Headline
CVE-2021-4381: Changeset 2456786 for ulisting – WordPress Plugin Repository
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
ulisting/trunk/README.txt
r2454754
r2456786
6
6
Requires at least: 4.6
7
7
Tested up to: 5.6
8
Stable tag: 1.6.6
8
Stable tag: 1.7
9
9
License: GPLv2 or later
10
10
License URI: https://www.gnu.org/licenses/gpl-2.0.html
…
…
173
173
174
174
\== Changelog ==
175
176
\= 1.7 =
177
\- Security update
178
\- added: Additional Ajax Security Nonces
179
\- added: Additional Form Validators and Sanitizers
180
\- added: Extra User Role Capability checkers
181
\- added: Before Registration check "WordPress > Settings > Membership" option
182
\- fixed: "ajax\_nonpriv" hooks removed from Authorized Requests
175
183
176
184
\= 1.6.6 =
ulisting/trunk/assets/js/admin/srm-listing-single-page-builder.js
r2285543
r2456786
84
84
formData.append('listing\_type\_id', vm.listing\_type\_id);
85
85
formData.append('id', 'ulisting\_single\_page\_layout\_' + \_id);
86
formData.append('nonce', ulistingAjaxNonce);
86
87
87
88
vm.$set(vm.image, 'message', '');
…
…
100
101
var vm = this;
101
102
vm.load = true;
102
this.$http.post("ulisting-builder/listing-single-page/get\_data", {'listing\_type\_id': vm.listing\_type\_id}).then(function (response) {
103
this.$http.post("ulisting-builder/listing-single-page/get\_data", {
104
'listing\_type\_id': vm.listing\_type\_id,
105
'nonce': ulistingAjaxNonce
106
}).then(function (response) {
103
107
if (response.body.success) {
104
108
vm.sections = response.body.data.sections;
…
…
141
145
this.$http.post("ulisting-builder/listing-single-page/get-layout", {
142
146
layout\_id: layout.id,
143
listing\_type\_id: vm.listing\_type\_id
147
listing\_type\_id: vm.listing\_type\_id,
148
nonce: ulistingAjaxNonce
144
149
}).then(function (response) {
145
150
if (response.body.success) {
…
…
158
163
name: vm.layout\_selected.name,
159
164
sections: vm.sections,
160
listing\_type\_id: vm.listing\_type\_id
165
listing\_type\_id: vm.listing\_type\_id,
166
nonce: ulistingAjaxNonce
161
167
};
162
168
this.$http.post("ulisting-builder/listing-single-page/save\_layout", vm.layout).then(function (response) {
…
…
180
186
name: vm.layout\_selected.name,
181
187
sections: vm.sections,
182
listing\_type\_id: vm.listing\_type\_id
188
listing\_type\_id: vm.listing\_type\_id,
189
nonce: ulistingAjaxNonce
183
190
};
184
191
…
…
200
207
this.$http.post("ulisting-builder/listing-single-page/delete-layout", {
201
208
layout\_id: vm.layout\_selected.id,
202
listing\_type\_id: vm.listing\_type\_id
209
listing\_type\_id: vm.listing\_type\_id,
210
nonce: ulistingAjaxNonce
203
211
}).then(function (response) {
204
212
vm.form\_load = false;
ulisting/trunk/assets/js/admin/stm-item-card-layout.js
r2285543
r2456786
66
66
var vm = this;
67
67
vm.load = true;
68
this.$http.get("ulisting-builder/listing-item-card-layout/get-data",{params:{listing\_type\_id:vm.listing\_type\_id}}).then(function(response){
68
this.$http.get("ulisting-builder/listing-item-card-layout/get-data", {
69
params: {
70
listing\_type\_id:vm.listing\_type\_id,
71
nonce: ulistingAjaxNonce
72
}
73
}).then(function(response){
69
74
if(response.body.success){
70
75
vm.config = response.body.data.config;
…
…
94
99
{
95
100
listing\_type\_id: vm.listing\_type\_id,
96
layout\_id: vm.active\_layout.id
101
layout\_id: vm.active\_layout.id,
102
nonce: ulistingAjaxNonce
97
103
}
98
104
).then(function(response){
…
…
119
125
layout: vm.active\_layout,
120
126
sections: vm.sections,
127
nonce: ulistingAjaxNonce
121
128
}
122
129
).then(function(response){
ulisting/trunk/assets/js/admin/stm-setting-inventory-layout.js
r2285543
r2456786
101
101
formData.append('type', 'inventory');
102
102
formData.append('id', 'ulisting\_type\_page\_layout\_' + \_id);
103
formData.append('nonce', ulistingAjaxNonce);
103
104
104
105
vm.$set(vm.image, 'message', '');
…
…
122
123
name: vm.layout\_selected.name,
123
124
sections: vm.sections,
125
nonce: ulistingAjaxNonce
124
126
};
125
127
this.$http.post("ulisting-builder/listing-type-layout/save\_layout", vm.layout).then(function (response) {
…
…
173
175
};
174
176
vm.create\_panel = false;
175
this.$http.post("ulisting-builder/listing-type-layout/get-layout", {listing\_type\_layout\_id: layout.id}).then(function (response) {
177
this.$http.post("ulisting-builder/listing-type-layout/get-layout", {
178
listing\_type\_layout\_id: layout.id,
