-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Themes_Screens
: Add nonce verification and sanitize $_REQUEST/$_GET
values.
#115
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Colin Stewart <[email protected]>
costdev
changed the title
Add nonce verification and sanitize
Nov 4, 2024
$_REQUEST/$_GET
values.Themes_Screens
: Add nonce verification and sanitize $_REQUEST/$_GET
values.
namithj
approved these changes
Nov 4, 2024
asirota
approved these changes
Nov 4, 2024
asirota
added a commit
that referenced
this pull request
Nov 5, 2024
* Prevent Recursion on certain Host name patterns (#69) --------- Signed-off-by: Namith Jawahar <[email protected]> * Playground ready updating into main (#71) * Update blueprint.json Switching to default theme of 2022 to support minimum WP Playground support for WordPress version as 5.9.9 Signed-off-by: Namith Jawahar <[email protected]> * Switching blueprint.json to 2022 theme Signed-off-by: Alex Sirota <[email protected]> --------- Signed-off-by: Alex Sirota <[email protected]> Signed-off-by: Namith Jawahar <[email protected]> * `Add New Plugin`: Remove 'Featured' and 'Favorites' tabs when API rewrite is enabled. (#80) * Add class for overriding plugins screens. * Remove unused tabs when API rewrite is enabled. * `Add New Theme`: Remove 'Favorites' filter tab when API rewrite is enabled. (#82) * Add class for overriding themes screens. * Hide unsupported filters. * Redirect unsupported filters to `theme-install.php`. --------- Signed-off-by: Alex Sirota <[email protected]> Co-authored-by: Alex Sirota <[email protected]> * Add PHPUnit. (#87) * Add PHPUnit scaffolding. * Add Composer files for dependencies and test script. * Add `.gitignore`. * Add sample test for `Admin_Settings::get_setting()`. * Add PHP 8.3 to the test matrix. * Add `.cache/*` to `.gitignore`. * Limit testing to PHP 7.4 (minimum) and 8.3 (latest). * `Plugins Screens`: Initialize in `Controller::__construct()`. (#89) * `Workflows`: Fix PHP version and add more workflow triggers. (#92) * Fix PHP version. * Add `push` and `workflow_dispatch` workflow triggers. * `Tests`: Ensure options are not set when tests run. (#95) * Introduce a test constant. * Don't initialize when the tests are running. * Use a new object for testing `Admin_Settings::get_setting()`. * Warning when debug-aspire-update.log doesnt exist (#109) * `Tests`: Add default coverage settings. (#97) * Improve I18N Issues Based on version 0.5 (#104) * Fixes Settings not getting saved when rewrites were turned off (#108) * Add French Translation (#105) * I18n fr fr (#113) * Translations loading fix112 (#114) * Add French translations. * load any available translations with code in the plugin * #110 (#116) Fixes #110 * Add nonce verification and sanitize `$_REQUEST/$_GET` values. (#115) Signed-off-by: Colin Stewart <[email protected]> * Added German Translation (#111) * added German translation * added gitignore for .DS_Store Signed-off-by: Harikrishnan R <[email protected]> * Voltron has landed. (#117) The Voltron has landed. See if you can find where. * `Admin Settings`: Delete all settings when the plugin is uninstalled. (#118) * `Admin Settings`: Add multisite-safe deletion of all settings. * Delete all settings when the plugin is uninstalled. * add multisite support (#102) * accidentally deleted (#124) Fixed typo in code deleted when addressing #102 * Add `.editorconfig`. (#123) * create zip with each new tagged release (#121) * create zip with each new tagged release * update .gitattributes --------- Signed-off-by: Namith Jawahar <[email protected]> Signed-off-by: Alex Sirota <[email protected]> Signed-off-by: Colin Stewart <[email protected]> Signed-off-by: Harikrishnan R <[email protected]> Co-authored-by: Namith Jawahar <[email protected]> Co-authored-by: Colin Stewart <[email protected]> Co-authored-by: Alex Lion <[email protected]> Co-authored-by: Sébastien SERRE <[email protected]> Co-authored-by: Harikrishnan R <[email protected]> Co-authored-by: Andy Fragen <[email protected]>
asirota
added a commit
that referenced
this pull request
Nov 5, 2024
