diff --git a/assets/js/notice.js b/assets/js/notice.js index 2a206977b9c284ca2eaaebbf86fa2f59812a8db2..c5c396fe3cd7bf1da27ce530900dd42154f4a6c4 100644 --- a/assets/js/notice.js +++ b/assets/js/notice.js @@ -1,11 +1,14 @@ jQuery( document ).on( 'click', '.notice-dismiss', function() { - var notice_name = jQuery(this).closest('div.notice').data('notice-name'); - var source = jQuery(this).closest('div.notice').data('source'); + const $notice_div= jQuery(this).closest('div.notice'); + const notice_name = $notice_div.data('notice-name'); + const source = $notice_div.data('source'); + const security = $notice_div.data('security'); if ('' !== notice_name) { jQuery.ajax({ url: ajaxurl, type: 'post', data: { + security: security, action: 'wpdesk_notice_dismiss', notice_name: notice_name, source: source, diff --git a/assets/js/notice.min.js b/assets/js/notice.min.js deleted file mode 100644 index f5d79070ca619f44611617d8b47aa9cfd419634e..0000000000000000000000000000000000000000 --- a/assets/js/notice.min.js +++ /dev/null @@ -1 +0,0 @@ -jQuery(document).on("click",".notice-dismiss",function(){var a=jQuery(this).closest("div.notice").data("notice-name");var b=jQuery(this).closest("div.notice").data("source");if(""!==a){jQuery.ajax({url:ajaxurl,type:"post",data:{action:"wpdesk_notice_dismiss",notice_name:a,source:b},success:function(c){}})}});jQuery(document).on("click",".notice-dismiss-link",function(){jQuery(this).closest("div.notice").data("source",jQuery(this).data("source"));jQuery(this).closest("div.notice").find(".notice-dismiss").click()}); \ No newline at end of file diff --git a/composer.json b/composer.json index 944275dd5083028095f701f177d82988bc2e8e20..955dd0181ac1dd5df007167f31a070b6c9e157c1 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,7 @@ } }, "require": { - "php": ">=5.5", + "php": ">=7.0", "wpdesk/wp-builder": "^1.0|^2.0" }, "require-dev": { diff --git a/src/WPDesk/Notice/AjaxHandler.php b/src/WPDesk/Notice/AjaxHandler.php index 48e7e0bc39b3fe2dd5e0c7907b30fabc6dc62360..be5311e8e2317ec0acae870ef0a7a04487aedfb6 100644 --- a/src/WPDesk/Notice/AjaxHandler.php +++ b/src/WPDesk/Notice/AjaxHandler.php @@ -12,13 +12,13 @@ use WPDesk\PluginBuilder\Plugin\PluginAccess; * * @package WPDesk\Notice */ -class AjaxHandler implements HookablePluginDependant -{ +class AjaxHandler implements HookablePluginDependant { use PluginAccess; const POST_FIELD_NOTICE_NAME = 'notice_name'; const POST_FIELD_SOURCE = 'source'; + const POST_FIELD_SECURITY = 'security'; const SCRIPTS_VERSION = '4'; const SCRIPT_HANDLE = 'wpdesk_notice'; @@ -33,44 +33,39 @@ class AjaxHandler implements HookablePluginDependant * * @param string|null $assetsURL Assets URL. */ - public function __construct($assetsURL = null) - { + public function __construct( $assetsURL = null ) { $this->assetsURL = $assetsURL; } /** * Hooks. */ - public function hooks() - { - if ($this->assetsURL) { - add_action('admin_enqueue_scripts', [$this, 'enqueueAdminScripts']); + public function hooks() { + if ( $this->assetsURL ) { + add_action( 'admin_enqueue_scripts', [ $this, 'enqueueAdminScripts' ] ); } else { - add_action('admin_head', [$this,'addScriptToAdminHead']); + add_action( 'admin_head', [ $this, 'addScriptToAdminHead' ] ); } - add_action('wp_ajax_wpdesk_notice_dismiss', [$this, 'processAjaxNoticeDismiss']); + add_action( 'wp_ajax_wpdesk_notice_dismiss', [ $this, 'processAjaxNoticeDismiss' ] ); } /** * Enqueue admin scripts. */ - public function enqueueAdminScripts() - { - $suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '' : '.min'; + public function enqueueAdminScripts() { wp_register_script( self::SCRIPT_HANDLE, - trailingslashit($this->assetsURL) . 