Skip to content

Commit 4a34190

Browse files
AntonV1211AntonV1211
authored
Merge pull request #737 from CleanTalk/rc_inst_plg_av
Fix. Code. Edit Remote Calls
2 parents d34f33e + 9b2e12a commit 4a34190

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

cleantalk.php

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2096,6 +2096,11 @@ function apbct_rc__install_plugin($_wp = null, $plugin = null)
20962096
$plugin = Get::get('plugin') ? Get::get('plugin') : '';
20972097
}
20982098

2099+
$allowed_plugin = 'security-malware-firewall/security-malware-firewall.php';
2100+
if ( !empty($plugin) && TT::toString($plugin) !== $allowed_plugin ) {
2101+
die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
2102+
}
2103+
20992104
if ( !empty($plugin) ) {
21002105
$plugin = TT::toString($plugin);
21012106
if ( preg_match('/[a-zA-Z-\d]+[\/\\][a-zA-Z-\d]+\.php/', $plugin) ) {
@@ -2159,6 +2164,12 @@ function apbct_rc__activate_plugin($plugin)
21592164
$plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
21602165
}
21612166

2167+
// Only allow activation of Security by CleanTalk plugin via remote call
2168+
$allowed_plugin = 'security-malware-firewall/security-malware-firewall.php';
2169+
if ( $plugin && $plugin !== $allowed_plugin ) {
2170+
return array('error' => 'PLUGIN_NOT_ALLOWED');
2171+
}
2172+
21622173
if ( $plugin ) {
21632174
if ( preg_match('@[a-zA-Z-\d]+[\\\/][a-zA-Z-\d]+\.php@', $plugin) ) {
21642175
require_once(ABSPATH . '/wp-admin/includes/plugin.php');
@@ -2199,6 +2210,15 @@ function apbct_rc__deactivate_plugin($plugin = null)
21992210
$plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
22002211
}
22012212

2213+
// Only allow deactivation of CleanTalk plugins via remote call
2214+
$allowed_plugins = array(
2215+
'cleantalk-spam-protect/cleantalk.php',
2216+
'security-malware-firewall/security-malware-firewall.php',
2217+
);
2218+
if ( $plugin && !in_array($plugin, $allowed_plugins, true) ) {
2219+
die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
2220+
}
2221+
22022222
if ( $plugin ) {
22032223
// Switching complete deactivation for security
22042224
if ( $plugin === 'security-malware-firewall/security-malware-firewall.php' && ! empty(Get::get('misc__complete_deactivation')) ) {
@@ -2245,6 +2265,15 @@ function apbct_rc__uninstall_plugin($plugin = null)
22452265
$plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
22462266
}
22472267

2268+
// Only allow uninstallation of CleanTalk plugins via remote call
2269+
$allowed_plugins = array(
2270+
'cleantalk-spam-protect/cleantalk.php',
2271+
'security-malware-firewall/security-malware-firewall.php',
2272+
);
2273+
if ( $plugin && !in_array($plugin, $allowed_plugins, true) ) {
2274+
die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
2275+
}
2276+
22482277
if ( $plugin ) {
22492278
// Switching complete deactivation for security
22502279
if ( $plugin === 'security-malware-firewall/security-malware-firewall.php' && ! empty(Get::get('misc__complete_deactivation')) ) {

0 commit comments

Comments
 (0)