/** * Sanitize each setting field as needed * * @param array $input * Contains all settings fields as array keys */ public function sanitize($input) { $this->logger->debug("Sanitizing data before storage"); $new_input = array(); $success = true; $this->sanitizeString('Encryption Type', PostmanOptions::SECURITY_TYPE, $input, $new_input); $this->sanitizeString('Hostname', PostmanOptions::HOSTNAME, $input, $new_input); if (!empty($input[PostmanOptions::PORT])) { $port = absint($input[PostmanOptions::PORT]); if ($port > 0) { $this->sanitizeInt('Port', PostmanOptions::PORT, $input, $new_input); } else { $new_input[PostmanOptions::PORT] = $this->options->getPort(); add_settings_error(PostmanOptions::PORT, PostmanOptions::PORT, 'Invalid TCP Port', 'error'); $success = false; } } // check the auth type AFTER the hostname because we reset the hostname if auth is bad $this->sanitizeString('From Email', PostmanOptions::MESSAGE_SENDER_EMAIL, $input, $new_input); // the wizard doesn't set an envelope sender, so we'll default it to From Email $new_input[PostmanOptions::ENVELOPE_SENDER] = $new_input[PostmanOptions::MESSAGE_SENDER_EMAIL]; $this->sanitizeString('Sender Email', PostmanOptions::ENVELOPE_SENDER, $input, $new_input); $this->sanitizeString('Transport Type', PostmanOptions::TRANSPORT_TYPE, $input, $new_input); $this->sanitizeString('Authorization Type', PostmanOptions::AUTHENTICATION_TYPE, $input, $new_input); $this->sanitizeString('From Name', PostmanOptions::MESSAGE_SENDER_NAME, $input, $new_input); $this->sanitizeString('Client ID', PostmanOptions::CLIENT_ID, $input, $new_input); $this->sanitizeString('Client Secret', PostmanOptions::CLIENT_SECRET, $input, $new_input); $this->sanitizeString('Username', PostmanOptions::BASIC_AUTH_USERNAME, $input, $new_input); $this->sanitizePassword('Password', PostmanOptions::BASIC_AUTH_PASSWORD, $input, $new_input, $this->options->getPassword()); $this->sanitizePassword('Mandrill API Key', PostmanOptions::MANDRILL_API_KEY, $input, $new_input, $this->options->getMandrillApiKey()); $this->sanitizePassword('SendGrid API Key', PostmanOptions::SENDGRID_API_KEY, $input, $new_input, $this->options->getSendGridApiKey()); $this->sanitizeString('Reply-To', PostmanOptions::REPLY_TO, $input, $new_input); $this->sanitizeString('From Name Override', PostmanOptions::PREVENT_MESSAGE_SENDER_NAME_OVERRIDE, $input, $new_input); $this->sanitizeString('From Email Override', PostmanOptions::PREVENT_MESSAGE_SENDER_EMAIL_OVERRIDE, $input, $new_input); $this->sanitizeString('Disable Email Validation', PostmanOptions::DISABLE_EMAIL_VALIDAITON, $input, $new_input); $this->sanitizeString('Forced To Recipients', PostmanOptions::FORCED_TO_RECIPIENTS, $input, $new_input); $this->sanitizeString('Forced CC Recipients', PostmanOptions::FORCED_CC_RECIPIENTS, $input, $new_input); $this->sanitizeString('Forced BCC Recipients', PostmanOptions::FORCED_BCC_RECIPIENTS, $input, $new_input); $this->sanitizeString('Additional Headers', PostmanOptions::ADDITIONAL_HEADERS, $input, $new_input); $this->sanitizeInt('Read Timeout', PostmanOptions::READ_TIMEOUT, $input, $new_input); $this->sanitizeInt('Conenction Timeout', PostmanOptions::CONNECTION_TIMEOUT, $input, $new_input); $this->sanitizeInt('Log Level', PostmanOptions::LOG_LEVEL, $input, $new_input); $this->sanitizeString('Email Log Enabled', PostmanOptions::MAIL_LOG_ENABLED_OPTION, $input, $new_input); $this->sanitizeLogMax('Email Log Max Entries', PostmanOptions::MAIL_LOG_MAX_ENTRIES, $input, $new_input); $this->sanitizeString('Run Mode', PostmanOptions::RUN_MODE, $input, $new_input); $this->sanitizeString('Stealth Mode', PostmanOptions::STEALTH_MODE, $input, $new_input); $this->sanitizeInt('Transcript Size', PostmanOptions::TRANSCRIPT_SIZE, $input, $new_input); $this->sanitizeString('Temporary Directory', PostmanOptions::TEMPORARY_DIRECTORY, $input, $new_input); if ($new_input[PostmanOptions::CLIENT_ID] != $this->options->getClientId() || $new_input[PostmanOptions::CLIENT_SECRET] != $this->options->getClientSecret() || $new_input[PostmanOptions::HOSTNAME] != $this->options->getHostname()) { $this->logger->debug("Recognized new Client ID"); // the user entered a new client id and we should destroy the stored auth token delete_option(PostmanOAuthToken::OPTIONS_NAME); } // can we create a tmp file? - this code is duplicated in ActivationHandler PostmanUtils::deleteLockFile($new_input[PostmanOptions::TEMPORARY_DIRECTORY]); $lockSuccess = PostmanUtils::createLockFile($new_input[PostmanOptions::TEMPORARY_DIRECTORY]); // &= does not work as expected in my PHP $lockSuccess = $lockSuccess && PostmanUtils::deleteLockFile($new_input[PostmanOptions::TEMPORARY_DIRECTORY]); $this->logger->debug('FileLocking=' . $lockSuccess); PostmanState::getInstance()->setFileLockingEnabled($lockSuccess); if ($success) { PostmanSession::getInstance()->setAction(self::VALIDATION_SUCCESS); } else { PostmanSession::getInstance()->setAction(self::VALIDATION_FAILED); } return $new_input; }
/** * Unblock threads waiting on lock() */ static function unlock() { if (PostmanState::getInstance()->isFileLockingEnabled()) { PostmanUtils::deleteLockFile(); } }
