Changeset 3042326

Timestamp:

02/28/2024 07:18:18 AM (5 months ago)

Author:

nextendweb

Message:

3.1.13

• Security fix: Error message sanitization.

Location:

nextend-facebook-connect/trunk

Files:

• admin/admin.php (modified) (2 diffs)
• includes/exceptions.php (modified) (1 diff)
• includes/oauth2.php (modified) (9 diffs)
• includes/provider.php (modified) (1 diff)
• nextend-facebook-connect.php (modified) (1 diff)
• nextend-social-login.php (modified) (1 diff)
• providers/facebook/facebook-client.php (modified) (3 diffs)
• providers/google/google-client.php (modified) (1 diff)
• providers/twitter/twitter-client.php (modified) (2 diffs)
• providers/twitter/twitter.php (modified) (1 diff)
• providers/twitter/twitterv2-client.php (modified) (1 diff)
• readme.txt (modified) (3 diffs)

nextend-facebook-connect/trunk/admin/admin.php

@@ -523 +523 @@
         if (is_wp_error($request)) {
 
-            throw new Exception($request->get_error_message());
+            throw new Exception($request->get_error_message());
         } else if (wp_remote_retrieve_response_code($request) !== 200) {
 
@@ -535 +535 @@
             }
 
-            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
+            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
         }
 

nextend-facebook-connect/trunk/includes/exceptions.php

@@ -4 +4 @@
 
 }
+
+
+
+
+
+
+
+

nextend-facebook-connect/trunk/includes/oauth2.php

@@ -27 +27 @@
         if (isset($_REQUEST['error']) && isset($_REQUEST['error_description'])) {
             if ($this->validateState()) {
-                throw new Exception($_REQUEST['error'] . ': ' . htmlspecialchars_decode($_REQUEST['error_description']));
+                throw new Exception($_REQUEST['error'] . ': ' . htmlspecialchars_decode($_REQUEST['error_description']));
             }
         }
@@ -132 +132 @@
             if (is_wp_error($request)) {
 
-                throw new Exception($request->get_error_message());
+                throw new Exception($request->get_error_message());
             } else if (wp_remote_retrieve_response_code($request) !== 200) {
 
@@ -141 +141 @@
 
             if (!is_array($accessTokenData)) {
-                throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
+                throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
             }
 
@@ -163 +163 @@
     protected function errorFromResponse($response) {
         if (isset($response['error'])) {
-            throw new Exception($response['error'] . ': ' . $response['error_description']);
+            throw new Exception($response['error'] . ': ' . $response['error_description']);
         }
     }
@@ -279 +279 @@
         if (is_wp_error($request)) {
 
-            throw new Exception($request->get_error_message());
+            throw new Exception($request->get_error_message());
         } else if (wp_remote_retrieve_response_code($request) !== 200) {
 
@@ -288 +288 @@
 
         if (!is_array($result)) {
-            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
+            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
         }
 
@@ -318 +318 @@
         if (is_wp_error($request)) {
 
-            throw new Exception($request->get_error_message());
+            throw new Exception($request->get_error_message());
         } else if (wp_remote_retrieve_response_code($request) !== 200) {
             $this->errorFromResponse(json_decode(wp_remote_retrieve_body($request), true));
@@ -326 +326 @@
 
         if (!is_array($result)) {
-            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
+            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
         }
 
@@ -340 +340 @@
      */
     protected function extendHttpArgs($http_args) {
-        $http_args['headers'] = array(
-            'Authorization' => 'Bearer ' . $this->access_token_data['access_token']
-        );
+        if (isset($this->access_token_data['access_token'])) {
+            $http_args['headers'] = array(
+                'Authorization' => 'Bearer ' . $this->access_token_data['access_token']
+            );
+        }
 
         return $http_args;

nextend-facebook-connect/trunk/includes/provider.php

@@ -793 +793 @@
         if (!empty($_GET['trackerdata']) && !empty($_GET['trackerdata_hash'])) {
             if (wp_hash($_GET['trackerdata']) === $_GET['trackerdata_hash']) {
-                Persistent::set('trackerdata', $_GET['trackerdata']);
+                Persistent::set('trackerdata', );
             }
         }
         if (!empty($_GET['redirect'])) {
-            Persistent::set('redirect', $_GET['redirect']);
+            Persistent::set('redirect', );
         }
     }

