Changeset 2186087

Timestamp:

11/05/2019 11:34:47 AM (5 years ago)

Author:

lucastidio

Message:

Update menu icon; Use email from plugin form as default email for a Tidio account; Improve error handling; Use nonce system

Location:

tidio-live-chat/trunk

Files:

• media/img/icon.png (deleted)
• media/js/options.js (modified) (8 diffs)
• options.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• tidio-elements.php (modified) (11 diffs)

tidio-live-chat/trunk/media/js/options.js

@@ -3 +3 @@
     var TidioChatWP = {
         apiUrl: 'https://api-v2.tidio.co',
-        chatUrl: 'https://www.tidiochat.com',
+        chatUrl: 'https://www.tidio.com',
         token: null,
+        email: '',
         init: function () {
+            // check if page is already integrated; if so show after install screen
+            if ($('a[href="admin.php?page=tidio-chat"]').length === 0) {
+                $.post(ajaxurl, {
+                        'action': 'get_private_key',
+                        '_wpnonce': nonce,
+                    },
+                    function (response) {
+                        if (response === 'error') {
+                            // load through ajax url
+                            TidioChatWP.accessThroughXHR(redirect);
+                            return false;
+                        }
+                        $('#after-install-text').show();
+                        TidioChatWP.setRedirectLink(response);
+                    });
+                return;
+            }
             this.error = $('.error');
-
             this.form = $('#tidio-start');
             this.form.show();
@@ -26 +43 @@
             }
             this.hideError();
-
+            this.email = emailField.val();
             submitButton.prop('disabled', true).text('Loading...');
 
@@ -35 +52 @@
                     data.value.registered === true) {
                     this.form.hide();
-                    submitButton.prop('disabled', false).
-                        text('Start using Tidio');
+                    submitButton.prop('disabled', false).text('Start using Tidio');
                     this.showLoginForm(emailField.val());
                 } else {
                     this.redirectToPanel();
                 }
-            }.bind(this)).fail((function() {
+            }.bind(this)).fail((function(error) {
                 submitButton.prop('disabled', false).text('Start using Tidio');
-                this.showError('Something went wrong.');
+                if (error && error.status === 429) {
+                    this.showError('You have been blocked for too many failed attempts. Please try again in an hour.');
+                } else {
+                    this.showError('Something went wrong.');
+                }
+
             }).bind(this));
             return false;
@@ -100 +121 @@
             return false;
         },
+        addEmailToRedirectLink: function(url) {
+            return url + '&tour_default_email=' + encodeURIComponent(this.email);
+        },
         redirectToPanel: function () {
-            var form = this.form;
             var redirect = function (response) {
-                window.open(response, '_blank');
-                TidioChatWP.setRedirectLink(response);
-                form.fadeOut('fast', function () {
+                var url = this.addEmailToRedirectLink(response);
+                window.open(url, '_blank');
+                TidioChatWP.setRedirectLink(url);
+                this.form.fadeOut('fast', function () {
                     $('#after-install-text').fadeIn('fast');
                 });
-            };
-
-            $.post(ajaxurl, { 'action': 'get_private_key' },
+            }.bind(this);
+
+            $.post(ajaxurl, {
+                    'action': 'get_private_key',
+                    '_wpnonce': nonce,
+                },
                 function (response) {
                     if (response === 'error') {
-                        // load trought ajax url
-                        TidioChatWP.accessTroughtXHR(redirect);
+                        // load through ajax url
+                        TidioChatWP.accessThroughXHR(redirect);
                         return false;
                     }
@@ -171 +198 @@
         },
         onProjectSubmit: function () {
-            var details = $('#select-tidio-project option:selected').
-                data('value');
-            $.extend(details, { 'action': 'set_project_keys', 'api_token': TidioChatWP.token });
+            var details = $('#select-tidio-project option:selected').data('value');
+            $.extend(details, {
+                'action': 'set_project_keys',
+                'api_token': TidioChatWP.token,
+                '_wpnonce': nonce,
+            });
+
             $.post(ajaxurl, details, (function (response) {
-                window.open(response, '_blank');
-                TidioChatWP.setRedirectLink(response);
+                var url = this.addEmailToRedirectLink(response);
+                window.open(url, '_blank');
+                TidioChatWP.setRedirectLink(url);
                 this.form.fadeOut('fast', function () {
                     $('#after-install-text').fadeIn('fast');
@@ -281 +313 @@
             document.addEventListener('click', closeAllSelect);
         },
-        accessTroughtXHR: function (_func) {
+        accessThroughXHR: function (_func) {
 
