Changeset 2863095

Timestamp:

02/10/2023 09:28:48 AM (3 years ago)

Author:

kalpeshh

Message:

Added Nonce in missing flow and readme updates.

Location:

miniorange-login-openid/trunk

Files:

• class-mo-openid-login-widget.php (modified) (2 diffs)
• miniorange_openid_sso_settings.php (modified) (1 diff)
• miniorange_openid_sso_settings_page.php (modified) (1 diff)
• mo-openid-social-login-functions.php (modified) (1 diff)
• readme.txt (modified) (7 diffs)
• view/config_apps/mo_openid_config_apps.php (modified) (2 diffs)
• view/rate_us/rate_us.php (modified) (1 diff)

miniorange-login-openid/trunk/class-mo-openid-login-widget.php

@@ -13 +13 @@
 
 add_action( 'manage_users_custom_column', 'mo_openid_delete_profile_column', 9, 3 );
-add_filter( 'manage_users_columns', 'mo_openid_add_custom_column1' );
-add_action( 'admin_head', 'mo_openid_delete_social_profile_script' );
 add_filter( 'login_message', 'mo_openid_account_linking' );
 add_action(
@@ -1427 +1425 @@
             exit;
         }
-    } elseif ( ( isset( $_POST['action'] ) ) && ( strpos( sanitize_text_field( $_POST['action'] ), 'delete_social_profile_data' ) !== false ) && isset( $_POST['user_id'] ) ) {
-        // delete first name, last name, user_url and profile_url from usermeta
-        $id = sanitize_text_field( $_POST['user_id'] );
-        mo_openid_delete_social_profile( $id );
     } elseif ( isset( $_REQUEST['option'] ) and strpos( sanitize_text_field( $_REQUEST['option'] ), 'oauthredirect' ) !== false ) {
         if ( isset( $_REQUEST['wp_nonce'] ) ) {

miniorange-login-openid/trunk/miniorange_openid_sso_settings.php

@@ -5 +5 @@
  * Plugin URI: https://www.miniorange.com
  * Description: Allow your users to login, comment and share with Facebook, Google, Apple, Twitter, LinkedIn etc using customizable buttons.
- * Version: 7.6.0
+ * Version: 7.6.1
  * Author: <a href="https://www.miniorange.com/">miniOrange</a>
  * License URI: http://miniorange.com/usecases/miniOrange_User_Agreement.pdf
  */
 
-define('MO_OPENID_SOCIAL_LOGIN_VERSION', '7.6.0');
+define('MO_OPENID_SOCIAL_LOGIN_VERSION', '7.6.1');
 define('PLUGIN_URL', esc_url(plugin_dir_url(__FILE__)) . "includes/images/icons/");
 define('MOSL_PLUGIN_DIR',str_replace('/','\\',plugin_dir_path(__FILE__)));

miniorange-login-openid/trunk/miniorange_openid_sso_settings_page.php

@@ -597 +597 @@
 
         function end_new_tour2(){
-
+            var mo_openid_tour_nonce = '<?php echo esc_attr( wp_create_nonce( 'mo-openid-tour-nonce' ) ); ?>';
             var tour_variable = "plugin_tour";
             jQuery.ajax({
                 url:base_url+'/wp-admin/admin.php?page=mo_openid_general_settings&tab=config_apps', //the page containing php script
+
                 method: "POST", //request type,
-                data: {update_tour_status: tour_variable},
+                data: {
+                    update_tour_status: tour_variable,
+                    'mo_openid_tour_nonce': mo_openid_tour_nonce,
+                },
                 dataType: 'text',
                 success:function(result){

