feature(ajax): added nonce

CHANGELOG.md

-## [3.2.1] - 2023-02-10
+## [3.2.2] - 2023-03-02
+### Added
+- security nonce in permanent dismissible notice ajax action
 
+## [3.2.1] - 2023-02-10
 ### Changed
-
 - Changed dodgy string with `../../..` for `dirname` with level parameter
 
 ## [3.2.0] - 2022-05-27

tests/codeception/tests/integration.suite.yml

@@ -2,6 +2,8 @@
 #
 # Suite for integration tests.
 
+bootstrap: bootstrap.php
+
 modules:
     enabled:
         - WPDb
@@ -28,8 +30,8 @@ modules:
             dbHost: "%TEST_SITE_DB_HOST%"
             dbUser: "%TEST_SITE_DB_USER%"
             dbPassword: "%TEST_SITE_DB_PASSWORD%"
-            isolatedInstall: true
-            loadOnly: true
+            isolatedInstall: false
+            loadOnly: false
             tablePrefix: "%TEST_SITE_TABLE_PREFIX%"
             plugins: []
             activatePlugins: []

tests/codeception/tests/integration/AjaxHandlerTest.php

@@ -67,9 +67,10 @@ class AjaxHandlerTest extends WPTestCase {
 		$ajaxHandler = new AjaxHandler();
 		$ajaxHandler->hooks();
 
-		$this->expectOutputString( '<script type="text/javascript">
-jQuery(document).on("click",".notice-dismiss",function(){var a=jQuery(this).closest("div.notice").data("notice-name");var b=jQuery(this).closest("div.notice").data("source");if(""!==a){jQuery.ajax({url:ajaxurl,type:"post",data:{action:"wpdesk_notice_dismiss",notice_name:a,source:b},success:function(c){}})}});jQuery(document).on("click",".notice-dismiss-link",function(){jQuery(this).closest("div.notice").data("source",jQuery(this).data("source"));jQuery(this).closest("div.notice").find(".notice-dismiss").click()});
-</script>
+		$this->expectOutputString( '<script type="text/javascript">'
+                                   . "\n    "
+                                   . file_get_contents( __DIR__ . '/../../../../assets/js/notice.js' )
+                                   . '</script>
 '
 		);
 
@@ -78,6 +79,7 @@ jQuery(document).on("click",".notice-dismiss",function(){var a=jQuery(this).clos
 
 	public function testProcessAjaxNoticeDismiss() {
 		$_POST[ AjaxHandler::POST_FIELD_NOTICE_NAME ] = self::NOTICE_NAME;
+        $_POST[ AjaxHandler::POST_FIELD_SECURITY ] = wp_create_nonce( PermanentDismissibleNotice::OPTION_NAME_PREFIX . sanitize_text_field( self::NOTICE_NAME ) );
 
 		$ajaxHandler = new AjaxHandler( self::ASSETS_URL );
 		$ajaxHandler->processAjaxNoticeDismiss();

