Changeset 2520787

Timestamp:

04/24/2021 01:24:17 PM (5 years ago)

Author:

simongomes02

Message:

new release 1.0.1 with more security to protect the parcel tracking form

Location:

parcel-tracker-ecourier

Files:

• tags/1.0.1 (added)
• tags/1.0.1/LICENSE (added)
• tags/1.0.1/assets (added)
• tags/1.0.1/assets/css (added)
• tags/1.0.1/assets/css/frontend.css (added)
• tags/1.0.1/assets/images (added)
• tags/1.0.1/assets/images/menu_icon.png (added)
• tags/1.0.1/assets/images/not-found.svg (added)
• tags/1.0.1/assets/js (added)
• tags/1.0.1/assets/js/frontend.js (added)
• tags/1.0.1/assets/js/lodash.js (added)
• tags/1.0.1/assets/js/moment.js (added)
• tags/1.0.1/composer.json (added)
• tags/1.0.1/includes (added)
• tags/1.0.1/includes/Admin (added)
• tags/1.0.1/includes/Admin.php (added)
• tags/1.0.1/includes/Admin/Menu.php (added)
• tags/1.0.1/includes/Admin/Settings.php (added)
• tags/1.0.1/includes/Admin/index.php (added)
• tags/1.0.1/includes/Admin/views (added)
• tags/1.0.1/includes/Admin/views/settings-view.php (added)
• tags/1.0.1/includes/Ajax.php (added)
• tags/1.0.1/includes/Appsero_Tracker.php (added)
• tags/1.0.1/includes/Assets.php (added)
• tags/1.0.1/includes/Frontend (added)
• tags/1.0.1/includes/Frontend.php (added)
• tags/1.0.1/includes/Frontend/Shortcode.php (added)
• tags/1.0.1/includes/Frontend/index.php (added)
• tags/1.0.1/includes/Frontend/views (added)
• tags/1.0.1/includes/Frontend/views/form-parcel-tracker.php (added)
• tags/1.0.1/includes/Installer.php (added)
• tags/1.0.1/includes/functions.php (added)
• tags/1.0.1/includes/index.php (added)
• tags/1.0.1/index.php (added)
• tags/1.0.1/parcel-tracker-ecourier.php (added)
• tags/1.0.1/readme.txt (added)
• tags/1.0.1/uninstall.php (added)
• tags/1.0.1/vendor (added)
• tags/1.0.1/vendor/appsero (added)
• tags/1.0.1/vendor/appsero/client (added)
• tags/1.0.1/vendor/appsero/client/.git (added)
• tags/1.0.1/vendor/appsero/client/.git/HEAD (added)
• tags/1.0.1/vendor/appsero/client/.git/ORIG_HEAD (added)
• tags/1.0.1/vendor/appsero/client/.git/config (added)
• tags/1.0.1/vendor/appsero/client/.git/description (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/applypatch-msg.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/commit-msg.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/fsmonitor-watchman.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/post-update.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/pre-applypatch.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/pre-commit.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/pre-push.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/pre-rebase.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/pre-receive.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/prepare-commit-msg.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/hooks/update.sample (added)
• tags/1.0.1/vendor/appsero/client/.git/index (added)
• tags/1.0.1/vendor/appsero/client/.git/info (added)
• tags/1.0.1/vendor/appsero/client/.git/info/exclude (added)
• tags/1.0.1/vendor/appsero/client/.git/info/refs (added)
• tags/1.0.1/vendor/appsero/client/.git/logs (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/HEAD (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/refs (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/refs/heads (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/refs/heads/develop (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/refs/remotes (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/refs/remotes/origin (added)
• tags/1.0.1/vendor/appsero/client/.git/logs/refs/remotes/origin/HEAD (added)
• tags/1.0.1/vendor/appsero/client/.git/objects (added)
• tags/1.0.1/vendor/appsero/client/.git/objects/info (added)
• tags/1.0.1/vendor/appsero/client/.git/objects/info/packs (added)
• tags/1.0.1/vendor/appsero/client/.git/objects/pack (added)
• tags/1.0.1/vendor/appsero/client/.git/objects/pack/pack-92e0a31e4261a8edc41a03c78339646696fa73c2.idx (added)
• tags/1.0.1/vendor/appsero/client/.git/objects/pack/pack-92e0a31e4261a8edc41a03c78339646696fa73c2.pack (added)
• tags/1.0.1/vendor/appsero/client/.git/packed-refs (added)
• tags/1.0.1/vendor/appsero/client/.git/refs (added)
• tags/1.0.1/vendor/appsero/client/.git/refs/heads (added)
• tags/1.0.1/vendor/appsero/client/.git/refs/heads/develop (added)
• tags/1.0.1/vendor/appsero/client/.git/refs/remotes (added)
• tags/1.0.1/vendor/appsero/client/.git/refs/remotes/origin (added)
• tags/1.0.1/vendor/appsero/client/.git/refs/remotes/origin/HEAD (added)
• tags/1.0.1/vendor/appsero/client/.git/refs/tags (added)
• tags/1.0.1/vendor/appsero/client/.gitignore (added)
• tags/1.0.1/vendor/appsero/client/composer.json (added)
• tags/1.0.1/vendor/appsero/client/readme.md (added)
• tags/1.0.1/vendor/appsero/client/src (added)
• tags/1.0.1/vendor/appsero/client/src/Client.php (added)
• tags/1.0.1/vendor/appsero/client/src/Insights.php (added)
• tags/1.0.1/vendor/appsero/client/src/License.php (added)
• tags/1.0.1/vendor/appsero/client/src/Updater.php (added)
• tags/1.0.1/vendor/autoload.php (added)
• tags/1.0.1/vendor/composer (added)
• tags/1.0.1/vendor/composer/ClassLoader.php (added)
• tags/1.0.1/vendor/composer/InstalledVersions.php (added)
• tags/1.0.1/vendor/composer/LICENSE (added)
• tags/1.0.1/vendor/composer/autoload_classmap.php (added)
• tags/1.0.1/vendor/composer/autoload_files.php (added)
• tags/1.0.1/vendor/composer/autoload_namespaces.php (added)
• tags/1.0.1/vendor/composer/autoload_psr4.php (added)
• tags/1.0.1/vendor/composer/autoload_real.php (added)
• tags/1.0.1/vendor/composer/autoload_static.php (added)
• tags/1.0.1/vendor/composer/installed.json (added)
• tags/1.0.1/vendor/composer/installed.php (added)
• tags/1.0.1/vendor/composer/platform_check.php (added)
• trunk/assets/css/frontend.css (modified) (3 diffs)
• trunk/assets/js/frontend.js (modified) (1 diff)
• trunk/includes/Ajax.php (modified) (1 diff)
• trunk/includes/Assets.php (modified) (1 diff)
• trunk/includes/Frontend/views/form-parcel-tracker.php (modified) (1 diff)
• trunk/parcel-tracker-ecourier.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)

