mirror of
https://github.com/mashirozx/sakura.git
synced 2024-12-12 09:54:35 +08:00
add nonce check for api
This commit is contained in:
parent
5ee344bc37
commit
df2c829496
@ -7,7 +7,7 @@
|
||||
* @package Sakura
|
||||
*/
|
||||
|
||||
define( 'SAKURA_VERSION', '3.3.0' );
|
||||
define( 'SAKURA_VERSION', '3.3.1' );
|
||||
define( 'BUILD_VERSION', '3' );
|
||||
define( 'JSDELIVR_VERSION', '3.6.7' );
|
||||
|
||||
|
@ -77,9 +77,9 @@ window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}
|
||||
</script>
|
||||
<?php endif; ?>
|
||||
</head>
|
||||
<body <?php body_class(); ?>>
|
||||
<body nonce-data="<?php echo wp_create_nonce( 'wp_rest' ); ?>" <?php body_class(); ?>>
|
||||
<?php if(get_template_directory_uri() != get_site_url().'/wp-content/themes/Sakura') echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">Plz rename the theme folder name as <span style="color:red">Sakura</span>!<br>请将主题文件夹名改为 <span style="color:red">Sakura</span>!</div>'; ?>
|
||||
<?php if(!function_exists('curl_exec')) echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">主题需要 PHP 的 curl 支持!请在 `php.ini` 里开启或者联系你的主机商。<br>The theme requires PHP\'s curl support! Please turn on in `php.ini` or contact your hosting provider.</div>' ?>;
|
||||
<?php if(!function_exists('curl_exec')) echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">主题需要 PHP 的 curl 支持!请在 `php.ini` 里开启或者联系你的主机商。<br>The theme requires PHP\'s curl support! Please turn on in `php.ini` or contact your hosting provider.</div>'; ?>
|
||||
<div class="scrollbar" id="bar"></div>
|
||||
<section id="main-container">
|
||||
<?php
|
||||
|
16
inc/api.php
16
inc/api.php
@ -17,7 +17,7 @@ add_action('rest_api_init', function () {
|
||||
/**
|
||||
* Image uploader response
|
||||
*/
|
||||
function upload_image(WP_REST_Request $req)
|
||||
function upload_image(WP_REST_Request $request)
|
||||
{
|
||||
// see: https://developer.wordpress.org/rest-api/requests/
|
||||
|
||||
@ -29,7 +29,19 @@ function upload_image(WP_REST_Request $req)
|
||||
* https://dev.2heng.xin/wp-json/sakura/v1/image/upload
|
||||
*/
|
||||
// $file = $req->get_file_params();
|
||||
|
||||
if ( !check_ajax_referer('wp_rest', '_wpnonce', false) ) {
|
||||
$output = array(
|
||||
'status' => 403,
|
||||
'success' => false,
|
||||
'message' => 'Unauthorized client.',
|
||||
'link' => "https://view.moezx.cc/images/2019/11/14/step04.md.png",
|
||||
'proxy' => akina_option('cmt_image_proxy') . "https://view.moezx.cc/images/2019/11/14/step04.md.png",
|
||||
);
|
||||
$result = new WP_REST_Response($output, 403);
|
||||
$result->set_headers(array('Content-Type' => 'application/json'));
|
||||
return $result;
|
||||
}
|
||||
|
||||
switch (akina_option("img_upload_api")) {
|
||||
case 'imgur':
|
||||
$image = file_get_contents($_FILES["cmt_img_file"]["tmp_name"]);
|
||||
|
@ -182,7 +182,7 @@ function attach_image() {
|
||||
var formData = new FormData();
|
||||
formData.append('cmt_img_file', f);
|
||||
$.ajax({
|
||||
url: '/wp-json/sakura/v1/image/upload',
|
||||
url: '/wp-json/sakura/v1/image/upload/?_wpnonce='+$('body').attr('nonce-data'),
|
||||
type: 'POST',
|
||||
processData: false,
|
||||
contentType: false,
|
||||
|
@ -5,7 +5,7 @@ Theme URI: https://2heng.xin/theme-sakura/
|
||||
Author: Mashiro, Louie, Fuzzz
|
||||
Author URI: http://2heng.xin
|
||||
Description: A branch of theme Akina
|
||||
Version: 3.3.0
|
||||
Version: 3.3.1
|
||||
License: GNU General Public License v2 or later
|
||||
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
||||
Text Domain: sakura
|
||||
|
Loading…
Reference in New Issue
Block a user