tests/codeception/tests/integration/FunctionsTest.php

+<?php
+
+namespace codeception\tests\integration;
+
+use Codeception\TestCase\WPTestCase;
+use \WPDesk\Notice\Notice;
+use \WPDesk\Notice\PermanentDismissibleNotice;
+
+/**
+ * Class TestFunctions
+ */
+class FunctionsTest extends WPTestCase {
+
+    public function setUp() {
+        parent::setUp();
+    }
+
+    public function tearDown() {
+        parent::tearDown();
+    }
+
+	/**
+	 * Test WPDeskWpNotice function.
+	 */
+	public function testWPDeskWpNotice() {
+		$notice = wpdesk_wp_notice( 'test function' );
+
+		$this->assertInstanceOf( Notice::class, $notice );
+
+		$this->expectOutputString( '<div class="notice notice-info"><p>test function</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	/**
+	 * Test WPDeskWpNoticeInfo function.
+	 */
+	public function testWPDeskWpNoticeInfo() {
+		$notice = wpdesk_wp_notice_info( 'test function' );
+
+		$this->assertInstanceOf( Notice::class, $notice );
+
+		$this->expectOutputString( '<div class="notice notice-info"><p>test function</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	/**
+	 * Test WPDeskWpNoticeError function.
+	 */
+	public function testWPDeskWpNoticeError() {
+		$notice = wpdesk_wp_notice_error( 'test function' );
+
+		$this->assertInstanceOf( Notice::class, $notice );
+
+		$this->expectOutputString( '<div class="notice notice-error"><p>test function</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	/**
+	 * Test WPDeskWpNoticeWarning function.
+	 */
+	public function testWPDeskWpNoticeWarning() {
+		$notice = wpdesk_wp_notice_warning( 'test function' );
+
+		$this->assertInstanceOf( Notice::class, $notice );
+
+		$this->expectOutputString( '<div class="notice notice-warning"><p>test function</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	/**
+	 * Test WPDeskWpNoticeSuccess function.
+	 */
+	public function testWPDeskWpNoticeSuccess() {
+		$notice = wpdesk_wp_notice_success( 'test function' );
+
+		$this->assertInstanceOf( Notice::class, $notice );
+
+		$this->expectOutputString( '<div class="notice notice-success"><p>test function</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	/**
+	 * Test WPDeskPermanentDismissibleWpNotice function.
+	 */
+	public function testWPDeskPermanentDismissibleWpNotice() {
+        $notice_name = 'test-notice';
+
+		$notice = wpdesk_permanent_dismissible_wp_notice(
+			'test function',
+			$notice_name,
+			Notice::NOTICE_TYPE_INFO
+		);
+
+        $security = wp_create_nonce( PermanentDismissibleNotice::OPTION_NAME_PREFIX . $notice_name );
+
+		$this->assertInstanceOf( PermanentDismissibleNotice::class, $notice );
+
+		$this->expectOutputString(
+			'<div class="notice notice-info is-dismissible" data-notice-name="' . $notice_name . '" data-security="' . $security . '" id="wpdesk-notice-test-notice"><p>test function</p></div>'
+		);
+
+		$notice->showNotice();
+	}
+
+	/**
+	 * Test WPDeskInitNoticeAjaxHandler function.
+	 */
+	public function testWPDeskInitWpNoticeAjaxHandler() {
+		$ajax_handler = wpdesk_init_wp_notice_ajax_handler();
+
+		$this->assertInstanceOf( \WPDesk\Notice\AjaxHandler::class, $ajax_handler );
+	}
+
+}

tests/codeception/tests/integration/NoticeTest.php

+<?php
+
+namespace codeception\tests\integration;
+
+use Codeception\TestCase\WPTestCase;
+use \WPDesk\Notice\Notice;
+
+class NoticeTest extends WPTestCase {
+
+    public function setUp() {
+        parent::setUp();
+    }
+
+    public function tearDown() {
+        parent::tearDown();
+    }
+
+    public function testAddAction() {
+		$notice_priority = 11;
+
+		$notice = new Notice( Notice::NOTICE_TYPE_INFO, 'test', false, $notice_priority );
+
+		$this->assertEquals( $notice_priority, has_action( 'admin_notices', [
+			$notice,
+			'showNotice',
+		], $notice_priority ) );
+
+		$this->assertEquals(
+			Notice::ADMIN_FOOTER_BASE_PRIORITY + intval( $notice_priority ),
+			has_action(
+				'admin_footer',
+				[ $notice, 'showNotice' ],
+				Notice::ADMIN_FOOTER_BASE_PRIORITY + intval( $notice_priority )
+			)
+		);
+	}
+
+	public function testShowNotice() {
+		$notice = new Notice( 'test' );
+
+		$this->expectOutputString( '<div class="notice notice-info"><p>test</p></div>' );
+
+		$notice->showNotice();
+
+		$this->assertFalse(
+			has_action( 'admin_notices', [ $notice, 'showNotice' ], 10 )
+		);
+		$this->assertFalse(
+			has_action( 'admin_footer', [ $notice, 'showNotice' ], 10 )
+		);
+	}
+
+	public function testShowNoticeError() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_ERROR );
+
+		$this->expectOutputString( '<div class="notice notice-error"><p>test</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	public function testShowNoticeWarning() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_WARNING );
+
+		$this->expectOutputString( '<div class="notice notice-warning"><p>test</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	public function testShowNoticeSuccess() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_SUCCESS );
+
+		$this->expectOutputString( '<div class="notice notice-success"><p>test</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	public function testShowNoticeDismissible() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_INFO, true );
+
+		$this->expectOutputString( '<div class="notice notice-info is-dismissible"><p>test</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	public function testNoticeContent() {
+		$noticeContent = 'test';
+
+		$notice = new Notice( $noticeContent );
+
+		$this->assertEquals( $noticeContent, $notice->getNoticeContent() );
+
+		$noticeContent = 'test 2';
+		$notice->setNoticeContent( $noticeContent );
+		$this->assertEquals( $noticeContent, $notice->getNoticeContent() );
+	}
+
+	public function testNoticeType() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_INFO );
+
+		$this->assertEquals( Notice::NOTICE_TYPE_INFO, $notice->getNoticeType() );
+
+		$notice->setNoticeType( Notice::NOTICE_TYPE_ERROR );
+		$this->assertEquals( Notice::NOTICE_TYPE_ERROR, $notice->getNoticeType() );
+	}
+
+	public function testDismissible() {
+		$notice = new Notice( 'test' );
+
+		$this->assertFalse( $notice->isDismissible() );
+
+		$notice->setDismissible( true );
+		$this->assertTrue( $notice->isDismissible() );
+	}
+
+	public function testPriority() {
+		$notice = new Notice( 'test' );
+
+		$this->assertEquals( 10, $notice->getPriority() );
+
+		$notice->setPriority( 20 );
+		$this->assertEquals( 20, $notice->getPriority() );
+	}
+
+	public function testAddAttribute() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_WARNING );
+
+		$notice->addAttribute( 'id', 'test_id' );
+
+		$this->expectOutputString( '<div class="notice notice-warning" id="test_id"><p>test</p></div>' );
+
+		$notice->showNotice();
+	}
+
+	public function testAddAttributeClass() {
+		$notice = new Notice( 'test', Notice::NOTICE_TYPE_WARNING );
+
+		$notice->addAttribute( 'class', 'test-class' );
+
+		$this->expectOutputString( '<div class="notice notice-warning test-class"><p>test</p></div>' );
+
+		$notice->showNotice();
+	}
+
+}

