From aba70097eaadf7590f4862bb99180dc6cc137306 Mon Sep 17 00:00:00 2001 From: Grzegorz Rola <grola@seostudio.pl> Date: Mon, 11 Mar 2024 13:31:42 +0100 Subject: [PATCH] bugfix(ajax): permission check --- .env.testing | 2 +- src/WPDesk/Notice/AjaxHandler.php | 2 +- tests/codeception/tests/integration.suite.yml | 1 - tests/codeception/tests/integration/AjaxHandlerTest.php | 1 - tests/codeception/wpdesk.yml | 1 + 5 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.env.testing b/.env.testing index 0bf105f..2e2439f 100644 --- a/.env.testing +++ b/.env.testing @@ -12,7 +12,7 @@ TEST_DB_PASSWORD="mysql" TEST_TABLE_PREFIX="wp_" TEST_SITE_WP_URL="http://${WOOTESTS_IP}" TEST_SITE_WP_DOMAIN="${WOOTESTS_IP}" -TEST_SITE_ADMIN_EMAIL="grola@seostudio.pl" +TEST_SITE_ADMIN_EMAIL="grola@octolize.dev" TEST_SITE_ADMIN_USERNAME="admin" TEST_SITE_ADMIN_PASSWORD="admin" SELENIUM_HOST="chrome" diff --git a/src/WPDesk/Notice/AjaxHandler.php b/src/WPDesk/Notice/AjaxHandler.php index 64c8717..fd864cf 100644 --- a/src/WPDesk/Notice/AjaxHandler.php +++ b/src/WPDesk/Notice/AjaxHandler.php @@ -79,7 +79,7 @@ class AjaxHandler implements HookablePluginDependant { $noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] ); $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName; - ajax_check_referer( $option_name, self::POST_FIELD_SECURITY ); + check_ajax_referer( $option_name, self::POST_FIELD_SECURITY ); if ( ! current_user_can( 'edit_posts' ) ) { wp_send_json_error(); diff --git a/tests/codeception/tests/integration.suite.yml b/tests/codeception/tests/integration.suite.yml index 1f3f494..25ef607 100644 --- a/tests/codeception/tests/integration.suite.yml +++ b/tests/codeception/tests/integration.suite.yml @@ -32,7 +32,6 @@ modules: dbPassword: "%TEST_SITE_DB_PASSWORD%" isolatedInstall: false loadOnly: false - skipPluggables: false tablePrefix: "%TEST_SITE_TABLE_PREFIX%" plugins: [] activatePlugins: [] diff --git a/tests/codeception/tests/integration/AjaxHandlerTest.php b/tests/codeception/tests/integration/AjaxHandlerTest.php index 9967080..c0f40f9 100644 --- a/tests/codeception/tests/integration/AjaxHandlerTest.php +++ b/tests/codeception/tests/integration/AjaxHandlerTest.php @@ -91,7 +91,6 @@ class AjaxHandlerTest extends WPTestCase { } public function testShoulfNotProcessAjaxNoticeDismissWhenInvalidNonce() { - defince( 'DOING_AJAX', true ); $_POST[ AjaxHandler::POST_FIELD_NOTICE_NAME ] = self::NOTICE_NAME; $_POST[ AjaxHandler::POST_FIELD_SECURITY ] = wp_create_nonce(); diff --git a/tests/codeception/wpdesk.yml b/tests/codeception/wpdesk.yml index 870a58c..b0bbcb5 100644 --- a/tests/codeception/wpdesk.yml +++ b/tests/codeception/wpdesk.yml @@ -3,6 +3,7 @@ plugin-file: none plugin-title: none plugins: repository: + - woocommerce local: activate: prepare-database: -- GitLab