diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist
index 4e354fa..0a997b6 100644
--- a/.phpcs.xml.dist
+++ b/.phpcs.xml.dist
@@ -5,6 +5,7 @@
.
/.dev-notes/
+ /blocks/
/tests/
/vendor/
/node_modules/
@@ -34,7 +35,8 @@
-
+
+
@@ -42,33 +44,43 @@
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
+
-
-
-
-
@@ -76,6 +88,7 @@
+
@@ -93,13 +106,11 @@
+
+
-
-
-
-
diff --git a/App/App.php b/App/App.php
index 8ae23ea..d314961 100644
--- a/App/App.php
+++ b/App/App.php
@@ -8,7 +8,6 @@
namespace RundizOauth\App;
-use RundizOauth\App\Controllers as Controllers;
if (!class_exists('\\RundizOauth\\App\\App')) {
class App
diff --git a/App/Controllers/Front/HookLoginPage.php b/App/Controllers/Front/HookLoginPage.php
index eb63f99..6d98dee 100644
--- a/App/Controllers/Front/HookLoginPage.php
+++ b/App/Controllers/Front/HookLoginPage.php
@@ -217,7 +217,7 @@ public function loadProfile()
$user = get_user_by('ID', $user_id);
wp_update_user([
'ID' => $user->ID,
- 'user_email' => $email
+ 'user_email' => $email,
]);
do_action('rundiz_oauth_changeemail_success', $user->ID, $email);
unset($email, $user, $user_id);
@@ -226,7 +226,7 @@ public function loadProfile()
'rundiz-oauth-error',
maybe_serialize([
'class' => 'notice-success',
- 'message' => __('Your email has been changed.', 'okv-oauth')
+ 'message' => __('Your email has been changed.', 'okv-oauth'),
])
);
} elseif (is_wp_error($email)) {
@@ -234,7 +234,7 @@ public function loadProfile()
'rundiz-oauth-error',
maybe_serialize([
'class' => 'notice-error',
- 'message' => $email->get_error_message()
+ 'message' => $email->get_error_message(),
])
);
}
diff --git a/App/Libraries/Loader.php b/App/Libraries/Loader.php
index e270082..54e0bf9 100644
--- a/App/Libraries/Loader.php
+++ b/App/Libraries/Loader.php
@@ -96,7 +96,7 @@ public function loadTemplate($view_name, array $data = [])
// if not found the template file in plugin itself.
// throw the error to notice the developers.
/* translators: %s: Template path. */
- throw new \Exception(sprintf(__('The template file was not found. (%s)', 'okv-oauth'), $template_path));
+ throw new \Exception(esc_html(sprintf(__('The template file was not found. (%s)', 'okv-oauth'), $template_path)));
}
}
diff --git a/App/Libraries/MyOauth/Facebook.php b/App/Libraries/MyOauth/Facebook.php
index df79a77..3be0577 100644
--- a/App/Libraries/MyOauth/Facebook.php
+++ b/App/Libraries/MyOauth/Facebook.php
@@ -3,6 +3,7 @@
* Facebook login
*
* @package rundiz-oauth
+ * // phpcs:ignoreFile -- no longer supported.
*/
diff --git a/App/Libraries/MyOauth/Google.php b/App/Libraries/MyOauth/Google.php
index 0f76431..4e5cd43 100644
--- a/App/Libraries/MyOauth/Google.php
+++ b/App/Libraries/MyOauth/Google.php
@@ -277,7 +277,7 @@ public function wpLoginWithGoogle($user)
// found user by this email.
// keep $user because we will use it as return value.
// set token cookie.
- setcookie('rundiz_oauth_google_tokens', json_encode([$access_token, $id_token]), time()+(2 * DAY_IN_SECONDS), '/', defined(COOKIE_DOMAIN) ? COOKIE_DOMAIN : '');
+ setcookie('rundiz_oauth_google_tokens', wp_json_encode([$access_token, $id_token]), time()+(2 * DAY_IN_SECONDS), '/', defined(COOKIE_DOMAIN) ? COOKIE_DOMAIN : '');
// complete.
} else {
// user was not found.
@@ -349,7 +349,7 @@ public function wpRegisterWithGoogle()
// got user profile and email was verified.
if (email_exists($result['data']->email) === false && username_exists($result['data']->email) === false) {
// if user that is using this email is NOT already exists (yay).
