WordPress.org
Get WordPress

Plugin Directory

Changeset 3064701


Ignore:
Timestamp:
04/04/2024 01:14:37 PM (21 months ago)
Author:
siteimprove
Message:

Version 2.0.7

Location:
siteimprove
Files:
29 added
7 edited

Legend:

Unmodified
Added
Removed

  • siteimprove/trunk/admin/class-siteimprove-admin.php

    r3013456 r3064701  
    111111            plugin_dir_url( __FILE__ ) . 'js/siteimprove-gutenberg.js',
    112112            array( 'wp-plugins', 'wp-edit-post', 'wp-element', 'siteimprove' ),
    113             true
     113            $this->version,
     114            false
    114115        );
    115116        $si_js_args = array(
     
    189190        $disabled_new_version = get_option( 'siteimprove_disable_new_version' );
    190191        $pattern = '/^[a-zA-Z_\d-]+.js/';
     192        $nonce = wp_create_nonce( 'siteimprove_nonce' );
    191193
    192194        if ( ! empty( $file_name ) ) {
     
    203205            }
    204206        }
    205         if ( ! isset( $_GET['si_preview'] ) || '0' === $_GET['si_preview'] ) {
     207
     208        if ( isset( $_GET['si_preview_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['si_preview_nonce'] ) ), 'siteimprove_nonce' ) ) {
     209            return;
     210        }
     211        else { 
    206212            wp_enqueue_script( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'js/siteimprove.js', array( 'jquery' ), $this->version, false );
    207213            wp_enqueue_script( 'siteimprove_overlay', $overlay_path, array(), $this->version, true );
     
    222228            'version' => $disabled_new_version,
    223229            'is_content_page' => $is_content_page,
     230            'nonce' => $nonce,
    224231        );
    225232

  • siteimprove/trunk/admin/js/siteimprove-admin.js

    r3013456 r3064701  
    3838                        ajaxurl,
    3939                        {
    40                             'action': 'siteimprove_request_token'
     40                            'action': 'siteimprove_request_token',
     41                            '_wpnonce': $( '#_wpnonce' ).val(),
    4142                        },
    4243                        function (response) {

  • siteimprove/trunk/admin/js/siteimprove.js

    r3013456 r3064701  
    66  "use strict";
    77
    8   const getDom = async function (url) {
     8  const getDom = async function (url, nonce) {
    99    const iframeContainer = document.createElement("div");
    1010    iframeContainer.setAttribute("id", "div_iframe");
    1111    document.body.appendChild(iframeContainer);
    1212    const separator = url.includes("?") ? "&" : "?";
    13     iframeContainer.innerHTML = `<iframe id='domIframe' src=${url}${separator}si_preview=1 style='height:100vh; width:100%'></iframe>`;
     13    iframeContainer.innerHTML = `<iframe id='domIframe' src=${url}${separator}si_preview_nonce=${nonce} style='height:100vh; width:100%'></iframe>`;
    1414    const iframe = document.getElementById("domIframe");
    1515    const promise = new Promise(function (resolve, reject) {
     
    3737
    3838  window.siteimprove = {
    39     input: function (url, token, version, is_content_page) {
     39    input: function (url, token, version, is_content_page, nonce) {
    4040      this.url = url;
    4141      this.token = token;
     
    4343      this.version = version;
    4444      this.is_content_page = is_content_page;
     45      this.nonce = nonce;
    4546      this.common(url);
    4647    },
     
    233234    // If exist siteimprove_input, call input Siteimprove method.
    234235    if (typeof siteimprove_input !== "undefined") {
    235       siteimprove.input(siteimprove_input.url, siteimprove_input.token, siteimprove_input.version, siteimprove_input.is_content_page);
     236      siteimprove.input(siteimprove_input.url, siteimprove_input.token, siteimprove_input.version, siteimprove_input.is_content_page, siteimprove_input.nonce);
    236237    }
    237238
     
    263264        url: window.location.href,
    264265        token: "",
     266        nonce: "",
    265267      };
    266268
     
    270272        }
    271273        result.token = siteimprove_input.token;
     274        result.nonce = siteimprove_input.nonce;
    272275      }
    273276
     
    277280        }
    278281        result.token = siteimprove_domain.token;
     282        result.nonce = siteimprove_domain.nonce;
    279283      }
    280284      return result;
     
    287291        evt.preventDefault();
    288292        $("body").append('<div class="si-overlay"></div>');
    289         var dom = await getDom(si_prepublish_data.url);
     293        var dom = await getDom(si_prepublish_data.url, si_prepublish_data.nonce);
    290294        siteimprove.contentcheck_flatdom(
    291295          dom,

  • siteimprove/trunk/admin/partials/class-siteimprove-admin-settings.php

    r3019800 r3064701  
    108108
    109109        // Register a new section in the siteimprove page.
    110         if ( isset( $_GET['devmode'] ) ) {
     110        if ( isset( $_GET['devmode'] ) && wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'siteimprove-options' ) ) {
    111111            add_settings_section(
    112112                'siteimprove_dev_mode_section',
     
