Skip to content

Commit bf17ff9

Browse files
kprovancekprovance
committed
#4006 - XSS fix in 'color_scheme' import.
1 parent 78c5f85 commit bf17ff9

14 files changed

+195
-735
lines changed

redux-core/assets/css/redux-fields.min.css

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

redux-core/assets/css/redux-fields.min.css.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

redux-core/inc/extensions/color_scheme/class-redux-extension-color-scheme.php

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -448,13 +448,86 @@ public function parse_ajax() {
448448
// Export scheme file.
449449
} elseif ( 'export' === $_REQUEST['type'] ) {
450450
$this->download_schemes();
451+
452+
// Import scheme file.
453+
} elseif ( 'import' === $_REQUEST['type'] ) {
454+
$this->import_schemes();
451455
}
452456
}
453457
} else {
454458
wp_die( esc_html__( 'Invalid Security Credentials. Please reload the page and try again.', 'redux-framework' ) );
455459
}
456460
}
457461

462+
/**
463+
* Download Scheme File.
464+
*
465+
* @since 4.4.18
466+
* @access private
467+
* @return void
468+
*/
469+
private function import_schemes() {
470+
if ( isset( $_REQUEST['content'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification
471+
$content = wp_unslash( $_REQUEST['content'] ); // phpcs:ignore WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
472+
$content = is_array( $content ) ? array_map( 'stripslashes_deep', $content ) : stripslashes( $content );
473+
$content = json_decode( $content, true );
474+
475+
if ( is_null( $content ) ) {
476+
$result = array(
477+
'result' => false,
478+
'data' => esc_html__( 'Import unsuccessful! Malformed JSON data detected.', 'redux-framework' ),
479+
);
480+
481+
$result = wp_json_encode( $result );
482+
483+
echo $result; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
484+
485+
die;
486+
}
487+
488+
if ( isset( $content['Default']['color_scheme_name'] ) ) {
489+
$content = wp_json_encode( $content );
490+
491+
$param_array = array(
492+
'content' => $content,
493+
'overwrite' => true,
494+
'chmod' => FS_CHMOD_FILE,
495+
);
496+
497+
$import_file = Redux_Color_Scheme_Functions::$upload_dir . Redux_Color_Scheme_Functions::$parent->args['opt_name'] . '_' . Redux_Color_Scheme_Functions::$field_id . '.json';
498+
499+
if ( true === Redux_Color_Scheme_Functions::$parent->filesystem->execute( 'put_contents', $import_file, $param_array ) ) {
500+
$result = array(
501+
'result' => true,
502+
// translators: %s = HTML content.
503+
'data' => sprintf( esc_html__( 'Import successful! Click %s to refresh.', 'redux-framework' ), '<strong>' . esc_html__( 'OK', 'redux-framework' ) . '</strong>' ),
504+
);
505+
} else {
506+
$result = array(
507+
'result' => false,
508+
'data' => esc_html__( 'Import unsuccessful! File permission error: Could not write import data to server.', 'redux-framework' ),
509+
);
510+
}
511+
} else {
512+
$result = array(
513+
'result' => false,
514+
'data' => esc_html__( 'Import unsuccessful! The selected file is not a valid color scheme file.', 'redux-framework' ),
515+
);
516+
}
517+
} else {
518+
$result = array(
519+
'result' => false,
520+
'data' => esc_html__( 'Import unsuccessful! No data detected in the import file.', 'redux-framework' ),
521+
);
522+
}
523+
524+
$result = wp_json_encode( $result );
525+
526+
echo $result; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
527+
528+
die;
529+
}
530+
458531
/**
459532
* Download Scheme File.
460533
*

0 commit comments

Comments
 (0)