tests/codeception/tests/integration/PermanentDismissinleNoticeTest.php

+<?php
+
+namespace codeception\tests\integration;
+
+use Codeception\TestCase\WPTestCase;
+use \WPDesk\Notice\PermanentDismissibleNotice;
+
+class PermanentDismissinleNoticeTest extends WPTestCase {
+
+	const NOTICE_NAME = 'test_notice_name';
+
+    public function setUp() {
+        parent::setUp();
+    }
+
+    public function tearDown() {
+        parent::tearDown();
+    }
+
+	public function testAddAction() {
+		$notice_priority = 11;
+
+		$notice = new PermanentDismissibleNotice(
+			'test',
+			'test_name',
+			PermanentDismissibleNotice::NOTICE_TYPE_INFO,
+			$notice_priority
+		);
+
+		$this->assertEquals( $notice_priority, has_action( 'admin_notices', [
+			$notice,
+			'showNotice',
+		], $notice_priority ) );
+	}
+
+	public function testUndoDismiss() {
+		update_option(
+			PermanentDismissibleNotice::OPTION_NAME_PREFIX . self::NOTICE_NAME,
+			PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
+		);
+
+		$notice = new PermanentDismissibleNotice(
+			PermanentDismissibleNotice::NOTICE_TYPE_INFO,
+			self::NOTICE_NAME
+		);
+		$notice->undoDismiss();
+
+		$this->assertEquals(
+			'',
+			get_option( PermanentDismissibleNotice::OPTION_NAME_PREFIX . self::NOTICE_NAME, '' )
+		);
+	}
+
+	public function testShowNotice() {
+        $notice_name = 'test_name';
+
+		$notice = new PermanentDismissibleNotice(
+			'test',
+			$notice_name,
+			PermanentDismissibleNotice::NOTICE_TYPE_INFO
+		);
+
+        $security = wp_create_nonce( PermanentDismissibleNotice::OPTION_NAME_PREFIX . $notice_name );
+
+		$this->expectOutputString(
+            '<div class="notice notice-info is-dismissible" data-notice-name="' . $notice_name . '" data-security="' . $security . '" id="wpdesk-notice-test_name"><p>test</p></div>'
+		);
+
+		$notice->showNotice();
+	}
+
+}

