Skip to content

Commit

Permalink
Update promo banner nonce validation (#1723)
Browse files Browse the repository at this point in the history
  • Loading branch information
@obiPlabon
obiPlabon authored Mar 31, 2024
1 parent d10b46d commit 0878d63
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 12 deletions.
30 changes: 19 additions & 11 deletions includes/classes/class-upgrade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public function bfcm_notice() {
$dismiss_url = add_query_arg(
array(
'directorist_promo2_closed_version' => $version,
'directorist_promo2_nonce' => wp_create_nonce( 'directorist_promo2_closed_version' ),
'directorist_promo_nonce' => wp_create_nonce( 'directorist_promo_nonce' ),
),
atbdp_get_current_url()
);
Expand Down Expand Up @@ -140,12 +140,18 @@ public function upgrade_notice() {

$text .= sprintf( __( '<p class="directorist__notice_new"><span>Congratulations!</span> You are now using the latest version of Directorist with some cool <a href="%s" target="blank">new features</a>. If you are using any of our premium theme or extension, please update them from this <a href="%s">page</a> </p>', 'directorist' ), $link, $membership_page );

$text .= sprintf( __( '<p class="directorist__notice_new_action"><a href="%s" class="directorist__notice_new__btn">Continue using Directorist 7.0 </a><a target="blank" href="%s"> Roll back to v6.5.8</a></p>', 'directorist' ), add_query_arg( 'directorist-v7', 1 ), $wp_rollback );
$text .= sprintf(
__( '<p class="directorist__notice_new_action"><a href="%s" class="directorist__notice_new__btn">Continue using Directorist 7.0</a> or <a target="_blank" href="%s">Roll back to v6.5.8</a></p>', 'directorist' ),
add_query_arg( array(
'directorist-v7' => 1,
'directorist_migration_nonce' => wp_create_nonce( 'directorist_migration_nonce' )
) ),
$wp_rollback
);

$notice = '<div class="notice notice-warning is-dismissible directorist-plugin-updater-notice" style="font-weight:bold;padding-top: 5px;padding-bottom: 5px;">' . $text . '</div>';

echo wp_kses_post( $notice );

}

public function configure_notices() {
Expand All @@ -154,24 +160,26 @@ public function configure_notices() {
}

$this->directorist_notices = get_option( 'directorist_notices' );

$this->directorist_migration = get_option( 'directorist_migration' );

if ( isset( $_GET['directorist-v7'] ) ) {
if ( isset( $_GET['directorist-v7'], $_GET['directorist_migration_nonce'] ) && wp_verify_nonce( $_GET['directorist_migration_nonce'], 'directorist_migration_nonce' ) ) {
$this->directorist_migration[ $this->upgrade_notice_id ] = 1;
update_option( 'directorist_migration', $this->directorist_migration );
}

if ( isset( $_GET['directorist-depricated-notice'] ) ) {
$this->directorist_notices[ $this->legacy_notice_id ] = 1;
update_option( 'directorist_notices', $this->directorist_notices );
}
/**
* Didn't find any use of the 'directorist-depricated-notice'.
*/
// if ( isset( $_GET['directorist-depricated-notice'] ) ) {
// $this->directorist_notices[ $this->legacy_notice_id ] = 1;
// update_option( 'directorist_notices', $this->directorist_notices );
// }

if ( isset( $_GET['close-directorist-promo-version'], $_GET['directorist_promo_nonce'] ) && wp_verify_nonce( $_GET['directorist_promo_nonce'], 'close-directorist-promo-version' ) ) {
if ( isset( $_GET['close-directorist-promo-version'], $_GET['directorist_promo_nonce'] ) && wp_verify_nonce( $_GET['directorist_promo_nonce'], 'directorist_promo_nonce' ) ) {
update_user_meta( get_current_user_id(), '_directorist_promo_closed', directorist_clean( wp_unslash( $_GET['close-directorist-promo-version'] ) ) );
}

if ( isset( $_GET['directorist_promo2_closed_version'], $_GET['directorist_promo2_nonce'] ) && wp_verify_nonce( $_GET['directorist_promo2_nonce'], 'directorist_promo2_closed_version' ) ) {
if ( isset( $_GET['directorist_promo2_closed_version'], $_GET['directorist_promo_nonce'] ) && wp_verify_nonce( $_GET['directorist_promo_nonce'], 'directorist_promo_nonce' ) ) {
update_user_meta( get_current_user_id(), 'directorist_promo2_closed_version', directorist_clean( wp_unslash( $_GET['directorist_promo2_closed_version'] ) ) );
}
}
Expand Down
2 changes: 1 addition & 1 deletion views/admin-templates/admin-promo-banner.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@

$url_args = [
'close-directorist-promo-version' => $promo_version,
'directorist_promo_nonce' => wp_create_nonce( 'close-directorist-promo-version' )
'directorist_promo_nonce' => wp_create_nonce( 'directorist_promo_nonce' )
];
?>
<div class="directorist_membership-notice">
Expand Down

0 comments on commit 0878d63

Please sign in to comment.