miniorange-login-openid/trunk/mo-openid-social-login-functions.php

@@ -1428 +1428 @@
 }
 
-function mo_openid_add_custom_column1( $columns ) {
-    $columns['mo_openid_delete_profile_data'] = 'Delete Social Profile Data';
-    return $columns;
-}
-
-function mo_openid_delete_social_profile_script() {
-    ?>
-    <script type="text/javascript">
-        function moOpenidDeleteSocialProfile(elem, userId){
-            jQuery.ajax({
-                url:"<?php echo esc_url( admin_url() ); ?>", //the page containing php script
-                method: "POST", //request type,
-                data: {action : 'delete_social_profile_data', user_id : userId},
-                dataType: 'text',
-                success:function(result){
-                    alert('Social Profile Data Deleted successfully. Press OK to continue.');
-                    window.location.reload(true);
-                }
-            });
-        }
-        function copyToClipboard(copyButton, element, copyelement) {
-            var temp = jQuery("<input>");
-            jQuery("body").append(temp);
-            temp.val(jQuery(element).text()).select();
-            document.execCommand("copy");
-            temp.remove();
-            jQuery(copyelement).text("Copied");
-            jQuery(copyButton).mouseout(function(){
-                jQuery(copyelement).text("Copy to Clipboard");
-            });
-        }
-    </script>
-    <?php
-}
+

miniorange-login-openid/trunk/readme.txt

@@ -2 +2 @@
 Contributors: sociallogin, vkontakte, cyberlord92
 Donate link: https://www.miniorange.com
-Tags: social login, facebook login, google login, social sharing, twitter login, linkedIn, user login, vkontakte login, social comments, social commenting, woocommerce login, facebook, twitter, google, social connect, social network login, social plugin, windows, microsoft, discord login, openID, OAuth Login, User Login, social media login, user registration, social sign in.  
+Tags: social login, facebook login, google login, social sharing, twitter login, linkedIn, user login, vkontakte login, social comments, social commenting, woocommerce login, facebook, twitter, google, social connect, social network login, social plugin, discord login, openID, OAuth Login, User Login, social media login, user registration, social sign in.  
 Requires at least: 2.0.2
 Tested up to: 6.1
-Stable tag: 7.6.0
+Stable tag: 7.6.1
 License: GPLv2 or later
 License URI: http://miniorange.com/usecases/miniOrange_User_Agreement.pdf
@@ -27 +27 @@
 
 *   Social Login with <a href="https://plugins.miniorange.com/configure-facebook-social-login-in-wordpress" target="_blank">Facebook</a>, <a href="https://plugins.miniorange.com/login-with-google-using-wordpress-social-login" target="_blank">Google</a>, <a href="https://plugins.miniorange.com/configure-discord-with-social-login-in-wordpress" target="_blank">Discord</a>, <a href="https://plugins.miniorange.com/configure-twitter-with-social-login-in-wordpress" target="_blank">Twitter</a>, <a href="http://plugins.miniorange.com/configure-vkontakte-with-social-login-in-wordpress" target="_blank">Vkontakte</a>, <a href="https://plugins.miniorange.com/configure-linkedin-with-social-login-in-wordpress" target="_blank">LinkedIn</a>, <a href="http://plugins.miniorange.com/configure-amazon-with-social-login-in-wordpress" target="_blank">Amazon</a>, Salesforce & <a href="https://plugins.miniorange.com/guide-to-configure-yahoo-social-login-in-wordpress" target="_blank">Yahoo</a>,etc.
-*   **One-click** activation for Login with Google, Amazon, Vkontakte, LinkedIn, Windows Live (Microsoft login), Yahoo, Salesforce, Snapchat and Dribbble.
+*   **One-click** activation for Login with Google, Amazon, Vkontakte, LinkedIn, Yahoo, Salesforce, Snapchat and Dribbble.
 *   **Flexible display** - Display Social login icons anywhere on your websites.
 *   **Sync user data** - Sync user data from multiple social network providers like Facebook, Google, Microsoft into one social login account.
@@ -35 +35 @@
 *   **Assign user roles** - Assign WordPress roles to users on registration through social login.
 *   **Shortcodes** - Use Shortcode anywhere on your website to display social login icons.
-*   **Take full control** - Setup your social login applications with APP ID and APP Secret for Facebook, Google, Twitter, Vkontakte, LinkedIn, Amazon, Windows Live & Yahoo.
+*   **Take full control** - Setup your social login applications with APP ID and APP Secret for Facebook, Google, Twitter, Vkontakte, LinkedIn, Amazon, & Yahoo.
 *   **Preview** - Preview custom social login icons before you publish them on your website.
 *   **Profile completion** (username, email) - Prompt users for email-id & username if social login app doesn't return it. Verify Emails using verification code.
@@ -100 +100 @@
 
