Skip to content

Commit

Permalink
Add nonces to several lws-settings (#26)
Browse files Browse the repository at this point in the history 
* Add extra nonces to fix security report. Resolves #23, resolves #25

* Fix preivous commit (nonces parameters were reversed)

* Additional fix (nonces parameters were reversed)

* Additional fix (nonces parameters were reversed)

* Additional fix (nonces parameters were reversed)

* Additional fix

* Delete switch_metric function in function switch_simplified
  • Loading branch information
@jaz-on
jaz-on authored Aug 1, 2023
1 parent bc539ef commit ab8a02b
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 29 deletions.
Binary file modified .DS_Store
View file
Binary file not shown.
69 changes: 46 additions & 23 deletions admin/SystemPluginAdmin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2050,10 +2050,13 @@ protected function lws_view_admin_page($name, array $args = array()) {
* @since 3.0.0
*/
private function switch_simplified() {
update_option('live_weather_station_advanced_mode', 0);
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now runs in simplified mode.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now runs in simplified mode.');
$this->switch_metric();
if( isset($_GET['lwssettingsswitchsimplifiednonce']) && wp_verify_nonce( $_GET['lwssettingsswitchsimplifiednonce'], 'lwssettingsswitchsimplifiednonce') ) {
update_option('live_weather_station_advanced_mode', 0);
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now runs in simplified mode.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now runs in simplified mode.');
} else {
wp_die('NOPE');
}
}

/**
Expand All @@ -2062,9 +2065,13 @@ private function switch_simplified() {
* @since 3.0.0
*/
private function switch_extended() {
update_option('live_weather_station_advanced_mode', 1);
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now runs in extended mode.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now runs in extended mode.');
if( isset($_GET['lwssettingsswitchextendednonce']) && wp_verify_nonce( $_GET['lwssettingsswitchextendednonce'], 'lwssettingsswitchextendednonce') ) {
update_option('live_weather_station_advanced_mode', 1);
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now runs in extended mode.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now runs in extended mode.');
} else {
wp_die('NOPE');
}
}

/**
Expand All @@ -2073,9 +2080,13 @@ private function switch_extended() {
* @since 3.0.0
*/
private function switch_metric() {
self::switch_to_metric();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now displays its data in the metric system.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now displays its data in the metric system.');
if( isset($_GET['lwssettingsswitchmetricnonce']) && wp_verify_nonce( $_GET['lwssettingsswitchmetricnonce'], 'lwssettingsswitchmetricnonce') ) {
self::switch_to_metric();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now displays its data in the metric system.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now displays its data in the metric system.');
} else {
wp_die('NOPE');
}
}

/**
Expand All @@ -2084,9 +2095,13 @@ private function switch_metric() {
* @since 3.0.0
*/
private function switch_imperial() {
self::switch_to_imperial();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now displays its data in the imperial system.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now displays its data in the imperial system.');
if( isset($_GET['lwssettingsswitchimperialnonce']) && wp_verify_nonce( $_GET['lwssettingsswitchimperialnonce'], 'lwssettingsswitchimperialnonce' ) ) {
self::switch_to_imperial();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now displays its data in the imperial system.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now displays its data in the imperial system.');
} else {
wp_die('NOPE');
}
}

/**
Expand All @@ -2095,11 +2110,15 @@ private function switch_imperial() {
* @since 3.0.0
*/
private function switch_full_translation() {
update_option('live_weather_station_partial_translation', 0);
$i18n = new Intl();
$i18n->delete_mo_files();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s no longer uses partial translations.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station no longer uses partial translations.');
if( isset($_GET['lwssettingsswitchfulltranslationnonce']) && wp_verify_nonce( $_GET['lwssettingsswitchfulltranslationnonce'], 'lwssettingsswitchfulltranslationnonce' ) ) {
update_option('live_weather_station_partial_translation', 0);
$i18n = new Intl();
$i18n->delete_mo_files();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s no longer uses partial translations.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station no longer uses partial translations.');
} else {
wp_die('NOPE');
}
}

/**
Expand All @@ -2108,11 +2127,15 @@ private function switch_full_translation() {
* @since 3.0.0
*/
private function switch_partial_translation() {
update_option('live_weather_station_partial_translation', 1);
$i18n = new Intl();
$i18n->cron_run();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now uses a partial translation.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now uses a partial translation.');
if( isset($_GET['lwssettingsswitchpartialtranslationnonce']) && wp_verify_nonce( $_GET['lwssettingsswitchpartialtranslationnonce'], 'lwssettingsswitchpartialtranslationnonce' ) ) {
update_option('live_weather_station_partial_translation', 1);
$i18n = new Intl();
$i18n->cron_run();
add_settings_error('lws_nonce_success', 200, sprintf(__('%s now uses a partial translation.', 'live-weather-station'), LWS_PLUGIN_NAME), 'updated');
Logger::info($this->service, null, null, null, null, null, 0, 'Weather Station now uses a partial translation.');
} else {
wp_die('NOPE');
}
}

