Commit 7052ba0b authored by Erick Hitter's avatar Erick Hitter
Browse files

Introduce sanitization helper function for alphanumeric values and use said...

Introduce sanitization helper function for alphanumeric values and use said helper to sanitize values from constants introduced in 7577ba00. Fixes #12.

Also replaces existing API key sanitization with new helper function. Also corrects a hereto-undiscovered bug that caused a valid API key to be deemed invalid and cleared.
parent 7577ba00
...@@ -192,12 +192,12 @@ class Authy_WP { ...@@ -192,12 +192,12 @@ class Authy_WP {
$this->settings = array(); $this->settings = array();
if ( defined( 'AUTHY_API_KEY_PRODUCTION' ) && AUTHY_API_KEY_PRODUCTION ) if ( defined( 'AUTHY_API_KEY_PRODUCTION' ) && AUTHY_API_KEY_PRODUCTION )
$this->settings['api_key_production'] = AUTHY_API_KEY_PRODUCTION; $this->settings['api_key_production'] = $this->sanitize_alphanumeric( AUTHY_API_KEY_PRODUCTION );
if ( defined( 'AUTHY_API_KEY_DEVELOPMENT' ) && AUTHY_API_KEY_DEVELOPMENT ) if ( defined( 'AUTHY_API_KEY_DEVELOPMENT' ) && AUTHY_API_KEY_DEVELOPMENT )
$this->settings['api_key_development'] = AUTHY_API_KEY_DEVELOPMENT; $this->settings['api_key_development'] = $this->sanitize_alphanumeric( AUTHY_API_KEY_DEVELOPMENT );
$this->settings['environment'] = defined( 'AUTHY_ENVIRONMENT' ) && AUTHY_ENVIRONMENT ? AUTHY_ENVIRONMENT : 'production'; $this->settings['environment'] = defined( 'AUTHY_ENVIRONMENT' ) && isset( $endpoints[ AUTHY_ENVIRONMENT ] ) ? AUTHY_ENVIRONMENT : 'production';
} }
// Plugin page accepts keys for production and development. // Plugin page accepts keys for production and development.
...@@ -425,6 +425,16 @@ class Authy_WP { ...@@ -425,6 +425,16 @@ class Authy_WP {
$this->sms = true; $this->sms = true;
} }
/**
* Ensure a given value only contains alphanumeric characters
*
* @param string $value
* @return string
*/
protected function sanitize_alphanumeric( $value ) {
return preg_replace( '#[^a-z0-9]#i', '', $value );
}
/** /**
* GENERAL OPTIONS PAGE * GENERAL OPTIONS PAGE
*/ */
...@@ -553,7 +563,7 @@ class Authy_WP { ...@@ -553,7 +563,7 @@ class Authy_WP {
case 'text' : case 'text' :
switch ( $field['sanitizer'] ) { switch ( $field['sanitizer'] ) {
case 'alphanumeric' : case 'alphanumeric' :
$value = preg_replace( '#[^a-z0-9]#i', '', $settings[ $field['name' ] ] ); $value = $this->sanitize_alphanumeric( $settings[ $field['name' ] ] );
break; break;
default: default:
...@@ -660,7 +670,7 @@ class Authy_WP { ...@@ -660,7 +670,7 @@ class Authy_WP {
if ( is_null( $api_key ) ) if ( is_null( $api_key ) )
$api_key = $this->api_key; $api_key = $this->api_key;
else else
$api_key = preg_replace( '#[a-z0-9]#i', '', $api_key ); $api_key = $this->sanitize_alphanumeric( $api_key );
// Get meta, which holds all Authy data by API key // Get meta, which holds all Authy data by API key
$data = get_user_meta( $user_id, $this->users_key, true ); $data = get_user_meta( $user_id, $this->users_key, true );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment