Fix validation for Direct Link Mini Apps with start command (#51)

* Fix validation for Direct Link Mini Apps with start command * Prepare for v1.10.6 --------- Co-authored-by: irshadahmad21 <[email protected]>
wpsocio · Oct 8, 2023 · 9539fd6 · 9539fd6
1 parent f372465
commit 9539fd6
Show file tree

Hide file tree

Showing 12 changed files with 87 additions and 58 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 **Requires at least:** 6.0  
 **Requires PHP:** 7.0  
 **Tested up to:** 6.3.1  
-**Stable tag:** 1.10.5  
+**Stable tag:** 1.10.6  
 **License:** GPLv2 or later  
 **License URI:** [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)  
 **Donate link:** [wpsocio.com/donate](https://wpsocio.com/donate)

diff --git a/changelog.md b/changelog.md
@@ -4,6 +4,12 @@ All notable changes to this project are documented in this file.
 
 ## Unreleased
 
+## [1.10.6 - 2023-10-8](https://github.com/wpsocio/wptelegram-login/releases/tag/v1.10.6)
+
+### Bug fixes
+
+- Fixed validation for Direct Link Mini Apps with start command
+
 ## [1.10.5 - 2023-10-8](https://github.com/wpsocio/wptelegram-login/releases/tag/v1.10.5)
 
 ### Bug fixes

diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
 	"name": "wptelegram/login",
-	"version": "1.10.5",
+	"version": "1.10.6",
 	"description": "Let the users login to your website with their Telegram and make it simple for them to get connected and let them receive their email notifications on Telegram.",
 	"require-dev": {
 		"wp-coding-standards/wpcs": "^3.0"

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "wptelegram-login",
 	"title": "WP Telegram Login",
-	"version": "1.10.5",
+	"version": "1.10.6",
 	"description": "Let the users login to your website with their Telegram and make it simple for them to get connected and let them receive their email notifications on Telegram.",
 	"main": "Gruntfile.js",
 	"repository": {

diff --git a/src/README.txt b/src/README.txt
@@ -5,7 +5,7 @@ Tags: telegram, login, register, social, signup
 Requires at least: 6.0
 Requires PHP: 7.0
 Tested up to: 6.3.1
-Stable tag: 1.10.5
+Stable tag: 1.10.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -150,6 +150,9 @@ Follow the instructions given on the settings page. You need to send `/setdomain
 
 == Changelog ==
 
+= 1.10.6 =
+- Fixed validation for Direct Link Mini Apps with start command
+
 = 1.10.5 =
 - Fixed validation for Direct Link Mini Apps
 

diff --git a/src/changelog.md b/src/changelog.md
@@ -4,6 +4,12 @@ All notable changes to this project are documented in this file.
 
 ## Unreleased
 
+## [1.10.6 - 2023-10-8](https://github.com/wpsocio/wptelegram-login/releases/tag/v1.10.6)
+
+### Bug fixes
+
+- Fixed validation for Direct Link Mini Apps with start command
+
 ## [1.10.5 - 2023-10-8](https://github.com/wpsocio/wptelegram-login/releases/tag/v1.10.5)
 
 ### Bug fixes

diff --git a/src/languages/wptelegram-login-de_DE.po b/src/languages/wptelegram-login-de_DE.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WPTelegram Login 1.0.0\n"
 "Report-Msgid-Bugs-To: https://github.com/wpsocio/wptelegram-login\n"
-"POT-Creation-Date: 2023-10-08 07:45:52+00:00\n"
+"POT-Creation-Date: 2023-10-08 12:23:15+00:00\n"
 "PO-Revision-Date: 2021-02-16 02:08+0530\n"
 "Last-Translator: \n"
 "Language-Team: WPTelegram\n"
@@ -534,35 +534,35 @@ msgstr "%s wird benötigt."
 msgid "Changes could not be saved."
 msgstr "Die Änderungen konnten nicht gespeichert werden."
 
