-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix sensitive field handling; add Basic settings tab validations #703
Conversation
@@ -7,7 +7,7 @@ | |||
"php": "^5.3 || ^7.0" | |||
}, | |||
"require-dev": { | |||
"dealerdirect/phpcodesniffer-composer-installer": "^0.4.3", | |||
"dealerdirect/phpcodesniffer-composer-installer": "^0.5", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Development dependency
$input['client_id'] = sanitize_text_field( $input['client_id'] ); | ||
$input['cache_expiration'] = absint( $input['cache_expiration'] ); | ||
|
||
$input['allow_signup'] = ( isset( $input['allow_signup'] ) ? $input['allow_signup'] : 0 ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Setting no longer exists
$input['client_id'] = sanitize_text_field( $input['client_id'] ); | ||
$input['cache_expiration'] = absint( $input['cache_expiration'] ); | ||
|
||
$input['allow_signup'] = ( isset( $input['allow_signup'] ) ? $input['allow_signup'] : 0 ); | ||
$input['client_secret'] = sanitize_text_field( $input['client_secret'] ); | ||
if ( __( '[REDACTED]', 'wp-auth0' ) === $input['client_secret'] ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If client secret is unchanged (set as [REDACTED]
when saved), keep the previous one.
$input['client_secret_b64_encoded'] = ( isset( $input['client_secret_b64_encoded'] ) | ||
? $input['client_secret_b64_encoded'] == 1 | ||
: false ); | ||
if ( ! in_array( $input['client_signing_algorithm'], array( 'HS256', 'RS256' ) ) ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a radio button input with 2 choices.
Changes
password
field types (client secret and API token) triggering password managersNote to reviewers: bulk of the additions here are missing tests
References
Internal support request.
Testing
Please describe how this can be tested by reviewers. Tests must be added for new functionality and existing tests should complete without errors.
Checklist