nextend-facebook-connect/trunk/nextend-facebook-connect.php

@@ -4 +4 @@
 Plugin URI: https://nextendweb.com/
 Description: Nextend Social Login displays social login buttons for Facebook, Google and X (formerly Twitter).
-Version: 3.1.12
+Version: 3.1.1
 Requires PHP: 7.0
 Requires at least: 4.9

nextend-facebook-connect/trunk/nextend-social-login.php

@@ -21 +21 @@
 class NextendSocialLogin {
 
-    public static $version = '3.1.12';
-
-    public static $nslPROMinVersion = '3.1.12';
+    public static $version = '3.1.1';
+
+    public static $nslPROMinVersion = '3.1.1';
 
     public static $proxyPage = false;

nextend-facebook-connect/trunk/providers/facebook/facebook-client.php

@@ -75 +75 @@
         if (is_wp_error($request)) {
 
-            throw new Exception($request->get_error_message());
+            throw new Exception($request->get_error_message());
         } else if (wp_remote_retrieve_response_code($request) !== 200) {
 
@@ -84 +84 @@
 
         if (!is_array($accessTokenData)) {
-            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
+            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
         }
 
@@ -96 +96 @@
     protected function errorFromResponse($response) {
         if (isset($response['error'])) {
-            throw new Exception($response['error']['message']);
+            throw new Exception($response['error']['message']);
         }
     }

nextend-facebook-connect/trunk/providers/google/google-client.php

@@ -62 +62 @@
     protected function errorFromResponse($response) {
         if (isset($response['error']['message'])) {
-            throw new Exception($response['error']['message']);
+            throw new Exception($response['error']['message']);
         }
     }

nextend-facebook-connect/trunk/providers/twitter/twitter-client.php

@@ -158 +158 @@
         if (is_wp_error($request)) {
 
-            throw new Exception($request->get_error_message());
+            throw new Exception($request->get_error_message());
         } else if (wp_remote_retrieve_response_code($request) !== 200) {
 
             $this->errorFromResponse(json_decode(wp_remote_retrieve_body($request), true));
 
-            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
+            throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), wp_remote_retrieve_body($request)));
         }
 
@@ -217 +217 @@
     private function errorFromResponse($response) {
         if (isset($response['errors']) && is_array($response['errors'])) {
-            throw new Exception($response['errors'][0]['message']);
+            throw new Exception($response['errors'][0]['message']);
         }
     }

nextend-facebook-connect/trunk/providers/twitter/twitter.php

@@ -298 +298 @@
         }
 
-        throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), json_encode($response)));
+        throw new Exception(sprintf(__('Unexpected response: %s', 'nextend-facebook-connect'), json_encode($response)));
     }
 

nextend-facebook-connect/trunk/providers/twitter/twitterv2-client.php

@@ -51 +51 @@
             return add_query_arg($args, $this->getEndpointAuthorization());
         } catch (Exception $e) {
-            throw new Exception($e->getMessage());
+            throw new Exception($e->getMessage());
         }
     }

nextend-facebook-connect/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 4.9
 Tested up to: 6.4.3
-Stable tag: 3.1.12
+Stable tag: 3.1.1
 Requires PHP: 7.0
 License: GPLv2 or later
@@ -48 +48 @@
 * Ultimate Member compatibility
 * Easy Digital Downloads compatibility
-* Pro providers: LinkedIn, Amazon, VKontakte, WordPress.com, Yahoo, PayPal, Disqus, Apple, GitHub, Microsoft, Line, Discord, Slack, TikTok, Steam, Twitch, Kakao, Reddit and more coming soon
+* Pro providers: LinkedIn, Amazon, VKontakte, WordPress.com, Yahoo, PayPal, Disqus, Apple, GitHub, Microsoft, Line, Discord, Slack, TikTok, Steam, Twitch, Kakao, Reddit and more coming soon
 * Configure whether email address should be asked on registration at each provider
 * Configure whether username should be asked on registration at each provider
@@ -125 +125 @@
 
 == Changelog ==
+
+
+
+
 
 = 3.1.12 =