-#: shared/LoginHandler.php:179
+#: shared/LoginHandler.php:193
 msgid "Unauthorized! Data is NOT from Telegram"
 msgstr "Unautorisiert! Diese Daten stammen NICHT von Telegram"
 
-#: shared/LoginHandler.php:183
+#: shared/LoginHandler.php:197
 msgid "Invalid! The data is outdated"
 msgstr "Ungültig! Die Daten sind abgelaufen/veraltet"
 
-#: shared/LoginHandler.php:330
+#: shared/LoginHandler.php:344
 msgid "Invalid! The data is incomplete"
 msgstr "Ungültig! Die Daten sind unvollständig"
 
-#: shared/LoginHandler.php:347
+#: shared/LoginHandler.php:361
 msgid ""
 "The Telegram User ID is already associated with another existing user. "
 "Please contact the admin"
 msgstr ""
 "Diese Telegram User ID ist bereits mit einem anderen existierenden Benutzer "
 "verbunden. Bitte den Administrator kontaktieren"
 
-#: shared/LoginHandler.php:365
+#: shared/LoginHandler.php:379
 msgid ""
 "Sign up via Telegram is disabled. You must first create an account and "
 "connect it to Telegram to be able to use Telegram Login"
 msgstr ""
 "Anmelden über Telegram ist deaktiviert. Du musst zuerst einen Account "
 "anlegen und mit Telegram verbinden, um Telegram Login verwenden zu können."
 
-#: shared/LoginHandler.php:427 shared/LoginHandler.php:447
+#: shared/LoginHandler.php:441 shared/LoginHandler.php:461
 msgid "Telegram sign in could not be completed."
 msgstr "Die Telegram-Anmeldung konnte nicht erfolgreich durchgeführt werden."
 

diff --git a/src/languages/wptelegram-login-ru_RU.po b/src/languages/wptelegram-login-ru_RU.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WPTelegram Login 1.0.0\n"
 "Report-Msgid-Bugs-To: https://github.com/wpsocio/wptelegram-login\n"
-"POT-Creation-Date: 2023-10-08 07:45:52+00:00\n"
+"POT-Creation-Date: 2023-10-08 12:23:15+00:00\n"
 "PO-Revision-Date: 2021-02-16 02:08+0530\n"
 "Last-Translator: \n"
 "Language-Team: WPTelegram\n"
@@ -529,27 +529,27 @@ msgstr ""
 msgid "Changes could not be saved."
 msgstr ""
 
-#: shared/LoginHandler.php:179
+#: shared/LoginHandler.php:193
 msgid "Unauthorized! Data is NOT from Telegram"
 msgstr "Несанкционированный! Данные НЕ из Telegram"
 
-#: shared/LoginHandler.php:183
+#: shared/LoginHandler.php:197
 msgid "Invalid! The data is outdated"
 msgstr "Ошибка! Данные устарели"
 
-#: shared/LoginHandler.php:330
+#: shared/LoginHandler.php:344
 msgid "Invalid! The data is incomplete"
 msgstr "Ошибка! Данные неполные"
 
-#: shared/LoginHandler.php:347
+#: shared/LoginHandler.php:361
 msgid ""
 "The Telegram User ID is already associated with another existing user. "
 "Please contact the admin"
 msgstr ""
 "Идентификатор пользователя Telegram уже связан с другой существующей учетной "
 "записью. Пожалуйста, свяжитесь с администратором"
 
-#: shared/LoginHandler.php:365
+#: shared/LoginHandler.php:379
 msgid ""
 "Sign up via Telegram is disabled. You must first create an account and "
 "connect it to Telegram to be able to use Telegram Login"
@@ -558,7 +558,7 @@ msgstr ""
 "запись и подключить к ней Telegram, чтобы иметь возможность входа через "
 "Telegram"
 
-#: shared/LoginHandler.php:427 shared/LoginHandler.php:447
+#: shared/LoginHandler.php:441 shared/LoginHandler.php:461
 msgid "Telegram sign in could not be completed."
 msgstr "Не удалось выполнить вход через Telegram."
 