parcel-tracker-ecourier/trunk/assets/css/frontend.css

@@ -55 +55 @@
 #ept-wrap .ept-tracker-input-container form {
     position: relative;
+    margin: 0;
 }
 
@@ -135 +136 @@
 #ept-wrap #track-not-found img {
     max-width: 200px;
-    margin-bottom: 30px;
+    margin: 0 auto 30px;
 }
 
@@ -315 +316 @@
 
 #ept-wrap #package-information .track-shipment-info h3 {
-   font-size: 18px;
+    font-size: 18px;
     color: #1B1E1A;
     margin-bottom: 30px;

parcel-tracker-ecourier/trunk/assets/js/frontend.js

@@ -45 +45 @@
 
         let data = $(this).serialize();
+        data += `&nonce=${EPT._etp_nonce}&action=ept_tracking_form`;
         $.post(EPT.ajaxurl, data, function (response) {
             if (response.success) {

parcel-tracker-ecourier/trunk/includes/Ajax.php

@@ -29 +29 @@
     public function handle_form_submission() {
 
-        if ( isset( $_POST['ept-search-form'] ) && ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['ept-search-form'] ) ), 'ept_tracking_form' ) ) {
-            wp_send_json_error(
-                array(
-                    'message' => __( 'You are not allowed to do this', 'ecourier-tracking-code' ),
-                )
-            );
-            exit;
-        }
+        // Block if valid nonce field is not available and valid.
+        check_ajax_referer( 'ept-parcel-tracker-nonce', 'nonce' );
 
         $settings = ept_get_settings();

parcel-tracker-ecourier/trunk/includes/Assets.php

@@ -84 +84 @@
             'EPT',
             array(
-                'ajaxurl' => admin_url( 'admin-ajax.php' ),
-                'error'   => __( 'Something went wrong!', 'ecourier-parcel-tracker' ),
+                'ajaxurl'    => admin_url( 'admin-ajax.php' ),
+                '_etp_nonce' => wp_create_nonce( 'ept-parcel-tracker-nonce' ),
+                'error'      => __( 'Something went wrong!', 'ecourier-parcel-tracker' ),
             )
         );

parcel-tracker-ecourier/trunk/includes/Frontend/views/form-parcel-tracker.php

@@ -15 +15 @@
             <input type="text" name="tracking_code" placeholder="<?php esc_attr_e( 'Type your tracking number', 'ecourier-parcel-tracker' ); ?>" class="tracking-code form-control">
 
-            <?php wp_nonce_field( 'ept-search-form' ); ?>
-            <input type="hidden" name="action" value="ept_tracking_form">
+<!--            <input type="hidden" name="action" value="ept_tracking_form">-->
 
             <button type="submit" class="common-btn">

parcel-tracker-ecourier/trunk/parcel-tracker-ecourier.php

@@ -8 +8 @@
  * Text Domain: ecourier-parcel-tracker
  * Domain Path: /languages
- * Version: 1.0.0
+ * Version: 1.0.1
  * License: GPL2 or later
  * License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -67 +67 @@
      * @var string
      */
-    const VERSION = '1.0.0';
+    const VERSION = '1.0.1';
 
     /*

parcel-tracker-ecourier/trunk/readme.txt

@@ -6 +6 @@
 Tested up to: 5.7
 Requires PHP: 5.6
-Stable tag: 1.0.0
+Stable tag: 1.0.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -60 +60 @@
 * 1.0.0 is the latest release of Parcel Tracker eCourier plugin.
 
+= 1.0.1 =
+* Security measures added for Ajax form submission, this will block unauthorized form submissions for Parcel Tracking Form.
+
 == Privacy Policy ==