Prepare security improvements with wp_filesystem API

Author: Alexandre Germain

class/class-admin.php

@@ -17,7 +17,9 @@
 use \ithoughts\v5_0\Toolbox as TB;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly.
+	// Exit if accessed directly.
+	status_header( 403 );
+	wp_die( 'Forbidden' );
 }
 
 
@@ -83,15 +85,15 @@ public function set_version() {
 				if ( $backbone->get_option( 'version' ) === -1 ) {
 					$backbone->set_option( 'version',$this->current_version );
 				} elseif ( $this->is_under_versionned() ) {
-					$backbone->log( \ithoughts\v5_0\LogLevel::Warn, "Plugin settings are under versionned. Installed version is {$plugindata['Version']}, and config is {$backbone->get_option( 'version' )}" );
+					$backbone->log( \ithoughts\v5_0\LogLevel::WARN, "Plugin settings are under versionned. Installed version is {$plugindata['Version']}, and config is {$backbone->get_option( 'version' )}" );
 					// Create the updater.
 					require_once( $backbone->get_base_class_path() . '/class-updater.php' );
 					$this->updater = new Updater( $backbone->get_option( 'version' ), $this->current_version, $this );
 
 					// Do we need to apply a particular update process?
 					if ( $this->updater->requires_update() ) {
 						// If an update is required, apply it.
-						$backbone->log( \ithoughts\v5_0\LogLevel::Info, "An update process is available to step to {$plugindata['Version']}." );
+						$backbone->log( \ithoughts\v5_0\LogLevel::INFO, "An update process is available to step to {$plugindata['Version']}." );
 						// Show the update message.
 						$this->updater->add_admin_notice();
 					} else {
@@ -831,7 +833,7 @@ public function get_tinymce_tooltip_form_ajax() {
 					case 'tooltip':{
 						$data['tooltip_content'] = inner_attr(
 							isset( $data['tooltip_content'] ) ? $data['tooltip_content'] : ''
-						, false);
+							, false);
 					} break;
 
 					case 'mediatip':{
@@ -1365,7 +1367,8 @@ public function get_tinymce_list_form_ajax() {
 		 */
 		public function theme_editor() {
 			if ( ! current_user_can( 'edit_theme_options' ) ) {
-				// TODO Throw 403.
+				status_header( 403 );
+				wp_die( 'Forbidden' );
 			}
 			$backbone = \ithoughts\tooltip_glossary\Backbone::get_instance();
 			$action = 'load';
@@ -1397,7 +1400,7 @@ public function theme_editor() {
 ?><div class="notice notice-error"><p><?php
 				esc_html_e( 'Error while generating the theme editor: ', 'ithoughts-tooltip-glossary' );
 				echo esc_html( $themedata['error'] );
-echo esc_html( $ret['error'] ); ?></p></div><?php
+				echo esc_html( $ret['error'] ); ?></p></div><?php
 			}
 
 			/* Add required scripts for WordPress Spoilers (AKA PostBox) */
@@ -1464,8 +1467,8 @@ public function theme_editor() {
 						),
 					)
 				),
-																							  );
-																							  require $backbone->get_base_path() . '/templates/dist/customizing_form.php';
+			);
+			require $backbone->get_base_path() . '/templates/dist/customizing_form.php';
 		}
 
 		/**
@@ -1508,6 +1511,19 @@ private function loadtheme( $themename = null ) {
 				);
 			}
 
+
+			/*$url = wp_nonce_url("itg-load-theme?theme_name=$themename",'itg-load-theme');
+			if (false === ($creds = request_filesystem_credentials($url, '', false, false, null) ) ) {
+				return; // stop processing here.
+			} else {
+				if ( ! \WP_Filesystem($creds) ) {
+					request_filesystem_credentials($url, '', true, false, null);
+					return;
+				}
+			}*/
+
+
+
 			$content = file_get_contents( $theme_infos['absdir'] . '/' . $file );
 
 			$match_head_regex = "/^\\.qtip-$reformated_theme_name\\s*{[\\n\\s]*/";
@@ -1634,7 +1650,7 @@ private function less_auto_indent( $content ) {
 				if ( strlen( $line ) > 0 ) {
 					$indented .= str_repeat( $indent, $indent_level ) . $line . PHP_EOL;
 				} else { $indented .= PHP_EOL;
-				}
+					   }
 				$indent_level += preg_match( '/\{(\s*(\\/\\*.*\\*\\/)*)*$/',$line );
 			}
 			return preg_replace( "/[\n\r\s]*$/",'',$indented );

class/class-autolink.php

@@ -13,7 +13,7 @@
 namespace ithoughts\tooltip_glossary;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 if ( ! class_exists( __NAMESPACE__ . '\\AutoLink' ) ) {

class/class-backbone.php

@@ -17,7 +17,7 @@
 use \ithoughts\v5_0\LogLevel as LogLevel;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 
@@ -149,15 +149,15 @@ function __construct( $plugin_base ) {
 					),
 				),
 				'verbosity'	=> array(
-					'default'		=> LogLevel::Error,
+					'default'		=> LogLevel::ERROR,
 					'serversideOverride'	=> false,// If required once, required everywhere
 					'cliensideOverride'	=> false,// Not a js data
 					'accepted'		=> array(
-						LogLevel::Silent,
-						LogLevel::Error,
-						LogLevel::Warn,
-						LogLevel::Info,
-						LogLevel::Silly,
+						LogLevel::SILENT,
+						LogLevel::ERROR,
+						LogLevel::WARN,
+						LogLevel::INFO,
+						LogLevel::SILLY,
 					),
 				),
 				'anim_in'		=> array(
@@ -233,7 +233,7 @@ function __construct( $plugin_base ) {
 			if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
 				$tail = ' in DEBUG mode';
 			}
-			$this->log( LogLevel::Silly, "Loaded plugin iThoughts Tooltip Glossary v{$this->get_option('version')}$tail." );
+			$this->log( LogLevel::SILLY, "Loaded plugin iThoughts Tooltip Glossary v{$this->get_option('version')}$tail." );
 
