Skip to content
Snippets Groups Projects
Commit c18ea4cf authored by Grzegorz Rola's avatar Grzegorz Rola
Browse files

feature(ajax): added nonce

parent d19bb1dd
No related branches found
No related tags found
1 merge request!26feature(ajax): added nonce
Pipeline #166077 passed
Stage: prepare-vendor
Stage: tools
Stage: tests
Stage: deploy
Show whitespace changes
Inline Side-by-side
assets/js/notice.js
+ 5
2
View file @ c18ea4cf
jQuery( document ).on( 'click', '.notice-dismiss', function() {
var notice_name = jQuery(this).closest('div.notice').data('notice-name');
var source = jQuery(this).closest('div.notice').data('source');
const $notice_div= jQuery(this).closest('div.notice');
const notice_name = $notice_div.data('notice-name');
const source = $notice_div.data('source');
const security = $notice_div.data('security');
if ('' !== notice_name) {
jQuery.ajax({
url: ajaxurl,
type: 'post',
data: {
security: security,
action: 'wpdesk_notice_dismiss',
notice_name: notice_name,
source: source,
......
assets/js/notice.min.js deleted 100644 → 0
+ 0
1
View file @ d19bb1dd
jQuery(document).on("click",".notice-dismiss",function(){var a=jQuery(this).closest("div.notice").data("notice-name");var b=jQuery(this).closest("div.notice").data("source");if(""!==a){jQuery.ajax({url:ajaxurl,type:"post",data:{action:"wpdesk_notice_dismiss",notice_name:a,source:b},success:function(c){}})}});jQuery(document).on("click",".notice-dismiss-link",function(){jQuery(this).closest("div.notice").data("source",jQuery(this).data("source"));jQuery(this).closest("div.notice").find(".notice-dismiss").click()});
\ No newline at end of file
composer.json
+ 1
1
View file @ c18ea4cf
......@@ -17,7 +17,7 @@
}
},
"require": {
"php": ">=5.5",
"php": ">=7.0",
"wpdesk/wp-builder": "^1.0|^2.0"
},
"require-dev": {
......
src/WPDesk/Notice/AjaxHandler.php
+ 30
30
View file @ c18ea4cf
......@@ -12,13 +12,13 @@ use WPDesk\PluginBuilder\Plugin\PluginAccess;
*
* @package WPDesk\Notice
*/
class AjaxHandler implements HookablePluginDependant
{
class AjaxHandler implements HookablePluginDependant {
use PluginAccess;
const POST_FIELD_NOTICE_NAME = 'notice_name';
const POST_FIELD_SOURCE = 'source';
const POST_FIELD_SECURITY = 'security';
const SCRIPTS_VERSION = '4';
const SCRIPT_HANDLE = 'wpdesk_notice';
......@@ -33,16 +33,14 @@ class AjaxHandler implements HookablePluginDependant
*
* @param string|null $assetsURL Assets URL.
*/
public function __construct($assetsURL = null)
{
public function __construct( $assetsURL = null ) {
$this->assetsURL = $assetsURL;
}
/**
* Hooks.
*/
public function hooks()
{
public function hooks() {
if ( $this->assetsURL ) {
add_action( 'admin_enqueue_scripts', [ $this, 'enqueueAdminScripts' ] );
} else {
......@@ -54,13 +52,11 @@ class AjaxHandler implements HookablePluginDependant
/**
* Enqueue admin scripts.
*/
public function enqueueAdminScripts()
{
$suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '' : '.min';
public function enqueueAdminScripts() {
wp_register_script(
self::SCRIPT_HANDLE,
trailingslashit($this->assetsURL) . 'js/notice' . $suffix . '.js',
array( 'jquery' ),
trailingslashit( $this->assetsURL ) . 'js/notice.js',
[ 'jquery' ],
self::SCRIPTS_VERSION
);
wp_enqueue_script( self::SCRIPT_HANDLE );
......@@ -69,8 +65,7 @@ class AjaxHandler implements HookablePluginDependant
/**
* Add Java Script to admin header.
*/
public function addScriptToAdminHead()
{
public function addScriptToAdminHead() {
include __DIR__ . '/views/admin-head-js.php';
}
......@@ -79,8 +74,7 @@ class AjaxHandler implements HookablePluginDependant
*
* Updates corresponded WordPress option and fires wpdesk_notice_dismissed_notice action with notice name.
*/
public function processAjaxNoticeDismiss()
{
public function processAjaxNoticeDismiss() {
if ( isset( $_POST[ self::POST_FIELD_NOTICE_NAME ] ) ) {
$noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] );
......@@ -90,12 +84,18 @@ class AjaxHandler implements HookablePluginDependant
$source = null;
}
$security = $_POST[ self::POST_FIELD_SECURITY ] ?? '';
$option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
if ( wp_verify_nonce( $security, $option_name ) ) {
update_option(
PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName,
$option_name,
PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
);
do_action( 'wpdesk_notice_dismissed_notice', $noticeName, $source );
}
}
if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
die();
}
......
src/WPDesk/Notice/PermanentDismissibleNotice.php
+ 8
0
View file @ c18ea4cf
......@@ -19,6 +19,11 @@ class PermanentDismissibleNotice extends Notice
*/
private $noticeName;
/**
* @var string
*/
private $noticeSecurity;
/**
* @var string
*/
......@@ -47,6 +52,8 @@ class PermanentDismissibleNotice extends Notice
$this->noticeDismissOptionName = static::OPTION_NAME_PREFIX . $noticeName;
if (self::OPTION_VALUE_DISMISSED === get_option($this->noticeDismissOptionName, '')) {
$this->removeAction();
} else {
$this->noticeSecurity = wp_create_nonce($this->noticeDismissOptionName);
}
}
......@@ -68,6 +75,7 @@ class PermanentDismissibleNotice extends Notice
{
$attributesAsString = parent::getAttributesAsString();
$attributesAsString .= sprintf(' data-notice-name="%1$s"', esc_attr($this->noticeName));
$attributesAsString .= sprintf(' data-security="%1$s"', esc_attr($this->noticeSecurity));
$attributesAsString .= sprintf(' id="wpdesk-notice-%1$s"', esc_attr($this->noticeName));
return $attributesAsString;
}
......
src/WPDesk/Notice/views/admin-head-js.php
+ 1
1
View file @ c18ea4cf
......@@ -4,5 +4,5 @@ if ( ! defined( 'ABSPATH' ) ) {
} // Exit if accessed directly
?>
<script type="text/javascript">
<?php include dirname(__FILE__, 5) . '/assets/js/notice.min.js'; ?>
<?php include dirname(__FILE__, 5) . '/assets/js/notice.js'; ?>
</script>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment