Adding in the last of the nonce validation checks.

krugazul · krugazul · commit 52371e6039ce · 2024-10-04T15:34:48.000+02:00
diff --git a/assets/js/paystack-public.js b/assets/js/paystack-public.js
@@ -475,7 +475,9 @@ function PffPaystackFee()
                                     var firstName = names[0] || "";
                                     var lastName = names[1] || "";
                                     var quantity = data.quantity;
-                                    // console.log(firstName+ " - "+lastName);
+                                    
+									$("#pf-nonce").val(data.retryNonce);
+
                                     if (data.plan == "none" || data.plan == "" || data.plan == "no") {
                                         var handler = PaystackPop.setup(
                                             {
@@ -499,6 +501,7 @@ function PffPaystackFee()
                                                             code: response.trxref,
                                                             quantity: quantity,
 															retry: true,
+															nonce: data.confirmNonce
                                                         },
                                                         function (newdata) {
                                                             data = JSON.parse(newdata);
@@ -546,6 +549,7 @@ function PffPaystackFee()
                                                             action: "pff_paystack_confirm_payment",
                                                             code: response.trxref,
 															retry: true,
+															nonce: data.confirmNonce
                                                         },
                                                         function (newdata) {
                                                             data = JSON.parse(newdata);
diff --git a/includes/classes/class-retry-submit.php b/includes/classes/class-retry-submit.php
@@ -97,6 +97,8 @@ public function retry_action() {
 			exit( wp_json_encode( $response ) );	
 		}
 
+		// False positive, we are using isset() to verify it exists before sanitization.
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput
 		if ( isset( $_POST['code'] ) && '' !== trim( wp_unslash( $_POST['code'] ) ) ) {
 			$this->code = sanitize_text_field( wp_unslash( $_POST['code'] ) );
 		} else {
@@ -158,6 +160,12 @@ public function retry_action() {
 			'transaction_charge' => $transaction_charge,
 		);
 
+		// We create 2 nonces here
+		// 1 incase the payment fails, and the user needs to try again.
+		// 2 if the payment is successful and the confirmation ajax needs to run. 
+		$response['retryNonce'] = wp_create_nonce( 'pff-paystack-retry' );
+		$response['confirmNonce'] = wp_create_nonce( 'pff-paystack-confirm' );
+
 		echo wp_json_encode( $response );
 
 		die();