179
nonce: ulistingAjaxNonce
180
}).then(function (response) {
176
181
if (response.body.success) {
177
182
vm.sections = response.body.data.section;
…
…
199
204
name: vm.layout\_selected.name,
200
205
sections: vm.sections,
206
nonce: ulistingAjaxNonce
201
207
};
202
208
…
…
218
224
var vm = this;
219
225
vm.form\_load = true;
220
this.$http.post("ulisting-builder/listing-type-layout/delete-layout", {listing\_type\_layout\_id: vm.layout\_selected.id}).then(function (response) {
226
this.$http.post("ulisting-builder/listing-type-layout/delete-layout", {
227
listing\_type\_layout\_id: vm.layout\_selected.id,
228
nonce: ulistingAjaxNonce
229
}).then(function (response) {
221
230
vm.form\_load = false;
222
231
if (response.body.success) {
ulisting/trunk/assets/js/admin/stm-user-search.js
r2056519
r2456786
19
19
},
20
20
search: (loading, search, vm) => {
21
vm.$http.get('ulisting-user/search',{params:{search:search}}).then(function(response){
21
vm.$http.get('ulisting-user/search',{params:{
22
search: search,
23
nonce: ulistingAjaxNonce
24
}}).then(function(response){
22
25
loading(false);
23
26
vm.options = response.body
ulisting/trunk/assets/js/admin/ulisting-import.js
r2399927
r2456786
36
36
progress\_import(){
37
37
var vm = this;
38
vm.$http.post('ulisting-import/progress', { step:vm.step\_progress, key:vm.info\_progress\[vm.step\_progress\] }).then(function(response){
38
vm.$http.post('ulisting-import/progress', {
39
step: vm.step\_progress,
40
key: vm.info\_progress\[vm.step\_progress\],
41
nonce: ulistingAjaxNonce
42
}).then(function(response){
39
43
40
44
vm.progress\_data += response.body.data+" \\n ";
ulisting/trunk/assets/js/frontend/comment/ulisting-comment.js
r2078920
r2456786
31
31
form\_data.append("type",vm.type);
32
32
form\_data.append("object\_id",vm.object\_id);
33
form\_data.append("nonce",ulistingAjaxNonce);
33
34
if(vm.rating)
34
35
form\_data.append("rating",vm.rating);
…
…
60
61
"offset":vm.offset,
61
62
"comment\_type":vm.type,
62
"user\_id":vm.object\_id
63
"user\_id":vm.object\_id,
64
"nonce":ulistingAjaxNonce
63
65
};
64
66
this.$http.get("ulisting-comment/get",{params:params}).then(function(response){
ulisting/trunk/assets/js/frontend/stm-agent-add.js
r2285543
r2456786
31
31
'password\_repeat' : vm.password\_repeat,
32
32
'role' : 'agent',
33
'agency\_id' : ulisting\_user\_agent\_add\_data.agency\_id
33
'agency\_id' : ulisting\_user\_agent\_add\_data.agency\_id,
34
'nonce' : ulistingAjaxNonce
34
35
};
35
36
ulisting/trunk/assets/js/frontend/stm-profile-edit.js
r2321586
r2456786
49
49
formData.append('last\_name', vm.last\_name);
50
50
formData.append('email', vm.email);
51
formData.append('nonce', ulistingAjaxNonce);
51
52
52
53
for(index in vm.custom\_fields)
…
…
81
82
let formData = new FormData();
82
83
formData.append('user\_id', vm.user\_id);
84
formData.append('nonce', ulistingAjaxNonce);
83
85
if(vm.old\_password)
84
86
formData.append('old\_password', vm.old\_password);
ulisting/trunk/assets/js/frontend/stm-register.js
r2386800
r2456786
59
59
'role' : vm.role,
60
60
'password' : vm.password,
61
'password\_repeat' : vm.password\_repeat
61
'password\_repeat' : vm.password\_repeat,
62
'nonce' : ulistingAjaxNonce
62
63
};
63
64
ulisting/trunk/assets/js/frontend/ulisting-inventory-list.js
r2353792
r2456786
179
179
search\_form\_type: vm.search\_form\_type,
180
180
value: vm.query\_data,
181
query\_data: vm.query\_data
181
query\_data: vm.query\_data,
182
nonce: ulistingAjaxNonce
182
183
}).then(function (response) {
183
184
if (response.body.success) {
ulisting/trunk/assets/js/frontend/ulisting-my-listing.js
r2399927
r2456786
138
138
const vm = this;
139
139
vm.loading = true;
140
this.$http.post("ulisting-user/draft\_or\_delete", {user\_id:vm.user\_id, listing\_id:id, status}).then(function(response){
140
this.$http.post("ulisting-user/draft\_or\_delete", {
141
user\_id:vm.user\_id,
142
listing\_id:id,
143
status,
144
nonce: ulistingAjaxNonce
145
}).then(function(response){
141
146
vm.message = response.body.message;
142
147
…
…
156
161
const vm = this;
157
162
vm.loading = true;
158
this.$http.post("ulisting-user/deletelisting", {user\_id:vm.user\_id, listing\_id:id}).then(function(response){
163
this.$http.post("ulisting-user/deletelisting", {
164
user\_id: vm.user\_id,
165
listing\_id: id,
166
nonce: ulistingAjaxNonce
167
}).then(function(response){
159
168
vm.message = response.body.message;
160
169
