marcus/wpa-superstar-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix AJAX nonce issues for plugins and theme loading

Browse Source
This commit is contained in:
Marcus Quinn
2025-03-16 04:11:59 +00:00
parent 97b0155ee4
commit bc77df078d
2 changed files with 45 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
admin/js/wp-allstars-admin.js
View File

@ -165,7 +165,7 @@ jQuery(document).ready(function($) {
data: {
action: 'wp_allstars_get_plugins',
category: category || 'minimal',
_ajax_nonce: wpAllstars.nonce
_wpnonce: wpAllstars.nonce
},
success: function(response) {
if (response.success) {
@ -199,7 +199,7 @@ jQuery(document).ready(function($) {
type: 'GET',
data: {
action: 'wp_allstars_get_theme',
_ajax_nonce: wpAllstars.nonce
_wpnonce: wpAllstars.nonce
},
success: function(response) {
if (response.success) {
@ -222,41 +222,31 @@ jQuery(document).ready(function($) {
// Initialize theme handlers
function initThemeHandlers() {
// Handle theme installation
$('.install-theme').on('click', function(e) {
e.preventDefault();
$('.install-theme').on('click', function() {
var slug = $(this).data('slug');
var $button = $(this);
var slug = $button.data('slug');
$button.addClass('updating-message').text('Installing...');
$button.text('Installing...').prop('disabled', true);
wp.updates.installTheme({
slug: slug,
success: function(response) {
$button
.removeClass('updating-message install-theme')
.addClass('button-primary activate-theme')
.text('Activate');
// Refresh the theme display
loadTheme();
$button.text('Activate').removeClass('install-theme').addClass('activate-theme');
$button.prop('disabled', false);
},
error: function(error) {
$button.removeClass('updating-message');
console.error('Theme installation failed:', error);
if (error.errorMessage) {
alert(error.errorMessage);
}
error: function(response) {
$button.text('Error').prop('disabled', false);
console.error('Theme installation error:', response);
}
});
});
// Handle theme activation
$('.activate-theme').on('click', function(e) {
e.preventDefault();
$('.activate-theme').on('click', function() {
var slug = $(this).data('slug');
var $button = $(this);
var slug = $button.data('slug');
$button.addClass('updating-message').text('Activating...');
$button.text('Activating...').prop('disabled', true);
$.ajax({
url: ajaxurl,
@ -264,27 +254,25 @@ jQuery(document).ready(function($) {
data: {
action: 'wp_allstars_activate_theme',
theme: slug,
_ajax_nonce: wpAllstars.nonce
_wpnonce: wpAllstars.nonce
},
success: function(response) {
if (response.success) {
$button.removeClass('updating-message').text('Activated');
setTimeout(function() {
if (response.data && response.data.customize_url) {
$button.text('Activated').prop('disabled', true);
// Optionally redirect to customizer
if (response.data && response.data.customize_url) {
setTimeout(function() {
window.location.href = response.data.customize_url;
} else {
window.location.reload();
}
}, 1000);
}, 1000);
}
} else {
$button.removeClass('updating-message').text('Activate');
alert(response.data || 'Theme activation failed. Please try again.');
$button.text('Error').prop('disabled', false);
console.error('Theme activation error:', response);
}
},
error: function(xhr, status, error) {
$button.removeClass('updating-message').text('Activate');
console.error('Theme activation failed:', error);
alert('Theme activation failed: ' + error);
$button.text('Error').prop('disabled', false);
console.error('Theme activation AJAX error:', error);
}
});
});

24
admin/settings.php
View File

@ -189,7 +189,11 @@ function wp_allstars_set_cached_plugins($category, $data) {
// Add AJAX endpoint for plugin list
function wp_allstars_ajax_get_plugins() {
check_ajax_referer('updates');
// Check nonce with the correct action name
if (!check_ajax_referer('wp-allstars-nonce', '_wpnonce', false)) {
wp_send_json_error('Invalid security token sent.');
return;
}
if (!current_user_can('install_plugins')) {
wp_die(-1);
@ -395,7 +399,11 @@ function wp_allstars_set_cached_theme($data) {
// Add AJAX endpoint for theme
function wp_allstars_ajax_get_theme() {
check_ajax_referer('updates');
// Check nonce with the correct action name
if (!check_ajax_referer('wp-allstars-nonce', '_wpnonce', false)) {
wp_send_json_error('Invalid security token sent.');
return;
}
if (!current_user_can('install_themes')) {
error_log('WP ALLSTARS: User does not have permission to install themes');
@ -566,7 +574,11 @@ add_action('switch_theme', 'wp_allstars_clear_theme_cache');
// Add AJAX handler for theme activation
function wp_allstars_activate_theme() {
check_ajax_referer('updates');
// Check nonce with the correct action name
if (!check_ajax_referer('wp-allstars-nonce', '_wpnonce', false)) {
wp_send_json_error('Invalid security token sent.');
return;
}
if (!current_user_can('switch_themes')) {
wp_send_json_error('Permission denied');
@ -1035,5 +1047,11 @@ function wp_allstars_admin_enqueue_scripts($hook) {
wp_enqueue_style('wp-allstars-admin', plugins_url('css/wp-allstars-admin.css', __FILE__));
wp_enqueue_script('wp-allstars-admin', plugins_url('js/wp-allstars-admin.js', __FILE__), array('jquery'), WP_ALLSTARS_VERSION, true);
// Localize the script with new data
wp_localize_script('wp-allstars-admin', 'wpAllstars', array(
'nonce' => wp_create_nonce('wp-allstars-nonce'),
'ajaxurl' => admin_url('admin-ajax.php')
));
}
add_action('admin_enqueue_scripts', 'wp_allstars_admin_enqueue_scripts');