From 0393d601fbc8e76d855e5b9889b35f6cd48bb710 Mon Sep 17 00:00:00 2001 From: Jesper Nissen-Pedersen Date: Tue, 26 Mar 2024 18:09:37 +0100 Subject: [PATCH 1/2] INS-2935: Implement nonce checking for Request Token action --- siteimprove/admin/js/siteimprove-admin.js | 3 ++- .../partials/class-siteimprove-admin-settings.php | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/siteimprove/admin/js/siteimprove-admin.js b/siteimprove/admin/js/siteimprove-admin.js index 9ca5054..45b7b43 100755 --- a/siteimprove/admin/js/siteimprove-admin.js +++ b/siteimprove/admin/js/siteimprove-admin.js @@ -37,7 +37,8 @@ $.post( ajaxurl, { - 'action': 'siteimprove_request_token' + 'action': 'siteimprove_request_token', + '_wpnonce': $( '#_wpnonce' ).val(), }, function (response) { var el = $( '#siteimprove_token_request' ); diff --git a/siteimprove/admin/partials/class-siteimprove-admin-settings.php b/siteimprove/admin/partials/class-siteimprove-admin-settings.php index fa9eb97..5db5f4f 100755 --- a/siteimprove/admin/partials/class-siteimprove-admin-settings.php +++ b/siteimprove/admin/partials/class-siteimprove-admin-settings.php @@ -714,7 +714,15 @@ public function request_token() { if ( ! current_user_can( 'manage_options' ) ) { return; } - echo esc_html( SiteimproveUtils::request_token() ); + + // Check if the nonce is set and is valid. + if ( isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'siteimprove-options' ) ) { + // The nonce is valid, output the token. + echo esc_html( SiteimproveUtils::request_token() ); + } else { + wp_die(); + } + wp_die(); } } From d623420f6d213143c59a301bf20181aefe633f71 Mon Sep 17 00:00:00 2001 From: Jesper Nissen-Pedersen Date: Wed, 27 Mar 2024 09:14:44 +0100 Subject: [PATCH 2/2] INS-2935: Update version and README file --- README.md | 3 +++ siteimprove/readme.txt | 5 ++++- siteimprove/siteimprove.php | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 06524b0..4b59148 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,9 @@ The code on this repository has to match the WordPress Coding Standards in order Every pull request will be checked against WPCS through GitHub Actions. ## Version History +### 2.0.7 +* Bugfix - Fixed a security issue with implementing nonce checking on request token + ### 2.0.6 * Bugfix - Fixed an issue when some users tried saving their API credentials diff --git a/siteimprove/readme.txt b/siteimprove/readme.txt index 750c834..23250aa 100644 --- a/siteimprove/readme.txt +++ b/siteimprove/readme.txt @@ -2,7 +2,7 @@ Contributors: siteimprove Tags: accessibility, analytics, insights, readability, spelling, seo Requires at least: 4.7.2 -Tested up to: 6.2.2 +Tested up to: 6.4.3 Stable tag: trunk License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html @@ -85,6 +85,9 @@ Please review whether you have JavaScript turned off in your browser. We use Jav == Changelog == += 2.0.7 = +* Bugfix - Fixed a security issue with implementing nonce checking on request token + = 2.0.6 = * Bugfix - Fixed an issue when some users tried saving their API credentials diff --git a/siteimprove/siteimprove.php b/siteimprove/siteimprove.php index 871835e..ed6a4ab 100755 --- a/siteimprove/siteimprove.php +++ b/siteimprove/siteimprove.php @@ -9,7 +9,7 @@ * Plugin Name: Siteimprove Plugin * Plugin URI: https://www.siteimprove.com/integrations/cms-plugin/wordpress/ * Description: Integration with Siteimprove. - * Version: 2.0.6 + * Version: 2.0.7 * Author: Siteimprove * Author URI: http://www.siteimprove.com/ * Requires at least: 4.7.2