Fix AJAX nonce issues for plugins and theme loading
This commit is contained in:
Marcus Quinn
@ -165,7 +165,7 @@ jQuery(document).ready(function($) {
|
|||||||
data: {
|
data: {
|
||||||
action: 'wp_allstars_get_plugins',
|
action: 'wp_allstars_get_plugins',
|
||||||
category: category || 'minimal',
|
category: category || 'minimal',
|
||||||
_ajax_nonce: wpAllstars.nonce
|
_wpnonce: wpAllstars.nonce
|
||||||
},
|
},
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
if (response.success) {
|
if (response.success) {
|
||||||
@ -199,7 +199,7 @@ jQuery(document).ready(function($) {
|
|||||||
type: 'GET',
|
type: 'GET',
|
||||||
data: {
|
data: {
|
||||||
action: 'wp_allstars_get_theme',
|
action: 'wp_allstars_get_theme',
|
||||||
_ajax_nonce: wpAllstars.nonce
|
_wpnonce: wpAllstars.nonce
|
||||||
},
|
},
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
if (response.success) {
|
if (response.success) {
|
||||||
@ -222,41 +222,31 @@ jQuery(document).ready(function($) {
|
|||||||
// Initialize theme handlers
|
// Initialize theme handlers
|
||||||
function initThemeHandlers() {
|
function initThemeHandlers() {
|
||||||
// Handle theme installation
|
// Handle theme installation
|
||||||
$('.install-theme').on('click', function(e) {
|
$('.install-theme').on('click', function() {
|
||||||
e.preventDefault();
|
var slug = $(this).data('slug');
|
||||||
var $button = $(this);
|
var $button = $(this);
|
||||||
var slug = $button.data('slug');
|
|
||||||
|
|
||||||
$button.addClass('updating-message').text('Installing...');
|
$button.text('Installing...').prop('disabled', true);
|
||||||
|
|
||||||
wp.updates.installTheme({
|
wp.updates.installTheme({
|
||||||
slug: slug,
|
slug: slug,
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
$button
|
$button.text('Activate').removeClass('install-theme').addClass('activate-theme');
|
||||||
.removeClass('updating-message install-theme')
|
$button.prop('disabled', false);
|
||||||
.addClass('button-primary activate-theme')
|
|
||||||
.text('Activate');
|
|
||||||
|
|
||||||
// Refresh the theme display
|
|
||||||
loadTheme();
|
|
||||||
},
|
},
|
||||||
error: function(error) {
|
error: function(response) {
|
||||||
$button.removeClass('updating-message');
|
$button.text('Error').prop('disabled', false);
|
||||||
console.error('Theme installation failed:', error);
|
console.error('Theme installation error:', response);
|
||||||
if (error.errorMessage) {
|
|
||||||
alert(error.errorMessage);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
// Handle theme activation
|
// Handle theme activation
|
||||||
$('.activate-theme').on('click', function(e) {
|
$('.activate-theme').on('click', function() {
|
||||||
e.preventDefault();
|
var slug = $(this).data('slug');
|
||||||
var $button = $(this);
|
var $button = $(this);
|
||||||
var slug = $button.data('slug');
|
|
||||||
|
|
||||||
$button.addClass('updating-message').text('Activating...');
|
$button.text('Activating...').prop('disabled', true);
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
url: ajaxurl,
|
url: ajaxurl,
|
||||||
@ -264,27 +254,25 @@ jQuery(document).ready(function($) {
|
|||||||
data: {
|
data: {
|
||||||
action: 'wp_allstars_activate_theme',
|
action: 'wp_allstars_activate_theme',
|
||||||
theme: slug,
|
theme: slug,
|
||||||
_ajax_nonce: wpAllstars.nonce
|
_wpnonce: wpAllstars.nonce
|
||||||
},
|
},
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
if (response.success) {
|
if (response.success) {
|
||||||
$button.removeClass('updating-message').text('Activated');
|
$button.text('Activated').prop('disabled', true);
|
||||||
setTimeout(function() {
|
// Optionally redirect to customizer
|
||||||
if (response.data && response.data.customize_url) {
|
if (response.data && response.data.customize_url) {
|
||||||
|
setTimeout(function() {
|
||||||
window.location.href = response.data.customize_url;
|
window.location.href = response.data.customize_url;
|
||||||
} else {
|
}, 1000);
|
||||||
window.location.reload();