diff --git a/src/languages/wptelegram-login-uk.po b/src/languages/wptelegram-login-uk.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WPTelegram Login 1.0.0\n"
 "Report-Msgid-Bugs-To: https://github.com/wpsocio/wptelegram-login\n"
-"POT-Creation-Date: 2023-10-08 07:45:52+00:00\n"
+"POT-Creation-Date: 2023-10-08 12:23:15+00:00\n"
 "PO-Revision-Date: 2021-02-16 02:09+0530\n"
 "Last-Translator: \n"
 "Language-Team: WPTelegram\n"
@@ -528,27 +528,27 @@ msgstr "%s є обов'язковим."
 msgid "Changes could not be saved."
 msgstr "Не вдається зберегти зміни."
 
-#: shared/LoginHandler.php:179
+#: shared/LoginHandler.php:193
 msgid "Unauthorized! Data is NOT from Telegram"
 msgstr "Несанкціоновано! Дані НЕ від Telegram"
 
-#: shared/LoginHandler.php:183
+#: shared/LoginHandler.php:197
 msgid "Invalid! The data is outdated"
 msgstr "Недійсний! Дані застарілі"
 
-#: shared/LoginHandler.php:330
+#: shared/LoginHandler.php:344
 msgid "Invalid! The data is incomplete"
 msgstr "Недійсний! Дані неповні"
 
-#: shared/LoginHandler.php:347
+#: shared/LoginHandler.php:361
 msgid ""
 "The Telegram User ID is already associated with another existing user. "
 "Please contact the admin"
 msgstr ""
 "Ідентифікатор користувача Telegram вже пов'язаний з іншим наявним "
 "користувачем. Будь ласка, зверніться до адміністратора"
 
-#: shared/LoginHandler.php:365
+#: shared/LoginHandler.php:379
 msgid ""
 "Sign up via Telegram is disabled. You must first create an account and "
 "connect it to Telegram to be able to use Telegram Login"
@@ -557,7 +557,7 @@ msgstr ""
 "запис і підключити його до Telegram, щоб мати можливість користуватися "
 "Telegram Вхід"
 
-#: shared/LoginHandler.php:427 shared/LoginHandler.php:447
+#: shared/LoginHandler.php:441 shared/LoginHandler.php:461
 msgid "Telegram sign in could not be completed."
 msgstr "Не вдалося увійти в Telegram."
 

diff --git a/src/languages/wptelegram-login.pot b/src/languages/wptelegram-login.pot
@@ -2,13 +2,13 @@
 # This file is distributed under the GPL-2.0+.
 msgid ""
 msgstr ""
-"Project-Id-Version: WP Telegram Login 1.10.5\n"
+"Project-Id-Version: WP Telegram Login 1.10.6\n"
 "Report-Msgid-Bugs-To: https://github.com/wpsocio/wptelegram-login\n"
-"POT-Creation-Date: 2023-10-08 07:45:52+00:00\n"
+"POT-Creation-Date: 2023-10-08 12:23:15+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2023-10-8 7:450\n"
+"PO-Revision-Date: 2023-10-8 12:230\n"
 "Last-Translator: WP Telegram Login\n"
 "Language-Team: WP Telegram Login\n"
 "Language: en_US\n"
@@ -511,31 +511,31 @@ msgstr ""
 msgid "Changes could not be saved."
 msgstr ""
 
-#: shared/LoginHandler.php:179
+#: shared/LoginHandler.php:193
 msgid "Unauthorized! Data is NOT from Telegram"
 msgstr ""
 
-#: shared/LoginHandler.php:183
+#: shared/LoginHandler.php:197
 msgid "Invalid! The data is outdated"
 msgstr ""
 
-#: shared/LoginHandler.php:330
+#: shared/LoginHandler.php:344
 msgid "Invalid! The data is incomplete"
 msgstr ""
 
-#: shared/LoginHandler.php:347
+#: shared/LoginHandler.php:361
 msgid ""
 "The Telegram User ID is already associated with another existing user. "
 "Please contact the admin"
 msgstr ""
 