 			$this->register_post_types();
 			$this->register_taxonmies();

class/class-filters.php

@@ -20,7 +20,7 @@
 namespace ithoughts\tooltip_glossary;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 if ( ! class_exists( __NAMESPACE__ . '\\Filters' ) ) {

class/class-micropost.php

@@ -13,7 +13,7 @@
 namespace ithoughts\tooltip_glossary;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 if ( ! class_exists( __NAMESPACE__ . '\\MicroPost' ) ) {
 	$backbone = Backbone::get_instance();

class/class-posttypes.php

@@ -13,7 +13,7 @@
 namespace ithoughts\tooltip_glossary;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 if ( ! class_exists( __NAMESPACE__ . '\\PostTypes' ) ) {

class/class-randomterm.php

@@ -13,7 +13,7 @@
 namespace ithoughts\tooltip_glossary\widgets;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 

class/class-taxonomies.php

@@ -13,7 +13,7 @@
 namespace ithoughts\tooltip_glossary;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 if ( ! class_exists( __NAMESPACE__ . '\\Taxonomies' ) ) {

class/class-updater.php

@@ -13,7 +13,7 @@
 namespace ithoughts\tooltip_glossary;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 
@@ -152,7 +152,7 @@ public function updater() {
 
 			if ( $this->parentC->is_under_versionned() ) {
 				$backbone = \ithoughts\tooltip_glossary\Backbone::get_instance();
-				$backbone->log( \ithoughts\v5_0\LogLevel::Info, "Access to the update page (version from $this->from to $this->to) received, prepare update." );
+				$backbone->log( \ithoughts\v5_0\LogLevel::INFO, "Access to the update page (version from $this->from to $this->to) received, prepare update." );
 				$updater_script = $backbone->get_resource( 'ithoughts_tooltip_glossary-updater' );
 				if ( isset( $updater_script ) ) {
 					$updater_script->set_localize_data('iThoughtsTooltipGlossaryUpdater', array(
@@ -184,7 +184,7 @@ public function updater() {
 </div>
 <?php
 			} else {
-				\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::Error, "Access to the update page (version from $this->from to $this->to) received, but nothing to do." );
+				\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::ERROR, "Access to the update page (version from $this->from to $this->to) received, but nothing to do." );
 ?>
 <div class="wrap">
 	<div id="ithoughts-tooltip-glossary-options" class="meta-box meta-box-50 metabox-holder">
@@ -462,7 +462,7 @@ function applyUpdates() {
 				break;
 
 				case 2:{
-					\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::Silly, "Doing update to $this->to" );
+					\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::SILLY, "Doing update to $this->to" );
 					$verbose = array();
 					$maxCount = 20;
 					$postTypes = get_post_types( '', 'names' );
@@ -546,14 +546,14 @@ function applyUpdates() {
 
 							if ( $post->post_content != $postUpdateArray ['post_content'] ) {
 								clean_post_cache( $post->ID );
-								\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::Info, "Updated post $post->ID: \"$post->post_title\":", $counters );
+								\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::INFO, "Updated post $post->ID: \"$post->post_title\":", $counters );
 								$verbose[] = array(
 									'type' => 'info',
 									'text' => "In $post->post_title ($post->ID), replaced {$counters['tooltip']} tooltips, {$counters['glossary']} glossaries, and {$counters['mediatip']} mediatips.",
 								);
 								wp_update_post( $postUpdateArray );
 							} else {
-								\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::Silly, "Post $post->ID: \"$post->post_title\" was not modified" );
+								\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::SILLY, "Post $post->ID: \"$post->post_title\" was not modified" );
 							}
 							wp_cache_delete( $post->ID, 'posts' );
 							wp_cache_delete( $post->ID, 'post_meta' );
@@ -582,7 +582,7 @@ function applyUpdates() {
 				} break;
 			}// End switch().
 
-			\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::Info, 'Ended update step with data: ', $data );
+			\ithoughts\tooltip_glossary\Backbone::get_instance()->log( \ithoughts\v5_0\LogLevel::INFO, 'Ended update step with data: ', $data );
 
 			if ( $data['maxAdvancement'] > -1 ) {
 				if ( $return['progression'] >= $data['maxAdvancement'] ) {

class/shortcode/class-atoz.php

@@ -20,7 +20,7 @@
 namespace ithoughts\tooltip_glossary\shortcode;
 
 if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly
+	 status_header( 403 );wp_die("Forbidden");// Exit if accessed directly
 }
 
 if ( ! class_exists( __NAMESPACE__ . '\\AtoZ' ) ) {