|
}
|
||||||
}
|
|
||||||
}, 1000);
|
|
||||||
} else {
|
} else {
|
||||||
$button.removeClass('updating-message').text('Activate');
|
$button.text('Error').prop('disabled', false);
|
||||||
alert(response.data || 'Theme activation failed. Please try again.');
|
console.error('Theme activation error:', response);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
error: function(xhr, status, error) {
|
error: function(xhr, status, error) {
|
||||||
$button.removeClass('updating-message').text('Activate');
|
$button.text('Error').prop('disabled', false);
|
||||||
console.error('Theme activation failed:', error);
|
console.error('Theme activation AJAX error:', error);
|
||||||
alert('Theme activation failed: ' + error);
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@ -189,7 +189,11 @@ function wp_allstars_set_cached_plugins($category, $data) {
|
|||||||
|
|
||||||
// Add AJAX endpoint for plugin list
|
// Add AJAX endpoint for plugin list
|
||||||
function wp_allstars_ajax_get_plugins() {
|
function wp_allstars_ajax_get_plugins() {
|
||||||
check_ajax_referer('updates');
|
// Check nonce with the correct action name
|
||||||
|
if (!check_ajax_referer('wp-allstars-nonce', '_wpnonce', false)) {
|
||||||
|
wp_send_json_error('Invalid security token sent.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!current_user_can('install_plugins')) {
|
if (!current_user_can('install_plugins')) {
|
||||||
wp_die(-1);
|
wp_die(-1);
|
||||||
@ -395,7 +399,11 @@ function wp_allstars_set_cached_theme($data) {
|
|||||||
|
|
||||||
// Add AJAX endpoint for theme
|
// Add AJAX endpoint for theme
|
||||||
function wp_allstars_ajax_get_theme() {
|
function wp_allstars_ajax_get_theme() {
|
||||||
check_ajax_referer('updates');
|
// Check nonce with the correct action name
|
||||||
|
if (!check_ajax_referer('wp-allstars-nonce', '_wpnonce', false)) {
|
||||||
|
wp_send_json_error('Invalid security token sent.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!current_user_can('install_themes')) {
|
if (!current_user_can('install_themes')) {
|
||||||
error_log('WP ALLSTARS: User does not have permission to install themes');
|
error_log('WP ALLSTARS: User does not have permission to install themes');
|
||||||
@ -566,7 +574,11 @@ add_action('switch_theme', 'wp_allstars_clear_theme_cache');
|
|||||||
|
|
||||||
// Add AJAX handler for theme activation
|
// Add AJAX handler for theme activation
|
||||||
function wp_allstars_activate_theme() {
|
function wp_allstars_activate_theme() {
|
||||||
check_ajax_referer('updates');
|
// Check nonce with the correct action name
|
||||||
|
if (!check_ajax_referer('wp-allstars-nonce', '_wpnonce', false)) {
|
||||||
|
wp_send_json_error('Invalid security token sent.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!current_user_can('switch_themes')) {
|
if (!current_user_can('switch_themes')) {
|
||||||
wp_send_json_error('Permission denied');
|
wp_send_json_error('Permission denied');
|
||||||
@ -1035,5 +1047,11 @@ function wp_allstars_admin_enqueue_scripts($hook) {
|
|||||||
|
|
||||||
wp_enqueue_style('wp-allstars-admin', plugins_url('css/wp-allstars-admin.css', __FILE__));
|
wp_enqueue_style('wp-allstars-admin', plugins_url('css/wp-allstars-admin.css', __FILE__));
|
||||||
wp_enqueue_script('wp-allstars-admin', plugins_url('js/wp-allstars-admin.js', __FILE__), array('jquery'), WP_ALLSTARS_VERSION, true);
|
wp_enqueue_script('wp-allstars-admin', plugins_url('js/wp-allstars-admin.js', __FILE__), array('jquery'), WP_ALLSTARS_VERSION, true);
|
||||||
|
|
||||||
|
// Localize the script with new data
|
||||||
|
wp_localize_script('wp-allstars-admin', 'wpAllstars', array(
|
||||||
|
'nonce' => wp_create_nonce('wp-allstars-nonce'),
|
||||||
|
'ajaxurl' => admin_url('admin-ajax.php')
|
||||||
|
));
|
||||||
}
|
}
|
||||||
add_action('admin_enqueue_scripts', 'wp_allstars_admin_enqueue_scripts');
|
add_action('admin_enqueue_scripts', 'wp_allstars_admin_enqueue_scripts');
|
||||||
Reference in New Issue
Block a user