fixed Vulnerability issue for dismiss wp notice

presscustomizr · Apr 1, 2024 · f014149 · f014149
1 parent c4895a7
commit f014149
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 3 deletions.
diff --git a/core/class-plugin-rec.php b/core/class-plugin-rec.php
@@ -60,17 +60,19 @@ function czr_fn_print_l_rec_notice( $button_text, $button_link ) {
     ),
     __( "The plugin is lightweight and has been designed to integrate seamlessly with Customizr and any WordPress theme.", 'customizr')
   );
-
+  $custom_nonce = wp_create_nonce('custom_wp_dismiss_pointer');
   $notice_id = REC_NOTICE_ID;
   ?>
   <script>
     jQuery( function( $ ) {
+      var customNonce = '<?php echo esc_js($custom_nonce); ?>';
     // .notice-dismiss button markup is added by WP
     $( <?php echo wp_json_encode( "#$notice_id" ); ?> ).on( 'click', '.notice-dismiss', function() {
       $(this).closest('.is-dismissible').slideUp('fast');//<= this line is not mandatory since WP has its own way to remove the is-dismissible block
       $.post( ajaxurl, {
         pointer: <?php echo wp_json_encode( $notice_id ); ?>,
-        action: 'dismiss-wp-pointer'
+        action: 'custom_wp_dismiss_pointer',
+        nonce: customNonce // Pass the nonce
       } );
     } );
   } );
@@ -98,14 +100,17 @@ function czr_fn_print_s_rec_notice( $button_text, $button_link ) {
           __('like this', 'customizr')
       )
   );
+  $custom_nonce = wp_create_nonce('custom_wp_dismiss_pointer');
   $notice_id = REC_NOTICE_ID;
   ?>
   <script>
     jQuery( function( $ ) {
+      var customNonce = '<?php echo esc_js($custom_nonce); ?>';
     $( <?php echo wp_json_encode( "#$notice_id" ); ?> ).on( 'click', '.notice-dismiss', function() {
       $.post( ajaxurl, {
         pointer: <?php echo wp_json_encode( $notice_id ); ?>,
-        action: 'dismiss-wp-pointer'
+        action: 'custom_wp_dismiss_pointer',
+        nonce: customNonce // Pass the nonce
       } );
     } );
   } );

diff --git a/core/czr-admin-ccat.php b/core/czr-admin-ccat.php
@@ -33,6 +33,8 @@ function __construct () {
       //always add the ajax action
       add_action( 'wp_ajax_dismiss_customizr_update_notice'    , array( $this , 'czr_fn_dismiss_update_notice_action' ) );
 
+      // custom call to dismiss wp pointer
+      add_action( 'wp_ajax_custom_wp_dismiss_pointer'    , array( $this , 'czr_fn_custom_wp_dismiss_pointer_action' ) );
 
 
       /* beautify admin notice text using some defaults the_content filter callbacks */
@@ -469,6 +471,36 @@ function czr_fn_dismiss_update_notice_action() {
       wp_die();
     }
 
+    /**
+     * Handles custom dismissing a WordPress pointer via AJAX.
+     */
+    function czr_fn_custom_wp_dismiss_pointer_action() {
+
+      if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'custom_wp_dismiss_pointer' ) ) {
+        // Nonce verification failed
+        wp_send_json_error( 'Invalid nonce.' );
+      }
+      $pointer = $_POST['pointer'];
+
+      if ( sanitize_key( $pointer ) != $pointer ) {
+        wp_die( 0 );
+      }
+
+      //  check_ajax_referer( 'dismiss-pointer_' . $pointer );
+
+      $dismissed = array_filter( explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) ) );
+
+      if ( in_array( $pointer, $dismissed, true ) ) {
+        wp_die( 0 );
+      }
+
+      $dismissed[] = $pointer;
+      $dismissed   = implode( ',', $dismissed );
+
+      update_user_meta( get_current_user_id(), 'dismissed_wp_pointers', $dismissed );
+      wp_die( 1 );
+    }
+
 
   }//end of class
 endif;