ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/scripts/fix-hardcoded-urls.sh
bengizmo 5ab2c58f68 feat: Implement comprehensive security fixes for production deployment 
- Fix production debug exposure in Zoho admin interface (WP_DEBUG conditional)
- Implement secure credential storage with AES-256-CBC encryption
- Add file upload size limits (5MB profiles, 2MB logos) with enhanced validation
- Fix privilege escalation via PHP Reflection bypass with public method alternative
- Add comprehensive input validation and security headers
- Update plugin version to 1.0.7 with security hardening

Security improvements:
 Debug information exposure eliminated in production
 API credentials now encrypted in database storage
 File upload security enhanced with size/type validation
 AJAX endpoints secured with proper capability checks
 SQL injection protection verified via parameterized queries
 CSRF protection maintained with nonce verification

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-06 13:31:38 -03:00

90 lines
No EOL
3.2 KiB
Bash
Executable file
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Fix Hardcoded URLs in HVAC Plugin
# This script fixes hardcoded staging URLs that were copied during database sync
set -e
echo "🔧 Fixing hardcoded staging URLs in HVAC plugin..."
# Check if we're on production by looking at the site URL
if [[ "$(wp option get siteurl)" != *"upskillhvac.com"* ]]; then
echo "⚠️ Warning: This script is intended for production sites"
echo "Current site URL: $(wp option get siteurl)"
read -p "Continue anyway? (y/N): " confirm
if [[ $confirm != [yY] ]]; then
echo "Aborted."
exit 0
fi
fi
echo "✅ Running on production site: $(wp option get siteurl)"
# 1. Check and fix WordPress siteurl and home options if they contain staging URLs
echo "📋 Checking WordPress URL options..."
SITE_URL=$(wp option get siteurl)
HOME_URL=$(wp option get home)
if [[ "$SITE_URL" == *"upskill-staging.measurequick.com"* ]]; then
echo "🔧 Fixing siteurl option..."
wp option update siteurl "https://upskillhvac.com"
echo "✅ Updated siteurl to https://upskillhvac.com"
fi
if [[ "$HOME_URL" == *"upskill-staging.measurequick.com"* ]]; then
echo "🔧 Fixing home URL option..."
wp option update home "https://upskillhvac.com"
echo "✅ Updated home URL to https://upskillhvac.com"
fi
# 2. Update any HVAC plugin specific options that might have staging URLs
echo "🔍 Checking HVAC plugin options..."
# Check for any options containing staging URLs
STAGING_OPTIONS=$(wp option list --search="*upskill-staging*" --format=count 2>/dev/null || echo "0")
if [[ "$STAGING_OPTIONS" -gt 0 ]]; then
echo "⚠️ Found $STAGING_OPTIONS options containing staging URLs"
wp option list --search="*upskill-staging*" --format=table
read -p "Update these options to use production URLs? (y/N): " confirm
if [[ $confirm == [yY] ]]; then
# This would need to be customized based on actual option names found
echo "📝 Please manually update the options shown above"
fi
fi
# 3. Clear any caches to ensure changes take effect
echo "🧹 Clearing caches..."
# Clear WordPress object cache
wp cache flush 2>/dev/null || echo " WordPress object cache not available"
# Clear Breeze cache if available
if wp plugin is-active breeze/breeze.php 2>/dev/null; then
echo "🌪️ Clearing Breeze cache..."
wp eval "if (function_exists('breeze_clear_all_cache')) { breeze_clear_all_cache(); echo 'Breeze cache cleared'; } else { echo 'Breeze cache function not found'; }"
fi
# Clear any other caching plugins
if wp plugin is-active wp-rocket/wp-rocket.php 2>/dev/null; then
echo "🚀 Clearing WP Rocket cache..."
wp rocket clean --confirm 2>/dev/null || echo " WP Rocket cache clear failed"
fi
echo ""
echo "✅ Hardcoded URL fixes completed!"
echo ""
echo "🔍 Current WordPress URLs:"
echo " Site URL: $(wp option get siteurl)"
echo " Home URL: $(wp option get home)"
echo ""
echo "📋 Next steps:"
echo " 1. Test the Zoho CRM OAuth flow"
echo " 2. Verify Google Sheets integration (if used)"
echo " 3. Check any other integrations that use OAuth callbacks"
echo ""
echo "🔗 OAuth Callback URLs now use:"
echo " Zoho: $(wp option get siteurl)/oauth/callback"
echo " Google Sheets: $(wp option get siteurl)/google-sheets/"
echo ""
Reference in a new issue View git blame Copy permalink