Commit 09ed6ad
Better storing of credentials for hosting providers (#333)
* Better storing of credentials for hosting providers
* Refactor hosting integrations into modular provider architecture
Replace monolithic host provider classes with a modular integration system
using capability interfaces (domain mapping, domain selling, email selling,
multi-tenancy). Add DNS diagnostics to domain manager, MCP adapter updates,
and comprehensive test coverage for the new provider architecture.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Fix credential encryption to use fixed-length IV instead of delimiter
The previous encrypt/decrypt flow used '::' as a delimiter between the
raw IV and ciphertext, which could break if the random IV bytes happened
to contain '::'. Now the raw IV is concatenated directly before the
ciphertext and sliced by its known fixed length on decryption.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Fix save_credentials to use empty-string defaults instead of numeric keys
array_flip() on the constants list produced numeric values (0, 1, ...)
which passed the non-empty check and got encrypted/stored. Replaced with
array_fill_keys() so missing keys default to empty strings, ensuring
only genuinely provided values are encrypted and stored.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Fix PHP injection vulnerability in get_constants_string
Credential values were interpolated directly into define() statements
via sprintf, allowing values containing single quotes to break out of
the string and inject arbitrary PHP. Now uses var_export() to produce
safely-escaped PHP literals for both the constant name and value. Also
fixes the same array_flip() numeric-defaults issue as save_credentials.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>1 parent e757221 commit 09ed6ad
75 files changed
Lines changed: 8549 additions & 5618 deletions
File tree
- assets/js
- inc
- admin-pages
- apis
- checkout
- functions
- helpers
- installers
- integrations
- capabilities
- host-providers
- providers
- closte
- cloudflare
- cloudways
- cpanel
- enhance
- gridpane
- hestia
- rocket
- runcloud
- serverpilot
- wpengine
- wpmudev
- managers
- tests/WP_Ultimo/Integrations
- Providers
- views
- domain
- wizards/host-integrations
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Whitespace-only changes.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
37 | | - | |
| 36 | + | |
| 37 | + | |
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
| |||
0 commit comments