if(response.body.errors)
…
…
176
185
vm.feature\_plan\_select = 0;
177
186
vm.feature\_plan\_select\_is\_one\_tome = false;
178
this.$http.post("ulisting-user/get\_feature\_plan", {user\_id:vm.user\_id, listing\_id:id}).then(function(response){
187
this.$http.post("ulisting-user/get\_feature\_plan", {
188
user\_id: vm.user\_id,
189
listing\_id: id,
190
nonce: ulistingAjaxNonce
191
}).then(function(response){
179
192
vm.loading = false;
180
193
vm.message = response.body.message;
ulisting/trunk/includes/admin/enqueue.php
r2391643
r2456786
63
63
wp\_add\_inline\_script('vue', "const UlistingEventBus = new Vue();");
64
64
wp\_add\_inline\_script('stm-listing-admin', "var currentAjaxUrl = '".admin\_url( 'admin-ajax.php', 'relative' )."'", 'before');
65
wp\_add\_inline\_script('stm-listing-admin', "var ulistingAjaxNonce = '".\\uListing\\Classes\\StmVerifyNonce::createAjaxNonce()."'", 'before');
65
66
wp\_add\_inline\_script('vue-resource', "Vue.http.options.root = '".site\_url()."/1/api';");
66
67
ulisting/trunk/includes/admin/views/listing-settings/email-settings.php
r2403161
r2456786
164
164
165
165
update({id, option\_name} = {}) {
166
this.payload\[option\_name\] = {id, option\_name};
166
this.payload\[option\_name\] = id;
167
167
},
168
168
…
…
171
171
const data = {
172
172
socials: this.socials,
173
images: this.payload
173
images: this.payload,
174
nonce: ulistingAjaxNonce
174
175
}
175
176
this.$http.post(currentAjaxUrl + '?action=stm\_update\_email\_data', data).then(response => {
ulisting/trunk/includes/admin/views/listing-settings/user-roles.php
r2391643
r2456786
399
399
vm.message = null;
400
400
vm.loading = true;
401
this.$http.post("ulisting-user/role/save", {roles:vm.roles}).then(function(response){
401
this.$http.post("ulisting-user/role/save", {
402
roles: vm.roles,
403
nonce: ulistingAjaxNonce
404
}).then(function(response){
402
405
vm.loading = false;
403
406
vm.message = response.body\['message'\];
ulisting/trunk/includes/classes/StmAjaxAction.php
r2399927
r2456786
8
8
\* @param string $tag The name of the action to which the $function\_to\_add is hooked.
9
9
\* @param callable $function\_to\_add The name of the function you wish to be called.
10
\* @param boolean $nopriv Optional. Boolean argument for adding wp\_ajax\_nopriv\_action. Default false.
10
11
\* @param int $priority Optional. Used to specify the order in which the functions
11
12
\* associated with a particular action are executed. Default 10.
…
…
16
17
\* @return true Will always return true.
17
18
\*/
18
public static function addAction($tag, $function\_to\_add, $priority = 10, $accepted\_args = 1) {
19
public static function addAction($tag, $function\_to\_add, $nopriv = false, $priority = 10, $accepted\_args = 1) {
19
20
add\_action('wp\_ajax\_'.$tag, $function\_to\_add, $priority = 10, $accepted\_args = 1);
20
add\_action('wp\_ajax\_nopriv\_'.$tag, $function\_to\_add);
21
if ( $nopriv ) add\_action('wp\_ajax\_nopriv\_'.$tag, $function\_to\_add);
21
22
return true;
22
23
}
23
24
24
25
public static function init() {
25
StmAjaxAction::addAction('stm\_listing\_login', \[ StmListingAuth::class ,'stm\_listing\_login'\]);
26
StmAjaxAction::addAction('stm\_listing\_register', \[ StmListingAuth::class ,'stm\_listing\_register'\]);
26
StmAjaxAction::addAction('stm\_listing\_login', \[ StmListingAuth::class ,'stm\_listing\_login'\], true);
27
StmAjaxAction::addAction('stm\_listing\_register', \[ StmListingAuth::class ,'stm\_listing\_register'\], true);
27
28
StmAjaxAction::addAction('stm\_listing\_profile\_edit', \[ StmListingAuth::class ,'stm\_listing\_profile\_edit'\]);
28
29
StmAjaxAction::addAction('stm\_listing\_ajax', \[ StmListing::class ,'listing\_ajax'\]);
…
…
35
36
StmAjaxAction::addAction('stm\_agencies\_switcher', \[ StmListingSettings::class ,'install\_uninstall\_ulisting\_agencies'\]);
36
37
StmAjaxAction::addAction('stm\_settings\_payment\_method', \[ StmPaymentMethod::class ,'ajax\_settings\_payment\_method'\]);
37
StmAjaxAction::addAction('stm\_user\_click', \[ UlistingPageStatistics::class , 'page\_statistics\_for\_user\_phone\_click'\]);
38
StmAjaxAction::addAction('stm\_listing\_quick\_view', \[ StmListing::class ,'listing\_quick\_view\_ajax'\]);
38
StmAjaxAction::addAction('stm\_user\_click', \[ UlistingPageStatistics::class , 'page\_statistics\_for\_user\_phone\_click'\], true);
39
