fix: add nonce on request protect files
This commit is contained in:
parent
65f96ff558
commit
e7c8872049
|
@ -244,6 +244,8 @@ class REST_Background_Processes_Controller extends REST_Controller {
|
|||
public function prepare_item_for_response($item, $request) {
|
||||
$item->log = $this->get_log_url($item->ID, $item->action);
|
||||
$item->error_log = $this->get_log_url($item->ID, $item->action, 'error');
|
||||
$nonce = wp_create_nonce( 'wp_rest' );
|
||||
$item->output = str_replace("&_wpnonce=[nonce]", "&_wpnonce=$nonce", $item->output);
|
||||
return $item;
|
||||
}
|
||||
|
||||
|
@ -351,7 +353,8 @@ class REST_Background_Processes_Controller extends REST_Controller {
|
|||
if (!file_exists( $upload_url['basedir'] . '/tainacan/' . $filename )) {
|
||||
return null;
|
||||
}
|
||||
$logs_url = esc_url_raw( rest_url() ) . "tainacan/v2/bg-processes/file?guid=$filename";
|
||||
$nonce = wp_create_nonce( 'wp_rest' );
|
||||
$logs_url = esc_url_raw( rest_url() ) . "tainacan/v2/bg-processes/file?guid=$filename&_wpnonce=$nonce";
|
||||
return $logs_url;
|
||||
}
|
||||
|
||||
|
|
|
@ -700,7 +700,7 @@ abstract class Exporter {
|
|||
}
|
||||
$file_name = "{$upload_dir}{$file_suffix}";
|
||||
$guid = "exporter/{$prefix}_{$key}";
|
||||
$file_url = esc_url_raw( rest_url() ) . "tainacan/v2/bg-processes/file?guid=$guid";
|
||||
$file_url = esc_url_raw( rest_url() ) . "tainacan/v2/bg-processes/file?guid=$guid&_wpnonce=[nonce]";
|
||||
$this->output_files[$key] = [
|
||||
'filename' => $file_name,
|
||||
'url' => $file_url
|
||||
|
@ -776,7 +776,10 @@ abstract class Exporter {
|
|||
$user = get_userdata( (int) $author );
|
||||
if ($user instanceof \WP_User) {
|
||||
$msg = $this->get_output();
|
||||
$this->add_log('Sending email to ' . $user->user_email);
|
||||
$email_parts = explode('@', $user->user_email);
|
||||
$first_letter = substr($email_parts[0], 0, 1);
|
||||
$anonymized_email = $first_letter . '*****@' . $email_parts[1];
|
||||
$this->add_log('Sending email to ' . $anonymized_email);
|
||||
wp_mail($user->user_email, __('Finished export.', 'tainacan'), $msg);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue