woocommerce/woocommerce-paypal-payments
2
0
Fork 0
mirror of https://github.com/woocommerce/woocommerce-paypal-payments.git synced 2025-08-31 04:58:28 +08:00
Code Issues Projects Packages Wiki Activity Actions 18

Adds nonce validation to refresh feature status request.

Browse source
This commit is contained in:
Pedro Silva 2023-12-12 18:12:48 +00:00
parent d2abeb5dbf
commit 81f606912f
No known key found for this signature in database
GPG key ID: E2EE20C0669D24B3
2 changed files with 30 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/ppcp-wc-gateway/resources/js/gateway-settings.js
View file

@ -354,9 +354,8 @@ document.addEventListener(
});
}
(() => {
const props = PayPalCommerceGatewaySettings.ajax.refresh_feature_status;
// Logic to handle the "Check available features" button.
((props) => {
const $btn = jQuery(props.button);
$btn.click(async () => {
@ -388,7 +387,7 @@ document.addEventListener(
}
});
})();
})(PayPalCommerceGatewaySettings.ajax.refresh_feature_status);
}
);

35
modules/ppcp-wc-gateway/src/Endpoint/RefreshFeatureStatusEndpoint.php
View file

@ -78,19 +78,38 @@ class RefreshFeatureStatusEndpoint {
$last_request_time = $this->cache->get( self::CACHE_KEY ) ?: 0;
$seconds_missing = $last_request_time + self::TIMEOUT - $now;
if ( $seconds_missing > 0 ) {
$response = array(
'message' => sprintf(
// translators: %1$s is the number of seconds remaining.
__( 'Wait %1$s seconds before trying again.', 'woocommerce-paypal-payments' ),
$seconds_missing
),
if ( ! $this->verify_nonce() ) {
wp_send_json_error(
array(
'message' => __( 'Expired request.', 'woocommerce-paypal-payments' ),
)
);
}
if ( $seconds_missing > 0 ) {
wp_send_json_error(
array(
'message' => sprintf(
// translators: %1$s is the number of seconds remaining.
__( 'Wait %1$s seconds before trying again.', 'woocommerce-paypal-payments' ),
$seconds_missing
),
)
);
wp_send_json_error( $response );
}
$this->cache->set( self::CACHE_KEY, $now, self::TIMEOUT );
do_action( 'woocommerce_paypal_payments_clear_apm_product_status', $this->settings );
wp_send_json_success();
}
/**
* Verifies the nonce.
*
* @return bool
*/
private function verify_nonce(): bool {
$json = json_decode( file_get_contents( 'php://input' ), true );
return wp_verify_nonce( $json['nonce'] ?? null, self::nonce() ) !== false;
}
}