    703703            return;
    704704        }
    705         echo esc_html( SiteimproveUtils::request_token() );
     705   
     706        // Check if the nonce is set and is valid.
     707        if ( isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'siteimprove-options' ) ) {
     708            // The nonce is valid, output the token.
     709            echo esc_html( SiteimproveUtils::request_token() );
     710        } else {
     711            wp_die();
     712        }
     713   
    706714        wp_die();
    707715    }

  • siteimprove/trunk/includes/class-siteimprove.php

    r3013456 r3064701  
    6161
    6262        $this->plugin_name = 'siteimprove';
    63         $this->version     = '2.0.0';
     63        $this->version     = '2.0.7';
    6464
    6565        $this->load_dependencies();
     
    147147
    148148        // Siteimprove Actions.
    149         if ( ! isset( $_GET['si_preview'] ) || '0' === $_GET['si_preview'] ) {
    150             $this->loader->add_action( 'admin_init', $plugin_admin, 'siteimprove_init' );
    151             $this->loader->add_action( 'publish_page', $plugin_admin, 'siteimprove_save_session_url_post' );
    152             $this->loader->add_action( 'publish_post', $plugin_admin, 'siteimprove_save_session_url_post' );
    153             $this->loader->add_action( 'edit_term', $plugin_admin, 'siteimprove_save_session_url_term', 10, 3 );
    154             $this->loader->add_action( 'create_term', $plugin_admin, 'siteimprove_save_session_url_term', 10, 3 );
    155             $this->loader->add_action( 'transition_post_status', $plugin_admin, 'siteimprove_save_session_url_product', 10, 3 );
    156             $this->loader->add_action( 'wp_head', $plugin_admin, 'siteimprove_wp_head' );
    157             $this->loader->add_action( 'admin_bar_menu', $plugin_admin, 'add_prepublish_toolbar_item', 500, 1 );
    158         }
     149        $this->loader->add_action( 'admin_init', $plugin_admin, 'siteimprove_init' );
     150        $this->loader->add_action( 'publish_page', $plugin_admin, 'siteimprove_save_session_url_post' );
     151        $this->loader->add_action( 'publish_post', $plugin_admin, 'siteimprove_save_session_url_post' );
     152        $this->loader->add_action( 'edit_term', $plugin_admin, 'siteimprove_save_session_url_term', 10, 3 );
     153        $this->loader->add_action( 'create_term', $plugin_admin, 'siteimprove_save_session_url_term', 10, 3 );
     154        $this->loader->add_action( 'transition_post_status', $plugin_admin, 'siteimprove_save_session_url_product', 10, 3 );
     155        $this->loader->add_action( 'wp_head', $plugin_admin, 'siteimprove_wp_head' );
     156        $this->loader->add_action( 'admin_bar_menu', $plugin_admin, 'add_prepublish_toolbar_item', 500, 1 );
    159157    }
    160158

  • siteimprove/trunk/readme.txt

    r3013456 r3064701  
    11=== Siteimprove ===
    22Contributors: siteimprove
    3 Tags: accessibility, analytics, insights, readability, spelling, seo
     3Tags: accessibility, analytics, insights, spelling, seo
    44Requires at least: 4.7.2
    5 Tested up to: 6.2.2
    6 Stable tag: trunk
     5Tested up to: 6.4.3
     6Stable tag: 2.0.7
    77License: GPLv2 or later
    88License URI: https://www.gnu.org/licenses/gpl-2.0.html
    99
    10 Turn your most complex website challenges into manageable tasks—all from a single platform. Siteimprove is a comprehensive solution for every element of your marketing strategy—complete with three solution packages: Inclusivity, Content Experience, Marketing Performance.
     10Turn your most complex website challenges into manageable tasks—all from a single platform
    1111
    1212== Description ==
     
    8686
    8787== Changelog ==
     88= 2.0.7 =
     89* Change - Changed name of the plugin from "Siteimprove Plugin" to "Siteimprove"
     90* Bugfix - Fixed a security issue with implementing nonce checking on request token
     91
    8892= 2.0.6 =
    8993* Bugfix - Fixed an issue when some users tried saving their API credentials

  • siteimprove/trunk/siteimprove.php

    r3013463 r3064701  
    77
    88/**
    9  * Plugin Name:         Siteimprove Plugin
     9 * Plugin Name:         Siteimprove
    1010 * Plugin URI:          https://www.siteimprove.com/integrations/cms-plugin/wordpress/
    1111 * Description:         Integration with Siteimprove.
    12  * Version:             2.0.6
     12 * Version:             2.0.7
    1313 * Author:              Siteimprove
    1414 * Author URI:          http://www.siteimprove.com/
Note: See TracChangeset for help on using the changeset viewer.