StmAjaxAction::addAction('stm\_listing\_quick\_view', \[ StmListing::class ,'listing\_quick\_view\_ajax'\], true);
39
40
40
41
$ajax\_actions = apply\_filters("ulisting\_ajax", \[\]);
41
42
foreach ($ajax\_actions as $ajax\_action) {
42
43
if(isset($ajax\_action\['is\_admin'\]) AND !$ajax\_action\['is\_admin'\])
43
StmAjaxAction::addAction($ajax\_action\['tag'\], $ajax\_action\['action'\]);
44
StmAjaxAction::addAction($ajax\_action\['tag'\], $ajax\_action\['action'\], true);
44
45
}
45
46
ulisting/trunk/includes/classes/StmInventoryLayout.php
r2285543
r2456786
159
159
160
160
if(isset($request\_data\['listing\_type\_layout\_id'\]) AND $layout = get\_option($request\_data\['listing\_type\_layout\_id'\])){
161
delete\_option($request\_data\['listing\_type\_layout\_id'\]);
161
delete\_option(sanitize\_text\_field($request\_data\['listing\_type\_layout\_id'\]));
162
162
$result\['success'\] = true;
163
163
}
ulisting/trunk/includes/classes/StmListingAttribute.php
r2454754
r2456786
176
176
177
177
public static function ajaxActionCreate() {
178
StmVerifyNonce::nerifyNonce($\_POST\['wpnonce'\], 'stm\_attribute\_ajax\_create');
178
StmVerifyNonce::verifyNonce($\_POST\['wpnonce'\], 'stm\_attribute\_ajax\_create');
179
179
$\_POST\['StmListingAttribute'\]\['title'\] = StmListingAttribute::deslash($\_POST\['StmListingAttribute'\]\['title'\]);
180
180
$model = StmListingAttribute::create($\_POST\['StmListingAttribute'\])->save();
ulisting/trunk/includes/classes/StmListingAttributeOption.php
r2386800
r2456786
56
56
public static function ajaxActionSave()
57
57
{
58
StmVerifyNonce::nerifyNonce($\_POST\['\_wpnonce\_add-tag'\], 'stm\_attributes\_add\_option\_ajax3');
58
StmVerifyNonce::verifyNonce($\_POST\['\_wpnonce\_add-tag'\], 'stm\_attributes\_add\_option\_ajax3');
59
59
}
60
60
ulisting/trunk/includes/classes/StmListingAuth.php
r2399927
r2456786
61
61
$request\_body = file\_get\_contents('php://input');
62
62
$data = json\_decode($request\_body, true);
63
64
if ( ! StmVerifyNonce::verifyAjaxNonce() ) {
65
wp\_send\_json($result);
66
}
67
68
if ( ! get\_option( 'users\_can\_register' ) ) {
69
$result\['message'\] = esc\_html\_\_('User registration is not allowed in this site.', 'ulisting');
70
wp\_send\_json($result);
71
}
63
72
64
73
$data\_for\_validate = $data;
…
…
94
103
\* @var $agency\_id ;
95
104
\*/
105
106
// Check if User Role is allowed
107
$userRole = new UlistingUserRole();
108
if ( ! in\_array( $role, array\_keys($userRole->roles) ) ) {
109
$result\['message'\] = esc\_html\_\_('This user role is not allowed.', 'ulisting');
110
wp\_send\_json($result);
111
}
96
112
97
113
$user = wp\_create\_user($login, $password, $email);
…
…
143
159
'status' => 'error'
144
160
);
161
162
if ( ! StmVerifyNonce::verifyAjaxNonce() || ! is\_user\_logged\_in() ) {
163
wp\_send\_json($result);
164
}
165
145
166
$validator = new Validation();
146
167
$data\_for\_validate = $validator->sanitize(array\_merge($\_POST,$\_FILES));
…
…
170
191
\*/
171
192
172
if($user = new StmUser($user\_id) AND $user->ID) {
193
if($user = new StmUser($user\_id) AND $user->ID AND $user->ID == get\_current\_user\_id()) {
173
194
174
195
do\_action("ulisting\_profile\_edit", \['user' => $user, 'data' => $validated\_data\]);
ulisting/trunk/includes/classes/StmListingSettings.php
r2428506
r2456786
199
199
\*/
200
200
public static function stm\_update\_email\_data() {
201
if ( ! current\_user\_can( 'manage\_options' ) || ! StmVerifyNonce::verifyAjaxNonce() ) {
202
return false;
203
}
204
201
205
$result = \[
202
206
'status' => 'success',
…
…
211
215
}
212
216
213
if (isset($request\_data\['images'\]) && !empty($request\_data\['images'\])) {
214
foreach ($request\_data\['images'\] as $image)
215
update\_option($image\['option\_name'\], $image\['id'\]);
217
if ( isset($request\_data\['images'\]) && is\_array($request\_data\['images'\]) ) {
218
if ( array\_key\_exists('ulisting\_email\_banner', $request\_data\['images'\]) ) {
219
update\_option('ulisting\_email\_banner', sanitize\_text\_field($request\_data\['images'\]\['ulisting\_email\_banner'\]));
220
}
221
if ( array\_key\_exists('ulisting\_email\_logo', $request\_data\['images'\]) ) {
222
update\_option('ulisting\_email\_logo', sanitize\_text\_field($request\_data\['images'\]\['ulisting\_email\_logo'\]));
223
}
216
224
}
217
225
wp\_send\_json($result);
ulisting/trunk/includes/classes/StmListingSingleLayout.php
r2391643
r2456786
1135
1135
update\_post\_meta(
1136
1136