tests/codeception/tests/integration/bootstrap.php

+<?php
+
+ini_set('error_reporting', E_ALL ^ E_DEPRECATED);
+
+

tests/integration/TestFunctions.php

-<?php
-
-use \WPDesk\Notice\Notice;
-use \WPDesk\Notice\PermanentDismissibleNotice;
-
-/**
- * Class TestFunctions
- */
-class TestFunctions extends WP_UnitTestCase
-{
-
-    /**
-     * Test redeclare functions.
-     */
-    public function testRedeclareFunctions()
-    {
-        include __DIR__ . '/../../src/WPDesk/notice-functions.php';
-        $this->assertTrue(true);
-    }
-
-    /**
-     * Test WPDeskWpNotice function.
-     */
-    public function testWPDeskWpNotice()
-    {
-        $notice = wpdesk_wp_notice('test function');
-
-        $this->assertInstanceOf(Notice::class, $notice);
-
-        $this->expectOutputString('<div class="notice notice-info"><p>test function</p></div>');
-
-        $notice->showNotice();
-    }
-
-    /**
-     * Test WPDeskWpNoticeInfo function.
-     */
-    public function testWPDeskWpNoticeInfo()
-    {
-        $notice = wpdesk_wp_notice_info('test function');
-
-        $this->assertInstanceOf(Notice::class, $notice);
-
-        $this->expectOutputString('<div class="notice notice-info"><p>test function</p></div>');
-
-        $notice->showNotice();
-    }
-
-    /**
-     * Test WPDeskWpNoticeError function.
-     */
-    public function testWPDeskWpNoticeError()
-    {
-        $notice = wpdesk_wp_notice_error('test function');
-
-        $this->assertInstanceOf(Notice::class, $notice);
-
-        $this->expectOutputString('<div class="notice notice-error"><p>test function</p></div>');
-
-        $notice->showNotice();
-    }
-
-    /**
-     * Test WPDeskWpNoticeWarning function.
-     */
-    public function testWPDeskWpNoticeWarning()
-    {
-        $notice = wpdesk_wp_notice_warning('test function');
-
-        $this->assertInstanceOf(Notice::class, $notice);
-
-        $this->expectOutputString('<div class="notice notice-warning"><p>test function</p></div>');
-
-        $notice->showNotice();
-    }
-
-    /**
-     * Test WPDeskWpNoticeSuccess function.
-     */
-    public function testWPDeskWpNoticeSuccess()
-    {
-        $notice = wpdesk_wp_notice_success('test function');
-
-        $this->assertInstanceOf(Notice::class, $notice);
-
-        $this->expectOutputString('<div class="notice notice-success"><p>test function</p></div>');
-
-        $notice->showNotice();
-    }
-
-    /**
-     * Test WPDeskPermanentDismissibleWpNotice function.
-     */
-    public function testWPDeskPermanentDismissibleWpNotice()
-    {
-        $notice = wpdesk_permanent_dismissible_wp_notice(
-            'test function',
-            'test-notice',
-            Notice::NOTICE_TYPE_INFO
-        );
-
-        $this->assertInstanceOf(PermanentDismissibleNotice::class, $notice);
-
-        $this->expectOutputString(
-            '<div class="notice notice-info is-dismissible" data-notice-name="test-notice" id="wpdesk-notice-test-notice"><p>test function</p></div>'
-        );
-
-        $notice->showNotice();
-    }
-
-    /**
-     * Test WPDeskInitNoticeAjaxHandler function.
-     */
-    public function testWPDeskInitWpNoticeAjaxHandler()
-    {
-        $ajax_handler = wpdesk_init_wp_notice_ajax_handler();
-
-        $this->assertInstanceOf(\WPDesk\Notice\AjaxHandler::class, $ajax_handler);
-    }
-
-}