 = Why miniOrange Social Login =
-* **13 Free Social Login apps** - Login with popular social network providers namely Facebook, Google, Discord, Twitter, LinkedIn, Vkontakte, Windows Live, Amazon, Salesforce, Yahoo, Snapchat and Dribbble all available in the free plan.
+* **11 Free Social Login apps** - Login with popular social network providers namely Facebook, Google, Discord, Twitter, LinkedIn, Vkontakte, Amazon, Salesforce, Yahoo, Snapchat and Dribbble all available in the free plan.
 * **No Setup required** - Simply register with us and use our pre-configured application. We will handle everything for you.
 * **24 / 7 Support** - If you face any issues or if you simply require assistance with the Social Login plugin then please contact us. Whatever it may be we will solve the issue for you and get everything working as soon as possible.
@@ -142 +142 @@
 
 *   **40+ Social Login Providers** - Choose from 40+ applications (Facebook Login, Google Login, Discord Login etc.) for social login and user registration. Many social network providers added continuously.
-*   **One-click activation** - For Login with Discord, Apple, Facebook, Google, Amazon, Vkontakte, LinkedIn, Windows Live (Microsoft login), WordPress, Yahoo, Salesforce, Stackoverflow, Mailchimp, Strava etc.
+*   **One-click activation** - For Login with Discord, Apple, Facebook, Google, Amazon, Vkontakte, LinkedIn, WordPress, Yahoo, Salesforce, Stackoverflow, Mailchimp, Strava etc.
 *   **Social login Integrations** - Social integrations with popular WordPress plugins like <a href="https://plugins.miniorange.com/guide-to-configure-woocommerce-with-wordpress-social-login" target="_blank">WooCommerce</a>, <a href="https://plugins.miniorange.com/guide-to-configure-paid-membership-pro-with-wordpress-social-login" target="_blank">Paid Memberships Pro</a>, <a href="https://plugins.miniorange.com/guide-to-configure-buddypress-with-wordpress-social-login" target="_blank">BuddyPress</a>, <a href="https://plugins.miniorange.com/guide-to-configure-mailchimp-integration-with-wordpress-social-login" target="_blank">MailChimp</a> and HubSpot.
 *   **Social Login Integrations** - Social login icons on WooCommerce pages, BuddyPress pages, Paid Memberships Pro pages, MemberPress pages, Ultimate Member pages.
@@ -277 +277 @@
 
 ==Changelog==
+= 7.6.1 =
+* Security Fixes.
+* Readme update.
+
 = 7.6.0 =
 * Discontinue the Temporary admin login feature.
@@ -1012 +1016 @@
 
 == Upgrade Notice ==
+= 7.6.1 =
+* Security Fixes.
+* Readme update.
+
 = 7.6.0 =
 * Discontinue the Temporary admin login feature.

miniorange-login-openid/trunk/view/config_apps/mo_openid_config_apps.php

@@ -4 +4 @@
 {
     if (isset($_POST['update_tour_status'])){ //phpcs:ignore
-        update_option('mo_openid_tour_new','1');
+        $nonce = sanitize_text_field($_POST['mo_openid_tour_nonce']);
+        if (!wp_verify_nonce($nonce, 'mo-openid-tour-nonce')) {
+            wp_die('<strong>ERROR</strong>: Please Go back and Refresh the page and try again!<br/>If you still face the same issue please contact your Administrator.');
+        } else {
+            if(current_user_can('administrator')){
+                update_option('mo_openid_tour_new','1');
+            }
+        }
     }
     ?>
@@ -1164 +1171 @@
                         action: 'mo_openid_rating_given',
                         rating: rating,
-                        'mo_openid_rating_given' : mo_openid_rating_given,
+                        'mo_openid_rating_given' : mo_openid_rating_given_nonce,
                     },
                     success: function (result) { }

miniorange-login-openid/trunk/view/rate_us/rate_us.php

@@ -72 +72 @@
                 action: 'mo_openid_rating_given',
                 rating: rating,
-                'mo_openid_rating_given' : mo_openid_rating_given,
+                'mo_openid_rating_given' : mo_openid_rating_given_nonce,
             },
             success: function (result) {