             var xhr_url = TidioChatWP.apiUrl + '/access/external/create?url=' +
@@ -294 +326 @@
                     r.value.private_key +
                     '&app=chat&utm_source=platform&utm_medium=wordpress');
+
                 // save this in wordpress database
                 $.post(ajaxurl, {
@@ -299 +332 @@
                     'public_key': r.value.public_key,
                     'private_key': r.value.private_key,
-                }, function (response) {
-
-                });
-
+                    '_wpnonce': nonce,
+                });
             }).fail(function () {
                 alert('Error occured while creating, please try again!');

tidio-live-chat/trunk/options.php

@@ +1 @@
+<script>
+    var nonce = '<?php echo wp_create_nonce(TidioLiveChat::TIDIO_XHR_NONCE_NAME); ?>';
+</script>
 <div id="tidio-wrapper">
     <div class="tidio-box-wrapper">

tidio-live-chat/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 3.0
 Tested up to: 5.2
-Stable tag: 4.1.0
+Stable tag: 4.2.0
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -122 +122 @@
 == Changelog ==
 
+= 4.2.0 =
+* Update menu icon
+* Use email from plugin form as default email for a Tidio account
+* Improve error handling
+* Use nonce system
+
 = 4.1.0 =
 * Simplify login flow for users with only one project

tidio-live-chat/trunk/tidio-elements.php

@@ -3 +3 @@
 /**
  * Plugin Name: Tidio Chat
- * Plugin URI: http://www.tidiochat.com
- * Description: Tidio Live Chat - Live chat for your website. No logging in, no signing up - integrates with your website in less than 20 seconds.
- * Version: 4.1.0
+ * Plugin URI: http://www.tidio.com
+ * Description: Tidio Live Chat - live chat boosted with chatbots for your online business. Integrates with your website in less than 20 seconds.
+ * Version: 4.2.0
  * Author: Tidio Ltd.
- * Author URI: http://www.tidiochat.com
+ * Author URI: http://www.tidio.com
  * License: GPL2
  */
-define('TIDIOCHAT_VERSION', '4.1.0');
+define('TIDIOCHAT_VERSION', '4.2.0');
 define('AFFILIATE_CONFIG_FILE_PATH', get_template_directory().'/tidio_affiliate_ref_id.txt');
 
@@ -24 +24 @@
     const TIDIO_PLUGIN_NAME = 'tidio-live-chat';
     const TOGGLE_ASYNC_ACTION = 'tidio-chat-toggle-async';
+    const TIDIO_ICON_BASE64 = 'PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIzLjEuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IldhcnN0d2FfMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDIwIDIwIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAyMCAyMDsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiNBMEE1QUE7fQo8L3N0eWxlPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMiwxOHYtNS45YzAtMi43LDEuNy01LDQuMy01LjdDNy4xLDMuNyw5LjQsMiwxMi4xLDJDMTUuNCwyLDE4LDQuNiwxOCw3Ljl2NS45aC00LjVsMCwwLjEKCWMtMC44LDIuNS0zLDQuMS01LjYsNC4xSDJ6IE02LjEsOC4xTDYuMSw4LjFjLTEuNiwwLjctMi42LDIuMy0yLjYsNC4xdjQuNGg0LjRjMS44LDAsMy4zLTEsNC4xLTIuNmwwLTAuMWwtMC4xLDAKCWMtMy4xLTAuMi01LjYtMi43LTUuNy01LjZsMC0wLjFMNi4xLDguMXogTTEyLjEsMy41Yy0xLjgsMC0zLjMsMS00LjEsMi42bDAsMC4xbDAuMSwwYzMuMiwwLjEsNS43LDIuNyw1LjcsNS45djAuMWwwLjEsMC4xaDIuN1Y3LjkKCUMxNi41LDUuNSwxNC41LDMuNSwxMi4xLDMuNXogTTcuNiw3LjhMNy42LDcuOGMwLDIuNSwyLDQuNSw0LjQsNC41aDAuMWwwLjEtMC4xYzAtMi41LTItNC41LTQuNC00LjVINy43TDcuNiw3Ljh6Ii8+Cjwvc3ZnPgo=';
+    const TIDIO_XHR_NONCE_NAME = 'tidio-xhr-nonce';
 
