From 52350e929668e3f9b174b88e664e59a8f9e78636 Mon Sep 17 00:00:00 2001
From: Deepen Bajracharya <dpen.connectify@gmail.com>
Date: Mon, 11 Mar 2024 12:01:34 +0545
Subject: [PATCH] Open redirection fix

---
 README.txt                      |  3 +-
 includes/Helpers/Templates.php  | 68 +++++++++++++++++++++++++++++++++
 includes/template-functions.php |  6 ++-
 3 files changed, 74 insertions(+), 3 deletions(-)

diff --git a/README.txt b/README.txt
index f4b71ad5..560488ab 100755
--- a/README.txt
+++ b/README.txt
@@ -159,8 +159,9 @@ Yes, you should be registered in Zoom. Also, depending on the zoom account plan
 
 == Changelog ==
 
-= 4.4.5 March 5th, 2024 =
+= 4.4.5 March 11th, 2024 =
 * Security Update: Escaping for https://zoomdocs.codemanas.com/shortcode/#10-show-recordings-based-on-meeting-id (Cross-Site Scripting via Shortcode)
+* Security Fix: Open Redirection when joining meeting with Join via Browser.
 
 = 4.4.4 February 6th, 2024 =
 * Re-Added back download button for recordings shortcode.
diff --git a/includes/Helpers/Templates.php b/includes/Helpers/Templates.php
index 111c5e37..32e45736 100644
--- a/includes/Helpers/Templates.php
+++ b/includes/Helpers/Templates.php
@@ -10,5 +10,73 @@
  */
 class Templates {
 
+	/**
+	 * Fetch Template
+	 *
+	 * @param $template_name
+	 * @param  bool  $load
+	 * @param  bool  $require_once
+	 * @param  array  $args
+	 *
+	 * @return false|mixed|null
+	 */
+	public static function getTemplate( $template_name, bool $load = false, bool $require_once = true, array $args = [] ) {
+		if ( empty( $template_name ) ) {
+			return false;
+		}
 
+		$located = false;
+		if ( file_exists( get_stylesheet_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name ) ) {
+			$located = get_stylesheet_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name;
+		} elseif ( file_exists( get_template_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name ) ) {
+			$located = get_template_directory() . '/' . ZVC_PLUGIN_SLUG . '/' . $template_name;
+		} elseif ( file_exists( ZVC_PLUGIN_DIR_PATH . 'templates/' . $template_name ) ) {
+			$located = ZVC_PLUGIN_DIR_PATH . 'templates/' . $template_name;
+		}
+
+		// Allow 3rd party plugin filter template file from their plugin.
+		$located = apply_filters( 'vczapi_get_template', $located, $template_name );
+		if ( $load && ! empty( $located ) && file_exists( $located ) ) {
+			load_template( $located, $require_once, $args );
+		}
+
+		return $located;
+	}
+
+	/**
+	 * Get certain part of the template
+	 *
+	 * @param $slug
+	 * @param  string  $name
+	 *
+	 * @return void
+	 */
+	public static function getTemplatePart( $slug, string $name = '' ) {
+		$template = false;
+		if ( $name ) {
+			$template = locate_template( array(
+				"{$slug}-{$name}.php",
+				ZVC_PLUGIN_SLUG . '/' . "{$slug}-{$name}.php",
+			) );
+
+			if ( ! $template ) {
+				$fallback = ZVC_PLUGIN_DIR_PATH . "templates/{$slug}-{$name}.php";
+				$template = file_exists( $fallback ) ? $fallback : '';
+			}
+		}
+
+		if ( ! $template ) {
+			$template = locate_template( array(
+				"{$slug}-{$name}.php",
+				ZVC_PLUGIN_SLUG . '/' . "{$slug}-{$name}.php",
+			) );
+		}
+
+		// Allow 3rd party plugins to filter template file from their plugin.
+		$template = apply_filters( 'vcz_get_template_part', $template, $slug, $name );
+
+		if ( $template ) {
+			load_template( $template, false );
+		}
+	}
 }
\ No newline at end of file
diff --git a/includes/template-functions.php b/includes/template-functions.php
index b0ae2bad..5461e79f 100644
--- a/includes/template-functions.php
+++ b/includes/template-functions.php
@@ -538,7 +538,8 @@ function video_conference_zoom_after_jbh_html() {
 	ob_start( 'vczapi_removeWhitespace' );
 
 	global $post;
-	if ( ! empty( $_GET['redirect'] ) ) {
+    //If you need to add other redirect hosts use 'apply_filters( ‘allowed_redirect_hosts’, string[] $hosts, string $host )' filter
+	if ( ! empty( $_GET['redirect'] ) && wp_validate_redirect( $_GET['redirect'] ) ) {
 		$post_link = esc_url( $_GET['redirect'] );
 	} elseif ( ! empty( $post ) && ! empty( $post->ID ) ) {
 		$post_link = get_permalink( $post->ID );
@@ -551,7 +552,8 @@ function video_conference_zoom_after_jbh_html() {
 	$enable_direct_via_browser = \Codemanas\VczApi\Data\Metastore::enabledDirectJoinViaBrowser();
 	$meeting_id                = base64_encode( \Codemanas\VczApi\Helpers\Encryption::decrypt( $_GET['join'] ) );
 	$meeting_pwd               = ! empty( $_GET['pak'] ) ? base64_encode( \Codemanas\VczApi\Helpers\Encryption::decrypt( $_GET['pak'] ) ) : '';
-	$localize                  = array(
+
+	$localize = array(
 		'ajaxurl'                        => admin_url( 'admin-ajax.php' ),
 		'zvc_security'                   => wp_create_nonce( "_nonce_zvc_security" ),
 		'redirect_page'                  => apply_filters( 'vczapi_api_redirect_join_browser', esc_url( $post_link ) ),