malhuda/fictioneer
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 112 Wiki Activity

Add salt functions to FFCNR

Browse Source 
For more security-sensitive requests in the future.
This commit is contained in:
Tetrakern 2024-12-14 11:41:45 +01:00
parent 41e2fd668d
commit 8ebb3eb686
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ffcnr.php
View File

@ -22,11 +22,13 @@ header( 'X-Frame-Options: DENY' );
header( 'Referrer-Policy: no-referrer' ); header( 'Referrer-Policy: no-referrer' );
header( "Content-Security-Policy: default-src 'none'; script-src 'none'; style-src 'none'; img-src 'none'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';" ); // Just because header( "Content-Security-Policy: default-src 'none'; script-src 'none'; style-src 'none'; img-src 'none'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';" ); // Just because
// Ping
if ( ! ( $_REQUEST['action'] ?? 0 ) ) { if ( ! ( $_REQUEST['action'] ?? 0 ) ) {
header( 'HTTP/1.1 204 No Content' ); header( 'HTTP/1.1 204 No Content' );
exit; exit;
} }
// Initialize
if ( isset( $_SERVER['DOCUMENT_ROOT'] ) && file_exists( $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php' ) ) { if ( isset( $_SERVER['DOCUMENT_ROOT'] ) && file_exists( $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php' ) ) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php';
} else { } else {
@ -43,5 +45,6 @@ if ( isset( $_SERVER['DOCUMENT_ROOT'] ) && file_exists( $_SERVER['DOCUMENT_ROOT'
require_once __DIR__ . '/includes/functions/requests/_setup.php'; require_once __DIR__ . '/includes/functions/requests/_setup.php';
// That didn't work
header( 'HTTP/1.1 400 Bad Request' ); header( 'HTTP/1.1 400 Bad Request' );
exit; exit;

57
includes/functions/requests/_setup.php
View File

@ -32,7 +32,7 @@ function ffcnr_load_options( $option_names = [], $blog_id_override = null ) {
$_blog_id = $blog_id_override ?? $blog_id ?? 1; $_blog_id = $blog_id_override ?? $blog_id ?? 1;
$site_prefix = $wpdb->get_blog_prefix( $_blog_id ); $site_prefix = $wpdb->get_blog_prefix( $_blog_id );
$default_options = ['siteurl', 'home', 'blogname', 'blogdescription', 'users_can_register', 'admin_email', 'timezone_string', 'date_format', 'time_format', 'posts_per_page', 'permalink_structure', 'upload_path', 'template', 'blog_charset', 'active_plugins', 'gmt_offset', 'stylesheet', 'default_role', 'avatar_rating', 'show_avatars', 'avatar_default', 'page_for_posts', 'page_on_front', 'site_icon', 'wp_user_roles', 'cron', 'nonce_key', 'nonce_salt', 'current_theme', 'show_on_front', 'blog_public', 'theme_switched', "{$site_prefix}user_roles"]; $default_options = ['siteurl', 'home', 'blogname', 'blogdescription', 'users_can_register', 'admin_email', 'timezone_string', 'date_format', 'time_format', 'posts_per_page', 'permalink_structure', 'upload_path', 'template', 'blog_charset', 'active_plugins', 'gmt_offset', 'stylesheet', 'default_role', 'avatar_rating', 'show_avatars', 'avatar_default', 'page_for_posts', 'page_on_front', 'site_icon', 'wp_user_roles', 'cron', 'nonce_key', 'nonce_salt', 'current_theme', 'show_on_front', 'blog_public', 'theme_switched', "{$site_prefix}user_roles", 'fictioneer_ffcnr_salt'];
$default_options = apply_filters( 'ffcnr_load_options_defaults', $default_options ); $default_options = apply_filters( 'ffcnr_load_options_defaults', $default_options );
@ -482,6 +482,61 @@ function ffcnr_update_user_meta( $user_id, $meta_key, $meta_value ) {
} }
} }
// =============================================================================
// SECURITY
// =============================================================================
/**
* Returns the daily randomized salt.
*
* @since 5.27.0
*
* @param string $salt_name Option name of the salt. Default 'fictioneer_ffcnr_salt'.
*
* @return string The daily salt.
*/
function ffcnr_get_daily_salt( $salt_name = 'fictioneer_ffcnr_salt' ) {
$salts = ffcnr_get_option( $salt_name, [] );
$salts = is_array( $salts ) ? $salts : [];
$current_date = gmdate( 'Y-m-d' );
if ( ! isset( $salts[ $current_date ] ) ) {
$salts[ $current_date ] = bin2hex( random_bytes( 16 ) );
ffcnr_update_option( $salt_name, $salts );
}
ffcnr_cleanup_salts( $salts, $salt_name );
return $salts[ $current_date ];
}
/**
* Deletes salts that are no longer needed.
*
* @since 5.27.0
*
* @param string[] $salts Array of salts.
* @param string $option Option name of the salt.
*/
function ffcnr_cleanup_salts( $salts, $option ) {
$current_date = gmdate( 'Y-m-d' );
$salt_count = count( $salts );
$keep_days = 2; // Keep for two days for debug purposes
foreach ( $salts as $date => $salt ) {
if ( strtotime( $date ) < strtotime( "$current_date -$keep_days days" ) ) {
unset( $salts[ $date ] );
}
}
if ( $salt_count !== count( $salts ) ) {
ffcnr_update_option( $option, $salts );
}
}
// ============================================================================= // =============================================================================
// CHILD THEME // CHILD THEME
// ============================================================================= // =============================================================================