feature(ajax): added nonce

705c70a7 · Grzegorz Rola · 8f45787c · 705c70a7 · 705c70a7
Commit 705c70a7 authored 2 years ago by Grzegorz Rola
--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -94,10 +94,13 @@ class AjaxHandler implements HookablePluginDependant {
                    PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
                );
                do_action( 'wpdesk_notice_dismissed_notice', $noticeName, $source );
+                if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
+                    wp_send_json_success();
+                }
            }
        }
        if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
-            die();
+            wp_send_json_error();
        }
    }


--- a/tests/codeception/tests/integration/AjaxHandlerTest.php
+++ b/tests/codeception/tests/integration/AjaxHandlerTest.php
@@ -90,4 +90,17 @@ class AjaxHandlerTest extends WPTestCase {
 		);
 	}

+    public function testShoulfNotProcessAjaxNoticeDismissWhenInvalidNonce() {
+        $_POST[ AjaxHandler::POST_FIELD_NOTICE_NAME ] = self::NOTICE_NAME;
+        $_POST[ AjaxHandler::POST_FIELD_SECURITY ] = wp_create_nonce();
+
+        $ajaxHandler = new AjaxHandler( self::ASSETS_URL );
+        $ajaxHandler->processAjaxNoticeDismiss();
+
+        $this->assertNotEquals(
+            PermanentDismissibleNotice::OPTION_VALUE_DISMISSED,
+            get_option( PermanentDismissibleNotice::OPTION_NAME_PREFIX . self::NOTICE_NAME )
+        );
+    }
+
 }