Context Navigation

Ticket #46705: safe-option-updates.php

File safe-option-updates.php, 1019 bytes (added by tsewlliw, 6 years ago)
PoC as an mu-plugin

Line
1	<?php
2
3	class safe_option_updates {
4	static $nonce_validated = false;
5	public static function on_nonce_validated() {
6	self::$nonce_validated = true;
7	}
8	public static function on_option_updates($option) {
9	if ( ! in_array($option, ['siteurl']) ) {
10	return;
11	}
12	if ( defined('WP_INSTALLING') && WP_INSTALLING ) {
13	return;
14	}
15	if ( ! current_user_can('manage_options') ) {
16	error_log('prevented attempt to alter critical option by unauthorized user');
17	die;
18	}
19	if ( ! self::$nonce_validated ) {
20	error_log('prevented attempt to alter critical option without nonce validation');
21	die;
22	}
23	}
24	}
25
26	add_action('update_option', ['safe_option_updates', 'on_option_updates'], 10, 1);
27	add_action('delete_option', ['safe_option_updates', 'on_option_updates'], 10, 1);
28	add_action('add_option', ['safe_option_updates', 'on_option_updates'], 10, 1);
29
30	add_action('check_admin_referer', ['safe_option_updates', 'on_nonce_validated']);
31	add_action('check_ajax_referer', ['safe_option_updates', 'on_nonce_validated']);