From aba70097eaadf7590f4862bb99180dc6cc137306 Mon Sep 17 00:00:00 2001
From: Grzegorz Rola <grola@seostudio.pl>
Date: Mon, 11 Mar 2024 13:31:42 +0100
Subject: [PATCH] bugfix(ajax): permission check

---
 .env.testing                                            | 2 +-
 src/WPDesk/Notice/AjaxHandler.php                       | 2 +-
 tests/codeception/tests/integration.suite.yml           | 1 -
 tests/codeception/tests/integration/AjaxHandlerTest.php | 1 -
 tests/codeception/wpdesk.yml                            | 1 +
 5 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.env.testing b/.env.testing
index 0bf105f..2e2439f 100644
--- a/.env.testing
+++ b/.env.testing
@@ -12,7 +12,7 @@ TEST_DB_PASSWORD="mysql"
 TEST_TABLE_PREFIX="wp_"
 TEST_SITE_WP_URL="http://${WOOTESTS_IP}"
 TEST_SITE_WP_DOMAIN="${WOOTESTS_IP}"
-TEST_SITE_ADMIN_EMAIL="grola@seostudio.pl"
+TEST_SITE_ADMIN_EMAIL="grola@octolize.dev"
 TEST_SITE_ADMIN_USERNAME="admin"
 TEST_SITE_ADMIN_PASSWORD="admin"
 SELENIUM_HOST="chrome"
diff --git a/src/WPDesk/Notice/AjaxHandler.php b/src/WPDesk/Notice/AjaxHandler.php
index 64c8717..fd864cf 100644
--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -79,7 +79,7 @@ class AjaxHandler implements HookablePluginDependant {
             $noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] );
 
             $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
-            ajax_check_referer( $option_name, self::POST_FIELD_SECURITY );
+            check_ajax_referer( $option_name, self::POST_FIELD_SECURITY );
 
             if ( ! current_user_can( 'edit_posts' ) ) {
                 wp_send_json_error();
diff --git a/tests/codeception/tests/integration.suite.yml b/tests/codeception/tests/integration.suite.yml
index 1f3f494..25ef607 100644
--- a/tests/codeception/tests/integration.suite.yml
+++ b/tests/codeception/tests/integration.suite.yml
@@ -32,7 +32,6 @@ modules:
             dbPassword: "%TEST_SITE_DB_PASSWORD%"
             isolatedInstall: false
             loadOnly: false
-            skipPluggables: false
             tablePrefix: "%TEST_SITE_TABLE_PREFIX%"
             plugins: []
             activatePlugins: []
diff --git a/tests/codeception/tests/integration/AjaxHandlerTest.php b/tests/codeception/tests/integration/AjaxHandlerTest.php
index 9967080..c0f40f9 100644
--- a/tests/codeception/tests/integration/AjaxHandlerTest.php
+++ b/tests/codeception/tests/integration/AjaxHandlerTest.php
@@ -91,7 +91,6 @@ class AjaxHandlerTest extends WPTestCase {
 	}
 
     public function testShoulfNotProcessAjaxNoticeDismissWhenInvalidNonce() {
-        defince( 'DOING_AJAX', true );
         $_POST[ AjaxHandler::POST_FIELD_NOTICE_NAME ] = self::NOTICE_NAME;
         $_POST[ AjaxHandler::POST_FIELD_SECURITY ] = wp_create_nonce();
 
diff --git a/tests/codeception/wpdesk.yml b/tests/codeception/wpdesk.yml
index 870a58c..b0bbcb5 100644
--- a/tests/codeception/wpdesk.yml
+++ b/tests/codeception/wpdesk.yml
@@ -3,6 +3,7 @@ plugin-file: none
 plugin-title: none
 plugins:
   repository:
+    - woocommerce
   local:
   activate:
 prepare-database:
-- 
GitLab