From 6738fe6be12a2c12f6878275aacb4fecbd96768d Mon Sep 17 00:00:00 2001
From: Leonid Vinikov <leonid@elementor.com>
Date: Tue, 10 Mar 2020 18:23:45 +0200
Subject: [PATCH] Modules/Safe-Mode: Fix - Enable only if user can enable
 plugins.

Co-authored-by:  Mati Horovitz <21468434+matipojo@users.noreply.github.com>
---
 modules/safe-mode/module.php                  | 38 ++++++++++++++++++-
 .../mu-plugin/elementor-safe-mode.php         | 13 ++++++-
 2 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/modules/safe-mode/module.php b/modules/safe-mode/module.php
index a85e7cfcc2a..e95e77ec336 100644
--- a/modules/safe-mode/module.php
+++ b/modules/safe-mode/module.php
@@ -14,6 +14,7 @@
 class Module extends \Elementor\Core\Base\Module {
 
 	const OPTION_ENABLED = 'elementor_safe_mode';
+	const OPTION_TOKEN = self::OPTION_ENABLED . '_token';
 	const MU_PLUGIN_FILE_NAME = 'elementor-safe-mode.php';
 	const DOCS_HELPED_URL = 'https://go.elementor.com/safe-mode-helped/';
 	const DOCS_DIDNT_HELP_URL = 'https://go.elementor.com/safe-mode-didnt-helped/';
@@ -76,6 +77,10 @@ public function ajax_enable_safe_mode( $data ) {
 	}
 
 	public function enable_safe_mode() {
+		if ( ! current_user_can( 'install_plugins' ) ) {
+			return;
+		}
+
 		WP_Filesystem();
 
 		$this->update_allowed_plugins();
@@ -92,11 +97,23 @@ public function enable_safe_mode() {
 		$results = copy_dir( __DIR__ . '/mu-plugin/', WPMU_PLUGIN_DIR );
 
 		if ( is_wp_error( $results ) ) {
-			return false;
+			return;
 		}
+
+		$token = md5( wp_rand() );
+
+		// Only who own this key can use 'elementor-safe-mode'.
+		update_option( self::OPTION_TOKEN, $token );
+
+		// Save for later use.
+		setcookie( self::OPTION_TOKEN, $token, time() + HOUR_IN_SECONDS, COOKIEPATH );
 	}
 
 	public function disable_safe_mode() {
+		if ( ! current_user_can( 'install_plugins' ) ) {
+			return;
+		}
+
 		$file_path = WP_CONTENT_DIR . '/mu-plugins/elementor-safe-mode.php';
 		if ( file_exists( $file_path ) ) {
 			unlink( $file_path );
@@ -111,6 +128,9 @@ public function disable_safe_mode() {
 		delete_option( 'elementor_safe_mode_allowed_plugins' );
 		delete_option( 'theme_mods_elementor-safe' );
 		delete_option( 'elementor_safe_mode_created_mu_dir' );
+
+		delete_option( self::OPTION_TOKEN );
+		setcookie( self::OPTION_TOKEN, '', 1 );
 	}
 
 	public function filter_preview_url( $url ) {
@@ -328,6 +348,7 @@ public function print_try_safe_mode() {
 		echo $this->print_safe_mode_css();
 		?>
 		<div class="elementor-safe-mode-toast" id="elementor-try-safe-mode">
+		<?php if ( current_user_can( 'install_plugins' ) ) : ?>
 			<header>
 				<i class="eicon-warning"></i>
 				<h2><?php echo __( 'Can\'t Edit?', 'elementor' ); ?></h2>
@@ -339,6 +360,16 @@ public function print_try_safe_mode() {
 				<?php echo __( 'Having problems loading Elementor? Please enable Safe Mode to troubleshoot.', 'elementor' ); ?>
 				<a href="<?php echo self::DOCS_TRY_SAFE_MODE_URL; ?>" target="_blank"><?php echo __( 'Learn More', 'elementor' ); ?></a>
 			</div>
+		<?php else : ?>
+			<header>
+				<i class="eicon-warning"></i>
+				<h2><?php echo __( 'Can\'t Edit?', 'elementor' ); ?></h2>
+			</header>
+			<div class="elementor-toast-content">
+				<?php echo __( 'If you are experiencing a loading issue, contact your site administrator to troubleshoot the problem using Safe Mode.', 'elementor' ); ?>
+				<a href="<?php echo self::DOCS_TRY_SAFE_MODE_URL; ?>" target="_blank"><?php echo __( 'Learn More', 'elementor' ); ?></a>
+			</div>
+		<?php endif; ?>
 		</div>
 
 		<script>
@@ -478,7 +509,10 @@ public function update_allowed_plugins() {
 	}
 
 	public function __construct() {
-		add_action( 'elementor/admin/after_create_settings/elementor-tools', [ $this, 'add_admin_button' ] );
+		if ( current_user_can( 'install_plugins' ) ) {
+			add_action( 'elementor/admin/after_create_settings/elementor-tools', [ $this, 'add_admin_button' ] );
+		}
+
 		add_action( 'elementor/ajax/register_actions', [ $this, 'register_ajax_actions' ] );
 
 		$plugin_file = self::MU_PLUGIN_FILE_NAME;
diff --git a/modules/safe-mode/mu-plugin/elementor-safe-mode.php b/modules/safe-mode/mu-plugin/elementor-safe-mode.php
index c775543e50b..4c9c4a4636b 100644
--- a/modules/safe-mode/mu-plugin/elementor-safe-mode.php
+++ b/modules/safe-mode/mu-plugin/elementor-safe-mode.php
@@ -31,11 +31,22 @@
 class Safe_Mode {
 
 	const OPTION_ENABLED = 'elementor_safe_mode';
+	const OPTION_TOKEN = self::OPTION_ENABLED . '_token';
 
 	public function is_enabled() {
 		return get_option( self::OPTION_ENABLED );
 	}
 
+	public function is_valid_token() {
+		$token = isset( $_COOKIE[ self::OPTION_TOKEN ] ) ? $_COOKIE[ self::OPTION_TOKEN ] : null;
+
+		if ( $token && get_option( self::OPTION_TOKEN ) === $token ) {
+			return true;
+		}
+
+		return false;
+	}
+
 	public function is_requested() {
 		return ! empty( $_REQUEST['elementor-mode'] ) && 'safe' === $_REQUEST['elementor-mode'];
 	}
@@ -103,7 +114,7 @@ public function __construct() {
 
 		$enabled_type = $this->is_enabled();
 
-		if ( ! $enabled_type ) {
+		if ( ! $enabled_type || ! $this->is_valid_token() ) {
 			return;
 		}