Fix #20 #21 #22 implementing all rules from WP

admin/class-wp-agora-io-admin.php

@@ -40,7 +40,7 @@ public function saveAjaxSettings() {
 		unset($_REQUEST['action']);
 		$keys = array_keys($_REQUEST);
 		$key = $keys[0];
-		$value = $_REQUEST[$key];
+		$value = sanitize_key( $_REQUEST[$key] );
 
 
 		$options = get_option($this->plugin_name);
@@ -52,9 +52,7 @@ public function saveAjaxSettings() {
  		$r = update_option($this->plugin_name, $options);
 
 		header('Content-Type: application/json');
-		echo json_encode(array(
-        'updated' => $r
-    ));
+		echo json_encode(array('updated' => $r));
 		wp_die();
 	}
 
@@ -243,8 +241,8 @@ public function agora_load_channel_pages() {
 			}
 
 			$posts = empty( $_POST['post_ID'] )
-				? (array) $_REQUEST['channel']
-				: (array) $_POST['post_ID'];
+				? (array) sanitize_key($_REQUEST['channel'])
+				: (array) sanitize_key($_POST['post_ID']);
 
 			$deleted = 0;
 
@@ -284,7 +282,7 @@ public function agora_load_channel_pages() {
 				'locale' => isset( $_GET['locale'] ) ? $_GET['locale'] : null,
 			) ); */
 		} else if ( ! empty( $_GET['channel'] ) ) {
-			$channel = WP_Agora_Channel::get_instance( $_GET['channel'] );
+			$channel = WP_Agora_Channel::get_instance( sanitize_key($_GET['channel']) );
 			// die("<pre>EDIT: ".print_r($channel, true)."</pre>");
 		}
 
@@ -352,7 +350,7 @@ public function enqueue_scripts() {
 
 function agora_current_action() {
 	if ( isset( $_REQUEST['action'] ) and -1 != $_REQUEST['action'] ) {
-		return $_REQUEST['action'];
+		return sanitize_key($_REQUEST['action']);
 	}
 
 	return false;

admin/views/agora-admin-new-channel.php

@@ -381,7 +381,7 @@ function render_agoraio_channel_form_recording($channel) {
     ?>
   </table>
   <script>
-    function updateRegionOptions() {
+    function agoraUpdateRegionOptions() {
       var vendor = parseInt(jQuery(this).val(), 10);
       var options = null;
       switch(vendor) {
@@ -410,7 +410,7 @@ function updateRegionOptions() {
       }
     }
     window.addEventListener('load', function() {
-      jQuery('#vendor').change(updateRegionOptions);
+      jQuery('#vendor').change(agoraUpdateRegionOptions);
       jQuery('#vendor').change();
     });
   </script>

includes/class-wp-agora-cloud-recording.php

@@ -9,8 +9,8 @@
  * @package    wp-agora-io
  * @subpackage wp-agora-io/includes
  */
-define('MIN_RAND_VALUE', 10000000);
-define('MAX_RAND_VALUE', 4294967295);
+define('AGORA_MIN_RAND_VALUE', 10000000);
+define('AGORA_MAX_RAND_VALUE', 4294967295);
 
 class AgoraCloudRecording {
     private $API_URL = 'https://api.agora.io/v1/apps/';
@@ -107,7 +107,7 @@ private function queryRecording($data) {
 
     private function startRecording($data) {
 
-        $data['uid'] = ''.rand(MIN_RAND_VALUE, MAX_RAND_VALUE);
+        $data['uid'] = ''.rand(AGORA_MIN_RAND_VALUE, AGORA_MAX_RAND_VALUE);
 
         $resource = $this->acquire($data);
         // die("<pre>".print_r($resource, true)."</pre>");

includes/token-server/AccessToken.php

@@ -1,12 +1,11 @@
 <?php
 
-class Message
+class WPAgoraTokenMessage
 {
     public $salt;
     public $ts;
     public $privileges;
-    public function __construct()
-    {
+    public function __construct() {
         $this->salt = rand(0, 100000);
 
         $date = new DateTime("now", new DateTimeZone('UTC'));
@@ -15,8 +14,7 @@ public function __construct()
         $this->privileges = array();
     }
 
-    public function packContent()
-    {
+    public function packContent() {
         $buffer = unpack("C*", pack("V", $this->salt));
         $buffer = array_merge($buffer, unpack("C*", pack("V", $this->ts)));
         $buffer = array_merge($buffer, unpack("C*", pack("v", sizeof($this->privileges))));
@@ -27,8 +25,7 @@ public function packContent()
         return $buffer;
     }
 
-    public function unpackContent($msg)
-    {
+    public function unpackContent($msg) {
         $pos = 0;
         $salt = unpack("V", substr($msg, $pos, 4))[1];
         $pos += 4;
@@ -51,8 +48,7 @@ public function unpackContent($msg)
     }
 }
 
-class AccessToken
-{
+class WPAgoraAccessToken {
     const Privileges = array(
         "kJoinChannel" => 1,
         "kPublishAudioStream" => 2,
@@ -73,32 +69,28 @@ class AccessToken
     public $appID, $appCertificate, $channelName, $uid;
     public $message;
 
-    function __construct()
-    {
-        $this->message = new Message();
+    function __construct() {
+        $this->message = new WPAgoraTokenMessage();
     }
 
-    function setUid($uid)
-    {
+    function setUid($uid) {
         if ($uid === 0) {
             $this->uid = "";
         } else {
             $this->uid = $uid . '';
         }
     }
 
-    function is_nonempty_string($name, $str)
-    {
+    function is_nonempty_string($name, $str) {
         if (is_string($str) && $str !== "") {
             return true;
         }
         echo $name . " check failed, should be a non-empty string";
         return false;
     }
 
