Merge pull request #4 from Bit-Apps-Pro/fix-sanitize-issue

fix: sanitization issues in request handling

Author: abdul-kaioum

src/Http/IpTool.php

@@ -50,20 +50,20 @@ public function user()
     private static function checkIP()
     {
         if (getenv('HTTP_CLIENT_IP')) {
-            $ip = getenv('HTTP_CLIENT_IP');
+            $ip = sanitize_text_field(getenv('HTTP_CLIENT_IP'));
         } elseif (getenv('HTTP_X_FORWARDED_FOR')) {
-            $ip = getenv('HTTP_X_FORWARDED_FOR');
+            $ip = sanitize_text_field(getenv('HTTP_X_FORWARDED_FOR'));
         } elseif (getenv('HTTP_X_FORWARDED')) {
-            $ip = getenv('HTTP_X_FORWARDED');
+            $ip = sanitize_text_field(getenv('HTTP_X_FORWARDED'));
         } elseif (getenv('HTTP_FORWARDED_FOR')) {
-            $ip = getenv('HTTP_FORWARDED_FOR');
+            $ip = sanitize_text_field(getenv('HTTP_FORWARDED_FOR'));
         } elseif (getenv('HTTP_FORWARDED')) {
-            $ip = getenv('HTTP_FORWARDED');
+            $ip = sanitize_text_field(getenv('HTTP_FORWARDED'));
         } else {
-            $ip = $_SERVER['REMOTE_ADDR'];
+            $ip = sanitize_text_field($_SERVER['REMOTE_ADDR']);
         }
 
-        return $ip;
+       return filter_var($ip, FILTER_VALIDATE_IP);
     }
 
     /**
@@ -73,7 +73,7 @@ private static function checkDevice()
     {
         return isset(
             $_SERVER['HTTP_USER_AGENT']
-        ) ? self::getBrowserName($_SERVER['HTTP_USER_AGENT']) . '|' . self::getOS($_SERVER['HTTP_USER_AGENT']) : '';
+        ) ? self::getBrowserName(wp_kses($_SERVER['HTTP_USER_AGENT'], [])) . '|' . self::getOS(wp_kses($_SERVER['HTTP_USER_AGENT'], [])) : '';
     }
 
     /**

src/Http/Request/Request.php

@@ -103,7 +103,7 @@ public function body()
 
     public function method()
     {
-        return $_SERVER['REQUEST_METHOD'];
+        return sanitize_text_field($_SERVER['REQUEST_METHOD']);
     }
 
     public function contentType()

src/Http/Router/AjaxRouter.php

@@ -27,30 +27,35 @@ public function registerRoutes()
 
     public function addRoute(RouteRegister $route)
     {
-        if (
-            !isset($_REQUEST['action'])
-            || strpos($_REQUEST['action'], $this->_router->getAjaxPrefix()) === false
-            || !\in_array(strtoupper($_SERVER['REQUEST_METHOD']), $route->getMethods())
+
+        $requestMethod = isset($_SERVER['REQUEST_METHOD']) ? sanitize_text_field($_SERVER['REQUEST_METHOD']) : '';
+        $action = isset($_REQUEST['action']) ? sanitize_text_field($_REQUEST['action']) : '';
+
+        if (strpos($action, $this->_router->getAjaxPrefix()) === false
+            || !\in_array(strtoupper($requestMethod), $route->getMethods())
         ) {
             return;
         }
 
-        $requestPath = str_replace($this->_router->getAjaxPrefix(), '', $_REQUEST['action']);
+        $requestPath = str_replace($this->_router->getAjaxPrefix(), '', $action);
         if (!$this->isRouteMatched($route, $requestPath)) {
             return;
         }
 
-        Hooks::addAction('wp_ajax_' . $_REQUEST['action'], [$route, 'handleRequest']);
+        Hooks::addAction('wp_ajax_' . $action, [$route, 'handleRequest']);
         if ($route->isNoAuth()) {
-            Hooks::addAction('wp_ajax_nopriv_' . $_REQUEST['action'], [$route, 'handleRequest']);
+            Hooks::addAction('wp_ajax_nopriv_' . $action, [$route, 'handleRequest']);
         }
 
         $this->_router->addRegisteredRoute($this->currentRouteName(), $route);
     }
 
     public function currentRouteName()
     {
-        return $_SERVER['REQUEST_METHOD'] . $_REQUEST['action'];
+        $requestMethod = isset($_SERVER['REQUEST_METHOD']) ? sanitize_text_field($_SERVER['REQUEST_METHOD']) : '';
+        $action = isset($_REQUEST['action']) ? sanitize_text_field($_REQUEST['action']) : '';
+        
+        return $requestMethod. $action;
     }
 
     /**