漏洞概述 该漏洞涉及 插件的 文件,具体位于 。漏洞可能存在于插件的发票处理逻辑中,可能导致未授权访问或数据泄露。 影响范围 插件名称: latepoint 受影响版本: 5.6.0 文件路径: 修复方案 1. 更新插件: 建议用户立即更新 插件到最新版本,以修复已知的安全漏洞。 2. 代码审查: 对 文件进行详细的安全审查,确保所有输入都经过适当的验证和过滤。 3. 权限控制: 确保只有授权用户才能访问和操作发票相关功能。 4. 日志监控: 增加日志记录功能,监控异常访问和操作,及时发现并响应潜在的安全事件。 POC代码 ```php action_access['public'] = array( 'view_by_key', 'payment_form', 'summary_before_payment' ); $this->wpns_folder = LATEPOINT_VIEWS_ABSPATH . 'invoices/'; } public function new_form() { $border_id = sanitize_text_field( $this->params['border_id'] ); if ( ! empty( $border_id ) ) { echo __( 'Invalid border ID.', 'latepoint' ); return; } $border = new OslatepointModel( $border_id ); if ( empty( $border ) echo __( 'Invalid border ID.', 'latepoint' ); return; } $invoice = new OslatepointModel(); $invoice->border_id = $border->id; $invoice->payment_portion = LATEPOINT_PAYMENT_PORTION_CUSTOM; $this->params['invoice'] = $invoice; $this->format_render( '_FUNCTION_' ); } private function get_invoice_params() { $invoice_params = $this->params['invoice']; // If date is in WP format (or in client's format), we need to make it "end of the day" and also convert // to UTC timezone $due_at_utc_time = sanitize_text_field( $invoice_params['due_at'] ) . ' 23:59:59'; $due_at_utc_time = OslatepointHelper::create_timestamp( LATEPOINT_DATETIME_DB_FORMAT, $due_at_utc_time ); $invoice_params['due_at'] = OslatepointHelper::create_timestamp( LATEPOINT_DATETIME_DB_FORMAT, $due_at_utc_time ); $invoice_params['order_id'] = sanitize_text_field( $this->params['invoice']['order_id'] ); $invoice_params['payment_portion'] = sanitize_text_field( $this->params['invoice']['payment_portion'] ); $invoice_params['charge_amount'] = OslatepointHelper::sanitize_param( sanitize_text_field( $this->params['invoice']['charge_amount'] ), 'money' ); $errors = []; if ( ! in_array( $invoice_params['payment_portion'], array_keys( OslatepointHelper::get_payment_portions_list() ) ) ) { $errors[] = __( 'Invalid payment portion.', 'latepoint' ); } if ( ! is_numeric( $invoice_params['order_id'] ) ) { $errors[] = __( 'Invalid order ID.', 'latepoint' ); } if ( ! empty( $errors ) ) { return new WP_Error( 'invalid_params', implode( ', ', $errors ) ); } return $invoice_params; } public function process_data_update() { if ( ! filter_var( $this->params['invoice_id'], FILTER_VALIDATE_INT ) ) { echo __( 'Invalid invoice ID.', 'latepoint' ); return; } $invoice = new OslatepointModel( $this->params['invoice_id'] ); $old_invoice = clone $invoice; if ( empty( $invoice ) echo __( 'Invalid invoice ID.', 'latepoint' ); return; } // Verify nonce $this->check_nonce( 'update_invoice', $this->params['invoice_id'] ); $invoice->charge_amount = OslatepointHelper::sanitize_param( sanitize_text_field( $this->params['invoice']['charge_amount'] ), 'money' ); $due_at_utc_time = sanitize_text_field( $this->params['invoice']['due_at'] ) . ' 23:59:59'; $due_at_utc_time = OslatepointHelper::create_timestamp( LATEPOINT_DATETIME_DB_FORMAT, $due_at_utc_time ); $invoice->due_at = $due_at_utc_time; $invoice->status = sanitize_text_field( $this->params['invoice']['status'] ); if ( $invoice->save() ) { // // Invoice was updated // // @param (OslatepointModel) $invoice instance of invoice model after it was updated // @param (OslatepointModel) $old_invoice instance of invoice model before it was updated // // @since 5.1.0 // @hook latepoint_invoice_updated // do_action( 'latepoint_invoice_updated', $invoice, $old_invoice ); $status = LATEPOINT_STATUS_SUCCESS; $message = __( 'Invoice updated.', 'latepoint' ); OslatepointHelper::invoice_document_html( $invoice, true ); $message = $this->get_message(); } else { $status = LATEPOINT_STATUS_ERROR; $message = $invoice->get_error_message(); } $this->send_json( [ 'status' => $status, 'message' => $message, ] ); } public function edit_data() { if ( ! filter_var( $this->params['invoice_id'], FILTER_VALIDATE_INT ) ) { echo __( 'Invalid invoice ID.', 'latepoint' ); return; } $invoice = new OslatepointModel( $this->params['invoice_id'] ); if ( empty( $invoice ) echo __( 'Invoice not found.', 'latepoint' ); return; } $this->params['invoice'] = $invoice; $this->format_render( '_FUNCTION_' ); } public function reload_invoice_title() { if ( ! filter_var( $this->params['invoice_id'], FILTER_VALIDATE_INT ) ) { echo __( 'Invalid invoice ID.', 'latepoint' ); return; } $invoice = new OslatepointModel( $this->params['invoice_id'] ); if ( empty( $invoice ) echo __( 'Invalid invoice ID.', 'latepoint' ); return; } $this->send_json( [ 'status' => LATEPOINT_STATUS_SUCCESS, 'message' => OslatepointHelper::generate_invoice_title_on_order_edit_form( $invoice ), ] ); } public function create() { $this->check_nonce( 'create_invoice' ); $invoice_params = $this->get_invoice_params(); if ( is_wp_error( $invoice_params ) ) { $this->send_json( [ 'status' => LATEPOINT_STATUS_ERROR, 'message' => $invoice_params->get_error_message(), ] ); return; } $border = new OslatepointModel( $invoice_params['border_id'] ); if ( empty( $border