$listing\_type->ID,
1137
$request\_data\['id'\],
1137
sanitize\_text\_field($request\_data\['id'\]),
1138
1138
ulisting\_json\_encode(\["name" => $request\_data\['name'\],"section" => $sections \])
1139
1139
);
…
…
1236
1236
1237
1237
if(isset($\_POST\['listing\_type\_id'\]) && $\_POST\['type'\] === 'single')
1238
update\_post\_meta($\_POST\['listing\_type\_id'\], $\_POST\['id'\], $content);
1238
update\_post\_meta(sanitize\_text\_field($\_POST\['listing\_type\_id'\]), $\_POST\['id'\], $content);
1239
1239
elseif ($\_POST\['type'\] === 'inventory')
1240
update\_option($\_POST\['id'\], $content);
1240
update\_option(sanitize\_text\_field($\_POST\['id'\]), $content);
1241
1241
1242
1242
$result\['success'\] = true;
ulisting/trunk/includes/classes/StmUser.php
r2428506
r2456786
490
490
$listing\_id = ( isset($request\_data\['listing\_id'\]) ) ? $request\_data\['listing\_id'\] : null;
491
491
$listing = StmListing::find\_one($listing\_id);
492
if ( $listing\_id ) {
492
493
if ( $listing\_id && $listing->getUser()->ID == $request\_data\['user\_id'\] ) {
493
494
$args = \[
494
495
'listing\_id' => $listing\_id,
…
…
538
539
$back\_slots = get\_option('ulisting\_back\_slots');
539
540
$back\_slots = strval($back\_slots) === 'true';
540
541
if ($listingUserRelation) {
542
if ($listingUserRelation->user\_id != $request\_data\['user\_id'\]) return $result;
543
}
544
541
545
542
if ($listing\_id) {
…
…
557
554
}
558
555
559
wp\_delete\_post( $listing\_id, 'false' );
560
$result\['success'\] = true;
556
if ( $listingUserRelation->user\_id == $request\_data\['user\_id'\] ) {
557
wp\_delete\_post( $listing\_id, 'false' );
558
$result\['success'\] = true;
559
}
561
560
}
562
561
return $result;
ulisting/trunk/includes/classes/StmVerifyNonce.php
r2056519
r2456786
4
4
class StmVerifyNonce {
5
5
6
public static function nerifyNonce($wpnonce, $action, $message = null) {
6
public static function verifyNonce($wpnonce, $action, $message = null) {
7
7
if ( ! wp\_verify\_nonce( $wpnonce, $action) ) {
8
8
if($message)
…
…
11
11
}
12
12
}
13
14
public static function createAjaxNonce() {
15
return wp\_create\_nonce( 'ulisting-ajax-nonce' );
16
}
17
18
public static function verifyAjaxNonce() {
19
if ( isset( $\_REQUEST\['nonce'\] ) ) {
20
$nonce = $\_REQUEST\['nonce'\];
21
} else {
22
$request\_body = file\_get\_contents('php://input');
23
$request\_data = json\_decode($request\_body, true);
24
$nonce = ( isset( $request\_data\['nonce'\] ) ) ? $request\_data\['nonce'\] : '';
25
}
26
27
return wp\_verify\_nonce( $nonce, 'ulisting-ajax-nonce' );
28
}
13
29
}
ulisting/trunk/includes/classes/UlistingPageStatistics.php
r2261556
r2456786
65
65
\*/
66
66
public static function getRealIpAddr() {
67
if (!empty($\_SERVER\['HTTP\_CLIENT\_IP'\])) { //check ip from share internet
68
$ip=$\_SERVER\['HTTP\_CLIENT\_IP'\];
69
} elseif (!empty($\_SERVER\['HTTP\_X\_FORWARDED\_FOR'\])) { //to check ip is pass from proxy
70
$ip=$\_SERVER\['HTTP\_X\_FORWARDED\_FOR'\];
71
} else {
72
$ip=$\_SERVER\['REMOTE\_ADDR'\];
67
$ip = '';
68
if ( !empty($\_SERVER\['HTTP\_CLIENT\_IP'\]) && filter\_var($\_SERVER\['HTTP\_CLIENT\_IP'\], FILTER\_VALIDATE\_IP) ) { //check ip from share internet
69
$ip = $\_SERVER\['HTTP\_CLIENT\_IP'\];
70
} elseif ( !empty($\_SERVER\['HTTP\_X\_FORWARDED\_FOR'\]) && filter\_var($\_SERVER\['HTTP\_X\_FORWARDED\_FOR'\], FILTER\_VALIDATE\_IP) ) { //to check ip is pass from proxy
71
$ip = $\_SERVER\['HTTP\_X\_FORWARDED\_FOR'\];
72
} elseif ( filter\_var($\_SERVER\['REMOTE\_ADDR'\], FILTER\_VALIDATE\_IP) ) {
73
$ip = $\_SERVER\['REMOTE\_ADDR'\];
73
74
}
74
75
return $ip;
…
…
115
116
else
116
117
$page\_statistics->where("meta.\`meta\_key\`", "ip")
117
->where("meta.\`meta\_value\`", self::getRealIpAddr());
118
->where("meta.\`meta\_value\`", sanitize\_text\_field(self::getRealIpAddr()));
118
119
119
120
if(!$page\_statistics->findOne()){
…
…
169
170
->select(" page\_statistics.id, page\_statistics.type, page\_statistics.\`created\_date\` , count(page\_statistics.id) as count ")
170
171
->asTable("page\_statistics")
171
->where\_raw("page\_statistics.\`object\_id\` = " . $params\["listing\_id"\] . " OR page\_statistics.\`object\_id\` = " . $params\["user\_id"\])
172
->where\_raw("page\_statistics.\`object\_id\` = " . sanitize\_text\_field($params\["listing\_id"\]) . " OR page\_statistics.\`object\_id\` = " . sanitize\_text\_field($params\["user\_id"\]))
172
173
