Skip to content

Commit 975507b

Browse files
krugazulkrugazul
committed
Adding in Nonce verification for the form submission
1 parent a0ae44e commit 975507b

File tree

2 files changed

+17
-9
lines changed

2 files changed

+17
-9
lines changed

includes/classes/class-form-submit.php

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -95,20 +95,24 @@ public function __construct() {
9595
*/
9696
protected function valid_submission() {
9797

98-
/**
99-
* TODO - Needs better security checks - NONCE
100-
*/
98+
if ( ! isset( $_POST['pf-nonce'] ) || false === wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['pf-nonce'] ) ) ) ) {
99+
$this->response['result'] = 'failed';
100+
$this->response['message'] = __( 'Nonce verification is required.', 'pff-paystack' );
101+
return false;
102+
}
103+
104+
101105
if ( ! isset( $_POST['pf-id'] ) || '' == trim( sanitize_text_field( wp_unslash( $_POST['pf-id'] ) ) ) ) {
102106
$this->response['result'] = 'failed';
103-
$this->response['message'] = 'A form ID is required';
107+
$this->response['message'] = __( 'A form ID is required', 'pff-paystack' );
104108
return false;
105109
} else {
106110
$this->form_id = sanitize_text_field( wp_unslash( $_POST['pf-id'] ) );
107111
}
108112

109113
if ( ! isset( $_POST['pf-pemail'] ) || '' == trim( sanitize_text_field( wp_unslash( $_POST['pf-pemail'] ) ) ) ) {
110114
$this->response['result'] = 'failed';
111-
$this->response['message'] = 'Email is required';
115+
$this->response['message'] = __( 'Email is required', 'pff-paystack' );
112116
return false;
113117
}
114118
return true;
@@ -210,7 +214,11 @@ public function process_amount_quantity( $amount = 0 ) {
210214
*/
211215
public function process_images() {
212216
$max_file_size = $this->meta['filelimit'] * 1024 * 1024;
217+
218+
// Our nonce is checked in the Form_Submit::valid_submission() function
219+
// phpcs:ignore WordPress.Security.NonceVerification
213220
if ( ! empty( $_FILES ) ) {
221+
// phpcs:ignore WordPress.Security.NonceVerification
214222
foreach ( $_FILES as $key_name => $value ) {
215223
if ( $value['size'] > 0 ) {
216224
if ( $value['size'] > $max_file_size ) {

includes/classes/class-setup.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -135,18 +135,18 @@ public function enqueue_scripts() {
135135
return;
136136
}
137137

138-
wp_enqueue_script( 'blockUI', PFF_PAYSTACK_PLUGIN_URL . '/assets/js/jquery.blockUI.min.js', array( 'jquery', 'jquery-ui-core' ), PFF_PAYSTACK_VERSION, true, true );
138+
wp_enqueue_script( 'blockUI', PFF_PAYSTACK_PLUGIN_URL . '/assets/js/jquery.blockUI.min.js', array( 'jquery', 'jquery-ui-core' ), PFF_PAYSTACK_VERSION, true );
139139

140-
wp_register_script( 'Paystack', 'https://js.paystack.co/v1/inline.js', false, true );
140+
wp_register_script( 'Paystack', 'https://js.paystack.co/v1/inline.js', false, PFF_PAYSTACK_VERSION, true );
141141
wp_enqueue_script( 'Paystack' );
142142

143-
wp_enqueue_script( PFF_PLUGIN_NAME . '-public', PFF_PAYSTACK_PLUGIN_URL . '/assets/js/paystack-public.js', array( 'jquery' ), PFF_PAYSTACK_VERSION, true, true);
143+
wp_enqueue_script( PFF_PLUGIN_NAME . '-public', PFF_PAYSTACK_PLUGIN_URL . '/assets/js/paystack-public.js', array( 'jquery' ), PFF_PAYSTACK_VERSION, true );
144144

145145
$helpers = new Helpers();
146146
$js_args = [
147147
'key' => $helpers->get_public_key(),
148148
'fee' => $helpers->get_fees(),
149149
];
150-
wp_localize_script( PFF_PLUGIN_NAME . '-public', 'pffSettings', $js_args , PFF_PAYSTACK_VERSION, true, true);
150+
wp_localize_script( PFF_PLUGIN_NAME . '-public', 'pffSettings', $js_args , PFF_PAYSTACK_VERSION, true );
151151
}
152152
}

0 commit comments

Comments
 (0)