add nonce check for api
This commit is contained in:
parent
5ee344bc37
commit
df2c829496
|
@ -7,7 +7,7 @@
|
||||||
* @package Sakura
|
* @package Sakura
|
||||||
*/
|
*/
|
||||||
|
|
||||||
define( 'SAKURA_VERSION', '3.3.0' );
|
define( 'SAKURA_VERSION', '3.3.1' );
|
||||||
define( 'BUILD_VERSION', '3' );
|
define( 'BUILD_VERSION', '3' );
|
||||||
define( 'JSDELIVR_VERSION', '3.6.7' );
|
define( 'JSDELIVR_VERSION', '3.6.7' );
|
||||||
|
|
||||||
|
|
|
@ -77,9 +77,9 @@ window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}
|
||||||
</script>
|
</script>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</head>
|
</head>
|
||||||
<body <?php body_class(); ?>>
|
<body nonce-data="<?php echo wp_create_nonce( 'wp_rest' ); ?>" <?php body_class(); ?>>
|
||||||
<?php if(get_template_directory_uri() != get_site_url().'/wp-content/themes/Sakura') echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">Plz rename the theme folder name as <span style="color:red">Sakura</span>!<br>请将主题文件夹名改为 <span style="color:red">Sakura</span>!</div>'; ?>
|
<?php if(get_template_directory_uri() != get_site_url().'/wp-content/themes/Sakura') echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">Plz rename the theme folder name as <span style="color:red">Sakura</span>!<br>请将主题文件夹名改为 <span style="color:red">Sakura</span>!</div>'; ?>
|
||||||
<?php if(!function_exists('curl_exec')) echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">主题需要 PHP 的 curl 支持!请在 `php.ini` 里开启或者联系你的主机商。<br>The theme requires PHP\'s curl support! Please turn on in `php.ini` or contact your hosting provider.</div>' ?>;
|
<?php if(!function_exists('curl_exec')) echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">主题需要 PHP 的 curl 支持!请在 `php.ini` 里开启或者联系你的主机商。<br>The theme requires PHP\'s curl support! Please turn on in `php.ini` or contact your hosting provider.</div>'; ?>
|
||||||
<div class="scrollbar" id="bar"></div>
|
<div class="scrollbar" id="bar"></div>
|
||||||
<section id="main-container">
|
<section id="main-container">
|
||||||
<?php
|
<?php
|
||||||
|
|
16
inc/api.php
16
inc/api.php
|
@ -17,7 +17,7 @@ add_action('rest_api_init', function () {
|
||||||
/**
|
/**
|
||||||
* Image uploader response
|
* Image uploader response
|
||||||
*/
|
*/
|
||||||
function upload_image(WP_REST_Request $req)
|
function upload_image(WP_REST_Request $request)
|
||||||
{
|
{
|
||||||
// see: https://developer.wordpress.org/rest-api/requests/
|
// see: https://developer.wordpress.org/rest-api/requests/
|
||||||
|
|
||||||
|
@ -29,7 +29,19 @@ function upload_image(WP_REST_Request $req)
|
||||||
* https://dev.2heng.xin/wp-json/sakura/v1/image/upload
|
* https://dev.2heng.xin/wp-json/sakura/v1/image/upload
|
||||||
*/
|
*/
|
||||||
// $file = $req->get_file_params();
|
// $file = $req->get_file_params();
|
||||||
|
if ( !check_ajax_referer('wp_rest', '_wpnonce', false) ) {
|
||||||
|
$output = array(
|
||||||
|
'status' => 403,
|
||||||
|
'success' => false,
|
||||||
|
'message' => 'Unauthorized client.',
|
||||||
|
'link' => "https://view.moezx.cc/images/2019/11/14/step04.md.png",
|
||||||
|
'proxy' => akina_option('cmt_image_proxy') . "https://view.moezx.cc/images/2019/11/14/step04.md.png",
|
||||||
|
);
|
||||||
|
$result = new WP_REST_Response($output, 403);
|
||||||
|
$result->set_headers(array('Content-Type' => 'application/json'));
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
switch (akina_option("img_upload_api")) {
|
switch (akina_option("img_upload_api")) {
|
||||||
case 'imgur':
|
case 'imgur':
|
||||||
$image = file_get_contents($_FILES["cmt_img_file"]["tmp_name"]);
|
$image = file_get_contents($_FILES["cmt_img_file"]["tmp_name"]);
|
||||||
|
|
|
@ -182,7 +182,7 @@ function attach_image() {
|
||||||
var formData = new FormData();
|
var formData = new FormData();
|
||||||
formData.append('cmt_img_file', f);
|
formData.append('cmt_img_file', f);
|
||||||
$.ajax({
|
$.ajax({
|
||||||
url: '/wp-json/sakura/v1/image/upload',
|
url: '/wp-json/sakura/v1/image/upload/?_wpnonce='+$('body').attr('nonce-data'),
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
processData: false,
|
processData: false,
|
||||||
contentType: false,
|
contentType: false,
|
||||||
|
|
|
@ -5,7 +5,7 @@ Theme URI: https://2heng.xin/theme-sakura/
|
||||||
Author: Mashiro, Louie, Fuzzz
|
Author: Mashiro, Louie, Fuzzz
|
||||||
Author URI: http://2heng.xin
|
Author URI: http://2heng.xin
|
||||||
Description: A branch of theme Akina
|
Description: A branch of theme Akina
|
||||||
Version: 3.3.0
|
Version: 3.3.1
|
||||||
License: GNU General Public License v2 or later
|
License: GNU General Public License v2 or later
|
||||||
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
||||||
Text Domain: sakura
|
Text Domain: sakura
|
||||||
|
|
Loading…
Reference in New Issue