->where\_raw(" page\_statistics.\`created\_date\` between '".$start\_date."' and '".$end\_date."' ")
173
174
->group\_by(" HOUR(page\_statistics.\`created\_date\`), page\_statistics.\`id\`, page\_statistics.\`type\`")
ulisting/trunk/includes/classes/vendor/autoload.php
r2056519
r2456786
17
17
require\_once ULISTING\_PATH.'/includes/classes/vendor/wp-router/responses/class-wp-template-response.php';
18
18
require\_once ULISTING\_PATH.'/includes/classes/vendor/wp-router/responses/class-wp-redirect-response.php';
19
require\_once ULISTING\_PATH.'/includes/classes/vendor/wp-router/middleware/class-wp-manage-options.php';
20
require\_once ULISTING\_PATH.'/includes/classes/vendor/wp-router/middleware/class-wp-verify-nonce.php';
ulisting/trunk/includes/enqueue.php
r2243783
r2456786
31
31
wp\_enqueue\_script('vuejs-paginate', ULISTING\_URL . '/assets/js/vue/vuejs-paginate.js', array('vue'), $v);
32
32
wp\_add\_inline\_script('vue-resource', "Vue.http.options.root = '".site\_url()."/1/api';");
33
wp\_add\_inline\_script('vue', "var ulistingAjaxNonce = '".\\uListing\\Classes\\StmVerifyNonce::createAjaxNonce()."'", 'before');
33
34
34
\_enqueue\_osm\_scripts\_styles($v);
35
\_enqueue\_osm\_scripts\_styles($v);
35
36
}
36
37
ulisting/trunk/includes/lib/email-manager/templates/single.php
r2399927
r2456786
200
200
if ( content && content.innerHTML)
201
201
this.emailData.content = content.innerHTML;
202
this.emailData.nonce = ulistingAjaxNonce;
202
203
this.$http.post('ulisting-email/single', this.emailData)
203
204
.then(response => {
ulisting/trunk/includes/route.php
r2399927
r2456786
35
35
\*/
36
36
$wp\_router->post( array(
37
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/role/save',
38
'uses' => function(){
37
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/role/save',
38
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
39
'uses' => function(){
39
40
wp\_send\_json(\\uListing\\Classes\\UlistingUserRole::save\_role\_api());
40
41
die;
…
…
59
60
\*/
60
61
$wp\_router->get( array(
61
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/search',
62
'uses' => function(){
62
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/search',
63
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
64
'uses' => function(){
63
65
if(isset($\_GET\['search'\]))
64
66
wp\_send\_json(\\uListing\\Classes\\StmUser::search($\_GET\['search'\]));
…
…
70
72
71
73
$wp\_router->post( array(
72
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/get\_feature\_plan',
73
'uses' => function(){
74
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/get\_feature\_plan',
75
'middlewares' => \[ 'UlistingVerifyNonce' \],
76
'uses' => function(){
74
77
wp\_send\_json(\\uListing\\Classes\\StmUser::get\_fueatrue\_plan\_api());
75
78
die;
…
…
79
82
80
83
$wp\_router->post( array(
81
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/draft\_or\_delete',
82
'uses' => function(){
84
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/draft\_or\_delete',
85
'middlewares' => \[ 'UlistingVerifyNonce' \],
86
'uses' => function(){
83
87
wp\_send\_json(\\uListing\\Classes\\StmUser::draft\_or\_delete\_listing());
84
88
die;
…
…
88
92
89
93
$wp\_router->post( array(
90
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/deletelisting',
91
'uses' => function(){
94
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/deletelisting',
95
'middlewares' => \[ 'UlistingVerifyNonce' \],
96
'uses' => function(){
92
97
wp\_send\_json(\\uListing\\Classes\\StmUser::delete\_listing());
93
98
die;
…
…
97
102
98
103
$wp\_router->post( array(
99
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/update-password',
100
'uses' => function(){
104
'uri' => ULISTING\_BASE\_URL.'/ulisting-user/update-password',
105
'middlewares' => \[ 'UlistingVerifyNonce' \],
106
'uses' => function(){
101
107
wp\_send\_json(\\uListing\\Classes\\StmUser::update\_password\_api());
102
108
die;
…
…
109
115
\*/
110
116
$wp\_router->get( array(
111
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-item-card-layout/get-data',
112
'uses' => function(){
117
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-item-card-layout/get-data',
118
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
119
'uses' => function(){
113
120
wp\_send\_json(StmListingItemCardLayout::get\_builder\_data());
114
121
die;
…
…
118
125
119
126
$wp\_router->post( array(
120
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-item-card-layout/save',