tests/integration/TestNotice.php

-<?php
-
-use \WPDesk\Notice\Notice;
-
-class TestNotice extends WP_UnitTestCase
-{
-
-    public function testAddAction()
-    {
-        $notice_priority = 11;
-
-        $notice = new Notice(Notice::NOTICE_TYPE_INFO, 'test', false, $notice_priority);
-
-        $this->assertEquals($notice_priority, has_action('admin_notices', [$notice, 'showNotice'], $notice_priority));
-
-        $this->assertEquals(
-            Notice::ADMIN_FOOTER_BASE_PRIORITY + intval($notice_priority),
-            has_action(
-                'admin_footer',
-                [$notice, 'showNotice'],
-                Notice::ADMIN_FOOTER_BASE_PRIORITY + intval($notice_priority)
-            )
-        );
-    }
-
-    public function testShowNotice()
-    {
-        $notice = new Notice('test');
-
-        $this->expectOutputString('<div class="notice notice-info"><p>test</p></div>');
-
-        $notice->showNotice();
-
-        $this->assertFalse(
-            has_action('admin_notices', [$notice, 'showNotice'], 10)
-        );
-        $this->assertFalse(
-            has_action('admin_footer', [$notice, 'showNotice'], 10)
-        );
-    }
-
-    public function testShowNoticeError()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_ERROR);
-
-        $this->expectOutputString('<div class="notice notice-error"><p>test</p></div>');
-
-        $notice->showNotice();
-    }
-
-    public function testShowNoticeWarning()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_WARNING);
-
-        $this->expectOutputString('<div class="notice notice-warning"><p>test</p></div>');
-
-        $notice->showNotice();
-    }
-
-    public function testShowNoticeSuccess()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_SUCCESS);
-
-        $this->expectOutputString('<div class="notice notice-success"><p>test</p></div>');
-
-        $notice->showNotice();
-    }
-
-    public function testShowNoticeDismissible()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_INFO, true);
-
-        $this->expectOutputString('<div class="notice notice-info is-dismissible"><p>test</p></div>');
-
-        $notice->showNotice();
-    }
-
-    public function testNoticeContent()
-    {
-        $noticeContent = 'test';
-
-        $notice = new Notice($noticeContent);
-
-        $this->assertEquals($noticeContent, $notice->getNoticeContent());
-
-        $noticeContent = 'test 2';
-        $notice->setNoticeContent($noticeContent);
-        $this->assertEquals($noticeContent, $notice->getNoticeContent());
-    }
-
-    public function testNoticeType()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_INFO);
-
-        $this->assertEquals(Notice::NOTICE_TYPE_INFO, $notice->getNoticeType());
-
-        $notice->setNoticeType(Notice::NOTICE_TYPE_ERROR);
-        $this->assertEquals(Notice::NOTICE_TYPE_ERROR, $notice->getNoticeType());
-    }
-
-    public function testDismissible()
-    {
-        $notice = new Notice('test');
-
-        $this->assertFalse($notice->isDismissible());
-
-        $notice->setDismissible(true);
-        $this->assertTrue($notice->isDismissible());
-    }
-
-    public function testPriority()
-    {
-        $notice = new Notice('test');
-
-        $this->assertEquals(10, $notice->getPriority());
-
-        $notice->setPriority(20);
-        $this->assertEquals(20, $notice->getPriority());
-    }
-
-    public function testAddAttribute()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_WARNING);
-
-        $notice->addAttribute('id', 'test_id');
-
-        $this->expectOutputString('<div class="notice notice-warning" id="test_id"><p>test</p></div>');
-
-        $notice->showNotice();
-    }
-
-    public function testAddAttributeClass()
-    {
-        $notice = new Notice('test', Notice::NOTICE_TYPE_WARNING);
-
-        $notice->addAttribute('class', 'test-class');
-
-        $this->expectOutputString('<div class="notice notice-warning test-class"><p>test</p></div>');
-
-        $notice->showNotice();
-    }
-
-}

tests/integration/TestPermanentDismissinleNotice.php

-<?php
-
-use \WPDesk\Notice\PermanentDismissibleNotice;
-
-class TestPermanentDismissinleNotice extends WP_UnitTestCase
-{
-
-    const NOTICE_NAME = 'test_notice_name';
-
-    public function testAddAction()
-    {
-        $notice_priority = 11;
-
-        $notice = new PermanentDismissibleNotice(
-            'test',
-            'test_name',
-            PermanentDismissibleNotice::NOTICE_TYPE_INFO,
-            $notice_priority
-        );
-
-        $this->assertEquals($notice_priority, has_action('admin_notices', [$notice, 'showNotice'], $notice_priority));
-    }
-
-    public function testUndoDismiss()
-    {
-        update_option(
-            PermanentDismissibleNotice::OPTION_NAME_PREFIX . self::NOTICE_NAME,
-            PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
-        );
-
-        $notice = new PermanentDismissibleNotice(
-            PermanentDismissibleNotice::NOTICE_TYPE_INFO,
-            self::NOTICE_NAME
-        );
-        $notice->undoDismiss();
-
-        $this->assertEquals(
-            '',
-            get_option(PermanentDismissibleNotice::OPTION_NAME_PREFIX . self::NOTICE_NAME, '')
-        );
-    }
-
-    public function testShowNotice()
-    {
-        $notice = new PermanentDismissibleNotice(
-            'test',
-            'test_name',
-            PermanentDismissibleNotice::NOTICE_TYPE_INFO
-        );
-
-        $this->expectOutputString(
-            '<div class="notice notice-info is-dismissible" data-notice-name="test_name" id="wpdesk-notice-test_name"><p>test</p></div>'
-        );
-
-        $notice->showNotice();
-    }
-
-}