Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/dt login security fixes #2277

Merged
merged 9 commits into from
Nov 29, 2023
Merged

Fix/dt login security fixes #2277

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4c2bb91
fix: show multisite fields as password fields to hide secrets
squigglybob Nov 23, 2023
e3e394c
fix: remove the css link to disciple-tools-theme
squigglybob Nov 23, 2023
747ab62
docs: add text to let super admins know to install multisite plugin t…
squigglybob Nov 24, 2023
2631cac
fix: also hide secret key's value in input when not super admin
squigglybob Nov 27, 2023
adb6473
fix: remove uneccesary description 2
squigglybob Nov 27, 2023
ee64412
fix: create streamlined css for login page
squigglybob Nov 27, 2023
d7fde78
fix: style resetpass form correctly
squigglybob Nov 28, 2023
91aa5f3
fix: use custom resetpass page if using custom login
squigglybob Nov 28, 2023
5156aa1
fix: final styles checks for warnings/alerts and register page
squigglybob Nov 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions dt-core/admin/menu/tabs/tab-sso-login.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,17 +114,21 @@ class="nav-tab <?php echo esc_html( ( $tab == $key ) ? 'nav-tab-active' : '' );
<table class="widefat striped">
<tbody>
<?php
$any_multisite_level_args = false;
if ( ! empty( $vars ) ) {
foreach ( $vars as $key => $value ) {
if ( $tab === $value['tab'] ) {
$any_multisite_level_args = is_multisite() && !empty( $value['multisite_level'] );
$this->tab( $value );
}
}
}


?>
<tr>
<td colspan="2">
<button class="button" type="submit">Save</button> <button class="button" type="submit" style="float:right;" name="delete" value="1">Reset</button>
<button class="button" type="submit">Save</button> <button class="button" <?php echo esc_attr( $any_multisite_level_args ? 'disabled' : '' ) ?> type="submit" style="float:right;" name="delete" value="1">Reset</button>
</td>
</tr>
</tbody>
Expand All @@ -151,9 +155,9 @@ public function tab( $args ) {
</td>
<td>
<input
type="text"
type="<?php echo esc_attr( $must_have_super_admin_rights ? 'password' : 'text' ) ?>"
name="<?php echo esc_attr( $args['key'] ) ?>"
value="<?php echo esc_attr( $args['value'] ) ?>"
value="<?php echo esc_attr( $must_have_super_admin_rights ? 'hidden secret value' : $args['value'] ) ?>"
<?php echo $must_have_super_admin_rights ? 'disabled' : '' ?>
/>
<?php echo esc_attr( $args['description'] ) ?>
Expand Down
14 changes: 7 additions & 7 deletions dt-login/login-functions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,14 @@ function dt_login_redirect_login_page() {
return;
}

if ( $page_viewed == 'wp-login.php' && isset( $_GET['action'] ) && $_GET['action'] === 'rp' ) {
return;
}
//if ( $page_viewed == 'wp-login.php' && isset( $_GET['action'] ) && $_GET['action'] === 'rp' ) {
// return;
//}

// if ( $page_viewed == "wp-login.php" && isset( $_GET['action'] ) && $_GET['action'] === 'resetpass' ) {
// wp_redirect( dt_login_url( 'resetpass' ) );
// exit;
// }
if ( $page_viewed == 'wp-login.php' && isset( $_GET['action'] ) && ( $_GET['action'] === 'resetpass' || $_GET['action'] === 'rp' ) ) {
wp_redirect( dt_login_url( 'resetpass' ) );
exit;
}

if ( $page_viewed == 'wp-login.php' && isset( $_GET['action'] ) && $_GET['action'] === 'logout' ) {
wp_redirect( dt_login_url( 'logout' ) );
Expand Down
10 changes: 1 addition & 9 deletions dt-login/login-page.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,7 @@ public function __construct() {
}

public function header_style(){
// parent::header_style();
?>
<style>
body { background: #f0f0f1; }
.login-remember { float: left; }
.login-submit { float: right; }
#firebaseui-auth-container { clear: both; }
</style>
<?php
parent::header_style();
}

public function body(){
Expand Down
Loading
Loading