-#: shared/LoginHandler.php:365
+#: shared/LoginHandler.php:379
 msgid ""
 "Sign up via Telegram is disabled. You must first create an account and "
 "connect it to Telegram to be able to use Telegram Login"
 msgstr ""
 
-#: shared/LoginHandler.php:427 shared/LoginHandler.php:447
+#: shared/LoginHandler.php:441 shared/LoginHandler.php:461
 msgid "Telegram sign in could not be completed."
 msgstr ""
 

diff --git a/src/shared/LoginHandler.php b/src/shared/LoginHandler.php
@@ -45,7 +45,7 @@ public function telegram_login() {
 		$input = wp_unslash( $_GET ); // phpcs:disable WordPress.Security.NonceVerification.Recommended
 
 		// Remove any unwanted fields.
-		$input = $this->filter_input_fields( $input );
+		$input = $this->cleanup_input( $input );
 
 		try {
 			$auth_data = $this->validate_auth_data( $input );
@@ -116,36 +116,50 @@ public function is_valid_login_request() {
 	 * Filter the input by removing any unwanted fields
 	 * Especially in case of the query type permalinks.
 	 *
-	 * @since    1.0.0
+	 * @since    1.10.6
 	 *
 	 * @param array $input The data passed.
 	 *
 	 * @return array
 	 */
-	public function filter_input_fields( $input ) {
-
-		$query_params = [
-			// Shared fields.
-			'auth_date'     => '',
-			'hash'          => '',
-			// Normal login fields.
-			'id'            => '',
-			'first_name'    => '',
-			'last_name'     => '',
-			'username'      => '',
-			'photo_url'     => '',
-			// WebAppData fields.
-			'query_id'      => '',
-			'user'          => '',
-			'chat_instance' => '',
-			'chat_type'     => '',
+	private function cleanup_input( $input ) {
+
+		$validation_query_params = [
+			// Common fields.
+			'auth_date',
+			'hash',
+			/**
+			 * Normal login fields.
+			 *
+			 * @link https://core.telegram.org/widgets/login#receiving-authorization-data
+			 */
+			'id',
+			'first_name',
+			'last_name',
+			'username',
+			'photo_url',
+			/**
+			 * WebAppInitData
+			 *
+			 * @link https://core.telegram.org/bots/webapps#webappinitdata
+			 */
+			'query_id',
+			'user',
+			'receiver',
+			'chat',
+			'chat_type',
+			'start_param',
+			'can_send_after',
+			'chat_instance',
 			// Misc.
-			'source'        => '',
+			'source',
 		];
 
-		$query_params = apply_filters( 'wptelegram_login_validation_query_params', $query_params, $input );
+		$validation_query_params = apply_filters( 'wptelegram_login_validation_query_params', $validation_query_params, $input );
+
+		$clean_input = array_intersect_key( $input, array_flip( $validation_query_params ) );
 
-		return array_intersect_key( $input, $query_params );
+		return apply_filters( 'wptelegram_login_clean_input', $clean_input, $input );
 	}
 
 	/**

diff --git a/src/wptelegram-login.php b/src/wptelegram-login.php
@@ -10,7 +10,7 @@
  * Plugin Name:       WP Telegram Login
  * Plugin URI:        https://t.me/WPTelegram
  * Description:       Let the users login to your WordPress website with their Telegram and make it simple for them to get connected and let them receive their email notifications on Telegram.
- * Version:           1.10.5
+ * Version:           1.10.6
  * Requires at least: 6.0
  * Requires PHP:      7.0
  * Author:            WP Socio
@@ -29,7 +29,7 @@
 /**
  * Currently plugin version.
  */
-define( 'WPTELEGRAM_LOGIN_VER', '1.10.5' );
+define( 'WPTELEGRAM_LOGIN_VER', '1.10.6' );
 
 defined( 'WPTELEGRAM_LOGIN_MAIN_FILE' ) || define( 'WPTELEGRAM_LOGIN_MAIN_FILE', __FILE__ );