From fcb9e23401e00477f18ae5cd2c25ac1f9535d087 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Sypko?= Date: Thu, 14 Mar 2024 16:28:51 +0100 Subject: [PATCH 1/4] PP-10482 - secure receiveMessage with origin check + minor js fixes --- .../templates/system/config/livechat_form.phtml | 2 +- view/adminhtml/web/script.js | 17 ++++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/view/adminhtml/templates/system/config/livechat_form.phtml b/view/adminhtml/templates/system/config/livechat_form.phtml index 0db238d..94231ce 100644 --- a/view/adminhtml/templates/system/config/livechat_form.phtml +++ b/view/adminhtml/templates/system/config/livechat_form.phtml @@ -7,7 +7,7 @@ -
+
diff --git a/view/adminhtml/web/script.js b/view/adminhtml/web/script.js index 5361952..2c62638 100644 --- a/view/adminhtml/web/script.js +++ b/view/adminhtml/web/script.js @@ -1,5 +1,6 @@ require(['jquery'], function ($) { - + + var addonsOrigin = 'https://addons.livechatinc.com'; var save_props_url = $('#save-props-url').html(); var save_license_url = $('#save-license-url').html(); var reset_license_url = $('#reset-license-url').html(); @@ -57,7 +58,7 @@ require(['jquery'], function ($) { }); var sendMessage = function (msg) { - login_with_livechat.contentWindow.postMessage(msg, '*'); + login_with_livechat.contentWindow.postMessage(msg, addonsOrigin); }; var logoutLiveChat = function () { @@ -65,15 +66,21 @@ require(['jquery'], function ($) { }; function receiveMessage(event) { + if (event.origin !== addonsOrigin) { + return; + } + + var livechatMessage; + try { - var livechatMessage = JSON.parse(event.data); + livechatMessage = JSON.parse(event.data); } catch(err) { + console.log(err?.message); console.log(JSON.stringify(err)); } - if (livechatMessage.type === 'logged-in' && livechatMessage.eventTrigger === 'click') { - + if (livechatMessage?.type === 'logged-in' && livechatMessage?.eventTrigger === 'click') { $('#login_panel').hide(); $('#admin_panel').show(); $('iframe#login-with-livechat').addClass('hidden'); From 1908bfc4eb2356cebf8568917c9c965b21367fba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Sypko?= Date: Thu, 14 Mar 2024 16:29:52 +0100 Subject: [PATCH 2/4] PP-10482 - fix dynamically declared properties (PHP 8 fix) --- Block/System/Config/LiveChatForm.php | 3 ++- Controller/Adminhtml/GetProps/Index.php | 10 +++++++++- Controller/Adminhtml/ResetLicense/Index.php | 10 +++++++++- Controller/Adminhtml/SetLicense/Index.php | 10 +++++++++- Controller/Adminhtml/SetProps/Index.php | 6 +++++- 5 files changed, 34 insertions(+), 5 deletions(-) diff --git a/Block/System/Config/LiveChatForm.php b/Block/System/Config/LiveChatForm.php index 0c1c39c..f69992f 100644 --- a/Block/System/Config/LiveChatForm.php +++ b/Block/System/Config/LiveChatForm.php @@ -11,8 +11,9 @@ class LiveChatForm extends \Magento\Framework\View\Element\Template const CHECK_TEMPLATE = 'system/config/livechat_form.phtml'; private $dataHelper; + private $urlinterface; - public function __construct( + public function __construct( \Magento\Framework\View\Element\Template\Context $context, Data $dataHelper, array $data = [] diff --git a/Controller/Adminhtml/GetProps/Index.php b/Controller/Adminhtml/GetProps/Index.php index e8837a0..98efd87 100644 --- a/Controller/Adminhtml/GetProps/Index.php +++ b/Controller/Adminhtml/GetProps/Index.php @@ -10,8 +10,16 @@ class Index extends \Magento\Backend\App\Action protected $configWriter; private $cacheManagerFactory; + /** + * @var Data + */ + private $dataHelper; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; - public function __construct( + public function __construct( Context $context, Data $dataHelper, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, diff --git a/Controller/Adminhtml/ResetLicense/Index.php b/Controller/Adminhtml/ResetLicense/Index.php index f5d5c2c..3f77e5f 100644 --- a/Controller/Adminhtml/ResetLicense/Index.php +++ b/Controller/Adminhtml/ResetLicense/Index.php @@ -7,8 +7,16 @@ class Index extends \Magento\Backend\App\Action { protected $resultPageFactory; protected $configWriter; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; + /** + * @var \Magento\Framework\App\Cache\ManagerFactory + */ + private $cacheManagerFactory; - public function __construct( + public function __construct( Context $context, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, \Magento\Framework\App\Config\Storage\WriterInterface $configWriter, diff --git a/Controller/Adminhtml/SetLicense/Index.php b/Controller/Adminhtml/SetLicense/Index.php index 0ad8bec..5341626 100644 --- a/Controller/Adminhtml/SetLicense/Index.php +++ b/Controller/Adminhtml/SetLicense/Index.php @@ -7,8 +7,16 @@ class Index extends \Magento\Backend\App\Action { protected $resultPageFactory; protected $configWriter; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; + /** + * @var \Magento\Framework\App\Cache\ManagerFactory + */ + private $cacheManagerFactory; - public function __construct( + public function __construct( Context $context, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, \Magento\Framework\App\Config\Storage\WriterInterface $configWriter, diff --git a/Controller/Adminhtml/SetProps/Index.php b/Controller/Adminhtml/SetProps/Index.php index 3592745..a3f7b1d 100644 --- a/Controller/Adminhtml/SetProps/Index.php +++ b/Controller/Adminhtml/SetProps/Index.php @@ -9,8 +9,12 @@ class Index extends \Magento\Backend\App\Action protected $configWriter; private $cacheManagerFactory; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; - public function __construct( + public function __construct( Context $context, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, \Magento\Framework\App\Config\Storage\WriterInterface $configWriter, From f62442102087c9a665ffe8ce934464422659c5ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Sypko?