From b05b5f375e5f949d71f059d1d8116bd5d628d087 Mon Sep 17 00:00:00 2001 From: asus Date: Sat, 23 Mar 2024 23:51:35 +0100 Subject: [PATCH] wip nonce actually dont work --- plugins/fbpatch/html/menu.html | 6 ++- plugins/fbpatch/menu/menu_content.php | 55 ++++++++++++++++++--------- plugins/fbpatch/php/fbpatch_class.php | 16 +++++++- 3 files changed, 56 insertions(+), 21 deletions(-) diff --git a/plugins/fbpatch/html/menu.html b/plugins/fbpatch/html/menu.html index 17a4b95..5edc181 100644 --- a/plugins/fbpatch/html/menu.html +++ b/plugins/fbpatch/html/menu.html @@ -1,5 +1,7 @@ -
- + + + +
diff --git a/plugins/fbpatch/menu/menu_content.php b/plugins/fbpatch/menu/menu_content.php index c763cae..a8142d6 100644 --- a/plugins/fbpatch/menu/menu_content.php +++ b/plugins/fbpatch/menu/menu_content.php @@ -16,12 +16,10 @@ if (!defined('ABSPATH')) { * */ function plugin_content() { - $base_rest_route = Fbpatch::URL_BASE_REST_ROUTE; - $fetch_nonce = wp_create_nonce('wp_rest'); - $fetch_url = get_site_url() . "/wp-json"; +// Fbpatch::get_patchs(); + $nonce = Fbpatch::NONCE; ob_start(); include(plugin_dir_path(__DIR__) . '/html/menu.html'); - \FBPATCH\choose_patches(); $html = ob_get_clean(); echo $html; @@ -31,25 +29,48 @@ function plugin_content() { function choose_patches() { - $nonce = $_POST['nonce_name']; - if (!wp_verify_nonce($nonce, 'action_name')) { - exit; + error_log("_POST: " . json_encode($_POST)); + $nonce = Fbpatch::NONCE; + if (!isset($_POST[$nonce['_name']])) { + error_log("_POST[{$nonce['_name']}] is not set"); + \FBPATCH\redirect_menu($_POST); + return; + } + if (!wp_verify_nonce($nonce['_name'], $nonce['_action'])) { + error_log("is logged in: " . json_encode(is_user_logged_in())); + error_log("verify nonce false"); + \FBPATCH\redirect_menu($_POST); + return; } error_log("is logged in: " . json_encode(is_user_logged_in())); } +add_action('admin_post_add_patches', __NAMESPACE__.'\choose_patches'); -//// handling routes and endpoints -//// diff routes and endpoints : https://stackoverflow.com/q/56075017/9497573 -//function admin_menu_routes_endpoints() { -// $base_rest_route = Fbpatch::URL_BASE_REST_ROUTE; -// register_rest_route($base_rest_route, '/choose', array( -// 'methods' => 'POST', -// 'callback' => __NAMESPACE__.'\choose_patches', -// )); -//}; -//add_action('rest_api_init', __NAMESPACE__.'\admin_menu_routes_endpoints'); + +function redirect_menu($post) { + if (!isset($post)) { + wp_redirect(admin_url(), 301); + exit; + } + if (is_null($post)) { + wp_redirect(admin_url(), 301); + exit; + } + if (empty($post)) { + wp_redirect(admin_url(), 301); + exit; + } + + if (!isset($post['_wp_http_referer'])) { + wp_redirect(admin_url(), 301); + exit; + } + + wp_redirect(home_url($post['_wp_http_referer']), 301); + exit; +} diff --git a/plugins/fbpatch/php/fbpatch_class.php b/plugins/fbpatch/php/fbpatch_class.php index ffaf3ab..be53f3c 100644 --- a/plugins/fbpatch/php/fbpatch_class.php +++ b/plugins/fbpatch/php/fbpatch_class.php @@ -19,10 +19,22 @@ class Fbpatch { const SLUG_TOOGLE_ADMIN_MENU = ['_name'=>'toogle_admin_menu_url_fbpatch', 'toggle'=>'toggle', 'show'=>'show', 'hide'=>'hide']; const OPTION_TOGGLE_MENU = ['_name'=>'toggle_admin_menu_option_fbpatch', 'show'=>'show', 'hide'=>'hide']; - const URL_BASE_REST_ROUTE = 'fbpatch_plugin/api/v1'; // for routes, in php/paypal/routes.php && php/admin_modif_prof.php + const NONCE = ['_name'=>'nonce_name', '_action'=>'action_name']; - //private static $_is_ + private static $_patchs = ['calculations', 'hide_show']; +// const PATCH_CALCULATIONS = ['_name'=>'calculations', 'title'=>'calculations title', '_description'=>'description---']; +// const PATCH_HIDE_SHOW = ['_name'=>'hide_chow', '_title'=>'hide/show title', '_description'=>'description...']; + private static function set_patchs() { + foreach (self::$_patchs as $patch) { + error_log("patch : " . $patch); + } + } + public static function get_patchs() { + self::set_patchs(); + } + public static function update_patchs($query) { + } }