From df2c8294964bd85b7da37af346ecda64135646fa Mon Sep 17 00:00:00 2001
From: mashiro <moezhx@outlook.com>
Date: Fri, 15 Nov 2019 00:11:02 +0800
Subject: [PATCH] add nonce check for api

---
 functions.php    |  2 +-
 header.php       |  4 ++--
 inc/api.php      | 16 ++++++++++++++--
 js/sakura-app.js |  2 +-
 style.css        |  2 +-
 5 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/functions.php b/functions.php
index 2076dea..d6bd51d 100644
--- a/functions.php
+++ b/functions.php
@@ -7,7 +7,7 @@
  * @package Sakura
  */
  
-define( 'SAKURA_VERSION', '3.3.0' );
+define( 'SAKURA_VERSION', '3.3.1' );
 define( 'BUILD_VERSION', '3' );
 define( 'JSDELIVR_VERSION', '3.6.7' );
 
diff --git a/header.php b/header.php
index 7d6118d..8f05888 100644
--- a/header.php
+++ b/header.php
@@ -77,9 +77,9 @@ window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}
 </script>
 <?php endif; ?>
 </head>
-<body <?php body_class(); ?>>
+<body nonce-data="<?php echo wp_create_nonce( 'wp_rest' ); ?>" <?php body_class(); ?>>
     <?php if(get_template_directory_uri() != get_site_url().'/wp-content/themes/Sakura') echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">Plz rename the theme folder name as <span style="color:red">Sakura</span>!<br>请将主题文件夹名改为 <span style="color:red">Sakura</span>！</div>'; ?>
-    <?php if(!function_exists('curl_exec')) echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">主题需要 PHP 的 curl 支持！请在 `php.ini` 里开启或者联系你的主机商。<br>The theme requires PHP\'s curl support! Please turn on in `php.ini` or contact your hosting provider.</div>' ?>;
+    <?php if(!function_exists('curl_exec')) echo '<div style="position:fixed;height:100%;width:100%;top:0;left:0;font-size:20px;z-index:999999;background-color: #fff;">主题需要 PHP 的 curl 支持！请在 `php.ini` 里开启或者联系你的主机商。<br>The theme requires PHP\'s curl support! Please turn on in `php.ini` or contact your hosting provider.</div>'; ?>
 		<div class="scrollbar" id="bar"></div>
 	<section id="main-container">
 		<?php 
diff --git a/inc/api.php b/inc/api.php
index 8c29f6d..aac1307 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -17,7 +17,7 @@ add_action('rest_api_init', function () {
 /**
  * Image uploader response
  */
-function upload_image(WP_REST_Request $req)
+function upload_image(WP_REST_Request $request)
 {
   // see: https://developer.wordpress.org/rest-api/requests/
 
@@ -29,7 +29,19 @@ function upload_image(WP_REST_Request $req)
    *   https://dev.2heng.xin/wp-json/sakura/v1/image/upload
    */
   // $file = $req->get_file_params();
-  
+  if ( !check_ajax_referer('wp_rest', '_wpnonce', false) ) {
+    $output = array(
+      'status' => 403,
+      'success' => false,
+      'message' => 'Unauthorized client.',
+      'link' => "https://view.moezx.cc/images/2019/11/14/step04.md.png",
+      'proxy' => akina_option('cmt_image_proxy') . "https://view.moezx.cc/images/2019/11/14/step04.md.png",
+    );
+    $result = new WP_REST_Response($output, 403);
+    $result->set_headers(array('Content-Type' => 'application/json'));
+    return $result;
+  }
+
   switch (akina_option("img_upload_api")) {
     case 'imgur':
       $image = file_get_contents($_FILES["cmt_img_file"]["tmp_name"]);
diff --git a/js/sakura-app.js b/js/sakura-app.js
index b0bbe4a..db66148 100644
--- a/js/sakura-app.js
+++ b/js/sakura-app.js
@@ -182,7 +182,7 @@ function attach_image() {
             var formData = new FormData();
             formData.append('cmt_img_file', f);
             $.ajax({
-                url: '/wp-json/sakura/v1/image/upload',
+                url: '/wp-json/sakura/v1/image/upload/?_wpnonce='+$('body').attr('nonce-data'),
                 type: 'POST',
                 processData: false,
                 contentType: false,
diff --git a/style.css b/style.css
index 680b6e7..b10bb5e 100644
--- a/style.css
+++ b/style.css
@@ -5,7 +5,7 @@ Theme URI: https://2heng.xin/theme-sakura/
 Author: Mashiro, Louie, Fuzzz
 Author URI: http://2heng.xin
 Description: A branch of theme Akina
-Version: 3.3.0
+Version: 3.3.1
 License: GNU General Public License v2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Text Domain: sakura