121
'uses' => function(){
127
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-item-card-layout/save',
128
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
129
'uses' => function(){
122
130
wp\_send\_json(StmListingItemCardLayout::save\_layout());
123
131
die;
…
…
127
135
128
136
$wp\_router->post( array(
129
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-item-card-layout/get-layout',
130
'uses' => function(){
137
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-item-card-layout/get-layout',
138
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
139
'uses' => function(){
131
140
wp\_send\_json(StmListingItemCardLayout::get\_layout());
132
141
die;
…
…
139
148
\*/
140
149
$wp\_router->get( array(
141
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/get\_data',
142
'uses' => function(){
150
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/get\_data',
151
'middlewares' => \[ 'UlistingManageOptions' \],
152
'uses' => function(){
143
153
wp\_send\_json(StmInventoryLayout::get\_builder\_data());
144
154
die;
…
…
148
158
149
159
$wp\_router->post( array(
150
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/save\_layout',
151
'uses' => function(){
160
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/save\_layout',
161
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
162
'uses' => function(){
152
163
wp\_send\_json(StmInventoryLayout::save\_layout());
153
164
die;
…
…
157
168
158
169
$wp\_router->get( array(
159
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/layout-list',
160
'uses' => function(){
170
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/layout-list',
171
'middlewares' => \[ 'UlistingManageOptions' \],
172
'uses' => function(){
161
173
wp\_send\_json(StmInventoryLayout::get\_layout\_list());
162
174
die;
…
…
166
178
167
179
$wp\_router->post( array(
168
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/get-layout',
169
'uses' => function(){
180
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/get-layout',
181
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
182
'uses' => function(){
170
183
wp\_send\_json(StmInventoryLayout::get\_layout());
171
184
die;
…
…
175
188
176
189
$wp\_router->post( array(
177
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/delete-layout',
178
'uses' => function(){
190
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-type-layout/delete-layout',
191
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
192
'uses' => function(){
179
193
wp\_send\_json(StmInventoryLayout::get\_layout\_delete());
180
194
die;
…
…
187
201
\*/
188
202
$wp\_router->post( array(
189
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/get\_data',
190
'uses' => function(){
203
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/get\_data',
204
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
205
'uses' => function(){
191
206
wp\_send\_json(StmListingSingleLayout::get\_builder\_data());
192
207
die;
…
…
195
210
);
196
211
197
/\*\*
198
\* Listing single page builder
199
\*/
200
$wp\_router->post( array(
201
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-layout/new-layout',
202
'uses' => function(){
212
$wp\_router->post( array(
213
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-layout/new-layout',
214
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
215
'uses' => function(){
203
216
wp\_send\_json(StmListingSingleLayout::import\_new\_layout());
204
217
die;
…
…
208
221
209
222
$wp\_router->post( array(
210
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/save\_layout',
211
'uses' => function(){
223
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/save\_layout',
224
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
225
'uses' => function(){
212
226
wp\_send\_json(StmListingSingleLayout::save\_layout());
213
227
die;
…
…
217
231
218
232
$wp\_router->get( array(
219
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/layout-list',
220
'uses' => function(){
233
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/layout-list',
234
'middlewares' => \[ 'UlistingManageOptions' \],
235
'uses' => function(){
221
236
wp\_send\_json(StmListingSingleLayout::get\_layout\_list());
222
237
die;
…
…
226
241
227
242
$wp\_router->post( array(
228
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/get-layout',
229
'uses' => function(){
243
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/get-layout',
244
