Skip to content

Fix. Code. Edit Remote Calls #737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AntonV1211 merged 1 commit into from
Feb 12, 2026
Merged

Fix. Code. Edit Remote Calls #737

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions cleantalk.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2096,6 +2096,11 @@ function apbct_rc__install_plugin($_wp = null, $plugin = null)
$plugin = Get::get('plugin') ? Get::get('plugin') : '';
}

$allowed_plugin = 'security-malware-firewall/security-malware-firewall.php';
if ( !empty($plugin) && TT::toString($plugin) !== $allowed_plugin ) {
die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
}

if ( !empty($plugin) ) {
$plugin = TT::toString($plugin);
if ( preg_match('/[a-zA-Z-\d]+[\/\\][a-zA-Z-\d]+\.php/', $plugin) ) {
Expand Down Expand Up @@ -2159,6 +2164,12 @@ function apbct_rc__activate_plugin($plugin)
$plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
}

// Only allow activation of Security by CleanTalk plugin via remote call
$allowed_plugin = 'security-malware-firewall/security-malware-firewall.php';
if ( $plugin && $plugin !== $allowed_plugin ) {
return array('error' => 'PLUGIN_NOT_ALLOWED');
}

if ( $plugin ) {
if ( preg_match('@[a-zA-Z-\d]+[\\\/][a-zA-Z-\d]+\.php@', $plugin) ) {
require_once(ABSPATH . '/wp-admin/includes/plugin.php');
Expand Down Expand Up @@ -2199,6 +2210,15 @@ function apbct_rc__deactivate_plugin($plugin = null)
$plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
}

// Only allow deactivation of CleanTalk plugins via remote call
$allowed_plugins = array(
'cleantalk-spam-protect/cleantalk.php',
'security-malware-firewall/security-malware-firewall.php',
);
if ( $plugin && !in_array($plugin, $allowed_plugins, true) ) {
die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
}

if ( $plugin ) {
// Switching complete deactivation for security
if ( $plugin === 'security-malware-firewall/security-malware-firewall.php' && ! empty(Get::get('misc__complete_deactivation')) ) {
Expand Down Expand Up @@ -2245,6 +2265,15 @@ function apbct_rc__uninstall_plugin($plugin = null)
$plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
}

// Only allow uninstallation of CleanTalk plugins via remote call
$allowed_plugins = array(
'cleantalk-spam-protect/cleantalk.php',
'security-malware-firewall/security-malware-firewall.php',
);
if ( $plugin && !in_array($plugin, $allowed_plugins, true) ) {
die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
}

if ( $plugin ) {
// Switching complete deactivation for security
if ( $plugin === 'security-malware-firewall/security-malware-firewall.php' && ! empty(Get::get('misc__complete_deactivation')) ) {
Expand Down
Loading