code rabbit's qa fixes

Author: kaeizen

src/lazy-components/cimo/index.js

@@ -18,32 +18,57 @@ const CimoDownloadNotice = props => {
 	const onDismiss = () => {
 		const settings = new models.Settings( { stackable_hide_cimo_notice: true } ) // eslint-disable-line camelcase
 		settings.save()
+
+		if ( cimo ) {
+			cimo.hideNotice = true
+		}
+
+		// Update the global stackable.cimo hideNotice variable
+		if ( typeof window !== 'undefined' && window.stackable?.cimo ) {
+			window.stackable.cimo.hideNotice = true
+		}
+
 		props?.onDismiss?.()
 	}
 
 	// Polls the Cimo plugin status to detect installation or activation state changes
-	const pollStatus = ( action, pollOnce = false ) => {
+	const pollStatus = ( action, link, pollOnce = false ) => {
 		fetch( ajaxUrl, {
 			method: 'POST',
 			headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
 			body: new URLSearchParams( {
 			  action: 'stackable_check_cimo_status',
 			  // eslint-disable-next-line camelcase
 			  user_action: action,
+			  nonce: cimo.nonce,
 			} ),
 			credentials: 'same-origin',
-		  } ).then( res => res.json() ).then( _data => {
+		  } ).then( res => res.json() ).then( res => {
+			if ( ! res.success ) {
+				setData( { status: 'error', action: '' } )
+
+				const errorMessage = res?.data?.message ? res.data.message : 'Server error'
+
+				throw new Error( 'Stackable: ' + errorMessage )
+			}
+
+			if ( pollCountRef.current === 0 && link ) {
+				window.open( link, '_blank' )
+			}
+
 			pollCountRef.current += 1
 
+			const _data = res.data
+
 			if ( data.status !== _data.status ) {
 				setData( _data )
 
 				// Update the global stackable.cimo status/action variables
 				// so new image block selections reflect the latest Cimo installation state
-				// eslint-disable-next-line no-undef
-				stackable.cimo.status = _data.status
-				// eslint-disable-next-line no-undef
-				stackable.cimo.action = _data.action
+				if ( typeof window !== 'undefined' && window.stackable?.cimo ) {
+					window.stackable.cimo.status = _data.status
+					window.stackable.cimo.action = _data.action
+				}
 			}
 
 			// Stop polling if it has reached 3 attempts, or plugin status indicates installation/activation is complete
@@ -57,6 +82,9 @@ const CimoDownloadNotice = props => {
 			setTimeout( () => {
 				pollStatus( action )
 			}, 3000 * pollCountRef.current )
+		  } ).catch( e => {
+			// eslint-disable-next-line no-console
+			console.error( e.message )
 		  } )
 	}
 
@@ -77,32 +105,28 @@ const CimoDownloadNotice = props => {
 					}
 
 					if ( data.status === 'not_installed' ) {
-						pollStatus( 'install', true )
+						pollStatus( 'install', null, true )
 						return
 					}
 
-					pollStatus( 'activate', true )
+					pollStatus( 'activate', null, true )
 				} )
 			},
 		} )
 	}, [] )
 
-	const onActionClick = async () => {
+	const onActionClick = e => {
+		e.preventDefault()
 		pollCountRef.current = 0
 
 		if ( data.status === 'not_installed' ) {
 			setData( { status: 'installing', action: '' } )
-			setTimeout( () => {
-				pollStatus( 'install' )
-			}, 3000 )
-
+			pollStatus( 'install', e.currentTarget.href )
 			return
 		}
 
 		setData( { status: 'activating', action: '' } )
-		setTimeout( () => {
-			pollStatus( 'activate' )
-		}, 3000 )
+		pollStatus( 'activate', e.currentTarget.href )
 	}
 
 	return ( <>
@@ -134,8 +158,8 @@ const CimoDownloadNoticeWrapper = props => {
 export default CimoDownloadNoticeWrapper
 
 domReady( () => {
-	if ( ! cimo || cimo.status === 'activated' || cimo.hideNotice || typeof wp === 'undefined' || ! wp.media || ! wp.media.view ||
-		! wp.media.view.Attachment || ! wp.media.view.Attachment.Details
+	if ( ! cimo || cimo.status === 'activated' || cimo.hideNotice ||
+		typeof wp === 'undefined' || ! wp?.media?.view?.Attachment?.Details
 	) {
 		return
 	}
@@ -147,6 +171,10 @@ domReady( () => {
 		render() {
 			const result = CurrentDetailsView.prototype.render.apply( this, arguments )
 
+			if ( cimo?.hideNotice ) {
+				return result
+			}
+
 			const details = this.el.querySelector( '.attachment-info .details' )
 			if ( details && ! this.el.querySelector( '.stk-cimo-notice' ) ) {
 				const noticeDiv = document.createElement( 'div' )

src/lazy-components/cimo/index.php

@@ -16,7 +16,6 @@ class Stackable_Cimo_Notice {
 
 		function __construct() {
 			add_action( 'admin_init', array( $this, 'register_settings' ) );
-			add_action( 'rest_api_init', array( $this, 'register_settings' ) );
 
 			// For polling the status
 			add_action('wp_ajax_stackable_check_cimo_status', array( $this, 'check_cimo_status' ) );
@@ -34,7 +33,7 @@ public function register_settings() {
 				array(
 					'type' => 'boolean',
 					'description' => __( 'Hides the Cimo download notice.', STACKABLE_I18N ),
-					'sanitize_callback' => 'sanitize_text_field',
+					'sanitize_callback' => 'rest_sanitize_boolean',
 					'show_in_rest' => true,
 					'default' => false,
 				)
@@ -108,6 +107,7 @@ public function enqueue_script() {
 			$data = array(
 				'status' => $cimo_status,
 				'action' => html_entity_decode( $cimo_action ),
+				'nonce' => wp_create_nonce( 'stackable_cimo_status' )
 			);
 
 			// Expose the Cimo plugin status and action URL for use in JS
@@ -141,12 +141,29 @@ public function localize_hide_cimo_notice( $args ) {
 		 * Used for polling Cimo plugin status changes via AJAX in the admin UI.
 		 */
 		function check_cimo_status() {
-			$action = sanitize_text_field( $_POST['user_action'] );
+			// Verify nonce
+			if ( ! check_ajax_referer( 'stackable_cimo_status', 'nonce', false ) ) {
+				wp_send_json_error( array( 'status' => 'error', 'message' => 'Security check failed.' ), 403 );
+				return;
+			}
+
+			$action = isset( $_POST['user_action'] ) ? sanitize_text_field( $_POST['user_action'] ) : '';
 			$response = array(
 				'status' => 'activated',
 				'action' => ''
 			);
 
+			if ( ! $action || ( $action !== 'install' && $action !== 'activate' ) ) {
+				wp_send_json_error( array( 'status' => 'error', 'message' => 'Invalid request action.' ), 400 );
+				return;
+			}
+
+			if ( ( $action === 'install' && ! current_user_can( 'install_plugins' ) ) ||
+				( $action === 'activate' && ! current_user_can( 'activate_plugins' ) ) ) {
+				wp_send_json_error( array( 'status' => 'error', 'message' => 'Insufficient permissions.' ), 403 );
+				return;
+			}
+
 			if ( $action === 'install' && ! self::is_plugin_installed() ) {
 				$response[ 'status' ] = 'installing';
 			} else if ( ! self::is_plugin_activated() ) {
@@ -163,7 +180,7 @@ function check_cimo_status() {
 				) ) : '';
 			}
 
-			wp_send_json( $response );
+			wp_send_json_success( $response );
 		}
 	}