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
245
'uses' => function(){
230
246
wp\_send\_json(StmListingSingleLayout::get\_layout());
231
247
die;
…
…
235
251
236
252
$wp\_router->post( array(
237
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/delete-layout',
238
'uses' => function(){
253
'uri' => ULISTING\_BASE\_URL.'/ulisting-builder/listing-single-page/delete-layout',
254
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
255
'uses' => function(){
239
256
wp\_send\_json(StmListingSingleLayout::get\_layout\_delete());
240
257
die;
…
…
293
310
$wp\_router->post( array(
294
311
'uri' => ULISTING\_BASE\_URL.'/search-form/get-form-data',
312
'middlewares' => \[ 'UlistingVerifyNonce' \],
295
313
'uses' => function(){
296
314
wp\_send\_json(\\uListing\\Classes\\StmListingFilter::get\_data\_api());
…
…
305
323
\*/
306
324
$wp\_router->get( array(
307
'uri' => ULISTING\_BASE\_URL.'/ulisting-import/get-import-info',
308
'uses' => function(){
325
'uri' => ULISTING\_BASE\_URL.'/ulisting-import/get-import-info',
326
'middlewares' => \[ 'UlistingManageOptions' \],
327
'uses' => function(){
309
328
wp\_send\_json( \\uListing\\Classes\\StmImport::get\_import\_info\_api() );
310
329
die;
…
…
314
333
315
334
$wp\_router->post( array(
316
'uri' => ULISTING\_BASE\_URL.'/ulisting-import/progress',
317
'uses' => function(){
335
'uri' => ULISTING\_BASE\_URL.'/ulisting-import/progress',
336
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
337
'uses' => function(){
318
338
wp\_send\_json( \\uListing\\Classes\\StmImport::import\_progress() );
319
339
die;
…
…
326
346
\*/
327
347
$wp\_router->post( array(
328
'uri' => ULISTING\_BASE\_URL.'/ulisting-comment/add',
329
'uses' => function(){
348
'uri' => ULISTING\_BASE\_URL.'/ulisting-comment/add',
349
'middlewares' => \[ 'UlistingVerifyNonce' \],
350
'uses' => function(){
330
351
wp\_send\_json( \\uListing\\Classes\\StmComment::add\_commnet\_api() );
331
352
die;
…
…
335
356
336
357
$wp\_router->get( array(
337
'uri' => ULISTING\_BASE\_URL.'/ulisting-comment/get',
338
'uses' => function(){
358
'uri' => ULISTING\_BASE\_URL.'/ulisting-comment/get',
359
'middlewares' => \[ 'UlistingVerifyNonce' \],
360
'uses' => function(){
339
361
wp\_send\_json( \\uListing\\Classes\\StmComment::get\_commnet\_api());
340
362
die;
…
…
360
382
\*/
361
383
$wp\_router->post( array(
362
'uri' => ULISTING\_BASE\_URL.'/ulisting-email/single',
363
'uses' => function(){
384
'uri' => ULISTING\_BASE\_URL.'/ulisting-email/single',
385
'middlewares' => \[ 'UlistingManageOptions', 'UlistingVerifyNonce' \],
386
'uses' => function(){
364
387
wp\_send\_json( \\uListing\\Classes\\UlistingNotifications::single\_email\_save\_changes() );
365
388
die;
…
…
378
401
if(uListing\_wishlist\_active()){
379
402
$wp\_router->post( array(
380
'uri' => ULISTING\_BASE\_URL.'/ulisting-save-search/save',
381
'uses' => function(){
403
'uri' => ULISTING\_BASE\_URL.'/ulisting-save-search/save',
404
'middlewares' => \[ 'UlistingVerifyNonce' \],
405
'uses' => function(){
382
406
if( isset($\_POST\["user\_id"\]) AND isset($\_POST\["url"\]) AND isset($\_POST\["listing\_type\_id"\]))
383
407
wp\_send\_json( \\uListing\\Classes\\UlistingSearch::save\_api($\_POST) );
…
…
388
412
389
413
$wp\_router->post( array(
390
'uri' => ULISTING\_BASE\_URL.'/ulisting-save-search/delete',
391
'uses' => function(){
414
'uri' => ULISTING\_BASE\_URL.'/ulisting-save-search/delete',
415
'middlewares' => \[ 'UlistingVerifyNonce' \],
416
'uses' => function(){
392
417
if( isset($\_POST\["id"\]))
393
418
wp\_send\_json( \\uListing\\Classes\\UlistingSearch::delete\_api($\_POST\["id"\]) );
…
…
407
432
408
433
$wp\_router->post( array(
409
'uri' => ULISTING\_BASE\_URL.'/ulisting-saved-searches/check',
410
'uses' => function(){
434
'uri' => ULISTING\_BASE\_URL.'/ulisting-saved-searches/check',
435
'middlewares' => \[ 'UlistingVerifyNonce' \],
436
'uses' => function(){
411
437
wp\_send\_json( \\uListing\\Classes\\UlistingSearch::check\_api($\_POST) );
412
438
die;
ulisting/trunk/uListing.php
r2454754
r2456786
7
7
\* Author URI: https://stylemixthemes.com/
8
8
\* Text Domain: ulisting
9
\* Version: 1.6.6
9
\* Version: 1.7
10
10
\*/
11
11
12
12
if ( ! defined( 'ABSPATH' ) ) exit;
13
13
14
define( 'ULISTING\_VERSION', '1.6.6' );
14
define( 'ULISTING\_VERSION', '1.7' );
15
15
define( 'ULISTING\_DB\_VERSION', '1.0.2');
16
16
define( 'ULISTING\_PATH', dirname( \_\_FILE\_\_ ) );