-    static function init($appID, $appCertificate, $channelName, $uid)
-    {
-        $accessToken = new AccessToken();
+    static function init($appID, $appCertificate, $channelName, $uid) {
+        $accessToken = new WPAgoraAccessToken();
 
         if (!$accessToken->is_nonempty_string("appID", $appID) ||
             !$accessToken->is_nonempty_string("appCertificate", $appCertificate) ||
@@ -111,27 +103,24 @@ static function init($appID, $appCertificate, $channelName, $uid)
         $accessToken->channelName = $channelName;
 
         $accessToken->setUid($uid);
-        $accessToken->message = new Message();
+        $accessToken->message = new WPAgoraTokenMessage();
         return $accessToken;
     }
 
-    static function initWithToken($token, $appCertificate, $channel, $uid)
-    {
-        $accessToken = new AccessToken();
+    static function initWithToken($token, $appCertificate, $channel, $uid) {
+        $accessToken = new WPAgoraAccessToken();
         if (!$accessToken->extract($token, $appCertificate, $channel, $uid)) {
             return null;
         }
         return $accessToken;
     }
 
-    function addPrivilege($key, $expireTimestamp)
-    {
+    function addPrivilege($key, $expireTimestamp) {
         $this->message->privileges[$key] = $expireTimestamp;
         return $this;
     }
 
-    function extract($token, $appCertificate, $channelName, $uid)
-    {
+    function extract($token, $appCertificate, $channelName, $uid) {
         $ver_len = 3;
         $appid_len = 32;
         $version = substr($token, 0, $ver_len);
@@ -163,7 +152,7 @@ function extract($token, $appCertificate, $channelName, $uid)
         $msg = substr($content, $pos, $msgLen);
 
         $this->appID = $appid;
-        $message = new Message();
+        $message = new WPAgoraTokenMessage();
         $message->unpackContent($msg);
         $this->message = $message;
 
@@ -174,8 +163,7 @@ function extract($token, $appCertificate, $channelName, $uid)
         return true;
     }
 
-    function build()
-    {
+    function build() {
         $msg = $this->message->packContent();
         $val = array_merge(unpack("C*", $this->appID), unpack("C*", $this->channelName), unpack("C*", $this->uid), $msg);
 
@@ -184,14 +172,13 @@ function build()
         $crc_channel_name = crc32($this->channelName) & 0xffffffff;
         $crc_uid = crc32($this->uid) & 0xffffffff;
 
-        $content = array_merge(unpack("C*", packString($sig)), unpack("C*", pack("V", $crc_channel_name)), unpack("C*", pack("V", $crc_uid)), unpack("C*", pack("v", count($msg))), $msg);
+        $content = array_merge(unpack("C*", agoraPackString($sig)), unpack("C*", pack("V", $crc_channel_name)), unpack("C*", pack("V", $crc_uid)), unpack("C*", pack("v", count($msg))), $msg);
         $version = "006";
         $ret = $version . $this->appID . base64_encode(implode(array_map("chr", $content)));
         return $ret;
     }
 }
 
-function packString($value)
-{
+function agoraPackString($value) {
     return pack("v", strlen($value)) . $value;
 }

includes/token-server/RtcTokenBuilder.php

@@ -2,7 +2,7 @@
 
 require_once "AccessToken.php";
 
-class RtcTokenBuilder
+class AgoraRtcTokenBuilder
 {
     const RoleAttendee = 0;
     const RolePublisher = 1;
@@ -24,7 +24,7 @@ class RtcTokenBuilder
     #                    generated, set expireTimestamp as the current 
     #                    timestamp + 600 (seconds)./
     public static function buildTokenWithUid($appID, $appCertificate, $channelName, $uid, $role, $privilegeExpireTs){
-        return RtcTokenBuilder::buildTokenWithUserAccount($appID, $appCertificate, $channelName, $uid, $role, $privilegeExpireTs);
+        return AgoraRtcTokenBuilder::buildTokenWithUserAccount($appID, $appCertificate, $channelName, $uid, $role, $privilegeExpireTs);
     }
 
     # appID: The App ID issued to you by Agora. Apply for a new App ID from 
@@ -40,12 +40,12 @@ public static function buildTokenWithUid($appID, $appCertificate, $channelName,
     #                    Agora Service within 10 minutes after the token is 
     #                    generated, set expireTimestamp as the current 
     public static function buildTokenWithUserAccount($appID, $appCertificate, $channelName, $userAccount, $role, $privilegeExpireTs){
-        $token = AccessToken::init($appID, $appCertificate, $channelName, $userAccount);
-        $Privileges = AccessToken::Privileges;
+        $token = WPAgoraAccessToken::init($appID, $appCertificate, $channelName, $userAccount);
+        $Privileges = WPAgoraAccessToken::Privileges;
         $token->addPrivilege($Privileges["kJoinChannel"], $privilegeExpireTs);
-        if(($role == RtcTokenBuilder::RoleAttendee) ||
-            ($role == RtcTokenBuilder::RolePublisher) ||
-            ($role == RtcTokenBuilder::RoleAdmin))
+        if(($role == AgoraRtcTokenBuilder::RoleAttendee) ||
+            ($role == AgoraRtcTokenBuilder::RolePublisher) ||
+            ($role == AgoraRtcTokenBuilder::RoleAdmin))
         {
             $token->addPrivilege($Privileges["kPublishVideoStream"], $privilegeExpireTs);
             $token->addPrivilege($Privileges["kPublishAudioStream"], $privilegeExpireTs);