Skip to content

Commit 3ac690c

Browse files
geckod22geckod22
committed
first commit
1 parent 87e2314 commit 3ac690c

File tree

3 files changed

+48
-5
lines changed

3 files changed

+48
-5
lines changed

includes/SSO_Helpers.php

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -126,8 +126,10 @@ public static function shouldThrottle() {
126126

127127
/**
128128
* Trigger an SSO failure.
129+
*
130+
* @param string $error_type type of error
129131
*/
130-
public static function triggerFailure() {
132+
public static function triggerFailure( $error_type = '') {
131133

132134
self::logFailure();
133135

@@ -138,7 +140,18 @@ public static function triggerFailure() {
138140

139141
do_action( 'newfold_sso_fail' );
140142

141-
wp_safe_redirect( wp_login_url() );
143+
if ( empty( $error_type ) ) {
144+
wp_safe_redirect( wp_login_url() );
145+
} else {
146+
wp_safe_redirect(
147+
add_query_arg(
148+
array(
149+
'error' => $error_type,
150+
),
151+
wp_login_url()
152+
)
153+
);
154+
}
142155
exit;
143156

144157
}
@@ -248,7 +261,14 @@ public static function handleLogin( $token ) {
248261
exit;
249262
}
250263

251-
self::triggerSuccess( self::getUserFromToken( $token ) );
264+
$user = self::getUserFromToken( $token );
265+
if ( $user ) {
266+
if ( preg_match("/['\"\\\\]/", $user->user_login ) ) {
267+
self::triggerFailure( 'invalid_username' );
268+
exit;
269+
}
270+
}
271+
self::triggerSuccess( $user );
252272

253273
}
254274

includes/SSO_Helpers_Legacy.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,13 @@ public static function handleLegacyLogin( $nonce, $salt ) {
3838
exit;
3939
}
4040

41+
if ( $user ) {
42+
if ( preg_match("/['\"\\\\]/", $user->user_login ) ) {
43+
self::triggerFailure( 'invalid_username' );
44+
exit;
45+
}
46+
}
47+
4148
// Validate token
4249
$token = substr( base64_encode( hash( 'sha256', $nonce . $salt, false ) ), 0, 64 );
4350
$stored_token = get_transient( 'sso_token' );

sso.php

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,13 +28,29 @@ function() {
2828
}
2929
);
3030

31-
\add_action( 'init',
31+
add_action( 'init',
3232
function() {
33-
\load_plugin_textdomain(
33+
load_plugin_textdomain(
3434
'wp-module-sso',
3535
false,
3636
NFD_SSO_DIR . '/languages'
3737
);
3838
},
3939
100
4040
);
41+
42+
add_action( 'login_message', function() {
43+
$error = sanitize_key( $_GET['error'] ?? '' );
44+
if ( ! empty( $error ) ) {
45+
$message = '';
46+
switch ( $error ) {
47+
case 'invalid_username':
48+
$message = __( 'SSO failed: username cannot contain invalid characters.', 'wp-module-sso' );
49+
break;
50+
default:
51+
$message = __( 'An unknown error occurred. Please try again.', 'wp-module-sso' );
52+
break;
53+
}
54+
return "<div class='login-error' style='color: red; font-weight: bold;'>{$message}</div>";
55+
}
56+
});

0 commit comments

Comments
 (0)