'js/notice' . $suffix . '.js', - array( 'jquery' ), + trailingslashit( $this->assetsURL ) . 'js/notice.js', + [ 'jquery' ], self::SCRIPTS_VERSION ); - wp_enqueue_script(self::SCRIPT_HANDLE); + wp_enqueue_script( self::SCRIPT_HANDLE ); } /** * Add Java Script to admin header. */ - public function addScriptToAdminHead() - { + public function addScriptToAdminHead() { include __DIR__ . '/views/admin-head-js.php'; } @@ -79,24 +74,29 @@ class AjaxHandler implements HookablePluginDependant * * Updates corresponded WordPress option and fires wpdesk_notice_dismissed_notice action with notice name. */ - public function processAjaxNoticeDismiss() - { - if (isset($_POST[self::POST_FIELD_NOTICE_NAME])) { - $noticeName = sanitize_text_field($_POST[self::POST_FIELD_NOTICE_NAME]); + public function processAjaxNoticeDismiss() { + if ( isset( $_POST[ self::POST_FIELD_NOTICE_NAME ] ) ) { + $noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] ); - if (isset($_POST[self::POST_FIELD_SOURCE])) { - $source = sanitize_text_field($_POST[ self::POST_FIELD_SOURCE ]); + if ( isset( $_POST[ self::POST_FIELD_SOURCE ] ) ) { + $source = sanitize_text_field( $_POST[ self::POST_FIELD_SOURCE ] ); } else { $source = null; } - update_option( - PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName, - PermanentDismissibleNotice::OPTION_VALUE_DISMISSED - ); - do_action('wpdesk_notice_dismissed_notice', $noticeName, $source); + $security = $_POST[ self::POST_FIELD_SECURITY ] ?? ''; + + $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName; + + if ( wp_verify_nonce( $security, $option_name ) ) { + update_option( + $option_name, + PermanentDismissibleNotice::OPTION_VALUE_DISMISSED + ); + do_action( 'wpdesk_notice_dismissed_notice', $noticeName, $source ); + } } - if (defined('DOING_AJAX') && DOING_AJAX) { + if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { die(); } } diff --git a/src/WPDesk/Notice/PermanentDismissibleNotice.php b/src/WPDesk/Notice/PermanentDismissibleNotice.php index 741b4c4e008da0431fd638a46639d3c1c4ae8700..bc481e9da3916f7e50b11283305f57db2ccfd86f 100644 --- a/src/WPDesk/Notice/PermanentDismissibleNotice.php +++ b/src/WPDesk/Notice/PermanentDismissibleNotice.php @@ -19,6 +19,11 @@ class PermanentDismissibleNotice extends Notice */ private $noticeName; + /** + * @var string + */ + private $noticeSecurity; + /** * @var string */ @@ -47,6 +52,8 @@ class PermanentDismissibleNotice extends Notice $this->noticeDismissOptionName = static::OPTION_NAME_PREFIX . $noticeName; if (self::OPTION_VALUE_DISMISSED === get_option($this->noticeDismissOptionName, '')) { $this->removeAction(); + } else { + $this->noticeSecurity = wp_create_nonce($this->noticeDismissOptionName); } } @@ -68,6 +75,7 @@ class PermanentDismissibleNotice extends Notice { $attributesAsString = parent::getAttributesAsString(); $attributesAsString .= sprintf(' data-notice-name="%1$s"', esc_attr($this->noticeName)); + $attributesAsString .= sprintf(' data-security="%1$s"', esc_attr($this->noticeSecurity)); $attributesAsString .= sprintf(' id="wpdesk-notice-%1$s"', esc_attr($this->noticeName)); return $attributesAsString; } diff --git a/src/WPDesk/Notice/views/admin-head-js.php b/src/WPDesk/Notice/views/admin-head-js.php index 0f716274ae1c25e678bae9bdf4fcabe11cf7b284..5509cb4a519cc87b6e0e30432ea3d82ac03572b3 100644 --- a/src/WPDesk/Notice/views/admin-head-js.php +++ b/src/WPDesk/Notice/views/admin-head-js.php @@ -4,5 +4,5 @@ if ( ! defined( 'ABSPATH' ) ) { } // Exit if accessed directly ?> <script type="text/javascript"> - <?php include dirname(__FILE__, 5) . '/assets/js/notice.min.js'; ?> + <?php include dirname(__FILE__, 5) . '/assets/js/notice.js'; ?> </script>