PR Feedbacks

Author: iamdharmesh

assets/js/admin.js

@@ -565,8 +565,8 @@
 		const $userSyncForm = $('.mailchimp-sf-user-sync-form');
 		const $submitButtons = $('input[type="submit"].mailchimp-sf-button-submit');
 		const params = window.mailchimp_sf_admin_params || {};
-		const ajaxUrl = params.ajax_url;
-		const ajaxNonce = params.preview_form_nonce;
+		const ajaxUrl = params.ajax_url || '';
+		const ajaxNonce = params.preview_form_nonce || '';
 
 		// Initially hide all submit buttons
 		$submitButtons.hide();
@@ -649,14 +649,15 @@
 				display_unsub_link: $('#mc_use_unsub_link').is(':checked'),
 			};
 
-			$.post(
-				ajaxUrl,
-				{
+			$.ajax({
+				url: ajaxUrl,
+				type: 'POST',
+				data: {
 					action: 'mailchimp_sf_preview_form',
 					nonce: ajaxNonce,
 					preview_data: previewData,
 				},
-				function (response) {
+				success(response) {
 					if (response.success && response.data) {
 						unblockElement('.mailchimp-sf-form-preview-content');
 						$previewer.html(response.data);
@@ -669,7 +670,17 @@
 						);
 					}
 				},
-			);
+				error(jqXHR, textStatus, errorThrown) {
+					// eslint-disable-next-line no-console
+					console.error('Error: ', textStatus, ', Details: ', errorThrown);
+					unblockElement('.mailchimp-sf-form-preview-content');
+					$previewer.html(
+						'<div class="mailchimp-sf-form-preview-error">' +
+							params.generic_error +
+							'</div>',
+					);
+				},
+			});
 		}
 
 		const debouncedPreviewForm = debounce(previewForm, 300);

includes/class-mailchimp-admin.php

@@ -293,12 +293,11 @@ public function check_login_session() {
 	 * This function previews the subscribe form on the settings page based on the form settings.
 	 */
 	public function preview_subscribe_form() {
-		// Validate the nonce and permissions.
-		if (
-			! current_user_can( 'manage_options' ) ||
-			! isset( $_POST['nonce'] ) ||
-			! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'mailchimp_sf_preview_form_nonce' )
-		) {
+		// Check the nonce for security
+		check_ajax_referer( 'mailchimp_sf_preview_form_nonce', 'nonce' );
+
+		// Validate the permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
 			wp_send_json_error( array( 'message' => esc_html__( 'You do not have permission to perform this action.', 'mailchimp' ) ) );
 		}