/** * Handle activation of plugin */ private function handleOptionUpdates() { $this->logger->debug("Activating plugin"); // prior to version 0.2.5, $authOptions did not exist $authOptions = get_option('postman_auth_token'); $options = get_option('postman_options'); $postmanState = get_option('postman_state'); if (empty($authOptions) && !empty($options) && !empty($options['access_token'])) { $this->logger->debug("Upgrading database: copying Authorization token from postman_options to postman_auth_token"); // copy the variables from $options to $authToken $authOptions['access_token'] = $options['access_token']; $authOptions['refresh_token'] = $options['refresh_token']; // there was a bug where we weren't setting the expiry time if (!empty($options['auth_token_expires'])) { $authOptions['auth_token_expires'] = $options['auth_token_expires']; } update_option('postman_auth_token', $authOptions); } if (!isset($options['authorization_type']) && !isset($options['auth_type'])) { // prior to 1.0.0, access tokens were saved in authOptions without an auth type // prior to 0.2.5, access tokens were save in options without an auth type // either way, only oauth2 was supported if (isset($authOptions['access_token']) || isset($options['access_token'])) { $this->logger->debug("Upgrading database: setting authorization_type to 'oauth2'"); $options['authorization_type'] = 'oauth2'; update_option('postman_options', $options); } } if (!isset($options['enc_type'])) { // prior to 1.3, encryption type was combined with authentication type if (isset($options['authorization_type'])) { $this->logger->debug("Upgrading database: creating auth_type and enc_type from authorization_type"); $authType = $options['authorization_type']; switch ($authType) { case 'none': $options['auth_type'] = 'none'; $options['enc_type'] = 'none'; break; case 'basic-ssl': $options['auth_type'] = 'login'; $options['enc_type'] = 'ssl'; break; case 'basic-tls': $options['auth_type'] = 'login'; $options['enc_type'] = 'tls'; break; case 'oauth2': $options['auth_type'] = 'oauth2'; $options['enc_type'] = 'ssl'; break; default: } update_option('postman_options', $options); } } // prior to 1.3.3, the version identifier was not stored and the passwords were plaintext if (isset($options['enc_type']) && !(isset($options['version']) || isset($postmanState['version']))) { $this->logger->debug("Upgrading database: added plugin version and encoding password"); $options['version'] = '1.3.3'; if (isset($options['basic_auth_password'])) { $options['basic_auth_password'] = base64_encode($options['basic_auth_password']); } update_option('postman_options', $options); } // prior to 1.4.2, the transport was not identified and the auth token had no vendor if (isset($options['auth_type']) && !isset($options['transport_type'])) { $this->logger->debug("Upgrading database: added transport_type and vendor_name"); $options['transport_type'] = 'smtp'; update_option('postman_options', $options); if (isset($authOptions['access_token']) && isset($options['oauth_client_id'])) { // if there is a stored token.. if (PostmanUtils::endsWith($options['oauth_client_id'], 'googleusercontent.com')) { $authOptions['vendor_name'] = 'google'; } else { if (strlen($options['oauth_client_id'] < strlen($options['oauth_client_secret']))) { $authOptions['vendor_name'] = 'microsoft'; } else { $authOptions['vendor_name'] = 'yahoo'; } } update_option('postman_auth_token', $authOptions); } } // for version 1.6.18, the envelope from was introduced if (!empty($options['sender_email']) && empty($options['envelope_sender'])) { $this->logger->debug("Upgrading database: adding envelope_sender"); $options['envelope_sender'] = $options['sender_email']; update_option('postman_options', $options); } if (isset($postmanState['version']) && version_compare($postmanState['version'], '1.7.0', '<')) { if ($options['mail_log_max_entries'] == 10) { $options['mail_log_max_entries'] = 250; } $postmanStats = get_option('postman_stats'); $stateCleared = false; if (!isset($postmanState['delivery_success_total']) && isset($postmanStats['delivery_success_total'])) { $postmanState['delivery_success_total'] = $postmanStats['delivery_success_total']; $stateCleared = true; } if (!isset($postmanState['delivery_fail_total']) && isset($postmanStats['delivery_fail_total'])) { $postmanState['delivery_fail_total'] = $postmanStats['delivery_fail_total']; $stateCleared = true; } if ($stateCleared) { delete_option('postman_stats'); } } // can we create a tmp file? - this code is duplicated in InputSanitizer PostmanUtils::deleteLockFile(); $lockSuccess = PostmanUtils::createLockFile(); // &= does not work as expected in my PHP $lockSuccess = $lockSuccess && PostmanUtils::deleteLockFile(); $postmanState['locking_enabled'] = $lockSuccess; // always update the version number if (!isset($postmanState['install_date'])) { $this->logger->debug("Upgrading database: adding install_date"); $postmanState['install_date'] = time(); } $pluginData = apply_filters('postman_get_plugin_metadata', null); $postmanState['version'] = $pluginData['version']; update_option('postman_state', $postmanState); // delete_option('postman_session'); // reload options PostmanState::getInstance()->reload(); PostmanOptions::getInstance()->reload(); }