- setcookie('rundiz_oauth_google_tokens', json_encode([$access_token, $id_token]), time()+(2 * DAY_IN_SECONDS), '/', defined(COOKIE_DOMAIN) ? COOKIE_DOMAIN : '');
+ setcookie('rundiz_oauth_google_tokens', wp_json_encode([$access_token, $id_token]), time()+(2 * DAY_IN_SECONDS), '/', defined(COOKIE_DOMAIN) ? COOKIE_DOMAIN : '');
$output['access_token'] = $access_token;
$output['id_token'] = $id_token;
$output['email'] = $result['data']->email;
diff --git a/App/Libraries/RundizOauth.php b/App/Libraries/RundizOauth.php
index 9535d34..dff25d8 100644
--- a/App/Libraries/RundizOauth.php
+++ b/App/Libraries/RundizOauth.php
@@ -120,7 +120,7 @@ public function loggedinRedirect($user)
$redirect_to = admin_url();
}
- $requested_redirect_to = (isset($_SESSION['okv-oauth_redirect_to']) ? $_SESSION['okv-oauth_redirect_to'] : '');
+ $requested_redirect_to = (isset($_SESSION['okv-oauth_redirect_to']) ? sanitize_url($_SESSION['okv-oauth_redirect_to']) : '');
$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
unset($requested_redirect_to);
diff --git a/App/config/settings_rdoauth.php b/App/config/settings_rdoauth.php
index 67d1da3..0811905 100644
--- a/App/config/settings_rdoauth.php
+++ b/App/config/settings_rdoauth.php
@@ -152,7 +152,7 @@
return [
- 'tab_style' => 'vertical',// vertical or horizontal
+ 'tab_style' => 'vertical', // vertical or horizontal
'setting_tabs' => [
[
'icon' => 'fa fa-sign-in fa-fw',
@@ -181,7 +181,7 @@
'type' => 'select',
],
],
- ],// end login settings tab.
+ ], // end login settings tab.
[
'icon' => 'fa fa-google fa-fw',
'title' => __('Google login', 'okv-oauth'),
@@ -251,7 +251,7 @@
'type' => 'html_full',
],
],
- ],// end google login settings tab.
+ ], // end google login settings tab.
[
'icon' => 'fa fa-facebook fa-fw',
'title' => __('Facebook login', 'okv-oauth'),
@@ -287,7 +287,7 @@
'type' => 'html_full',
],
],
- ],// end facebook login settings tab.
+ ], // end facebook login settings tab.
[
'icon' => 'fa fa-paint-brush fa-fw',
'title' => __('Design pages', 'okv-oauth'),
@@ -298,6 +298,6 @@
'type' => 'html_full',
],
],
- ],// end design help tab.
+ ], // end design help tab.
],
];
\ No newline at end of file
diff --git a/blocks-src/loginlinks/render.php b/blocks-src/loginlinks/render.php
index 8c9e8a4..8591763 100644
--- a/blocks-src/loginlinks/render.php
+++ b/blocks-src/loginlinks/render.php
@@ -6,14 +6,16 @@
*/
-$currentUrl = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+$currentUrl = ( is_ssl() ? 'https://' : 'http://' ) .
+ (isset($_SERVER['HTTP_HOST']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_HOST'])) : '') .
+ (isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : '');
$isUserLoggedIn = is_user_logged_in();
$classes = ($isUserLoggedIn ? 'logged-in' : 'logged-out');
$contents = '';
if (!$isUserLoggedIn && get_option('users_can_register')) {
$contents .= '' . __( 'Register' ) . '' . PHP_EOL;
-} elseif ($isUserLoggedIn && isset($attributes) && is_array($attributes) && array_key_exists('displayLinkToAdmin', $attributes) && $attributes['displayLinkToAdmin'] === true) {
+} elseif ($isUserLoggedIn && isset($attributes) && is_array($attributes) && array_key_exists('displayLinkToAdmin', $attributes) && true === $attributes['displayLinkToAdmin']) {
$contents .= '' . __( 'Site Admin' ) . '' . PHP_EOL;
}
unset($isUserLoggedIn);
diff --git a/blocks/loginlinks/render.php b/blocks/loginlinks/render.php
index 8c9e8a4..8591763 100644
--- a/blocks/loginlinks/render.php
+++ b/blocks/loginlinks/render.php
@@ -6,14 +6,16 @@
*/
-$currentUrl = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+$currentUrl = ( is_ssl() ? 'https://' : 'http://' ) .
+ (isset($_SERVER['HTTP_HOST']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_HOST'])) : '') .
+ (isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : '');
$isUserLoggedIn = is_user_logged_in();
$classes = ($isUserLoggedIn ? 'logged-in' : 'logged-out');
$contents = '';
if (!$isUserLoggedIn && get_option('users_can_register')) {
$contents .= '' . __( 'Register' ) . '' . PHP_EOL;
-} elseif ($isUserLoggedIn && isset($attributes) && is_array($attributes) && array_key_exists('displayLinkToAdmin', $attributes) && $attributes['displayLinkToAdmin'] === true) {
+} elseif ($isUserLoggedIn && isset($attributes) && is_array($attributes) && array_key_exists('displayLinkToAdmin', $attributes) && true === $attributes['displayLinkToAdmin']) {
$contents .= '' . __( 'Site Admin' ) . '' . PHP_EOL;
}
unset($isUserLoggedIn);