From ca3d6332b8bf518741f7b5c1df2c657a2e4fd34d Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Fri, 11 Oct 2024 10:32:48 +0000 Subject: [PATCH] fix media upload scan --- Infrastructure/FileSystem/FileSystemBase.php | 1 - Vaas/ScanClient.php | 10 +++------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/Infrastructure/FileSystem/FileSystemBase.php b/Infrastructure/FileSystem/FileSystemBase.php index 072804a..f01f7cb 100644 --- a/Infrastructure/FileSystem/FileSystemBase.php +++ b/Infrastructure/FileSystem/FileSystemBase.php @@ -14,7 +14,6 @@ trait FileSystemBase { public function get_resource_stream_from_string( string $content ): ReadableResourceStream { $stream = fopen('php://temp', 'r+'); fwrite($stream, $content); - rewind($stream); return tryToCreateReadableStreamFromResource($stream); } diff --git a/Vaas/ScanClient.php b/Vaas/ScanClient.php index 358d5db..b3fdacc 100644 --- a/Vaas/ScanClient.php +++ b/Vaas/ScanClient.php @@ -55,7 +55,7 @@ public function __construct( $post_scan_enabled = (bool) \get_option('gdatacyberdefenseag_antivirus_options_on_demand_scan_post_scan_enabled', true); if ($post_scan_enabled === true) { - \add_filter('wp_insert_post_data', array( $this, 'scan_post' )); + \add_filter('wp_insert_post_data', array( $this, 'scan_post' ), 10, 3); } } @@ -159,12 +159,8 @@ public function scan_single_upload( $file ) { */ $is_plugin_uplad = false; - $action = \sanitize_key($_GET['action'] ?? $_POST['action'] ?? ''); - if (isset($_POST['_wpnonce'])) { - $nonce = \sanitize_key($_POST['nonce'] ?? $_POST['_wpnonce']); - } else { - $nonce = \sanitize_key($_GET['nonce'] ?? ''); - } + $action = sanitize_key($_REQUEST['action'] ?? ''); + $nonce = wp_unslash($_REQUEST['_wpnonce'] ?? $_REQUEST['nonce']); if ($action === 'upload-plugin') { if (wp_verify_nonce($nonce, $action) === false) { return $file;