Skip to content

Commit

Permalink
Resolving security issue with permissive URLs.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ronaldhuereca
ronaldhuereca committed Jan 8, 2025
1 parent a5d3b21 commit fafe870
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
4 changes: 2 additions & 2 deletions includes/Admin/Tabs/Integrations.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,7 @@ public function ajax_save_mailchimp_options() {
// Format API url for a server prefix..
$mailchimp_api_url = str_replace(
'<sp>',
$api_server_prefix,
sanitize_key( $api_server_prefix ),
$this->mailchimp_api
);

Expand All @@ -269,7 +269,7 @@ public function ajax_save_mailchimp_options() {
$lists_api_url = esc_url_raw( $mailchimp_api_url . '/lists' );

// Make API call.
$response = wp_remote_get( $lists_api_url, $http_args );
$response = wp_safe_remote_get( $lists_api_url, $http_args );

if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
wp_send_json_error( array( 'message' => __( 'Could not connect to Mailchimp.', 'comment-edit-pro' ) ) );
Expand Down
15 changes: 11 additions & 4 deletions includes/Mailchimp.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,13 @@
*/
class Mailchimp {

/**
* Mailchimp API variable with <sp> (server prefix) for search/replace.
*
* @var string Mailchimp API variable.
*/
private static $mailchimp_api = 'https://<sp>.api.mailchimp.com/3.0/';

/**
* Class runner.
*/
Expand Down Expand Up @@ -90,12 +97,12 @@ private static function add_subscriber( $comment_id, $email, $comment ) {
// Format API url for a server prefix..
$mailchimp_api_url = str_replace(
'<sp>',
$options['mailchimp_api_key_server_prefix'],
$this->mailchimp_api
sanitize_key( $options['mailchimp_api_key_server_prefix'] ),
self::$mailchimp_api
);

$commenter_name = $comment->comment_author;
$mailchimp_api_key = $options['mailchimp_api_key'];
$mailchimp_api_key = sanitize_text_field( $options['mailchimp_api_key'] );

$endpoint = $mailchimp_api_url . 'lists/' . $list . '/members/';

Expand All @@ -114,7 +121,7 @@ private static function add_subscriber( $comment_id, $email, $comment ) {
),
)
);
$response = wp_remote_post( esc_url_raw( $endpoint ), $http_args );
$response = wp_safe_remote_post( esc_url_raw( $endpoint ), $http_args );
if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
// Response code can be 400 if the member already exists.
return false;
Expand Down

0 comments on commit fafe870

Please sign in to comment.