From 1464562379c74fd0dd135611699acf35393b0545 Mon Sep 17 00:00:00 2001
From: asus <asus@example.com>
Date: Sat, 24 Feb 2024 17:40:33 +0100
Subject: [PATCH] retrieving user that makes the purchase with nonce ok

---
 plugins/fipfcard_plugin/js/paypal/create_order.js | 1 +
 plugins/fipfcard_plugin/js/paypal/on_approve.js   | 1 +
 plugins/fipfcard_plugin/utils/plugin_tools.php    | 8 +++++---
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/plugins/fipfcard_plugin/js/paypal/create_order.js b/plugins/fipfcard_plugin/js/paypal/create_order.js
index dceaf3a..b839999 100644
--- a/plugins/fipfcard_plugin/js/paypal/create_order.js
+++ b/plugins/fipfcard_plugin/js/paypal/create_order.js
@@ -12,6 +12,7 @@ export async function createOrder() {
 			method: "POST",
 			headers: {
 				"Content-Type": "application/json",
+				"X-WP-Nonce": PLGNTLS_data.rest_nonce,
 			},
 			// use the "body" param to optionally pass additional order information
 			// like product ids and quantities
diff --git a/plugins/fipfcard_plugin/js/paypal/on_approve.js b/plugins/fipfcard_plugin/js/paypal/on_approve.js
index d4baa5d..399c867 100644
--- a/plugins/fipfcard_plugin/js/paypal/on_approve.js
+++ b/plugins/fipfcard_plugin/js/paypal/on_approve.js
@@ -12,6 +12,7 @@ export async function onApprove(data, actions) {
 			method: "POST",
 			headers: {
 				"Content-Type": "application/json",
+				"X-WP-Nonce": PLGNTLS_data.rest_nonce,
 			},
 		});
 
diff --git a/plugins/fipfcard_plugin/utils/plugin_tools.php b/plugins/fipfcard_plugin/utils/plugin_tools.php
index 17b534e..17e0b77 100644
--- a/plugins/fipfcard_plugin/utils/plugin_tools.php
+++ b/plugins/fipfcard_plugin/utils/plugin_tools.php
@@ -58,9 +58,11 @@ class PLGNTLS_class
 		{
 			// add ajax file at beginning of files list
 			array_unshift($scripts_arr, "utils/plugin_ajax.js");
-			$nonce = array("ajax_nonce" => wp_create_nonce('wp-pageviews-nonce'));
+			$ajax_nonce = array("ajax_nonce" => wp_create_nonce('wp-pageviews-nonce'));
+			$rest_nonce = array("rest_nonce" => wp_create_nonce('wp_rest'));
 			$ajax_url = array("ajax_url" => admin_url('admin-ajax.php'));
-			$vars = array_merge($vars, $nonce);
+			$vars = array_merge($vars, $ajax_nonce);
+			$vars = array_merge($vars, $rest_nonce);
 			$vars = array_merge($vars, $ajax_url);
 		}
 		$fetch_url = array("fetch_url" => get_site_url() . "/wp-json");
@@ -198,10 +200,10 @@ class PLGNTLS_class
 		}
 		/*
 		 * uncomment to print all enqueued scripts, can be usefull
-		 */
 				global $wp_scripts;
 				error_log("wp_scripts->queue:");
 				error_log(json_encode($wp_scripts->queue));
+		 */
 	}
 
 	private function check_dependencies(&$script, $previous_basename)