 | <?php |
| 233 | /* @free:start */ |
| 234 | ?> |
| 235 | <h3><?php esc_html_e( 'Change the styling of the user 2FA wizards?', 'wp-2fa' ); ?></h3> |
| 236 | <p class="description"> |
| 237 | <?php esc_html_e( 'By default, the user 2FA wizards which the users see and use to set up 2FA have our own styling. Disable the below setting so the wizards use the styling of your website\'s theme.', 'wp-2fa' ); ?> |
| 238 | </p> |
| 239 | <table class="form-table"> |
| 240 | <tbody> |
| 241 | <tr> |
| 242 | <th><label for="enable_wizard_styling"><?php esc_html_e( 'Enable styling', 'wp-2fa' ); ?></label></th> |
| 243 | <td> |
| 244 | <fieldset> |
| 245 | <input type="checkbox" id="enable_wizard_styling" name="wp_2fa_white_label[enable_wizard_styling]" value="enable_wizard_styling" |
| 246 | <?php checked( 'enable_wizard_styling', WP2FA::get_wp2fa_white_label_setting( 'enable_wizard_styling' ), true ); ?> |
| 247 | > |
| 248 | <?php esc_html_e( 'Enable our CSS within user wizards', 'wp-2fa' ); ?> |
| 249 | </fieldset> |
| 250 | </td> |
| 251 | </tr> |
| 252 | </tbody> |
| 253 | </table> |
| 254 | <?php |
| 255 | /* @free:end */ |
| 256 | ?> |
| 257 | |
| 258 | <h3><?php esc_html_e( 'Change the default text used in the 2FA code page?', 'wp-2fa' ); ?></h3> |
| 259 | <p class="description"> |
| 260 | <?php esc_html_e( 'This is the text shown to the users on the page when they are asked to enter the 2FA code. To change the default text, simply type it in the below placeholder.', 'wp-2fa' ); ?> |
| 261 | </p> |
| 262 | |
| 263 | <table class="form-table"> |
| 264 | <tbody> |
| 265 | <tr> |
| 266 | <th><label for="2fa-method"><?php esc_html_e( '2FA code page text', 'wp-2fa' ); ?></label></th> |
| 267 | <td> |
| 268 | <fieldset> |
| 269 | <label for="default-text-code-page"> |
| 270 | <textarea cols="70" rows="10" name="wp_2fa_white_label[default-text-code-page]" id="default-text-code-page"><?php echo \esc_html( WP2FA::get_wp2fa_white_label_setting( 'default-text-code-page', true ) ); ?></textarea> |
| 271 | <div><span><strong><i><?php esc_html_e( 'Note:', 'wp-2fa' ); ?></i></strong> <?php esc_html_e( 'Only plain text is allowed.', 'wp-2fa' ); ?></span></div> |
| 272 | </label> |
| 273 | </fieldset> |
| 274 | </td> |
| 275 | </tr> |
| 276 | <tr> |
| 277 | <th><label for="backup-method"><?php esc_html_e( 'Backup code page text', 'wp-2fa' ); ?></label></th> |
| 278 | <td> |
| 279 | <fieldset> |
| 280 | <label for="default-backup-code-page"> |
| 281 | <textarea cols="70" rows="10" name="wp_2fa_white_label[default-backup-code-page]" id="default-backup-code-page"><?php echo \esc_html( WP2FA::get_wp2fa_white_label_setting( 'default-backup-code-page', true ) ); ?></textarea> |
| 282 | <div><span><strong><i><?php esc_html_e( 'Note:', 'wp-2fa' ); ?></i></strong> <?php esc_html_e( 'Only plain text is allowed.', 'wp-2fa' ); ?></span></div> |
| 283 | </label> |
| 284 | </fieldset> |
| 285 | </td> |
| 286 | </tr> |
| 287 | <?php |
| 288 | /** |
| 289 | * Gives the ability for the 3rd party extensions to add additional white label settings |
| 290 | */ |
| 291 | do_action( WP_2FA_PREFIX . 'white_labeling_settings_page_after_code_page' ); |
| 292 | ?> |
| 293 | </tbody> |
| 294 | </table> |
| 295 | <?php |
| 296 | /** |
| 297 | * Fires after the white label settings tab is rendered. |
| 298 | * |
| 299 | * @since 2.0.0 |
| 300 | */ |
| 301 | do_action( WP_2FA_PREFIX . 'white_labeling_settings_page_after_default_text' ); |
| 302 | } |
| 303 | } |
| 304 | } |
| 305 |