     public function __construct()
@@ -70 +72 @@
     public static function ajaxGetPrivateKey()
     {
+        check_ajax_referer(TidioLiveChat::TIDIO_XHR_NONCE_NAME);
+
         $privateKey = TidioLiveChat::getPrivateKey();
         if (!$privateKey || $privateKey == 'false') {
@@ -183 +187 @@
                     'privateKey' => $privateKey,
                     'utm_source' => 'platform',
-                    'utm_medium' => 'wordpress',
-                    'tour_default_email' => get_option('admin_email'),
+                    'utm_medium' => 'wordpress'
                 )
             );
@@ -193 +196 @@
         if (strpos($file, basename(__FILE__)) !== false) {
             if (get_option(TidioLiveChat::PRIVATE_KEY_OPTION)) {
-                $links[] = '<a href="' . admin_url('admin-post.php') . '?action=' . TidioLiveChat::CLEAR_ACCOUNT_DATA_ACTION . '">' . esc_html__('Clear Account Data',
+                $queryString = http_build_query(
+                    array(
+                    'action' => TidioLiveChat::CLEAR_ACCOUNT_DATA_ACTION,
+                    '_wpnonce' => wp_create_nonce(TidioLiveChat::CLEAR_ACCOUNT_DATA_ACTION),
+                    )
+                );
+                $links[] = '<a href="' . admin_url('admin-post.php') . '?' . $queryString . '">' . esc_html__('Clear Account Data',
                         TidioLiveChat::TIDIO_PLUGIN_NAME) . '</a>';
+
                 if (get_option(TidioLiveChat::ASYNC_LOAD_OPTION)) {
                     $toggleAsyncLabel = '✓';
@@ -202 +212 @@
                     $onclickPart = '';
                 }
-                $links[] = '<a href="' . admin_url('admin-post.php') . '?action=' . TidioLiveChat::TOGGLE_ASYNC_ACTION . '" ' . $onclickPart . '>' . esc_html__($toggleAsyncLabel . ' Asynchronous loading',
+                $queryString = http_build_query(
+                    array(
+                        'action' => TidioLiveChat::TOGGLE_ASYNC_ACTION,
+                        '_wpnonce' => wp_create_nonce(TidioLiveChat::TOGGLE_ASYNC_ACTION),
+                    )
+                );
+                $links[] = '<a href="' . admin_url('admin-post.php') . '?' . $queryString . '" ' . $onclickPart . '>' . esc_html__($toggleAsyncLabel . ' Asynchronous loading',
                         TidioLiveChat::TIDIO_PLUGIN_NAME) . '</a>';
             }
@@ -212 +228 @@
     public function toggleAsync()
     {
+        if (wp_verify_nonce($_GET['_wpnonce'], TidioLiveChat::TOGGLE_ASYNC_ACTION) === false) {
+            wp_die('', 403);
+        }
+
         update_option(TidioLiveChat::ASYNC_LOAD_OPTION, !get_option(TidioLiveChat::ASYNC_LOAD_OPTION));
         wp_redirect(admin_url('plugins.php'));
@@ -219 +239 @@
     public function ajaxSetProjectKeys()
     {
+        check_ajax_referer(TidioLiveChat::TIDIO_XHR_NONCE_NAME);
+
         update_option(TidioLiveChat::PUBLIC_KEY_OPTION, $_POST['public_key']);
         update_option(TidioLiveChat::PRIVATE_KEY_OPTION, $_POST['private_key']);
@@ -241 +263 @@
             exit;
         }
+
+        check_ajax_referer(TidioLiveChat::TIDIO_XHR_NONCE_NAME);
 
         if (empty($_POST['private_key']) || empty($_POST['public_key'])) {
@@ -326 +350 @@
     {
         add_menu_page(
-            'Tidio Chat', 'Tidio Chat', 'manage_options', 'tidio-chat', array($this, 'addAdminPage'),
-            content_url() . '/plugins/' . TidioLiveChat::TIDIO_PLUGIN_NAME . '/media/img/icon.png'
+            'Tidio Chat',
+            'Tidio Chat',
+            'manage_options',
+            'tidio-chat',
+            array($this, 'addAdminPage'),
+            'data:image/svg+xml;base64,' . self::TIDIO_ICON_BASE64
         );
     }
@@ -340 +368 @@
     public function uninstall()
     {
+        if (wp_verify_nonce($_GET['_wpnonce'], TidioLiveChat::CLEAR_ACCOUNT_DATA_ACTION) === false) {
+            wp_die('', 403);
+        }
+
         delete_option(TidioLiveChat::PUBLIC_KEY_OPTION);
         delete_option(TidioLiveChat::PRIVATE_KEY_OPTION);