From 0c04890c764f8cff75b7a62e422caac0bf7a2527 Mon Sep 17 00:00:00 2001
From: Grzegorz Rola <grola@seostudio.pl>
Date: Mon, 11 Mar 2024 14:41:03 +0100
Subject: [PATCH] bugfix(ajax): permission check

---
 src/WPDesk/Notice/AjaxHandler.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/WPDesk/Notice/AjaxHandler.php b/src/WPDesk/Notice/AjaxHandler.php
index fd864cf..64c9b71 100644
--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -78,8 +78,8 @@ class AjaxHandler implements HookablePluginDependant {
         if ( isset( $_POST[ self::POST_FIELD_NOTICE_NAME ] ) ) {
             $noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] );
 
-            $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
-            check_ajax_referer( $option_name, self::POST_FIELD_SECURITY );
+            $optionName = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
+            check_ajax_referer( $optionName, self::POST_FIELD_SECURITY );
 
             if ( ! current_user_can( 'edit_posts' ) ) {
                 wp_send_json_error();
@@ -91,10 +91,8 @@ class AjaxHandler implements HookablePluginDependant {
                 $source = null;
             }
 
-            $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
-
             update_option(
-                $option_name,
+                $optionName,
                 PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
             );
             do_action( 'wpdesk_notice_dismissed_notice', $noticeName, $source );
-- 
GitLab