Merge pull request #119 from techies23/develop

Open redirection fix

README.txt

@@ -159,8 +159,9 @@ Yes, you should be registered in Zoom. Also, depending on the zoom account plan
 
 == Changelog ==
 
-= 4.4.5 March 5th, 2024 =
+= 4.4.5 March 11th, 2024 =
 * Security Update: Escaping for https://zoomdocs.codemanas.com/shortcode/#10-show-recordings-based-on-meeting-id (Cross-Site Scripting via Shortcode)
+* Security Fix: Open Redirection when joining meeting with Join via Browser.
 
 = 4.4.4 February 6th, 2024 =
 * Re-Added back download button for recordings shortcode.

includes/Helpers/Templates.php

@@ -10,5 +10,73 @@
  */
 class Templates {
 
+	/**
+	 * Fetch Template
+	 *
+	 * @param $template_name
+	 * @param  bool  $load
+	 * @param  bool  $require_once
+	 * @param  array  $args
+	 *
+	 * @return false|mixed|null
+	 */
+	public static function getTemplate( $template_name, bool $load = false, bool $require_once = true, array $args = [] ) {
+		if ( empty( $template_name ) ) {
+			return false;
+		}
 
+		$located = false;
+		if ( file_exists( get_stylesheet_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name ) ) {
+			$located = get_stylesheet_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name;
+		} elseif ( file_exists( get_template_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name ) ) {
+			$located = get_template_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name;
+		} elseif ( file_exists( ZVC_PLUGIN_DIR_PATH . 'templates/' . $template_name ) ) {
+			$located = ZVC_PLUGIN_DIR_PATH . 'templates/' . $template_name;
+		}
+
+		// Allow 3rd party plugin filter template file from their plugin.
+		$located = apply_filters( 'vczapi_get_template', $located, $template_name );
+		if ( $load && ! empty( $located ) && file_exists( $located ) ) {
+			load_template( $located, $require_once, $args );
+		}
+
+		return $located;
+	}
+
+	/**
+	 * Get certain part of the template
+	 *
+	 * @param $slug
+	 * @param  string  $name
+	 *
+	 * @return void
+	 */
+	public static function getTemplatePart( $slug, string $name = '' ) {
+		$template = false;
+		if ( $name ) {
+			$template = locate_template( array(
+				"{$slug}-{$name}.php",
+				ZVC_PLUGIN_SLUG . '/' . "{$slug}-{$name}.php",
+			) );
+
+			if ( ! $template ) {
+				$fallback = ZVC_PLUGIN_DIR_PATH . "templates/{$slug}-{$name}.php";
+				$template = file_exists( $fallback ) ? $fallback : '';
+			}
+		}
+
+		if ( ! $template ) {
+			$template = locate_template( array(
+				"{$slug}-{$name}.php",
+				ZVC_PLUGIN_SLUG . '/' . "{$slug}-{$name}.php",
+			) );
+		}
+
+		// Allow 3rd party plugins to filter template file from their plugin.
+		$template = apply_filters( 'vcz_get_template_part', $template, $slug, $name );
+
+		if ( $template ) {
+			load_template( $template, false );
+		}
+	}
 }

includes/template-functions.php

@@ -538,7 +538,8 @@ function video_conference_zoom_after_jbh_html() {
 	ob_start( 'vczapi_removeWhitespace' );
 
 	global $post;
-	if ( ! empty( $_GET['redirect'] ) ) {
+    //If you need to add other redirect hosts use 'apply_filters( ‘allowed_redirect_hosts’, string[] $hosts, string $host )' filter
+	if ( ! empty( $_GET['redirect'] ) && wp_validate_redirect( $_GET['redirect'] ) ) {
 		$post_link = esc_url( $_GET['redirect'] );
 	} elseif ( ! empty( $post ) && ! empty( $post->ID ) ) {
 		$post_link = get_permalink( $post->ID );
@@ -551,7 +552,8 @@ function video_conference_zoom_after_jbh_html() {
 	$enable_direct_via_browser = \Codemanas\VczApi\Data\Metastore::enabledDirectJoinViaBrowser();
 	$meeting_id                = base64_encode( \Codemanas\VczApi\Helpers\Encryption::decrypt( $_GET['join'] ) );
 	$meeting_pwd               = ! empty( $_GET['pak'] ) ? base64_encode( \Codemanas\VczApi\Helpers\Encryption::decrypt( $_GET['pak'] ) ) : '';
-	$localize                  = array(
+
+	$localize = array(
 		'ajaxurl'                        => admin_url( 'admin-ajax.php' ),
 		'zvc_security'                   => wp_create_nonce( "_nonce_zvc_security" ),
 		'redirect_page'                  => apply_filters( 'vczapi_api_redirect_join_browser', esc_url( $post_link ) ),