= Date: Thu, 14 Mar 2024 16:30:53 +0100 Subject: [PATCH 3/4] PP-10482 - bump version --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 7690763..7ee029c 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "magento/framework": "100.*|101.*|102.*|103.*" }, "type": "magento2-module", - "version": "2.4.8", + "version": "2.4.9", "license": [ "OSL-3.0", "AFL-3.0" From 612c9e0499075b40801ecbb37f964bf39bde47d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Sypko?= Date: Thu, 14 Mar 2024 16:36:34 +0100 Subject: [PATCH 4/4] PP-10482 - indentation fixes --- Block/System/Config/LiveChatForm.php | 4 ++-- Controller/Adminhtml/GetProps/Index.php | 18 +++++++++--------- Controller/Adminhtml/ResetLicense/Index.php | 18 +++++++++--------- Controller/Adminhtml/SetLicense/Index.php | 18 +++++++++--------- Controller/Adminhtml/SetProps/Index.php | 10 +++++----- 5 files changed, 34 insertions(+), 34 deletions(-) diff --git a/Block/System/Config/LiveChatForm.php b/Block/System/Config/LiveChatForm.php index f69992f..2b954b0 100644 --- a/Block/System/Config/LiveChatForm.php +++ b/Block/System/Config/LiveChatForm.php @@ -11,9 +11,9 @@ class LiveChatForm extends \Magento\Framework\View\Element\Template const CHECK_TEMPLATE = 'system/config/livechat_form.phtml'; private $dataHelper; - private $urlinterface; + private $urlinterface; - public function __construct( + public function __construct( \Magento\Framework\View\Element\Template\Context $context, Data $dataHelper, array $data = [] diff --git a/Controller/Adminhtml/GetProps/Index.php b/Controller/Adminhtml/GetProps/Index.php index 98efd87..0db5b1e 100644 --- a/Controller/Adminhtml/GetProps/Index.php +++ b/Controller/Adminhtml/GetProps/Index.php @@ -10,16 +10,16 @@ class Index extends \Magento\Backend\App\Action protected $configWriter; private $cacheManagerFactory; - /** - * @var Data - */ - private $dataHelper; - /** - * @var \Magento\Framework\Controller\Result\JsonFactory - */ - private $resultJsonFactory; + /** + * @var Data + */ + private $dataHelper; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; - public function __construct( + public function __construct( Context $context, Data $dataHelper, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, diff --git a/Controller/Adminhtml/ResetLicense/Index.php b/Controller/Adminhtml/ResetLicense/Index.php index 3f77e5f..5130924 100644 --- a/Controller/Adminhtml/ResetLicense/Index.php +++ b/Controller/Adminhtml/ResetLicense/Index.php @@ -7,16 +7,16 @@ class Index extends \Magento\Backend\App\Action { protected $resultPageFactory; protected $configWriter; - /** - * @var \Magento\Framework\Controller\Result\JsonFactory - */ - private $resultJsonFactory; - /** - * @var \Magento\Framework\App\Cache\ManagerFactory - */ - private $cacheManagerFactory; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; + /** + * @var \Magento\Framework\App\Cache\ManagerFactory + */ + private $cacheManagerFactory; - public function __construct( + public function __construct( Context $context, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, \Magento\Framework\App\Config\Storage\WriterInterface $configWriter, diff --git a/Controller/Adminhtml/SetLicense/Index.php b/Controller/Adminhtml/SetLicense/Index.php index 5341626..6243d8a 100644 --- a/Controller/Adminhtml/SetLicense/Index.php +++ b/Controller/Adminhtml/SetLicense/Index.php @@ -7,16 +7,16 @@ class Index extends \Magento\Backend\App\Action { protected $resultPageFactory; protected $configWriter; - /** - * @var \Magento\Framework\Controller\Result\JsonFactory - */ - private $resultJsonFactory; - /** - * @var \Magento\Framework\App\Cache\ManagerFactory - */ - private $cacheManagerFactory; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; + /** + * @var \Magento\Framework\App\Cache\ManagerFactory + */ + private $cacheManagerFactory; - public function __construct( + public function __construct( Context $context, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, \Magento\Framework\App\Config\Storage\WriterInterface $configWriter, diff --git a/Controller/Adminhtml/SetProps/Index.php b/Controller/Adminhtml/SetProps/Index.php index a3f7b1d..496b162 100644 --- a/Controller/Adminhtml/SetProps/Index.php +++ b/Controller/Adminhtml/SetProps/Index.php @@ -9,12 +9,12 @@ class Index extends \Magento\Backend\App\Action protected $configWriter; private $cacheManagerFactory; - /** - * @var \Magento\Framework\Controller\Result\JsonFactory - */ - private $resultJsonFactory; + /** + * @var \Magento\Framework\Controller\Result\JsonFactory + */ + private $resultJsonFactory; - public function __construct( + public function __construct( Context $context, \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory, \Magento\Framework\App\Config\Storage\WriterInterface $configWriter,