/**
Expand Down
12 changes: 6 additions & 6 deletions admin/partials/SettingsGeneral.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,19 @@
<?php echo sprintf(__('%s runs currently in extended mode. If you want to make your life easier, switch to simplified mode.', 'live-weather-station'), LWS_PLUGIN_NAME);?><br/>
<em><?php echo __('Note: if you choose the simplified mode, all settings (like display options, units, etc.) will be automatically set for you.', 'live-weather-station');?></em>
</p>
<p><a class="button button-primary" href="<?php echo esc_url(lws_get_admin_page_url('lws-settings', 'switch-simplified')); ?>"><?php echo __('Switch to Simplified Mode', 'live-weather-station');?></a></p>
<p><a class="button button-primary" href="<?php echo esc_url(wp_nonce_url( lws_get_admin_page_url('lws-settings', 'switch-simplified'), 'lwssettingsswitchsimplifiednonce', 'lwssettingsswitchsimplifiednonce')); ?>"><?php echo __('Switch to Simplified Mode', 'live-weather-station');?></a></p>
<?php } else { ?>
<p>&nbsp;</p>
<p><?php echo sprintf(__('%s runs currently in simplified mode. If you want to access all the available settings, you must switch to extended mode.', 'live-weather-station'), LWS_PLUGIN_NAME);?></p>
<p><a class="button button-primary" href="<?php echo esc_url(lws_get_admin_page_url('lws-settings', 'switch-extended')); ?>"><?php echo __('Switch to Extended Mode', 'live-weather-station');?></a></p>
<p><a class="button button-primary" href="<?php echo esc_url(wp_nonce_url( lws_get_admin_page_url('lws-settings', 'switch-extended'), 'lwssettingsswitchextendednonce', 'lwssettingsswitchextendednonce')); ?>"><?php echo __('Switch to Extended Mode', 'live-weather-station');?></a></p>
<?php if ((0 == get_option('live_weather_station_unit_temperature'))) { ?>
<p>&nbsp;</p>
<p><?php echo sprintf(__('The data displayed by %s are in <em>metric units</em>. If that does not suit your needs, you can choose imperial units.', 'live-weather-station'), LWS_PLUGIN_NAME);?></p>
<p><a class="button button-primary" href="<?php echo esc_url(lws_get_admin_page_url('lws-settings', 'switch-imperial')); ?>"><?php echo __('Display Data in Imperial Units', 'live-weather-station');?></a></p>
<p><a class="button button-primary" href="<?php echo esc_url(wp_nonce_url( lws_get_admin_page_url('lws-settings', 'switch-imperial'), 'lwssettingsswitchimperialnonce', 'lwssettingsswitchimperialnonce')); ?>"><?php echo __('Display Data in Imperial Units', 'live-weather-station');?></a></p>
<?php } else { ?>
<p>&nbsp;</p>
<p><?php echo sprintf(__('The data displayed by %s are in <em>imperial units</em>. If that does not suit your needs, you can choose metric units.', 'live-weather-station'), LWS_PLUGIN_NAME);?></p>
<p><a class="button button-primary" href="<?php echo esc_url(lws_get_admin_page_url('lws-settings', 'switch-metric')); ?>"><?php echo __('Display Data in Metric Units', 'live-weather-station');?></a></p>
<p><a class="button button-primary" href="<?php echo esc_url(wp_nonce_url( lws_get_admin_page_url('lws-settings', 'switch-metric'), 'lwssettingsswitchmetricnonce', 'lwssettingsswitchmetricnonce')); ?>"><?php echo __('Display Data in Metric Units', 'live-weather-station');?></a></p>
<?php } ?>
<?php } ?>

Expand All @@ -42,13 +42,13 @@
<p>
<?php echo sprintf(__('Currently, %s uses a partial translation of your language. If you do not like half finished things, click the button below:', 'live-weather-station'), LWS_PLUGIN_NAME);?>
</p>
<p><a id="partial-translation" class="button button-primary" href="<?php echo esc_url(lws_get_admin_page_url('lws-settings', 'switch-full-translation')); ?>"><?php echo __('Use Only Full Translation', 'live-weather-station');?></a>
<p><a id="partial-translation" class="button button-primary" href="<?php echo esc_url(wp_nonce_url( lws_get_admin_page_url('lws-settings', 'switch-full-translation'), 'lwssettingsswitchfulltranslationnonce', 'lwssettingsswitchfulltranslationnonce')); ?>"><?php echo __('Use Only Full Translation', 'live-weather-station');?></a>
<span id="span-sync" style="display: none;"><i class="<?php echo LWS_FAS;?> fa-cog fa-spin fa-lg fa-fw"></i>&nbsp;<strong><?php echo __('Deactivating partial translation, please wait', 'live-weather-station');?>&hellip;</strong></span></p>
<?php } else { ?>
<p>
<?php echo sprintf(__('Currently, %s is not displayed in your language. But, there is a partial translation that can be used!', 'live-weather-station'), LWS_PLUGIN_NAME);?>
</p>
<p><a id="partial-translation" class="button button-primary" href="<?php echo esc_url(lws_get_admin_page_url('lws-settings', 'switch-partial-translation')); ?>"><?php echo __('Use Partial Translation', 'live-weather-station');?></a>
<p><a id="partial-translation" class="button button-primary" href="<?php echo esc_url(wp_nonce_url( lws_get_admin_page_url('lws-settings', 'switch-partial-translation'), 'lwssettingsswitchpartialtranslationnonce', 'lwssettingsswitchpartialtranslationnonce')); ?>"><?php echo __('Use Partial Translation', 'live-weather-station');?></a>
<span id="span-sync" style="display: none;"><i class="<?php echo LWS_FAS;?> fa-cog fa-spin fa-lg fa-fw"></i>&nbsp;<strong><?php echo __('Activating partial translation, please wait', 'live-weather-station');?>&hellip;</strong></span></p>
<?php } ?>
<?php } ?>
Expand Down

0 comments on commit ab8a02b

Please sign in to comment.