* Prevent Recursion on certain Host name patterns (#69) --------- Signed-off-by: Namith Jawahar <[email protected]> * Playground ready updating into main (#71) * Update blueprint.json Switching to default theme of 2022 to support minimum WP Playground support for WordPress version as 5.9.9 Signed-off-by: Namith Jawahar <[email protected]> * Switching blueprint.json to 2022 theme Signed-off-by: Alex Sirota <[email protected]> --------- Signed-off-by: Alex Sirota <[email protected]> Signed-off-by: Namith Jawahar <[email protected]> * `Add New Plugin`: Remove 'Featured' and 'Favorites' tabs when API rewrite is enabled. (#80) * Add class for overriding plugins screens. * Remove unused tabs when API rewrite is enabled. * `Add New Theme`: Remove 'Favorites' filter tab when API rewrite is enabled. (#82) * Add class for overriding themes screens. * Hide unsupported filters. * Redirect unsupported filters to `theme-install.php`. --------- Signed-off-by: Alex Sirota <[email protected]> Co-authored-by: Alex Sirota <[email protected]> * Add PHPUnit. (#87) * Add PHPUnit scaffolding. * Add Composer files for dependencies and test script. * Add `.gitignore`. * Add sample test for `Admin_Settings::get_setting()`. * Add PHP 8.3 to the test matrix. * Add `.cache/*` to `.gitignore`. * Limit testing to PHP 7.4 (minimum) and 8.3 (latest). * `Plugins Screens`: Initialize in `Controller::__construct()`. (#89) * `Workflows`: Fix PHP version and add more workflow triggers. (#92) * Fix PHP version. * Add `push` and `workflow_dispatch` workflow triggers. * `Tests`: Ensure options are not set when tests run. (#95) * Introduce a test constant. * Don't initialize when the tests are running. * Use a new object for testing `Admin_Settings::get_setting()`. * Warning when debug-aspire-update.log doesnt exist (#109) * `Tests`: Add default coverage settings. (#97) * Improve I18N Issues Based on version 0.5 (#104) * Fixes Settings not getting saved when rewrites were turned off (#108) * Add French Translation (#105) * I18n fr fr (#113) * Translations loading fix112 (#114) * Add French translations. * load any available translations with code in the plugin * #110 (#116) Fixes #110 * Add nonce verification and sanitize `$_REQUEST/$_GET` values. (#115) Signed-off-by: Colin Stewart <[email protected]> * Added German Translation (#111) * added German translation * added gitignore for .DS_Store Signed-off-by: Harikrishnan R <[email protected]> * Voltron has landed. (#117) The Voltron has landed. See if you can find where. * `Admin Settings`: Delete all settings when the plugin is uninstalled. (#118) * `Admin Settings`: Add multisite-safe deletion of all settings. * Delete all settings when the plugin is uninstalled. * add multisite support (#102) * accidentally deleted (#124) Fixed typo in code deleted when addressing #102 * Add `.editorconfig`. (#123) * create zip with each new tagged release (#121) * create zip with each new tagged release * update .gitattributes * Cleanup after `.editorconfig` was added to the repository. (#126) * Add coding standard. (#127) * Add Coding Standard. * Add PHPCS cache directory. * Coding Standards: Apply PHPCBF to codebase. * Coding Standards: Add GitHub workflow. --------- Signed-off-by: Alex Sirota <[email protected]> Co-authored-by: Alex Sirota <[email protected]> --------- Signed-off-by: Namith Jawahar <[email protected]> Signed-off-by: Alex Sirota <[email protected]> Signed-off-by: Colin Stewart <[email protected]> Signed-off-by: Harikrishnan R <[email protected]> Co-authored-by: Namith Jawahar <[email protected]> Co-authored-by: Colin Stewart <[email protected]> Co-authored-by: Alex Lion <[email protected]> Co-authored-by: Sébastien SERRE <[email protected]> Co-authored-by: Harikrishnan R <[email protected]> Co-authored-by: Andy Fragen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request
What changed?
\AspireUpdate\Themes_Screens::redirect_to_theme_install()
.$_REQUEST/$_GET
values are sanitized.Why did it change?
Plugin Check raised flags for missing nonce verification and input sanitization.
Note that this may be a known issue with Plugin Check and/or WordPress Coding Standards. Nevertheless, this Pull Request adds nonce verification and input sanitization for safety.
Did you fix any specific issues?
Fixes #107
CERTIFICATION
By opening this pull request, I do agree to abide by
the CODE OF CONDUCT and be bound by the terms
of the Contribution Guidelines in effect on the date and time
of my contribution as proven by the
revision information in GitHub. I also agree that any previous contributions shall be deemed subject to the terms of the
version in effect on the date and time of this pull request, or any future revisions for pull requests I may submit.
Further, I certify that this work is my own, is original, does not violate the intellectual property of any other person
or entity, and I am not violating any license agreements or contracts I have with any person or entity. Finally, I agree
that this code may be licensed under any license deemed appropraite by AspirePress, including but not
limited to open source, closed source, proprietary or custom licenses, and that such license terms neither violate my
rights or my copyright to this code.